diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-utilities')
4 files changed, 2 insertions, 145 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0002-Add-support-for-ssl-config.patch b/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0002-Add-support-for-ssl-config.patch deleted file mode 100644 index cec2813e9..000000000 --- a/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0002-Add-support-for-ssl-config.patch +++ /dev/null @@ -1,66 +0,0 @@ -diff --git a/plugins/curl/curl.c b/plugins/curl/curl.c -index 610511f7..92be4656 100644 ---- a/plugins/curl/curl.c -+++ b/plugins/curl/curl.c -@@ -69,6 +69,8 @@ static const char *proxy = NULL; - char *proxy_password = NULL; - const char *proxy_user = NULL; - bool sslverify = true; -+const char *ssl_version = NULL; -+const char *ssl_cipher_list = NULL; - bool tcp_keepalive = false; - bool tcp_nodelay = true; - uint32_t timeout = 0; -@@ -232,6 +234,12 @@ curl_config (const char *key, const char *value) - sslverify = r; - } - -+ else if (strcmp (key, "ssl-version") == 0) -+ ssl_version = value; -+ -+ else if (strcmp (key, "ssl-cipher-list") == 0) -+ ssl_cipher_list = value; -+ - else if (strcmp (key, "tcp-keepalive") == 0) { - r = nbdkit_parse_bool (value); - if (r == -1) -@@ -302,6 +310,8 @@ curl_config_complete (void) - "proxy-user=<USER> The proxy user.\n" \ - "timeout=<TIMEOUT> Set the timeout for requests (seconds).\n" \ - "sslverify=false Do not verify SSL certificate of remote host.\n" \ -+ "ssl-version=<VERSION> Specify preferred TLS/SSL version.\n " \ -+ "ssl-cipher-list=C1:C2:.. Specify TLS/SSL cipher suites to be used.\n" \ - "tcp-keepalive=true Enable TCP keepalives.\n" \ - "tcp-nodelay=false Disable Nagle’s algorithm.\n" \ - "unix-socket-path=<PATH> Open Unix domain socket instead of TCP/IP.\n" \ -@@ -418,6 +428,30 @@ curl_open (int readonly) - curl_easy_setopt (h->c, CURLOPT_SSL_VERIFYPEER, 0L); - curl_easy_setopt (h->c, CURLOPT_SSL_VERIFYHOST, 0L); - } -+ if (ssl_version) { -+ if (strcmp (ssl_version, "tlsv1") == 0) -+ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1); -+ else if (strcmp (ssl_version, "sslv2") == 0) -+ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv2); -+ else if (strcmp (ssl_version, "sslv3") == 0) -+ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); -+ else if (strcmp (ssl_version, "tlsv1.0") == 0) -+ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0); -+ else if (strcmp (ssl_version, "tlsv1.1") == 0) -+ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1); -+ else if (strcmp (ssl_version, "tlsv1.2") == 0) -+ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); -+ else if (strcmp (ssl_version, "tlsv1.3") == 0) -+ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_3); -+ else { -+ display_curl_error (h, r, "curl_easy_setopt: CURLOPT_SSLVERSION [%s]", -+ ssl_version); -+ goto err; -+ } -+ -+ } -+ if (ssl_cipher_list) -+ curl_easy_setopt (h->c, CURLOPT_SSL_CIPHER_LIST, ssl_cipher_list); - if (tcp_keepalive) - curl_easy_setopt (h->c, CURLOPT_TCP_KEEPALIVE, 1L); - if (!tcp_nodelay) diff --git a/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0003-Add-support-for-tls13-ciphers.patch b/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0003-Add-support-for-tls13-ciphers.patch deleted file mode 100644 index 398cef63c..000000000 --- a/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0003-Add-support-for-tls13-ciphers.patch +++ /dev/null @@ -1,39 +0,0 @@ -diff --git a/plugins/curl/curl.c b/plugins/curl/curl.c -index fad84140..d3dc3bde 100644 ---- a/plugins/curl/curl.c -+++ b/plugins/curl/curl.c -@@ -85,6 +85,7 @@ const char *proxy_user = NULL; - bool sslverify = true; - const char *ssl_version = NULL; - const char *ssl_cipher_list = NULL; -+const char *tls13_ciphers = NULL; - bool tcp_keepalive = false; - bool tcp_nodelay = true; - uint32_t timeout = 0; -@@ -309,6 +310,9 @@ curl_config (const char *key, const char *value) - else if (strcmp (key, "ssl-cipher-list") == 0) - ssl_cipher_list = value; - -+ else if (strcmp (key, "tls13-ciphers") == 0) -+ tls13_ciphers = value; -+ - else if (strcmp (key, "tcp-keepalive") == 0) { - r = nbdkit_parse_bool (value); - if (r == -1) -@@ -413,6 +417,7 @@ curl_config_complete (void) - "sslverify=false Do not verify SSL certificate of remote host.\n" \ - "ssl-version=<VERSION> Specify preferred TLS/SSL version.\n " \ - "ssl-cipher-list=C1:C2:.. Specify TLS/SSL cipher suites to be used.\n" \ -+ "tls13-ciphers=C1:C2:.. Specify TLS 1.3 cipher suites to be used.\n" \ - "tcp-keepalive=true Enable TCP keepalives.\n" \ - "tcp-nodelay=false Disable Nagle’s algorithm.\n" \ - "unix-socket-path=<PATH> Open Unix domain socket instead of TCP/IP.\n" \ -@@ -550,6 +555,8 @@ curl_open (int readonly) - } - if (ssl_cipher_list) - curl_easy_setopt (h->c, CURLOPT_SSL_CIPHER_LIST, ssl_cipher_list); -+ if (tls13_ciphers) -+ curl_easy_setopt (h->c, CURLOPT_TLS13_CIPHERS, tls13_ciphers); - if (tcp_keepalive) - curl_easy_setopt (h->c, CURLOPT_TCP_KEEPALIVE, 1L); - if (!tcp_nodelay) diff --git a/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0004-Handle-empty-CAInfo-in-curl-plugin-correctly.patch b/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0004-Handle-empty-CAInfo-in-curl-plugin-correctly.patch deleted file mode 100644 index 867f2e166..000000000 --- a/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0004-Handle-empty-CAInfo-in-curl-plugin-correctly.patch +++ /dev/null @@ -1,35 +0,0 @@ -From f86b22a450589cdcac6bb3afa1818dfa6d2eefe4 Mon Sep 17 00:00:00 2001 -From: Wiktor Golgowski <wiktor.golgowski@intel.com> -Date: Fri, 27 Aug 2021 17:39:59 +0200 -Subject: [PATCH] Handle empty CAInfo in curl plugin correctly. - -Recent change in libcurl causes CAINFO option to be set when -the library is compiled. If we do not want to use the default -certificate store, we set the option to an empty string. -This change recognizes zero-length CAInfo and clears the libcurl -option. - -Signed-off-by: Wiktor Golgowski <wiktor.golgowski@intel.com> ---- - plugins/curl/curl.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/plugins/curl/curl.c b/plugins/curl/curl.c -index fad84140..176f9a1f 100644 ---- a/plugins/curl/curl.c -+++ b/plugins/curl/curl.c -@@ -498,8 +498,12 @@ curl_open (int readonly) - curl_easy_setopt (h->c, CURLOPT_FAILONERROR, 1L); - - /* Options. */ -- if (cainfo) -- curl_easy_setopt (h->c, CURLOPT_CAINFO, cainfo); -+ if (cainfo) { -+ if (strlen (cainfo) == 0) -+ curl_easy_setopt (h->c, CURLOPT_CAINFO, NULL); -+ else -+ curl_easy_setopt (h->c, CURLOPT_CAINFO, cainfo); -+ } - if (capath) - curl_easy_setopt (h->c, CURLOPT_CAPATH, capath); - if (cookie) diff --git a/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit_git.bb b/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit_git.bb index f7d690ff8..d1b5e1b22 100644 --- a/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit_git.bb +++ b/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit_git.bb @@ -11,12 +11,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=f9dcc2d8acdde215fa4bd6ac12bb14f0" SRC_URI = "git://github.com/libguestfs/nbdkit.git;protocol=https" SRC_URI += "file://0001-Force-nbdkit-to-send-PATCH-as-upload-method.patch" -SRC_URI += "file://0002-Add-support-for-ssl-config.patch" -SRC_URI += "file://0003-Add-support-for-tls13-ciphers.patch" -SRC_URI += "file://0004-Handle-empty-CAInfo-in-curl-plugin-correctly.patch" -PV = "1.25.5+git${SRCPV}" -SRCREV = "c828c6d48ff6b69454cad98054a1920d03c4b4c7" +PV = "1.28.0+git${SRCPV}" +SRCREV = "676c193ba05e479c145cf872e4912c576d1461d3" S = "${WORKDIR}/git" |