Package: wolfssl / 4.6.0-3

Metadata

Package Version Patches format
wolfssl 4.6.0-3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
58f9b6ec01f0caf89e9e4d37a8816b310005aaf1.patch | (download)

src/tls13.c | 18 13 + 5 - 0 !
1 file changed, 13 insertions(+), 5 deletions(-)

 [patch] tls 1.3: ensure key for signature in certificateverify


no build path in library.patch | (download)

wolfcrypt/src/logging.c | 10 0 + 10 - 0 !
1 file changed, 10 deletions(-)

 do not store build path in library
 Storing the build path as part of the '-ffile-prefix-map' option [1]
 in the library breaks reproducible builds. This patch drops the two
 strings so that the two involved functions now return NULL.
 .
 The consequence of the build option here is somewhat ironic because
 it was originally intended to improve reproducible builds. [2]
 .
 A better solution might be to replace the path with a fixed string
 like the literal "BUILD_PATH". That would allow a debugging party to
 recognize that the option was used without rendering the library
 non-reproducible.
 .
 Since Lintian spotted the issue [3], Debian's downstream tooling
 could likely replace the path with ease, but that would not address
 related problems in other distributions, such as in NixOS. [4]
 .
 Libtool's '.la' file and the 'wolfssl-config' script may also
 include the build path, but neither ships in Debian. It is
 furthermore not clear that those files are needed in any distribution
 that offers dynamic symbol resolution via 'ldd' and automatic build
 options via 'pkg-config'. It may therefore not be necessary to remove
 the build path from those files.
 .
 [1] https://gcc.gnu.org/onlinedocs/gcc/Debugging-Options.html
 [2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70268#c7
 [3] https://github.com/NixOS/nixpkgs/pull/111687#issuecomment-772694125
 [4] https://github.com/NixOS/nixpkgs/pull/111687#issuecomment-773881191
utf8.patch | (download)

cyassl/ctaocrypt/tfm.h | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 convert a source file to utf-8 encoding.
multi arch.patch | (download)

configure.ac | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 make header files multi-arch compatible
 Exclude architecture dependent option HAVE___UINT128 from config.h
reproducible build.patch | (download)

configure.ac | 4 0 + 4 - 0 !
1 file changed, 4 deletions(-)

 make the build reproducible
 Acceptance of this patch was declined by John Safranek after the conversation
 documented in the Zendesk support request. The upshot was that, in balance,
 it is easier to maintain the Debian patch.
improve clean target.patch | (download)

cyassl/include.am | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 fix clean target for repeated builds
dfsg.patch | (download)

Makefile.am | 19 0 + 19 - 0 !
1 file changed, 19 deletions(-)

 strike references to removed non-dfsg sources from build files
fix hurd i386 flags.patch | (download)

wolfssl/test.h | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix type definition for socklen_t on hurd-i386
 Based on http://bugs.mysql.com/bug.php?id=22326
turn off fastmath for amd64.patch | (download)

configure.ac | 4 0 + 4 - 0 !
1 file changed, 4 deletions(-)

 turn off fastmath for amd64, where it is default
 Enabling fastmath just for amd64 causes the shared library symbols to
 become architecture-dependent.
disable crl monitor.patch | (download)

configure.ac | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 disable crl monitor on all architectures
 CRL monitor is unavailable on Debian architecture kFreeBSD, causes FTBFS
disable jobserver.patch | (download)

configure.ac | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 disable job server for autopkgtest.
 The Debian CI system kept showing regressions for using multiple make jobs:
 .
     FAIL stderr: make[2]: warning: -j3 forced in submake: resetting jobserver mode.
 .
 Perhaps this will disable the jobserver.