ASR_BASE
Change-Id: Icf3719cc0afe3eeb3edc7fa80a2eb5199ca9dda1
diff --git a/external/subpack/libs/gnutls/Config.in b/external/subpack/libs/gnutls/Config.in
new file mode 100644
index 0000000..88dbc7a
--- /dev/null
+++ b/external/subpack/libs/gnutls/Config.in
@@ -0,0 +1,52 @@
+# gnutls avanced configuration
+
+menu "Configuration"
+ depends on PACKAGE_libgnutls
+
+config GNUTLS_DTLS_SRTP
+ bool "enable DTLS SRTP support"
+ default y
+
+config GNUTLS_ALPN
+ bool "enable ALPN support"
+ default y
+
+config GNUTLS_OCSP
+ bool "enable ocsp support"
+ default y
+
+config GNUTLS_CRYPTODEV
+ bool "enable /dev/crypto support"
+ default n
+
+config GNUTLS_HEARTBEAT
+ bool "enable DTLS heartbeat support"
+ default y
+
+config GNUTLS_SRP
+ bool "enable SRP authentication support"
+ default n
+
+config GNUTLS_PSK
+ bool "enable PSK authentication support"
+ default y
+
+config GNUTLS_ANON
+ bool "enable anonymous authentication support"
+ default y
+
+config GNUTLS_TPM
+ bool "enable tpm support"
+ select GNUTLS_PKCS11
+ default n
+
+config GNUTLS_PKCS11
+ bool "enable smart card (PKCS11) support"
+ select GNUTLS_EXT_LIBTASN1
+ default n
+
+config GNUTLS_EXT_LIBTASN1
+ bool "use external libtasn1"
+ default n
+
+endmenu
diff --git a/external/subpack/libs/gnutls/Makefile b/external/subpack/libs/gnutls/Makefile
new file mode 100644
index 0000000..b24cc14
--- /dev/null
+++ b/external/subpack/libs/gnutls/Makefile
@@ -0,0 +1,270 @@
+# SPDX-Identifier-License: GPL-2.0-only
+#
+# Copyright (C) 2005-2016 OpenWrt.org
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gnutls
+PKG_VERSION:=3.8.5
+PKG_RELEASE:=1
+PKG_BUILD_FLAGS:=no-mips16
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE_URL:=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8
+PKG_HASH:=66269a2cfe0e1c2dabec87bdbbd8ab656f396edd9a40dd006978e003cfa52bfc
+
+PKG_MAINTAINER:=Nikos Mavrogiannopoulos <nmav@gnutls.org>
+PKG_LICENSE:=LGPL-2.1-or-later
+PKG_LICENSE_FILES:=LICENSE
+PKG_CPE_ID:=cpe:/a:gnu:gnutls
+
+PKG_BUILD_DEPENDS:=gettext-full/host
+PKG_BUILD_PARALLEL:=1
+PKG_FIXUP:=autoreconf gettext-version
+PKG_INSTALL:=1
+PKG_LIBTOOL_PATHS:=. lib
+
+PKG_CONFIG_DEPENDS:= \
+ CONFIG_GNUTLS_ALPN \
+ CONFIG_GNUTLS_ANON \
+ CONFIG_GNUTLS_CRYPTODEV \
+ CONFIG_GNUTLS_DTLS_SRTP \
+ CONFIG_GNUTLS_EXT_LIBTASN1 \
+ CONFIG_GNUTLS_HEARTBEAT \
+ CONFIG_GNUTLS_OCSP \
+ CONFIG_GNUTLS_PKCS11 \
+ CONFIG_GNUTLS_PSK \
+ CONFIG_GNUTLS_SRP \
+ CONFIG_GNUTLS_TPM \
+ CONFIG_LIBNETTLE_MINI \
+ CONFIG_PACKAGE_libgnutls-dane \
+
+include $(INCLUDE_DIR)/package.mk
+
+
+define Package/gnutls/Default
+ SUBMENU:=SSL
+ SECTION:=libs
+ CATEGORY:=Libraries
+ TITLE:=GNU TLS
+ URL:=http://www.gnutls.org/
+endef
+
+define Package/gnutls/Default/description
+ GnuTLS is a secure communications library implementing the SSL, TLS
+ and DTLS protocols and technologies around them. It provides a simple
+ C language application programming interface (API) to access the secure
+ communications protocols as well as APIs to parse and write X.509, PKCS12,
+ OpenPGP and other required structures. It is aimed to be portable and
+ efficient with focus on security and interoperability.
+endef
+
+
+define Package/certtool
+$(call Package/gnutls/Default)
+ SECTION:=utils
+ CATEGORY:=Utilities
+ SUBMENU:=Encryption
+ TITLE+= (certool utility)
+ DEPENDS+= +libgnutls
+endef
+
+define Package/certtool/description
+$(call Package/gnutls/Default/description)
+ This package contains the GnuTLS certtool utility.
+endef
+
+
+define Package/gnutls-utils
+$(call Package/gnutls/Default)
+ SECTION:=utils
+ CATEGORY:=Utilities
+ SUBMENU:=Encryption
+ TITLE+= (utilities)
+ DEPENDS+= +libgnutls +PACKAGE_libgnutls-dane:libgnutls-dane
+endef
+
+define Package/gnutls-utils/description
+$(call Package/gnutls/Default/description)
+ This package contains the GnuTLS gnutls-cli, gnutls-serv, psktool,
+ and srptool utilities.
+endef
+
+define Package/libgnutls/config
+ source "$(SOURCE)/Config.in"
+endef
+
+define Package/libgnutls
+$(call Package/gnutls/Default)
+ TITLE+= (library)
+ DEPENDS+= +libnettle +!LIBNETTLE_MINI:libgmp +GNUTLS_EXT_LIBTASN1:libtasn1 +GNUTLS_PKCS11:p11-kit +GNUTLS_CRYPTODEV:kmod-cryptodev +libatomic
+endef
+
+define Package/libgnutls-dane
+$(call Package/gnutls/Default)
+ TITLE+= (libgnutls-dane library)
+ DEPENDS:= +libgnutls +PACKAGE_libgnutls-dane:libunbound
+endef
+
+define Package/libgnutls/description
+$(call Package/gnutls/Default/description)
+ This package contains the GnuTLS shared library, needed by other programs.
+endef
+
+# We disable the configuration file (system-priority-file) because
+# the use of configuration increases the non-shared memory used by
+# the library and we don't provide an openwrt-specific configuration
+# anyway.
+CONFIGURE_ARGS+= \
+ --enable-shared \
+ --enable-static \
+ --disable-doc \
+ --disable-gcc-warnings \
+ --disable-guile \
+ --disable-rpath \
+ --disable-seccomp-tests \
+ --disable-tests \
+ --disable-valgrind-tests \
+ --disable-ssl2-support \
+ --disable-ssl3-support \
+ --enable-local-libopts \
+ --without-idn \
+ --with-default-trust-store-dir=/etc/ssl/certs/ \
+ --with-included-unistring \
+ --with-included-libunistring \
+ --with-librt-prefix="$(LIBRT_ROOT_DIR)/" \
+ --with-pic \
+ --with-system-priority-file="" \
+ --without-brotli \
+ --without-zlib \
+ --without-zstd
+
+ifneq ($(CONFIG_GNUTLS_EXT_LIBTASN1),y)
+CONFIGURE_ARGS += --with-included-libtasn1
+endif
+
+ifneq ($(CONFIG_GNUTLS_PKCS11),y)
+CONFIGURE_ARGS += --without-p11-kit
+endif
+
+ifeq ($(CONFIG_LIBNETTLE_MINI),y)
+CONFIGURE_ARGS += --with-nettle-mini
+endif
+
+ifneq ($(CONFIG_GNUTLS_DTLS_SRTP),y)
+CONFIGURE_ARGS += --disable-dtls-srtp-support
+endif
+
+ifneq ($(CONFIG_GNUTLS_ALPN),y)
+CONFIGURE_ARGS += --disable-alpn-support
+endif
+
+ifneq ($(CONFIG_GNUTLS_HEARTBEAT),y)
+CONFIGURE_ARGS += --disable-heartbeat-support
+endif
+
+ifneq ($(CONFIG_GNUTLS_SRP),y)
+CONFIGURE_ARGS += --disable-srp-authentication
+endif
+
+ifneq ($(CONFIG_GNUTLS_PSK),y)
+CONFIGURE_ARGS += --disable-psk-authentication
+endif
+
+ifneq ($(CONFIG_GNUTLS_ANON),y)
+CONFIGURE_ARGS += --disable-anon-authentication
+endif
+
+ifneq ($(CONFIG_GNUTLS_OCSP),y)
+CONFIGURE_ARGS += --disable-ocsp
+endif
+
+ifneq ($(CONFIG_GNUTLS_TPM),y)
+CONFIGURE_ARGS += --without-tpm
+endif
+
+ifeq ($(CONFIG_GNUTLS_CRYPTODEV),y)
+CONFIGURE_ARGS += --enable-cryptodev
+endif
+
+ifeq ($(CONFIG_PACKAGE_libgnutls-dane),)
+CONFIGURE_ARGS += --disable-libdane
+endif
+
+define Build/InstallDev
+ $(INSTALL_DIR) $(1)/usr/include $(1)/usr/lib/pkgconfig
+ $(CP) \
+ $(PKG_INSTALL_DIR)/usr/lib/*.so* \
+ $(1)/usr/lib/
+ $(CP) \
+ $(PKG_INSTALL_DIR)/usr/include/gnutls \
+ $(1)/usr/include/
+ $(CP) \
+ $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/*.pc \
+ $(1)/usr/lib/pkgconfig/
+endef
+
+
+define Package/certtool/conffiles
+/etc/gnutls/certtool.cfg
+endef
+
+define Package/certtool/install
+ $(INSTALL_DIR) $(1)/etc/gnutls
+ $(INSTALL_CONF) $(PKG_BUILD_DIR)/doc/certtool.cfg $(1)/etc/gnutls/
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(CP) $(PKG_INSTALL_DIR)/usr/bin/certtool $(1)/usr/bin/
+endef
+
+
+define Package/gnutls-utils/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ifeq ($(CONFIG_GNUTLS_OCSP),y)
+ifeq ($(CONFIG_GNUTLS_ANON),y)
+ $(CP) \
+ $(PKG_INSTALL_DIR)/usr/bin/gnutls-{cli,serv} \
+ $(1)/usr/bin/
+endif
+ $(CP) \
+ $(PKG_INSTALL_DIR)/usr/bin/ocsptool \
+ $(1)/usr/bin/
+endif
+ifeq ($(CONFIG_GNUTLS_SRP),y)
+ $(CP) \
+ $(PKG_INSTALL_DIR)/usr/bin/srptool \
+ $(1)/usr/bin/
+endif
+ifeq ($(CONFIG_GNUTLS_PSK),y)
+ $(CP) \
+ $(PKG_INSTALL_DIR)/usr/bin/psktool \
+ $(1)/usr/bin/
+endif
+ifeq ($(CONFIG_GNUTLS_PKCS11),y)
+ $(CP) \
+ $(PKG_INSTALL_DIR)/usr/bin/p11tool \
+ $(1)/usr/bin/
+endif
+ifeq ($(CONFIG_GNUTLS_TPM),y)
+ $(CP) \
+ $(PKG_INSTALL_DIR)/usr/bin/tpmtool \
+ $(1)/usr/bin/
+endif
+endef
+
+
+define Package/libgnutls/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgnutls.so.* $(1)/usr/lib/
+endef
+
+define Package/libgnutls-dane/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgnutls-dane.so.* $(1)/usr/lib/
+endef
+
+
+$(eval $(call BuildPackage,certtool))
+$(eval $(call BuildPackage,gnutls-utils))
+$(eval $(call BuildPackage,libgnutls))
+$(eval $(call BuildPackage,libgnutls-dane))
diff --git a/external/subpack/libs/gnutls/patches/010-m4.patch b/external/subpack/libs/gnutls/patches/010-m4.patch
new file mode 100644
index 0000000..447580f
--- /dev/null
+++ b/external/subpack/libs/gnutls/patches/010-m4.patch
@@ -0,0 +1,73 @@
+--- a/m4/stdint.m4
++++ b/m4/stdint.m4
+@@ -15,7 +15,7 @@ AC_DEFUN_ONCE([gl_STDINT_H],
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles
+
+ AC_REQUIRE([gl_LIMITS_H])
+- AC_REQUIRE([gt_TYPE_WINT_T])
++ AC_REQUIRE([gt_TYPE_WINT_T_GNUTLS])
+
+ dnl For backward compatibility. Some packages may still be testing these
+ dnl macros.
+--- a/m4/vasnprintf.m4
++++ b/m4/vasnprintf.m4
+@@ -33,7 +33,7 @@ AC_DEFUN([gl_REPLACE_VASNPRINTF],
+ AC_DEFUN([gl_PREREQ_PRINTF_ARGS],
+ [
+ AC_REQUIRE([gt_TYPE_WCHAR_T])
+- AC_REQUIRE([gt_TYPE_WINT_T])
++ AC_REQUIRE([gt_TYPE_WINT_T_GNUTLS])
+ ])
+
+ # Prerequisites of lib/printf-parse.h, lib/printf-parse.c.
+@@ -41,7 +41,7 @@ AC_DEFUN([gl_PREREQ_PRINTF_PARSE],
+ [
+ AC_REQUIRE([gl_FEATURES_H])
+ AC_REQUIRE([gt_TYPE_WCHAR_T])
+- AC_REQUIRE([gt_TYPE_WINT_T])
++ AC_REQUIRE([gt_TYPE_WINT_T_GNUTLS])
+ AC_REQUIRE([AC_TYPE_SIZE_T])
+ AC_CHECK_TYPE([ptrdiff_t], ,
+ [AC_DEFINE([ptrdiff_t], [long],
+@@ -55,7 +55,7 @@ AC_DEFUN_ONCE([gl_PREREQ_VASNPRINTF],
+ [
+ AC_REQUIRE([AC_FUNC_ALLOCA])
+ AC_REQUIRE([gt_TYPE_WCHAR_T])
+- AC_REQUIRE([gt_TYPE_WINT_T])
++ AC_REQUIRE([gt_TYPE_WINT_T_GNUTLS])
+ AC_CHECK_FUNCS([snprintf strnlen wcslen wcsnlen mbrtowc wcrtomb])
+ dnl Use the _snprintf function only if it is declared (because on NetBSD it
+ dnl is defined as a weak alias of snprintf; we prefer to use the latter).
+--- a/m4/wchar_t.m4
++++ b/m4/wchar_t.m4
+@@ -8,7 +8,7 @@ dnl From Bruno Haible.
+ dnl Test whether <stddef.h> has the 'wchar_t' type.
+ dnl Prerequisite: AC_PROG_CC
+
+-AC_DEFUN([gt_TYPE_WCHAR_T],
++AC_DEFUN([gt_TYPE_WCHAR_T_GNUTLS],
+ [
+ AC_CACHE_CHECK([for wchar_t], [gt_cv_c_wchar_t],
+ [AC_COMPILE_IFELSE(
+--- a/m4/wint_t.m4
++++ b/m4/wint_t.m4
+@@ -9,7 +9,7 @@ dnl Test whether <wchar.h> has the 'wint
+ dnl <wchar.h> or <wctype.h> would, if present, override 'wint_t'.
+ dnl Prerequisite: AC_PROG_CC
+
+-AC_DEFUN([gt_TYPE_WINT_T],
++AC_DEFUN([gt_TYPE_WINT_T_GNUTLS],
+ [
+ AC_CACHE_CHECK([for wint_t], [gt_cv_c_wint_t],
+ [AC_COMPILE_IFELSE(
+--- a/src/gl/m4/gnulib-comp.m4
++++ b/src/gl/m4/gnulib-comp.m4
+@@ -1268,7 +1268,7 @@ changequote([, ])dnl
+ gl_UNISTD_MODULE_INDICATOR([sleep])
+ AC_CHECK_DECLS_ONCE([alarm])
+ AC_REQUIRE([gt_TYPE_WCHAR_T])
+- AC_REQUIRE([gt_TYPE_WINT_T])
++ AC_REQUIRE([gt_TYPE_WINT_T_GNUTLS])
+ gl_FUNC_STRERROR_R
+ AS_IF([test $HAVE_DECL_STRERROR_R = 0 || test $REPLACE_STRERROR_R = 1], [
+ AC_LIBOBJ([strerror_r])
diff --git a/external/subpack/libs/gnutls/patches/020-dont-install-m4-files.patch b/external/subpack/libs/gnutls/patches/020-dont-install-m4-files.patch
new file mode 100644
index 0000000..6caeabc
--- /dev/null
+++ b/external/subpack/libs/gnutls/patches/020-dont-install-m4-files.patch
@@ -0,0 +1,25 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Mon, 25 Oct 2021 08:49:21 -0300
+Subject: Do not install m4 files
+
+Do not use --install when calling aclocal. That flag instructs aclocal to
+copy third-party files to the first -I directory. The intention here is to
+copy files to the package build dir (m4). However, our toolchain prepends
+the build-system's m4 dir to the list, causing the --install flag to
+install an older version to the buildsystem m4 dir, causing failures in
+other packages.
+
+Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -48,7 +48,7 @@ if ENABLE_DOC
+ SUBDIRS += doc
+ endif
+
+-ACLOCAL_AMFLAGS = -I m4 -I src/gl/m4 -I lib/unistring/m4 --install
++ACLOCAL_AMFLAGS = -I m4 -I src/gl/m4 -I lib/unistring/m4
+
+ EXTRA_DIST = cfg.mk maint.mk CONTRIBUTING.md README.md LICENSE AUTHORS NEWS \
+ ChangeLog THANKS INSTALL.md RELEASES.md .mailmap
diff --git a/external/subpack/libs/gnutls/patches/030-unistring-optional.patch b/external/subpack/libs/gnutls/patches/030-unistring-optional.patch
new file mode 100644
index 0000000..4e9de33
--- /dev/null
+++ b/external/subpack/libs/gnutls/patches/030-unistring-optional.patch
@@ -0,0 +1,11 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -508,6 +508,8 @@ DEFAULT_VALGRINDFLAGS='-q --error-exitco
+
+ gl_VALGRIND_TESTS_DEFAULT_NO
+
++gl_LIBUNISTRING_OPTIONAL
++
+ dnl Note that g*l_INIT are run after we check for library capabilities,
+ dnl to prevent issues from caching lib dependencies. See discussion
+ dnl in https://bugs.gentoo.org/show_bug.cgi?id=494940 and