[vlc-devel] [PATCH 4/4] contrib: gnutls: fix win32/winstore patches
Steve Lhomme
robux4 at ycbcr.xyz
Thu May 28 09:35:31 CEST 2020
GNUTLS 3.6.13 now uses the proper certification API.
We can also use ncrypt in UWP builds.
Some patches are already upstreamed in gnutls and gnulib.
Don't run $(RECONF) as it's messing with the gnulib reconfiguration.
Changes to configure.ac and the proper reconfiguration will be done automatically.
---
...ve-pattern-for-defining-_WIN32_WINNT.patch | 38 ++
.../gnutls/0001-win32-link-with-crypt32.patch | 71 +++
...t-assume-that-UNICODE-is-not-defined.patch | 32 ++
...ermine-if-the-Vista-APIs-can-be-link.patch | 111 +++++
...not-use-LoadLibrary-when-built-for-W.patch | 45 ++
...he-NCRYPT-key-import-into-a-function.patch | 408 ++++++++++++++++++
...LoadLibrary-when-built-for-Windows-S.patch | 52 +++
...-instead-of-CryptoAPI-on-Vista-for-r.patch | 166 +++++++
contrib/src/gnutls/rules.mak | 20 +-
9 files changed, 941 insertions(+), 2 deletions(-)
create mode 100644 contrib/src/gnutls/0001-Improve-pattern-for-defining-_WIN32_WINNT.patch
create mode 100644 contrib/src/gnutls/0001-win32-link-with-crypt32.patch
create mode 100644 contrib/src/gnutls/0002-Don-t-assume-that-UNICODE-is-not-defined.patch
create mode 100644 contrib/src/gnutls/0002-configure.ac-determine-if-the-Vista-APIs-can-be-link.patch
create mode 100644 contrib/src/gnutls/0003-gettimeofday-do-not-use-LoadLibrary-when-built-for-W.patch
create mode 100644 contrib/src/gnutls/0003-win32-move-the-NCRYPT-key-import-into-a-function.patch
create mode 100644 contrib/src/gnutls/0004-stat-do-not-use-LoadLibrary-when-built-for-Windows-S.patch
create mode 100644 contrib/src/gnutls/0004-win32-use-bcrypt-instead-of-CryptoAPI-on-Vista-for-r.patch
diff --git a/contrib/src/gnutls/0001-Improve-pattern-for-defining-_WIN32_WINNT.patch b/contrib/src/gnutls/0001-Improve-pattern-for-defining-_WIN32_WINNT.patch
new file mode 100644
index 000000000000..b46bd79a2bca
--- /dev/null
+++ b/contrib/src/gnutls/0001-Improve-pattern-for-defining-_WIN32_WINNT.patch
@@ -0,0 +1,38 @@
+From fd909bf4c9e3aff77fef35892f6ce17e6f77493c Mon Sep 17 00:00:00 2001
+From: Bruno Haible <bruno at clisp.org>
+Date: Thu, 28 May 2020 02:06:51 +0200
+Subject: [PATCH 1/4] Improve pattern for defining _WIN32_WINNT.
+
+Newer versions of the Windows API may not only add, but also remove API
+functions. Therefore, when the user is e.g. building for Windows 10, we
+should not set _WIN32_WINNT to e.g. Windows 8, as this may enable the
+use of APIs that were present in Windows 8 but removed in Windows 10.
+
+Suggested by Steve Lhomme <robux4 at ycbcr.xyz> in
+<https://lists.gnu.org/archive/html/bug-gnugl/2020-05/msg00318.html>.
+
+* gl/stat-w32.c (_WIN32_WINNT): Don't set to a smaller value.
+---
+ gl/stat-w32.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/gl/stat-w32.c b/gl/stat-w32.c
+index 296ccf18c..c4b5de9a7 100644
+--- a/gl/stat-w32.c
++++ b/gl/stat-w32.c
+@@ -21,8 +21,10 @@
+ #if defined _WIN32 && ! defined __CYGWIN__
+
+ /* Ensure that <windows.h> defines FILE_ID_INFO. */
+-#undef _WIN32_WINNT
+-#define _WIN32_WINNT _WIN32_WINNT_WIN8
++#if !defined _WIN32_WINNT || (_WIN32_WINNT < _WIN32_WINNT_WIN8)
++# undef _WIN32_WINNT
++# define _WIN32_WINNT _WIN32_WINNT_WIN8
++#endif
+
+ #include <sys/types.h>
+ #include <sys/stat.h>
+--
+2.26.0.windows.1
+
diff --git a/contrib/src/gnutls/0001-win32-link-with-crypt32.patch b/contrib/src/gnutls/0001-win32-link-with-crypt32.patch
new file mode 100644
index 000000000000..16e1c8887ed0
--- /dev/null
+++ b/contrib/src/gnutls/0001-win32-link-with-crypt32.patch
@@ -0,0 +1,71 @@
+From 2fab50a34f25867dd9319f5ff1549f214733c303 Mon Sep 17 00:00:00 2001
+From: Steve Lhomme <robux4 at ycbcr.xyz>
+Date: Tue, 19 May 2020 16:23:40 +0200
+Subject: [PATCH 1/4] win32: link with crypt32
+
+Since 5d03564cccd2c10c41252ea468d4a098bd08e9c1 we use CertOpenStore().
+To properly link it needs to be linked with the crypt32.dll.
+https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certopenstore
+
+This library was missing from the pkg-config library. It exists in
+thirdparty_libadd to link gnutls as a DLL.
+
+Signed-off-by: Steve Lhomme <robux4 at ycbcr.xyz>
+---
+ configure.ac | 2 ++
+ lib/Makefile.am | 6 +-----
+ lib/gnutls.pc.in | 2 +-
+ 3 files changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 172cf429e..6a6c79da2 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -119,6 +119,8 @@ case "$host" in
+ *mingw32* | *mingw64*)
+ have_win=yes
+ AC_DEFINE([_UNICODE], [1], [Defined to 1 for Unicode (wide chars) APIs])
++ LIB_CRYPT32="-lcrypt32"
++ AC_SUBST([LIB_CRYPT32])
+ ;;
+ *darwin*)
+ have_macosx=yes
+diff --git a/lib/Makefile.am b/lib/Makefile.am
+index eddd1167a..f55f298f7 100644
+--- a/lib/Makefile.am
++++ b/lib/Makefile.am
+@@ -151,7 +151,7 @@ libgnutls_la_LIBADD = ../gl/libgnu.la x509/libgnutls_x509.la \
+ auth/libgnutls_auth.la algorithms/libgnutls_alg.la \
+ extras/libgnutls_extras.la
+ thirdparty_libadd = $(LTLIBZ) $(LTLIBINTL) $(LIBSOCKET) $(LTLIBNSL) \
+- $(P11_KIT_LIBS) $(LIB_SELECT)
++ $(P11_KIT_LIBS) $(LIB_SELECT) $(LIB_CRYPT32)
+
+ if HAVE_LIBIDN2
+ thirdparty_libadd += $(LIBIDN2_LIBS)
+@@ -208,10 +208,6 @@ defexec_DATA = libgnutls-$(DLL_VERSION).def
+ DISTCLEANFILES += $(defexec_DATA)
+ endif
+
+-if WINDOWS
+-thirdparty_libadd += -lcrypt32
+-endif
+-
+ if MACOSX
+ libgnutls_la_LDFLAGS += -framework Security -framework CoreFoundation
+ endif
+diff --git a/lib/gnutls.pc.in b/lib/gnutls.pc.in
+index ffad3e168..0985364a7 100644
+--- a/lib/gnutls.pc.in
++++ b/lib/gnutls.pc.in
+@@ -19,6 +19,6 @@ Description: Transport Security Layer implementation for the GNU system
+ URL: https://www.gnutls.org/
+ Version: @VERSION@
+ Libs: -L${libdir} -lgnutls
+-Libs.private: @LIBINTL@ @LIBSOCKET@ @INET_PTON_LIB@ @LIBPTHREAD@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LIBUNISTRING@ @LIBIDN2_LIBS@ @LIBATOMIC_LIBS@
++Libs.private: @LIBINTL@ @LIBSOCKET@ @INET_PTON_LIB@ @LIBPTHREAD@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LIBUNISTRING@ @LIBIDN2_LIBS@ @LIBATOMIC_LIBS@ @LIB_CRYPT32@
+ @GNUTLS_REQUIRES_PRIVATE@
+ Cflags: -I${includedir}
+--
+2.26.0.windows.1
+
diff --git a/contrib/src/gnutls/0002-Don-t-assume-that-UNICODE-is-not-defined.patch b/contrib/src/gnutls/0002-Don-t-assume-that-UNICODE-is-not-defined.patch
new file mode 100644
index 000000000000..9ca51271f3fc
--- /dev/null
+++ b/contrib/src/gnutls/0002-Don-t-assume-that-UNICODE-is-not-defined.patch
@@ -0,0 +1,32 @@
+From 8591f1573ef24ec0db22cca7e341e533aebf56b6 Mon Sep 17 00:00:00 2001
+From: Bruno Haible <bruno at clisp.org>
+Date: Thu, 28 May 2020 02:31:53 +0200
+Subject: [PATCH 2/4] Don't assume that UNICODE is not defined.
+
+Some Windows types, such as TCHAR, LPTSTR, LPCTSTR, are defined
+differently if the application defines the macro UNICODE.
+
+Reported by Steve Lhomme <robux4 at ycbcr.xyz> in
+<https://lists.gnu.org/archive/html/bug-gnugl/2020-05/msg00184.html>.
+
+* gl/stat-w32.c (GetFinalPathNameByHandleFuncType): Use LPSTR, not LPTSTR.
+---
+ gl/stat-w32.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gl/stat-w32.c b/gl/stat-w32.c
+index c4b5de9a7..b9163f56e 100644
+--- a/gl/stat-w32.c
++++ b/gl/stat-w32.c
+@@ -54,7 +54,7 @@ static GetFileInformationByHandleExFuncType GetFileInformationByHandleExFunc = N
+ #endif
+ /* GetFinalPathNameByHandle was introduced only in Windows Vista. */
+ typedef DWORD (WINAPI * GetFinalPathNameByHandleFuncType) (HANDLE hFile,
+- LPTSTR lpFilePath,
++ LPSTR lpFilePath,
+ DWORD lenFilePath,
+ DWORD dwFlags);
+ static GetFinalPathNameByHandleFuncType GetFinalPathNameByHandleFunc = NULL;
+--
+2.26.0.windows.1
+
diff --git a/contrib/src/gnutls/0002-configure.ac-determine-if-the-Vista-APIs-can-be-link.patch b/contrib/src/gnutls/0002-configure.ac-determine-if-the-Vista-APIs-can-be-link.patch
new file mode 100644
index 000000000000..9529ee380f33
--- /dev/null
+++ b/contrib/src/gnutls/0002-configure.ac-determine-if-the-Vista-APIs-can-be-link.patch
@@ -0,0 +1,111 @@
+From b02c6f4a0c0133e579ec4b03976543b8f1185378 Mon Sep 17 00:00:00 2001
+From: Steve Lhomme <robux4 at ycbcr.xyz>
+Date: Wed, 27 May 2020 21:13:43 +0000
+Subject: [PATCH 2/4] configure.ac: determine if the Vista APIs can be linked
+ statically
+
+If _WIN32_WINNT is higher or equal to 0x0600, Vista API's are allowed during
+the build. We can assume that the minimum platform the code will run on is
+Vista [1]
+
+In that case there's no need to call API's (ncrypt) dynamically when it can be
+done statically.
+
+[1] https://docs.microsoft.com/en-us/cpp/porting/modifying-winver-and-win32-winnt
+
+Signed-off-by: Steve Lhomme <robux4 at ycbcr.xyz>
+---
+ configure.ac | 17 +++++++++++++++++
+ lib/gnutls.pc.in | 2 +-
+ lib/system/keys-win.c | 8 +++++---
+ 4 files changed, 59 insertions(+), 4 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 6a6c79da2..11047535b 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -111,6 +111,7 @@ AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no")
+
+ dnl Detect windows build
+ use_accel=yes
++have_vista_dynamic=yes
+ case "$host" in
+ *android*)
+ have_android=yes
+@@ -121,6 +122,22 @@ case "$host" in
+ AC_DEFINE([_UNICODE], [1], [Defined to 1 for Unicode (wide chars) APIs])
+ LIB_CRYPT32="-lcrypt32"
+ AC_SUBST([LIB_CRYPT32])
++ AC_PREPROC_IFELSE([AC_LANG_PROGRAM(
++ [[#include <windows.h>
++ #if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0600
++ # error Vista APIs allowed statically
++ #endif
++ ]],[[;]])],[have_vista_dynamic=yes],[have_vista_dynamic=no])
++ AC_ARG_ENABLE(dyn_ncrypt,
++ AS_HELP_STRING([--enable-dyn-ncrypt], [use ncrypt dynamically]),
++ enable_dyn_ncrypt=$enableval, enable_dyn_ncrypt=$have_vista_dynamic
++ )
++ if test "x$enable_dyn_ncrypt" = "xyes"; then
++ AC_DEFINE([DYN_NCRYPT], 1, [Dynamic use of ncrypt API (win32)])
++ else
++ LIBNCRYPT="-lncrypt"
++ fi
++ AC_SUBST([LIBNCRYPT])
+ ;;
+ *darwin*)
+ have_macosx=yes
+diff --git a/lib/gnutls.pc.in b/lib/gnutls.pc.in
+index 0985364a7..3e0f7fafb 100644
+--- a/lib/gnutls.pc.in
++++ b/lib/gnutls.pc.in
+@@ -19,6 +19,6 @@ Description: Transport Security Layer implementation for the GNU system
+ URL: https://www.gnutls.org/
+ Version: @VERSION@
+ Libs: -L${libdir} -lgnutls
+-Libs.private: @LIBINTL@ @LIBSOCKET@ @INET_PTON_LIB@ @LIBPTHREAD@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LIBUNISTRING@ @LIBIDN2_LIBS@ @LIBATOMIC_LIBS@ @LIB_CRYPT32@
++Libs.private: @LIBINTL@ @LIBSOCKET@ @INET_PTON_LIB@ @LIBPTHREAD@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LIBUNISTRING@ @LIBIDN2_LIBS@ @LIBATOMIC_LIBS@ @LIB_CRYPT32@ @LIBNCRYPT@
+ @GNUTLS_REQUIRES_PRIVATE@
+ Cflags: -I${includedir}
+diff --git a/lib/system/keys-win.c b/lib/system/keys-win.c
+index 678a668e4..767e37704 100644
+--- a/lib/system/keys-win.c
++++ b/lib/system/keys-win.c
+@@ -26,6 +26,7 @@
+ #define _WIN32_WINNT 0x600
+ #endif
+
++#include <config.h>
+ #include "gnutls_int.h"
+ #include "errors.h"
+ #include <gnutls/gnutls.h>
+@@ -45,8 +46,6 @@
+ #include <winbase.h>
+ #include <winapifamily.h>
+
+-#define DYN_NCRYPT
+-
+ #ifdef __MINGW32__
+ # include <_mingw.h>
+ # ifdef __MINGW64_VERSION_MAJOR
+@@ -1487,13 +1486,16 @@ int _gnutls_system_key_init(void)
+ ret = GNUTLS_E_CRYPTO_INIT_FAILED;
+ goto fail;
+ }
+-#endif
+ ncrypt_init = 1;
+
+ return 0;
+ fail:
+ FreeLibrary(ncrypt_lib);
+ return ret;
++#else
++ ncrypt_init = 1;
++ return 0;
++#endif
+ }
+
+ void _gnutls_system_key_deinit(void)
+--
+2.26.0.windows.1
+
diff --git a/contrib/src/gnutls/0003-gettimeofday-do-not-use-LoadLibrary-when-built-for-W.patch b/contrib/src/gnutls/0003-gettimeofday-do-not-use-LoadLibrary-when-built-for-W.patch
new file mode 100644
index 000000000000..8dab07ad43a8
--- /dev/null
+++ b/contrib/src/gnutls/0003-gettimeofday-do-not-use-LoadLibrary-when-built-for-W.patch
@@ -0,0 +1,45 @@
+From d2942b3134046a9ff117895531078dd32ea46ebc Mon Sep 17 00:00:00 2001
+From: Steve Lhomme <robux4 at ycbcr.xyz>
+Date: Tue, 19 May 2020 08:22:37 +0200
+Subject: [PATCH 3/4] gettimeofday: do not use LoadLibrary when built for
+ Windows Store apps
+
+LoadLibrary is forbidden in such apps (can only load DLLs from within the app
+package).
+The API entries are available to all apps linking with the Windows API as found
+here:
+https://docs.microsoft.com/en-us/uwp/win32-and-com/win32-apis
+
+windowsapp.lib (and mincore.lib for Windows 8) are both available in MinGW as
+well.
+
+GetSystemTimePreciseAsFileTime is only allowed in Win10 UWP apps.
+---
+ gl/gettimeofday.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/gl/gettimeofday.c b/gl/gettimeofday.c
+index 19804793a..087f7eada 100644
+--- a/gl/gettimeofday.c
++++ b/gl/gettimeofday.c
+@@ -45,12 +45,17 @@ static BOOL initialized = FALSE;
+ static void
+ initialize (void)
+ {
++#if !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) && _WIN32_WINNT >= 0x0A00 /* _WIN32_WINNT_WIN10 */
++ /* LoadLibrary not allowed but the functions are available with the windows runtime */
++ GetSystemTimePreciseAsFileTimeFunc = GetSystemTimePreciseAsFileTime;
++#else /* WINAPI_PARTITION_DESKTOP */
+ HMODULE kernel32 = LoadLibrary ("kernel32.dll");
+ if (kernel32 != NULL)
+ {
+ GetSystemTimePreciseAsFileTimeFunc =
+ (GetSystemTimePreciseAsFileTimeFuncType) GetProcAddress (kernel32, "GetSystemTimePreciseAsFileTime");
+ }
++#endif /* WINAPI_PARTITION_DESKTOP */
+ initialized = TRUE;
+ }
+
+--
+2.26.0.windows.1
+
diff --git a/contrib/src/gnutls/0003-win32-move-the-NCRYPT-key-import-into-a-function.patch b/contrib/src/gnutls/0003-win32-move-the-NCRYPT-key-import-into-a-function.patch
new file mode 100644
index 000000000000..5e4a7277caaf
--- /dev/null
+++ b/contrib/src/gnutls/0003-win32-move-the-NCRYPT-key-import-into-a-function.patch
@@ -0,0 +1,408 @@
+From 22dec2bc55b7a7b883cfa09de415da656962b00f Mon Sep 17 00:00:00 2001
+From: Steve Lhomme <robux4 at ycbcr.xyz>
+Date: Wed, 27 May 2020 21:14:50 +0000
+Subject: [PATCH 3/4] win32: move the NCRYPT key import into a function
+
+No functional change. The has been simply moved.
+
+Signed-off-by: Steve Lhomme <robux4 at ycbcr.xyz>
+---
+ lib/system/keys-win.c | 318 +++++++++++++++++++++++-------------------
+ 1 file changed, 176 insertions(+), 142 deletions(-)
+
+diff --git a/lib/system/keys-win.c b/lib/system/keys-win.c
+index 767e37704..f9a4b1ca9 100644
+--- a/lib/system/keys-win.c
++++ b/lib/system/keys-win.c
+@@ -233,6 +233,7 @@ get_id(const char *url, uint8_t * bin, size_t * bin_size, unsigned cert)
+ return 0;
+ }
+
++#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
+ static
+ void *memrev(unsigned char *pvData, DWORD cbData)
+ {
+@@ -436,6 +437,106 @@ static int capi_info(gnutls_privkey_t key, unsigned int flags, void *userdata)
+ return -1;
+ }
+
++static
++int privkey_import_capi(gnutls_privkey_t pkey, const char *url,
++ priv_st *priv, CRYPT_KEY_PROV_INFO *kpi)
++{
++ HCRYPTPROV hCryptProv = NULL;
++ int ret, enc_too = 0;
++ DWORD i, dwErrCode = 0;
++
++ if (CryptAcquireContextW(&hCryptProv,
++ kpi->pwszContainerName,
++ kpi->pwszProvName,
++ kpi->dwProvType, kpi->dwFlags)) {
++ for (i = 0; i < kpi->cProvParam; i++)
++ if (!CryptSetProvParam(hCryptProv,
++ kpi->rgProvParam[i].
++ dwParam,
++ kpi->rgProvParam[i].
++ pbData,
++ kpi->rgProvParam[i].
++ dwFlags)) {
++ dwErrCode = GetLastError();
++ break;
++ };
++ } else {
++ dwErrCode = GetLastError();
++ }
++
++ if (ERROR_SUCCESS != dwErrCode) {
++ _gnutls_debug_log
++ ("error in getting cryptprov: %d from %s\n",
++ (int)GetLastError(), url);
++ ret =
++ gnutls_assert_val
++ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
++ goto cleanup;
++ }
++
++ {
++ BYTE buf[100 + sizeof(PROV_ENUMALGS_EX) * 2];
++ PROV_ENUMALGS_EX *pAlgo = (PROV_ENUMALGS_EX *) buf;
++ DWORD len = sizeof(buf);
++
++ if (CryptGetProvParam
++ (hCryptProv, PP_ENUMALGS_EX, buf, &len,
++ CRYPT_FIRST)) {
++ DWORD hash = 0;
++ do {
++ switch (pAlgo->aiAlgid) {
++ case CALG_RSA_SIGN:
++ priv->pk = GNUTLS_PK_RSA;
++ enc_too = 1;
++ break;
++ case CALG_DSS_SIGN:
++ priv->pk =
++ priv->pk ==
++ GNUTLS_PK_RSA ?
++ GNUTLS_PK_RSA :
++ GNUTLS_PK_DSA;
++ break;
++ case CALG_SHA1:
++ hash = 1;
++ break;
++ case CALG_SHA_256:
++ hash = 256;
++ break;
++ default:
++ break;
++ }
++
++ len = sizeof(buf); // reset the buffer size
++ } while (CryptGetProvParam
++ (hCryptProv, PP_ENUMALGS_EX, buf, &len,
++ CRYPT_NEXT));
++
++ if (priv->pk == GNUTLS_PK_DSA)
++ priv->sign_algo = GNUTLS_SIGN_DSA_SHA1;
++ else
++ priv->sign_algo =
++ (hash >
++ 1) ? GNUTLS_SIGN_RSA_SHA256 :
++ GNUTLS_SIGN_RSA_SHA1;
++ }
++ }
++
++ priv->hCryptProv = hCryptProv;
++ priv->dwKeySpec = kpi->dwKeySpec;
++
++ ret = gnutls_privkey_import_ext3(pkey, priv, capi_sign,
++ (enc_too !=
++ 0) ? capi_decrypt : NULL,
++ capi_deinit, capi_info, 0);
++ cleanup:
++ if (ret < 0) {
++ if (hCryptProv != 0)
++ CryptReleaseContext(hCryptProv, 0);
++ }
++ return ret;
++}
++#endif /* WINAPI_PARTITION_DESKTOP */
++
+ static
+ int cng_sign(gnutls_privkey_t key, void *userdata,
+ const gnutls_datum_t * raw_data, gnutls_datum_t * signature)
+@@ -596,6 +697,70 @@ static int cng_info(gnutls_privkey_t key, unsigned int flags, void *userdata)
+ return -1;
+ }
+
++static
++int privkey_import_ncrypt(gnutls_privkey_t pkey, const char *url,
++ priv_st *priv, CRYPT_KEY_PROV_INFO *kpi, NCRYPT_PROV_HANDLE *sctx)
++{
++ SECURITY_STATUS r;
++ NCRYPT_KEY_HANDLE nc = NULL;
++ int ret, enc_too = 0;
++ WCHAR algo_str[64];
++ DWORD algo_str_size = 0;
++
++ r = pNCryptOpenKey(*sctx, &nc, kpi->pwszContainerName, 0, 0);
++ if (FAILED(r)) {
++ ret =
++ gnutls_assert_val
++ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
++ goto cleanup;
++ }
++
++ r = pNCryptGetProperty(nc, NCRYPT_ALGORITHM_PROPERTY,
++ (BYTE *) algo_str, sizeof(algo_str),
++ &algo_str_size, 0);
++ if (FAILED(r)) {
++ ret =
++ gnutls_assert_val
++ (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
++ goto cleanup;
++ }
++
++ if (StrCmpW(algo_str, BCRYPT_RSA_ALGORITHM) == 0) {
++ priv->pk = GNUTLS_PK_RSA;
++ priv->sign_algo = GNUTLS_SIGN_RSA_SHA256;
++ enc_too = 1;
++ } else if (StrCmpW(algo_str, BCRYPT_DSA_ALGORITHM) == 0) {
++ priv->pk = GNUTLS_PK_DSA;
++ priv->sign_algo = GNUTLS_SIGN_DSA_SHA1;
++ } else if (StrCmpW(algo_str, BCRYPT_ECDSA_P256_ALGORITHM) == 0) {
++ priv->pk = GNUTLS_PK_EC;
++ priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA256;
++ } else if (StrCmpW(algo_str, BCRYPT_ECDSA_P384_ALGORITHM) == 0) {
++ priv->pk = GNUTLS_PK_EC;
++ priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA384;
++ } else if (StrCmpW(algo_str, BCRYPT_ECDSA_P521_ALGORITHM) == 0) {
++ priv->pk = GNUTLS_PK_EC;
++ priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA512;
++ } else {
++ _gnutls_debug_log("unknown key algorithm: %ls\n",
++ algo_str);
++ ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
++ goto cleanup;
++ }
++ priv->nc = nc;
++
++ ret = gnutls_privkey_import_ext3(pkey, priv, cng_sign,
++ (enc_too !=
++ 0) ? cng_decrypt : NULL,
++ cng_deinit, cng_info, 0);
++ cleanup:
++ if (ret < 0) {
++ if (nc != 0)
++ pNCryptFreeObject(nc);
++ }
++ return ret;
++}
++
+ /*-
+ * _gnutls_privkey_import_system:
+ * @pkey: The private key
+@@ -612,25 +777,20 @@ static int cng_info(gnutls_privkey_t key, unsigned int flags, void *userdata)
+ -*/
+ int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url)
+ {
+-#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP)
++#if !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) && _WIN32_WINNT < 0x0A00 /*win10 */
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+-#else
++#else /* WINAPI_PARTITION_DESKTOP || _WIN32_WINNT_WIN10 */
+ uint8_t id[MAX_WID_SIZE];
+ HCERTSTORE store = NULL;
+ size_t id_size;
+ const CERT_CONTEXT *cert = NULL;
+ CRYPT_HASH_BLOB blob;
+ CRYPT_KEY_PROV_INFO *kpi = NULL;
+- NCRYPT_KEY_HANDLE nc = NULL;
+- HCRYPTPROV hCryptProv = NULL;
+ NCRYPT_PROV_HANDLE sctx = NULL;
+ DWORD kpi_size;
+ SECURITY_STATUS r;
+- int ret, enc_too = 0;
+- WCHAR algo_str[64];
+- DWORD algo_str_size = 0;
++ int ret;
+ priv_st *priv;
+- DWORD i, dwErrCode = 0;
+
+ if (ncrypt_init == 0)
+ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+@@ -701,157 +861,31 @@ int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url)
+ r = pNCryptOpenStorageProvider(&sctx, kpi->pwszProvName, 0);
+ if (!FAILED(r)) { /* if this works carry on with CNG */
+
+- r = pNCryptOpenKey(sctx, &nc, kpi->pwszContainerName, 0, 0);
+- if (FAILED(r)) {
+- ret =
+- gnutls_assert_val
+- (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+- goto cleanup;
+- }
+-
+- r = pNCryptGetProperty(nc, NCRYPT_ALGORITHM_PROPERTY,
+- (BYTE *) algo_str, sizeof(algo_str),
+- &algo_str_size, 0);
+- if (FAILED(r)) {
+- ret =
+- gnutls_assert_val
+- (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+- goto cleanup;
+- }
+-
+- if (StrCmpW(algo_str, BCRYPT_RSA_ALGORITHM) == 0) {
+- priv->pk = GNUTLS_PK_RSA;
+- priv->sign_algo = GNUTLS_SIGN_RSA_SHA256;
+- enc_too = 1;
+- } else if (StrCmpW(algo_str, BCRYPT_DSA_ALGORITHM) == 0) {
+- priv->pk = GNUTLS_PK_DSA;
+- priv->sign_algo = GNUTLS_SIGN_DSA_SHA1;
+- } else if (StrCmpW(algo_str, BCRYPT_ECDSA_P256_ALGORITHM) == 0) {
+- priv->pk = GNUTLS_PK_EC;
+- priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA256;
+- } else if (StrCmpW(algo_str, BCRYPT_ECDSA_P384_ALGORITHM) == 0) {
+- priv->pk = GNUTLS_PK_EC;
+- priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA384;
+- } else if (StrCmpW(algo_str, BCRYPT_ECDSA_P521_ALGORITHM) == 0) {
+- priv->pk = GNUTLS_PK_EC;
+- priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA512;
+- } else {
+- _gnutls_debug_log("unknown key algorithm: %ls\n",
+- algo_str);
+- ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
+- goto cleanup;
+- }
+- priv->nc = nc;
+-
+- ret = gnutls_privkey_import_ext3(pkey, priv, cng_sign,
+- (enc_too !=
+- 0) ? cng_decrypt : NULL,
+- cng_deinit, cng_info, 0);
++ ret = privkey_import_ncrypt(pkey, url, priv, kpi, &sctx);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ } else {
++#if !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
++ /* CAPI is not supported in UWP */
++ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
++#else /* WINAPI_PARTITION_DESKTOP */
+ /* this should be CAPI */
+ _gnutls_debug_log
+ ("error in opening CNG keystore: %x from %ls\n", (int)r,
+ kpi->pwszProvName);
+
+- if (CryptAcquireContextW(&hCryptProv,
+- kpi->pwszContainerName,
+- kpi->pwszProvName,
+- kpi->dwProvType, kpi->dwFlags)) {
+- for (i = 0; i < kpi->cProvParam; i++)
+- if (!CryptSetProvParam(hCryptProv,
+- kpi->rgProvParam[i].
+- dwParam,
+- kpi->rgProvParam[i].
+- pbData,
+- kpi->rgProvParam[i].
+- dwFlags)) {
+- dwErrCode = GetLastError();
+- break;
+- };
+- } else {
+- dwErrCode = GetLastError();
+- }
+-
+- if (ERROR_SUCCESS != dwErrCode) {
+- _gnutls_debug_log
+- ("error in getting cryptprov: %d from %s\n",
+- (int)GetLastError(), url);
+- ret =
+- gnutls_assert_val
+- (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+- goto cleanup;
+- }
+-
+- {
+- BYTE buf[100 + sizeof(PROV_ENUMALGS_EX) * 2];
+- PROV_ENUMALGS_EX *pAlgo = (PROV_ENUMALGS_EX *) buf;
+- DWORD len = sizeof(buf);
+-
+- if (CryptGetProvParam
+- (hCryptProv, PP_ENUMALGS_EX, buf, &len,
+- CRYPT_FIRST)) {
+- DWORD hash = 0;
+- do {
+- switch (pAlgo->aiAlgid) {
+- case CALG_RSA_SIGN:
+- priv->pk = GNUTLS_PK_RSA;
+- enc_too = 1;
+- break;
+- case CALG_DSS_SIGN:
+- priv->pk =
+- priv->pk ==
+- GNUTLS_PK_RSA ?
+- GNUTLS_PK_RSA :
+- GNUTLS_PK_DSA;
+- break;
+- case CALG_SHA1:
+- hash = 1;
+- break;
+- case CALG_SHA_256:
+- hash = 256;
+- break;
+- default:
+- break;
+- }
+-
+- len = sizeof(buf); // reset the buffer size
+- } while (CryptGetProvParam
+- (hCryptProv, PP_ENUMALGS_EX, buf, &len,
+- CRYPT_NEXT));
+-
+- if (priv->pk == GNUTLS_PK_DSA)
+- priv->sign_algo = GNUTLS_SIGN_DSA_SHA1;
+- else
+- priv->sign_algo =
+- (hash >
+- 1) ? GNUTLS_SIGN_RSA_SHA256 :
+- GNUTLS_SIGN_RSA_SHA1;
+- }
+- }
+-
+- priv->hCryptProv = hCryptProv;
+- priv->dwKeySpec = kpi->dwKeySpec;
+-
+- ret = gnutls_privkey_import_ext3(pkey, priv, capi_sign,
+- (enc_too !=
+- 0) ? capi_decrypt : NULL,
+- capi_deinit, capi_info, 0);
++ ret = privkey_import_capi(pkey, url, priv, kpi);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
++#endif /* WINAPI_PARTITION_DESKTOP */
+ }
+ ret = 0;
+ cleanup:
+ if (ret < 0) {
+- if (nc != 0)
+- pNCryptFreeObject(nc);
+- if (hCryptProv != 0)
+- CryptReleaseContext(hCryptProv, 0);
+ gnutls_free(priv);
+ }
+ if (sctx != 0)
+@@ -864,7 +898,7 @@ int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url)
+
+ CertCloseStore(store, 0);
+ return ret;
+-#endif
++#endif /* WINAPI_PARTITION_DESKTOP || _WIN32_WINNT_WIN10 */
+ }
+
+ int _gnutls_x509_crt_import_system_url(gnutls_x509_crt_t crt, const char *url)
+--
+2.26.0.windows.1
+
diff --git a/contrib/src/gnutls/0004-stat-do-not-use-LoadLibrary-when-built-for-Windows-S.patch b/contrib/src/gnutls/0004-stat-do-not-use-LoadLibrary-when-built-for-Windows-S.patch
new file mode 100644
index 000000000000..da1b29299634
--- /dev/null
+++ b/contrib/src/gnutls/0004-stat-do-not-use-LoadLibrary-when-built-for-Windows-S.patch
@@ -0,0 +1,52 @@
+From 550cedcf712e868a04d52bc958b12bd0de6f574a Mon Sep 17 00:00:00 2001
+From: Steve Lhomme <robux4 at ycbcr.xyz>
+Date: Tue, 19 May 2020 07:46:16 +0200
+Subject: [PATCH 4/4] stat: do not use LoadLibrary when built for Windows Store
+ apps
+
+LoadLibrary is forbidden in such apps (can only load DLLs from within the app
+package).
+The API entries are available to all apps linking with the Windows API as found
+here:
+https://docs.microsoft.com/en-us/uwp/win32-and-com/win32-apis
+
+windowsapp.lib (and mincore.lib for Windows 8) are both available in MinGW as
+well.
+
+GetFinalPathNameByHandleA is only allowed in Win10 UWP apps
+GetFileInformationByHandleEx is allowed in Win8 and Win10 UWP apps.
+---
+ gl/stat-w32.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/gl/stat-w32.c b/gl/stat-w32.c
+index b9163f56e..fc5ec5b2f 100644
+--- a/gl/stat-w32.c
++++ b/gl/stat-w32.c
+@@ -63,6 +63,15 @@ static BOOL initialized = FALSE;
+ static void
+ initialize (void)
+ {
++#if !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
++ /* LoadLibrary not allowed but the functions are available with the windows runtime */
++#if _GL_WINDOWS_STAT_INODES == 2
++ GetFileInformationByHandleExFunc = GetFileInformationByHandleEx;
++#endif
++#if _WIN32_WINNT >= 0x0A00 /* _WIN32_WINNT_WIN10 */
++ GetFinalPathNameByHandleFunc = GetFinalPathNameByHandleA;
++#endif
++#else /* WINAPI_PARTITION_DESKTOP */
+ HMODULE kernel32 = LoadLibrary ("kernel32.dll");
+ if (kernel32 != NULL)
+ {
+@@ -73,6 +82,7 @@ initialize (void)
+ GetFinalPathNameByHandleFunc =
+ (GetFinalPathNameByHandleFuncType) GetProcAddress (kernel32, "GetFinalPathNameByHandleA");
+ }
++#endif /* WINAPI_PARTITION_DESKTOP */
+ initialized = TRUE;
+ }
+
+--
+2.26.0.windows.1
+
diff --git a/contrib/src/gnutls/0004-win32-use-bcrypt-instead-of-CryptoAPI-on-Vista-for-r.patch b/contrib/src/gnutls/0004-win32-use-bcrypt-instead-of-CryptoAPI-on-Vista-for-r.patch
new file mode 100644
index 000000000000..b02347197b87
--- /dev/null
+++ b/contrib/src/gnutls/0004-win32-use-bcrypt-instead-of-CryptoAPI-on-Vista-for-r.patch
@@ -0,0 +1,166 @@
+From 77bd6b10ceef0ddeeba06d84ed1f43091667de9c Mon Sep 17 00:00:00 2001
+From: Steve Lhomme <robux4 at ycbcr.xyz>
+Date: Wed, 29 Apr 2020 10:32:08 +0200
+Subject: [PATCH 4/4] win32: use bcrypt instead of CryptoAPI on Vista+ for
+ random numbers
+
+CryptoAPI is a deprecated API [1] that is forbidden in UWP builds.
+
+Rewrite the CryptoAPI calls in bcrypt.
+
+bcrypt is used instead of CryptoAPI when targeting Windows Vista and above.
+
+https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptdecrypt
+
+Signed-off-by: Steve Lhomme <robux4 at ycbcr.xyz>
+---
+ configure.ac | 7 +++
+ lib/gnutls.pc.in | 2 +-
+ lib/nettle/Makefile.am | 4 ++
+ lib/nettle/sysrng-bcrypt.c | 88 ++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 100 insertions(+), 1 deletion(-)
+ create mode 100644 lib/nettle/sysrng-bcrypt.c
+
+diff --git a/configure.ac b/configure.ac
+index 11047535b..1bc274e86 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -602,6 +602,13 @@ fi
+
+ AM_CONDITIONAL(HAVE_LIBIDN2, test "$with_libidn2" != "no")
+
++if test "x$have_vista_dynamic" = "xno"; then
++ AC_CHECK_TYPES([BCRYPT_ALG_HANDLE],[LIBBCRYPT="-lbcrypt"],[],[#include <windows.h>
++ #include <bcrypt.h>])
++fi
++AM_CONDITIONAL(HAVE_BCRYPT, test "$ac_cv_type_BCRYPT_ALG_HANDLE" = "yes")
++AC_SUBST([LIBBCRYPT])
++
+ AC_ARG_ENABLE(non-suiteb-curves,
+ AS_HELP_STRING([--disable-non-suiteb-curves], [disable curves not in SuiteB]),
+ enable_non_suiteb=$enableval, enable_non_suiteb=yes)
+diff --git a/lib/gnutls.pc.in b/lib/gnutls.pc.in
+index 3e0f7fafb..989322601 100644
+--- a/lib/gnutls.pc.in
++++ b/lib/gnutls.pc.in
+@@ -19,6 +19,6 @@ Description: Transport Security Layer implementation for the GNU system
+ URL: https://www.gnutls.org/
+ Version: @VERSION@
+ Libs: -L${libdir} -lgnutls
+-Libs.private: @LIBINTL@ @LIBSOCKET@ @INET_PTON_LIB@ @LIBPTHREAD@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LIBUNISTRING@ @LIBIDN2_LIBS@ @LIBATOMIC_LIBS@ @LIB_CRYPT32@ @LIBNCRYPT@
++Libs.private: @LIBINTL@ @LIBSOCKET@ @INET_PTON_LIB@ @LIBPTHREAD@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LIBUNISTRING@ @LIBIDN2_LIBS@ @LIBATOMIC_LIBS@ @LIB_CRYPT32@ @LIBNCRYPT@ @LIBBCRYPT@
+ @GNUTLS_REQUIRES_PRIVATE@
+ Cflags: -I${includedir}
+diff --git a/lib/nettle/Makefile.am b/lib/nettle/Makefile.am
+index 84bb90a24..541a0b6e0 100644
+--- a/lib/nettle/Makefile.am
++++ b/lib/nettle/Makefile.am
+@@ -51,7 +51,11 @@ libcrypto_la_SOURCES = pk.c mpi.c mac.c cipher.c init.c \
+ int/mpn-base256.c int/mpn-base256.h
+
+ if WINDOWS
++if HAVE_BCRYPT
++libcrypto_la_SOURCES += sysrng-bcrypt.c
++else
+ libcrypto_la_SOURCES += sysrng-windows.c
++endif
+ else
+ if HAVE_GETENTROPY
+ libcrypto_la_SOURCES += sysrng-getentropy.c
+diff --git a/lib/nettle/sysrng-bcrypt.c b/lib/nettle/sysrng-bcrypt.c
+new file mode 100644
+index 000000000..10dc9ac83
+--- /dev/null
++++ b/lib/nettle/sysrng-bcrypt.c
+@@ -0,0 +1,88 @@
++/*
++ * Copyright (C) 2010-2016 Free Software Foundation, Inc.
++ * Copyright (C) 2015-2016 Red Hat, Inc.
++ * Copyright (C) 2000, 2001, 2008 Niels Möller
++ *
++ * Author: Nikos Mavrogiannopoulos
++ *
++ * This file is part of GNUTLS.
++ *
++ * The GNUTLS library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public License
++ * as published by the Free Software Foundation; either version 2.1 of
++ * the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public License
++ * along with this program. If not, see <https://www.gnu.org/licenses/>
++ *
++ */
++
++/* Here are the common parts of the random generator layer.
++ * Some of this code was based on the LSH
++ * random generator (the trivia and device source functions for POSIX)
++ * and modified to fit gnutls' needs. Relicenced with permission.
++ * Original author Niels Möller.
++ */
++
++#include "gnutls_int.h"
++#include "errors.h"
++#include <locks.h>
++#include <num.h>
++#include <nettle/yarrow.h>
++#include <errno.h>
++#include <rnd-common.h>
++#include <hash-pjw-bare.h>
++
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <unistd.h>
++
++/* The windows randomness gatherer.
++ */
++
++#include <windows.h>
++#include <bcrypt.h>
++
++get_entropy_func _rnd_get_system_entropy = NULL;
++
++static BCRYPT_ALG_HANDLE device_fd = 0;
++
++static
++int _rnd_get_system_entropy_win32(void* rnd, size_t size)
++{
++ NTSTATUS err = BCryptGenRandom(device_fd, rnd, size, 0);
++ if (!BCRYPT_SUCCESS(err)) {
++ _gnutls_debug_log("Error in BCryptGenRandom: %ld\n", err);
++ return GNUTLS_E_RANDOM_DEVICE_ERROR;
++ }
++
++ return 0;
++}
++
++int _rnd_system_entropy_check(void)
++{
++ return 0;
++}
++
++int _rnd_system_entropy_init(void)
++{
++ NTSTATUS err = BCryptOpenAlgorithmProvider
++ (&device_fd, BCRYPT_RNG_ALGORITHM, NULL, 0);
++ if (!BCRYPT_SUCCESS(err)) {
++ _gnutls_debug_log("error in BCryptOpenAlgorithmProvider!\n");
++ return GNUTLS_E_RANDOM_DEVICE_ERROR;
++ }
++
++ _rnd_get_system_entropy = _rnd_get_system_entropy_win32;
++ return 0;
++}
++
++void _rnd_system_entropy_deinit(void)
++{
++ BCryptCloseAlgorithmProvider(device_fd, 0);
++}
+--
+2.26.0.windows.1
+
diff --git a/contrib/src/gnutls/rules.mak b/contrib/src/gnutls/rules.mak
index 7c73402ac9f9..ce70fe7efd5c 100644
--- a/contrib/src/gnutls/rules.mak
+++ b/contrib/src/gnutls/rules.mak
@@ -20,7 +20,23 @@ $(TARBALLS)/gnutls-$(GNUTLS_VERSION).tar.xz:
gnutls: gnutls-$(GNUTLS_VERSION).tar.xz .sum-gnutls
$(UNPACK)
ifdef HAVE_WIN32
- cd $(UNPACK_DIR) && sed -i.orig -e s/"@INET_PTON_LIB@ @LIBPTHREAD@"/"@INET_PTON_LIB@ -lcrypt32 @LIBPTHREAD@"/g lib/gnutls.pc.in
+ # rebased merged MR !1257 on top of 3.6.13
+ $(APPLY) $(SRC)/gnutls/0001-win32-link-with-crypt32.patch
+ # rebased merged MR !1254 on top of 3.6.13, minus the gitlab CI changes
+ $(APPLY) $(SRC)/gnutls/0002-configure.ac-determine-if-the-Vista-APIs-can-be-link.patch
+ # rebased merged MR !1256 on top of 3.6.13
+ $(APPLY) $(SRC)/gnutls/0003-win32-move-the-NCRYPT-key-import-into-a-function.patch
+ # rebased pending MR !1255 on top of 3.6.13
+ $(APPLY) $(SRC)/gnutls/0004-win32-use-bcrypt-instead-of-CryptoAPI-on-Vista-for-r.patch
+
+ # gnulib upstream patches edited for
+ $(APPLY) $(SRC)/gnutls/0001-Improve-pattern-for-defining-_WIN32_WINNT.patch
+ $(APPLY) $(SRC)/gnutls/0002-Don-t-assume-that-UNICODE-is-not-defined.patch
+
+ # gnulib proposed patches
+ $(APPLY) $(SRC)/gnutls/0003-gettimeofday-do-not-use-LoadLibrary-when-built-for-W.patch
+ $(APPLY) $(SRC)/gnutls/0004-stat-do-not-use-LoadLibrary-when-built-for-Windows-S.patch
+
# disable the dllimport in static linking (pkg-config --static doesn't handle Cflags.private)
cd $(UNPACK_DIR) && sed -i.orig -e s/"_SYM_EXPORT __declspec(dllimport)"/"_SYM_EXPORT"/g lib/includes/gnutls/gnutls.h.in
endif
@@ -29,7 +45,7 @@ ifdef HAVE_ANDROID
endif
cd $(UNPACK_DIR) && sed -i.orig -e 's/@LIBATOMIC_LIBS@/@LIBATOMIC_LIBS@ @HOGWEED_LIBS@ @NETTLE_LIBS@/' lib/gnutls.pc.in
$(call pkg_static,"lib/gnutls.pc.in")
- $(UPDATE_AUTOCONFIG)
+ $(UPDATE_AUTOCONFIG) && cd $(UNPACK_DIR) && rm -rf aclocal.m4
$(MOVE)
GNUTLS_CONF := \
--
2.26.2
More information about the vlc-devel
mailing list