2007-01-16 00:15:20 +01:00
|
|
|
#
|
2011-06-16 09:57:04 +02:00
|
|
|
# spec file for package gnutls
|
2007-01-16 00:15:20 +01:00
|
|
|
#
|
2021-02-02 18:34:55 +01:00
|
|
|
# Copyright (c) 2021 SUSE LLC
|
2007-01-16 00:15:20 +01:00
|
|
|
#
|
2008-11-02 15:41:35 +01:00
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
|
2018-10-15 10:27:49 +02:00
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
2007-01-16 00:15:20 +01:00
|
|
|
#
|
|
|
|
|
|
2011-08-24 13:44:23 +02:00
|
|
|
|
Accepting request 295655 from Base:System
- updated to 3.4.0 (released 2015-04-08)
** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251)
ciphersuites. The former are enabled by default, the latter need to be
explicitly enabled, since they reduce the overall security level.
** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following
draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10.
That is currently provided as technology preview and is not enabled by
default, since there are no assigned ciphersuite points by IETF and there
is no guarrantee of compatibility between draft versions. The ciphersuite
priority string to enable it is "+CHACHA20-POLY1305".
** libgnutls: Added support for encrypt-then-authenticate in CBC
ciphersuites (RFC7366 -taking into account its errata text). This is
enabled by default and can be disabled using the %NO_ETM priority
string.
** libgnutls: Added support for the extended master secret
(triple-handshake fix) following draft-ietf-tls-session-hash-02.
** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h).
** libgnutls: SSL 3.0 is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+VERS-SSL3.0".
** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+ARCFOUR-128".
** libgnutls: DSA signatures and DHE-DSS are no longer included in the
default priorities list. They have to be explicitly enabled, e.g., with
a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The
DSA ciphersuites were dropped because they had no deployment at all
on the internet, to justify their inclusion.
** libgnutls: The priority string EXPORT was completely removed. The string
OBS-URL: https://build.opensuse.org/request/show/295655
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=83
2015-04-18 10:38:18 +02:00
|
|
|
%define gnutls_sover 30
|
2011-08-24 13:44:12 +02:00
|
|
|
%define gnutlsxx_sover 28
|
2017-08-29 11:40:38 +02:00
|
|
|
%define gnutls_dane_sover 0
|
2019-04-04 16:11:38 +02:00
|
|
|
# unbound isn't in SLE (bsc#1086428)
|
|
|
|
|
%if 0%{?is_opensuse}
|
2016-12-29 22:41:21 +01:00
|
|
|
%bcond_without dane
|
2018-04-10 09:48:38 +02:00
|
|
|
%else
|
|
|
|
|
%bcond_with dane
|
2018-03-30 11:56:05 +02:00
|
|
|
%endif
|
2021-06-01 14:42:43 +02:00
|
|
|
# Enable Linux kernel AF_ALG based acceleration
|
|
|
|
|
%if 0%{?suse_version} >= 1550
|
|
|
|
|
%bcond_without kcapi
|
|
|
|
|
%else
|
|
|
|
|
%bcond_with kcapi
|
|
|
|
|
%endif
|
2016-12-29 22:41:21 +01:00
|
|
|
%bcond_with tpm
|
|
|
|
|
%bcond_without guile
|
2007-01-16 00:15:20 +01:00
|
|
|
Name: gnutls
|
2021-06-01 14:42:43 +02:00
|
|
|
Version: 3.7.2
|
2012-05-21 10:25:22 +02:00
|
|
|
Release: 0
|
2007-01-16 00:15:20 +01:00
|
|
|
Summary: The GNU Transport Layer Security Library
|
2021-05-14 16:01:30 +02:00
|
|
|
License: GPL-3.0-or-later AND LGPL-2.1-or-later
|
2007-01-16 00:15:20 +01:00
|
|
|
Group: Productivity/Networking/Security
|
2019-07-31 19:35:10 +02:00
|
|
|
URL: https://www.gnutls.org/
|
2021-02-02 18:34:55 +01:00
|
|
|
Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz
|
|
|
|
|
Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz.sig
|
|
|
|
|
Source2: gnutls.keyring
|
2013-07-01 15:54:42 +02:00
|
|
|
Source3: baselibs.conf
|
2020-12-05 18:16:13 +01:00
|
|
|
Patch0: gnutls-3.5.11-skip-trust-store-tests.patch
|
|
|
|
|
Patch1: gnutls-3.6.6-set_guile_site_dir.patch
|
|
|
|
|
Patch2: gnutls-temporarily_disable_broken_guile_reauth_test.patch
|
|
|
|
|
Patch3: gnutls-FIPS-TLS_KDF_selftest.patch
|
2015-08-25 07:17:02 +02:00
|
|
|
BuildRequires: autogen
|
2011-12-02 16:25:49 +01:00
|
|
|
BuildRequires: automake
|
2016-07-09 09:21:14 +02:00
|
|
|
BuildRequires: datefudge
|
2016-05-04 08:17:29 +02:00
|
|
|
BuildRequires: fdupes
|
2019-10-01 17:18:43 +02:00
|
|
|
BuildRequires: fipscheck
|
2011-08-24 13:44:12 +02:00
|
|
|
BuildRequires: gcc-c++
|
2017-09-12 19:38:08 +02:00
|
|
|
# The test suite calls /usr/bin/ss from iproute2. It's our own duty to ensure we have it present
|
|
|
|
|
BuildRequires: iproute2
|
2017-02-22 13:50:20 +01:00
|
|
|
BuildRequires: libidn2-devel
|
2021-02-02 18:34:55 +01:00
|
|
|
BuildRequires: libnettle-devel >= 3.6
|
2016-12-29 22:41:21 +01:00
|
|
|
BuildRequires: libtasn1-devel >= 4.9
|
2012-05-31 17:04:51 +02:00
|
|
|
BuildRequires: libtool
|
2016-12-29 22:41:21 +01:00
|
|
|
BuildRequires: libunistring-devel
|
2017-08-29 11:40:38 +02:00
|
|
|
BuildRequires: makeinfo
|
2016-12-29 22:41:21 +01:00
|
|
|
BuildRequires: p11-kit-devel >= 0.23.1
|
|
|
|
|
BuildRequires: pkgconfig
|
|
|
|
|
BuildRequires: xz
|
|
|
|
|
BuildRequires: zlib-devel
|
2019-07-31 19:35:10 +02:00
|
|
|
BuildRequires: pkgconfig(autoopts)
|
2021-06-01 14:42:43 +02:00
|
|
|
%if %{with kcapi}
|
|
|
|
|
BuildRequires: pkgconfig(libkcapi)
|
|
|
|
|
%endif
|
2016-10-10 16:16:31 +02:00
|
|
|
%if 0%{?suse_version} <= 1320
|
|
|
|
|
BuildRequires: net-tools
|
|
|
|
|
%else
|
2016-07-09 09:21:14 +02:00
|
|
|
BuildRequires: net-tools-deprecated
|
2016-10-10 16:16:31 +02:00
|
|
|
%endif
|
2015-03-30 19:32:11 +02:00
|
|
|
%if %{with tpm}
|
|
|
|
|
BuildRequires: trousers-devel
|
|
|
|
|
%endif
|
|
|
|
|
%if %{with dane}
|
2016-12-29 22:41:21 +01:00
|
|
|
Requires: libgnutls-dane%{gnutls_dane_sover} = %{version}
|
2016-10-10 16:16:31 +02:00
|
|
|
%if 0%{?suse_version} <= 1320
|
|
|
|
|
BuildRequires: unbound-devel
|
|
|
|
|
%else
|
2016-02-24 14:25:15 +01:00
|
|
|
BuildRequires: libunbound-devel
|
2016-10-10 16:16:31 +02:00
|
|
|
%endif
|
2015-03-30 19:32:11 +02:00
|
|
|
%endif
|
2016-05-04 08:17:29 +02:00
|
|
|
%if %{with guile}
|
|
|
|
|
BuildRequires: guile-devel
|
|
|
|
|
%endif
|
2021-02-02 18:34:55 +01:00
|
|
|
%if 0%{?suse_version} && ! 0%{?sle_version}
|
2020-12-22 10:48:35 +01:00
|
|
|
Requires: crypto-policies
|
2021-02-02 18:34:55 +01:00
|
|
|
%endif
|
2007-01-16 00:15:20 +01:00
|
|
|
|
|
|
|
|
%description
|
2017-08-29 11:40:38 +02:00
|
|
|
The GnuTLS library provides a secure layer over a reliable transport
|
|
|
|
|
layer. Currently the GnuTLS library implements the proposed standards
|
2019-04-08 11:25:11 +02:00
|
|
|
of the IETF's TLS working group.
|
2007-01-16 00:15:20 +01:00
|
|
|
|
2011-08-24 13:44:12 +02:00
|
|
|
%package -n libgnutls%{gnutls_sover}
|
2008-02-28 01:56:17 +01:00
|
|
|
Summary: The GNU Transport Layer Security Library
|
2020-04-02 12:58:27 +02:00
|
|
|
# install libopenssl and libopenssl-hmac close together (bsc#1090765)
|
2018-03-30 11:56:05 +02:00
|
|
|
License: LGPL-2.1-or-later
|
2017-08-29 11:40:38 +02:00
|
|
|
Group: System/Libraries
|
2021-05-31 11:16:21 +02:00
|
|
|
%if 0%{?suse_version} && ! 0%{?sle_version}
|
|
|
|
|
Requires: crypto-policies
|
|
|
|
|
%endif
|
2020-04-02 12:58:27 +02:00
|
|
|
Suggests: libgnutls%{gnutls_sover}-hmac = %{version}-%{release}
|
2008-02-28 01:56:17 +01:00
|
|
|
|
2011-08-24 13:44:12 +02:00
|
|
|
%description -n libgnutls%{gnutls_sover}
|
2017-08-29 11:40:38 +02:00
|
|
|
The GnuTLS library provides a secure layer over a reliable transport
|
|
|
|
|
layer. Currently the GnuTLS library implements the proposed standards
|
2019-04-08 11:25:11 +02:00
|
|
|
of the IETF's TLS working group.
|
2008-02-28 01:56:17 +01:00
|
|
|
|
2020-04-02 12:58:27 +02:00
|
|
|
%package -n libgnutls%{gnutls_sover}-hmac
|
|
|
|
|
Summary: Checksums of the GNU Transport Layer Security Library
|
|
|
|
|
License: LGPL-2.1-or-later
|
|
|
|
|
Group: System/Libraries
|
|
|
|
|
Requires: libgnutls%{gnutls_sover} = %{version}-%{release}
|
|
|
|
|
|
|
|
|
|
%description -n libgnutls%{gnutls_sover}-hmac
|
|
|
|
|
FIPS SHA256 checksums of the libgnutls library.
|
|
|
|
|
|
2015-03-30 19:32:11 +02:00
|
|
|
%package -n libgnutls-dane%{gnutls_dane_sover}
|
2018-04-10 09:48:38 +02:00
|
|
|
Summary: DANE support for the GNU Transport Layer Security Library
|
2018-03-30 11:56:05 +02:00
|
|
|
License: LGPL-2.1-or-later
|
2018-04-10 09:48:38 +02:00
|
|
|
Group: System/Libraries
|
2015-03-30 19:32:11 +02:00
|
|
|
|
|
|
|
|
%description -n libgnutls-dane%{gnutls_dane_sover}
|
|
|
|
|
The GnuTLS project aims to develop a library that provides a secure
|
2016-12-29 22:41:21 +01:00
|
|
|
layer over a reliable transport layer.
|
2015-03-30 19:32:11 +02:00
|
|
|
This package contains the "DANE" part of gnutls.
|
|
|
|
|
|
2011-08-24 13:44:12 +02:00
|
|
|
%package -n libgnutlsxx%{gnutlsxx_sover}
|
2017-08-29 11:40:38 +02:00
|
|
|
Summary: C++ API for the GNU Transport Layer Security Library
|
2018-03-30 11:56:05 +02:00
|
|
|
License: LGPL-2.1-or-later
|
2017-08-29 11:40:38 +02:00
|
|
|
Group: System/Libraries
|
2021-05-31 11:16:21 +02:00
|
|
|
%if 0%{?suse_version} && ! 0%{?sle_version}
|
|
|
|
|
Requires: crypto-policies
|
|
|
|
|
%endif
|
2008-02-28 01:56:17 +01:00
|
|
|
|
2011-08-24 13:44:12 +02:00
|
|
|
%description -n libgnutlsxx%{gnutlsxx_sover}
|
2017-08-29 11:40:38 +02:00
|
|
|
The GnuTLS library provides a secure layer over a reliable transport
|
2019-04-08 11:25:11 +02:00
|
|
|
layer. Currently the GnuTLS library implements the proposed standards
|
|
|
|
|
of the IETF's TLS working group.
|
2007-10-25 18:10:26 +02:00
|
|
|
|
|
|
|
|
%package -n libgnutls-devel
|
2017-08-29 11:40:38 +02:00
|
|
|
Summary: Development package for the GnuTLS C API
|
2018-03-30 11:56:05 +02:00
|
|
|
License: LGPL-2.1-or-later
|
2007-08-03 16:29:06 +02:00
|
|
|
Group: Development/Libraries/C and C++
|
2021-05-31 11:16:21 +02:00
|
|
|
%if 0%{?suse_version} && ! 0%{?sle_version}
|
|
|
|
|
Requires: crypto-policies
|
|
|
|
|
%endif
|
2011-08-24 13:44:12 +02:00
|
|
|
Requires: glibc-devel
|
2021-05-31 11:16:21 +02:00
|
|
|
Requires: gnutls = %{version}
|
2011-08-24 13:44:12 +02:00
|
|
|
Requires: libgnutls%{gnutls_sover} = %{version}
|
2017-08-29 11:40:38 +02:00
|
|
|
Requires(pre): %{install_info_prereq}
|
2012-05-22 10:11:29 +02:00
|
|
|
Provides: gnutls-devel = %{version}-%{release}
|
2008-02-28 01:56:17 +01:00
|
|
|
|
|
|
|
|
%description -n libgnutls-devel
|
|
|
|
|
Files needed for software development using gnutls.
|
|
|
|
|
|
2016-02-24 14:25:15 +01:00
|
|
|
%package -n libgnutls-dane-devel
|
2017-08-29 11:40:38 +02:00
|
|
|
Summary: Development package for GnuTLS DANE component
|
2018-03-30 11:56:05 +02:00
|
|
|
License: LGPL-2.1-or-later
|
2016-02-24 14:25:15 +01:00
|
|
|
Group: Development/Libraries/C and C++
|
|
|
|
|
Requires: libgnutls-dane%{gnutls_dane_sover} = %{version}
|
|
|
|
|
|
|
|
|
|
%description -n libgnutls-dane-devel
|
|
|
|
|
Files needed for software development using gnutls.
|
|
|
|
|
|
2011-08-24 13:44:12 +02:00
|
|
|
%package -n libgnutlsxx-devel
|
2017-08-29 11:40:38 +02:00
|
|
|
Summary: Development package for the GnuTLS C++ API
|
2018-03-30 11:56:05 +02:00
|
|
|
License: LGPL-2.1-or-later
|
2011-08-24 13:44:12 +02:00
|
|
|
Group: Development/Libraries/C and C++
|
|
|
|
|
Requires: libgnutls-devel = %{version}
|
2012-05-21 10:25:22 +02:00
|
|
|
Requires: libgnutlsxx%{gnutlsxx_sover} = %{version}
|
2011-08-24 13:44:12 +02:00
|
|
|
Requires: libstdc++-devel
|
2017-08-29 11:40:38 +02:00
|
|
|
Requires(pre): %{install_info_prereq}
|
2011-08-24 13:44:12 +02:00
|
|
|
|
|
|
|
|
%description -n libgnutlsxx-devel
|
|
|
|
|
Files needed for software development using gnutls.
|
|
|
|
|
|
2021-02-02 18:34:55 +01:00
|
|
|
%if %{with guile}
|
2016-05-04 08:17:29 +02:00
|
|
|
%package guile
|
|
|
|
|
Summary: Guile wrappers for gnutls
|
2018-03-30 11:56:05 +02:00
|
|
|
License: LGPL-2.1-or-later
|
2016-05-04 08:17:29 +02:00
|
|
|
Group: Development/Libraries/Other
|
|
|
|
|
Requires: guile
|
|
|
|
|
|
|
|
|
|
%description guile
|
2017-08-29 11:40:38 +02:00
|
|
|
GnuTLS Wrappers for GNU Guile, a dialect of Scheme.
|
2021-02-02 18:34:55 +01:00
|
|
|
%endif
|
2008-02-28 01:56:17 +01:00
|
|
|
|
2007-01-16 00:15:20 +01:00
|
|
|
%prep
|
2020-04-02 12:58:27 +02:00
|
|
|
%autosetup -p1
|
2007-01-16 00:15:20 +01:00
|
|
|
|
2021-02-02 18:34:55 +01:00
|
|
|
echo "SYSTEM=NORMAL" >> tests/system.prio
|
|
|
|
|
|
2007-01-16 00:15:20 +01:00
|
|
|
%build
|
2021-02-02 18:34:55 +01:00
|
|
|
%define _lto_cflags %{nil}
|
2015-01-03 22:03:04 +01:00
|
|
|
export LDFLAGS="-pie"
|
2016-12-29 22:41:21 +01:00
|
|
|
export CFLAGS="%{optflags} -fPIE"
|
|
|
|
|
export CXXFLAGS="%{optflags} -fPIE"
|
2018-08-23 09:10:46 +02:00
|
|
|
#autoreconf -fiv
|
2011-08-24 13:44:12 +02:00
|
|
|
%configure \
|
2013-07-09 20:49:54 +02:00
|
|
|
gl_cv_func_printf_directive_n=yes \
|
|
|
|
|
gl_cv_func_printf_infinite_long_double=yes \
|
2011-08-24 13:44:12 +02:00
|
|
|
--disable-static \
|
2011-10-11 17:16:18 +02:00
|
|
|
--disable-rpath \
|
|
|
|
|
--disable-silent-rules \
|
2021-06-01 14:42:43 +02:00
|
|
|
%{?with_kcapi:--enable-afalg} \
|
2020-12-22 10:48:35 +01:00
|
|
|
--with-default-trust-store-dir=%{_localstatedir}/lib/ca-certificates/pem \
|
2020-12-05 18:16:13 +01:00
|
|
|
--with-system-priority-file=%{_sysconfdir}/crypto-policies/back-ends/gnutls.config \
|
|
|
|
|
--with-default-priority-string="@SYSTEM" \
|
2015-03-30 19:32:11 +02:00
|
|
|
--with-sysroot=/%{?_sysroot} \
|
|
|
|
|
%if %{without tpm}
|
|
|
|
|
--without-tpm \
|
|
|
|
|
%endif
|
|
|
|
|
%if %{with dane}
|
2016-12-29 22:41:21 +01:00
|
|
|
--with-unbound-root-key-file=%{_localstatedir}/lib/unbound/root.key \
|
2015-03-30 19:32:11 +02:00
|
|
|
%else
|
|
|
|
|
--disable-libdane \
|
Accepting request 295655 from Base:System
- updated to 3.4.0 (released 2015-04-08)
** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251)
ciphersuites. The former are enabled by default, the latter need to be
explicitly enabled, since they reduce the overall security level.
** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following
draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10.
That is currently provided as technology preview and is not enabled by
default, since there are no assigned ciphersuite points by IETF and there
is no guarrantee of compatibility between draft versions. The ciphersuite
priority string to enable it is "+CHACHA20-POLY1305".
** libgnutls: Added support for encrypt-then-authenticate in CBC
ciphersuites (RFC7366 -taking into account its errata text). This is
enabled by default and can be disabled using the %NO_ETM priority
string.
** libgnutls: Added support for the extended master secret
(triple-handshake fix) following draft-ietf-tls-session-hash-02.
** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h).
** libgnutls: SSL 3.0 is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+VERS-SSL3.0".
** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+ARCFOUR-128".
** libgnutls: DSA signatures and DHE-DSS are no longer included in the
default priorities list. They have to be explicitly enabled, e.g., with
a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The
DSA ciphersuites were dropped because they had no deployment at all
on the internet, to justify their inclusion.
** libgnutls: The priority string EXPORT was completely removed. The string
OBS-URL: https://build.opensuse.org/request/show/295655
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=83
2015-04-18 10:38:18 +02:00
|
|
|
%endif
|
2017-09-25 13:50:29 +02:00
|
|
|
--enable-fips140-mode \
|
2020-12-22 10:48:35 +01:00
|
|
|
%{nil}
|
2020-12-05 18:16:13 +01:00
|
|
|
|
2016-12-29 22:41:21 +01:00
|
|
|
make %{?_smp_mflags}
|
2007-01-16 00:15:20 +01:00
|
|
|
|
|
|
|
|
%install
|
2011-08-24 13:44:12 +02:00
|
|
|
%make_install
|
|
|
|
|
rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot
|
2007-10-25 18:10:26 +02:00
|
|
|
# Do not package static libs and libtool files
|
2016-12-29 22:41:21 +01:00
|
|
|
find %{buildroot} -type f -name "*.la" -delete -print
|
2012-11-28 10:29:35 +01:00
|
|
|
|
2021-05-14 16:01:30 +02:00
|
|
|
# Compute FIPS hmac using the brp-50-generate-fips-hmac script
|
|
|
|
|
export BRP_FIPSHMAC_FILES=%{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover}
|
|
|
|
|
|
2012-11-28 10:29:35 +01:00
|
|
|
# install docs
|
2016-12-29 22:41:21 +01:00
|
|
|
mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/
|
2019-07-31 19:35:10 +02:00
|
|
|
cp doc/gnutls.html doc/*.png %{buildroot}%{_docdir}/libgnutls-devel/
|
2016-12-29 22:41:21 +01:00
|
|
|
mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/reference
|
|
|
|
|
cp doc/reference/html/* %{buildroot}%{_docdir}/libgnutls-devel/reference/
|
|
|
|
|
mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/examples
|
|
|
|
|
cp doc/examples/*.{c,h} %{buildroot}%{_docdir}/libgnutls-devel/examples/
|
2012-11-28 10:29:35 +01:00
|
|
|
|
2016-05-04 08:17:29 +02:00
|
|
|
# PNG files are replaced with the compressed files and that breaks
|
|
|
|
|
# deduplication, this is workaround
|
2017-05-06 18:25:05 +02:00
|
|
|
find %{buildroot}%{_datadir} -name '*.png' -exec gzip -n -9 {} +
|
2017-08-29 11:40:38 +02:00
|
|
|
rm -rf %{buildroot}%{_datadir}/doc/gnutls
|
2016-05-04 08:17:29 +02:00
|
|
|
%fdupes -s %{buildroot}%{_datadir}
|
|
|
|
|
|
2011-08-24 13:44:12 +02:00
|
|
|
%find_lang libgnutls --all-name
|
2007-01-16 00:15:20 +01:00
|
|
|
|
2012-11-28 10:29:35 +01:00
|
|
|
%check
|
2012-12-03 09:36:19 +01:00
|
|
|
%if ! 0%{?qemu_user_space_build}
|
2020-12-22 10:48:35 +01:00
|
|
|
#make %%{?_smp_mflags} check || {
|
2020-12-05 18:16:13 +01:00
|
|
|
make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null || {
|
2017-08-29 11:40:38 +02:00
|
|
|
find -name test-suite.log -print -exec cat {} +
|
2015-04-28 20:42:20 +02:00
|
|
|
exit 1
|
|
|
|
|
}
|
2012-12-03 09:36:19 +01:00
|
|
|
%endif
|
2012-11-28 10:29:35 +01:00
|
|
|
|
2011-08-24 13:44:12 +02:00
|
|
|
%post -n libgnutls%{gnutls_sover} -p /sbin/ldconfig
|
|
|
|
|
%postun -n libgnutls%{gnutls_sover} -p /sbin/ldconfig
|
|
|
|
|
|
2015-03-30 19:32:11 +02:00
|
|
|
%if %{with dane}
|
|
|
|
|
%post -n libgnutls-dane%{gnutls_dane_sover} -p /sbin/ldconfig
|
|
|
|
|
%postun -n libgnutls-dane%{gnutls_dane_sover} -p /sbin/ldconfig
|
|
|
|
|
%endif
|
|
|
|
|
|
2011-08-24 13:44:12 +02:00
|
|
|
%post -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig
|
|
|
|
|
%postun -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig
|
2021-05-14 16:01:30 +02:00
|
|
|
|
2007-10-25 18:10:26 +02:00
|
|
|
%post -n libgnutls-devel
|
2007-01-16 00:15:20 +01:00
|
|
|
%install_info --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz
|
|
|
|
|
|
Accepting request 295655 from Base:System
- updated to 3.4.0 (released 2015-04-08)
** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251)
ciphersuites. The former are enabled by default, the latter need to be
explicitly enabled, since they reduce the overall security level.
** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following
draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10.
That is currently provided as technology preview and is not enabled by
default, since there are no assigned ciphersuite points by IETF and there
is no guarrantee of compatibility between draft versions. The ciphersuite
priority string to enable it is "+CHACHA20-POLY1305".
** libgnutls: Added support for encrypt-then-authenticate in CBC
ciphersuites (RFC7366 -taking into account its errata text). This is
enabled by default and can be disabled using the %NO_ETM priority
string.
** libgnutls: Added support for the extended master secret
(triple-handshake fix) following draft-ietf-tls-session-hash-02.
** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h).
** libgnutls: SSL 3.0 is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+VERS-SSL3.0".
** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+ARCFOUR-128".
** libgnutls: DSA signatures and DHE-DSS are no longer included in the
default priorities list. They have to be explicitly enabled, e.g., with
a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The
DSA ciphersuites were dropped because they had no deployment at all
on the internet, to justify their inclusion.
** libgnutls: The priority string EXPORT was completely removed. The string
OBS-URL: https://build.opensuse.org/request/show/295655
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=83
2015-04-18 10:38:18 +02:00
|
|
|
%preun -n libgnutls-devel
|
2007-01-16 00:15:20 +01:00
|
|
|
%install_info_delete --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz
|
|
|
|
|
|
2010-02-05 14:05:07 +01:00
|
|
|
%files -f libgnutls.lang
|
2018-02-28 19:55:27 +01:00
|
|
|
%license LICENSE
|
|
|
|
|
%doc THANKS README.md NEWS ChangeLog AUTHORS doc/TODO
|
2011-08-24 13:44:12 +02:00
|
|
|
%{_bindir}/certtool
|
|
|
|
|
%{_bindir}/gnutls-cli
|
|
|
|
|
%{_bindir}/gnutls-cli-debug
|
|
|
|
|
%{_bindir}/gnutls-serv
|
2012-05-21 10:25:22 +02:00
|
|
|
%{_bindir}/ocsptool
|
2011-08-24 13:44:12 +02:00
|
|
|
%{_bindir}/psktool
|
|
|
|
|
%{_bindir}/p11tool
|
|
|
|
|
%{_bindir}/srptool
|
2015-03-30 19:32:11 +02:00
|
|
|
%if %{with dane}
|
2013-07-01 15:54:42 +02:00
|
|
|
%{_bindir}/danetool
|
2015-03-30 19:32:11 +02:00
|
|
|
%endif
|
|
|
|
|
%if %{with tpm}
|
|
|
|
|
%{_bindir}/tpmtool
|
|
|
|
|
%endif
|
2011-08-24 13:44:12 +02:00
|
|
|
%{_mandir}/man1/*
|
|
|
|
|
|
|
|
|
|
%files -n libgnutls%{gnutls_sover}
|
|
|
|
|
%{_libdir}/libgnutls.so.%{gnutls_sover}*
|
2020-04-02 12:58:27 +02:00
|
|
|
|
|
|
|
|
%files -n libgnutls%{gnutls_sover}-hmac
|
2019-10-01 17:18:43 +02:00
|
|
|
%{_libdir}/.libgnutls.so.%{gnutls_sover}*.hmac
|
2015-03-30 19:32:11 +02:00
|
|
|
|
|
|
|
|
%if %{with dane}
|
|
|
|
|
%files -n libgnutls-dane%{gnutls_dane_sover}
|
|
|
|
|
%{_libdir}/libgnutls-dane.so.%{gnutls_dane_sover}*
|
|
|
|
|
%endif
|
2011-08-24 13:44:12 +02:00
|
|
|
|
|
|
|
|
%files -n libgnutlsxx%{gnutlsxx_sover}
|
|
|
|
|
%{_libdir}/libgnutlsxx.so.%{gnutlsxx_sover}*
|
|
|
|
|
|
2007-10-25 18:10:26 +02:00
|
|
|
%files -n libgnutls-devel
|
2011-08-24 13:44:12 +02:00
|
|
|
%dir %{_includedir}/%{name}
|
|
|
|
|
%{_includedir}/%{name}/abstract.h
|
|
|
|
|
%{_includedir}/%{name}/crypto.h
|
|
|
|
|
%{_includedir}/%{name}/compat.h
|
|
|
|
|
%{_includedir}/%{name}/dtls.h
|
|
|
|
|
%{_includedir}/%{name}/gnutls.h
|
|
|
|
|
%{_includedir}/%{name}/openpgp.h
|
2012-05-21 10:25:22 +02:00
|
|
|
%{_includedir}/%{name}/ocsp.h
|
2015-08-25 07:17:02 +02:00
|
|
|
%{_includedir}/%{name}/pkcs7.h
|
2011-08-24 13:44:12 +02:00
|
|
|
%{_includedir}/%{name}/pkcs11.h
|
|
|
|
|
%{_includedir}/%{name}/pkcs12.h
|
2015-03-30 19:32:11 +02:00
|
|
|
%{_includedir}/%{name}/self-test.h
|
2016-12-29 22:41:21 +01:00
|
|
|
%{_includedir}/%{name}/socket.h
|
2011-08-24 13:44:12 +02:00
|
|
|
%{_includedir}/%{name}/x509.h
|
2015-03-30 19:32:11 +02:00
|
|
|
%{_includedir}/%{name}/x509-ext.h
|
2013-07-01 15:54:42 +02:00
|
|
|
%{_includedir}/%{name}/tpm.h
|
Accepting request 295655 from Base:System
- updated to 3.4.0 (released 2015-04-08)
** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251)
ciphersuites. The former are enabled by default, the latter need to be
explicitly enabled, since they reduce the overall security level.
** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following
draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10.
That is currently provided as technology preview and is not enabled by
default, since there are no assigned ciphersuite points by IETF and there
is no guarrantee of compatibility between draft versions. The ciphersuite
priority string to enable it is "+CHACHA20-POLY1305".
** libgnutls: Added support for encrypt-then-authenticate in CBC
ciphersuites (RFC7366 -taking into account its errata text). This is
enabled by default and can be disabled using the %NO_ETM priority
string.
** libgnutls: Added support for the extended master secret
(triple-handshake fix) following draft-ietf-tls-session-hash-02.
** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h).
** libgnutls: SSL 3.0 is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+VERS-SSL3.0".
** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+ARCFOUR-128".
** libgnutls: DSA signatures and DHE-DSS are no longer included in the
default priorities list. They have to be explicitly enabled, e.g., with
a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The
DSA ciphersuites were dropped because they had no deployment at all
on the internet, to justify their inclusion.
** libgnutls: The priority string EXPORT was completely removed. The string
OBS-URL: https://build.opensuse.org/request/show/295655
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=83
2015-04-18 10:38:18 +02:00
|
|
|
%{_includedir}/%{name}/system-keys.h
|
|
|
|
|
%{_includedir}/%{name}/urls.h
|
2011-08-24 13:44:12 +02:00
|
|
|
%{_libdir}/libgnutls.so
|
|
|
|
|
%{_libdir}/pkgconfig/gnutls.pc
|
|
|
|
|
%{_mandir}/man3/*
|
2016-12-29 22:41:21 +01:00
|
|
|
%{_infodir}/*%{ext_info}
|
2012-11-28 10:29:35 +01:00
|
|
|
%doc %{_docdir}/libgnutls-devel
|
2008-02-28 01:56:17 +01:00
|
|
|
|
2016-02-24 14:25:15 +01:00
|
|
|
%if %{with dane}
|
|
|
|
|
%files -n libgnutls-dane-devel
|
|
|
|
|
%dir %{_includedir}/%{name}
|
|
|
|
|
%{_includedir}/%{name}/dane.h
|
|
|
|
|
%{_libdir}/pkgconfig/gnutls-dane.pc
|
|
|
|
|
%{_libdir}/libgnutls-dane.so
|
|
|
|
|
%endif
|
|
|
|
|
|
2011-08-24 13:44:12 +02:00
|
|
|
%files -n libgnutlsxx-devel
|
|
|
|
|
%{_libdir}/libgnutlsxx.so
|
|
|
|
|
%dir %{_includedir}/%{name}
|
|
|
|
|
%{_includedir}/%{name}/gnutlsxx.h
|
|
|
|
|
|
2016-05-04 08:17:29 +02:00
|
|
|
%if %{with guile}
|
|
|
|
|
%files guile
|
2021-02-10 17:11:35 +01:00
|
|
|
%{_libdir}/guile/*
|
|
|
|
|
%{_datadir}/guile/gnutls*
|
|
|
|
|
%endif
|
2016-05-04 08:17:29 +02:00
|
|
|
|
2007-04-17 00:33:13 +02:00
|
|
|
%changelog
|
