2007-01-16 00:15:20 +01:00
|
|
|
#
|
2011-06-16 09:57:04 +02:00
|
|
|
# spec file for package gnutls
|
2007-01-16 00:15:20 +01:00
|
|
|
#
|
Accepting request 947389 from home:pmonrealgonzalez:branches:security:tls
- Update to 3.7.3: [bsc#1190698, bsc#1190796]
* libgnutls: The allowlisting configuration mode has been added
to the system-wide settings. In this mode, all the algorithms
are initially marked as insecure or disabled, while the
applications can re-enable them either through the [overrides]
section of the configuration file or the new API (#1172).
* The build infrastructure no longer depends on GNU AutoGen for
generating command-line option handling, template file parsing
in certtool, and documentation generation (#773, #774). This
change also removes run-time or bundled dependency on the
libopts library, and requires Python 3.6 or later to regenerate
the distribution tarball. Note that this brings in known backward
incompatibility in command-line tools, such as long options are
now case sensitive, while previously they were treated in a case
insensitive manner: for example --RSA is no longer a valid option
of certtool. The existing scripts using GnuTLS tools may need
adjustment for this change.
* libgnutls: The tpm2-tss-engine compatible private blobs can be loaded
and used as a gnutls_privkey_t (#594). The code was originally written
for the OpenConnect VPN project by David Woodhouse. To generate such
blobs, use the tpm2tss-genkey tool from tpm2-tss-engine:
https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations
or the tpm2_encodeobject tool from unreleased tpm2-tools.
* libgnutls: The library now transparently enables Linux KTLS (kernel
TLS) when the feature is compiled in with --enable-ktls configuration
option (#1113). If the KTLS initialization fails it automatically falls
back to the user space implementation.
* certtool: The certtool command can now read the Certificate Transparency
(RFC 6962) SCT extension (#232). New API functions are also provided to
access and manipulate the extension values.
OBS-URL: https://build.opensuse.org/request/show/947389
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=57
2022-01-19 12:47:02 +01:00
|
|
|
# Copyright (c) 2022 SUSE LLC
|
2007-01-16 00:15:20 +01:00
|
|
|
#
|
2008-11-02 15:41:35 +01:00
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
|
2018-10-15 10:27:49 +02:00
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
2007-01-16 00:15:20 +01:00
|
|
|
#
|
|
|
|
|
|
2011-08-24 13:44:23 +02:00
|
|
|
|
Accepting request 295655 from Base:System
- updated to 3.4.0 (released 2015-04-08)
** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251)
ciphersuites. The former are enabled by default, the latter need to be
explicitly enabled, since they reduce the overall security level.
** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following
draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10.
That is currently provided as technology preview and is not enabled by
default, since there are no assigned ciphersuite points by IETF and there
is no guarrantee of compatibility between draft versions. The ciphersuite
priority string to enable it is "+CHACHA20-POLY1305".
** libgnutls: Added support for encrypt-then-authenticate in CBC
ciphersuites (RFC7366 -taking into account its errata text). This is
enabled by default and can be disabled using the %NO_ETM priority
string.
** libgnutls: Added support for the extended master secret
(triple-handshake fix) following draft-ietf-tls-session-hash-02.
** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h).
** libgnutls: SSL 3.0 is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+VERS-SSL3.0".
** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+ARCFOUR-128".
** libgnutls: DSA signatures and DHE-DSS are no longer included in the
default priorities list. They have to be explicitly enabled, e.g., with
a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The
DSA ciphersuites were dropped because they had no deployment at all
on the internet, to justify their inclusion.
** libgnutls: The priority string EXPORT was completely removed. The string
OBS-URL: https://build.opensuse.org/request/show/295655
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=83
2015-04-18 10:38:18 +02:00
|
|
|
%define gnutls_sover 30
|
2022-03-18 21:01:46 +01:00
|
|
|
%define gnutlsxx_sover 30
|
2017-08-29 11:40:38 +02:00
|
|
|
%define gnutls_dane_sover 0
|
2019-04-04 16:11:38 +02:00
|
|
|
# unbound isn't in SLE (bsc#1086428)
|
|
|
|
|
%if 0%{?is_opensuse}
|
2016-12-29 22:41:21 +01:00
|
|
|
%bcond_without dane
|
2018-04-10 09:48:38 +02:00
|
|
|
%else
|
|
|
|
|
%bcond_with dane
|
2018-03-30 11:56:05 +02:00
|
|
|
%endif
|
2021-06-01 14:42:43 +02:00
|
|
|
# Enable Linux kernel AF_ALG based acceleration
|
|
|
|
|
%if 0%{?suse_version} >= 1550
|
2022-05-16 10:07:25 +02:00
|
|
|
# disable for now, as our OBS builds do not work with it. Marcus 20220511
|
|
|
|
|
#bcond_without kcapi
|
|
|
|
|
%bcond_with kcapi
|
2021-06-01 14:42:43 +02:00
|
|
|
%else
|
|
|
|
|
%bcond_with kcapi
|
|
|
|
|
%endif
|
2016-12-29 22:41:21 +01:00
|
|
|
%bcond_with tpm
|
|
|
|
|
%bcond_without guile
|
2007-01-16 00:15:20 +01:00
|
|
|
Name: gnutls
|
2022-08-01 10:36:39 +02:00
|
|
|
Version: 3.7.7
|
2012-05-21 10:25:22 +02:00
|
|
|
Release: 0
|
2007-01-16 00:15:20 +01:00
|
|
|
Summary: The GNU Transport Layer Security Library
|
2021-05-14 16:01:30 +02:00
|
|
|
License: GPL-3.0-or-later AND LGPL-2.1-or-later
|
2007-01-16 00:15:20 +01:00
|
|
|
Group: Productivity/Networking/Security
|
2019-07-31 19:35:10 +02:00
|
|
|
URL: https://www.gnutls.org/
|
2021-02-02 18:34:55 +01:00
|
|
|
Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz
|
|
|
|
|
Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz.sig
|
|
|
|
|
Source2: gnutls.keyring
|
2013-07-01 15:54:42 +02:00
|
|
|
Source3: baselibs.conf
|
2020-12-05 18:16:13 +01:00
|
|
|
Patch0: gnutls-3.5.11-skip-trust-store-tests.patch
|
|
|
|
|
Patch1: gnutls-3.6.6-set_guile_site_dir.patch
|
Accepting request 947389 from home:pmonrealgonzalez:branches:security:tls
- Update to 3.7.3: [bsc#1190698, bsc#1190796]
* libgnutls: The allowlisting configuration mode has been added
to the system-wide settings. In this mode, all the algorithms
are initially marked as insecure or disabled, while the
applications can re-enable them either through the [overrides]
section of the configuration file or the new API (#1172).
* The build infrastructure no longer depends on GNU AutoGen for
generating command-line option handling, template file parsing
in certtool, and documentation generation (#773, #774). This
change also removes run-time or bundled dependency on the
libopts library, and requires Python 3.6 or later to regenerate
the distribution tarball. Note that this brings in known backward
incompatibility in command-line tools, such as long options are
now case sensitive, while previously they were treated in a case
insensitive manner: for example --RSA is no longer a valid option
of certtool. The existing scripts using GnuTLS tools may need
adjustment for this change.
* libgnutls: The tpm2-tss-engine compatible private blobs can be loaded
and used as a gnutls_privkey_t (#594). The code was originally written
for the OpenConnect VPN project by David Woodhouse. To generate such
blobs, use the tpm2tss-genkey tool from tpm2-tss-engine:
https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations
or the tpm2_encodeobject tool from unreleased tpm2-tools.
* libgnutls: The library now transparently enables Linux KTLS (kernel
TLS) when the feature is compiled in with --enable-ktls configuration
option (#1113). If the KTLS initialization fails it automatically falls
back to the user space implementation.
* certtool: The certtool command can now read the Certificate Transparency
(RFC 6962) SCT extension (#232). New API functions are also provided to
access and manipulate the extension values.
OBS-URL: https://build.opensuse.org/request/show/947389
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=57
2022-01-19 12:47:02 +01:00
|
|
|
Patch2: gnutls-FIPS-TLS_KDF_selftest.patch
|
2022-03-24 13:48:13 +01:00
|
|
|
Patch3: gnutls-FIPS-disable-failing-tests.patch
|
2022-09-14 10:41:21 +02:00
|
|
|
Patch4: gnutls_ECDSA_signing.patch
|
|
|
|
|
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
|
|
|
|
|
#PATCH-FIX-SUSE bsc#1202146 FIPS: Port gnutls to use jitterentropy
|
|
|
|
|
Patch5: gnutls-FIPS-jitterentropy.patch
|
|
|
|
|
%endif
|
|
|
|
|
#PATCH-FIX-SUSE bsc#1190698 FIPS: SLI gnutls_pbkdf2: verify keylengths and allow SHA only
|
|
|
|
|
Patch6: gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch
|
2015-08-25 07:17:02 +02:00
|
|
|
BuildRequires: autogen
|
2011-12-02 16:25:49 +01:00
|
|
|
BuildRequires: automake
|
2016-07-09 09:21:14 +02:00
|
|
|
BuildRequires: datefudge
|
2016-05-04 08:17:29 +02:00
|
|
|
BuildRequires: fdupes
|
2019-10-01 17:18:43 +02:00
|
|
|
BuildRequires: fipscheck
|
2011-08-24 13:44:12 +02:00
|
|
|
BuildRequires: gcc-c++
|
2017-09-12 19:38:08 +02:00
|
|
|
# The test suite calls /usr/bin/ss from iproute2. It's our own duty to ensure we have it present
|
|
|
|
|
BuildRequires: iproute2
|
2017-02-22 13:50:20 +01:00
|
|
|
BuildRequires: libidn2-devel
|
2021-02-02 18:34:55 +01:00
|
|
|
BuildRequires: libnettle-devel >= 3.6
|
2016-12-29 22:41:21 +01:00
|
|
|
BuildRequires: libtasn1-devel >= 4.9
|
2012-05-31 17:04:51 +02:00
|
|
|
BuildRequires: libtool
|
2016-12-29 22:41:21 +01:00
|
|
|
BuildRequires: libunistring-devel
|
2017-08-29 11:40:38 +02:00
|
|
|
BuildRequires: makeinfo
|
2016-12-29 22:41:21 +01:00
|
|
|
BuildRequires: p11-kit-devel >= 0.23.1
|
|
|
|
|
BuildRequires: pkgconfig
|
|
|
|
|
BuildRequires: xz
|
|
|
|
|
BuildRequires: zlib-devel
|
2019-07-31 19:35:10 +02:00
|
|
|
BuildRequires: pkgconfig(autoopts)
|
2021-06-01 14:42:43 +02:00
|
|
|
%if %{with kcapi}
|
|
|
|
|
BuildRequires: pkgconfig(libkcapi)
|
|
|
|
|
%endif
|
2016-10-10 16:16:31 +02:00
|
|
|
%if 0%{?suse_version} <= 1320
|
|
|
|
|
BuildRequires: net-tools
|
|
|
|
|
%else
|
2016-07-09 09:21:14 +02:00
|
|
|
BuildRequires: net-tools-deprecated
|
2016-10-10 16:16:31 +02:00
|
|
|
%endif
|
2015-03-30 19:32:11 +02:00
|
|
|
%if %{with tpm}
|
|
|
|
|
BuildRequires: trousers-devel
|
|
|
|
|
%endif
|
|
|
|
|
%if %{with dane}
|
2016-12-29 22:41:21 +01:00
|
|
|
Requires: libgnutls-dane%{gnutls_dane_sover} = %{version}
|
2016-10-10 16:16:31 +02:00
|
|
|
%if 0%{?suse_version} <= 1320
|
|
|
|
|
BuildRequires: unbound-devel
|
|
|
|
|
%else
|
2016-02-24 14:25:15 +01:00
|
|
|
BuildRequires: libunbound-devel
|
2016-10-10 16:16:31 +02:00
|
|
|
%endif
|
2015-03-30 19:32:11 +02:00
|
|
|
%endif
|
2016-05-04 08:17:29 +02:00
|
|
|
%if %{with guile}
|
2022-08-01 10:36:39 +02:00
|
|
|
BuildRequires: guile-devel > 1.8
|
2016-05-04 08:17:29 +02:00
|
|
|
%endif
|
Accepting request 947389 from home:pmonrealgonzalez:branches:security:tls
- Update to 3.7.3: [bsc#1190698, bsc#1190796]
* libgnutls: The allowlisting configuration mode has been added
to the system-wide settings. In this mode, all the algorithms
are initially marked as insecure or disabled, while the
applications can re-enable them either through the [overrides]
section of the configuration file or the new API (#1172).
* The build infrastructure no longer depends on GNU AutoGen for
generating command-line option handling, template file parsing
in certtool, and documentation generation (#773, #774). This
change also removes run-time or bundled dependency on the
libopts library, and requires Python 3.6 or later to regenerate
the distribution tarball. Note that this brings in known backward
incompatibility in command-line tools, such as long options are
now case sensitive, while previously they were treated in a case
insensitive manner: for example --RSA is no longer a valid option
of certtool. The existing scripts using GnuTLS tools may need
adjustment for this change.
* libgnutls: The tpm2-tss-engine compatible private blobs can be loaded
and used as a gnutls_privkey_t (#594). The code was originally written
for the OpenConnect VPN project by David Woodhouse. To generate such
blobs, use the tpm2tss-genkey tool from tpm2-tss-engine:
https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations
or the tpm2_encodeobject tool from unreleased tpm2-tools.
* libgnutls: The library now transparently enables Linux KTLS (kernel
TLS) when the feature is compiled in with --enable-ktls configuration
option (#1113). If the KTLS initialization fails it automatically falls
back to the user space implementation.
* certtool: The certtool command can now read the Certificate Transparency
(RFC 6962) SCT extension (#232). New API functions are also provided to
access and manipulate the extension values.
OBS-URL: https://build.opensuse.org/request/show/947389
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=57
2022-01-19 12:47:02 +01:00
|
|
|
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
|
|
|
|
|
BuildRequires: crypto-policies
|
2020-12-22 10:48:35 +01:00
|
|
|
Requires: crypto-policies
|
2022-09-14 10:41:21 +02:00
|
|
|
BuildRequires: jitterentropy-devel >= 3.4.0
|
|
|
|
|
Requires: libjitterentropy3 >= 3.4.0
|
2021-02-02 18:34:55 +01:00
|
|
|
%endif
|
2007-01-16 00:15:20 +01:00
|
|
|
|
|
|
|
|
%description
|
2017-08-29 11:40:38 +02:00
|
|
|
The GnuTLS library provides a secure layer over a reliable transport
|
|
|
|
|
layer. Currently the GnuTLS library implements the proposed standards
|
2019-04-08 11:25:11 +02:00
|
|
|
of the IETF's TLS working group.
|
2007-01-16 00:15:20 +01:00
|
|
|
|
2011-08-24 13:44:12 +02:00
|
|
|
%package -n libgnutls%{gnutls_sover}
|
2008-02-28 01:56:17 +01:00
|
|
|
Summary: The GNU Transport Layer Security Library
|
2022-05-16 10:07:25 +02:00
|
|
|
# install libgnutls and libgnutls-hmac close together (bsc#1090765)
|
2018-03-30 11:56:05 +02:00
|
|
|
License: LGPL-2.1-or-later
|
2017-08-29 11:40:38 +02:00
|
|
|
Group: System/Libraries
|
Accepting request 947389 from home:pmonrealgonzalez:branches:security:tls
- Update to 3.7.3: [bsc#1190698, bsc#1190796]
* libgnutls: The allowlisting configuration mode has been added
to the system-wide settings. In this mode, all the algorithms
are initially marked as insecure or disabled, while the
applications can re-enable them either through the [overrides]
section of the configuration file or the new API (#1172).
* The build infrastructure no longer depends on GNU AutoGen for
generating command-line option handling, template file parsing
in certtool, and documentation generation (#773, #774). This
change also removes run-time or bundled dependency on the
libopts library, and requires Python 3.6 or later to regenerate
the distribution tarball. Note that this brings in known backward
incompatibility in command-line tools, such as long options are
now case sensitive, while previously they were treated in a case
insensitive manner: for example --RSA is no longer a valid option
of certtool. The existing scripts using GnuTLS tools may need
adjustment for this change.
* libgnutls: The tpm2-tss-engine compatible private blobs can be loaded
and used as a gnutls_privkey_t (#594). The code was originally written
for the OpenConnect VPN project by David Woodhouse. To generate such
blobs, use the tpm2tss-genkey tool from tpm2-tss-engine:
https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations
or the tpm2_encodeobject tool from unreleased tpm2-tools.
* libgnutls: The library now transparently enables Linux KTLS (kernel
TLS) when the feature is compiled in with --enable-ktls configuration
option (#1113). If the KTLS initialization fails it automatically falls
back to the user space implementation.
* certtool: The certtool command can now read the Certificate Transparency
(RFC 6962) SCT extension (#232). New API functions are also provided to
access and manipulate the extension values.
OBS-URL: https://build.opensuse.org/request/show/947389
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=57
2022-01-19 12:47:02 +01:00
|
|
|
Suggests: libgnutls%{gnutls_sover}-hmac = %{version}-%{release}
|
|
|
|
|
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
|
2021-05-31 11:16:21 +02:00
|
|
|
Requires: crypto-policies
|
|
|
|
|
%endif
|
2008-02-28 01:56:17 +01:00
|
|
|
|
2011-08-24 13:44:12 +02:00
|
|
|
%description -n libgnutls%{gnutls_sover}
|
2017-08-29 11:40:38 +02:00
|
|
|
The GnuTLS library provides a secure layer over a reliable transport
|
|
|
|
|
layer. Currently the GnuTLS library implements the proposed standards
|
2019-04-08 11:25:11 +02:00
|
|
|
of the IETF's TLS working group.
|
2008-02-28 01:56:17 +01:00
|
|
|
|
2020-04-02 12:58:27 +02:00
|
|
|
%package -n libgnutls%{gnutls_sover}-hmac
|
|
|
|
|
Summary: Checksums of the GNU Transport Layer Security Library
|
|
|
|
|
License: LGPL-2.1-or-later
|
|
|
|
|
Group: System/Libraries
|
|
|
|
|
Requires: libgnutls%{gnutls_sover} = %{version}-%{release}
|
|
|
|
|
|
|
|
|
|
%description -n libgnutls%{gnutls_sover}-hmac
|
|
|
|
|
FIPS SHA256 checksums of the libgnutls library.
|
|
|
|
|
|
Accepting request 947389 from home:pmonrealgonzalez:branches:security:tls
- Update to 3.7.3: [bsc#1190698, bsc#1190796]
* libgnutls: The allowlisting configuration mode has been added
to the system-wide settings. In this mode, all the algorithms
are initially marked as insecure or disabled, while the
applications can re-enable them either through the [overrides]
section of the configuration file or the new API (#1172).
* The build infrastructure no longer depends on GNU AutoGen for
generating command-line option handling, template file parsing
in certtool, and documentation generation (#773, #774). This
change also removes run-time or bundled dependency on the
libopts library, and requires Python 3.6 or later to regenerate
the distribution tarball. Note that this brings in known backward
incompatibility in command-line tools, such as long options are
now case sensitive, while previously they were treated in a case
insensitive manner: for example --RSA is no longer a valid option
of certtool. The existing scripts using GnuTLS tools may need
adjustment for this change.
* libgnutls: The tpm2-tss-engine compatible private blobs can be loaded
and used as a gnutls_privkey_t (#594). The code was originally written
for the OpenConnect VPN project by David Woodhouse. To generate such
blobs, use the tpm2tss-genkey tool from tpm2-tss-engine:
https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations
or the tpm2_encodeobject tool from unreleased tpm2-tools.
* libgnutls: The library now transparently enables Linux KTLS (kernel
TLS) when the feature is compiled in with --enable-ktls configuration
option (#1113). If the KTLS initialization fails it automatically falls
back to the user space implementation.
* certtool: The certtool command can now read the Certificate Transparency
(RFC 6962) SCT extension (#232). New API functions are also provided to
access and manipulate the extension values.
OBS-URL: https://build.opensuse.org/request/show/947389
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=57
2022-01-19 12:47:02 +01:00
|
|
|
%if %{with dane}
|
2015-03-30 19:32:11 +02:00
|
|
|
%package -n libgnutls-dane%{gnutls_dane_sover}
|
2018-04-10 09:48:38 +02:00
|
|
|
Summary: DANE support for the GNU Transport Layer Security Library
|
2018-03-30 11:56:05 +02:00
|
|
|
License: LGPL-2.1-or-later
|
2018-04-10 09:48:38 +02:00
|
|
|
Group: System/Libraries
|
2015-03-30 19:32:11 +02:00
|
|
|
|
|
|
|
|
%description -n libgnutls-dane%{gnutls_dane_sover}
|
|
|
|
|
The GnuTLS project aims to develop a library that provides a secure
|
2016-12-29 22:41:21 +01:00
|
|
|
layer over a reliable transport layer.
|
2015-03-30 19:32:11 +02:00
|
|
|
This package contains the "DANE" part of gnutls.
|
Accepting request 947389 from home:pmonrealgonzalez:branches:security:tls
- Update to 3.7.3: [bsc#1190698, bsc#1190796]
* libgnutls: The allowlisting configuration mode has been added
to the system-wide settings. In this mode, all the algorithms
are initially marked as insecure or disabled, while the
applications can re-enable them either through the [overrides]
section of the configuration file or the new API (#1172).
* The build infrastructure no longer depends on GNU AutoGen for
generating command-line option handling, template file parsing
in certtool, and documentation generation (#773, #774). This
change also removes run-time or bundled dependency on the
libopts library, and requires Python 3.6 or later to regenerate
the distribution tarball. Note that this brings in known backward
incompatibility in command-line tools, such as long options are
now case sensitive, while previously they were treated in a case
insensitive manner: for example --RSA is no longer a valid option
of certtool. The existing scripts using GnuTLS tools may need
adjustment for this change.
* libgnutls: The tpm2-tss-engine compatible private blobs can be loaded
and used as a gnutls_privkey_t (#594). The code was originally written
for the OpenConnect VPN project by David Woodhouse. To generate such
blobs, use the tpm2tss-genkey tool from tpm2-tss-engine:
https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations
or the tpm2_encodeobject tool from unreleased tpm2-tools.
* libgnutls: The library now transparently enables Linux KTLS (kernel
TLS) when the feature is compiled in with --enable-ktls configuration
option (#1113). If the KTLS initialization fails it automatically falls
back to the user space implementation.
* certtool: The certtool command can now read the Certificate Transparency
(RFC 6962) SCT extension (#232). New API functions are also provided to
access and manipulate the extension values.
OBS-URL: https://build.opensuse.org/request/show/947389
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=57
2022-01-19 12:47:02 +01:00
|
|
|
%endif
|
2015-03-30 19:32:11 +02:00
|
|
|
|
2011-08-24 13:44:12 +02:00
|
|
|
%package -n libgnutlsxx%{gnutlsxx_sover}
|
2017-08-29 11:40:38 +02:00
|
|
|
Summary: C++ API for the GNU Transport Layer Security Library
|
2018-03-30 11:56:05 +02:00
|
|
|
License: LGPL-2.1-or-later
|
2017-08-29 11:40:38 +02:00
|
|
|
Group: System/Libraries
|
Accepting request 947389 from home:pmonrealgonzalez:branches:security:tls
- Update to 3.7.3: [bsc#1190698, bsc#1190796]
* libgnutls: The allowlisting configuration mode has been added
to the system-wide settings. In this mode, all the algorithms
are initially marked as insecure or disabled, while the
applications can re-enable them either through the [overrides]
section of the configuration file or the new API (#1172).
* The build infrastructure no longer depends on GNU AutoGen for
generating command-line option handling, template file parsing
in certtool, and documentation generation (#773, #774). This
change also removes run-time or bundled dependency on the
libopts library, and requires Python 3.6 or later to regenerate
the distribution tarball. Note that this brings in known backward
incompatibility in command-line tools, such as long options are
now case sensitive, while previously they were treated in a case
insensitive manner: for example --RSA is no longer a valid option
of certtool. The existing scripts using GnuTLS tools may need
adjustment for this change.
* libgnutls: The tpm2-tss-engine compatible private blobs can be loaded
and used as a gnutls_privkey_t (#594). The code was originally written
for the OpenConnect VPN project by David Woodhouse. To generate such
blobs, use the tpm2tss-genkey tool from tpm2-tss-engine:
https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations
or the tpm2_encodeobject tool from unreleased tpm2-tools.
* libgnutls: The library now transparently enables Linux KTLS (kernel
TLS) when the feature is compiled in with --enable-ktls configuration
option (#1113). If the KTLS initialization fails it automatically falls
back to the user space implementation.
* certtool: The certtool command can now read the Certificate Transparency
(RFC 6962) SCT extension (#232). New API functions are also provided to
access and manipulate the extension values.
OBS-URL: https://build.opensuse.org/request/show/947389
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=57
2022-01-19 12:47:02 +01:00
|
|
|
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
|
2021-05-31 11:16:21 +02:00
|
|
|
Requires: crypto-policies
|
|
|
|
|
%endif
|
2008-02-28 01:56:17 +01:00
|
|
|
|
2011-08-24 13:44:12 +02:00
|
|
|
%description -n libgnutlsxx%{gnutlsxx_sover}
|
2017-08-29 11:40:38 +02:00
|
|
|
The GnuTLS library provides a secure layer over a reliable transport
|
2019-04-08 11:25:11 +02:00
|
|
|
layer. Currently the GnuTLS library implements the proposed standards
|
|
|
|
|
of the IETF's TLS working group.
|
2007-10-25 18:10:26 +02:00
|
|
|
|
|
|
|
|
%package -n libgnutls-devel
|
2017-08-29 11:40:38 +02:00
|
|
|
Summary: Development package for the GnuTLS C API
|
2018-03-30 11:56:05 +02:00
|
|
|
License: LGPL-2.1-or-later
|
2007-08-03 16:29:06 +02:00
|
|
|
Group: Development/Libraries/C and C++
|
2011-08-24 13:44:12 +02:00
|
|
|
Requires: glibc-devel
|
2021-05-31 11:16:21 +02:00
|
|
|
Requires: gnutls = %{version}
|
2011-08-24 13:44:12 +02:00
|
|
|
Requires: libgnutls%{gnutls_sover} = %{version}
|
2012-05-22 10:11:29 +02:00
|
|
|
Provides: gnutls-devel = %{version}-%{release}
|
2022-03-09 11:49:43 +01:00
|
|
|
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
|
|
|
|
|
Requires: crypto-policies
|
|
|
|
|
%endif
|
2008-02-28 01:56:17 +01:00
|
|
|
|
|
|
|
|
%description -n libgnutls-devel
|
|
|
|
|
Files needed for software development using gnutls.
|
|
|
|
|
|
Accepting request 947389 from home:pmonrealgonzalez:branches:security:tls
- Update to 3.7.3: [bsc#1190698, bsc#1190796]
* libgnutls: The allowlisting configuration mode has been added
to the system-wide settings. In this mode, all the algorithms
are initially marked as insecure or disabled, while the
applications can re-enable them either through the [overrides]
section of the configuration file or the new API (#1172).
* The build infrastructure no longer depends on GNU AutoGen for
generating command-line option handling, template file parsing
in certtool, and documentation generation (#773, #774). This
change also removes run-time or bundled dependency on the
libopts library, and requires Python 3.6 or later to regenerate
the distribution tarball. Note that this brings in known backward
incompatibility in command-line tools, such as long options are
now case sensitive, while previously they were treated in a case
insensitive manner: for example --RSA is no longer a valid option
of certtool. The existing scripts using GnuTLS tools may need
adjustment for this change.
* libgnutls: The tpm2-tss-engine compatible private blobs can be loaded
and used as a gnutls_privkey_t (#594). The code was originally written
for the OpenConnect VPN project by David Woodhouse. To generate such
blobs, use the tpm2tss-genkey tool from tpm2-tss-engine:
https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations
or the tpm2_encodeobject tool from unreleased tpm2-tools.
* libgnutls: The library now transparently enables Linux KTLS (kernel
TLS) when the feature is compiled in with --enable-ktls configuration
option (#1113). If the KTLS initialization fails it automatically falls
back to the user space implementation.
* certtool: The certtool command can now read the Certificate Transparency
(RFC 6962) SCT extension (#232). New API functions are also provided to
access and manipulate the extension values.
OBS-URL: https://build.opensuse.org/request/show/947389
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=57
2022-01-19 12:47:02 +01:00
|
|
|
%if %{with dane}
|
2016-02-24 14:25:15 +01:00
|
|
|
%package -n libgnutls-dane-devel
|
2017-08-29 11:40:38 +02:00
|
|
|
Summary: Development package for GnuTLS DANE component
|
2018-03-30 11:56:05 +02:00
|
|
|
License: LGPL-2.1-or-later
|
2016-02-24 14:25:15 +01:00
|
|
|
Group: Development/Libraries/C and C++
|
|
|
|
|
Requires: libgnutls-dane%{gnutls_dane_sover} = %{version}
|
|
|
|
|
|
|
|
|
|
%description -n libgnutls-dane-devel
|
|
|
|
|
Files needed for software development using gnutls.
|
Accepting request 947389 from home:pmonrealgonzalez:branches:security:tls
- Update to 3.7.3: [bsc#1190698, bsc#1190796]
* libgnutls: The allowlisting configuration mode has been added
to the system-wide settings. In this mode, all the algorithms
are initially marked as insecure or disabled, while the
applications can re-enable them either through the [overrides]
section of the configuration file or the new API (#1172).
* The build infrastructure no longer depends on GNU AutoGen for
generating command-line option handling, template file parsing
in certtool, and documentation generation (#773, #774). This
change also removes run-time or bundled dependency on the
libopts library, and requires Python 3.6 or later to regenerate
the distribution tarball. Note that this brings in known backward
incompatibility in command-line tools, such as long options are
now case sensitive, while previously they were treated in a case
insensitive manner: for example --RSA is no longer a valid option
of certtool. The existing scripts using GnuTLS tools may need
adjustment for this change.
* libgnutls: The tpm2-tss-engine compatible private blobs can be loaded
and used as a gnutls_privkey_t (#594). The code was originally written
for the OpenConnect VPN project by David Woodhouse. To generate such
blobs, use the tpm2tss-genkey tool from tpm2-tss-engine:
https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations
or the tpm2_encodeobject tool from unreleased tpm2-tools.
* libgnutls: The library now transparently enables Linux KTLS (kernel
TLS) when the feature is compiled in with --enable-ktls configuration
option (#1113). If the KTLS initialization fails it automatically falls
back to the user space implementation.
* certtool: The certtool command can now read the Certificate Transparency
(RFC 6962) SCT extension (#232). New API functions are also provided to
access and manipulate the extension values.
OBS-URL: https://build.opensuse.org/request/show/947389
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=57
2022-01-19 12:47:02 +01:00
|
|
|
%endif
|
2016-02-24 14:25:15 +01:00
|
|
|
|
2011-08-24 13:44:12 +02:00
|
|
|
%package -n libgnutlsxx-devel
|
2017-08-29 11:40:38 +02:00
|
|
|
Summary: Development package for the GnuTLS C++ API
|
2018-03-30 11:56:05 +02:00
|
|
|
License: LGPL-2.1-or-later
|
2011-08-24 13:44:12 +02:00
|
|
|
Group: Development/Libraries/C and C++
|
|
|
|
|
Requires: libgnutls-devel = %{version}
|
2012-05-21 10:25:22 +02:00
|
|
|
Requires: libgnutlsxx%{gnutlsxx_sover} = %{version}
|
2011-08-24 13:44:12 +02:00
|
|
|
Requires: libstdc++-devel
|
|
|
|
|
|
|
|
|
|
%description -n libgnutlsxx-devel
|
|
|
|
|
Files needed for software development using gnutls.
|
|
|
|
|
|
2021-02-02 18:34:55 +01:00
|
|
|
%if %{with guile}
|
2016-05-04 08:17:29 +02:00
|
|
|
%package guile
|
|
|
|
|
Summary: Guile wrappers for gnutls
|
2018-03-30 11:56:05 +02:00
|
|
|
License: LGPL-2.1-or-later
|
2016-05-04 08:17:29 +02:00
|
|
|
Group: Development/Libraries/Other
|
2022-08-01 10:36:39 +02:00
|
|
|
Requires: guile > 1.8
|
2016-05-04 08:17:29 +02:00
|
|
|
|
|
|
|
|
%description guile
|
2017-08-29 11:40:38 +02:00
|
|
|
GnuTLS Wrappers for GNU Guile, a dialect of Scheme.
|
2021-02-02 18:34:55 +01:00
|
|
|
%endif
|
2008-02-28 01:56:17 +01:00
|
|
|
|
2007-01-16 00:15:20 +01:00
|
|
|
%prep
|
2020-04-02 12:58:27 +02:00
|
|
|
%autosetup -p1
|
2007-01-16 00:15:20 +01:00
|
|
|
|
2021-02-02 18:34:55 +01:00
|
|
|
echo "SYSTEM=NORMAL" >> tests/system.prio
|
|
|
|
|
|
2007-01-16 00:15:20 +01:00
|
|
|
%build
|
2022-03-09 11:49:43 +01:00
|
|
|
export LDFLAGS="-pie -Wl,-z,now -Wl,-z,relro"
|
2016-12-29 22:41:21 +01:00
|
|
|
export CFLAGS="%{optflags} -fPIE"
|
|
|
|
|
export CXXFLAGS="%{optflags} -fPIE"
|
2018-08-23 09:10:46 +02:00
|
|
|
#autoreconf -fiv
|
2011-08-24 13:44:12 +02:00
|
|
|
%configure \
|
2013-07-09 20:49:54 +02:00
|
|
|
gl_cv_func_printf_directive_n=yes \
|
|
|
|
|
gl_cv_func_printf_infinite_long_double=yes \
|
2011-08-24 13:44:12 +02:00
|
|
|
--disable-static \
|
2011-10-11 17:16:18 +02:00
|
|
|
--disable-rpath \
|
2022-03-09 11:49:43 +01:00
|
|
|
--disable-gcc-warnings \
|
2011-10-11 17:16:18 +02:00
|
|
|
--disable-silent-rules \
|
2021-06-01 14:42:43 +02:00
|
|
|
%{?with_kcapi:--enable-afalg} \
|
2020-12-22 10:48:35 +01:00
|
|
|
--with-default-trust-store-dir=%{_localstatedir}/lib/ca-certificates/pem \
|
2020-12-05 18:16:13 +01:00
|
|
|
--with-system-priority-file=%{_sysconfdir}/crypto-policies/back-ends/gnutls.config \
|
|
|
|
|
--with-default-priority-string="@SYSTEM" \
|
2015-03-30 19:32:11 +02:00
|
|
|
--with-sysroot=/%{?_sysroot} \
|
|
|
|
|
%if %{without tpm}
|
|
|
|
|
--without-tpm \
|
|
|
|
|
%endif
|
|
|
|
|
%if %{with dane}
|
2016-12-29 22:41:21 +01:00
|
|
|
--with-unbound-root-key-file=%{_localstatedir}/lib/unbound/root.key \
|
2015-03-30 19:32:11 +02:00
|
|
|
%else
|
|
|
|
|
--disable-libdane \
|
Accepting request 947389 from home:pmonrealgonzalez:branches:security:tls
- Update to 3.7.3: [bsc#1190698, bsc#1190796]
* libgnutls: The allowlisting configuration mode has been added
to the system-wide settings. In this mode, all the algorithms
are initially marked as insecure or disabled, while the
applications can re-enable them either through the [overrides]
section of the configuration file or the new API (#1172).
* The build infrastructure no longer depends on GNU AutoGen for
generating command-line option handling, template file parsing
in certtool, and documentation generation (#773, #774). This
change also removes run-time or bundled dependency on the
libopts library, and requires Python 3.6 or later to regenerate
the distribution tarball. Note that this brings in known backward
incompatibility in command-line tools, such as long options are
now case sensitive, while previously they were treated in a case
insensitive manner: for example --RSA is no longer a valid option
of certtool. The existing scripts using GnuTLS tools may need
adjustment for this change.
* libgnutls: The tpm2-tss-engine compatible private blobs can be loaded
and used as a gnutls_privkey_t (#594). The code was originally written
for the OpenConnect VPN project by David Woodhouse. To generate such
blobs, use the tpm2tss-genkey tool from tpm2-tss-engine:
https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations
or the tpm2_encodeobject tool from unreleased tpm2-tools.
* libgnutls: The library now transparently enables Linux KTLS (kernel
TLS) when the feature is compiled in with --enable-ktls configuration
option (#1113). If the KTLS initialization fails it automatically falls
back to the user space implementation.
* certtool: The certtool command can now read the Certificate Transparency
(RFC 6962) SCT extension (#232). New API functions are also provided to
access and manipulate the extension values.
OBS-URL: https://build.opensuse.org/request/show/947389
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=57
2022-01-19 12:47:02 +01:00
|
|
|
%endif
|
|
|
|
|
%if %{with guile}
|
|
|
|
|
--enable-guile \
|
|
|
|
|
%else
|
|
|
|
|
--disable-guile \
|
Accepting request 295655 from Base:System
- updated to 3.4.0 (released 2015-04-08)
** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251)
ciphersuites. The former are enabled by default, the latter need to be
explicitly enabled, since they reduce the overall security level.
** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following
draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10.
That is currently provided as technology preview and is not enabled by
default, since there are no assigned ciphersuite points by IETF and there
is no guarrantee of compatibility between draft versions. The ciphersuite
priority string to enable it is "+CHACHA20-POLY1305".
** libgnutls: Added support for encrypt-then-authenticate in CBC
ciphersuites (RFC7366 -taking into account its errata text). This is
enabled by default and can be disabled using the %NO_ETM priority
string.
** libgnutls: Added support for the extended master secret
(triple-handshake fix) following draft-ietf-tls-session-hash-02.
** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h).
** libgnutls: SSL 3.0 is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+VERS-SSL3.0".
** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+ARCFOUR-128".
** libgnutls: DSA signatures and DHE-DSS are no longer included in the
default priorities list. They have to be explicitly enabled, e.g., with
a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The
DSA ciphersuites were dropped because they had no deployment at all
on the internet, to justify their inclusion.
** libgnutls: The priority string EXPORT was completely removed. The string
OBS-URL: https://build.opensuse.org/request/show/295655
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=83
2015-04-18 10:38:18 +02:00
|
|
|
%endif
|
2017-09-25 13:50:29 +02:00
|
|
|
--enable-fips140-mode \
|
Accepting request 947389 from home:pmonrealgonzalez:branches:security:tls
- Update to 3.7.3: [bsc#1190698, bsc#1190796]
* libgnutls: The allowlisting configuration mode has been added
to the system-wide settings. In this mode, all the algorithms
are initially marked as insecure or disabled, while the
applications can re-enable them either through the [overrides]
section of the configuration file or the new API (#1172).
* The build infrastructure no longer depends on GNU AutoGen for
generating command-line option handling, template file parsing
in certtool, and documentation generation (#773, #774). This
change also removes run-time or bundled dependency on the
libopts library, and requires Python 3.6 or later to regenerate
the distribution tarball. Note that this brings in known backward
incompatibility in command-line tools, such as long options are
now case sensitive, while previously they were treated in a case
insensitive manner: for example --RSA is no longer a valid option
of certtool. The existing scripts using GnuTLS tools may need
adjustment for this change.
* libgnutls: The tpm2-tss-engine compatible private blobs can be loaded
and used as a gnutls_privkey_t (#594). The code was originally written
for the OpenConnect VPN project by David Woodhouse. To generate such
blobs, use the tpm2tss-genkey tool from tpm2-tss-engine:
https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations
or the tpm2_encodeobject tool from unreleased tpm2-tools.
* libgnutls: The library now transparently enables Linux KTLS (kernel
TLS) when the feature is compiled in with --enable-ktls configuration
option (#1113). If the KTLS initialization fails it automatically falls
back to the user space implementation.
* certtool: The certtool command can now read the Certificate Transparency
(RFC 6962) SCT extension (#232). New API functions are also provided to
access and manipulate the extension values.
OBS-URL: https://build.opensuse.org/request/show/947389
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=57
2022-01-19 12:47:02 +01:00
|
|
|
--with-fips140-module-name="GnuTLS version" \
|
|
|
|
|
--with-fips140-module-version="%{version}-%{release}" \
|
2020-12-22 10:48:35 +01:00
|
|
|
%{nil}
|
2022-05-30 10:08:31 +02:00
|
|
|
%make_build
|
2007-01-16 00:15:20 +01:00
|
|
|
|
|
|
|
|
%install
|
2011-08-24 13:44:12 +02:00
|
|
|
%make_install
|
|
|
|
|
rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot
|
2007-10-25 18:10:26 +02:00
|
|
|
# Do not package static libs and libtool files
|
2016-12-29 22:41:21 +01:00
|
|
|
find %{buildroot} -type f -name "*.la" -delete -print
|
2012-11-28 10:29:35 +01:00
|
|
|
|
2021-05-14 16:01:30 +02:00
|
|
|
# Compute FIPS hmac using the brp-50-generate-fips-hmac script
|
|
|
|
|
export BRP_FIPSHMAC_FILES=%{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover}
|
|
|
|
|
|
2012-11-28 10:29:35 +01:00
|
|
|
# install docs
|
2016-12-29 22:41:21 +01:00
|
|
|
mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/
|
2019-07-31 19:35:10 +02:00
|
|
|
cp doc/gnutls.html doc/*.png %{buildroot}%{_docdir}/libgnutls-devel/
|
2016-12-29 22:41:21 +01:00
|
|
|
mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/examples
|
|
|
|
|
cp doc/examples/*.{c,h} %{buildroot}%{_docdir}/libgnutls-devel/examples/
|
2012-11-28 10:29:35 +01:00
|
|
|
|
2016-05-04 08:17:29 +02:00
|
|
|
# PNG files are replaced with the compressed files and that breaks
|
|
|
|
|
# deduplication, this is workaround
|
2017-05-06 18:25:05 +02:00
|
|
|
find %{buildroot}%{_datadir} -name '*.png' -exec gzip -n -9 {} +
|
2017-08-29 11:40:38 +02:00
|
|
|
rm -rf %{buildroot}%{_datadir}/doc/gnutls
|
2016-05-04 08:17:29 +02:00
|
|
|
%fdupes -s %{buildroot}%{_datadir}
|
|
|
|
|
|
2011-08-24 13:44:12 +02:00
|
|
|
%find_lang libgnutls --all-name
|
2007-01-16 00:15:20 +01:00
|
|
|
|
2012-11-28 10:29:35 +01:00
|
|
|
%check
|
2012-12-03 09:36:19 +01:00
|
|
|
%if ! 0%{?qemu_user_space_build}
|
2022-05-30 10:08:31 +02:00
|
|
|
%make_build check GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null || {
|
2017-08-29 11:40:38 +02:00
|
|
|
find -name test-suite.log -print -exec cat {} +
|
2015-04-28 20:42:20 +02:00
|
|
|
exit 1
|
|
|
|
|
}
|
2022-03-24 13:48:13 +01:00
|
|
|
#Run the regression tests also in FIPS mode
|
|
|
|
|
GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null || {
|
|
|
|
|
find -name test-suite.log -print -exec cat {} +
|
|
|
|
|
exit 1
|
|
|
|
|
}
|
2012-12-03 09:36:19 +01:00
|
|
|
%endif
|
2012-11-28 10:29:35 +01:00
|
|
|
|
2011-08-24 13:44:12 +02:00
|
|
|
%post -n libgnutls%{gnutls_sover} -p /sbin/ldconfig
|
|
|
|
|
%postun -n libgnutls%{gnutls_sover} -p /sbin/ldconfig
|
|
|
|
|
|
2015-03-30 19:32:11 +02:00
|
|
|
%if %{with dane}
|
|
|
|
|
%post -n libgnutls-dane%{gnutls_dane_sover} -p /sbin/ldconfig
|
|
|
|
|
%postun -n libgnutls-dane%{gnutls_dane_sover} -p /sbin/ldconfig
|
|
|
|
|
%endif
|
|
|
|
|
|
2011-08-24 13:44:12 +02:00
|
|
|
%post -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig
|
|
|
|
|
%postun -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig
|
2021-05-14 16:01:30 +02:00
|
|
|
|
2010-02-05 14:05:07 +01:00
|
|
|
%files -f libgnutls.lang
|
2018-02-28 19:55:27 +01:00
|
|
|
%license LICENSE
|
|
|
|
|
%doc THANKS README.md NEWS ChangeLog AUTHORS doc/TODO
|
2011-08-24 13:44:12 +02:00
|
|
|
%{_bindir}/certtool
|
|
|
|
|
%{_bindir}/gnutls-cli
|
|
|
|
|
%{_bindir}/gnutls-cli-debug
|
|
|
|
|
%{_bindir}/gnutls-serv
|
2012-05-21 10:25:22 +02:00
|
|
|
%{_bindir}/ocsptool
|
2011-08-24 13:44:12 +02:00
|
|
|
%{_bindir}/psktool
|
|
|
|
|
%{_bindir}/p11tool
|
|
|
|
|
%{_bindir}/srptool
|
2015-03-30 19:32:11 +02:00
|
|
|
%if %{with dane}
|
2013-07-01 15:54:42 +02:00
|
|
|
%{_bindir}/danetool
|
2015-03-30 19:32:11 +02:00
|
|
|
%endif
|
|
|
|
|
%if %{with tpm}
|
|
|
|
|
%{_bindir}/tpmtool
|
|
|
|
|
%endif
|
2011-08-24 13:44:12 +02:00
|
|
|
%{_mandir}/man1/*
|
|
|
|
|
|
|
|
|
|
%files -n libgnutls%{gnutls_sover}
|
2022-05-30 10:08:31 +02:00
|
|
|
%license LICENSE
|
2011-08-24 13:44:12 +02:00
|
|
|
%{_libdir}/libgnutls.so.%{gnutls_sover}*
|
2020-04-02 12:58:27 +02:00
|
|
|
|
|
|
|
|
%files -n libgnutls%{gnutls_sover}-hmac
|
2022-05-30 10:08:31 +02:00
|
|
|
%license LICENSE
|
2019-10-01 17:18:43 +02:00
|
|
|
%{_libdir}/.libgnutls.so.%{gnutls_sover}*.hmac
|
2015-03-30 19:32:11 +02:00
|
|
|
|
|
|
|
|
%if %{with dane}
|
|
|
|
|
%files -n libgnutls-dane%{gnutls_dane_sover}
|
2022-05-30 10:08:31 +02:00
|
|
|
%license LICENSE
|
2015-03-30 19:32:11 +02:00
|
|
|
%{_libdir}/libgnutls-dane.so.%{gnutls_dane_sover}*
|
|
|
|
|
%endif
|
2011-08-24 13:44:12 +02:00
|
|
|
|
|
|
|
|
%files -n libgnutlsxx%{gnutlsxx_sover}
|
2022-05-30 10:08:31 +02:00
|
|
|
%license LICENSE
|
2011-08-24 13:44:12 +02:00
|
|
|
%{_libdir}/libgnutlsxx.so.%{gnutlsxx_sover}*
|
|
|
|
|
|
2007-10-25 18:10:26 +02:00
|
|
|
%files -n libgnutls-devel
|
2022-05-30 10:08:31 +02:00
|
|
|
%license LICENSE
|
2011-08-24 13:44:12 +02:00
|
|
|
%dir %{_includedir}/%{name}
|
|
|
|
|
%{_includedir}/%{name}/abstract.h
|
|
|
|
|
%{_includedir}/%{name}/crypto.h
|
|
|
|
|
%{_includedir}/%{name}/compat.h
|
|
|
|
|
%{_includedir}/%{name}/dtls.h
|
|
|
|
|
%{_includedir}/%{name}/gnutls.h
|
|
|
|
|
%{_includedir}/%{name}/openpgp.h
|
2012-05-21 10:25:22 +02:00
|
|
|
%{_includedir}/%{name}/ocsp.h
|
2015-08-25 07:17:02 +02:00
|
|
|
%{_includedir}/%{name}/pkcs7.h
|
2011-08-24 13:44:12 +02:00
|
|
|
%{_includedir}/%{name}/pkcs11.h
|
|
|
|
|
%{_includedir}/%{name}/pkcs12.h
|
2015-03-30 19:32:11 +02:00
|
|
|
%{_includedir}/%{name}/self-test.h
|
2016-12-29 22:41:21 +01:00
|
|
|
%{_includedir}/%{name}/socket.h
|
2011-08-24 13:44:12 +02:00
|
|
|
%{_includedir}/%{name}/x509.h
|
2015-03-30 19:32:11 +02:00
|
|
|
%{_includedir}/%{name}/x509-ext.h
|
2013-07-01 15:54:42 +02:00
|
|
|
%{_includedir}/%{name}/tpm.h
|
Accepting request 295655 from Base:System
- updated to 3.4.0 (released 2015-04-08)
** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251)
ciphersuites. The former are enabled by default, the latter need to be
explicitly enabled, since they reduce the overall security level.
** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following
draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10.
That is currently provided as technology preview and is not enabled by
default, since there are no assigned ciphersuite points by IETF and there
is no guarrantee of compatibility between draft versions. The ciphersuite
priority string to enable it is "+CHACHA20-POLY1305".
** libgnutls: Added support for encrypt-then-authenticate in CBC
ciphersuites (RFC7366 -taking into account its errata text). This is
enabled by default and can be disabled using the %NO_ETM priority
string.
** libgnutls: Added support for the extended master secret
(triple-handshake fix) following draft-ietf-tls-session-hash-02.
** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h).
** libgnutls: SSL 3.0 is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+VERS-SSL3.0".
** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+ARCFOUR-128".
** libgnutls: DSA signatures and DHE-DSS are no longer included in the
default priorities list. They have to be explicitly enabled, e.g., with
a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The
DSA ciphersuites were dropped because they had no deployment at all
on the internet, to justify their inclusion.
** libgnutls: The priority string EXPORT was completely removed. The string
OBS-URL: https://build.opensuse.org/request/show/295655
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=83
2015-04-18 10:38:18 +02:00
|
|
|
%{_includedir}/%{name}/system-keys.h
|
|
|
|
|
%{_includedir}/%{name}/urls.h
|
2011-08-24 13:44:12 +02:00
|
|
|
%{_libdir}/libgnutls.so
|
|
|
|
|
%{_libdir}/pkgconfig/gnutls.pc
|
|
|
|
|
%{_mandir}/man3/*
|
2016-12-29 22:41:21 +01:00
|
|
|
%{_infodir}/*%{ext_info}
|
2012-11-28 10:29:35 +01:00
|
|
|
%doc %{_docdir}/libgnutls-devel
|
2008-02-28 01:56:17 +01:00
|
|
|
|
2016-02-24 14:25:15 +01:00
|
|
|
%if %{with dane}
|
|
|
|
|
%files -n libgnutls-dane-devel
|
2022-05-30 10:08:31 +02:00
|
|
|
%license LICENSE
|
2016-02-24 14:25:15 +01:00
|
|
|
%dir %{_includedir}/%{name}
|
|
|
|
|
%{_includedir}/%{name}/dane.h
|
|
|
|
|
%{_libdir}/pkgconfig/gnutls-dane.pc
|
|
|
|
|
%{_libdir}/libgnutls-dane.so
|
|
|
|
|
%endif
|
|
|
|
|
|
2011-08-24 13:44:12 +02:00
|
|
|
%files -n libgnutlsxx-devel
|
2022-05-30 10:08:31 +02:00
|
|
|
%license LICENSE
|
2011-08-24 13:44:12 +02:00
|
|
|
%{_libdir}/libgnutlsxx.so
|
|
|
|
|
%dir %{_includedir}/%{name}
|
|
|
|
|
%{_includedir}/%{name}/gnutlsxx.h
|
|
|
|
|
|
2016-05-04 08:17:29 +02:00
|
|
|
%if %{with guile}
|
|
|
|
|
%files guile
|
2022-05-30 10:08:31 +02:00
|
|
|
%license LICENSE
|
2021-02-10 17:11:35 +01:00
|
|
|
%{_libdir}/guile/*
|
|
|
|
|
%{_datadir}/guile/gnutls*
|
|
|
|
|
%endif
|
2016-05-04 08:17:29 +02:00
|
|
|
|
2007-04-17 00:33:13 +02:00
|
|
|
%changelog
|
