pool/gnutls
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 222335 from Base:System

Browse Source 
- Upgraded to 3.2.11
  ** libgnutls: Tolerate servers that send the SUPPORTED ECC extension.
  ** libgnutls: Reduced the TLS and DTLS version requirements for all
     ciphersuites that are not GCM.
  ** libgnutls: When two initial keywords are specified then treat the
     second as having the '+' modifier.
  ** libgnutls:  When using a PKCS #11 module for verification ensure that
     it has been marked a trusted policy module in p11-kit. Moreover, when an
     empty (i.e., "pkcs11:") URL is specified, then try all trusted modules
     in the system for verification.
     http://p11-glue.freedesktop.org/doc/p11-kit/pkcs11-conf.html
  ** libgnutls: Fixed bug that prevented the rejection of v1 intermediate
     CA certificates. Reported and investigated by Suman Jana.
     CVE-2014-1959 / bnc#863989
  ** certtool: Added the --ask-pass option.
- gnutls-3.2.10-supported-ecc.patch: upstreamed
- gnutls-fix-missing-ipv6.patch: upstreamed

- Upgrade to 3.1.20 (released 2014-01-31)
  ** libgnutls: fixed null pointer derefence when printing a certificate
     DN and an LDAP description isn't present.
  ** libgnutls: gnutls_db_check_entry_time will correctly report the time;
     report and patch by Jonathan Roudiere.
- Upgrade to 3.2.9 (released 2014-01-24)
  ** libgnutls: The %DUMBFW option in priority string only
     appends data to client hello if the expected size is in the
     "black hole" range.
  ** libgnutls: %COMPAT implies %DUMBFW.
  ** libgnutls: gnutls_session_get_desc() returns a more compact
     ciphersuite description.

OBS-URL: https://build.opensuse.org/request/show/222335
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=69
This commit is contained in:
Stephan Kulow 2014-02-19 08:09:49 +00:00 committed by Git OBS Bridge
parent f088877e49
commit b35c84d979
8 changed files with 94 additions and 885 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
gnutls-3.2.11.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b844c58a72d6930abbda42129f4051dbf97f91754bea3514931173e3d01cf3c1
size 5135168

BIN
gnutls-3.2.11.tar.xz.sig Normal file
View File

Binary file not shown.

862
gnutls-3.2.8-noecc.patch
View File

@ -1,862 +0,0 @@
Index: gnutls-3.2.8/lib/algorithms/publickey.c
===================================================================
--- gnutls-3.2.8.orig/lib/algorithms/publickey.c
+++ gnutls-3.2.8/lib/algorithms/publickey.c
@@ -48,8 +48,10 @@ static const gnutls_pk_map pk_mappings[]
{GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
{GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
{GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
+#ifdef ENABLE_ECC
{GNUTLS_KX_ECDHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
{GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EC, CIPHER_SIGN},
+#endif
{GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
{GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
{GNUTLS_KX_RSA_PSK, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
@@ -96,7 +98,9 @@ static const gnutls_pk_entry pk_algorith
{"DSA", PK_DSA_OID, GNUTLS_PK_DSA},
{"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, GNUTLS_PK_UNKNOWN},
{"GOST R 34.10-94", PK_GOST_R3410_94_OID, GNUTLS_PK_UNKNOWN},
+#ifdef ENABLE_ECC
{"EC", "1.2.840.10045.2.1", GNUTLS_PK_EC},
+#endif
{0, 0, 0}
};
Index: gnutls-3.2.8/lib/auth/cert.c
===================================================================
--- gnutls-3.2.8.orig/lib/auth/cert.c
+++ gnutls-3.2.8/lib/auth/cert.c
@@ -65,7 +65,12 @@ static gnutls_privkey_t alloc_and_load_p
key, int deinit);
#endif
+#ifdef ENABLE_ECC
#define MAX_CLIENT_SIGN_ALGOS 3
+#else
+#define MAX_CLIENT_SIGN_ALGOS 2
+#endif
+
#define CERTTYPE_SIZE (MAX_CLIENT_SIGN_ALGOS+1)
typedef enum CertificateSigType
{ RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64
@@ -1397,8 +1402,10 @@ _gnutls_check_supported_sign_algo(Certif
return GNUTLS_PK_RSA;
case DSA_SIGN:
return GNUTLS_PK_DSA;
+#ifdef ENABLE_ECC
case ECDSA_SIGN:
return GNUTLS_PK_EC;
+#endif
}
return -1;
@@ -1675,7 +1682,9 @@ _gnutls_gen_cert_server_cert_req(gnutls_
tmp_data[0] = CERTTYPE_SIZE - 1;
tmp_data[1] = RSA_SIGN;
tmp_data[2] = DSA_SIGN;
+#ifdef ENABLE_ECC
tmp_data[3] = ECDSA_SIGN; /* only these for now */
+#endif
ret = _gnutls_buffer_append_data(data, tmp_data, CERTTYPE_SIZE);
if (ret < 0)
Index: gnutls-3.2.8/lib/auth/dhe_psk.c
===================================================================
--- gnutls-3.2.8.orig/lib/auth/dhe_psk.c
+++ gnutls-3.2.8/lib/auth/dhe_psk.c
@@ -93,6 +93,7 @@ const mod_auth_st ecdhe_psk_auth_struct
};
#endif
+#ifdef ENABLE_ECDHE
static int
gen_ecdhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
@@ -136,6 +137,7 @@ gen_ecdhe_psk_client_kx(gnutls_session_t
return ret;
}
+#endif
static int
gen_dhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data)
@@ -231,6 +233,7 @@ gen_dhe_psk_server_kx(gnutls_session_t s
return ret;
}
+#ifdef ENABLE_ECDHE
static int
gen_ecdhe_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
@@ -255,7 +258,7 @@ gen_ecdhe_psk_server_kx(gnutls_session_t
return ret;
}
-
+#endif
static int
proc_dhe_psk_client_kx(gnutls_session_t session, uint8_t * data,
@@ -333,7 +336,7 @@ proc_dhe_psk_client_kx(gnutls_session_t
return ret;
}
-
+#ifdef ENABLE_ECDHE
static int
proc_ecdhe_psk_client_kx(gnutls_session_t session, uint8_t * data,
size_t _data_size)
@@ -397,6 +400,7 @@ proc_ecdhe_psk_client_kx(gnutls_session_
return ret;
}
+#endif
static int
proc_dhe_psk_server_kx(gnutls_session_t session, uint8_t * data,
@@ -428,6 +432,7 @@ proc_dhe_psk_server_kx(gnutls_session_t
return 0;
}
+#ifdef ENABLE_ECDHE
static int
proc_ecdhe_psk_server_kx(gnutls_session_t session, uint8_t * data,
size_t _data_size)
@@ -457,5 +462,6 @@ proc_ecdhe_psk_server_kx(gnutls_session_
return 0;
}
+#endif
#endif /* ENABLE_PSK */
Index: gnutls-3.2.8/lib/ext/ecc.c
===================================================================
--- gnutls-3.2.8.orig/lib/ext/ecc.c
+++ gnutls-3.2.8/lib/ext/ecc.c
@@ -36,6 +36,7 @@
* extensions draft.
*/
+#ifdef ENABLE_ECC
static int _gnutls_supported_ecc_recv_params(gnutls_session_t session,
const uint8_t * data,
size_t data_size);
@@ -285,3 +286,4 @@ _gnutls_session_supports_ecc_curve(gnutl
return GNUTLS_E_ECC_UNSUPPORTED_CURVE;
}
+#endif
Index: gnutls-3.2.8/lib/gnutls_extensions.c
===================================================================
--- gnutls-3.2.8.orig/lib/gnutls_extensions.c
+++ gnutls-3.2.8/lib/gnutls_extensions.c
@@ -345,6 +345,7 @@ int _gnutls_ext_init(void)
if (ret != GNUTLS_E_SUCCESS)
return ret;
+#ifdef ENABLE_ECC
ret = _gnutls_ext_register(&ext_mod_supported_ecc);
if (ret != GNUTLS_E_SUCCESS)
return ret;
@@ -352,6 +353,7 @@ int _gnutls_ext_init(void)
ret = _gnutls_ext_register(&ext_mod_supported_ecc_pf);
if (ret != GNUTLS_E_SUCCESS)
return ret;
+#endif
ret = _gnutls_ext_register(&ext_mod_sig);
if (ret != GNUTLS_E_SUCCESS)
Index: gnutls-3.2.8/lib/gnutls_priority.c
===================================================================
--- gnutls-3.2.8.orig/lib/gnutls_priority.c
+++ gnutls-3.2.8/lib/gnutls_priority.c
@@ -231,6 +231,7 @@ gnutls_certificate_type_set_priority(gnu
}
static const int supported_ecc_normal[] = {
+#ifdef ENABLE_ECC
#ifdef ENABLE_NON_SUITEB_CURVES
GNUTLS_ECC_CURVE_SECP192R1,
GNUTLS_ECC_CURVE_SECP224R1,
@@ -238,30 +239,39 @@ static const int supported_ecc_normal[]
GNUTLS_ECC_CURVE_SECP256R1,
GNUTLS_ECC_CURVE_SECP384R1,
GNUTLS_ECC_CURVE_SECP521R1,
+#endif
0
};
static const int supported_ecc_secure128[] = {
+#ifdef ENABLE_ECC
GNUTLS_ECC_CURVE_SECP256R1,
GNUTLS_ECC_CURVE_SECP384R1,
GNUTLS_ECC_CURVE_SECP521R1,
+#endif
0
};
static const int supported_ecc_suiteb128[] = {
+#ifdef ENABLE_ECC
GNUTLS_ECC_CURVE_SECP256R1,
GNUTLS_ECC_CURVE_SECP384R1,
+#endif
0
};
static const int supported_ecc_suiteb192[] = {
+#ifdef ENABLE_ECC
GNUTLS_ECC_CURVE_SECP384R1,
+#endif
0
};
static const int supported_ecc_secure192[] = {
+#ifdef ENABLE_ECC
GNUTLS_ECC_CURVE_SECP384R1,
GNUTLS_ECC_CURVE_SECP521R1,
+#endif
0
};
@@ -412,51 +422,75 @@ static const int comp_priority[] = {
static const int sign_priority_default[] = {
GNUTLS_SIGN_RSA_SHA256,
GNUTLS_SIGN_DSA_SHA256,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA256,
+#endif
GNUTLS_SIGN_RSA_SHA384,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA384,
+#endif
GNUTLS_SIGN_RSA_SHA512,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA512,
+#endif
GNUTLS_SIGN_RSA_SHA224,
GNUTLS_SIGN_DSA_SHA224,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA224,
+#endif
GNUTLS_SIGN_RSA_SHA1,
GNUTLS_SIGN_DSA_SHA1,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA1,
+#endif
0
};
static const int sign_priority_suiteb128[] = {
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA256,
GNUTLS_SIGN_ECDSA_SHA384,
+#endif
0
};
static const int sign_priority_suiteb192[] = {
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA384,
+#endif
0
};
static const int sign_priority_secure128[] = {
GNUTLS_SIGN_RSA_SHA256,
GNUTLS_SIGN_DSA_SHA256,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA256,
+#endif
GNUTLS_SIGN_RSA_SHA384,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA384,
+#endif
GNUTLS_SIGN_RSA_SHA512,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA512,
+#endif
0
};
static const int sign_priority_secure192[] = {
GNUTLS_SIGN_RSA_SHA384,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA384,
+#endif
GNUTLS_SIGN_RSA_SHA512,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA512,
+#endif
0
};
Index: gnutls-3.2.8/lib/nettle/pk.c
===================================================================
--- gnutls-3.2.8.orig/lib/nettle/pk.c
+++ gnutls-3.2.8/lib/nettle/pk.c
@@ -148,6 +148,7 @@ static int _wrap_nettle_pk_derive(gnutls
int ret;
switch (algo) {
+#ifdef ENABLE_ECC
case GNUTLS_PK_EC:
{
struct ecc_scalar ecc_priv;
@@ -193,6 +194,7 @@ static int _wrap_nettle_pk_derive(gnutls
goto cleanup;
break;
}
+#endif
default:
gnutls_assert();
ret = GNUTLS_E_INTERNAL_ERROR;
@@ -348,6 +350,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm
const mac_entry_st *me;
switch (algo) {
+#ifdef ENABLE_ECC
case GNUTLS_PK_EC: /* we do ECDSA */
{
struct ecc_scalar priv;
@@ -396,6 +399,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm
}
break;
}
+#endif
case GNUTLS_PK_DSA:
{
struct dsa_public_key pub;
@@ -500,6 +504,7 @@ _wrap_nettle_pk_verify(gnutls_pk_algorit
bigint_t tmp[2] = { NULL, NULL };
switch (algo) {
+#ifdef ENABLE_ECC
case GNUTLS_PK_EC: /* ECDSA */
{
struct ecc_point pub;
@@ -546,6 +551,7 @@ _wrap_nettle_pk_verify(gnutls_pk_algorit
ecc_point_clear(&pub);
break;
}
+#endif
case GNUTLS_PK_DSA:
{
struct dsa_public_key pub;
@@ -759,6 +765,7 @@ wrap_nettle_pk_generate_params(gnutls_pk
break;
}
+#ifdef ENABLE_ECC
case GNUTLS_PK_EC:
{
struct ecc_scalar key;
@@ -805,6 +812,7 @@ wrap_nettle_pk_generate_params(gnutls_pk
break;
}
+#endif
default:
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
@@ -946,6 +954,7 @@ wrap_nettle_pk_verify_params(gnutls_pk_a
}
break;
+#ifdef ENABLE_ECC
case GNUTLS_PK_EC:
{
struct ecc_point r, pub;
@@ -1014,6 +1023,7 @@ wrap_nettle_pk_verify_params(gnutls_pk_a
ecc_point_clear(&pub);
}
break;
+#endif
default:
ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
}
@@ -1173,6 +1183,7 @@ static int wrap_nettle_hash_algorithm(gn
ret = 0;
break;
+
case GNUTLS_PK_RSA:
if (sig == NULL) { /* return a sensible algorithm */
if (hash_algo)
Index: gnutls-3.2.8/lib/algorithms/kx.c
===================================================================
--- gnutls-3.2.8.orig/lib/algorithms/kx.c
+++ gnutls-3.2.8/lib/algorithms/kx.c
@@ -28,9 +28,11 @@
extern mod_auth_st rsa_auth_struct;
extern mod_auth_st dhe_rsa_auth_struct;
+#ifdef ENABLE_ECC
extern mod_auth_st ecdhe_rsa_auth_struct;
extern mod_auth_st ecdhe_psk_auth_struct;
extern mod_auth_st ecdhe_ecdsa_auth_struct;
+#endif
extern mod_auth_st dhe_dss_auth_struct;
extern mod_auth_st anon_auth_struct;
extern mod_auth_st anon_ecdh_auth_struct;
@@ -57,10 +59,12 @@ static const gnutls_cred_map cred_mappin
{GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
{GNUTLS_KX_ANON_ECDH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
{GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
+#ifdef ENABLE_ECDHE
{GNUTLS_KX_ECDHE_RSA, GNUTLS_CRD_CERTIFICATE,
GNUTLS_CRD_CERTIFICATE},
{GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CRD_CERTIFICATE,
GNUTLS_CRD_CERTIFICATE},
+#endif
{GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE,
GNUTLS_CRD_CERTIFICATE},
{GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE,
@@ -68,7 +72,9 @@ static const gnutls_cred_map cred_mappin
{GNUTLS_KX_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
{GNUTLS_KX_DHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
{GNUTLS_KX_RSA_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_CERTIFICATE},
+#ifdef ENABLE_ECDHE
{GNUTLS_KX_ECDHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
+#endif
{GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP},
{GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
{GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
@@ -102,7 +108,7 @@ static const gnutls_kx_algo_entry _gnutl
{"DHE-RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1},
{"DHE-DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1},
#endif
-#ifdef ENABLE_ECDHE
+#if defined(ENABLE_ECDHE) && defined(ENABLE_ECC)
{"ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, &ecdhe_rsa_auth_struct, 0},
{"ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, &ecdhe_ecdsa_auth_struct,
0},
@@ -119,7 +125,7 @@ static const gnutls_kx_algo_entry _gnutl
{"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct,
1 /* needs DHE params */ },
#endif
-#ifdef ENABLE_ECDHE
+#if defined(ENABLE_ECDHE) && defined(ENABLE_ECC)
{"ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, &ecdhe_psk_auth_struct, 0},
#endif
#endif
Index: gnutls-3.2.8/lib/auth/ecdhe.c
===================================================================
--- gnutls-3.2.8.orig/lib/auth/ecdhe.c
+++ gnutls-3.2.8/lib/auth/ecdhe.c
@@ -50,7 +50,7 @@ static int
proc_ecdhe_client_kx(gnutls_session_t session,
uint8_t * data, size_t _data_size);
-#if defined(ENABLE_ECDHE)
+#if defined(ENABLE_ECDHE) && defined(ENABLE_ECC)
const mod_auth_st ecdhe_ecdsa_auth_struct = {
"ECDHE_ECDSA",
_gnutls_gen_cert_server_crt,
Index: gnutls-3.2.8/tests/cert-tests/dane
===================================================================
--- gnutls-3.2.8.orig/tests/cert-tests/dane
+++ gnutls-3.2.8/tests/cert-tests/dane
@@ -22,6 +22,8 @@
set -e
+exit 77
+
srcdir=${srcdir:-.}
DANETOOL=${DANETOOL:-../../src/danetool$EXEEXT}
DIFF=${DIFF:-diff}
Index: gnutls-3.2.8/tests/dtls/dtls
===================================================================
--- gnutls-3.2.8.orig/tests/dtls/dtls
+++ gnutls-3.2.8/tests/dtls/dtls
@@ -22,9 +22,7 @@
set -e
-if test "${WINDIR}" != "";then
- exit 77
-fi
+exit 77
./dtls-stress -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished
./dtls-stress -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone
Index: gnutls-3.2.8/tests/dtls/dtls-nb
===================================================================
--- gnutls-3.2.8.orig/tests/dtls/dtls-nb
+++ gnutls-3.2.8/tests/dtls/dtls-nb
@@ -22,9 +22,7 @@
set -e
-if test "${WINDIR}" != "";then
- exit 77
-fi
+exit 77
./dtls-stress -nb -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished
./dtls-stress -nb -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone
Index: gnutls-3.2.8/tests/ecdsa/ecdsa
===================================================================
--- gnutls-3.2.8.orig/tests/ecdsa/ecdsa
+++ gnutls-3.2.8/tests/ecdsa/ecdsa
@@ -22,6 +22,8 @@
#set -e
+exit 77
+
srcdir=${srcdir:-.}
CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
Index: gnutls-3.2.8/tests/mini-alpn.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-alpn.c
+++ gnutls-3.2.8/tests/mini-alpn.c
@@ -25,7 +25,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32) || !defined(ENABLE_ALPN)
+#if defined(_WIN32) || !defined(ENABLE_ALPN) || !defined(ENABLE_ECDH)
int main(int argc, char **argv)
{
Index: gnutls-3.2.8/tests/mini-dtls-heartbeat.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-dtls-heartbeat.c
+++ gnutls-3.2.8/tests/mini-dtls-heartbeat.c
@@ -27,7 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT)
+#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT) || !defined(ENABLE_ECC)
int main()
{
Index: gnutls-3.2.8/tests/mini-dtls-hello-verify.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-dtls-hello-verify.c
+++ gnutls-3.2.8/tests/mini-dtls-hello-verify.c
@@ -27,7 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32)
+#if defined(_WIN32) || !defined(ENABLE_ECDH)
int main()
{
Index: gnutls-3.2.8/tests/mini-dtls-large.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-dtls-large.c
+++ gnutls-3.2.8/tests/mini-dtls-large.c
@@ -25,7 +25,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT)
+#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT) || !defined(ENABLE_ECC)
int main()
{
@@ -179,8 +179,12 @@ static void server(int fd)
/* avoid calling all the priority functions, since the defaults
* are adequate.
*/
+#ifdef ENABLE_ECDH
gnutls_priority_set_direct(session,
"NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
+#else
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+#endif
NULL);
gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
Index: gnutls-3.2.8/tests/mini-dtls-record.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-dtls-record.c
+++ gnutls-3.2.8/tests/mini-dtls-record.c
@@ -29,7 +29,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32)
+#if defined(_WIN32) || !defined(ENABLE_ECC)
int main()
{
Index: gnutls-3.2.8/tests/mini-dtls-rehandshake.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-dtls-rehandshake.c
+++ gnutls-3.2.8/tests/mini-dtls-rehandshake.c
@@ -27,7 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32)
+#if defined(_WIN32) || !defined(ENABLE_ECC)
int main()
{
Index: gnutls-3.2.8/tests/mini-dtls-srtp.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-dtls-srtp.c
+++ gnutls-3.2.8/tests/mini-dtls-srtp.c
@@ -27,7 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32) || !defined(ENABLE_DTLS_SRTP)
+#if defined(_WIN32) || !defined(ENABLE_DTLS_SRTP) || !defined(ENABLE_ECC)
int main(int argc, char **argv)
{
Index: gnutls-3.2.8/tests/mini-handshake-timeout.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-handshake-timeout.c
+++ gnutls-3.2.8/tests/mini-handshake-timeout.c
@@ -28,7 +28,7 @@
#include <stdlib.h>
#include <string.h>
-#if defined(_WIN32)
+#if defined(_WIN32) || !defined(ENABLE_ECC)
int main()
{
@@ -136,7 +136,11 @@ static void initialize_tls_session(gnutl
/* avoid calling all the priority functions, since the defaults
* are adequate.
*/
- gnutls_priority_set_direct(*session, "NORMAL:+ANON-ECDH", NULL);
+#ifdef ENABLE_ECC
+ gnutls_priority_set_direct (session, "NORMAL:+ANON-ECDH", NULL);
+#else
+ gnutls_priority_set_direct (session, "NORMAL:+ANON-DH", NULL);
+#endif
}
static void server(int fd, int wait)
Index: gnutls-3.2.8/tests/mini-loss-time.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-loss-time.c
+++ gnutls-3.2.8/tests/mini-loss-time.c
@@ -28,7 +28,7 @@
#include <stdlib.h>
#include <string.h>
-#if defined(_WIN32)
+#if defined(_WIN32) || !defined(ENABLE_ECC)
int main()
{
Index: gnutls-3.2.8/tests/mini-record-2.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-record-2.c
+++ gnutls-3.2.8/tests/mini-record-2.c
@@ -340,22 +340,22 @@ static void start(const char *prio, int
}
}
-#define AES_CBC "NONE:+VERS-TLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL"
-#define AES_CBC_SHA256 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL"
-#define AES_GCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL"
-
-#define ARCFOUR_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL"
-#define ARCFOUR_MD5 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL:+RSA"
-
-#define NULL_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+NULL:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+RSA:+CURVE-ALL"
-
-#define NEW_AES_CBC "NONE:+VERS-TLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL:%NEW_PADDING"
-#define NEW_ARCFOUR_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL:%NEW_PADDING"
-#define NEW_AES_CBC_SHA256 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL:%NEW_PADDING"
-#define NEW_AES_GCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL:%NEW_PADDING"
+#define AES_CBC "NONE:+VERS-TLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL"
+#define AES_CBC_SHA256 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL"
+#define AES_GCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL"
+
+#define ARCFOUR_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL"
+#define ARCFOUR_MD5 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL:+RSA"
+
+#define NULL_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+NULL:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL"
+
+#define NEW_AES_CBC "NONE:+VERS-TLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL:%NEW_PADDING"
+#define NEW_ARCFOUR_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL:%NEW_PADDING"
+#define NEW_AES_CBC_SHA256 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL:%NEW_PADDING"
+#define NEW_AES_GCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL:%NEW_PADDING"
-#define ARCFOUR_SHA1_ZLIB "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-DEFLATE:+ANON-ECDH:+CURVE-ALL"
-#define NEW_ARCFOUR_SHA1_ZLIB "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-DEFLATE:+ANON-ECDH:+CURVE-ALL:%NEW_PADDING"
+#define ARCFOUR_SHA1_ZLIB "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-DEFLATE:+RSA:+CURVE-ALL"
+#define NEW_ARCFOUR_SHA1_ZLIB "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-DEFLATE:+RSA:+CURVE-ALL:%NEW_PADDING"
static void ch_handler(int sig)
{
Index: gnutls-3.2.8/tests/mini-record-range.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-record-range.c
+++ gnutls-3.2.8/tests/mini-record-range.c
@@ -27,7 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32)
+#if defined(_WIN32) || !defined(ENABLE_ECC)
int main()
{
Index: gnutls-3.2.8/tests/mini-record.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-record.c
+++ gnutls-3.2.8/tests/mini-record.c
@@ -27,8 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32)
-
+#if defined(_WIN32) || !defined(ENABLE_ECC)
int main()
{
exit(77);
Index: gnutls-3.2.8/tests/mini-x509-callbacks.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-x509-callbacks.c
+++ gnutls-3.2.8/tests/mini-x509-callbacks.c
@@ -57,8 +57,13 @@ unsigned int msg_order[] = {
GNUTLS_HANDSHAKE_CLIENT_HELLO,
GNUTLS_HANDSHAKE_SERVER_HELLO,
GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
+#ifndef ENABLE_ECC
+ /*Sent: CERTIFICATE REQUEST, expected SERVER KEY EXCHANGE*/
+ GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST,
+#else
GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE,
GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST,
+#endif
GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE,
Index: gnutls-3.2.8/tests/mini-xssl.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-xssl.c
+++ gnutls-3.2.8/tests/mini-xssl.c
@@ -27,7 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32) || !defined(ENABLE_NON_SUITEB_CURVES)
+#if defined(_WIN32) || !defined(ENABLE_ECC)
int main()
{
Index: gnutls-3.2.8/tests/pkcs12_simple.c
===================================================================
--- gnutls-3.2.8.orig/tests/pkcs12_simple.c
+++ gnutls-3.2.8/tests/pkcs12_simple.c
@@ -49,6 +49,10 @@ void doit(void)
gnutls_x509_privkey_t pkey;
int ret;
+#ifndef ENABLE_ECC
+ exit(77);
+#endif
+
ret = global_init();
if (ret < 0)
fail("global_init failed %d\n", ret);
Index: gnutls-3.2.8/tests/priorities.c
===================================================================
--- gnutls-3.2.8.orig/tests/priorities.c
+++ gnutls-3.2.8/tests/priorities.c
@@ -71,8 +71,7 @@ try_prio(const char *prio, unsigned expe
fprintf(stderr, "%s\n",
gnutls_cipher_get_name(t[i]));
#endif
- fail("expected %d ciphers, found %d\n", expected_ciphers,
- ret);
+ fail("%s: expected %d ciphers, found %d\n", prio, expected_ciphers, ret);
exit(1);
}
@@ -84,28 +83,42 @@ try_prio(const char *prio, unsigned expe
success("finished: %s\n", prio);
if (count != expected_cs) {
- fail("expected %d ciphersuites, found %d\n", expected_cs,
- count);
+ fail("%s: expected %d ciphersuites, found %d\n", prio, expected_cs, count);
exit(1);
}
}
void doit(void)
{
+#ifdef ENABLE_ECC
const int normal = 66;
const int null = 5;
const int sec128 = 56;
-
+#else
+ const int normal = 42;
+ const int null = 3;
+ const int sec128 = 36;
+#endif
try_prio("NORMAL", normal, 10);
try_prio("NORMAL:-MAC-ALL:+MD5:+MAC-ALL", normal, 10);
try_prio("NORMAL:+CIPHER-ALL", normal, 10); /* all (except null) */
try_prio("NORMAL:-CIPHER-ALL:+NULL", null, 1); /* null */
try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL", normal + null, 11); /* should be null + all */
+#ifdef ENABLE_ECC
try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 10, 1); /* should be null + all */
+#else
+ try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 6, 1); /* should be null + all */
+#endif
try_prio("PERFORMANCE", normal, 10);
+#ifdef ENABLE_ECC
try_prio("SECURE256", 20, 4);
+#else
+ try_prio("SECURE256", 12, 4);
+#endif
try_prio("SECURE128", sec128, 8);
try_prio("SECURE128:+SECURE256", sec128, 8); /* should be the same as SECURE128 */
try_prio("SECURE128:+SECURE256:+NORMAL", normal, 10); /* should be the same as NORMAL */
+#ifdef ENABLE_ECC
try_prio("SUITEB192", 1, 1);
+#endif
}
Index: gnutls-3.2.8/tests/slow/keygen.c
===================================================================
--- gnutls-3.2.8.orig/tests/slow/keygen.c
+++ gnutls-3.2.8/tests/slow/keygen.c
@@ -62,6 +62,11 @@ void doit(void)
if (algorithm == GNUTLS_PK_DH)
continue;
+#ifndef ENABLE_ECC
+ if (algorithm == GNUTLS_PK_EC)
+ continue;
+#endif
+
ret = gnutls_x509_privkey_init(&pkey);
if (ret < 0) {
fail("gnutls_x509_privkey_init: %d\n",
Index: gnutls-3.2.8/tests/srp/mini-srp.c
===================================================================
--- gnutls-3.2.8.orig/tests/srp/mini-srp.c
+++ gnutls-3.2.8/tests/srp/mini-srp.c
@@ -27,7 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32)
+#if defined(_WIN32) || !defined(ENABLE_SRP)
int main()
{

3
gnutls-3.2.8.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:144156f4140400df2bd9303dab69f44099113a3b46780737734affe93782d94d
size 5135984

BIN
gnutls-3.2.8.tar.xz.sig
View File

Binary file not shown.

26
gnutls-implement-trust-store-dir-3.2.8.diff
View File

@ -1,8 +1,8 @@
Index: gnutls-3.2.8/configure.ac
Index: gnutls-3.2.10/configure.ac
===================================================================
--- gnutls-3.2.8.orig/configure.ac
+++ gnutls-3.2.8/configure.ac
@@ -457,6 +457,25 @@ if test "$with_default_trust_store_file"
--- gnutls-3.2.10.orig/configure.ac
+++ gnutls-3.2.10/configure.ac
@@ -466,6 +466,25 @@ if test "$with_default_trust_store_file"
with_default_trust_store_file=""
fi
@ -28,7 +28,7 @@ Index: gnutls-3.2.8/configure.ac
AC_ARG_WITH([default-crl-file],
[AS_HELP_STRING([--with-default-crl-file=FILE],
[use the given CRL file as default])])
@@ -470,6 +489,11 @@ if test "x$with_default_trust_store_file
@@ -479,6 +498,11 @@ if test "x$with_default_trust_store_file
["$with_default_trust_store_file"], [use the given file default trust store])
fi
@ -40,19 +40,19 @@ Index: gnutls-3.2.8/configure.ac
if test "x$with_default_crl_file" != x; then
AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE],
["$with_default_crl_file"], [use the given CRL file])
@@ -761,6 +785,7 @@ AC_MSG_NOTICE([System files:
@@ -770,6 +794,7 @@ AC_MSG_NOTICE([System files:
Trust store pkcs: $with_default_trust_store_pkcs11
Trust store pkcs11: $with_default_trust_store_pkcs11
Trust store file: $with_default_trust_store_file
+ Trust store dir: $with_default_trust_store_dir
Blacklist file: $with_default_blacklist_file
CRL file: $with_default_crl_file
DNSSEC root key file: $unbound_root_key_file
Index: gnutls-3.2.8/lib/system.c
Index: gnutls-3.2.10/lib/system.c
===================================================================
--- gnutls-3.2.8.orig/lib/system.c
+++ gnutls-3.2.8/lib/system.c
@@ -357,7 +357,45 @@ int _gnutls_find_config_path(char *path,
--- gnutls-3.2.10.orig/lib/system.c
+++ gnutls-3.2.10/lib/system.c
@@ -364,7 +364,45 @@ int _gnutls_find_config_path(char *path,
return 0;
}
@ -99,7 +99,7 @@ Index: gnutls-3.2.8/lib/system.c
static
int
add_system_trust(gnutls_x509_trust_list_t list,
@@ -393,6 +431,12 @@ add_system_trust(gnutls_x509_trust_list_
@@ -400,6 +438,12 @@ add_system_trust(gnutls_x509_trust_list_
r += ret;
#endif
@ -112,7 +112,7 @@ Index: gnutls-3.2.8/lib/system.c
#ifdef DEFAULT_BLACKLIST_FILE
ret = gnutls_x509_trust_list_remove_trust_file(list, DEFAULT_BLACKLIST_FILE, GNUTLS_X509_FMT_PEM);
if (ret < 0) {
@@ -467,41 +511,6 @@ int add_system_trust(gnutls_x509_trust_l
@@ -474,41 +518,6 @@ int add_system_trust(gnutls_x509_trust_l
return r;
}
#elif defined(ANDROID) || defined(__ANDROID__)

75
gnutls.changes
View File

@ -1,3 +1,78 @@
-------------------------------------------------------------------
Thu Feb 13 20:12:06 UTC 2014 - meissner@suse.com
- Upgraded to 3.2.11
** libgnutls: Tolerate servers that send the SUPPORTED ECC extension.
** libgnutls: Reduced the TLS and DTLS version requirements for all
ciphersuites that are not GCM.
** libgnutls: When two initial keywords are specified then treat the
second as having the '+' modifier.
** libgnutls: When using a PKCS #11 module for verification ensure that
it has been marked a trusted policy module in p11-kit. Moreover, when an
empty (i.e., "pkcs11:") URL is specified, then try all trusted modules
in the system for verification.
http://p11-glue.freedesktop.org/doc/p11-kit/pkcs11-conf.html
** libgnutls: Fixed bug that prevented the rejection of v1 intermediate
CA certificates. Reported and investigated by Suman Jana.
CVE-2014-1959 / bnc#863989
** certtool: Added the --ask-pass option.
- gnutls-3.2.10-supported-ecc.patch: upstreamed
- gnutls-fix-missing-ipv6.patch: upstreamed
-------------------------------------------------------------------
Tue Feb 11 12:16:48 UTC 2014 - meissner@suse.com
- Upgrade to 3.1.20 (released 2014-01-31)
** libgnutls: fixed null pointer derefence when printing a certificate
DN and an LDAP description isn't present.
** libgnutls: gnutls_db_check_entry_time will correctly report the time;
report and patch by Jonathan Roudiere.
- Upgrade to 3.2.9 (released 2014-01-24)
** libgnutls: The %DUMBFW option in priority string only
appends data to client hello if the expected size is in the
"black hole" range.
** libgnutls: %COMPAT implies %DUMBFW.
** libgnutls: gnutls_session_get_desc() returns a more compact
ciphersuite description.
* libgnutls: In PKCS #11 allow deleting multiple non-certificate data.
** libgnutls: When a PKCS #11 trust store is specified (e.g. using the
configure option --with-default-trust-store-pkcs11), then the PKCS #11
token is used on demand to obtain the trusted anchors, rather than
preloading all trusted certificates. That delegates CA certificate
management and blacklist checking to the PKCS #11 module.
** libgnutls: When a PKCS #11 trust store is specified in configure
option or in gnutls_x509_trust_list_add_trust_file(), then the module is
used to obtain the verification anchors and any required blacklists as
in
http://p11-glue.freedesktop.org/doc/storing-trust-policy/storing-trust-pkcs11.html
** libgnutls: Fix in OCSP certificate status extension handling
in non-blocking servers. Patch by Nils Maier.
** p11tool: Added --so-login option to force login as security
officer (admin).
- reenable ECDHE after review of modern cryptographic practices.
- gnutls-fix-missing-ipv6.patch: handle getaddrinfo/socket availability
issues in gnutls-serv
- gnutls-3.2.10-supported-ecc.patch: do not abort gnutls-cli on sites
sending the client only ECC extension (www.bsi.de)
-------------------------------------------------------------------
Sat Dec 21 20:38:19 UTC 2013 - shchang@suse.com

10
gnutls.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package gnutls
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -21,7 +21,7 @@
%define gnutls_ossl_sover 27
Name: gnutls
Version: 3.2.8
Version: 3.2.11
Release: 0
Summary: The GNU Transport Layer Security Library
License: LGPL-2.1+ and GPL-3.0+
@ -36,8 +36,6 @@ Source3: baselibs.conf
# PATCH-FIX-OPENSUSE gnutls-3.0.26-skip-test-fwrite.patch andreas.stieger@gmx.de -- skip a failing test
Patch3: gnutls-3.0.26-skip-test-fwrite.patch
# Disable elliptic curves for reasons. - meissner&cfarrell
Patch5: gnutls-3.2.8-noecc.patch
Patch6: gnutls-implement-trust-store-dir-3.2.8.diff
BuildRequires: automake
@ -138,21 +136,19 @@ Files needed for software development using gnutls.
%prep
%setup -q
%patch3
%patch5 -p1
%patch6 -p1
%build
autoreconf -if
# echde explicitly disabled - meissner&cfarrell
%configure \
gl_cv_func_printf_directive_n=yes \
gl_cv_func_printf_infinite_long_double=yes \
--disable-static \
--with-pic \
--disable-rpath \
--disable-srp \
--disable-silent-rules \
--with-default-trust-store-dir=/var/lib/ca-certificates/pem \
--disable-ecdhe \
--with-sysroot=/%{?_sysroot}
%__make %{?_smp_mflags}