Accepting request 84235 from Base:System

Update to 3.0.3 -- fix some crashes in telepathy (forwarded request 83992 from vuntz)

OBS-URL: https://build.opensuse.org/request/show/84235
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=35

0002-Added-note.GNU-stack-to-prevent-marking-the-library-.patch

@@ -1,57 +0,0 @@
-From 73b9f4e50612a846d9f1d54c71129caba7be80ce Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-Date: Mon, 8 Aug 2011 20:02:47 +0200
-Subject: [PATCH 2/6] Added note.GNU-stack to prevent marking the library as using an executable stack. Reported by Andreas Metzler.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-
-Signed-off-by: Cristian Rodríguez <crrodriguez@opensuse.org>
----
- lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s |    4 ++++
- lib/accelerated/intel/asm/appro-aes-x86-64.s     |    5 +++++
- lib/accelerated/intel/asm/appro-aes-x86.s        |    5 +++++
- 3 files changed, 14 insertions(+), 0 deletions(-)
-
-diff --git a/lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s b/lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s
-index 009ec3d..7e3c407 100644
---- a/lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s
-+++ b/lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s
-@@ -1062,3 +1062,7 @@ gcm_ghash_clmul:
- 
- .byte	71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
- .align	64
-+
-+#if defined(__linux__) && defined(__ELF__)
-+.section .note.GNU-stack,"",%progbits
-+#endif
-diff --git a/lib/accelerated/intel/asm/appro-aes-x86-64.s b/lib/accelerated/intel/asm/appro-aes-x86-64.s
-index f286fb1..675e112 100644
---- a/lib/accelerated/intel/asm/appro-aes-x86-64.s
-+++ b/lib/accelerated/intel/asm/appro-aes-x86-64.s
-@@ -2571,3 +2571,8 @@ __aesni_set_encrypt_key:
- 
- .byte	65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
- .align	64
-+
-+#if defined(__linux__) && defined(__ELF__)
-+.section .note.GNU-stack,"",%progbits
-+#endif
-+
-diff --git a/lib/accelerated/intel/asm/appro-aes-x86.s b/lib/accelerated/intel/asm/appro-aes-x86.s
-index 2084749..f095a63 100644
---- a/lib/accelerated/intel/asm/appro-aes-x86.s
-+++ b/lib/accelerated/intel/asm/appro-aes-x86.s
-@@ -2179,3 +2179,8 @@ aesni_set_decrypt_key:
- .byte	83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83
- .byte	32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115
- .byte	115,108,46,111,114,103,62,0
-+
-+#if defined(__linux__) && defined(__ELF__)
-+.section .note.GNU-stack,"",%progbits
-+#endif
-+
--- 
-1.7.4.1
-

0003-Force-alignment-for-AES-NI-to-the-runtime-rather-tha.patch

@@ -1,90 +0,0 @@
-From 96c632161c8f25ecc1aa55d01c6d5e8aec450792 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-Date: Thu, 11 Aug 2011 18:48:44 +0200
-Subject: [PATCH 3/6] Force alignment for AES-NI to the runtime rather than on the structures.
- Corrects issue on some systems (reported by Andreas Radke).
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-
-Signed-off-by: Cristian Rodríguez <crrodriguez@opensuse.org>
----
- lib/accelerated/intel/aes-x86.c |   11 +++++++----
- lib/accelerated/intel/aes-x86.h |   11 +++--------
- 2 files changed, 10 insertions(+), 12 deletions(-)
-
-diff --git a/lib/accelerated/intel/aes-x86.c b/lib/accelerated/intel/aes-x86.c
-index 53b3bde..970e613 100644
---- a/lib/accelerated/intel/aes-x86.c
-+++ b/lib/accelerated/intel/aes-x86.c
-@@ -39,6 +39,9 @@ struct aes_ctx
-   uint8_t iv[16];
- };
- 
-+#define ALIGN16(x) \
-+        ((void *)(((unsigned long)(x)+0x0f)&~(0x0f)))
-+
- static int
- aes_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx)
- {
-@@ -68,11 +71,11 @@ aes_cipher_setkey (void *_ctx, const void *userkey, size_t keysize)
-   struct aes_ctx *ctx = _ctx;
-   int ret;
- 
--  ret = aesni_set_encrypt_key (userkey, keysize * 8, &ctx->expanded_key);
-+  ret = aesni_set_encrypt_key (userkey, keysize * 8, ALIGN16(&ctx->expanded_key));
-   if (ret != 0)
-     return gnutls_assert_val (GNUTLS_E_ENCRYPTION_FAILED);
- 
--  ret = aesni_set_decrypt_key (userkey, keysize * 8, &ctx->expanded_key_dec);
-+  ret = aesni_set_decrypt_key (userkey, keysize * 8, ALIGN16(&ctx->expanded_key_dec));
-   if (ret != 0)
-     return gnutls_assert_val (GNUTLS_E_ENCRYPTION_FAILED);
- 
-@@ -94,7 +97,7 @@ aes_encrypt (void *_ctx, const void *src, size_t src_size,
- {
-   struct aes_ctx *ctx = _ctx;
- 
--  aesni_cbc_encrypt (src, dst, src_size, &ctx->expanded_key, ctx->iv, 1);
-+  aesni_cbc_encrypt (src, dst, src_size, ALIGN16(&ctx->expanded_key), ctx->iv, 1);
-   return 0;
- }
- 
-@@ -104,7 +107,7 @@ aes_decrypt (void *_ctx, const void *src, size_t src_size,
- {
-   struct aes_ctx *ctx = _ctx;
- 
--  aesni_cbc_encrypt (src, dst, src_size, &ctx->expanded_key_dec, ctx->iv, 0);
-+  aesni_cbc_encrypt (src, dst, src_size, ALIGN16(&ctx->expanded_key_dec), ctx->iv, 0);
- 
-   return 0;
- }
-diff --git a/lib/accelerated/intel/aes-x86.h b/lib/accelerated/intel/aes-x86.h
-index 8f49ff3..a4cac1d 100644
---- a/lib/accelerated/intel/aes-x86.h
-+++ b/lib/accelerated/intel/aes-x86.h
-@@ -5,17 +5,12 @@
- 
- void register_x86_crypto (void);
- 
--#ifdef __GNUC__
--# define ALIGN16 __attribute__ ((aligned (16)))
--#else
--# define ALIGN16
--#endif
--
-+#define AES_KEY_ALIGN_SIZE 4
- #define AES_MAXNR 14
- typedef struct
- {
--  uint32_t ALIGN16 rd_key[4 * (AES_MAXNR + 1)];
--  int rounds;
-+  uint32_t rd_key[4 * (AES_MAXNR + 1)+AES_KEY_ALIGN_SIZE];
-+  int rounds; /* unused... */
- } AES_KEY;
- 
- void aesni_ecb_encrypt (const unsigned char *in, unsigned char *out,
--- 
-1.7.4.1
-

0006-Added-AES-256-GCM.-Reported-by-Benjamin-Hof.patch

@@ -1,32 +0,0 @@
-From 5fcee6608c93449456da8e02410eca54b54b0e69 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
-Date: Mon, 15 Aug 2011 23:30:28 -0400
-Subject: [PATCH 6/6] Added AES-256-GCM. Reported by Benjamin Hof.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Conflicts:
-
-	NEWS
-
-Signed-off-by: Cristian Rodríguez <crrodriguez@opensuse.org>
----
- lib/algorithms/ciphers.c |    1 +
- 1 files changed, 1 insertions(+), 0 deletions(-)
-
-diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c
-index 9bcd4d9..b1ba338 100644
---- a/lib/algorithms/ciphers.c
-+++ b/lib/algorithms/ciphers.c
-@@ -52,6 +52,7 @@ static const gnutls_cipher_entry algorithms[] = {
-   {"AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC, 16, 24, CIPHER_BLOCK, 16, 0, 0},
-   {"AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC, 16, 16, CIPHER_BLOCK, 16, 0, 0},
-   {"AES-128-GCM", GNUTLS_CIPHER_AES_128_GCM, 16, 16, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 0, 1},
-+  {"AES-256-GCM", GNUTLS_CIPHER_AES_256_GCM, 16, 32, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 0, 1},
-   {"3DES-CBC", GNUTLS_CIPHER_3DES_CBC, 8, 24, CIPHER_BLOCK, 8, 0, 0},
-   {"DES-CBC", GNUTLS_CIPHER_DES_CBC, 8, 8, CIPHER_BLOCK, 8, 0, 0},
-   {"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0, 0},
--- 
-1.7.4.1
-

gnutls-3.0.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:aeedcfe5b56d649408b8f135c5be14b6ca3b242a8816685a2324985ebd67e117
-size 4543664

gnutls-3.0.3.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1c9f7e5e22b30cc7e558b00aa0a78388852b62b241c68c4f5dce1cb39ca6298b
+size 4281044

gnutls.changes

@@ -1,3 +1,73 @@
+-------------------------------------------------------------------
+Tue Sep 20 16:03:50 UTC 2011 - vuntz@opensuse.org
+
+- Update to version 3.0.3:
+  + libgnutls:
+    - Added gnutls_record_get_discarded() to return the number of
+      discarded records in a DTLS session.
+    - All functions related to RSA-EXPORT were deprecated.
+    - Memory leak fixes in credentials private key
+      deinitialization.
+    - Memory leak fixes in ECC ciphersuites.
+    - Do not send an empty extension structure in server hello.
+      This affected old implementations that do not support
+      extensions.
+    - Allow CA importing of 0 certificates to succeed.
+    - Added support for VIA padlock AES optimizations. (disabled by
+      default)
+    - Added support for elliptic curves in PKCS #11.
+    - Added gnutls_pkcs11_privkey_generate() to allow generating a
+      key in a token.
+    - gnutls_transport_set_lowat dummy macro was removed.
+  + p11tool: Added generate-rsa, generate-dsa and generate-ecc
+    options to allow generating private keys in the token.
+- Changes from version 3.0.2:
+  + libgnutls:
+    - OpenPGP certificate type is not enabled by default.
+    - Added %NO_EXTENSIONS priority string.
+    - Corrected issue in gnutls_record_recv() triggered on
+      encryption or compression error.
+    - Compatibility fixes in CPU ID detection for i386 and old GCC.
+    - Corrected parsing of XMPP subject alternative names.
+    - Allow for out-of-order ChangeCipherSpec message in DTLS.
+    - gnutls_certificate_set_x509_key() and
+      gnutls_certificate_set_openpgp_key() operate as in 2.10.x and
+      allow the release of the private key during the lifetime of
+      the certificate structure.
+  + gnutls-cli: Benchmark applications were incorporated with it.
+- Changes from version 3.0.1:
+  + libgnutls:
+    - gnutls_certificate_set_x509_key_file() and friends support
+      server name indication. If multiple certificates are set
+      using these functions the proper one will be selected during
+      a handshake.
+    - Added AES-256-GCM which was left out from the previous
+      release.
+    - When asking for a PKCS# 11 PIN multiple times, the flags in
+      the callback were not being updated to reflect for PIN low
+      count or final try.
+    - Do not allow second instances of PKCS #11 modules.
+    - Fixed alignment issue in AES-NI code.
+    - The config file at gnutls_pkcs11_init() is being read if
+      provided.
+    - Ensure that a certificate list specified using
+      gnutls_certificate_set_x509_key() and friends, is sorted
+      according to TLS specification (from subject to issuer).
+    - Added GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED flag for
+      gnutls_x509_crt_list_import. It checks whether the list to be
+      imported is properly sorted.
+  + crywrap: Added to the distribution. It is an application that
+    proxies TLS session to a port using a plaintext service.
+  + Many GTK-DOC improvements.
+  + Updated translations.
+- Drop 0001-Included-appro-s-updates-to-AES-NI.patch,
+  0002-Added-note.GNU-stack-to-prevent-marking-the-library-.patch,
+  0003-Force-alignment-for-AES-NI-to-the-runtime-rather-tha.patch,
+  0006-Added-AES-256-GCM.-Reported-by-Benjamin-Hof.patch: all fixed
+  upstream.
+- Drop call to autoreconf: it was only needed for the patches.
+- Add libidn-devel BuildRequires for the new crywrap tool.
+
 -------------------------------------------------------------------
 Mon Aug 29 08:00:03 UTC 2011 - coolo@novell.com
 

gnutls.spec

@@ -22,8 +22,8 @@
 %define gnutls_extra_sover 28
 
 Name:           gnutls
-Version:        3.0.0
-Release:        3
+Version:        3.0.3
+Release:        1
 License:        LGPLv3+
 Summary:        The GNU Transport Layer Security Library
 Url:            http://www.gnutls.org/
@@ -33,6 +33,7 @@ Source1:        baselibs.conf
 BuildRequires:  gcc-c++
 BuildRequires:  libnettle-devel >= 2.2
 BuildRequires:  p11-kit-devel
+BuildRequires:  libidn-devel
 BuildRequires:  libtasn1-devel
 BuildRequires:  pkg-config
 BuildRequires:  xz
@@ -42,10 +43,6 @@ BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %ifarch ppc64
 Obsoletes:      gnutls-64bit
 %endif
-Patch0:         0001-Included-appro-s-updates-to-AES-NI.patch
-Patch1:         0002-Added-note.GNU-stack-to-prevent-marking-the-library-.patch
-Patch2:         0003-Force-alignment-for-AES-NI-to-the-runtime-rather-tha.patch
-Patch3:         0006-Added-AES-256-GCM.-Reported-by-Benjamin-Hof.patch
 
 %description
 The GnuTLS project aims to develop a library that provides a secure
@@ -54,7 +51,6 @@ implements the proposed standards of the IETF's TLS working group.
 
 %package -n libgnutls%{gnutls_sover}
 
-
 License:        LGPLv2.1+
 Summary:        The GNU Transport Layer Security Library
 Group:          Productivity/Networking/Security
@@ -66,7 +62,6 @@ implements the proposed standards of the IETF's TLS working group.
 
 %package -n libgnutlsxx%{gnutlsxx_sover}
 
-
 License:        LGPLv2.1+
 Summary:        The GNU Transport Layer Security Library
 Group:          Productivity/Networking/Security
@@ -79,7 +74,6 @@ implements the proposed standards of the IETF's TLS working group.
 
 %package -n libgnutls-extra%{gnutls_extra_sover}
 
-
 License:        GPLv3+
 Summary:        The GNU Transport Layer Security Library
 Group:          Productivity/Networking/Security
@@ -92,7 +86,6 @@ implements the proposed standards of the IETF's TLS working group.
 
 %package -n libgnutls-openssl%{gnutls_ossl_sover}
 
-
 License:        GPLv3+
 Summary:        The GNU Transport Layer Security Library
 Group:          Productivity/Networking/Security
@@ -160,13 +153,8 @@ implements the proposed standards of the IETF's TLS working group.
 
 %prep
 %setup -q
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
 
 %build
-autoreconf -fi
 %configure \
         --disable-static \
         --with-pic \
@@ -219,6 +207,7 @@ rm -rf %{buildroot}
 %defattr(-, root, root)
 %doc THANKS README NEWS ChangeLog COPYING AUTHORS doc/TODO
 %{_bindir}/certtool
+%{_bindir}/crywrap
 %{_bindir}/gnutls-cli
 %{_bindir}/gnutls-cli-debug
 %{_bindir}/gnutls-serv