Accepting request 84235 from Base:System

Update to 3.0.3 -- fix some crashes in telepathy (forwarded request 83992 from vuntz) OBS-URL: https://build.opensuse.org/request/show/84235 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=35
2011-09-22 08:45:50 +00:00 · 2011-09-22 08:45:50 +00:00 · c664795e05
commit c664795e05
parent a0f196bdc4
8 changed files with 77 additions and 2172 deletions
--- a/0001-Included-appro-s-updates-to-AES-NI.patch
+++ b/0001-Included-appro-s-updates-to-AES-NI.patch
--- a/0002-Added-note.GNU-stack-to-prevent-marking-the-library-.patch
+++ b/0002-Added-note.GNU-stack-to-prevent-marking-the-library-.patch
@ -1,57 +0,0 @@
 From 73b9f4e50612a846d9f1d54c71129caba7be80ce Mon Sep 17 00:00:00 2001
 From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 Date: Mon, 8 Aug 2011 20:02:47 +0200
 Subject: [PATCH 2/6] Added note.GNU-stack to prevent marking the library as using an executable stack. Reported by Andreas Metzler.
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Signed-off-by: Cristian Rodríguez <crrodriguez@opensuse.org>
 ---
 lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s |    4 ++++
 lib/accelerated/intel/asm/appro-aes-x86-64.s     |    5 +++++
 lib/accelerated/intel/asm/appro-aes-x86.s        |    5 +++++
 3 files changed, 14 insertions(+), 0 deletions(-)
 diff --git a/lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s b/lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s
 index 009ec3d..7e3c407 100644
 --- a/lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s
 +++ b/lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s
@@ -1062,3 +1062,7 @@ gcm_ghash_clmul:
 .byte	71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .align	64
 +
 +#if defined(__linux__) && defined(__ELF__)
 +.section .note.GNU-stack,"",%progbits
 +#endif
 diff --git a/lib/accelerated/intel/asm/appro-aes-x86-64.s b/lib/accelerated/intel/asm/appro-aes-x86-64.s
 index f286fb1..675e112 100644
 --- a/lib/accelerated/intel/asm/appro-aes-x86-64.s
 +++ b/lib/accelerated/intel/asm/appro-aes-x86-64.s
@@ -2571,3 +2571,8 @@ __aesni_set_encrypt_key:
 .byte	65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .align	64
 +
 +#if defined(__linux__) && defined(__ELF__)
 +.section .note.GNU-stack,"",%progbits
 +#endif
 +
 diff --git a/lib/accelerated/intel/asm/appro-aes-x86.s b/lib/accelerated/intel/asm/appro-aes-x86.s
 index 2084749..f095a63 100644
 --- a/lib/accelerated/intel/asm/appro-aes-x86.s
 +++ b/lib/accelerated/intel/asm/appro-aes-x86.s
@@ -2179,3 +2179,8 @@ aesni_set_decrypt_key:
 .byte	83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83
 .byte	32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115
 .byte	115,108,46,111,114,103,62,0
 +
 +#if defined(__linux__) && defined(__ELF__)
 +.section .note.GNU-stack,"",%progbits
 +#endif
 +
 -- 
 1.7.4.1
--- a/0003-Force-alignment-for-AES-NI-to-the-runtime-rather-tha.patch
+++ b/0003-Force-alignment-for-AES-NI-to-the-runtime-rather-tha.patch
@ -1,90 +0,0 @@
 From 96c632161c8f25ecc1aa55d01c6d5e8aec450792 Mon Sep 17 00:00:00 2001
 From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 Date: Thu, 11 Aug 2011 18:48:44 +0200
 Subject: [PATCH 3/6] Force alignment for AES-NI to the runtime rather than on the structures.
 Corrects issue on some systems (reported by Andreas Radke).
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Signed-off-by: Cristian Rodríguez <crrodriguez@opensuse.org>
 ---
 lib/accelerated/intel/aes-x86.c |   11 +++++++----
 lib/accelerated/intel/aes-x86.h |   11 +++--------
 2 files changed, 10 insertions(+), 12 deletions(-)
 diff --git a/lib/accelerated/intel/aes-x86.c b/lib/accelerated/intel/aes-x86.c
 index 53b3bde..970e613 100644
 --- a/lib/accelerated/intel/aes-x86.c
 +++ b/lib/accelerated/intel/aes-x86.c
@@ -39,6 +39,9 @@ struct aes_ctx
   uint8_t iv[16];
 };
 +#define ALIGN16(x) \
 +        ((void *)(((unsigned long)(x)+0x0f)&~(0x0f)))
 +
 static int
 aes_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx)
 {
@@ -68,11 +71,11 @@ aes_cipher_setkey (void *_ctx, const void *userkey, size_t keysize)
   struct aes_ctx *ctx = _ctx;
   int ret;
 -  ret = aesni_set_encrypt_key (userkey, keysize * 8, &ctx->expanded_key);
 +  ret = aesni_set_encrypt_key (userkey, keysize * 8, ALIGN16(&ctx->expanded_key));
   if (ret != 0)
     return gnutls_assert_val (GNUTLS_E_ENCRYPTION_FAILED);
 -  ret = aesni_set_decrypt_key (userkey, keysize * 8, &ctx->expanded_key_dec);
 +  ret = aesni_set_decrypt_key (userkey, keysize * 8, ALIGN16(&ctx->expanded_key_dec));
   if (ret != 0)
     return gnutls_assert_val (GNUTLS_E_ENCRYPTION_FAILED);
@@ -94,7 +97,7 @@ aes_encrypt (void *_ctx, const void *src, size_t src_size,
 {
   struct aes_ctx *ctx = _ctx;
 -  aesni_cbc_encrypt (src, dst, src_size, &ctx->expanded_key, ctx->iv, 1);
 +  aesni_cbc_encrypt (src, dst, src_size, ALIGN16(&ctx->expanded_key), ctx->iv, 1);
   return 0;
 }
@@ -104,7 +107,7 @@ aes_decrypt (void *_ctx, const void *src, size_t src_size,
 {
   struct aes_ctx *ctx = _ctx;
 -  aesni_cbc_encrypt (src, dst, src_size, &ctx->expanded_key_dec, ctx->iv, 0);
 +  aesni_cbc_encrypt (src, dst, src_size, ALIGN16(&ctx->expanded_key_dec), ctx->iv, 0);
   return 0;
 }
 diff --git a/lib/accelerated/intel/aes-x86.h b/lib/accelerated/intel/aes-x86.h
 index 8f49ff3..a4cac1d 100644
 --- a/lib/accelerated/intel/aes-x86.h
 +++ b/lib/accelerated/intel/aes-x86.h
@@ -5,17 +5,12 @@
 void register_x86_crypto (void);
 -#ifdef __GNUC__
 -# define ALIGN16 __attribute__ ((aligned (16)))
 -#else
 -# define ALIGN16
 -#endif
 -
 +#define AES_KEY_ALIGN_SIZE 4
 #define AES_MAXNR 14
 typedef struct
 {
 -  uint32_t ALIGN16 rd_key[4 * (AES_MAXNR + 1)];
 -  int rounds;
 +  uint32_t rd_key[4 * (AES_MAXNR + 1)+AES_KEY_ALIGN_SIZE];
 +  int rounds; /* unused... */
 } AES_KEY;
 void aesni_ecb_encrypt (const unsigned char *in, unsigned char *out,
 -- 
 1.7.4.1
--- a/0006-Added-AES-256-GCM.-Reported-by-Benjamin-Hof.patch
+++ b/0006-Added-AES-256-GCM.-Reported-by-Benjamin-Hof.patch
@ -1,32 +0,0 @@
 From 5fcee6608c93449456da8e02410eca54b54b0e69 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
 Date: Mon, 15 Aug 2011 23:30:28 -0400
 Subject: [PATCH 6/6] Added AES-256-GCM. Reported by Benjamin Hof.
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Conflicts:
 	NEWS
 Signed-off-by: Cristian Rodríguez <crrodriguez@opensuse.org>
 ---
 lib/algorithms/ciphers.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)
 diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c
 index 9bcd4d9..b1ba338 100644
 --- a/lib/algorithms/ciphers.c
 +++ b/lib/algorithms/ciphers.c
@@ -52,6 +52,7 @@ static const gnutls_cipher_entry algorithms[] = {
   {"AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC, 16, 24, CIPHER_BLOCK, 16, 0, 0},
   {"AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC, 16, 16, CIPHER_BLOCK, 16, 0, 0},
   {"AES-128-GCM", GNUTLS_CIPHER_AES_128_GCM, 16, 16, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 0, 1},
 +  {"AES-256-GCM", GNUTLS_CIPHER_AES_256_GCM, 16, 32, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 0, 1},
   {"3DES-CBC", GNUTLS_CIPHER_3DES_CBC, 8, 24, CIPHER_BLOCK, 8, 0, 0},
   {"DES-CBC", GNUTLS_CIPHER_DES_CBC, 8, 8, CIPHER_BLOCK, 8, 0, 0},
   {"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0, 0},
 -- 
 1.7.4.1
--- a/gnutls-3.0.0.tar.xz
+++ b/gnutls-3.0.0.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:aeedcfe5b56d649408b8f135c5be14b6ca3b242a8816685a2324985ebd67e117
 size 4543664
--- a/gnutls-3.0.3.tar.xz
+++ b/gnutls-3.0.3.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:1c9f7e5e22b30cc7e558b00aa0a78388852b62b241c68c4f5dce1cb39ca6298b
 size 4281044
--- a/gnutls.changes
+++ b/gnutls.changes
@ -1,3 +1,73 @@
 -------------------------------------------------------------------
 Tue Sep 20 16:03:50 UTC 2011 - vuntz@opensuse.org
 - Update to version 3.0.3:
  + libgnutls:
    - Added gnutls_record_get_discarded() to return the number of
      discarded records in a DTLS session.
    - All functions related to RSA-EXPORT were deprecated.
    - Memory leak fixes in credentials private key
      deinitialization.
    - Memory leak fixes in ECC ciphersuites.
    - Do not send an empty extension structure in server hello.
      This affected old implementations that do not support
      extensions.
    - Allow CA importing of 0 certificates to succeed.
    - Added support for VIA padlock AES optimizations. (disabled by
      default)
    - Added support for elliptic curves in PKCS #11.
    - Added gnutls_pkcs11_privkey_generate() to allow generating a
      key in a token.
    - gnutls_transport_set_lowat dummy macro was removed.
  + p11tool: Added generate-rsa, generate-dsa and generate-ecc
    options to allow generating private keys in the token.
 - Changes from version 3.0.2:
  + libgnutls:
    - OpenPGP certificate type is not enabled by default.
    - Added %NO_EXTENSIONS priority string.
    - Corrected issue in gnutls_record_recv() triggered on
      encryption or compression error.
    - Compatibility fixes in CPU ID detection for i386 and old GCC.
    - Corrected parsing of XMPP subject alternative names.
    - Allow for out-of-order ChangeCipherSpec message in DTLS.
    - gnutls_certificate_set_x509_key() and
      gnutls_certificate_set_openpgp_key() operate as in 2.10.x and
      allow the release of the private key during the lifetime of
      the certificate structure.
  + gnutls-cli: Benchmark applications were incorporated with it.
 - Changes from version 3.0.1:
  + libgnutls:
    - gnutls_certificate_set_x509_key_file() and friends support
      server name indication. If multiple certificates are set
      using these functions the proper one will be selected during
      a handshake.
    - Added AES-256-GCM which was left out from the previous
      release.
    - When asking for a PKCS# 11 PIN multiple times, the flags in
      the callback were not being updated to reflect for PIN low
      count or final try.
    - Do not allow second instances of PKCS #11 modules.
    - Fixed alignment issue in AES-NI code.
    - The config file at gnutls_pkcs11_init() is being read if
      provided.
    - Ensure that a certificate list specified using
      gnutls_certificate_set_x509_key() and friends, is sorted
      according to TLS specification (from subject to issuer).
    - Added GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED flag for
      gnutls_x509_crt_list_import. It checks whether the list to be
      imported is properly sorted.
  + crywrap: Added to the distribution. It is an application that
    proxies TLS session to a port using a plaintext service.
  + Many GTK-DOC improvements.
  + Updated translations.
 - Drop 0001-Included-appro-s-updates-to-AES-NI.patch,
  0002-Added-note.GNU-stack-to-prevent-marking-the-library-.patch,
  0003-Force-alignment-for-AES-NI-to-the-runtime-rather-tha.patch,
  0006-Added-AES-256-GCM.-Reported-by-Benjamin-Hof.patch: all fixed
  upstream.
 - Drop call to autoreconf: it was only needed for the patches.
 - Add libidn-devel BuildRequires for the new crywrap tool.
 -------------------------------------------------------------------
 Mon Aug 29 08:00:03 UTC 2011 - coolo@novell.com
--- a/gnutls.spec
+++ b/gnutls.spec
@ -22,8 +22,8 @@
 %define gnutls_extra_sover 28
 Name:           gnutls
-Version:        3.0.0
+Version:        3.0.3
-Release:        3
+Release:        1
 License:        LGPLv3+
 Summary:        The GNU Transport Layer Security Library
 Url:            http://www.gnutls.org/
@ -33,6 +33,7 @@ Source1:        baselibs.conf
 BuildRequires:  gcc-c++
 BuildRequires:  libnettle-devel >= 2.2
 BuildRequires:  p11-kit-devel
 BuildRequires:  libidn-devel
 BuildRequires:  libtasn1-devel
 BuildRequires:  pkg-config
 BuildRequires:  xz
@ -42,10 +43,6 @@ BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %ifarch ppc64
 Obsoletes:      gnutls-64bit
 %endif
 Patch0:         0001-Included-appro-s-updates-to-AES-NI.patch
 Patch1:         0002-Added-note.GNU-stack-to-prevent-marking-the-library-.patch
 Patch2:         0003-Force-alignment-for-AES-NI-to-the-runtime-rather-tha.patch
 Patch3:         0006-Added-AES-256-GCM.-Reported-by-Benjamin-Hof.patch
 %description
 The GnuTLS project aims to develop a library that provides a secure
@ -54,7 +51,6 @@ implements the proposed standards of the IETF's TLS working group.
 %package -n libgnutls%{gnutls_sover}
 License:        LGPLv2.1+
 Summary:        The GNU Transport Layer Security Library
 Group:          Productivity/Networking/Security
@ -66,7 +62,6 @@ implements the proposed standards of the IETF's TLS working group.
 %package -n libgnutlsxx%{gnutlsxx_sover}
 License:        LGPLv2.1+
 Summary:        The GNU Transport Layer Security Library
 Group:          Productivity/Networking/Security
@ -79,7 +74,6 @@ implements the proposed standards of the IETF's TLS working group.
 %package -n libgnutls-extra%{gnutls_extra_sover}
 License:        GPLv3+
 Summary:        The GNU Transport Layer Security Library
 Group:          Productivity/Networking/Security
@ -92,7 +86,6 @@ implements the proposed standards of the IETF's TLS working group.
 %package -n libgnutls-openssl%{gnutls_ossl_sover}
 License:        GPLv3+
 Summary:        The GNU Transport Layer Security Library
 Group:          Productivity/Networking/Security
@ -160,13 +153,8 @@ implements the proposed standards of the IETF's TLS working group.
 %prep
 %setup -q
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
 %build
 autoreconf -fi
 %configure \
        --disable-static \
        --with-pic \
@ -219,6 +207,7 @@ rm -rf %{buildroot}
 %defattr(-, root, root)
 %doc THANKS README NEWS ChangeLog COPYING AUTHORS doc/TODO
 %{_bindir}/certtool
 %{_bindir}/crywrap
 %{_bindir}/gnutls-cli
 %{_bindir}/gnutls-cli-debug
 %{_bindir}/gnutls-serv