Accepting request 31574 from Base:System

Copy from Base:System/gnutls based on submit request 31574 from user msmeissn OBS-URL: https://build.opensuse.org/request/show/31574 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=21
2010-02-05 13:05:07 +00:00 · 2010-02-05 13:05:07 +00:00 · e2b857d648
commit e2b857d648
parent 3092809221
6 changed files with 47 additions and 364 deletions
--- a/CVE-2008-4989.patch
+++ b/CVE-2008-4989.patch
@ -1,22 +0,0 @@
-Index: gnutls-2.4.1/lib/x509/verify.c
-===================================================================
--- gnutls-2.4.1.orig/lib/x509/verify.c
-+++ gnutls-2.4.1/lib/x509/verify.c
-@@ -414,17 +414,6 @@ _gnutls_x509_verify_certificate (const g
-     }
- #endif
- 
-  /* Check if the last certificate in the path is self signed.
-   * In that case ignore it (a certificate is trusted only if it
-   * leads to a trusted party by us, not the server's).
-   */
-  if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
-				    certificate_list[clist_size - 1]) > 0
-      && clist_size > 0)
-    {
-      clist_size--;
-    }
-
-   /* Verify the certificate path (chain) 
-    */
-   for (i = clist_size - 1; i > 0; i--)
--- a/gnutls-2.4.1-disable_cxx.patch
+++ b/gnutls-2.4.1-disable_cxx.patch
@ -1,39 +0,0 @@
-commit 6d9c52778b359c35cfe157156d27915227e59c5e
-Author: Simon Josefsson <simon@josefsson.org>
-Date:   Thu Jun 19 13:48:53 2008 +0200
-
-    Disable C++ library if psk, srp, anon etc have been disabled.
-    The libgnutlsxx.cpp file calls several functions that may have been removed.
-
-Index: gnutls-2.4.1/configure.in
-===================================================================
--- gnutls-2.4.1.orig/configure.in	2008-07-02 19:35:02.000000000 +0200
-+++ gnutls-2.4.1/configure.in	2008-07-02 19:39:42.000000000 +0200
-@@ -113,9 +113,6 @@ if test "$use_cxx" != "no"; then
-   AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])], use_cxx=yes, use_cxx=no)
-   AC_LANG_POP(C++)
- fi
-AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no")
-AC_MSG_CHECKING([whether to build C++ library])
-AC_MSG_RESULT($use_cxx)
- 
- AC_MSG_CHECKING([whether C99 macros are supported])
- AC_TRY_COMPILE(,[ 
-@@ -524,6 +521,17 @@ AC_MSG_RESULT($minitasn1_enabled)
- 
- AM_CONDITIONAL(ENABLE_MINITASN1, test "$minitasn1_enabled" = "yes")
- 
-+if test "$ac_full" != 1; then
-+ AC_MSG_WARN([[
-+*** 
-+*** C++ library disabled because some parts of GnuTLS has been disabled.
-+]])
-+  use_cxx=no
-+fi
-+AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no")
-+AC_MSG_CHECKING([whether to build C++ library])
-+AC_MSG_RESULT($use_cxx)
-+
- dnl Check for libcfg+
- 
- SAVED_LIBS=$LIBS
--- a/gnutls-2.4.1.tar.bz2
+++ b/gnutls-2.4.1.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d91401a6828d7300dc2b1106ff99610479aa35af05d39746cacdab8cdc7be5fd
-size 4940118
--- a/gnutls-2.8.5.tar.bz2
+++ b/gnutls-2.8.5.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9249c29df71551e302e0186f4e1876dd6cc4c6cf2974b432c22525dde815cae8
+size 6196862
--- a/gnutls.changes
+++ b/gnutls.changes
@ -1,3 +1,25 @@
+-------------------------------------------------------------------
+Thu Feb  4 16:46:45 CET 2010 - meissner@suse.de
+
+- some build fixes.
+
+-------------------------------------------------------------------
+Thu Feb  4 16:44:52 CET 2010 - per@osbeck.com
+
+- updated to stable 2.8.5
+
+-------------------------------------------------------------------
+Fri Dec 25 22:11:03 CET 2009 - jengelh@medozas.de
+
+- add baselibs.conf as a source
+- enable parallel building
+
+-------------------------------------------------------------------
+Wed Sep  2 05:52:45 CEST 2009 - gjhe@novell.com
+
+- update to lastest stable version 2.8.3
+  [bnc#532750] 
+
 -------------------------------------------------------------------
 Fri Mar 13 13:37:15 CET 2009 - jshi@suse.de

--- a/gnutls.spec
+++ b/gnutls.spec
@ -1,7 +1,7 @@
 #
-# spec file for package gnutls (Version 2.4.1)
+# spec file for package gnutls (Version 2.8.5)
 #
-# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -20,14 +20,13 @@

 Name:           gnutls
 BuildRequires:  gcc-c++ libgcrypt-devel libopencdk-devel
-Version:        2.4.1
-Release:        25
-License:        GPL v3 or later; LGPL v2.1 or later
+Version:        2.8.5
+Release:        1
+License:        GPLv3+ ; LGPLv2.1+
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Url:            http://www.gnutls.org/
 Source0:        %name-%version.tar.bz2
-Patch1:         gnutls-2.4.1-disable_cxx.patch
-Patch2:         CVE-2008-4989.patch
+Source1:        baselibs.conf
 Summary:        The GNU Transport Layer Security Library
 Group:          Productivity/Networking/Security
 AutoReqProv:    on
@ -52,7 +51,7 @@ Authors:
    Andrew McDonald

 %package -n libgnutls26
-License:        LGPL v2.1 or later
+License:        LGPLv2.1+
 Summary:        The GNU Transport Layer Security Library
 Group:          Productivity/Networking/Security

@ -71,7 +70,7 @@ Authors:
    Andrew McDonald

 %package -n libgnutls-extra26
-License:        GPL v3 or later
+License:        GPLv3+
 Summary:        The GNU Transport Layer Security Library
 Group:          Productivity/Networking/Security

@ -90,7 +89,7 @@ Authors:
    Andrew McDonald

 %package -n libgnutls-devel
-License:        LGPL v2.1 or later
+License:        LGPLv2.1+
 Summary:        Development package for gnutls
 Group:          Development/Libraries/C and C++
 Requires:       libgnutls26 = %version glibc-devel libopencdk-devel libgcrypt-devel
@ -109,7 +108,7 @@ Authors:
    Andrew McDonald

 %package -n libgnutls-extra-devel
-License:        GPL v3 or later
+License:        GPLv3+
 Summary:        The GNU Transport Layer Security Library
 Group:          Development/Libraries/C and C++
 Requires:       libgnutls-extra26 = %version libgnutls-devel
@ -138,8 +137,8 @@ Authors:

 %prep
 %setup -q
-%patch1 -p1
-%patch2 -p1
+#%patch1 -p1
+#%patch2 -p1

 %build
 autoreconf -fi
@ -154,7 +153,7 @@ autoreconf -fi
 	    --disable-rpath \
            CFLAGS="$RPM_OPT_FLAGS" \
            CXXFLAGS="$RPM_OPT_FLAGS"
-make
+make %{?_smp_mflags}
 make check

 %install
@ -164,7 +163,7 @@ find doc/examples -perm -111 -exec rm {} \;
 rm -rf %{buildroot}/usr/share/locale/en@{,bold}quot
 # Do not package static libs and libtool files
 rm -f %{buildroot}%{_libdir}/*.{a,la}
-%find_lang %name
+%find_lang libgnutls

 %clean
 rm -rf %buildroot
@ -187,9 +186,9 @@ rm -rf %buildroot
 %postun -n libgnutls-devel
 %install_info_delete --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz

-%files -f %name.lang
+%files -f libgnutls.lang
 %defattr(-, root, root)
-%doc THANKS README NEWS ChangeLog COPYING.LIB COPYING AUTHORS doc/TODO
+%doc THANKS README NEWS ChangeLog COPYING AUTHORS doc/TODO
 %_bindir/certtool
 %_bindir/gnutls-cli
 %_bindir/gnutls-cli-debug
@ -200,6 +199,7 @@ rm -rf %buildroot
 %files -n libgnutls26
 %defattr(-,root,root)
 %_libdir/libgnutls.so.26*
+%_libdir/libgnutlsxx.so.26*

 %files -n libgnutls-extra26
 %defattr(-,root,root)
@ -208,10 +208,11 @@ rm -rf %buildroot

 %files -n libgnutls-devel
 %defattr(-, root, root)
-%_bindir/libgnutls-config
+#%_bindir/libgnutls-config
 %_includedir/*
 %_libdir/libgnutls.so
-%_datadir/aclocal/libgnutls.m4
+%_libdir/libgnutlsxx.so
+#%_datadir/aclocal/libgnutls.m4
 %_libdir/pkgconfig/gnutls.pc
 %_mandir/man3/*
 %_infodir/%{name}*
@ -219,289 +220,10 @@ rm -rf %buildroot

 %files -n libgnutls-extra-devel
 %defattr(-, root, root)
-%_bindir/libgnutls-extra-config
+#%_bindir/libgnutls-extra-config
 %_libdir/libgnutls-extra.so
 %_libdir/libgnutls-openssl.so
-%_datadir/aclocal/libgnutls-extra.m4
+#%_datadir/aclocal/libgnutls-extra.m4
 %_libdir/pkgconfig/gnutls-extra.pc

 %changelog
-* Fri Mar 13 2009 jshi@suse.de
- fix security bug [bnc#457938]
-  new CVE-2008-4989
-* Wed Dec 10 2008 olh@suse.de
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
-  (bnc#437293)
-* Fri Nov 28 2008 jshi@suse.de
- fix security bug [bnc#441856]
-  CVE-2008-4989
-* Thu Oct 30 2008 olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
-* Sat Aug 02 2008 meissner@suse.de
- run testsuite
-* Thu Jul 17 2008 mkoenig@suse.de
- update to version 2.4.1
-  * libgnutls: Fix local crash in gnutls_handshake
-  * libgnutls: Fix memory leaks when doing a re-handshake
-  * Fix compiler warnings
-  * Fix ordering of -I's to avoid opencdk.h conflict with
-  system headers
-  * srptool: Fix a problem where --verify check does not succeed
- remove C++ wrapper lib, it is not usable without SRP
- remove patch
-  gnutls-1.6.1-srptool.patch
-* Wed Jul 02 2008 mkoenig@suse.de
- remove gnutls main package from baselibs.conf
-* Thu Jun 26 2008 mkoenig@suse.de
- update to version 2.4.0
-  * The OpenPGP sub-system has been improved and now supports subkeys
-  * The PSK sub-system has been improved and now supports password
-  derivation and PSK identity hints
-  * The certtool --inder and --outder has been replaced
-  by --inraw and --outraw
-  * New APIs to access the raw X.509 Subject and Issuer DN's and
-  elements from the certificate credentials structure
-  * New APIs to improve working with username/passwords and PSK
-  * Names of constants to affect certificate printing changed
-  * The function gnutls_openpgp_privkey_get_id has been renamed to
-  gnutls_openpgp_privkey_get_key_id
-  * API/ABI changes in GnuTLS 2.4
-  All OpenPGP related functions have been moved from
-  libgnutls-extra to libgnutls, and several new functions have
-  been added
- remove SRP functionality from C++ wrapper, otherwise it cannot
-  be linked against it
- removed patches
-  gnutls-2.2.2-uninitialized.patch
-  gnutls-char-signedness.patch
-  gnutls-GNUTLS_SA_2008_1.patch
-* Mon Jun 23 2008 mkoenig@suse.de
- disable SRP [bnc#65192]
-* Wed May 21 2008 mkoenig@suse.de
- fix three security bugs [bnc#392947]
-  CVE-2008-1948 GNUTLS-SA-2008-1-1
-  Fix crash when sending invalid server name
-  CVE-2008-1949 GNUTLS-SA-2008-1-2
-  Fix crash when sending repeated client hellos
-  CVE-2008-1950 GNUTLS-SA-2008-1-3
-  Fix crash in cipher padding decoding for invalid record lengths
-* Thu May 08 2008 mkoenig@suse.de
- fix build
-* Tue Apr 29 2008 cthiel@suse.de
- obsolete gnutls-<arch> via baselibs.conf
-* Thu Apr 10 2008 ro@suse.de
- added baselibs.conf file to build xxbit packages
-  for multilib support
-* Thu Apr 03 2008 mkoenig@suse.de
- update to version 2.2.2
-  * Cipher priority string handling now handle strings that
-  starts with NULL
-  * Corrected memory leaks in session resuming and DHE ciphersuites
-  * Increased the default certificate verification chain limits and
-  allowed for checks without limitation
-  * Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
-  and gnutls_x509_crt_get_subject_alt_name() to not null terminate
-  binary strings and return the proper size
-* Thu Jan 31 2008 mkoenig@suse.de
- update to version 2.2.1
-  * Fixes the post_client_hello_function()
-  * Fix for certificate selection in servers with certificate callbacks
-  * certtool: Fixed data corruption when using --outder
-  * TLS authorization support removed.
-  * Corrected bug which did not allow a server to run without
-  supporting certificates
-  * Introduced gnutls_session_enable_compatibility_mode()
-  * Added gnutls_record_disable_padding() to allow servers talking to
-  buggy clients
-  * Fixed PKCS #3 parameter export
-  * Added support for Camellia cipher
-  * certtool: Add option --quick-random
-  * Added capability to set a callback after the client hello is
-  received by the server in order to adjust parameters before
-  the handshake
-  * certtool: Fixed data corruption when using --outder
-  * SRP was corrected to adhere to the latest draft
-  * Updated the DN parser
-  * Added support for DSA2 using libgcrypt 1.3.0
-  * Removed all the trustdb code from openpgp authentication.
-  We now use only the well-specified keyrings
-  * The gnutls_certificate_set_openpgp_* functions were modified
-  to include the format. This makes the interface consistent with
-  the x509 functions
-  * Introduced gnutls_session_enable_compatibility_mode()
-  * Added gnutls_set_default_priority2()
-  * Added priority functions that accept strings
-  * certtool: Add option --disable-quick-random to enable the
-  old behaviour of using /dev/random to generate keys
-  * Added the --v1 option to certtool, to allow generating X.509
-  version 1 certificates
-  * Fix PKCS#3 parameter export problem
-  * Fixed GNUTLS_E_UNKNOWN_ALGORITHM vs GNUTLS_E_UNKNOWN_HASH_ALGORITHM
-  * gnutls_certificate_set_x509_key_* can now read PKCS #8 unencrypted
-  private keys
-  * Introduced the GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR error code
-  * Added the --to-p8 option to certtool to convert private keys
-  to PKCS #8 keys
-  * Corrected bug in decompression of expanded compression data
-  * The gnutls_*_convert_priority() functions were deprecated
-  * gnutls-cli and gnutls-serv now have a --priority option
-  * PKCS #8 parser can now encode/decode DSA keys
-  * Corrected a segfault when setting an empty gnutls_priority_t
-  at gnutls_priority_set()
-  * Added gnutls_x509_crt_get_subject_alt_name2()
-  * The GPL version has been changed from version 2 to version 3.
-  This affects the self-tests, command-line tools, the libgnutls-extra
-  library, the relevant guile parts, and the build environment
- API and ABI modifications, library soname switch from 13 to 26
- change package structure:
-  * branch off libgnutls-extra
-  since this is now GPLv3 or later while libgnutls remains
-  LGPLv2.1 or later
-  * gnutls license change to GPLv3
- build without lzo support to avoid license problems
-  since lzo is currently GPLv2 only
- removed merged patches:
-  gnutls-fix_size_t.patch
-* Tue Oct 23 2007 mkoenig@suse.de
- update to version 2.0.1
- change package layout to conform shlib policy:
-  rename gnutls-devel -> libgnutls-devel
-  new subpackage libgnutls13
- removed patches:
-  gnutls-1.4.4-sign-callback.patch
-  gnutls-1.6.1-compiler_warnings.patch
-* Thu Aug 30 2007 mkoenig@suse.de
- fix srptool [#208227]
- fix some compiler warnings
-* Fri Aug 03 2007 hvogel@suse.de
- Some additions for evolution smart card support
-* Thu May 10 2007 mkoenig@suse.de
- Fix segfault on s390x [#97441]
-  gnutls-fix_size_t.patch
-* Tue Jan 23 2007 mkoenig@suse.de
- update to new stable branch 1.6.1:
-  * Fix the list of trusted CAs that server's send to clients.
-  * Fix gnutls_certificate_set_x509_crl to initialize the CRL
-  before using it.
-  * Encode UID fields in DN's as DirectoryString.
-  * Fix ./configure failure with non-GCC compilers.
-  * A GnuTLS C++ library is part of the official distribution.
-  * New APIs for custom push/pull function error reporting.
-* Tue Oct 24 2006 mkoenig@suse.de
- move developer related docs to devel package and remove
-  binary stuff from docs [#212454]
-* Tue Sep 19 2006 mkoenig@suse.de
- update to version 1.4.4:
-  * bugfix release
-  * fixes security vulnerability [#206636] (CVE-2006-4790)
-* Thu Aug 31 2006 mkoenig@suse.de
- update to new stable branch 1.4.1:
-  * The command line tools now use getaddrinfo and support IPv6.
-  * gnutls-cli can now recognize services and port numbers with
-  the -p option.
-  * Error messages are now translated using GNU Gettext.
-  * GnuTLS now support TLS Inner application (TLS/IA).
-  * API and ABI modifications:
-  + Support for DHE-PSK cipher suites has been added.
-  + Removed the RIPEMD ciphersuites.
-  + Remove GnuTLS 0.8.x compatibility functions.
-  + Support for TLS Pre-Shared Key (TLS-PSK) ciphersuites have
-  been added.
-  + Certtool now generate keys in unencrypted PKCS#8 format for
-  empty passwords.
-  + Certtool now accept --password for --key-info and encrypted
-  PKCS#8 keys.
-  + gnutls_x509_privkey_import_pkcs8 now accept unencrypted
-  PEM PKCS#8 keys,
-  + New function to set a X.509 private key and certificate
-  pairs, and/or CRLs, from an PKCS#12 file.
-  + New APIs to acceess the client and server random fields in
-  a session.
-  + New APIs to access the TLS Pseudo-Random-Function (PRF).
-  + New API to access the TLS master secret.
-  + The function gnutls_x509_crt_to_xml now return an internal
-  error.
-  * Several bugfixes:
-  + Corrected a bug in certtool for 64 bit machines.
-  + Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly.
-  + Fix crash in TLS resume code, caused by TLS/IA changes.
-  + Corrected bugs in gnutls_certificate_set_x509_crl() and
-  gnutls_certificate_set_x509_trust().
-  + Fixed bug in non-blocking gnutls_bye().
-  + Fix read of out bounds bug in DER parser.
-  + Fixed bug in OpenPGP authentication handshake.
-* Sat Feb 18 2006 ro@suse.de
- cleanup doc directory (.deps,.libs)
-* Fri Feb 10 2006 hvogel@suse.de
- Update to version 1.2.10. This release fixes several serious
-  bugs that would make the DER decoder in libtasn1 crash on
-  invalid input [#149897]. Including:
-  * Corrected a bug in certtool for 64 bit machines.
-  * Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly
-  * Corrected bugs in gnutls_certificate_set_x509_crl() and
-  gnutls_certificate_set_x509_trust(), that caused memory
-  corruption if more than one certificates were added.
-  * Fixed bug in non-blocking gnutls_bye(). gnutls_record_send()
-  will no longer invalidate a session if the underlying send
-  fails, but it will prevent future writes.
-* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
-* Tue Dec 20 2005 ro@suse.de
- do not package /usr/share/info/dir
-* Fri Dec 09 2005 hvogel@suse.de
- update to version 1.2.9
-* Tue Oct 25 2005 hvogel@suse.de
- update to version 1.2.8
-* Mon Aug 22 2005 hvogel@suse.de
- fix data type comparison [Bug #104617]
-* Sun Jul 03 2005 hvogel@suse.de
- update to version 1.2.5
-* Wed Jun 29 2005 hvogel@suse.de
- patch from mrueckert to use external lzo again
-* Thu Jun 23 2005 hvogel@suse.de
- use %%install_info/%%install_info_delete
-* Tue Jun 07 2005 hvogel@suse.de
- update to version 1.2.4
-* Fri Jun 03 2005 ro@suse.de
- fix specfile (don't apply non-existant patch1)
-* Thu Jun 02 2005 hvogel@suse.de
- use included minilzo
-* Wed May 25 2005 hvogel@suse.de
- Update to version 1.2.3 (fixes gnutls DOS Bug #83481)
- Include defines.h before gnutls.h, to pull in config.h, to make
-  sure memmem.h prototype memmem properly
-* Sat Jan 29 2005 hvogel@suse.de
- Update to version 1.2.0
-* Wed Jan 19 2005 hvogel@suse.de
- update to version 1.1.23
- get rid of prebuild html/ps docu again, the devel packages has
-  man-pages now
-* Mon Dec 13 2004 hvogel@suse.de
- update to version 1.0.23
- make build of postscript/html docu configureable
-* Sat Oct 23 2004 hvogel@suse.de
- move config script to the devel package
-* Thu Oct 14 2004 hvogel@suse.de
- Update to version 1.0.21
-* Tue Sep 28 2004 hvogel@suse.de
- add doc subpackage with prebuild html/ps docu (Bug #44496)
-* Mon Sep 27 2004 hvogel@suse.de
- fix ac-quotation patch to include libgnutls-extra.m4 (Bug #46035)
-* Tue Aug 31 2004 kukuk@suse.de
- Update to version 1.0.20
-* Mon Aug 30 2004 kukuk@suse.de
- Add libopencdk-devel to neededforbuild
-* Thu Jul 15 2004 hvogel@suse.de
- add libgcrypt-devel and lipgpg-error-devel to nfb
-* Wed May 19 2004 hvogel@suse.de
- update to version 1.0.13
-* Fri May 14 2004 mmj@suse.de
- Add C++ compiler to build
- Don't remove buildroot when installing
-* Mon Mar 01 2004 hvogel@suse.de
- update to version 1.0.8
-* Tue Feb 17 2004 hvogel@suse.de
- update to version 1.0.6
- fix autoconf quotations
-* Wed May 14 2003 schubi@suse.de
- initial; Sourcecode received from XIMIAN