diff --git a/gnutls-3.5.11-skip-trust-store-tests.patch b/gnutls-3.5.11-skip-trust-store-tests.patch index cc0cd77..f02e4b6 100644 --- a/gnutls-3.5.11-skip-trust-store-tests.patch +++ b/gnutls-3.5.11-skip-trust-store-tests.patch @@ -15,11 +15,11 @@ need ca-certificates-mozilla to run. But this would create a build cycle. Skip test. -Index: gnutls-3.6.15/tests/trust-store.c +Index: gnutls-3.8.9/tests/trust-store.c =================================================================== ---- gnutls-3.6.15.orig/tests/trust-store.c 2020-09-08 10:24:24.018094247 +0200 -+++ gnutls-3.6.15/tests/trust-store.c 2020-09-08 10:24:25.534104346 +0200 -@@ -44,6 +44,9 @@ static void tls_log_func(int level, cons +--- gnutls-3.8.9.orig/tests/trust-store.c ++++ gnutls-3.8.9/tests/trust-store.c +@@ -42,6 +42,9 @@ static void tls_log_func(int level, cons void doit(void) { diff --git a/gnutls-3.8.8.tar.xz b/gnutls-3.8.8.tar.xz deleted file mode 100644 index a4530d3..0000000 --- a/gnutls-3.8.8.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ac4f020e583880b51380ed226e59033244bc536cad2623f2e26f5afa2939d8fb -size 6696460 diff --git a/gnutls-3.8.8.tar.xz.sig b/gnutls-3.8.8.tar.xz.sig deleted file mode 100644 index d353d7e..0000000 Binary files a/gnutls-3.8.8.tar.xz.sig and /dev/null differ diff --git a/gnutls-3.8.9.tar.xz b/gnutls-3.8.9.tar.xz new file mode 100644 index 0000000..960ac27 --- /dev/null +++ b/gnutls-3.8.9.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:69e113d802d1670c4d5ac1b99040b1f2d5c7c05daec5003813c049b5184820ed +size 6847364 diff --git a/gnutls-3.8.9.tar.xz.sig b/gnutls-3.8.9.tar.xz.sig new file mode 100644 index 0000000..e01debe Binary files /dev/null and b/gnutls-3.8.9.tar.xz.sig differ diff --git a/gnutls-FIPS-140-3-references.patch b/gnutls-FIPS-140-3-references.patch index d42f506..e5a10d8 100644 --- a/gnutls-FIPS-140-3-references.patch +++ b/gnutls-FIPS-140-3-references.patch @@ -1,8 +1,8 @@ -Index: gnutls-3.8.8/configure.ac +Index: gnutls-3.8.9/configure.ac =================================================================== ---- gnutls-3.8.8.orig/configure.ac -+++ gnutls-3.8.8/configure.ac -@@ -624,19 +624,19 @@ LT_INIT([disable-static,win32-dll,shared +--- gnutls-3.8.9.orig/configure.ac ++++ gnutls-3.8.9/configure.ac +@@ -665,19 +665,19 @@ LT_INIT([disable-static,win32-dll,shared AC_LIB_HAVE_LINKFLAGS(dl,, [#include ], [dladdr (0, 0);]) AC_ARG_ENABLE(fips140-mode, @@ -25,10 +25,10 @@ Index: gnutls-3.8.8/configure.ac AC_ARG_WITH(fips140-module-name, AS_HELP_STRING([--with-fips140-module-name], [specify the FIPS140 module name]), -Index: gnutls-3.8.8/doc/cha-gtls-app.texi +Index: gnutls-3.8.9/doc/cha-gtls-app.texi =================================================================== ---- gnutls-3.8.8.orig/doc/cha-gtls-app.texi -+++ gnutls-3.8.8/doc/cha-gtls-app.texi +--- gnutls-3.8.9.orig/doc/cha-gtls-app.texi ++++ gnutls-3.8.9/doc/cha-gtls-app.texi @@ -222,7 +222,7 @@ CPU. The currently available options are @end itemize @@ -38,10 +38,10 @@ Index: gnutls-3.8.8/doc/cha-gtls-app.texi if set to one it will force the FIPS mode enablement. @end multitable -Index: gnutls-3.8.8/doc/cha-internals.texi +Index: gnutls-3.8.9/doc/cha-internals.texi =================================================================== ---- gnutls-3.8.8.orig/doc/cha-internals.texi -+++ gnutls-3.8.8/doc/cha-internals.texi +--- gnutls-3.8.9.orig/doc/cha-internals.texi ++++ gnutls-3.8.9/doc/cha-internals.texi @@ -14,7 +14,7 @@ happens inside the black box. * TLS Hello Extension Handling:: * Cryptographic Backend:: @@ -162,11 +162,11 @@ Index: gnutls-3.8.8/doc/cha-internals.texi operation. It can be attached to the current execution thread with @funcref{gnutls_fips140_push_context} and its internal state will be updated until it is detached with -Index: gnutls-3.8.8/doc/enums.texi +Index: gnutls-3.8.9/doc/enums.texi =================================================================== ---- gnutls-3.8.8.orig/doc/enums.texi -+++ gnutls-3.8.8/doc/enums.texi -@@ -1210,7 +1210,7 @@ application traffic secret is installed +--- gnutls-3.8.9.orig/doc/enums.texi ++++ gnutls-3.8.9/doc/enums.texi +@@ -1230,7 +1230,7 @@ application traffic secret is installed @c gnutls_fips_mode_t @table @code @item GNUTLS_@-FIPS140_@-DISABLED @@ -175,7 +175,7 @@ Index: gnutls-3.8.8/doc/enums.texi @item GNUTLS_@-FIPS140_@-STRICT The default mode; all forbidden operations will cause an operation failure via error code. -@@ -1218,8 +1218,8 @@ operation failure via error code. +@@ -1238,8 +1238,8 @@ operation failure via error code. A transient state during library initialization. That state cannot be set or seen by applications. @item GNUTLS_@-FIPS140_@-LAX @@ -186,10 +186,10 @@ Index: gnutls-3.8.8/doc/enums.texi application is aware of the followed security policy, and needs to utilize disallowed operations for other reasons (e.g., compatibility). @item GNUTLS_@-FIPS140_@-LOG -Index: gnutls-3.8.8/doc/functions/gnutls_fips140_set_mode +Index: gnutls-3.8.9/doc/functions/gnutls_fips140_set_mode =================================================================== ---- gnutls-3.8.8.orig/doc/functions/gnutls_fips140_set_mode -+++ gnutls-3.8.8/doc/functions/gnutls_fips140_set_mode +--- gnutls-3.8.9.orig/doc/functions/gnutls_fips140_set_mode ++++ gnutls-3.8.9/doc/functions/gnutls_fips140_set_mode @@ -3,7 +3,7 @@ @@ -215,10 +215,10 @@ Index: gnutls-3.8.8/doc/functions/gnutls_fips140_set_mode values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library switches to @code{GNUTLS_FIPS140_STRICT} mode. -Index: gnutls-3.8.8/doc/gnutls.html +Index: gnutls-3.8.9/doc/gnutls.html =================================================================== ---- gnutls-3.8.8.orig/doc/gnutls.html -+++ gnutls-3.8.8/doc/gnutls.html +--- gnutls-3.8.9.orig/doc/gnutls.html ++++ gnutls-3.8.9/doc/gnutls.html @@ -485,7 +485,7 @@ Documentation License”.
  • 11.4 TLS Extension Handling
  • 11.5 Cryptographic Backend
    • @@ -439,10 +439,10 @@ Index: gnutls-3.8.8/doc/gnutls.html gnutls_fips140_get_operation_stateCore TLS API gnutls_fips140_mode_enabledCore TLS API gnutls_fips140_pop_contextCore TLS API -Index: gnutls-3.8.8/doc/gnutls.info-3 +Index: gnutls-3.8.9/doc/gnutls.info-3 =================================================================== ---- gnutls-3.8.8.orig/doc/gnutls.info-3 -+++ gnutls-3.8.8/doc/gnutls.info-3 +--- gnutls-3.8.9.orig/doc/gnutls.info-3 ++++ gnutls-3.8.9/doc/gnutls.info-3 @@ -2108,7 +2108,7 @@ to ‘more’. Both will exit with a st --inline-commands-prefix=str Change the default delimiter for inline commands --provider=file Specify the PKCS #11 provider library @@ -521,10 +521,10 @@ Index: gnutls-3.8.8/doc/gnutls.info-3 FLAGS: should be zero or ‘GNUTLS_FIPS140_SET_MODE_THREAD’ -Index: gnutls-3.8.8/doc/invoke-gnutls-cli.texi +Index: gnutls-3.8.9/doc/invoke-gnutls-cli.texi =================================================================== ---- gnutls-3.8.8.orig/doc/invoke-gnutls-cli.texi -+++ gnutls-3.8.8/doc/invoke-gnutls-cli.texi +--- gnutls-3.8.9.orig/doc/invoke-gnutls-cli.texi ++++ gnutls-3.8.9/doc/invoke-gnutls-cli.texi @@ -102,7 +102,7 @@ None: --inline-commands-prefix=str Change the default delimiter for inline commands --provider=file Specify the PKCS #11 provider library @@ -534,10 +534,10 @@ Index: gnutls-3.8.8/doc/invoke-gnutls-cli.texi --list-config Reports the configuration of the library --logfile=str Redirect informational messages to a specific file --keymatexport=str Label used for exporting keying material -Index: gnutls-3.8.8/doc/manpages/gnutls-cli.1 +Index: gnutls-3.8.9/doc/manpages/gnutls-cli.1 =================================================================== ---- gnutls-3.8.8.orig/doc/manpages/gnutls-cli.1 -+++ gnutls-3.8.8/doc/manpages/gnutls-cli.1 +--- gnutls-3.8.9.orig/doc/manpages/gnutls-cli.1 ++++ gnutls-3.8.9/doc/manpages/gnutls-cli.1 @@ -398,7 +398,7 @@ Specify the PKCS #11 provider library. This will override the default options in /etc/gnutls/pkcs11.conf .TP @@ -547,10 +547,10 @@ Index: gnutls-3.8.8/doc/manpages/gnutls-cli.1 .sp .TP .NOP \f\*[B-Font]\-\-list\-config\f[] -Index: gnutls-3.8.8/doc/reference/html/gnutls-gnutls.html +Index: gnutls-3.8.9/doc/reference/html/gnutls-gnutls.html =================================================================== ---- gnutls-3.8.8.orig/doc/reference/html/gnutls-gnutls.html -+++ gnutls-3.8.8/doc/reference/html/gnutls-gnutls.html +--- gnutls-3.8.9.orig/doc/reference/html/gnutls-gnutls.html ++++ gnutls-3.8.9/doc/reference/html/gnutls-gnutls.html @@ -20874,12 +20874,12 @@ gnutls_fips140_set_mode (  -@@ -25969,7 +25969,7 @@ encryption

    +@@ -26035,7 +26035,7 @@ encryption

    enum gnutls_fips_mode_t

    @@ -584,7 +584,7 @@ Index: gnutls-3.8.8/doc/reference/html/gnutls-gnutls.html

    Members

    -@@ -25982,7 +25982,7 @@ encryption

    +@@ -26048,7 +26048,7 @@ encryption

    -@@ -26005,8 +26005,8 @@ operation failure via error code.

    +@@ -26071,8 +26071,8 @@ operation failure via error code.

    -@@ -27646,4 +27646,4 @@ This is used by
    Generated by GTK-Doc V1.34.0 - \ No newline at end of file + -Index: gnutls-3.8.8/lib/fips.c +Index: gnutls-3.8.9/lib/fips.c =================================================================== ---- gnutls-3.8.8.orig/lib/fips.c -+++ gnutls-3.8.8/lib/fips.c +--- gnutls-3.8.9.orig/lib/fips.c ++++ gnutls-3.8.9/lib/fips.c @@ -121,7 +121,7 @@ unsigned _gnutls_fips_mode_enabled(void) } @@ -633,7 +633,7 @@ Index: gnutls-3.8.8/lib/fips.c ret = GNUTLS_FIPS140_SELFTESTS; goto exit; } -@@ -740,7 +740,7 @@ unsigned gnutls_fips140_mode_enabled(voi +@@ -745,7 +745,7 @@ unsigned gnutls_fips140_mode_enabled(voi /** * gnutls_fips140_set_mode: @@ -642,7 +642,7 @@ Index: gnutls-3.8.8/lib/fips.c * @flags: should be zero or %GNUTLS_FIPS140_SET_MODE_THREAD * * That function is not thread-safe when changing the mode with no flags -@@ -748,13 +748,13 @@ unsigned gnutls_fips140_mode_enabled(voi +@@ -753,13 +753,13 @@ unsigned gnutls_fips140_mode_enabled(voi * behavior with no flags after threads are created is undefined. * * When the flag %GNUTLS_FIPS140_SET_MODE_THREAD is specified @@ -658,7 +658,7 @@ Index: gnutls-3.8.8/lib/fips.c * values for @mode or to %GNUTLS_FIPS140_SELFTESTS mode, the library * switches to %GNUTLS_FIPS140_STRICT mode. * -@@ -766,10 +766,10 @@ void gnutls_fips140_set_mode(gnutls_fips +@@ -771,10 +771,10 @@ void gnutls_fips140_set_mode(gnutls_fips gnutls_fips_mode_t prev = _gnutls_fips_mode_enabled(); if (prev == GNUTLS_FIPS140_DISABLED || prev == GNUTLS_FIPS140_SELFTESTS) { @@ -671,7 +671,7 @@ Index: gnutls-3.8.8/lib/fips.c return; } -@@ -782,7 +782,7 @@ void gnutls_fips140_set_mode(gnutls_fips +@@ -787,7 +787,7 @@ void gnutls_fips140_set_mode(gnutls_fips case GNUTLS_FIPS140_SELFTESTS: _gnutls_audit_log( NULL, @@ -680,7 +680,7 @@ Index: gnutls-3.8.8/lib/fips.c mode = GNUTLS_FIPS140_STRICT; break; default: -@@ -958,7 +958,7 @@ void _gnutls_switch_fips_state(gnutls_fi +@@ -963,7 +963,7 @@ void _gnutls_switch_fips_state(gnutls_fi } if (!_tfips_context) { @@ -689,7 +689,7 @@ Index: gnutls-3.8.8/lib/fips.c return; } -@@ -972,7 +972,7 @@ void _gnutls_switch_fips_state(gnutls_fi +@@ -977,7 +977,7 @@ void _gnutls_switch_fips_state(gnutls_fi if (mode != GNUTLS_FIPS140_LAX) { _gnutls_audit_log( NULL, @@ -698,7 +698,7 @@ Index: gnutls-3.8.8/lib/fips.c operation_state_to_string(state)); } _tfips_context->state = state; -@@ -983,7 +983,7 @@ void _gnutls_switch_fips_state(gnutls_fi +@@ -988,7 +988,7 @@ void _gnutls_switch_fips_state(gnutls_fi if (mode != GNUTLS_FIPS140_LAX) { _gnutls_audit_log( NULL, @@ -707,7 +707,7 @@ Index: gnutls-3.8.8/lib/fips.c operation_state_to_string(state)); } _tfips_context->state = state; -@@ -995,7 +995,7 @@ void _gnutls_switch_fips_state(gnutls_fi +@@ -1000,7 +1000,7 @@ void _gnutls_switch_fips_state(gnutls_fi if (mode != GNUTLS_FIPS140_LAX) { _gnutls_audit_log( NULL, @@ -716,7 +716,7 @@ Index: gnutls-3.8.8/lib/fips.c operation_state_to_string( _tfips_context->state), operation_state_to_string(state)); -@@ -1057,7 +1057,7 @@ int gnutls_fips140_run_self_tests(void) +@@ -1062,7 +1062,7 @@ int gnutls_fips140_run_self_tests(void) ret < 0) { _gnutls_switch_lib_state(LIB_STATE_ERROR); _gnutls_audit_log(NULL, @@ -725,7 +725,7 @@ Index: gnutls-3.8.8/lib/fips.c } else { /* Restore the previous library state */ _gnutls_switch_lib_state(prev_lib_state); -@@ -1069,7 +1069,7 @@ int gnutls_fips140_run_self_tests(void) +@@ -1074,7 +1074,7 @@ int gnutls_fips140_run_self_tests(void) if (gnutls_fips140_pop_context() < 0) { _gnutls_switch_lib_state(LIB_STATE_ERROR); _gnutls_audit_log( @@ -734,10 +734,10 @@ Index: gnutls-3.8.8/lib/fips.c } gnutls_fips140_context_deinit(fips_context); } -Index: gnutls-3.8.8/lib/fips.h +Index: gnutls-3.8.9/lib/fips.h =================================================================== ---- gnutls-3.8.8.orig/lib/fips.h -+++ gnutls-3.8.8/lib/fips.h +--- gnutls-3.8.9.orig/lib/fips.h ++++ gnutls-3.8.9/lib/fips.h @@ -163,7 +163,7 @@ is_cipher_algo_allowed_in_fips(gnutls_ci } @@ -778,10 +778,10 @@ Index: gnutls-3.8.8/lib/fips.h gnutls_cipher_get_name(algo)); FALLTHROUGH; case GNUTLS_FIPS140_DISABLED: -Index: gnutls-3.8.8/lib/global.c +Index: gnutls-3.8.9/lib/global.c =================================================================== ---- gnutls-3.8.8.orig/lib/global.c -+++ gnutls-3.8.8/lib/global.c +--- gnutls-3.8.9.orig/lib/global.c ++++ gnutls-3.8.9/lib/global.c @@ -339,12 +339,12 @@ static int _gnutls_global_init(unsigned #ifdef ENABLE_FIPS140 @@ -815,11 +815,11 @@ Index: gnutls-3.8.8/lib/global.c if (res != 2) { gnutls_assert(); goto out; -Index: gnutls-3.8.8/lib/includes/gnutls/gnutls.h.in +Index: gnutls-3.8.9/lib/includes/gnutls/gnutls.h.in =================================================================== ---- gnutls-3.8.8.orig/lib/includes/gnutls/gnutls.h.in -+++ gnutls-3.8.8/lib/includes/gnutls/gnutls.h.in -@@ -3216,16 +3216,16 @@ typedef int (*gnutls_alert_read_func)(gn +--- gnutls-3.8.9.orig/lib/includes/gnutls/gnutls.h.in ++++ gnutls-3.8.9/lib/includes/gnutls/gnutls.h.in +@@ -3236,16 +3236,16 @@ typedef int (*gnutls_alert_read_func)(gn void gnutls_alert_set_read_function(gnutls_session_t session, gnutls_alert_read_func func); @@ -840,7 +840,7 @@ Index: gnutls-3.8.8/lib/includes/gnutls/gnutls.h.in * application is aware of the followed security policy, and needs * to utilize disallowed operations for other reasons (e.g., compatibility). * @GNUTLS_FIPS140_LOG: Similarly to %GNUTLS_FIPS140_LAX, it allows forbidden operations; any use of them results -@@ -3233,7 +3233,7 @@ unsigned gnutls_fips140_mode_enabled(voi +@@ -3253,7 +3253,7 @@ unsigned gnutls_fips140_mode_enabled(voi * @GNUTLS_FIPS140_SELFTESTS: A transient state during library initialization. That state * cannot be set or seen by applications. * @@ -849,10 +849,10 @@ Index: gnutls-3.8.8/lib/includes/gnutls/gnutls.h.in */ typedef enum gnutls_fips_mode_t { GNUTLS_FIPS140_DISABLED = 0, -Index: gnutls-3.8.8/src/cli.c +Index: gnutls-3.8.9/src/cli.c =================================================================== ---- gnutls-3.8.8.orig/src/cli.c -+++ gnutls-3.8.8/src/cli.c +--- gnutls-3.8.9.orig/src/cli.c ++++ gnutls-3.8.9/src/cli.c @@ -1635,10 +1635,10 @@ static void cmd_parser(int argc, char ** if (HAVE_OPT(FIPS140_MODE)) { @@ -866,10 +866,10 @@ Index: gnutls-3.8.8/src/cli.c exit(1); } -Index: gnutls-3.8.8/src/gnutls-cli-options.c +Index: gnutls-3.8.9/src/gnutls-cli-options.c =================================================================== ---- gnutls-3.8.8.orig/src/gnutls-cli-options.c -+++ gnutls-3.8.8/src/gnutls-cli-options.c +--- gnutls-3.8.9.orig/src/gnutls-cli-options.c ++++ gnutls-3.8.9/src/gnutls-cli-options.c @@ -843,7 +843,7 @@ usage (FILE *out, int status) " --inline-commands-prefix=str Change the default delimiter for inline commands\n" " --provider=file Specify the PKCS #11 provider library\n" @@ -879,10 +879,10 @@ Index: gnutls-3.8.8/src/gnutls-cli-options.c " --list-config Reports the configuration of the library\n" " --logfile=str Redirect informational messages to a specific file\n" " --keymatexport=str Label used for exporting keying material\n" -Index: gnutls-3.8.8/tests/cert-tests/gost.sh +Index: gnutls-3.8.9/tests/cert-tests/gost.sh =================================================================== ---- gnutls-3.8.8.orig/tests/cert-tests/gost.sh -+++ gnutls-3.8.8/tests/cert-tests/gost.sh +--- gnutls-3.8.9.orig/tests/cert-tests/gost.sh ++++ gnutls-3.8.9/tests/cert-tests/gost.sh @@ -38,7 +38,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -892,10 +892,10 @@ Index: gnutls-3.8.8/tests/cert-tests/gost.sh exit 77 fi -Index: gnutls-3.8.8/tests/cert-tests/pkcs12-corner-cases.sh +Index: gnutls-3.8.9/tests/cert-tests/pkcs12-corner-cases.sh =================================================================== ---- gnutls-3.8.8.orig/tests/cert-tests/pkcs12-corner-cases.sh -+++ gnutls-3.8.8/tests/cert-tests/pkcs12-corner-cases.sh +--- gnutls-3.8.9.orig/tests/cert-tests/pkcs12-corner-cases.sh ++++ gnutls-3.8.9/tests/cert-tests/pkcs12-corner-cases.sh @@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -905,10 +905,10 @@ Index: gnutls-3.8.8/tests/cert-tests/pkcs12-corner-cases.sh exit 77 fi -Index: gnutls-3.8.8/tests/cert-tests/pkcs12-encode.sh +Index: gnutls-3.8.9/tests/cert-tests/pkcs12-encode.sh =================================================================== ---- gnutls-3.8.8.orig/tests/cert-tests/pkcs12-encode.sh -+++ gnutls-3.8.8/tests/cert-tests/pkcs12-encode.sh +--- gnutls-3.8.9.orig/tests/cert-tests/pkcs12-encode.sh ++++ gnutls-3.8.9/tests/cert-tests/pkcs12-encode.sh @@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -918,10 +918,10 @@ Index: gnutls-3.8.8/tests/cert-tests/pkcs12-encode.sh exit 77 fi -Index: gnutls-3.8.8/tests/cert-tests/pkcs12-gost.sh +Index: gnutls-3.8.9/tests/cert-tests/pkcs12-gost.sh =================================================================== ---- gnutls-3.8.8.orig/tests/cert-tests/pkcs12-gost.sh -+++ gnutls-3.8.8/tests/cert-tests/pkcs12-gost.sh +--- gnutls-3.8.9.orig/tests/cert-tests/pkcs12-gost.sh ++++ gnutls-3.8.9/tests/cert-tests/pkcs12-gost.sh @@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -931,10 +931,10 @@ Index: gnutls-3.8.8/tests/cert-tests/pkcs12-gost.sh exit 77 fi -Index: gnutls-3.8.8/tests/cert-tests/pkcs12.sh +Index: gnutls-3.8.9/tests/cert-tests/pkcs12.sh =================================================================== ---- gnutls-3.8.8.orig/tests/cert-tests/pkcs12.sh -+++ gnutls-3.8.8/tests/cert-tests/pkcs12.sh +--- gnutls-3.8.9.orig/tests/cert-tests/pkcs12.sh ++++ gnutls-3.8.9/tests/cert-tests/pkcs12.sh @@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -944,10 +944,10 @@ Index: gnutls-3.8.8/tests/cert-tests/pkcs12.sh exit 77 fi -Index: gnutls-3.8.8/tests/cert-tests/pkcs8-decode.sh +Index: gnutls-3.8.9/tests/cert-tests/pkcs8-decode.sh =================================================================== ---- gnutls-3.8.8.orig/tests/cert-tests/pkcs8-decode.sh -+++ gnutls-3.8.8/tests/cert-tests/pkcs8-decode.sh +--- gnutls-3.8.9.orig/tests/cert-tests/pkcs8-decode.sh ++++ gnutls-3.8.9/tests/cert-tests/pkcs8-decode.sh @@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -957,10 +957,10 @@ Index: gnutls-3.8.8/tests/cert-tests/pkcs8-decode.sh exit 77 fi -Index: gnutls-3.8.8/tests/cert-tests/pkcs8-eddsa.sh +Index: gnutls-3.8.9/tests/cert-tests/pkcs8-eddsa.sh =================================================================== ---- gnutls-3.8.8.orig/tests/cert-tests/pkcs8-eddsa.sh -+++ gnutls-3.8.8/tests/cert-tests/pkcs8-eddsa.sh +--- gnutls-3.8.9.orig/tests/cert-tests/pkcs8-eddsa.sh ++++ gnutls-3.8.9/tests/cert-tests/pkcs8-eddsa.sh @@ -29,7 +29,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -970,10 +970,10 @@ Index: gnutls-3.8.8/tests/cert-tests/pkcs8-eddsa.sh exit 77 fi -Index: gnutls-3.8.8/tests/cert-tests/pkcs8-gost.sh +Index: gnutls-3.8.9/tests/cert-tests/pkcs8-gost.sh =================================================================== ---- gnutls-3.8.8.orig/tests/cert-tests/pkcs8-gost.sh -+++ gnutls-3.8.8/tests/cert-tests/pkcs8-gost.sh +--- gnutls-3.8.9.orig/tests/cert-tests/pkcs8-gost.sh ++++ gnutls-3.8.9/tests/cert-tests/pkcs8-gost.sh @@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -983,10 +983,10 @@ Index: gnutls-3.8.8/tests/cert-tests/pkcs8-gost.sh exit 77 fi -Index: gnutls-3.8.8/tests/cert-tests/pkcs8.sh +Index: gnutls-3.8.9/tests/cert-tests/pkcs8.sh =================================================================== ---- gnutls-3.8.8.orig/tests/cert-tests/pkcs8.sh -+++ gnutls-3.8.8/tests/cert-tests/pkcs8.sh +--- gnutls-3.8.9.orig/tests/cert-tests/pkcs8.sh ++++ gnutls-3.8.9/tests/cert-tests/pkcs8.sh @@ -28,7 +28,7 @@ if ! test -x "${CERTTOOL}"; then fi @@ -996,10 +996,10 @@ Index: gnutls-3.8.8/tests/cert-tests/pkcs8.sh exit 77 fi -Index: gnutls-3.8.8/tests/cipher-listings.sh +Index: gnutls-3.8.9/tests/cipher-listings.sh =================================================================== ---- gnutls-3.8.8.orig/tests/cipher-listings.sh -+++ gnutls-3.8.8/tests/cipher-listings.sh +--- gnutls-3.8.9.orig/tests/cipher-listings.sh ++++ gnutls-3.8.9/tests/cipher-listings.sh @@ -63,7 +63,7 @@ check() ${CLI} --fips140-mode @@ -1009,10 +1009,10 @@ Index: gnutls-3.8.8/tests/cipher-listings.sh exit 77 fi -Index: gnutls-3.8.8/tests/testpkcs11.sh +Index: gnutls-3.8.9/tests/testpkcs11.sh =================================================================== ---- gnutls-3.8.8.orig/tests/testpkcs11.sh -+++ gnutls-3.8.8/tests/testpkcs11.sh +--- gnutls-3.8.9.orig/tests/testpkcs11.sh ++++ gnutls-3.8.9/tests/testpkcs11.sh @@ -26,7 +26,7 @@ RETCODE=0 @@ -1022,10 +1022,10 @@ Index: gnutls-3.8.8/tests/testpkcs11.sh exit 77 fi -Index: gnutls-3.8.8/doc/enums/gnutls_fips_mode_t +Index: gnutls-3.8.9/doc/enums/gnutls_fips_mode_t =================================================================== ---- gnutls-3.8.8.orig/doc/enums/gnutls_fips_mode_t -+++ gnutls-3.8.8/doc/enums/gnutls_fips_mode_t +--- gnutls-3.8.9.orig/doc/enums/gnutls_fips_mode_t ++++ gnutls-3.8.9/doc/enums/gnutls_fips_mode_t @@ -3,7 +3,7 @@ @c gnutls_fips_mode_t @table @code @@ -1046,10 +1046,10 @@ Index: gnutls-3.8.8/doc/enums/gnutls_fips_mode_t application is aware of the followed security policy, and needs to utilize disallowed operations for other reasons (e.g., compatibility). @item GNUTLS_@-FIPS140_@-LOG -Index: gnutls-3.8.8/doc/gnutls-api.texi +Index: gnutls-3.8.9/doc/gnutls-api.texi =================================================================== ---- gnutls-3.8.8.orig/doc/gnutls-api.texi -+++ gnutls-3.8.8/doc/gnutls-api.texi +--- gnutls-3.8.9.orig/doc/gnutls-api.texi ++++ gnutls-3.8.9/doc/gnutls-api.texi @@ -3279,7 +3279,7 @@ unusable. This function is not thread-s @subheading gnutls_fips140_set_mode @anchor{gnutls_fips140_set_mode} @@ -1075,10 +1075,10 @@ Index: gnutls-3.8.8/doc/gnutls-api.texi values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library switches to @code{GNUTLS_FIPS140_STRICT} mode. -Index: gnutls-3.8.8/lib/ext/session_ticket.c +Index: gnutls-3.8.9/lib/ext/session_ticket.c =================================================================== ---- gnutls-3.8.8.orig/lib/ext/session_ticket.c -+++ gnutls-3.8.8/lib/ext/session_ticket.c +--- gnutls-3.8.9.orig/lib/ext/session_ticket.c ++++ gnutls-3.8.9/lib/ext/session_ticket.c @@ -517,7 +517,7 @@ int gnutls_session_ticket_key_generate(g { if (_gnutls_fips_mode_enabled()) { @@ -1088,10 +1088,10 @@ Index: gnutls-3.8.8/lib/ext/session_ticket.c * some limits on allowed key size, thus it is not * used. These limits do not affect this function as * it does not generate a "key" but rather key material -Index: gnutls-3.8.8/lib/libgnutls.map +Index: gnutls-3.8.9/lib/libgnutls.map =================================================================== ---- gnutls-3.8.8.orig/lib/libgnutls.map -+++ gnutls-3.8.8/lib/libgnutls.map +--- gnutls-3.8.9.orig/lib/libgnutls.map ++++ gnutls-3.8.9/lib/libgnutls.map @@ -1459,7 +1459,7 @@ GNUTLS_FIPS140_3_4 { gnutls_hkdf_self_test; gnutls_pbkdf2_self_test; @@ -1101,10 +1101,10 @@ Index: gnutls-3.8.8/lib/libgnutls.map drbg_aes_reseed; drbg_aes_init; drbg_aes_generate; -Index: gnutls-3.8.8/lib/nettle/mac.c +Index: gnutls-3.8.9/lib/nettle/mac.c =================================================================== ---- gnutls-3.8.8.orig/lib/nettle/mac.c -+++ gnutls-3.8.8/lib/nettle/mac.c +--- gnutls-3.8.9.orig/lib/nettle/mac.c ++++ gnutls-3.8.9/lib/nettle/mac.c @@ -292,7 +292,7 @@ static void _wrap_gmac_digest(void *_ctx static int _mac_ctx_init(gnutls_mac_algorithm_t algo, struct nettle_mac_ctx *ctx) @@ -1123,10 +1123,10 @@ Index: gnutls-3.8.8/lib/nettle/mac.c * gnutls_hash_init() and gnutls_hmac_init() */ ctx->finished = NULL; -Index: gnutls-3.8.8/config.h.in +Index: gnutls-3.8.9/config.h.in =================================================================== ---- gnutls-3.8.8.orig/config.h.in -+++ gnutls-3.8.8/config.h.in +--- gnutls-3.8.9.orig/config.h.in ++++ gnutls-3.8.9/config.h.in @@ -104,7 +104,7 @@ /* enable DHE */ #undef ENABLE_ECDHE @@ -1145,11 +1145,11 @@ Index: gnutls-3.8.8/config.h.in #undef FIPS_KEY /* The FIPS140 module name */ -Index: gnutls-3.8.8/configure +Index: gnutls-3.8.9/configure =================================================================== ---- gnutls-3.8.8.orig/configure -+++ gnutls-3.8.8/configure -@@ -4455,7 +4455,7 @@ Optional Features: +--- gnutls-3.8.9.orig/configure ++++ gnutls-3.8.9/configure +@@ -4493,7 +4493,7 @@ Optional Features: --enable-fast-install[=PKGS] optimize for fast installation [default=yes] --disable-libtool-lock avoid locking (might break parallel builds) @@ -1158,10 +1158,10 @@ Index: gnutls-3.8.8/configure --enable-strict-x509 enable stricter sanity checks for x509 certificates --disable-non-suiteb-curves disable curves not in SuiteB -Index: gnutls-3.8.8/doc/cha-support.texi +Index: gnutls-3.8.9/doc/cha-support.texi =================================================================== ---- gnutls-3.8.8.orig/doc/cha-support.texi -+++ gnutls-3.8.8/doc/cha-support.texi +--- gnutls-3.8.9.orig/doc/cha-support.texi ++++ gnutls-3.8.9/doc/cha-support.texi @@ -134,5 +134,5 @@ There are certifications from national o to an auditor that the crypto component follows some best practices, such as unit testing and reliance on well known crypto primitives. @@ -1170,10 +1170,10 @@ Index: gnutls-3.8.8/doc/cha-support.texi -See @ref{FIPS140-2 mode} for more information. +GnuTLS has support for the FIPS 140-3 certification under Red Hat Enterprise Linux. +See @ref{FIPS140-3 mode} for more information. -Index: gnutls-3.8.8/src/gnutls-cli-options.json +Index: gnutls-3.8.9/src/gnutls-cli-options.json =================================================================== ---- gnutls-3.8.8.orig/src/gnutls-cli-options.json -+++ gnutls-3.8.8/src/gnutls-cli-options.json +--- gnutls-3.8.9.orig/src/gnutls-cli-options.json ++++ gnutls-3.8.9/src/gnutls-cli-options.json @@ -384,7 +384,7 @@ }, { @@ -1183,10 +1183,10 @@ Index: gnutls-3.8.8/src/gnutls-cli-options.json }, { "long-option": "list-config", -Index: gnutls-3.8.8/tests/pkcs11-tool.sh +Index: gnutls-3.8.9/tests/pkcs11-tool.sh =================================================================== ---- gnutls-3.8.8.orig/tests/pkcs11-tool.sh -+++ gnutls-3.8.8/tests/pkcs11-tool.sh +--- gnutls-3.8.9.orig/tests/pkcs11-tool.sh ++++ gnutls-3.8.9/tests/pkcs11-tool.sh @@ -30,7 +30,7 @@ set -x : ${DIFF=diff} @@ -1196,10 +1196,10 @@ Index: gnutls-3.8.8/tests/pkcs11-tool.sh exit 77 fi -Index: gnutls-3.8.8/doc/manpages/gnutls_fips140_set_mode.3 +Index: gnutls-3.8.9/doc/manpages/gnutls_fips140_set_mode.3 =================================================================== ---- gnutls-3.8.8.orig/doc/manpages/gnutls_fips140_set_mode.3 -+++ gnutls-3.8.8/doc/manpages/gnutls_fips140_set_mode.3 +--- gnutls-3.8.9.orig/doc/manpages/gnutls_fips140_set_mode.3 ++++ gnutls-3.8.9/doc/manpages/gnutls_fips140_set_mode.3 @@ -8,7 +8,7 @@ gnutls_fips140_set_mode \- API function .BI "void gnutls_fips140_set_mode(gnutls_fips_mode_t " mode ", unsigned " flags ");" .SH ARGUMENTS @@ -1225,16 +1225,16 @@ Index: gnutls-3.8.8/doc/manpages/gnutls_fips140_set_mode.3 values for \fImode\fP or to \fBGNUTLS_FIPS140_SELFTESTS\fP mode, the library switches to \fBGNUTLS_FIPS140_STRICT\fP mode. .SH "SINCE" -Index: gnutls-3.8.8/doc/gnutls.info +Index: gnutls-3.8.9/doc/gnutls.info =================================================================== ---- gnutls-3.8.8.orig/doc/gnutls.info -+++ gnutls-3.8.8/doc/gnutls.info -@@ -619,7 +619,7 @@ Ref: fig-crypto-layers743655 - Ref: Cryptographic Backend-Footnote-1746962 - Ref: Cryptographic Backend-Footnote-2747047 - Node: Random Number Generators-internals747159 --Node: FIPS140-2 mode754615 -+Node: FIPS140-3 mode754615 - Ref: gnutls_fips_mode_t757279 - Node: Upgrading from previous versions760947 - Node: Support775185 +--- gnutls-3.8.9.orig/doc/gnutls.info ++++ gnutls-3.8.9/doc/gnutls.info +@@ -619,7 +619,7 @@ Ref: fig-crypto-layers743671 + Ref: Cryptographic Backend-Footnote-1746978 + Ref: Cryptographic Backend-Footnote-2747063 + Node: Random Number Generators-internals747175 +-Node: FIPS140-2 mode754631 ++Node: FIPS140-3 mode754631 + Ref: gnutls_fips_mode_t757295 + Node: Upgrading from previous versions760963 + Node: Support775201 diff --git a/gnutls-FIPS-TLS_KDF_selftest.patch b/gnutls-FIPS-TLS_KDF_selftest.patch index b17309c..61e218e 100644 --- a/gnutls-FIPS-TLS_KDF_selftest.patch +++ b/gnutls-FIPS-TLS_KDF_selftest.patch @@ -1,8 +1,8 @@ -Index: gnutls-3.8.5/lib/fips.c +Index: gnutls-3.8.9/lib/fips.c =================================================================== ---- gnutls-3.8.5.orig/lib/fips.c -+++ gnutls-3.8.5/lib/fips.c -@@ -593,6 +593,26 @@ int _gnutls_fips_perform_self_checks2(vo +--- gnutls-3.8.9.orig/lib/fips.c ++++ gnutls-3.8.9/lib/fips.c +@@ -621,6 +621,26 @@ int _gnutls_fips_perform_self_checks2(vo return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); } diff --git a/gnutls-FIPS-jitterentropy.patch b/gnutls-FIPS-jitterentropy.patch index 1fc0770..75f787e 100644 --- a/gnutls-FIPS-jitterentropy.patch +++ b/gnutls-FIPS-jitterentropy.patch @@ -1,7 +1,7 @@ -Index: gnutls-3.8.6/lib/nettle/sysrng-linux.c +Index: gnutls-3.8.9/lib/nettle/sysrng-linux.c =================================================================== ---- gnutls-3.8.6.orig/lib/nettle/sysrng-linux.c -+++ gnutls-3.8.6/lib/nettle/sysrng-linux.c +--- gnutls-3.8.9.orig/lib/nettle/sysrng-linux.c ++++ gnutls-3.8.9/lib/nettle/sysrng-linux.c @@ -49,6 +49,15 @@ get_entropy_func _rnd_get_system_entropy = NULL; @@ -158,11 +158,11 @@ Index: gnutls-3.8.6/lib/nettle/sysrng-linux.c +#endif return; } -Index: gnutls-3.8.6/lib/nettle/Makefile.in +Index: gnutls-3.8.9/lib/nettle/Makefile.in =================================================================== ---- gnutls-3.8.6.orig/lib/nettle/Makefile.in -+++ gnutls-3.8.6/lib/nettle/Makefile.in -@@ -497,7 +497,7 @@ am__v_CC_1 = +--- gnutls-3.8.9.orig/lib/nettle/Makefile.in ++++ gnutls-3.8.9/lib/nettle/Makefile.in +@@ -521,7 +521,7 @@ am__v_CC_1 = CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ @@ -171,10 +171,10 @@ Index: gnutls-3.8.6/lib/nettle/Makefile.in AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; -Index: gnutls-3.8.6/lib/nettle/Makefile.am +Index: gnutls-3.8.9/lib/nettle/Makefile.am =================================================================== ---- gnutls-3.8.6.orig/lib/nettle/Makefile.am -+++ gnutls-3.8.6/lib/nettle/Makefile.am +--- gnutls-3.8.9.orig/lib/nettle/Makefile.am ++++ gnutls-3.8.9/lib/nettle/Makefile.am @@ -20,7 +20,7 @@ include $(top_srcdir)/lib/common.mk @@ -182,12 +182,12 @@ Index: gnutls-3.8.6/lib/nettle/Makefile.am -AM_CFLAGS += $(HOGWEED_CFLAGS) $(GMP_CFLAGS) +AM_CFLAGS += $(HOGWEED_CFLAGS) $(GMP_CFLAGS) -ljitterentropy - AM_CPPFLAGS = \ + AM_CPPFLAGS += \ -I$(srcdir)/int \ -Index: gnutls-3.8.6/lib/nettle/rnd-fips.c +Index: gnutls-3.8.9/lib/nettle/rnd-fips.c =================================================================== ---- gnutls-3.8.6.orig/lib/nettle/rnd-fips.c -+++ gnutls-3.8.6/lib/nettle/rnd-fips.c +--- gnutls-3.8.9.orig/lib/nettle/rnd-fips.c ++++ gnutls-3.8.9/lib/nettle/rnd-fips.c @@ -129,6 +129,10 @@ static int drbg_init(struct fips_ctx *fc uint8_t buffer[DRBG_AES_SEED_SIZE]; int ret; @@ -210,11 +210,11 @@ Index: gnutls-3.8.6/lib/nettle/rnd-fips.c ret = get_entropy(fctx, buffer, sizeof(buffer)); if (ret < 0) { _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); -Index: gnutls-3.8.6/tests/Makefile.am +Index: gnutls-3.8.9/tests/Makefile.am =================================================================== ---- gnutls-3.8.6.orig/tests/Makefile.am -+++ gnutls-3.8.6/tests/Makefile.am -@@ -209,7 +209,7 @@ ctests += mini-record-2 simple gnutls_hm +--- gnutls-3.8.9.orig/tests/Makefile.am ++++ gnutls-3.8.9/tests/Makefile.am +@@ -212,7 +212,7 @@ ctests += mini-record-2 simple gnutls_hm dtls12-cert-key-exchange dtls10-cert-key-exchange x509-cert-callback-legacy \ keylog-env ssl2-hello tlsfeature-ext dtls-rehandshake-cert-2 dtls-session-ticket-lost \ tlsfeature-crt dtls-rehandshake-cert-3 resume-with-false-start \ diff --git a/gnutls-disable-flaky-test-dtls-resume.patch b/gnutls-disable-flaky-test-dtls-resume.patch index 6287e1f..6acae89 100644 --- a/gnutls-disable-flaky-test-dtls-resume.patch +++ b/gnutls-disable-flaky-test-dtls-resume.patch @@ -1,8 +1,8 @@ -Index: gnutls-3.7.8/tests/Makefile.am +Index: gnutls-3.8.9/tests/Makefile.am =================================================================== ---- gnutls-3.7.8.orig/tests/Makefile.am -+++ gnutls-3.7.8/tests/Makefile.am -@@ -508,7 +508,7 @@ if !WINDOWS +--- gnutls-3.8.9.orig/tests/Makefile.am ++++ gnutls-3.8.9/tests/Makefile.am +@@ -530,7 +530,7 @@ if !WINDOWS # List of tests not available/functional under windows # diff --git a/gnutls-set-cligen-python-interp.patch b/gnutls-set-cligen-python-interp.patch new file mode 100644 index 0000000..076f3ce --- /dev/null +++ b/gnutls-set-cligen-python-interp.patch @@ -0,0 +1,10 @@ +Index: gnutls-3.8.9/cligen/cli-docgen.py +=================================================================== +--- gnutls-3.8.9.orig/cligen/cli-docgen.py ++++ gnutls-3.8.9/cligen/cli-docgen.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/python ++#!/usr/bin/python3 + # Copyright (C) 2021-2022 Daiki Ueno + # SPDX-License-Identifier: LGPL-2.1-or-later + diff --git a/gnutls-skip-pqx-test.patch b/gnutls-skip-pqx-test.patch new file mode 100644 index 0000000..4c1f4d7 --- /dev/null +++ b/gnutls-skip-pqx-test.patch @@ -0,0 +1,34 @@ +Index: gnutls-3.8.9/tests/Makefile.am +=================================================================== +--- gnutls-3.8.9.orig/tests/Makefile.am ++++ gnutls-3.8.9/tests/Makefile.am +@@ -603,8 +603,6 @@ ctests += win32-certopenstore + + endif + +-dist_check_SCRIPTS += pqc-hybrid-kx.sh +- + cpptests = + if ENABLE_CXX + if HAVE_CMOCKA +Index: gnutls-3.8.9/tests/Makefile.in +=================================================================== +--- gnutls-3.8.9.orig/tests/Makefile.in ++++ gnutls-3.8.9/tests/Makefile.in +@@ -3236,7 +3236,7 @@ am__dist_check_SCRIPTS_DIST = rfc2253-es + gnutls-cli-self-signed.sh gnutls-cli-invalid-crl.sh \ + gnutls-cli-rawpk.sh dh-fips-approved.sh p11-kit-trust.sh \ + testpkcs11.sh certtool-pkcs11.sh pkcs11-tool.sh \ +- p11-kit-load.sh danetool.sh tpmtool_test.sh pqc-hybrid-kx.sh ++ p11-kit-load.sh danetool.sh tpmtool_test.sh + AM_V_P = $(am__v_P_@AM_V@) + am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) + am__v_P_0 = false +@@ -7106,7 +7106,6 @@ dist_check_SCRIPTS = rfc2253-escape-test + $(am__append_18) $(am__append_20) $(am__append_21) \ + $(am__append_23) $(am__append_25) $(am__append_26) \ + $(am__append_27) $(am__append_29) $(am__append_30) \ +- pqc-hybrid-kx.sh + @WINDOWS_FALSE@dtls_stress_SOURCES = dtls/dtls-stress.c + @WINDOWS_FALSE@dtls_stress_LDADD = $(COMMON_GNUTLS_LDADD) \ + @WINDOWS_FALSE@ $(COMMON_DEPS_LDADD) diff --git a/gnutls-srp-test-SIGPIPE.patch b/gnutls-srp-test-SIGPIPE.patch index 586ec3f..228728e 100644 --- a/gnutls-srp-test-SIGPIPE.patch +++ b/gnutls-srp-test-SIGPIPE.patch @@ -1,8 +1,8 @@ -Index: gnutls-3.8.1/tests/srp.c +Index: gnutls-3.8.9/tests/srp.c =================================================================== ---- gnutls-3.8.1.orig/tests/srp.c -+++ gnutls-3.8.1/tests/srp.c -@@ -287,7 +289,7 @@ static void start(const char *name, cons +--- gnutls-3.8.9.orig/tests/srp.c ++++ gnutls-3.8.9/tests/srp.c +@@ -290,7 +290,7 @@ static void start(const char *name, cons if (child) { int status; /* parent */ @@ -11,7 +11,7 @@ Index: gnutls-3.8.1/tests/srp.c client(fd[1], prio, user, pass, exp_err); if (exp_err < 0) { kill(child, SIGTERM); -@@ -297,7 +299,7 @@ static void start(const char *name, cons +@@ -300,7 +300,7 @@ static void start(const char *name, cons check_wait_status(status); } } else { diff --git a/gnutls.changes b/gnutls.changes index 7624961..c7b52c0 100644 --- a/gnutls.changes +++ b/gnutls.changes @@ -1,3 +1,38 @@ +------------------------------------------------------------------- +Mon Feb 24 11:15:52 UTC 2025 - Angel Yankov + +- Update to 3.8.9 + - libgnutls: leancrypto was added as an interim option for PQC + The library can now be built with leancrypto instead of liboqs for + post-quantum cryptography (PQC), when configured with + --with-leancrypto option instead of --with-liboqs. + - libgnutls: Experimental support for ML-DSA signature algorithm + The library and certtool now support ML-DSA signature algorithm as + defined in FIPS 204 and based on + draft-ietf-lamps-dilithium-certificates-04. This feature is + currently marked as experimental and can only be enabled when + compiled with --with-leancrypto or --with-liboqs. + Contributed by David Dudas. + - libgnutls: Support for ML-KEM-1024 key encapsulation mechanism + The support for ML-KEM post-quantum key encapsulation mechanisms + has been extended to cover ML-KEM-1024, in addition to ML-KEM-768. + MLKEM1024 is only offered as SecP384r1MLKEM1024 hybrid as per + draft-kwiatkowski-tls-ecdhe-mlkem-03. + - libgnutls: Fix potential DoS in handling certificates with numerous name + constraints, as a follow-up of CVE-2024-12133 in libtasn1. The + bundled copy of libtasn1 has also been updated to the latest 4.20.0 + release to complete the fix. Reported by Bing Shi (#1553). + [GNUTLS-SA-2025-02-07, CVSS: medium] [bsc#1236974, CVE-2024-12243 + - Licensing information moved to REAMDE.md, COPYING, COPYING.LESSERv2 + * Rebased gnutls-FIPS-140-3-references.patch + * Rebased gnutls-FIPS-TLS_KDF_selftest.patch + * Rebased gnutls-FIPS-jitterentropy.patch + * Rebased gnutls-disable-flaky-test-dtls-resume.patch + * Rebased gnutls-srp-test-SIGPIPE.patch + * Rebased gnutls-3.5.11-skip-trust-store-tests.patch + * Add gnutls-set-cligen-python-interp.patch + * Add gnutls-skip-pqx-test.patch + ------------------------------------------------------------------- Mon Nov 11 10:04:31 UTC 2024 - Pedro Monreal diff --git a/gnutls.spec b/gnutls.spec index fd0877f..745bf97 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -1,7 +1,7 @@ # # spec file for package gnutls # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -42,7 +42,7 @@ %endif %bcond_with tpm Name: gnutls -Version: 3.8.8 +Version: 3.8.9 Release: 0 Summary: The GNU Transport Layer Security Library License: GPL-3.0-or-later AND LGPL-2.1-or-later @@ -71,6 +71,8 @@ Patch102: gnutls-FIPS-jitterentropy.patch #PATCH-FIX-SUSE bsc#1221242 Fix memleak in gnutls' jitterentropy collector Patch103: gnutls-FIPS-jitterentropy-deinit-threads.patch %endif +Patch104: gnutls-set-cligen-python-interp.patch +Patch105: gnutls-skip-pqx-test.patch BuildRequires: autogen BuildRequires: automake BuildRequires: datefudge @@ -318,7 +320,7 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE= %postun -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig %files -f libgnutls.lang -%license LICENSE +%license COPYING COPYING.LESSERv2 %doc THANKS README.md NEWS ChangeLog AUTHORS doc/TODO %{_bindir}/certtool %{_bindir}/gnutls-cli @@ -339,22 +341,22 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE= %{_mandir}/man1/* %files -n libgnutls%{gnutls_sover} -%license LICENSE +%license COPYING COPYING.LESSERv2 %{_libdir}/libgnutls.so.%{gnutls_sover}* %{_libdir}/.libgnutls.so.%{gnutls_sover}*.hmac %if %{with dane} %files -n libgnutls-dane%{gnutls_dane_sover} -%license LICENSE +%license COPYING COPYING.LESSERv2 %{_libdir}/libgnutls-dane.so.%{gnutls_dane_sover}* %endif %files -n libgnutlsxx%{gnutlsxx_sover} -%license LICENSE +%license COPYING COPYING.LESSERv2 %{_libdir}/libgnutlsxx.so.%{gnutlsxx_sover}* %files -n libgnutls-devel -%license LICENSE +%license COPYING COPYING.LESSERv2 %dir %{_includedir}/%{name} %{_includedir}/%{name}/abstract.h %{_includedir}/%{name}/crypto.h @@ -383,7 +385,7 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE= %if %{with dane} %files -n libgnutls-dane-devel -%license LICENSE +%license COPYING COPYING.LESSERv2 %dir %{_includedir}/%{name} %{_includedir}/%{name}/dane.h %{_libdir}/pkgconfig/gnutls-dane.pc @@ -391,7 +393,7 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE= %endif %files -n libgnutlsxx-devel -%license LICENSE +%license COPYING COPYING.LESSERv2 %{_libdir}/libgnutlsxx.so %dir %{_includedir}/%{name} %{_includedir}/%{name}/gnutlsxx.h

    GNUTLS_FIPS140_DISABLED

    		 @@ -593,7 +593,7 @@ Index: gnutls-3.8.8/doc/reference/html/gnutls-gnutls.html  

    GNUTLS_FIPS140_LAX

    		 @@ -604,17 +604,17 @@ Index: gnutls-3.8.8/doc/reference/html/gnutls-gnutls.html application is aware of the followed security policy, and needs to utilize disallowed operations for other reasons (e.g., compatibility).