2007-01-15 23:15:20 +00:00
|
|
|
#
|
2011-06-16 07:57:04 +00:00
|
|
|
# spec file for package gnutls
|
2007-01-15 23:15:20 +00:00
|
|
|
#
|
Accepting request 769920 from home:mimi_vx:branches:security:tls
- gnutls 3.6.12
* libgnutls: Introduced TLS session flag (gnutls_session_get_flags())
to identify sessions that client request OCSP status request (#829).
* libgnutls: Added support for X448 key exchange (RFC 7748) and Ed448
signature algorithm (RFC 8032) under TLS (#86).
* libgnutls: Added the default-priority-string option to system configuration;
it allows overriding the compiled-in default-priority-string.
* libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by
draft-smyshlyaev-tls12-gost-suites-07).
By default this ciphersuite is disabled. It can be enabled by adding
+GOST to priority string. In the future this priority string may enable
other GOST ciphersuites as well. Note, that server will fail to negotiate
GOST ciphersuites if TLS 1.3 is enabled both on a server and a client. It
is recommended for now to disable TLS 1.3 in setups where GOST ciphersuites
are enabled on GnuTLS-based servers.
* libgnutls: added priority shortcuts for different GOST categories like
CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL, GROUP-GOST-ALL.
* libgnutls: Reject certificates with invalid time fields. That is we reject
certificates with invalid characters in Time fields, or invalid time formatting
To continue accepting the invalid form compile with --disable-strict-der-time
* libgnutls: Reject certificates which contain duplicate extensions. We were
previously printing warnings when printing such a certificate, but that is
not always sufficient to flag such certificates as invalid. Instead we now
refuse to import them (#887).
* libgnutls: If a CA is found in the trusted list, check in addition to
time validity, whether the algorithms comply to the expected level prior
to accepting it. This addresses the problem of accepting CAs which would
have been marked as insecure otherwise (#877).
* libgnutls: The min-verification-profile from system configuration applies
for all certificate verifications, not only under TLS. The configuration can
OBS-URL: https://build.opensuse.org/request/show/769920
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=30
2020-02-04 10:06:09 +00:00
|
|
|
# Copyright (c) 2020 SUSE LLC
|
2007-01-15 23:15:20 +00:00
|
|
|
#
|
2008-11-02 14:41:35 +00:00
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
|
2018-10-15 08:27:49 +00:00
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
2007-01-15 23:15:20 +00:00
|
|
|
#
|
|
|
|
|
|
2011-08-24 11:44:23 +00:00
|
|
|
|
Accepting request 295655 from Base:System
- updated to 3.4.0 (released 2015-04-08)
** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251)
ciphersuites. The former are enabled by default, the latter need to be
explicitly enabled, since they reduce the overall security level.
** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following
draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10.
That is currently provided as technology preview and is not enabled by
default, since there are no assigned ciphersuite points by IETF and there
is no guarrantee of compatibility between draft versions. The ciphersuite
priority string to enable it is "+CHACHA20-POLY1305".
** libgnutls: Added support for encrypt-then-authenticate in CBC
ciphersuites (RFC7366 -taking into account its errata text). This is
enabled by default and can be disabled using the %NO_ETM priority
string.
** libgnutls: Added support for the extended master secret
(triple-handshake fix) following draft-ietf-tls-session-hash-02.
** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h).
** libgnutls: SSL 3.0 is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+VERS-SSL3.0".
** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+ARCFOUR-128".
** libgnutls: DSA signatures and DHE-DSS are no longer included in the
default priorities list. They have to be explicitly enabled, e.g., with
a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The
DSA ciphersuites were dropped because they had no deployment at all
on the internet, to justify their inclusion.
** libgnutls: The priority string EXPORT was completely removed. The string
OBS-URL: https://build.opensuse.org/request/show/295655
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=83
2015-04-18 08:38:18 +00:00
|
|
|
%define gnutls_sover 30
|
2011-08-24 11:44:12 +00:00
|
|
|
%define gnutlsxx_sover 28
|
2017-08-29 09:40:38 +00:00
|
|
|
%define gnutls_dane_sover 0
|
2019-04-04 14:11:38 +00:00
|
|
|
# unbound isn't in SLE (bsc#1086428)
|
|
|
|
|
%if 0%{?is_opensuse}
|
2016-12-29 21:41:21 +00:00
|
|
|
%bcond_without dane
|
2018-04-10 07:48:38 +00:00
|
|
|
%else
|
|
|
|
|
%bcond_with dane
|
2018-03-30 09:56:05 +00:00
|
|
|
%endif
|
2016-12-29 21:41:21 +00:00
|
|
|
%bcond_with tpm
|
|
|
|
|
%bcond_without guile
|
2007-01-15 23:15:20 +00:00
|
|
|
Name: gnutls
|
Accepting request 769920 from home:mimi_vx:branches:security:tls
- gnutls 3.6.12
* libgnutls: Introduced TLS session flag (gnutls_session_get_flags())
to identify sessions that client request OCSP status request (#829).
* libgnutls: Added support for X448 key exchange (RFC 7748) and Ed448
signature algorithm (RFC 8032) under TLS (#86).
* libgnutls: Added the default-priority-string option to system configuration;
it allows overriding the compiled-in default-priority-string.
* libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by
draft-smyshlyaev-tls12-gost-suites-07).
By default this ciphersuite is disabled. It can be enabled by adding
+GOST to priority string. In the future this priority string may enable
other GOST ciphersuites as well. Note, that server will fail to negotiate
GOST ciphersuites if TLS 1.3 is enabled both on a server and a client. It
is recommended for now to disable TLS 1.3 in setups where GOST ciphersuites
are enabled on GnuTLS-based servers.
* libgnutls: added priority shortcuts for different GOST categories like
CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL, GROUP-GOST-ALL.
* libgnutls: Reject certificates with invalid time fields. That is we reject
certificates with invalid characters in Time fields, or invalid time formatting
To continue accepting the invalid form compile with --disable-strict-der-time
* libgnutls: Reject certificates which contain duplicate extensions. We were
previously printing warnings when printing such a certificate, but that is
not always sufficient to flag such certificates as invalid. Instead we now
refuse to import them (#887).
* libgnutls: If a CA is found in the trusted list, check in addition to
time validity, whether the algorithms comply to the expected level prior
to accepting it. This addresses the problem of accepting CAs which would
have been marked as insecure otherwise (#877).
* libgnutls: The min-verification-profile from system configuration applies
for all certificate verifications, not only under TLS. The configuration can
OBS-URL: https://build.opensuse.org/request/show/769920
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=30
2020-02-04 10:06:09 +00:00
|
|
|
Version: 3.6.12
|
2012-05-21 08:25:22 +00:00
|
|
|
Release: 0
|
2007-01-15 23:15:20 +00:00
|
|
|
Summary: The GNU Transport Layer Security Library
|
2018-03-30 09:56:05 +00:00
|
|
|
License: LGPL-2.1-or-later AND GPL-3.0-or-later
|
2007-01-15 23:15:20 +00:00
|
|
|
Group: Productivity/Networking/Security
|
2019-07-31 17:35:10 +00:00
|
|
|
URL: https://www.gnutls.org/
|
2017-09-25 11:50:29 +00:00
|
|
|
Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/%{name}-%{version}.tar.xz
|
|
|
|
|
Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/%{name}-%{version}.tar.xz.sig
|
2016-12-29 21:41:21 +00:00
|
|
|
Source2: %{name}.keyring
|
2013-07-01 13:54:42 +00:00
|
|
|
Source3: baselibs.conf
|
2017-05-20 12:31:57 +00:00
|
|
|
Patch1: gnutls-3.5.11-skip-trust-store-tests.patch
|
2019-04-04 14:11:38 +00:00
|
|
|
Patch4: gnutls-3.6.6-set_guile_site_dir.patch
|
2015-08-25 05:17:02 +00:00
|
|
|
BuildRequires: autogen
|
2011-12-02 15:25:49 +00:00
|
|
|
BuildRequires: automake
|
2016-07-09 07:21:14 +00:00
|
|
|
BuildRequires: datefudge
|
2016-05-04 06:17:29 +00:00
|
|
|
BuildRequires: fdupes
|
2019-10-01 15:18:43 +00:00
|
|
|
BuildRequires: fipscheck
|
2011-08-24 11:44:12 +00:00
|
|
|
BuildRequires: gcc-c++
|
2017-09-12 17:38:08 +00:00
|
|
|
# The test suite calls /usr/bin/ss from iproute2. It's our own duty to ensure we have it present
|
|
|
|
|
BuildRequires: iproute2
|
2017-02-22 12:50:20 +00:00
|
|
|
BuildRequires: libidn2-devel
|
2019-01-04 13:39:42 +00:00
|
|
|
BuildRequires: libnettle-devel >= 3.4.1
|
2016-12-29 21:41:21 +00:00
|
|
|
BuildRequires: libtasn1-devel >= 4.9
|
2012-05-31 15:04:51 +00:00
|
|
|
BuildRequires: libtool
|
2016-12-29 21:41:21 +00:00
|
|
|
BuildRequires: libunistring-devel
|
2017-08-29 09:40:38 +00:00
|
|
|
BuildRequires: makeinfo
|
2016-12-29 21:41:21 +00:00
|
|
|
BuildRequires: p11-kit-devel >= 0.23.1
|
|
|
|
|
BuildRequires: pkgconfig
|
|
|
|
|
BuildRequires: xz
|
|
|
|
|
BuildRequires: zlib-devel
|
2019-07-31 17:35:10 +00:00
|
|
|
BuildRequires: pkgconfig(autoopts)
|
2016-10-10 14:16:31 +00:00
|
|
|
%if 0%{?suse_version} <= 1320
|
|
|
|
|
BuildRequires: net-tools
|
|
|
|
|
%else
|
2016-07-09 07:21:14 +00:00
|
|
|
BuildRequires: net-tools-deprecated
|
2016-10-10 14:16:31 +00:00
|
|
|
%endif
|
2015-03-30 17:32:11 +00:00
|
|
|
%if %{with tpm}
|
|
|
|
|
BuildRequires: trousers-devel
|
|
|
|
|
%endif
|
|
|
|
|
%if %{with dane}
|
2016-12-29 21:41:21 +00:00
|
|
|
Requires: libgnutls-dane%{gnutls_dane_sover} = %{version}
|
2016-10-10 14:16:31 +00:00
|
|
|
%if 0%{?suse_version} <= 1320
|
|
|
|
|
BuildRequires: unbound-devel
|
|
|
|
|
%else
|
2016-02-24 13:25:15 +00:00
|
|
|
BuildRequires: libunbound-devel
|
2016-10-10 14:16:31 +00:00
|
|
|
%endif
|
2015-03-30 17:32:11 +00:00
|
|
|
%endif
|
2016-05-04 06:17:29 +00:00
|
|
|
%if %{with guile}
|
|
|
|
|
BuildRequires: guile-devel
|
|
|
|
|
%endif
|
2007-01-15 23:15:20 +00:00
|
|
|
|
|
|
|
|
%description
|
2017-08-29 09:40:38 +00:00
|
|
|
The GnuTLS library provides a secure layer over a reliable transport
|
|
|
|
|
layer. Currently the GnuTLS library implements the proposed standards
|
2019-04-08 09:25:11 +00:00
|
|
|
of the IETF's TLS working group.
|
2007-01-15 23:15:20 +00:00
|
|
|
|
2011-08-24 11:44:12 +00:00
|
|
|
%package -n libgnutls%{gnutls_sover}
|
2008-02-28 00:56:17 +00:00
|
|
|
Summary: The GNU Transport Layer Security Library
|
2018-03-30 09:56:05 +00:00
|
|
|
License: LGPL-2.1-or-later
|
2017-08-29 09:40:38 +00:00
|
|
|
Group: System/Libraries
|
2008-02-28 00:56:17 +00:00
|
|
|
|
2011-08-24 11:44:12 +00:00
|
|
|
%description -n libgnutls%{gnutls_sover}
|
2017-08-29 09:40:38 +00:00
|
|
|
The GnuTLS library provides a secure layer over a reliable transport
|
|
|
|
|
layer. Currently the GnuTLS library implements the proposed standards
|
2019-04-08 09:25:11 +00:00
|
|
|
of the IETF's TLS working group.
|
2008-02-28 00:56:17 +00:00
|
|
|
|
2015-03-30 17:32:11 +00:00
|
|
|
%package -n libgnutls-dane%{gnutls_dane_sover}
|
2018-04-10 07:48:38 +00:00
|
|
|
Summary: DANE support for the GNU Transport Layer Security Library
|
2018-03-30 09:56:05 +00:00
|
|
|
License: LGPL-2.1-or-later
|
2018-04-10 07:48:38 +00:00
|
|
|
Group: System/Libraries
|
2015-03-30 17:32:11 +00:00
|
|
|
|
|
|
|
|
%description -n libgnutls-dane%{gnutls_dane_sover}
|
|
|
|
|
The GnuTLS project aims to develop a library that provides a secure
|
2016-12-29 21:41:21 +00:00
|
|
|
layer over a reliable transport layer.
|
2015-03-30 17:32:11 +00:00
|
|
|
This package contains the "DANE" part of gnutls.
|
|
|
|
|
|
2011-08-24 11:44:12 +00:00
|
|
|
%package -n libgnutlsxx%{gnutlsxx_sover}
|
2017-08-29 09:40:38 +00:00
|
|
|
Summary: C++ API for the GNU Transport Layer Security Library
|
2018-03-30 09:56:05 +00:00
|
|
|
License: LGPL-2.1-or-later
|
2017-08-29 09:40:38 +00:00
|
|
|
Group: System/Libraries
|
2008-02-28 00:56:17 +00:00
|
|
|
|
2011-08-24 11:44:12 +00:00
|
|
|
%description -n libgnutlsxx%{gnutlsxx_sover}
|
2017-08-29 09:40:38 +00:00
|
|
|
The GnuTLS library provides a secure layer over a reliable transport
|
2019-04-08 09:25:11 +00:00
|
|
|
layer. Currently the GnuTLS library implements the proposed standards
|
|
|
|
|
of the IETF's TLS working group.
|
2007-10-25 16:10:26 +00:00
|
|
|
|
|
|
|
|
%package -n libgnutls-devel
|
2017-08-29 09:40:38 +00:00
|
|
|
Summary: Development package for the GnuTLS C API
|
2018-03-30 09:56:05 +00:00
|
|
|
License: LGPL-2.1-or-later
|
2007-08-03 14:29:06 +00:00
|
|
|
Group: Development/Libraries/C and C++
|
2011-08-24 11:44:12 +00:00
|
|
|
Requires: glibc-devel
|
|
|
|
|
Requires: libgnutls%{gnutls_sover} = %{version}
|
2017-08-29 09:40:38 +00:00
|
|
|
Requires(pre): %{install_info_prereq}
|
2012-05-22 08:11:29 +00:00
|
|
|
Provides: gnutls-devel = %{version}-%{release}
|
2008-02-28 00:56:17 +00:00
|
|
|
|
|
|
|
|
%description -n libgnutls-devel
|
|
|
|
|
Files needed for software development using gnutls.
|
|
|
|
|
|
2016-02-24 13:25:15 +00:00
|
|
|
%package -n libgnutls-dane-devel
|
2017-08-29 09:40:38 +00:00
|
|
|
Summary: Development package for GnuTLS DANE component
|
2018-03-30 09:56:05 +00:00
|
|
|
License: LGPL-2.1-or-later
|
2016-02-24 13:25:15 +00:00
|
|
|
Group: Development/Libraries/C and C++
|
|
|
|
|
Requires: libgnutls-dane%{gnutls_dane_sover} = %{version}
|
|
|
|
|
|
|
|
|
|
%description -n libgnutls-dane-devel
|
|
|
|
|
Files needed for software development using gnutls.
|
|
|
|
|
|
2011-08-24 11:44:12 +00:00
|
|
|
%package -n libgnutlsxx-devel
|
2017-08-29 09:40:38 +00:00
|
|
|
Summary: Development package for the GnuTLS C++ API
|
2018-03-30 09:56:05 +00:00
|
|
|
License: LGPL-2.1-or-later
|
2011-08-24 11:44:12 +00:00
|
|
|
Group: Development/Libraries/C and C++
|
|
|
|
|
Requires: libgnutls-devel = %{version}
|
2012-05-21 08:25:22 +00:00
|
|
|
Requires: libgnutlsxx%{gnutlsxx_sover} = %{version}
|
2011-08-24 11:44:12 +00:00
|
|
|
Requires: libstdc++-devel
|
2017-08-29 09:40:38 +00:00
|
|
|
Requires(pre): %{install_info_prereq}
|
2011-08-24 11:44:12 +00:00
|
|
|
|
|
|
|
|
%description -n libgnutlsxx-devel
|
|
|
|
|
Files needed for software development using gnutls.
|
|
|
|
|
|
2016-05-04 06:17:29 +00:00
|
|
|
%package guile
|
|
|
|
|
Summary: Guile wrappers for gnutls
|
2018-03-30 09:56:05 +00:00
|
|
|
License: LGPL-2.1-or-later
|
2016-05-04 06:17:29 +00:00
|
|
|
Group: Development/Libraries/Other
|
|
|
|
|
Requires: guile
|
|
|
|
|
|
|
|
|
|
%description guile
|
2017-08-29 09:40:38 +00:00
|
|
|
GnuTLS Wrappers for GNU Guile, a dialect of Scheme.
|
2008-02-28 00:56:17 +00:00
|
|
|
|
2007-01-15 23:15:20 +00:00
|
|
|
%prep
|
|
|
|
|
%setup -q
|
2017-05-20 12:31:57 +00:00
|
|
|
%patch1 -p1
|
2019-04-04 14:11:38 +00:00
|
|
|
%patch4 -p1
|
2007-01-15 23:15:20 +00:00
|
|
|
|
|
|
|
|
%build
|
2015-01-03 21:03:04 +00:00
|
|
|
export LDFLAGS="-pie"
|
2016-12-29 21:41:21 +00:00
|
|
|
export CFLAGS="%{optflags} -fPIE"
|
|
|
|
|
export CXXFLAGS="%{optflags} -fPIE"
|
2018-08-23 07:10:46 +00:00
|
|
|
#autoreconf -fiv
|
2011-08-24 11:44:12 +00:00
|
|
|
%configure \
|
2013-07-09 18:49:54 +00:00
|
|
|
gl_cv_func_printf_directive_n=yes \
|
|
|
|
|
gl_cv_func_printf_infinite_long_double=yes \
|
2011-08-24 11:44:12 +00:00
|
|
|
--disable-static \
|
2011-10-11 15:16:18 +00:00
|
|
|
--disable-rpath \
|
|
|
|
|
--disable-silent-rules \
|
2016-12-29 21:41:21 +00:00
|
|
|
--with-default-trust-store-dir=%{_localstatedir}/lib/ca-certificates/pem \
|
2015-03-30 17:32:11 +00:00
|
|
|
--with-sysroot=/%{?_sysroot} \
|
|
|
|
|
%if %{without tpm}
|
|
|
|
|
--without-tpm \
|
|
|
|
|
%endif
|
|
|
|
|
%if %{with dane}
|
2016-12-29 21:41:21 +00:00
|
|
|
--with-unbound-root-key-file=%{_localstatedir}/lib/unbound/root.key \
|
2015-03-30 17:32:11 +00:00
|
|
|
%else
|
|
|
|
|
--disable-libdane \
|
Accepting request 295655 from Base:System
- updated to 3.4.0 (released 2015-04-08)
** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251)
ciphersuites. The former are enabled by default, the latter need to be
explicitly enabled, since they reduce the overall security level.
** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following
draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10.
That is currently provided as technology preview and is not enabled by
default, since there are no assigned ciphersuite points by IETF and there
is no guarrantee of compatibility between draft versions. The ciphersuite
priority string to enable it is "+CHACHA20-POLY1305".
** libgnutls: Added support for encrypt-then-authenticate in CBC
ciphersuites (RFC7366 -taking into account its errata text). This is
enabled by default and can be disabled using the %NO_ETM priority
string.
** libgnutls: Added support for the extended master secret
(triple-handshake fix) following draft-ietf-tls-session-hash-02.
** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h).
** libgnutls: SSL 3.0 is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+VERS-SSL3.0".
** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+ARCFOUR-128".
** libgnutls: DSA signatures and DHE-DSS are no longer included in the
default priorities list. They have to be explicitly enabled, e.g., with
a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The
DSA ciphersuites were dropped because they had no deployment at all
on the internet, to justify their inclusion.
** libgnutls: The priority string EXPORT was completely removed. The string
OBS-URL: https://build.opensuse.org/request/show/295655
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=83
2015-04-18 08:38:18 +00:00
|
|
|
%endif
|
2017-09-25 11:50:29 +00:00
|
|
|
--enable-fips140-mode \
|
2015-04-28 18:42:20 +00:00
|
|
|
%{nil}
|
2016-12-29 21:41:21 +00:00
|
|
|
make %{?_smp_mflags}
|
2007-01-15 23:15:20 +00:00
|
|
|
|
2019-10-01 15:18:43 +00:00
|
|
|
# the hmac hashes:
|
|
|
|
|
#
|
|
|
|
|
# this is a hack that re-defines the __os_install_post macro
|
|
|
|
|
# for a simple reason: the macro strips the binaries and thereby
|
|
|
|
|
# invalidates a HMAC that may have been created earlier.
|
|
|
|
|
# solution: create the hashes _after_ the macro runs.
|
|
|
|
|
#
|
|
|
|
|
# this shows up earlier because otherwise the %expand of
|
|
|
|
|
# the macro is too late.
|
|
|
|
|
# remark: This is the same as running
|
|
|
|
|
# openssl dgst -sha256 -hmac 'orboDeJITITejsirpADONivirpUkvarP'
|
|
|
|
|
%{expand:%%global __os_install_post {%__os_install_post
|
|
|
|
|
%{_bindir}/fipshmac %{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover}
|
|
|
|
|
}}
|
|
|
|
|
|
2007-01-15 23:15:20 +00:00
|
|
|
%install
|
2011-08-24 11:44:12 +00:00
|
|
|
%make_install
|
|
|
|
|
rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot
|
2007-10-25 16:10:26 +00:00
|
|
|
# Do not package static libs and libtool files
|
2016-12-29 21:41:21 +00:00
|
|
|
find %{buildroot} -type f -name "*.la" -delete -print
|
2012-11-28 09:29:35 +00:00
|
|
|
|
|
|
|
|
# install docs
|
2016-12-29 21:41:21 +00:00
|
|
|
mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/
|
2019-07-31 17:35:10 +00:00
|
|
|
cp doc/gnutls.html doc/*.png %{buildroot}%{_docdir}/libgnutls-devel/
|
2016-12-29 21:41:21 +00:00
|
|
|
mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/reference
|
|
|
|
|
cp doc/reference/html/* %{buildroot}%{_docdir}/libgnutls-devel/reference/
|
|
|
|
|
mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/examples
|
|
|
|
|
cp doc/examples/*.{c,h} %{buildroot}%{_docdir}/libgnutls-devel/examples/
|
2012-11-28 09:29:35 +00:00
|
|
|
|
2016-05-04 06:17:29 +00:00
|
|
|
# PNG files are replaced with the compressed files and that breaks
|
|
|
|
|
# deduplication, this is workaround
|
2017-05-06 16:25:05 +00:00
|
|
|
find %{buildroot}%{_datadir} -name '*.png' -exec gzip -n -9 {} +
|
2017-08-29 09:40:38 +00:00
|
|
|
rm -rf %{buildroot}%{_datadir}/doc/gnutls
|
2016-05-04 06:17:29 +00:00
|
|
|
%fdupes -s %{buildroot}%{_datadir}
|
|
|
|
|
|
2011-08-24 11:44:12 +00:00
|
|
|
%find_lang libgnutls --all-name
|
2007-01-15 23:15:20 +00:00
|
|
|
|
2012-11-28 09:29:35 +00:00
|
|
|
%check
|
2012-12-03 08:36:19 +00:00
|
|
|
%if ! 0%{?qemu_user_space_build}
|
2016-12-29 21:41:21 +00:00
|
|
|
make %{?_smp_mflags} check || {
|
2017-08-29 09:40:38 +00:00
|
|
|
find -name test-suite.log -print -exec cat {} +
|
2015-04-28 18:42:20 +00:00
|
|
|
exit 1
|
|
|
|
|
}
|
2012-12-03 08:36:19 +00:00
|
|
|
%endif
|
2012-11-28 09:29:35 +00:00
|
|
|
|
2011-08-24 11:44:12 +00:00
|
|
|
%post -n libgnutls%{gnutls_sover} -p /sbin/ldconfig
|
|
|
|
|
%postun -n libgnutls%{gnutls_sover} -p /sbin/ldconfig
|
|
|
|
|
|
2015-03-30 17:32:11 +00:00
|
|
|
%if %{with dane}
|
|
|
|
|
%post -n libgnutls-dane%{gnutls_dane_sover} -p /sbin/ldconfig
|
|
|
|
|
%postun -n libgnutls-dane%{gnutls_dane_sover} -p /sbin/ldconfig
|
|
|
|
|
%endif
|
|
|
|
|
|
2011-08-24 11:44:12 +00:00
|
|
|
%post -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig
|
|
|
|
|
%postun -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig
|
2007-10-25 16:10:26 +00:00
|
|
|
%post -n libgnutls-devel
|
2007-01-15 23:15:20 +00:00
|
|
|
%install_info --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz
|
|
|
|
|
|
Accepting request 295655 from Base:System
- updated to 3.4.0 (released 2015-04-08)
** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251)
ciphersuites. The former are enabled by default, the latter need to be
explicitly enabled, since they reduce the overall security level.
** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following
draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10.
That is currently provided as technology preview and is not enabled by
default, since there are no assigned ciphersuite points by IETF and there
is no guarrantee of compatibility between draft versions. The ciphersuite
priority string to enable it is "+CHACHA20-POLY1305".
** libgnutls: Added support for encrypt-then-authenticate in CBC
ciphersuites (RFC7366 -taking into account its errata text). This is
enabled by default and can be disabled using the %NO_ETM priority
string.
** libgnutls: Added support for the extended master secret
(triple-handshake fix) following draft-ietf-tls-session-hash-02.
** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h).
** libgnutls: SSL 3.0 is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+VERS-SSL3.0".
** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+ARCFOUR-128".
** libgnutls: DSA signatures and DHE-DSS are no longer included in the
default priorities list. They have to be explicitly enabled, e.g., with
a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The
DSA ciphersuites were dropped because they had no deployment at all
on the internet, to justify their inclusion.
** libgnutls: The priority string EXPORT was completely removed. The string
OBS-URL: https://build.opensuse.org/request/show/295655
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=83
2015-04-18 08:38:18 +00:00
|
|
|
%preun -n libgnutls-devel
|
2007-01-15 23:15:20 +00:00
|
|
|
%install_info_delete --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz
|
|
|
|
|
|
2010-02-05 13:05:07 +00:00
|
|
|
%files -f libgnutls.lang
|
2018-02-28 18:55:27 +00:00
|
|
|
%license LICENSE
|
|
|
|
|
%doc THANKS README.md NEWS ChangeLog AUTHORS doc/TODO
|
2011-08-24 11:44:12 +00:00
|
|
|
%{_bindir}/certtool
|
|
|
|
|
%{_bindir}/gnutls-cli
|
|
|
|
|
%{_bindir}/gnutls-cli-debug
|
|
|
|
|
%{_bindir}/gnutls-serv
|
2012-05-21 08:25:22 +00:00
|
|
|
%{_bindir}/ocsptool
|
2011-08-24 11:44:12 +00:00
|
|
|
%{_bindir}/psktool
|
|
|
|
|
%{_bindir}/p11tool
|
|
|
|
|
%{_bindir}/srptool
|
2015-03-30 17:32:11 +00:00
|
|
|
%if %{with dane}
|
2013-07-01 13:54:42 +00:00
|
|
|
%{_bindir}/danetool
|
2015-03-30 17:32:11 +00:00
|
|
|
%endif
|
|
|
|
|
%if %{with tpm}
|
|
|
|
|
%{_bindir}/tpmtool
|
|
|
|
|
%endif
|
2011-08-24 11:44:12 +00:00
|
|
|
%{_mandir}/man1/*
|
|
|
|
|
|
|
|
|
|
%files -n libgnutls%{gnutls_sover}
|
|
|
|
|
%{_libdir}/libgnutls.so.%{gnutls_sover}*
|
2019-10-01 15:18:43 +00:00
|
|
|
%{_libdir}/.libgnutls.so.%{gnutls_sover}*.hmac
|
2015-03-30 17:32:11 +00:00
|
|
|
|
|
|
|
|
%if %{with dane}
|
|
|
|
|
%files -n libgnutls-dane%{gnutls_dane_sover}
|
|
|
|
|
%{_libdir}/libgnutls-dane.so.%{gnutls_dane_sover}*
|
|
|
|
|
%endif
|
2011-08-24 11:44:12 +00:00
|
|
|
|
|
|
|
|
%files -n libgnutlsxx%{gnutlsxx_sover}
|
|
|
|
|
%{_libdir}/libgnutlsxx.so.%{gnutlsxx_sover}*
|
|
|
|
|
|
2007-10-25 16:10:26 +00:00
|
|
|
%files -n libgnutls-devel
|
2011-08-24 11:44:12 +00:00
|
|
|
%dir %{_includedir}/%{name}
|
|
|
|
|
%{_includedir}/%{name}/abstract.h
|
|
|
|
|
%{_includedir}/%{name}/crypto.h
|
|
|
|
|
%{_includedir}/%{name}/compat.h
|
|
|
|
|
%{_includedir}/%{name}/dtls.h
|
|
|
|
|
%{_includedir}/%{name}/gnutls.h
|
|
|
|
|
%{_includedir}/%{name}/openpgp.h
|
2012-05-21 08:25:22 +00:00
|
|
|
%{_includedir}/%{name}/ocsp.h
|
2015-08-25 05:17:02 +00:00
|
|
|
%{_includedir}/%{name}/pkcs7.h
|
2011-08-24 11:44:12 +00:00
|
|
|
%{_includedir}/%{name}/pkcs11.h
|
|
|
|
|
%{_includedir}/%{name}/pkcs12.h
|
2015-03-30 17:32:11 +00:00
|
|
|
%{_includedir}/%{name}/self-test.h
|
2016-12-29 21:41:21 +00:00
|
|
|
%{_includedir}/%{name}/socket.h
|
2011-08-24 11:44:12 +00:00
|
|
|
%{_includedir}/%{name}/x509.h
|
2015-03-30 17:32:11 +00:00
|
|
|
%{_includedir}/%{name}/x509-ext.h
|
2013-07-01 13:54:42 +00:00
|
|
|
%{_includedir}/%{name}/tpm.h
|
Accepting request 295655 from Base:System
- updated to 3.4.0 (released 2015-04-08)
** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251)
ciphersuites. The former are enabled by default, the latter need to be
explicitly enabled, since they reduce the overall security level.
** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following
draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10.
That is currently provided as technology preview and is not enabled by
default, since there are no assigned ciphersuite points by IETF and there
is no guarrantee of compatibility between draft versions. The ciphersuite
priority string to enable it is "+CHACHA20-POLY1305".
** libgnutls: Added support for encrypt-then-authenticate in CBC
ciphersuites (RFC7366 -taking into account its errata text). This is
enabled by default and can be disabled using the %NO_ETM priority
string.
** libgnutls: Added support for the extended master secret
(triple-handshake fix) following draft-ietf-tls-session-hash-02.
** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h).
** libgnutls: SSL 3.0 is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+VERS-SSL3.0".
** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+ARCFOUR-128".
** libgnutls: DSA signatures and DHE-DSS are no longer included in the
default priorities list. They have to be explicitly enabled, e.g., with
a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The
DSA ciphersuites were dropped because they had no deployment at all
on the internet, to justify their inclusion.
** libgnutls: The priority string EXPORT was completely removed. The string
OBS-URL: https://build.opensuse.org/request/show/295655
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=83
2015-04-18 08:38:18 +00:00
|
|
|
%{_includedir}/%{name}/system-keys.h
|
|
|
|
|
%{_includedir}/%{name}/urls.h
|
2011-08-24 11:44:12 +00:00
|
|
|
%{_libdir}/libgnutls.so
|
|
|
|
|
%{_libdir}/pkgconfig/gnutls.pc
|
|
|
|
|
%{_mandir}/man3/*
|
2016-12-29 21:41:21 +00:00
|
|
|
%{_infodir}/*%{ext_info}
|
2012-11-28 09:29:35 +00:00
|
|
|
%doc %{_docdir}/libgnutls-devel
|
2008-02-28 00:56:17 +00:00
|
|
|
|
2016-02-24 13:25:15 +00:00
|
|
|
%if %{with dane}
|
|
|
|
|
%files -n libgnutls-dane-devel
|
|
|
|
|
%dir %{_includedir}/%{name}
|
|
|
|
|
%{_includedir}/%{name}/dane.h
|
|
|
|
|
%{_libdir}/pkgconfig/gnutls-dane.pc
|
|
|
|
|
%{_libdir}/libgnutls-dane.so
|
|
|
|
|
%endif
|
|
|
|
|
|
2011-08-24 11:44:12 +00:00
|
|
|
%files -n libgnutlsxx-devel
|
|
|
|
|
%{_libdir}/libgnutlsxx.so
|
|
|
|
|
%dir %{_includedir}/%{name}
|
|
|
|
|
%{_includedir}/%{name}/gnutlsxx.h
|
|
|
|
|
|
2016-05-04 06:17:29 +00:00
|
|
|
%if %{with guile}
|
|
|
|
|
%files guile
|
|
|
|
|
%{_libdir}/guile/*
|
2018-08-23 07:10:46 +00:00
|
|
|
%{_datadir}/guile/gnutls*
|
2016-05-04 06:17:29 +00:00
|
|
|
%endif
|
|
|
|
|
|
2007-04-16 22:33:13 +00:00
|
|
|
%changelog
|
