Accepting request 1034574 from security:tls

OBS-URL: https://build.opensuse.org/request/show/1034574 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=142
2022-11-10 13:21:13 +00:00 · 2022-11-10 13:21:13 +00:00 · 5d070e9e23
commit 5d070e9e23
parent 867acec9e0 7d40b4ffcc
14 changed files with 839 additions and 1741 deletions
--- a/gnutls-3.6.6-set_guile_site_dir.patch
+++ b/gnutls-3.6.6-set_guile_site_dir.patch
@ -1,13 +0,0 @@
 Index: gnutls-3.7.7/configure
 ===================================================================
 --- gnutls-3.7.7.orig/configure
 +++ gnutls-3.7.7/configure
@@ -74223,7 +74223,7 @@ fi
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Guile site directory" >&5
 printf %s "checking for Guile site directory... " >&6; }
 -  GUILE_SITE=`$PKG_CONFIG --print-errors --variable=sitedir guile-$GUILE_EFFECTIVE_VERSION`
 +  GUILE_SITE=/usr/share/guile
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $GUILE_SITE" >&5
 printf "%s\n" "$GUILE_SITE" >&6; }
   if test "$GUILE_SITE" = ""; then
--- a/gnutls-3.7.7.tar.xz
+++ b/gnutls-3.7.7.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:be9143d0d58eab64dba9b77114aaafac529b6c0d7e81de6bdf1c9b59027d2106
 size 6351664
--- a/gnutls-3.7.7.tar.xz.sig
+++ b/gnutls-3.7.7.tar.xz.sig
--- a/gnutls-3.7.8.tar.xz
+++ b/gnutls-3.7.8.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:c58ad39af0670efe6a8aee5e3a8b2331a1200418b64b7c51977fb396d4617114
 size 6029220
--- a/gnutls-3.7.8.tar.xz.sig
+++ b/gnutls-3.7.8.tar.xz.sig
--- a/gnutls-FIPS-Run-CFB8-without-offset.patch
+++ b/gnutls-FIPS-Run-CFB8-without-offset.patch
@ -1,29 +0,0 @@
 Index: gnutls-3.7.7/lib/crypto-selftests.c
 ===================================================================
 --- gnutls-3.7.7.orig/lib/crypto-selftests.c
 +++ gnutls-3.7.7/lib/crypto-selftests.c
@@ -2735,6 +2735,16 @@ int gnutls_cipher_self_test(unsigned fla
 		NON_FIPS_CASE(GNUTLS_CIPHER_CHACHA20_POLY1305, test_cipher_aead,
 		     chacha_poly1305_vectors);
 		FALLTHROUGH;
 +		CASE(GNUTLS_CIPHER_AES_128_CFB8, test_cipher,
 +		     aes128_cfb8_vectors);
 +		FALLTHROUGH;
 +		CASE(GNUTLS_CIPHER_AES_192_CFB8, test_cipher,
 +		     aes192_cfb8_vectors);
 +		FALLTHROUGH;
 +		CASE(GNUTLS_CIPHER_AES_256_CFB8, test_cipher,
 +		      aes256_cfb8_vectors);
 +		FALLTHROUGH;
 +#if 0
 		CASE2(GNUTLS_CIPHER_AES_128_CFB8, test_cipher,
 		      test_cipher_all_block_sizes,
 		      aes128_cfb8_vectors);
@@ -2747,6 +2757,7 @@ int gnutls_cipher_self_test(unsigned fla
 		      test_cipher_all_block_sizes,
 		      aes256_cfb8_vectors);
 		FALLTHROUGH;
 +#endif
 		CASE(GNUTLS_CIPHER_AES_128_XTS, test_cipher,
 		     aes128_xts_vectors);
 		FALLTHROUGH;
--- a/gnutls-FIPS-Set-error-state-when-jent-init-failed.patch
+++ b/gnutls-FIPS-Set-error-state-when-jent-init-failed.patch
@ -0,0 +1,91 @@
 ---
 lib/nettle/sysrng-linux.c |    6 ++++++
 1 file changed, 6 insertions(+)
 Index: gnutls-3.7.8/lib/nettle/sysrng-linux.c
 ===================================================================
 --- gnutls-3.7.8.orig/lib/nettle/sysrng-linux.c
 +++ gnutls-3.7.8/lib/nettle/sysrng-linux.c
@@ -49,11 +49,13 @@
 get_entropy_func _rnd_get_system_entropy = NULL;
 #if defined(__linux__)
 -# ifdef ENABLE_FIPS140
 +# if defined(ENABLE_FIPS140)
 #  define HAVE_JENT
 #  include <jitterentropy.h>
 static int jent_initialized = 0;
 static struct rand_data* ec = NULL;
 +/* Declare function to fix a missing-prototypes compilation warning */
 +void FIPS_jent_entropy_deinit(void);
 # endif
 # ifdef HAVE_GETRANDOM
 #  include <sys/random.h>
@@ -72,7 +74,8 @@ static ssize_t _getrandom0(void *buf, si
 #  endif
 # endif
 -# if defined(HAVE_JENT)
 +# if defined(ENABLE_FIPS140)
 +#  if defined(HAVE_JENT)
 /* check whether the CPU Jitter entropy collector is available. */
 static unsigned FIPS_jent_entropy_init(void)
 {
@@ -161,6 +164,7 @@ static int _rnd_get_system_entropy_jent(
 	return 0;
 }
 +#  endif
 # endif
 static unsigned have_getrandom(void)
@@ -260,7 +264,8 @@ int _rnd_system_entropy_init(void)
 	int urandom_fd;
 #if defined(__linux__)
 -# if defined(HAVE_JENT)
 +# if defined(ENABLE_FIPS140)
 +#  if defined(HAVE_JENT)
 	/* Enable jitterentropy usage if available */
 	if (FIPS_jent_entropy_init()) {
 		_rnd_get_system_entropy = _rnd_get_system_entropy_jent;
@@ -268,7 +273,14 @@ int _rnd_system_entropy_init(void)
 		return 0;
 	} else {
 		_gnutls_debug_log("jitterentropy is not available\n");
 +		/* Set error state when FIPS_jent_entropy_init failed and FIPS mode is enabled */
 +		if (_gnutls_fips_mode_enabled()) {
 +			_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
 +			_gnutls_switch_lib_state(LIB_STATE_ERROR);
 +			return gnutls_assert_val(GNUTLS_E_RANDOM_DEVICE_ERROR);
 +		}
 	}
 +#  endif
 # endif
 	/* Enable getrandom() usage if available */
 	if (have_getrandom()) {
@@ -300,8 +312,10 @@ void _rnd_system_entropy_deinit(void)
 {
 	/* A no-op now when we open and close /dev/urandom every time */
 #if defined(__linux__)
 -# if defined(HAVE_JENT)
 +# if defined(ENABLE_FIPS140)
 +#  if defined(HAVE_JENT)
 	FIPS_jent_entropy_deinit();
 +#  endif
 # endif
 #endif
 	return;
 Index: gnutls-3.7.8/tests/Makefile.am
 ===================================================================
 --- gnutls-3.7.8.orig/tests/Makefile.am
 +++ gnutls-3.7.8/tests/Makefile.am
@@ -208,7 +208,7 @@ ctests += mini-record-2 simple gnutls_hm
 	 dtls12-cert-key-exchange dtls10-cert-key-exchange x509-cert-callback-legacy \
 	 keylog-env ssl2-hello tlsfeature-ext dtls-rehandshake-cert-2 dtls-session-ticket-lost \
 	 tlsfeature-crt dtls-rehandshake-cert-3 resume-with-false-start \
 -	 set_x509_key_file_ocsp client-fastopen rng-sigint srp rng-pthread \
 +	 set_x509_key_file_ocsp client-fastopen srp rng-pthread \
 	 safe-renegotiation/srn0 safe-renegotiation/srn1 safe-renegotiation/srn2 \
 	 safe-renegotiation/srn3 safe-renegotiation/srn4 safe-renegotiation/srn5 \
 	 rsa-illegal-import set_x509_ocsp_multi_invalid set_key set_x509_key_file_ocsp_multi2 \
--- a/gnutls-Make-XTS-key-check-failure-not-fatal.patch
+++ b/gnutls-Make-XTS-key-check-failure-not-fatal.patch
@ -0,0 +1,242 @@
 From 00fff0aad2b606801704046042aa3b2b24f07d63 Mon Sep 17 00:00:00 2001
 From: Zoltan Fridrich <zfridric@redhat.com>
 Date: Thu, 29 Sep 2022 15:31:28 +0200
 Subject: [PATCH] Make XTS key check failure not fatal
 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 ---
 lib/accelerated/x86/aes-xts-x86-aesni.c |  1 -
 lib/nettle/cipher.c                     | 73 ++++++++---------------
 tests/Makefile.am                       |  2 +-
 tests/xts-key-check.c                   | 78 +++++++++++++++++++++++++
 5 files changed, 103 insertions(+), 52 deletions(-)
 create mode 100644 tests/xts-key-check.c
 diff --git a/lib/accelerated/x86/aes-xts-x86-aesni.c b/lib/accelerated/x86/aes-xts-x86-aesni.c
 index 0588d0bd55..d6936a688d 100644
 --- a/lib/accelerated/x86/aes-xts-x86-aesni.c
 +++ b/lib/accelerated/x86/aes-xts-x86-aesni.c
@@ -73,7 +73,6 @@ x86_aes_xts_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
 	/* Check key block according to FIPS-140-2 IG A.9 */
 	if (_gnutls_fips_mode_enabled()){
 		if (gnutls_memcmp(key, key + (keysize / 2), keysize / 2) == 0) {
 -			_gnutls_switch_lib_state(LIB_STATE_ERROR);
 			return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 		}
 	}
 diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
 index c9c59fb0ba..9c2ce19e7e 100644
 --- a/lib/nettle/cipher.c
 +++ b/lib/nettle/cipher.c
@@ -448,12 +448,14 @@ _gcm_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
 		    length, dst, src);
 }
 -static void _des_set_key(struct des_ctx *ctx, const uint8_t *key)
 +static void
 +_des_set_key(struct des_ctx *ctx, const uint8_t *key)
 {
 	des_set_key(ctx, key);
 }
 -static void _des3_set_key(struct des3_ctx *ctx, const uint8_t *key)
 +static void
 +_des3_set_key(struct des3_ctx *ctx, const uint8_t *key)
 {
 	des3_set_key(ctx, key);
 }
@@ -476,50 +478,6 @@ _cfb8_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
 		     length, dst, src);
 }
 -static void
 -_xts_aes128_set_encrypt_key(struct xts_aes128_key *xts_key,
 -			    const uint8_t *key)
 -{
 -	if (_gnutls_fips_mode_enabled() &&
 -	    gnutls_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
 -		_gnutls_switch_lib_state(LIB_STATE_ERROR);
 -
 -	xts_aes128_set_encrypt_key(xts_key, key);
 -}
 -
 -static void
 -_xts_aes128_set_decrypt_key(struct xts_aes128_key *xts_key,
 -			    const uint8_t *key)
 -{
 -	if (_gnutls_fips_mode_enabled() &&
 -	    gnutls_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
 -		_gnutls_switch_lib_state(LIB_STATE_ERROR);
 -
 -	xts_aes128_set_decrypt_key(xts_key, key);
 -}
 -
 -static void
 -_xts_aes256_set_encrypt_key(struct xts_aes256_key *xts_key,
 -			    const uint8_t *key)
 -{
 -	if (_gnutls_fips_mode_enabled() &&
 -	    gnutls_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
 -		_gnutls_switch_lib_state(LIB_STATE_ERROR);
 -
 -	xts_aes256_set_encrypt_key(xts_key, key);
 -}
 -
 -static void
 -_xts_aes256_set_decrypt_key(struct xts_aes256_key *xts_key,
 -			    const uint8_t *key)
 -{
 -	if (_gnutls_fips_mode_enabled() &&
 -	    gnutls_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
 -		_gnutls_switch_lib_state(LIB_STATE_ERROR);
 -
 -	xts_aes256_set_decrypt_key(xts_key, key);
 -}
 -
 static void
 _xts_aes128_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
 		    const uint8_t * src)
@@ -1041,8 +999,8 @@ static const struct nettle_cipher_st builtin_ciphers[] = {
 	   .ctx_size = sizeof(struct xts_aes128_key),
 	   .encrypt = _xts_aes128_encrypt,
 	   .decrypt = _xts_aes128_decrypt,
 -	   .set_encrypt_key = (nettle_set_key_func*)_xts_aes128_set_encrypt_key,
 -	   .set_decrypt_key = (nettle_set_key_func*)_xts_aes128_set_decrypt_key,
 +	   .set_encrypt_key = (nettle_set_key_func*)xts_aes128_set_encrypt_key,
 +	   .set_decrypt_key = (nettle_set_key_func*)xts_aes128_set_decrypt_key,
 	   .max_iv_size = AES_BLOCK_SIZE,
 	},
 	{  .algo = GNUTLS_CIPHER_AES_256_XTS,
@@ -1052,8 +1010,8 @@ static const struct nettle_cipher_st builtin_ciphers[] = {
 	   .ctx_size = sizeof(struct xts_aes256_key),
 	   .encrypt = _xts_aes256_encrypt,
 	   .decrypt = _xts_aes256_decrypt,
 -	   .set_encrypt_key = (nettle_set_key_func*)_xts_aes256_set_encrypt_key,
 -	   .set_decrypt_key = (nettle_set_key_func*)_xts_aes256_set_decrypt_key,
 +	   .set_encrypt_key = (nettle_set_key_func*)xts_aes256_set_encrypt_key,
 +	   .set_decrypt_key = (nettle_set_key_func*)xts_aes256_set_decrypt_key,
 	   .max_iv_size = AES_BLOCK_SIZE,
 	},
 	{  .algo = GNUTLS_CIPHER_AES_128_SIV,
@@ -1144,6 +1102,21 @@ wrap_nettle_cipher_setkey(void *_ctx, const void *key, size_t keysize)
 		return 0;
 	}
 +	switch (ctx->cipher->algo) {
 +	case GNUTLS_CIPHER_AES_128_XTS:
 +		if (_gnutls_fips_mode_enabled() &&
 +		    gnutls_memcmp(key, (char *)key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
 +			return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 +		break;
 +	case GNUTLS_CIPHER_AES_256_XTS:
 +		if (_gnutls_fips_mode_enabled() &&
 +		    gnutls_memcmp(key, (char *)key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
 +			return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 +		break;
 +	default:
 +		break;
 +	}
 +
 	if (ctx->enc)
 		ctx->cipher->set_encrypt_key(ctx->ctx_ptr, key);
 	else
 diff --git a/tests/Makefile.am b/tests/Makefile.am
 index 3e126f0046..1122886b31 100644
 --- a/tests/Makefile.am
 +++ b/tests/Makefile.am
@@ -233,7 +233,7 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei
 	 tls13-without-timeout-func buffer status-request-revoked \
 	 set_x509_ocsp_multi_cli kdf-api keylog-func handshake-write \
 	 x509cert-dntypes id-on-xmppAddr tls13-compat-mode ciphersuite-name \
 -	 x509-upnconstraint cipher-padding pkcs7-verify-double-free \
 +	 x509-upnconstraint xts-key-check cipher-padding pkcs7-verify-double-free \
 	 fips-rsa-sizes
 ctests += tls-channel-binding
 diff --git a/tests/xts-key-check.c b/tests/xts-key-check.c
 new file mode 100644
 index 0000000000..a3bea5abca
 --- /dev/null
 +++ b/tests/xts-key-check.c
@@ -0,0 +1,78 @@
 +/*
 + * Copyright (C) 2022 Red Hat, Inc.
 + *
 + * Author: Zoltan Fridrich
 + *
 + * This file is part of GnuTLS.
 + *
 + * GnuTLS is free software: you can redistribute it and/or modify it
 + * under the terms of the GNU General Public License as published by
 + * the Free Software Foundation, either version 3 of the License, or
 + * (at your option) any later version.
 + *
 + * GnuTLS is distributed in the hope that it will be useful, but
 + * WITHOUT ANY WARRANTY; without even the implied warranty of
 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 + * General Public License for more details.
 + *
 + * You should have received a copy of the GNU General Public License
 + * along with GnuTLS. If not, see <https://www.gnu.org/licenses/>.
 + */
 +
 +#ifdef HAVE_CONFIG_H
 +#include <config.h>
 +#endif
 +
 +#include <gnutls/crypto.h>
 +
 +#include "utils.h"
 +
 +static void test_xts_check(gnutls_cipher_algorithm_t alg)
 +{
 +	int ret;
 +	gnutls_cipher_hd_t ctx;
 +	gnutls_datum_t key, iv;
 +
 +	iv.size = gnutls_cipher_get_iv_size(alg);
 +	iv.data = gnutls_malloc(iv.size);
 +	if (iv.data == NULL)
 +		fail("Error: %s\n", gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
 +	gnutls_memset(iv.data, 0xf0, iv.size);
 +
 +	key.size = gnutls_cipher_get_key_size(alg);
 +	key.data = gnutls_malloc(key.size);
 +	if (key.data == NULL) {
 +		gnutls_free(iv.data);
 +		fail("Error: %s\n", gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
 +	}
 +	gnutls_memset(key.data, 0xf0, key.size);
 +
 +	ret = gnutls_cipher_init(&ctx, alg, &key, &iv);
 +	if (ret == GNUTLS_E_SUCCESS) {
 +		gnutls_cipher_deinit(ctx);
 +		gnutls_free(iv.data);
 +		gnutls_free(key.data);
 +		fail("cipher initialization should fail for key1 == key2\n");
 +	}
 +
 +	key.data[0] = 0xff;
 +
 +	ret = gnutls_cipher_init(&ctx, alg, &key, &iv);
 +	gnutls_free(iv.data);
 +	gnutls_free(key.data);
 +
 +	if (ret == GNUTLS_E_SUCCESS)
 +		gnutls_cipher_deinit(ctx);
 +	else
 +		fail("cipher initialization should succeed with key1 != key2"
 +		     "\n%s\n", gnutls_strerror(ret));
 +}
 +
 +void doit(void)
 +{
 +	if (!gnutls_fips140_mode_enabled())
 +		exit(77);
 +
 +	test_xts_check(GNUTLS_CIPHER_AES_128_XTS);
 +	test_xts_check(GNUTLS_CIPHER_AES_256_XTS);
 +}
 -- 
 GitLab
--- a/gnutls-disable-flaky-test-dtls-resume.patch
+++ b/gnutls-disable-flaky-test-dtls-resume.patch
@ -0,0 +1,13 @@
 Index: gnutls-3.7.8/tests/Makefile.am
 ===================================================================
 --- gnutls-3.7.8.orig/tests/Makefile.am
 +++ gnutls-3.7.8/tests/Makefile.am
@@ -508,7 +508,7 @@ if !WINDOWS
 # List of tests not available/functional under windows
 #
 -dist_check_SCRIPTS += dtls/dtls.sh dtls/dtls-resume.sh #dtls/dtls-nb
 +dist_check_SCRIPTS += dtls/dtls.sh #dtls/dtls-resume.sh #dtls/dtls-nb
 indirect_tests += dtls-stress
--- a/gnutls-verify-library-HMAC.patch
+++ b/gnutls-verify-library-HMAC.patch
@ -0,0 +1,21 @@
 Index: gnutls-3.7.8/lib/fips.c
 ===================================================================
 --- gnutls-3.7.8.orig/lib/fips.c
 +++ gnutls-3.7.8/lib/fips.c
@@ -402,6 +402,8 @@ static int check_binary_integrity(void)
 	ret = check_lib_hmac(&file.gnutls, GNUTLS_LIBRARY_NAME, "gnutls_global_init");
 	if (ret < 0)
 		return ret;
 +	/* Check only the binary integrity of the libgnutls library */
 +#if 0
 	ret = check_lib_hmac(&file.nettle, NETTLE_LIBRARY_NAME, "nettle_aes_set_encrypt_key");
 	if (ret < 0)
 		return ret;
@@ -411,6 +413,7 @@ static int check_binary_integrity(void)
 	ret = check_lib_hmac(&file.gmp, GMP_LIBRARY_NAME, "__gmpz_init");
 	if (ret < 0)
 		return ret;
 +#endif
 	return 0;
 }
--- a/gnutls.changes
+++ b/gnutls.changes
@ -1,3 +1,71 @@
 -------------------------------------------------------------------
 Tue Nov  8 12:52:18 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
 - Verify only the libgnutls library HMAC [bsc#1199881]
  * Do not use the brp-50-generate-fips-hmac script as this
    is now calculated with the internal fipshmac tool.
  * Add gnutls-verify-library-HMAC.patch
 -------------------------------------------------------------------
 Wed Nov  2 20:51:43 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
 - Temporarily revert the jitterentropy patches in s390 and s390x
  architectures until a fix is provided [bsc#1204937]
 - Disable flaky test that fails in s390x architecture:
  * Add gnutls-disable-flaky-test-dtls-resume.patch
 -------------------------------------------------------------------
 Fri Oct 14 11:35:33 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
 - Consolidate the FIPS hmac files [bsc#1203245]
  * Use the gnutls fipshmac tool instead of the brp-check-suse
    and rename it to reflect on the library version.
  * Remove not needed gnutls-FIPS-Run-CFB8-without-offset.patch
 - Add a gnutls.rpmlintrc file to remove a hidden-file-or-dir false
  positive for the FIPS hmac calculation.
 -------------------------------------------------------------------
 Sun Oct  9 12:53:27 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
 - Update to 3.7.8:
  * libgnutls: In FIPS140 mode, RSA signature verification is an
    approved operation if the key has modulus with known sizes
    (1024, 1280, 1536, and 1792 bits), in addition to any modulus
    sizes larger than 2048 bits, according to SP800-131A rev2.
  * libgnutls: gnutls_session_channel_binding performs additional
    checks when GNUTLS_CB_TLS_EXPORTER is requested. According to
    RFC9622 4.2, the "tls-exporter" channel binding is only usable
    when the handshake is bound to a unique master secret (i.e.,
    either TLS 1.3 or extended master secret extension is
    negotiated). Otherwise the function now returns error.
  * libgnutls: usage of the following functions, which are designed
    to loosen restrictions imposed by allowlisting mode of
    configuration, has been additionally restricted. Invoking
    them is now only allowed if system-wide TLS priority string
    has not been initialized yet:
      - gnutls_digest_set_secure
      - gnutls_sign_set_secure
      - gnutls_sign_set_secure_for_certs
      - gnutls_protocol_set_enabled
  * Delete gnutls-3.6.6-set_guile_site_dir.patch and use the
    --with-guile-extension-dir configure option to properly
    handle the guile extension directory.
  * Rebase gnutls-Make-XTS-key-check-failure-not-fatal.patch
  * Update gnutls.keyring
  * Add a build depencency on gtk-doc required by autoreconf
 -------------------------------------------------------------------
 Fri Oct  7 09:30:44 UTC 2022 - Otto Hollmann <otto.hollmann@suse.com>
 - FIPS: Set error state when jent init failed in FIPS mode [bsc#1202146]
  * Add patch gnutls-FIPS-Set-error-state-when-jent-init-failed.patch
 -------------------------------------------------------------------
 Tue Oct  4 13:05:27 UTC 2022 - Otto Hollmann <otto.hollmann@suse.com>
 - FIPS: Make XTS key check failure not fatal [bsc#1203779]
  * Add gnutls-Make-XTS-key-check-failure-not-fatal.patch
 -------------------------------------------------------------------
 Wed Sep 14 15:25:46 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
--- a/gnutls.keyring
+++ b/gnutls.keyring
--- a/gnutls.rpmlintrc
+++ b/gnutls.rpmlintrc
@ -0,0 +1 @@
 addFilter("hidden-file-or-dir /usr/lib64/.libgnutls.so.30.hmac")
--- a/gnutls.spec
+++ b/gnutls.spec
@ -36,7 +36,7 @@
 %bcond_with tpm
 %bcond_without guile
 Name:           gnutls
-Version:        3.7.7
+Version:        3.7.8
 Release:        0
 Summary:        The GNU Transport Layer Security Library
 License:        GPL-3.0-or-later AND LGPL-2.1-or-later
@ -44,27 +44,37 @@ Group:          Productivity/Networking/Security
 URL:            https://www.gnutls.org/
 Source0:        https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz
 Source1:        https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz.sig
 # https://gnutls.org/gnutls-release-keyring.gpg
 Source2:        gnutls.keyring
 Source3:        baselibs.conf
 # Suppress a false positive on the .hmac file
 Source4:        gnutls.rpmlintrc
 Patch0:         gnutls-3.5.11-skip-trust-store-tests.patch
-Patch1:         gnutls-3.6.6-set_guile_site_dir.patch
+Patch1:         gnutls-FIPS-TLS_KDF_selftest.patch
-Patch2:         gnutls-FIPS-TLS_KDF_selftest.patch
+Patch2:         gnutls-FIPS-disable-failing-tests.patch
-Patch3:         gnutls-FIPS-disable-failing-tests.patch
+Patch3:         gnutls_ECDSA_signing.patch
 Patch4:         gnutls_ECDSA_signing.patch
 %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
 %ifnarch s390 s390x
 #PATCH-FIX-SUSE bsc#1202146 FIPS: Port gnutls to use jitterentropy
-Patch5:         gnutls-FIPS-jitterentropy.patch
+Patch4:         gnutls-FIPS-jitterentropy.patch
 #PATCH-FIX-SUSE bsc#1202146 FIPS: Set error state when jent init failed in FIPS mode
 Patch5:         gnutls-FIPS-Set-error-state-when-jent-init-failed.patch
 %endif
 %endif
 #PATCH-FIX-SUSE bsc#1190698 FIPS: SLI gnutls_pbkdf2: verify keylengths and allow SHA only
 Patch6:         gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch
-#PATCH-FIX-SUSE bsc#1203245 FIPS: Run the CFB8 cipher selftests without offset
+#PATCH-FIX-UPSTREAM bsc#1203779 Make XTS key check failure not fatal
-Patch7:         gnutls-FIPS-Run-CFB8-without-offset.patch
+Patch7:         gnutls-Make-XTS-key-check-failure-not-fatal.patch
 Patch8:         gnutls-disable-flaky-test-dtls-resume.patch
 #PATCH-FIX-OPENSUSE bsc#1199881 Verify only the libgnutls library HMAC
 Patch9:         gnutls-verify-library-HMAC.patch
 BuildRequires:  autogen
 BuildRequires:  automake
 BuildRequires:  datefudge
 BuildRequires:  fdupes
 BuildRequires:  fipscheck
 BuildRequires:  gcc-c++
 BuildRequires:  gtk-doc
 # The test suite calls /usr/bin/ss from iproute2. It's our own duty to ensure we have it present
 BuildRequires:  iproute2
 BuildRequires:  libidn2-devel
@ -218,7 +228,11 @@ echo "SYSTEM=NORMAL" >> tests/system.prio
 export LDFLAGS="-pie -Wl,-z,now -Wl,-z,relro"
 export CFLAGS="%{optflags} -fPIE"
 export CXXFLAGS="%{optflags} -fPIE"
-#autoreconf -fiv
+autoreconf -fiv
 # Rename the internal .hmac file to include the so library version
 sed -i "s/\.gnutls\.hmac/\.libgnutls\.so\.%{gnutls_sover}\.hmac/g" lib/Makefile.am lib/Makefile.in lib/fips.c
 %configure \
        gl_cv_func_printf_directive_n=yes \
        gl_cv_func_printf_infinite_long_double=yes \
@ -241,6 +255,7 @@ export CXXFLAGS="%{optflags} -fPIE"
 %endif
 %if %{with guile}
        --enable-guile \
        --with-guile-extension-dir=%{_libdir}/guile/3.0 \
 %else
        --disable-guile \
 %endif
@ -252,13 +267,32 @@ export CXXFLAGS="%{optflags} -fPIE"
 %install
 %make_install
 # Compute the FIPS hmac using the brp-50-generate-fips-hmac script
 # export BRP_FIPSHMAC_FILES=%%{buildroot}%%{_libdir}/libgnutls.so.%%{gnutls_sover}
 # the hmac hashes:
 #
 # this is a hack that re-defines the __os_install_post macro
 # for a simple reason: the macro strips the binaries and thereby
 # invalidates a HMAC that may have been created earlier.
 # solution: create the hashes _after_ the macro runs.
 #
 # this shows up earlier because otherwise the %%expand of
 # the macro is too late.
 # remark: This is the same as running
 #   openssl dgst -sha256 -hmac 'orboDeJITITejsirpADONivirpUkvarP'
 # note: The FIPS hmac is now calculated with an internal tool since
 #   commit a86c8e87189e23920ae622da5e572cb4e1a6e0ed
 %{expand:%%global __os_install_post {%__os_install_post
 ./lib/fipshmac "%{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover}" > %{buildroot}%{_libdir}/.libgnutls.so.%{gnutls_sover}.hmac
 sed -i "s^%{buildroot}/usr^^" %{buildroot}%{_libdir}/.libgnutls.so.%{gnutls_sover}.hmac
 }}
 rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot
 # Do not package static libs and libtool files
 find %{buildroot} -type f -name "*.la" -delete -print
 # Compute FIPS hmac using the brp-50-generate-fips-hmac script
 export BRP_FIPSHMAC_FILES=%{buildroot}%{_libdir}/libgnutls.so.%{gnutls_sover}
 # install docs
 mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/
 cp doc/gnutls.html doc/*.png %{buildroot}%{_docdir}/libgnutls-devel/
@ -379,7 +413,7 @@ GNUTLS_FORCE_FIPS_MODE=1 make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=
 %files guile
 %license LICENSE
 %{_libdir}/guile/*
-%{_datadir}/guile/gnutls*
+%{_datadir}/guile/site/*
 %endif
 %changelog
		`@ -0,0 +1 @@`
							`addFilter("hidden-file-or-dir /usr/lib64/.libgnutls.so.30.hmac")`