diff --git a/gnutls-3.5.13.tar.xz b/gnutls-3.5.13.tar.xz deleted file mode 100644 index 3d86ff5..0000000 --- a/gnutls-3.5.13.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:79f5480ad198dad5bc78e075f4a40c4a315a1b2072666919d2d05a08aec13096 -size 7226468 diff --git a/gnutls-3.5.13.tar.xz.sig b/gnutls-3.5.13.tar.xz.sig deleted file mode 100644 index c7812af..0000000 Binary files a/gnutls-3.5.13.tar.xz.sig and /dev/null differ diff --git a/gnutls-3.5.15.tar.xz b/gnutls-3.5.15.tar.xz new file mode 100644 index 0000000..d9d3392 --- /dev/null +++ b/gnutls-3.5.15.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:046081108b8b1fe455a13a4c5a4eaa0368e185b678f1670fe09a11a2d7ecfad5 +size 7238928 diff --git a/gnutls-3.5.15.tar.xz.sig b/gnutls-3.5.15.tar.xz.sig new file mode 100644 index 0000000..b70a452 Binary files /dev/null and b/gnutls-3.5.15.tar.xz.sig differ diff --git a/gnutls.changes b/gnutls.changes index ee2c357..eeaad81 100644 --- a/gnutls.changes +++ b/gnutls.changes @@ -1,3 +1,37 @@ +------------------------------------------------------------------- +Tue Aug 22 18:49:47 UTC 2017 - astieger@suse.com + +- GnuTLS 3.5.15: + * libgnutls: Disable hardware acceleration on aarch64/ilp32 mode + * certtool: Keys with provable RSA and DSA parameters are now + only exported in PKCS#8 form + +------------------------------------------------------------------- +Wed Jul 12 11:23:30 UTC 2017 - jengelh@inai.de + +- RPM group fix. Diversification of summaries. +- Avoid aims and future plans in description. Say what it does now. + +------------------------------------------------------------------- +Fri Jul 7 11:22:02 UTC 2017 - tchvatal@suse.com + +- Drop the deprecated openssl compat ; discussed and suggested by + vcizek +- Cleanup a bit with spec-cleaner + +------------------------------------------------------------------- +Tue Jul 4 10:51:35 UTC 2017 - astieger@suse.com + +- GnuTLS 3.5.14: + * Handle specially HSMs which request explicit authentication + * he GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login on HSMs + * do not set leading zeros when copying integers on HSMs + * Fix issue discovering certain OCSP signers, and improved the + discovery of OCSP signer in the case where the Subject Public + Key identifier field matches + * ensure OCSP responses are saved with --save-ocsp even if + certificate verification fails. + ------------------------------------------------------------------- Thu Jun 8 22:51:06 UTC 2017 - astieger@suse.com diff --git a/gnutls.spec b/gnutls.spec index ae20221..9bdfe30 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -18,25 +18,18 @@ %define gnutls_sover 30 %define gnutlsxx_sover 28 -%bcond_without gnutls_openssl_compat +%define gnutls_dane_sover 0 %bcond_without dane %bcond_with tpm %bcond_without guile -%if %{with gnutls_openssl_compat} -%define gnutls_ossl_sover 27 -%endif -%if %{with dane} -%define gnutls_dane_sover 0 -%endif Name: gnutls -Version: 3.5.13 +Version: 3.5.15 Release: 0 Summary: The GNU Transport Layer Security Library -License: LGPL-2.1+ and GPL-3.0+ +License: LGPL-2.1+ AND GPL-3.0+ Group: Productivity/Networking/Security Url: http://www.gnutls.org/ Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/%{name}-%{version}.tar.xz -# signature is checked by source services. Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/%{name}-%{version}.tar.xz.sig Source2: %{name}.keyring Source3: baselibs.conf @@ -52,11 +45,11 @@ BuildRequires: libnettle-devel >= 3.1 BuildRequires: libtasn1-devel >= 4.9 BuildRequires: libtool BuildRequires: libunistring-devel +BuildRequires: makeinfo BuildRequires: p11-kit-devel >= 0.23.1 BuildRequires: pkgconfig BuildRequires: xz BuildRequires: zlib-devel -BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?suse_version} <= 1320 BuildRequires: net-tools %else @@ -76,31 +69,21 @@ BuildRequires: libunbound-devel %if %{with guile} BuildRequires: guile-devel %endif -# disabled ppc - valgrind crashes on email cert tests currently. Marcus 20150413 -# disabled armv7l - valgrind appears to mishandle some insns -# disabled aarch64 - valgrind mishandles exclusive load/store causing deadlocks -%ifarch %{ix86} x86_64 ppc64 s390x ppc64le -# disabled all, valgrind breaks tests in 3.4.4 -#BuildRequires: valgrind -%endif -%if 0%{?suse_version} >= 1230 -BuildRequires: makeinfo -%endif %description -The GnuTLS project aims to develop a library that provides a secure -layer over a reliable transport layer. Currently the GnuTLS library -implements the proposed standards of the IETF's TLS working group. +The GnuTLS library provides a secure layer over a reliable transport +layer. Currently the GnuTLS library implements the proposed standards +of the IETF's TLS working group. %package -n libgnutls%{gnutls_sover} Summary: The GNU Transport Layer Security Library License: LGPL-2.1+ -Group: Productivity/Networking/Security +Group: System/Libraries %description -n libgnutls%{gnutls_sover} -The GnuTLS project aims to develop a library that provides a secure -layer over a reliable transport layer. Currently the GnuTLS library -implements the proposed standards of the IETF's TLS working group. +The GnuTLS library provides a secure layer over a reliable transport +layer. Currently the GnuTLS library implements the proposed standards +of the IETF's TLS working group. %if %{with dane} %package -n libgnutls-dane%{gnutls_dane_sover} @@ -115,36 +98,22 @@ This package contains the "DANE" part of gnutls. %endif %package -n libgnutlsxx%{gnutlsxx_sover} -Summary: The GNU Transport Layer Security Library +Summary: C++ API for the GNU Transport Layer Security Library License: LGPL-2.1+ -Group: Productivity/Networking/Security +Group: System/Libraries %description -n libgnutlsxx%{gnutlsxx_sover} -The GnuTLS project aims to develop a library that provides a secure -layer over a reliable transport layer. Currently the GnuTLS library +The GnuTLS library provides a secure layer over a reliable transport +layer. implements the proposed standards of the IETF's TLS working group. -%if %{with gnutls_openssl_compat} -%package -n libgnutls-openssl%{gnutls_ossl_sover} -Summary: The GNU Transport Layer Security Library -License: GPL-3.0+ -Group: Productivity/Networking/Security - -%description -n libgnutls-openssl%{gnutls_ossl_sover} -The GnuTLS project aims to develop a library that provides a secure -layer over a reliable transport layer. Currently the GnuTLS library -implements the proposed standards of the IETF's TLS working group. - -%endif - %package -n libgnutls-devel -Summary: Development package for gnutls +Summary: Development package for the GnuTLS C API License: LGPL-2.1+ Group: Development/Libraries/C and C++ Requires: glibc-devel Requires: libgnutls%{gnutls_sover} = %{version} -# FIXME: use proper Requires(pre/post/preun/...) -PreReq: %{install_info_prereq} +Requires(pre): %{install_info_prereq} Provides: gnutls-devel = %{version}-%{release} %description -n libgnutls-devel @@ -152,7 +121,7 @@ Files needed for software development using gnutls. %if %{with dane} %package -n libgnutls-dane-devel -Summary: Development package for gnutls dane +Summary: Development package for GnuTLS DANE component License: LGPL-2.1+ Group: Development/Libraries/C and C++ Requires: libgnutls-dane%{gnutls_dane_sover} = %{version} @@ -162,30 +131,17 @@ Files needed for software development using gnutls. %endif %package -n libgnutlsxx-devel -Summary: Development package for gnutls +Summary: Development package for the GnuTLS C++ API License: LGPL-2.1+ Group: Development/Libraries/C and C++ Requires: libgnutls-devel = %{version} Requires: libgnutlsxx%{gnutlsxx_sover} = %{version} Requires: libstdc++-devel -# FIXME: use proper Requires(pre/post/preun/...) -PreReq: %{install_info_prereq} +Requires(pre): %{install_info_prereq} %description -n libgnutlsxx-devel Files needed for software development using gnutls. -%package -n libgnutls-openssl-devel -Summary: Development package for gnutls -License: GPL-3.0+ -Group: Development/Libraries/C and C++ -Requires: libgnutls-devel = %{version} -%if %{with gnutls_openssl_compat} -Requires: libgnutls-openssl%{gnutls_ossl_sover} = %{version} -%endif - -%description -n libgnutls-openssl-devel -Files needed for software development using gnutls. - %if %{with guile} %package guile Summary: Guile wrappers for gnutls @@ -194,7 +150,7 @@ Group: Development/Libraries/Other Requires: guile %description guile -GnuTLS Wrappers for GNU Guile - dialect of scheme. +GnuTLS Wrappers for GNU Guile, a dialect of Scheme. %endif %prep @@ -206,12 +162,11 @@ GnuTLS Wrappers for GNU Guile - dialect of scheme. export LDFLAGS="-pie" export CFLAGS="%{optflags} -fPIE" export CXXFLAGS="%{optflags} -fPIE" -autoreconf -if +autoreconf -fvi %configure \ gl_cv_func_printf_directive_n=yes \ gl_cv_func_printf_infinite_long_double=yes \ --disable-static \ - --with-pic \ --disable-rpath \ --disable-silent-rules \ --with-default-trust-store-dir=%{_localstatedir}/lib/ca-certificates/pem \ @@ -225,9 +180,6 @@ autoreconf -if --with-unbound-root-key-file=%{_localstatedir}/lib/unbound/root.key \ %else --disable-libdane \ -%endif -%if %{with gnutls_openssl_compat} - --enable-openssl-compatibility \ %endif %{nil} make %{?_smp_mflags} @@ -249,7 +201,7 @@ cp doc/examples/*.{c,h} %{buildroot}%{_docdir}/libgnutls-devel/examples/ # PNG files are replaced with the compressed files and that breaks # deduplication, this is workaround find %{buildroot}%{_datadir} -name '*.png' -exec gzip -n -9 {} + -rm -rf %{buildroot}/usr/share/doc/gnutls +rm -rf %{buildroot}%{_datadir}/doc/gnutls %fdupes -s %{buildroot}%{_datadir} %find_lang libgnutls --all-name @@ -257,7 +209,7 @@ rm -rf %{buildroot}/usr/share/doc/gnutls %check %if ! 0%{?qemu_user_space_build} make %{?_smp_mflags} check || { - find -name test-suite.log -print -exec cat {} \; + find -name test-suite.log -print -exec cat {} + exit 1 } %endif @@ -273,11 +225,6 @@ make %{?_smp_mflags} check || { %post -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig %postun -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig -%if %{with gnutls_openssl_compat} -%post -n libgnutls-openssl%{gnutls_ossl_sover} -p /sbin/ldconfig -%postun -n libgnutls-openssl%{gnutls_ossl_sover} -p /sbin/ldconfig -%endif - %post -n libgnutls-devel %install_info --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz @@ -285,7 +232,6 @@ make %{?_smp_mflags} check || { %install_info_delete --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz %files -f libgnutls.lang -%defattr(-, root, root) %doc THANKS README.md NEWS ChangeLog LICENSE AUTHORS doc/TODO %{_bindir}/certtool %{_bindir}/gnutls-cli @@ -304,27 +250,17 @@ make %{?_smp_mflags} check || { %{_mandir}/man1/* %files -n libgnutls%{gnutls_sover} -%defattr(-,root,root) %{_libdir}/libgnutls.so.%{gnutls_sover}* %if %{with dane} %files -n libgnutls-dane%{gnutls_dane_sover} -%defattr(-,root,root) %{_libdir}/libgnutls-dane.so.%{gnutls_dane_sover}* %endif -%if %{with gnutls_openssl_compat} -%files -n libgnutls-openssl%{gnutls_ossl_sover} -%defattr(-,root,root) -%{_libdir}/libgnutls-openssl.so.%{gnutls_ossl_sover}* -%endif - %files -n libgnutlsxx%{gnutlsxx_sover} -%defattr(-,root,root) %{_libdir}/libgnutlsxx.so.%{gnutlsxx_sover}* %files -n libgnutls-devel -%defattr(-, root, root) %dir %{_includedir}/%{name} %{_includedir}/%{name}/abstract.h %{_includedir}/%{name}/crypto.h @@ -351,7 +287,6 @@ make %{?_smp_mflags} check || { %if %{with dane} %files -n libgnutls-dane-devel -%defattr(-, root, root) %dir %{_includedir}/%{name} %{_includedir}/%{name}/dane.h %{_libdir}/pkgconfig/gnutls-dane.pc @@ -359,20 +294,12 @@ make %{?_smp_mflags} check || { %endif %files -n libgnutlsxx-devel -%defattr(-, root, root) %{_libdir}/libgnutlsxx.so %dir %{_includedir}/%{name} %{_includedir}/%{name}/gnutlsxx.h -%files -n libgnutls-openssl-devel -%defattr(-, root, root) -%{_libdir}/libgnutls-openssl.so -%dir %{_includedir}/%{name} -%{_includedir}/%{name}/openssl.h - %if %{with guile} %files guile -%defattr(-, root, root) %{_libdir}/guile/* %{_datadir}/guile/site/gnutls* %endif