SHA256
1
0
forked from pool/gnutls

Accepting request 447177 from Base:System

1

OBS-URL: https://build.opensuse.org/request/show/447177
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=95
This commit is contained in:
Ludwig Nussel 2016-12-29 21:41:21 +00:00 committed by Git OBS Bridge
parent 342e0cae5e
commit 9d4c48404b
6 changed files with 97 additions and 45 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:eb2a013905f5f2a0cbf7bcc1d20c85a50065063ee87bd33b496c4e19815e3498
size 6676480

Binary file not shown.

3
gnutls-3.5.7.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:60cbfc119e6268cfa38d712621daa473298a0c5b129c0842caec4c1ed4d7861a
size 7265264

BIN
gnutls-3.5.7.tar.xz.sig Normal file

Binary file not shown.

View File

@ -1,3 +1,59 @@
-------------------------------------------------------------------
Sun Dec 18 16:28:51 UTC 2016 - astieger@suse.com
- GnuTLS 3.5.7, the next stable branch, with the following
highlights:
* SHA3 as a certificate signature algorithm
* X25519 (formerly curve25519) for ephemeral EC diffie-hellman
key exchange
* TLS false start
* New APIs to access the Shawe-Taylor-based provable RSA and DSA
parameter generation
* Prevent the change of identity on rehandshakes by default
-------------------------------------------------------------------
Sun Dec 18 12:56:15 UTC 2016 - astieger@suse.com
- GnuTLS 3.4.17:
* libgnutls: Introduced time and constraints checks in the end
certificate in the gnutls_x509_crt_verify_data2() and
gnutls_pkcs7_verify_direct() functions.
* libgnutls: Set limits on the maximum number of alerts handled.
That is, applications using gnutls could be tricked into an
busy loop if the peer sends continuously alert messages.
Applications which set a maximum handshake time (via
gnutls_handshake_set_timeout) will eventually recover but
others may remain in a busy loops indefinitely. This is related
but not identical to CVE-2016-8610, due to the difference in
alert handling of the libraries (gnutls delegates that handling
to applications). boo#1005879
* libgnutls: Enhanced the PKCS#7 parser to allow decoding old
(pre-rfc5652) structures with arbitrary encapsulated content.
* libgnutls: Backported cipher priorities order from 3.5.x branch
That adds CHACHA20-POLY1305 ciphersuite to SECURE priority
strings.
* certtool: When exporting a CRQ in DER format ensure no text data
are intermixed.
* API and ABI modifications:
gnutls_pkcs7_get_embedded_data_oid: Added
- includes changes from 3.4.16:
* libgnutls: Ensure proper cleanups on
gnutls_certificate_set_*key() failures due to key mismatch.
This prevents leaks or double freeing on such failures.
* libgnutls: Increased the maximum size of the handshake message
hash. This will allow the library to cope better with larger
packets, as the ones offered by current TLS 1.3 drafts.
* libgnutls: Allow to use client certificates despite them
containing disallowed algorithms for a session. That allows for
example a client to use DSA-SHA1 due to his old DSA
certificate, without requiring him to enable DSA-SHA1 (and thus
make it acceptable for the server's certificate).
* guile: Backported all improvements from 3.5.x branch.
* guile: Update code to the I/O port API of Guile >= 2.1.4
This makes sure the GnuTLS bindings will work with the
forthcoming 2.2 stable series of Guile, of which 2.1 is a
preview.
-------------------------------------------------------------------
Sun Oct 2 16:13:59 UTC 2016 - ecsos@opensuse.org

View File

@ -19,29 +19,27 @@
%define gnutls_sover 30
%define gnutlsxx_sover 28
%bcond_without gnutls_openssl_compat
%bcond_without dane
%bcond_with tpm
%bcond_without guile
%if %{with gnutls_openssl_compat}
%define gnutls_ossl_sover 27
%endif
%bcond_without dane
%if %{with dane}
%define gnutls_dane_sover 0
%endif
%bcond_with tpm
%bcond_without guile
Name: gnutls
Version: 3.4.15
Version: 3.5.7
Release: 0
Summary: The GNU Transport Layer Security Library
License: LGPL-2.1+ and GPL-3.0+
Group: Productivity/Networking/Security
Url: http://www.gnutls.org/
Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/%{name}-%{version}.tar.xz
Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/%{name}-%{version}.tar.xz
# signature is checked by source services.
Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/%{name}-%{version}.tar.xz.sig
Source2: %name.keyring
Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/%{name}-%{version}.tar.xz.sig
Source2: %{name}.keyring
Source3: baselibs.conf
BuildRequires: autogen
BuildRequires: automake
BuildRequires: datefudge
@ -49,8 +47,14 @@ BuildRequires: fdupes
BuildRequires: gcc-c++
BuildRequires: libidn-devel
BuildRequires: libnettle-devel >= 3.1
BuildRequires: libtasn1-devel >= 4.3
BuildRequires: libtasn1-devel >= 4.9
BuildRequires: libtool
BuildRequires: libunistring-devel
BuildRequires: p11-kit-devel >= 0.23.1
BuildRequires: pkgconfig
BuildRequires: xz
BuildRequires: zlib-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if 0%{?suse_version} <= 1320
BuildRequires: net-tools
%else
@ -60,12 +64,12 @@ BuildRequires: net-tools-deprecated
BuildRequires: trousers-devel
%endif
%if %{with dane}
Requires: libgnutls-dane%{gnutls_dane_sover} = %{version}
%if 0%{?suse_version} <= 1320
BuildRequires: unbound-devel
%else
BuildRequires: libunbound-devel
%endif
Requires: libgnutls-dane%{gnutls_dane_sover} = %{version}
%endif
%if %{with guile}
BuildRequires: guile-devel
@ -73,18 +77,13 @@ BuildRequires: guile-devel
# disabled ppc - valgrind crashes on email cert tests currently. Marcus 20150413
# disabled armv7l - valgrind appears to mishandle some insns
# disabled aarch64 - valgrind mishandles exclusive load/store causing deadlocks
%ifarch %ix86 x86_64 ppc64 s390x ppc64le
%ifarch %{ix86} x86_64 ppc64 s390x ppc64le
# disabled all, valgrind breaks tests in 3.4.4
#BuildRequires: valgrind
%endif
%if %suse_version >= 1230
%if 0%{?suse_version} >= 1230
BuildRequires: makeinfo
%endif
BuildRequires: p11-kit-devel >= 0.23.1
BuildRequires: pkg-config
BuildRequires: xz
BuildRequires: zlib-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
The GnuTLS project aims to develop a library that provides a secure
@ -109,7 +108,7 @@ Group: Productivity/Networking/Security
%description -n libgnutls-dane%{gnutls_dane_sover}
The GnuTLS project aims to develop a library that provides a secure
layer over a reliable transport layer.
layer over a reliable transport layer.
This package contains the "DANE" part of gnutls.
%endif
@ -124,7 +123,6 @@ layer over a reliable transport layer. Currently the GnuTLS library
implements the proposed standards of the IETF's TLS working group.
%if %{with gnutls_openssl_compat}
%package -n libgnutls-openssl%{gnutls_ossl_sover}
Summary: The GNU Transport Layer Security Library
License: GPL-3.0+
@ -141,9 +139,10 @@ implements the proposed standards of the IETF's TLS working group.
Summary: Development package for gnutls
License: LGPL-2.1+
Group: Development/Libraries/C and C++
PreReq: %install_info_prereq
Requires: glibc-devel
Requires: libgnutls%{gnutls_sover} = %{version}
# FIXME: use proper Requires(pre/post/preun/...)
PreReq: %{install_info_prereq}
Provides: gnutls-devel = %{version}-%{release}
%description -n libgnutls-devel
@ -164,15 +163,15 @@ Files needed for software development using gnutls.
Summary: Development package for gnutls
License: LGPL-2.1+
Group: Development/Libraries/C and C++
PreReq: %install_info_prereq
Requires: libgnutls-devel = %{version}
Requires: libgnutlsxx%{gnutlsxx_sover} = %{version}
Requires: libstdc++-devel
# FIXME: use proper Requires(pre/post/preun/...)
PreReq: %{install_info_prereq}
%description -n libgnutlsxx-devel
Files needed for software development using gnutls.
%package -n libgnutls-openssl-devel
Summary: Development package for gnutls
License: GPL-3.0+
@ -201,8 +200,8 @@ GnuTLS Wrappers for GNU Guile - dialect of scheme.
%build
export LDFLAGS="-pie"
export CFLAGS="$RPM_OPT_FLAGS -fPIE"
export CXXFLAGS="$RPM_OPT_FLAGS -fPIE"
export CFLAGS="%{optflags} -fPIE"
export CXXFLAGS="%{optflags} -fPIE"
autoreconf -if
%configure \
gl_cv_func_printf_directive_n=yes \
@ -212,14 +211,14 @@ autoreconf -if
--disable-rpath \
--disable-srp \
--disable-silent-rules \
--with-default-trust-store-dir=/var/lib/ca-certificates/pem \
--with-default-trust-store-dir=%{_localstatedir}/lib/ca-certificates/pem \
--with-sysroot=/%{?_sysroot} \
--with-guile-site-dir=no \
%if %{without tpm}
--without-tpm \
%endif
%if %{with dane}
--with-unbound-root-key-file=/var/lib/unbound/root.key \
--with-unbound-root-key-file=%{_localstatedir}/lib/unbound/root.key \
%else
--disable-libdane \
%endif
@ -227,21 +226,21 @@ autoreconf -if
--enable-openssl-compatibility \
%endif
%{nil}
%__make
make %{?_smp_mflags}
%install
%make_install
rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot
# Do not package static libs and libtool files
rm -f %{buildroot}%{_libdir}/*.la
find %{buildroot} -type f -name "*.la" -delete -print
# install docs
%__mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/
%__cp doc/gnutls.html doc/*.png doc/gnutls.pdf %{buildroot}%{_docdir}/libgnutls-devel/
%__mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/reference
%__cp doc/reference/html/* %{buildroot}%{_docdir}/libgnutls-devel/reference/
%__mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/examples
%__cp doc/examples/*.{c,h} %{buildroot}%{_docdir}/libgnutls-devel/examples/
mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/
cp doc/gnutls.html doc/*.png doc/gnutls.pdf %{buildroot}%{_docdir}/libgnutls-devel/
mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/reference
cp doc/reference/html/* %{buildroot}%{_docdir}/libgnutls-devel/reference/
mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/examples
cp doc/examples/*.{c,h} %{buildroot}%{_docdir}/libgnutls-devel/examples/
# PNG files are replaced with the compressed files and that breaks
# deduplication, this is workaround
@ -252,14 +251,13 @@ find %{buildroot}%{_datadir} -name '*.png' -exec gzip -9 {} +
%check
%if ! 0%{?qemu_user_space_build}
%__make check || {
make %{?_smp_mflags} check || {
find -name test-suite.log -print -exec cat {} \;
exit 1
}
%endif
%post -n libgnutls%{gnutls_sover} -p /sbin/ldconfig
%postun -n libgnutls%{gnutls_sover} -p /sbin/ldconfig
%if %{with dane}
@ -268,12 +266,10 @@ find %{buildroot}%{_datadir} -name '*.png' -exec gzip -9 {} +
%endif
%post -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig
%postun -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig
%if %{with gnutls_openssl_compat}
%post -n libgnutls-openssl%{gnutls_ossl_sover} -p /sbin/ldconfig
%postun -n libgnutls-openssl%{gnutls_ossl_sover} -p /sbin/ldconfig
%endif
@ -285,9 +281,8 @@ find %{buildroot}%{_datadir} -name '*.png' -exec gzip -9 {} +
%files -f libgnutls.lang
%defattr(-, root, root)
%doc THANKS README NEWS ChangeLog COPYING COPYING.LESSER AUTHORS doc/TODO
%doc THANKS README.md NEWS ChangeLog LICENSE AUTHORS doc/TODO
%{_bindir}/certtool
%{_bindir}/crywrap
%{_bindir}/gnutls-cli
%{_bindir}/gnutls-cli-debug
%{_bindir}/gnutls-serv
@ -337,6 +332,7 @@ find %{buildroot}%{_datadir} -name '*.png' -exec gzip -9 {} +
%{_includedir}/%{name}/pkcs11.h
%{_includedir}/%{name}/pkcs12.h
%{_includedir}/%{name}/self-test.h
%{_includedir}/%{name}/socket.h
%{_includedir}/%{name}/x509.h
%{_includedir}/%{name}/x509-ext.h
%{_includedir}/%{name}/tpm.h
@ -345,7 +341,7 @@ find %{buildroot}%{_datadir} -name '*.png' -exec gzip -9 {} +
%{_libdir}/libgnutls.so
%{_libdir}/pkgconfig/gnutls.pc
%{_mandir}/man3/*
%{_infodir}/*.*
%{_infodir}/*%{ext_info}
%doc %{_docdir}/libgnutls-devel
%if %{with dane}