rpm/gnutls
SHA256
1
0
Fork 0
forked from pool/gnutls
Code Pull Requests Activity

Accepting request 447177 from Base:System

Browse Source 
1

OBS-URL: https://build.opensuse.org/request/show/447177
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=95
This commit is contained in:
Ludwig Nussel 2016-12-29 21:41:21 +00:00 committed by Git OBS Bridge
parent 342e0cae5e
commit 9d4c48404b
6 changed files with 97 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
gnutls-3.4.15.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:eb2a013905f5f2a0cbf7bcc1d20c85a50065063ee87bd33b496c4e19815e3498
size 6676480

BIN
gnutls-3.4.15.tar.xz.sig
View File

Binary file not shown.

3
gnutls-3.5.7.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:60cbfc119e6268cfa38d712621daa473298a0c5b129c0842caec4c1ed4d7861a
size 7265264

BIN
gnutls-3.5.7.tar.xz.sig Normal file
View File

Binary file not shown.

56
gnutls.changes
View File

@ -1,3 +1,59 @@
-------------------------------------------------------------------
Sun Dec 18 16:28:51 UTC 2016 - astieger@suse.com
- GnuTLS 3.5.7, the next stable branch, with the following
highlights:
* SHA3 as a certificate signature algorithm
* X25519 (formerly curve25519) for ephemeral EC diffie-hellman
key exchange
* TLS false start
* New APIs to access the Shawe-Taylor-based provable RSA and DSA
parameter generation
* Prevent the change of identity on rehandshakes by default
-------------------------------------------------------------------
Sun Dec 18 12:56:15 UTC 2016 - astieger@suse.com
- GnuTLS 3.4.17:
* libgnutls: Introduced time and constraints checks in the end
certificate in the gnutls_x509_crt_verify_data2() and
gnutls_pkcs7_verify_direct() functions.
* libgnutls: Set limits on the maximum number of alerts handled.
That is, applications using gnutls could be tricked into an
busy loop if the peer sends continuously alert messages.
Applications which set a maximum handshake time (via
gnutls_handshake_set_timeout) will eventually recover but
others may remain in a busy loops indefinitely. This is related
but not identical to CVE-2016-8610, due to the difference in
alert handling of the libraries (gnutls delegates that handling
to applications). boo#1005879
* libgnutls: Enhanced the PKCS#7 parser to allow decoding old
(pre-rfc5652) structures with arbitrary encapsulated content.
* libgnutls: Backported cipher priorities order from 3.5.x branch
That adds CHACHA20-POLY1305 ciphersuite to SECURE priority
strings.
* certtool: When exporting a CRQ in DER format ensure no text data
are intermixed.
* API and ABI modifications:
gnutls_pkcs7_get_embedded_data_oid: Added
- includes changes from 3.4.16:
* libgnutls: Ensure proper cleanups on
gnutls_certificate_set_*key() failures due to key mismatch.
This prevents leaks or double freeing on such failures.
* libgnutls: Increased the maximum size of the handshake message
hash. This will allow the library to cope better with larger
packets, as the ones offered by current TLS 1.3 drafts.
* libgnutls: Allow to use client certificates despite them
containing disallowed algorithms for a session. That allows for
example a client to use DSA-SHA1 due to his old DSA
certificate, without requiring him to enable DSA-SHA1 (and thus
make it acceptable for the server's certificate).
* guile: Backported all improvements from 3.5.x branch.
* guile: Update code to the I/O port API of Guile >= 2.1.4
This makes sure the GnuTLS bindings will work with the
forthcoming 2.2 stable series of Guile, of which 2.1 is a
preview.
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Oct 2 16:13:59 UTC 2016 - ecsos@opensuse.org Sun Oct 2 16:13:59 UTC 2016 - ecsos@opensuse.org

80
gnutls.spec
View File

@ -19,29 +19,27 @@
%define gnutls_sover 30 %define gnutls_sover 30
%define gnutlsxx_sover 28 %define gnutlsxx_sover 28
%bcond_without gnutls_openssl_compat %bcond_without gnutls_openssl_compat
%bcond_without dane
%bcond_with tpm
%bcond_without guile
%if %{with gnutls_openssl_compat} %if %{with gnutls_openssl_compat}
%define gnutls_ossl_sover 27 %define gnutls_ossl_sover 27
%endif %endif
%bcond_without dane
%if %{with dane} %if %{with dane}
%define gnutls_dane_sover 0 %define gnutls_dane_sover 0
%endif %endif
%bcond_with tpm
%bcond_without guile
Name: gnutls Name: gnutls
Version: 3.4.15 Version: 3.5.7
Release: 0 Release: 0
Summary: The GNU Transport Layer Security Library Summary: The GNU Transport Layer Security Library
License: LGPL-2.1+ and GPL-3.0+ License: LGPL-2.1+ and GPL-3.0+
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
Url: http://www.gnutls.org/ Url: http://www.gnutls.org/
Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/%{name}-%{version}.tar.xz Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/%{name}-%{version}.tar.xz
# signature is checked by source services. # signature is checked by source services.
Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/%{name}-%{version}.tar.xz.sig Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/%{name}-%{version}.tar.xz.sig
Source2: %name.keyring Source2: %{name}.keyring
Source3: baselibs.conf Source3: baselibs.conf
BuildRequires: autogen BuildRequires: autogen
BuildRequires: automake BuildRequires: automake
BuildRequires: datefudge BuildRequires: datefudge
@ -49,8 +47,14 @@ BuildRequires: fdupes
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: libidn-devel BuildRequires: libidn-devel
BuildRequires: libnettle-devel >= 3.1 BuildRequires: libnettle-devel >= 3.1
BuildRequires: libtasn1-devel >= 4.3 BuildRequires: libtasn1-devel >= 4.9
BuildRequires: libtool BuildRequires: libtool
BuildRequires: libunistring-devel
BuildRequires: p11-kit-devel >= 0.23.1
BuildRequires: pkgconfig
BuildRequires: xz
BuildRequires: zlib-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if 0%{?suse_version} <= 1320 %if 0%{?suse_version} <= 1320
BuildRequires: net-tools BuildRequires: net-tools
%else %else
@ -60,12 +64,12 @@ BuildRequires: net-tools-deprecated
BuildRequires: trousers-devel BuildRequires: trousers-devel
%endif %endif
%if %{with dane} %if %{with dane}
Requires: libgnutls-dane%{gnutls_dane_sover} = %{version}
%if 0%{?suse_version} <= 1320 %if 0%{?suse_version} <= 1320
BuildRequires: unbound-devel BuildRequires: unbound-devel
%else %else
BuildRequires: libunbound-devel BuildRequires: libunbound-devel
%endif %endif
Requires: libgnutls-dane%{gnutls_dane_sover} = %{version}
%endif %endif
%if %{with guile} %if %{with guile}
BuildRequires: guile-devel BuildRequires: guile-devel
@ -73,18 +77,13 @@ BuildRequires: guile-devel
# disabled ppc - valgrind crashes on email cert tests currently. Marcus 20150413 # disabled ppc - valgrind crashes on email cert tests currently. Marcus 20150413
# disabled armv7l - valgrind appears to mishandle some insns # disabled armv7l - valgrind appears to mishandle some insns
# disabled aarch64 - valgrind mishandles exclusive load/store causing deadlocks # disabled aarch64 - valgrind mishandles exclusive load/store causing deadlocks
%ifarch %ix86 x86_64 ppc64 s390x ppc64le %ifarch %{ix86} x86_64 ppc64 s390x ppc64le
# disabled all, valgrind breaks tests in 3.4.4 # disabled all, valgrind breaks tests in 3.4.4
#BuildRequires: valgrind #BuildRequires: valgrind
%endif %endif
%if %suse_version >= 1230 %if 0%{?suse_version} >= 1230
BuildRequires: makeinfo BuildRequires: makeinfo
%endif %endif
BuildRequires: p11-kit-devel >= 0.23.1
BuildRequires: pkg-config
BuildRequires: xz
BuildRequires: zlib-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description %description
The GnuTLS project aims to develop a library that provides a secure The GnuTLS project aims to develop a library that provides a secure
@ -109,7 +108,7 @@ Group: Productivity/Networking/Security
%description -n libgnutls-dane%{gnutls_dane_sover} %description -n libgnutls-dane%{gnutls_dane_sover}
The GnuTLS project aims to develop a library that provides a secure The GnuTLS project aims to develop a library that provides a secure
layer over a reliable transport layer. layer over a reliable transport layer.
This package contains the "DANE" part of gnutls. This package contains the "DANE" part of gnutls.
%endif %endif
@ -124,7 +123,6 @@ layer over a reliable transport layer. Currently the GnuTLS library
implements the proposed standards of the IETF's TLS working group. implements the proposed standards of the IETF's TLS working group.
%if %{with gnutls_openssl_compat} %if %{with gnutls_openssl_compat}
%package -n libgnutls-openssl%{gnutls_ossl_sover} %package -n libgnutls-openssl%{gnutls_ossl_sover}
Summary: The GNU Transport Layer Security Library Summary: The GNU Transport Layer Security Library
License: GPL-3.0+ License: GPL-3.0+
@ -141,9 +139,10 @@ implements the proposed standards of the IETF's TLS working group.
Summary: Development package for gnutls Summary: Development package for gnutls
License: LGPL-2.1+ License: LGPL-2.1+
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
PreReq: %install_info_prereq
Requires: glibc-devel Requires: glibc-devel
Requires: libgnutls%{gnutls_sover} = %{version} Requires: libgnutls%{gnutls_sover} = %{version}
# FIXME: use proper Requires(pre/post/preun/...)
PreReq: %{install_info_prereq}
Provides: gnutls-devel = %{version}-%{release} Provides: gnutls-devel = %{version}-%{release}
%description -n libgnutls-devel %description -n libgnutls-devel
@ -164,15 +163,15 @@ Files needed for software development using gnutls.
Summary: Development package for gnutls Summary: Development package for gnutls
License: LGPL-2.1+ License: LGPL-2.1+
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
PreReq: %install_info_prereq
Requires: libgnutls-devel = %{version} Requires: libgnutls-devel = %{version}
Requires: libgnutlsxx%{gnutlsxx_sover} = %{version} Requires: libgnutlsxx%{gnutlsxx_sover} = %{version}
Requires: libstdc++-devel Requires: libstdc++-devel
# FIXME: use proper Requires(pre/post/preun/...)
PreReq: %{install_info_prereq}
%description -n libgnutlsxx-devel %description -n libgnutlsxx-devel
Files needed for software development using gnutls. Files needed for software development using gnutls.
%package -n libgnutls-openssl-devel %package -n libgnutls-openssl-devel
Summary: Development package for gnutls Summary: Development package for gnutls
License: GPL-3.0+ License: GPL-3.0+
@ -201,8 +200,8 @@ GnuTLS Wrappers for GNU Guile - dialect of scheme.
%build %build
export LDFLAGS="-pie" export LDFLAGS="-pie"
export CFLAGS="$RPM_OPT_FLAGS -fPIE" export CFLAGS="%{optflags} -fPIE"
export CXXFLAGS="$RPM_OPT_FLAGS -fPIE" export CXXFLAGS="%{optflags} -fPIE"
autoreconf -if autoreconf -if
%configure \ %configure \
gl_cv_func_printf_directive_n=yes \ gl_cv_func_printf_directive_n=yes \
@ -212,14 +211,14 @@ autoreconf -if
--disable-rpath \ --disable-rpath \
--disable-srp \ --disable-srp \
--disable-silent-rules \ --disable-silent-rules \
--with-default-trust-store-dir=/var/lib/ca-certificates/pem \ --with-default-trust-store-dir=%{_localstatedir}/lib/ca-certificates/pem \
--with-sysroot=/%{?_sysroot} \ --with-sysroot=/%{?_sysroot} \
--with-guile-site-dir=no \ --with-guile-site-dir=no \
%if %{without tpm} %if %{without tpm}
--without-tpm \ --without-tpm \
%endif %endif
%if %{with dane} %if %{with dane}
--with-unbound-root-key-file=/var/lib/unbound/root.key \ --with-unbound-root-key-file=%{_localstatedir}/lib/unbound/root.key \
%else %else
--disable-libdane \ --disable-libdane \
%endif %endif
@ -227,21 +226,21 @@ autoreconf -if
--enable-openssl-compatibility \ --enable-openssl-compatibility \
%endif %endif
%{nil} %{nil}
%__make make %{?_smp_mflags}
%install %install
%make_install %make_install
rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot
# Do not package static libs and libtool files # Do not package static libs and libtool files
rm -f %{buildroot}%{_libdir}/*.la find %{buildroot} -type f -name "*.la" -delete -print
# install docs # install docs
%__mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/ mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/
%__cp doc/gnutls.html doc/*.png doc/gnutls.pdf %{buildroot}%{_docdir}/libgnutls-devel/ cp doc/gnutls.html doc/*.png doc/gnutls.pdf %{buildroot}%{_docdir}/libgnutls-devel/
%__mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/reference mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/reference
%__cp doc/reference/html/* %{buildroot}%{_docdir}/libgnutls-devel/reference/ cp doc/reference/html/* %{buildroot}%{_docdir}/libgnutls-devel/reference/
%__mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/examples mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/examples
%__cp doc/examples/*.{c,h} %{buildroot}%{_docdir}/libgnutls-devel/examples/ cp doc/examples/*.{c,h} %{buildroot}%{_docdir}/libgnutls-devel/examples/
# PNG files are replaced with the compressed files and that breaks # PNG files are replaced with the compressed files and that breaks
# deduplication, this is workaround # deduplication, this is workaround
@ -252,14 +251,13 @@ find %{buildroot}%{_datadir} -name '*.png' -exec gzip -9 {} +
%check %check
%if ! 0%{?qemu_user_space_build} %if ! 0%{?qemu_user_space_build}
%__make check || { make %{?_smp_mflags} check || {
find -name test-suite.log -print -exec cat {} \; find -name test-suite.log -print -exec cat {} \;
exit 1 exit 1
} }
%endif %endif
%post -n libgnutls%{gnutls_sover} -p /sbin/ldconfig %post -n libgnutls%{gnutls_sover} -p /sbin/ldconfig
%postun -n libgnutls%{gnutls_sover} -p /sbin/ldconfig %postun -n libgnutls%{gnutls_sover} -p /sbin/ldconfig
%if %{with dane} %if %{with dane}
@ -268,12 +266,10 @@ find %{buildroot}%{_datadir} -name '*.png' -exec gzip -9 {} +
%endif %endif
%post -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig %post -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig
%postun -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig %postun -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig
%if %{with gnutls_openssl_compat} %if %{with gnutls_openssl_compat}
%post -n libgnutls-openssl%{gnutls_ossl_sover} -p /sbin/ldconfig %post -n libgnutls-openssl%{gnutls_ossl_sover} -p /sbin/ldconfig
%postun -n libgnutls-openssl%{gnutls_ossl_sover} -p /sbin/ldconfig %postun -n libgnutls-openssl%{gnutls_ossl_sover} -p /sbin/ldconfig
%endif %endif
@ -285,9 +281,8 @@ find %{buildroot}%{_datadir} -name '*.png' -exec gzip -9 {} +
%files -f libgnutls.lang %files -f libgnutls.lang
%defattr(-, root, root) %defattr(-, root, root)
%doc THANKS README NEWS ChangeLog COPYING COPYING.LESSER AUTHORS doc/TODO %doc THANKS README.md NEWS ChangeLog LICENSE AUTHORS doc/TODO
%{_bindir}/certtool %{_bindir}/certtool
%{_bindir}/crywrap
%{_bindir}/gnutls-cli %{_bindir}/gnutls-cli
%{_bindir}/gnutls-cli-debug %{_bindir}/gnutls-cli-debug
%{_bindir}/gnutls-serv %{_bindir}/gnutls-serv
@ -337,6 +332,7 @@ find %{buildroot}%{_datadir} -name '*.png' -exec gzip -9 {} +
%{_includedir}/%{name}/pkcs11.h %{_includedir}/%{name}/pkcs11.h
%{_includedir}/%{name}/pkcs12.h %{_includedir}/%{name}/pkcs12.h
%{_includedir}/%{name}/self-test.h %{_includedir}/%{name}/self-test.h
%{_includedir}/%{name}/socket.h
%{_includedir}/%{name}/x509.h %{_includedir}/%{name}/x509.h
%{_includedir}/%{name}/x509-ext.h %{_includedir}/%{name}/x509-ext.h
%{_includedir}/%{name}/tpm.h %{_includedir}/%{name}/tpm.h
@ -345,7 +341,7 @@ find %{buildroot}%{_datadir} -name '*.png' -exec gzip -9 {} +
%{_libdir}/libgnutls.so %{_libdir}/libgnutls.so
%{_libdir}/pkgconfig/gnutls.pc %{_libdir}/pkgconfig/gnutls.pc
%{_mandir}/man3/* %{_mandir}/man3/*
%{_infodir}/*.* %{_infodir}/*%{ext_info}
%doc %{_docdir}/libgnutls-devel %doc %{_docdir}/libgnutls-devel
%if %{with dane} %if %{with dane}