forked from pool/gnutls
Accepting request 447177 from Base:System
1 OBS-URL: https://build.opensuse.org/request/show/447177 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=95
This commit is contained in:
parent
342e0cae5e
commit
9d4c48404b
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:eb2a013905f5f2a0cbf7bcc1d20c85a50065063ee87bd33b496c4e19815e3498
|
||||
size 6676480
|
Binary file not shown.
3
gnutls-3.5.7.tar.xz
Normal file
3
gnutls-3.5.7.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:60cbfc119e6268cfa38d712621daa473298a0c5b129c0842caec4c1ed4d7861a
|
||||
size 7265264
|
BIN
gnutls-3.5.7.tar.xz.sig
Normal file
BIN
gnutls-3.5.7.tar.xz.sig
Normal file
Binary file not shown.
@ -1,3 +1,59 @@
|
||||
-------------------------------------------------------------------
|
||||
Sun Dec 18 16:28:51 UTC 2016 - astieger@suse.com
|
||||
|
||||
- GnuTLS 3.5.7, the next stable branch, with the following
|
||||
highlights:
|
||||
* SHA3 as a certificate signature algorithm
|
||||
* X25519 (formerly curve25519) for ephemeral EC diffie-hellman
|
||||
key exchange
|
||||
* TLS false start
|
||||
* New APIs to access the Shawe-Taylor-based provable RSA and DSA
|
||||
parameter generation
|
||||
* Prevent the change of identity on rehandshakes by default
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Dec 18 12:56:15 UTC 2016 - astieger@suse.com
|
||||
|
||||
- GnuTLS 3.4.17:
|
||||
* libgnutls: Introduced time and constraints checks in the end
|
||||
certificate in the gnutls_x509_crt_verify_data2() and
|
||||
gnutls_pkcs7_verify_direct() functions.
|
||||
* libgnutls: Set limits on the maximum number of alerts handled.
|
||||
That is, applications using gnutls could be tricked into an
|
||||
busy loop if the peer sends continuously alert messages.
|
||||
Applications which set a maximum handshake time (via
|
||||
gnutls_handshake_set_timeout) will eventually recover but
|
||||
others may remain in a busy loops indefinitely. This is related
|
||||
but not identical to CVE-2016-8610, due to the difference in
|
||||
alert handling of the libraries (gnutls delegates that handling
|
||||
to applications). boo#1005879
|
||||
* libgnutls: Enhanced the PKCS#7 parser to allow decoding old
|
||||
(pre-rfc5652) structures with arbitrary encapsulated content.
|
||||
* libgnutls: Backported cipher priorities order from 3.5.x branch
|
||||
That adds CHACHA20-POLY1305 ciphersuite to SECURE priority
|
||||
strings.
|
||||
* certtool: When exporting a CRQ in DER format ensure no text data
|
||||
are intermixed.
|
||||
* API and ABI modifications:
|
||||
gnutls_pkcs7_get_embedded_data_oid: Added
|
||||
- includes changes from 3.4.16:
|
||||
* libgnutls: Ensure proper cleanups on
|
||||
gnutls_certificate_set_*key() failures due to key mismatch.
|
||||
This prevents leaks or double freeing on such failures.
|
||||
* libgnutls: Increased the maximum size of the handshake message
|
||||
hash. This will allow the library to cope better with larger
|
||||
packets, as the ones offered by current TLS 1.3 drafts.
|
||||
* libgnutls: Allow to use client certificates despite them
|
||||
containing disallowed algorithms for a session. That allows for
|
||||
example a client to use DSA-SHA1 due to his old DSA
|
||||
certificate, without requiring him to enable DSA-SHA1 (and thus
|
||||
make it acceptable for the server's certificate).
|
||||
* guile: Backported all improvements from 3.5.x branch.
|
||||
* guile: Update code to the I/O port API of Guile >= 2.1.4
|
||||
This makes sure the GnuTLS bindings will work with the
|
||||
forthcoming 2.2 stable series of Guile, of which 2.1 is a
|
||||
preview.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Oct 2 16:13:59 UTC 2016 - ecsos@opensuse.org
|
||||
|
||||
|
80
gnutls.spec
80
gnutls.spec
@ -19,29 +19,27 @@
|
||||
%define gnutls_sover 30
|
||||
%define gnutlsxx_sover 28
|
||||
%bcond_without gnutls_openssl_compat
|
||||
%bcond_without dane
|
||||
%bcond_with tpm
|
||||
%bcond_without guile
|
||||
%if %{with gnutls_openssl_compat}
|
||||
%define gnutls_ossl_sover 27
|
||||
%endif
|
||||
%bcond_without dane
|
||||
%if %{with dane}
|
||||
%define gnutls_dane_sover 0
|
||||
%endif
|
||||
%bcond_with tpm
|
||||
%bcond_without guile
|
||||
|
||||
Name: gnutls
|
||||
Version: 3.4.15
|
||||
Version: 3.5.7
|
||||
Release: 0
|
||||
Summary: The GNU Transport Layer Security Library
|
||||
License: LGPL-2.1+ and GPL-3.0+
|
||||
Group: Productivity/Networking/Security
|
||||
Url: http://www.gnutls.org/
|
||||
Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/%{name}-%{version}.tar.xz
|
||||
Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/%{name}-%{version}.tar.xz
|
||||
# signature is checked by source services.
|
||||
Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/%{name}-%{version}.tar.xz.sig
|
||||
Source2: %name.keyring
|
||||
Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/%{name}-%{version}.tar.xz.sig
|
||||
Source2: %{name}.keyring
|
||||
Source3: baselibs.conf
|
||||
|
||||
BuildRequires: autogen
|
||||
BuildRequires: automake
|
||||
BuildRequires: datefudge
|
||||
@ -49,8 +47,14 @@ BuildRequires: fdupes
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: libidn-devel
|
||||
BuildRequires: libnettle-devel >= 3.1
|
||||
BuildRequires: libtasn1-devel >= 4.3
|
||||
BuildRequires: libtasn1-devel >= 4.9
|
||||
BuildRequires: libtool
|
||||
BuildRequires: libunistring-devel
|
||||
BuildRequires: p11-kit-devel >= 0.23.1
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: xz
|
||||
BuildRequires: zlib-devel
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
%if 0%{?suse_version} <= 1320
|
||||
BuildRequires: net-tools
|
||||
%else
|
||||
@ -60,12 +64,12 @@ BuildRequires: net-tools-deprecated
|
||||
BuildRequires: trousers-devel
|
||||
%endif
|
||||
%if %{with dane}
|
||||
Requires: libgnutls-dane%{gnutls_dane_sover} = %{version}
|
||||
%if 0%{?suse_version} <= 1320
|
||||
BuildRequires: unbound-devel
|
||||
%else
|
||||
BuildRequires: libunbound-devel
|
||||
%endif
|
||||
Requires: libgnutls-dane%{gnutls_dane_sover} = %{version}
|
||||
%endif
|
||||
%if %{with guile}
|
||||
BuildRequires: guile-devel
|
||||
@ -73,18 +77,13 @@ BuildRequires: guile-devel
|
||||
# disabled ppc - valgrind crashes on email cert tests currently. Marcus 20150413
|
||||
# disabled armv7l - valgrind appears to mishandle some insns
|
||||
# disabled aarch64 - valgrind mishandles exclusive load/store causing deadlocks
|
||||
%ifarch %ix86 x86_64 ppc64 s390x ppc64le
|
||||
%ifarch %{ix86} x86_64 ppc64 s390x ppc64le
|
||||
# disabled all, valgrind breaks tests in 3.4.4
|
||||
#BuildRequires: valgrind
|
||||
%endif
|
||||
%if %suse_version >= 1230
|
||||
%if 0%{?suse_version} >= 1230
|
||||
BuildRequires: makeinfo
|
||||
%endif
|
||||
BuildRequires: p11-kit-devel >= 0.23.1
|
||||
BuildRequires: pkg-config
|
||||
BuildRequires: xz
|
||||
BuildRequires: zlib-devel
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
%description
|
||||
The GnuTLS project aims to develop a library that provides a secure
|
||||
@ -109,7 +108,7 @@ Group: Productivity/Networking/Security
|
||||
|
||||
%description -n libgnutls-dane%{gnutls_dane_sover}
|
||||
The GnuTLS project aims to develop a library that provides a secure
|
||||
layer over a reliable transport layer.
|
||||
layer over a reliable transport layer.
|
||||
This package contains the "DANE" part of gnutls.
|
||||
%endif
|
||||
|
||||
@ -124,7 +123,6 @@ layer over a reliable transport layer. Currently the GnuTLS library
|
||||
implements the proposed standards of the IETF's TLS working group.
|
||||
|
||||
%if %{with gnutls_openssl_compat}
|
||||
|
||||
%package -n libgnutls-openssl%{gnutls_ossl_sover}
|
||||
Summary: The GNU Transport Layer Security Library
|
||||
License: GPL-3.0+
|
||||
@ -141,9 +139,10 @@ implements the proposed standards of the IETF's TLS working group.
|
||||
Summary: Development package for gnutls
|
||||
License: LGPL-2.1+
|
||||
Group: Development/Libraries/C and C++
|
||||
PreReq: %install_info_prereq
|
||||
Requires: glibc-devel
|
||||
Requires: libgnutls%{gnutls_sover} = %{version}
|
||||
# FIXME: use proper Requires(pre/post/preun/...)
|
||||
PreReq: %{install_info_prereq}
|
||||
Provides: gnutls-devel = %{version}-%{release}
|
||||
|
||||
%description -n libgnutls-devel
|
||||
@ -164,15 +163,15 @@ Files needed for software development using gnutls.
|
||||
Summary: Development package for gnutls
|
||||
License: LGPL-2.1+
|
||||
Group: Development/Libraries/C and C++
|
||||
PreReq: %install_info_prereq
|
||||
Requires: libgnutls-devel = %{version}
|
||||
Requires: libgnutlsxx%{gnutlsxx_sover} = %{version}
|
||||
Requires: libstdc++-devel
|
||||
# FIXME: use proper Requires(pre/post/preun/...)
|
||||
PreReq: %{install_info_prereq}
|
||||
|
||||
%description -n libgnutlsxx-devel
|
||||
Files needed for software development using gnutls.
|
||||
|
||||
|
||||
%package -n libgnutls-openssl-devel
|
||||
Summary: Development package for gnutls
|
||||
License: GPL-3.0+
|
||||
@ -201,8 +200,8 @@ GnuTLS Wrappers for GNU Guile - dialect of scheme.
|
||||
|
||||
%build
|
||||
export LDFLAGS="-pie"
|
||||
export CFLAGS="$RPM_OPT_FLAGS -fPIE"
|
||||
export CXXFLAGS="$RPM_OPT_FLAGS -fPIE"
|
||||
export CFLAGS="%{optflags} -fPIE"
|
||||
export CXXFLAGS="%{optflags} -fPIE"
|
||||
autoreconf -if
|
||||
%configure \
|
||||
gl_cv_func_printf_directive_n=yes \
|
||||
@ -212,14 +211,14 @@ autoreconf -if
|
||||
--disable-rpath \
|
||||
--disable-srp \
|
||||
--disable-silent-rules \
|
||||
--with-default-trust-store-dir=/var/lib/ca-certificates/pem \
|
||||
--with-default-trust-store-dir=%{_localstatedir}/lib/ca-certificates/pem \
|
||||
--with-sysroot=/%{?_sysroot} \
|
||||
--with-guile-site-dir=no \
|
||||
%if %{without tpm}
|
||||
--without-tpm \
|
||||
%endif
|
||||
%if %{with dane}
|
||||
--with-unbound-root-key-file=/var/lib/unbound/root.key \
|
||||
--with-unbound-root-key-file=%{_localstatedir}/lib/unbound/root.key \
|
||||
%else
|
||||
--disable-libdane \
|
||||
%endif
|
||||
@ -227,21 +226,21 @@ autoreconf -if
|
||||
--enable-openssl-compatibility \
|
||||
%endif
|
||||
%{nil}
|
||||
%__make
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
%make_install
|
||||
rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot
|
||||
# Do not package static libs and libtool files
|
||||
rm -f %{buildroot}%{_libdir}/*.la
|
||||
find %{buildroot} -type f -name "*.la" -delete -print
|
||||
|
||||
# install docs
|
||||
%__mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/
|
||||
%__cp doc/gnutls.html doc/*.png doc/gnutls.pdf %{buildroot}%{_docdir}/libgnutls-devel/
|
||||
%__mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/reference
|
||||
%__cp doc/reference/html/* %{buildroot}%{_docdir}/libgnutls-devel/reference/
|
||||
%__mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/examples
|
||||
%__cp doc/examples/*.{c,h} %{buildroot}%{_docdir}/libgnutls-devel/examples/
|
||||
mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/
|
||||
cp doc/gnutls.html doc/*.png doc/gnutls.pdf %{buildroot}%{_docdir}/libgnutls-devel/
|
||||
mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/reference
|
||||
cp doc/reference/html/* %{buildroot}%{_docdir}/libgnutls-devel/reference/
|
||||
mkdir -p %{buildroot}%{_docdir}/libgnutls-devel/examples
|
||||
cp doc/examples/*.{c,h} %{buildroot}%{_docdir}/libgnutls-devel/examples/
|
||||
|
||||
# PNG files are replaced with the compressed files and that breaks
|
||||
# deduplication, this is workaround
|
||||
@ -252,14 +251,13 @@ find %{buildroot}%{_datadir} -name '*.png' -exec gzip -9 {} +
|
||||
|
||||
%check
|
||||
%if ! 0%{?qemu_user_space_build}
|
||||
%__make check || {
|
||||
make %{?_smp_mflags} check || {
|
||||
find -name test-suite.log -print -exec cat {} \;
|
||||
exit 1
|
||||
}
|
||||
%endif
|
||||
|
||||
%post -n libgnutls%{gnutls_sover} -p /sbin/ldconfig
|
||||
|
||||
%postun -n libgnutls%{gnutls_sover} -p /sbin/ldconfig
|
||||
|
||||
%if %{with dane}
|
||||
@ -268,12 +266,10 @@ find %{buildroot}%{_datadir} -name '*.png' -exec gzip -9 {} +
|
||||
%endif
|
||||
|
||||
%post -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig
|
||||
|
||||
%postun -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig
|
||||
|
||||
%if %{with gnutls_openssl_compat}
|
||||
%post -n libgnutls-openssl%{gnutls_ossl_sover} -p /sbin/ldconfig
|
||||
|
||||
%postun -n libgnutls-openssl%{gnutls_ossl_sover} -p /sbin/ldconfig
|
||||
%endif
|
||||
|
||||
@ -285,9 +281,8 @@ find %{buildroot}%{_datadir} -name '*.png' -exec gzip -9 {} +
|
||||
|
||||
%files -f libgnutls.lang
|
||||
%defattr(-, root, root)
|
||||
%doc THANKS README NEWS ChangeLog COPYING COPYING.LESSER AUTHORS doc/TODO
|
||||
%doc THANKS README.md NEWS ChangeLog LICENSE AUTHORS doc/TODO
|
||||
%{_bindir}/certtool
|
||||
%{_bindir}/crywrap
|
||||
%{_bindir}/gnutls-cli
|
||||
%{_bindir}/gnutls-cli-debug
|
||||
%{_bindir}/gnutls-serv
|
||||
@ -337,6 +332,7 @@ find %{buildroot}%{_datadir} -name '*.png' -exec gzip -9 {} +
|
||||
%{_includedir}/%{name}/pkcs11.h
|
||||
%{_includedir}/%{name}/pkcs12.h
|
||||
%{_includedir}/%{name}/self-test.h
|
||||
%{_includedir}/%{name}/socket.h
|
||||
%{_includedir}/%{name}/x509.h
|
||||
%{_includedir}/%{name}/x509-ext.h
|
||||
%{_includedir}/%{name}/tpm.h
|
||||
@ -345,7 +341,7 @@ find %{buildroot}%{_datadir} -name '*.png' -exec gzip -9 {} +
|
||||
%{_libdir}/libgnutls.so
|
||||
%{_libdir}/pkgconfig/gnutls.pc
|
||||
%{_mandir}/man3/*
|
||||
%{_infodir}/*.*
|
||||
%{_infodir}/*%{ext_info}
|
||||
%doc %{_docdir}/libgnutls-devel
|
||||
|
||||
%if %{with dane}
|
||||
|
Loading…
Reference in New Issue
Block a user