diff --git a/CVE-2008-4989.patch b/CVE-2008-4989.patch deleted file mode 100644 index 06c3ed3..0000000 --- a/CVE-2008-4989.patch +++ /dev/null @@ -1,22 +0,0 @@ -Index: gnutls-2.4.1/lib/x509/verify.c -=================================================================== ---- gnutls-2.4.1.orig/lib/x509/verify.c -+++ gnutls-2.4.1/lib/x509/verify.c -@@ -414,17 +414,6 @@ _gnutls_x509_verify_certificate (const g - } - #endif - -- /* Check if the last certificate in the path is self signed. -- * In that case ignore it (a certificate is trusted only if it -- * leads to a trusted party by us, not the server's). -- */ -- if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], -- certificate_list[clist_size - 1]) > 0 -- && clist_size > 0) -- { -- clist_size--; -- } -- - /* Verify the certificate path (chain) - */ - for (i = clist_size - 1; i > 0; i--) diff --git a/gnutls-2.4.1-disable_cxx.patch b/gnutls-2.4.1-disable_cxx.patch deleted file mode 100644 index 80b1908..0000000 --- a/gnutls-2.4.1-disable_cxx.patch +++ /dev/null @@ -1,39 +0,0 @@ -commit 6d9c52778b359c35cfe157156d27915227e59c5e -Author: Simon Josefsson -Date: Thu Jun 19 13:48:53 2008 +0200 - - Disable C++ library if psk, srp, anon etc have been disabled. - The libgnutlsxx.cpp file calls several functions that may have been removed. - -Index: gnutls-2.4.1/configure.in -=================================================================== ---- gnutls-2.4.1.orig/configure.in 2008-07-02 19:35:02.000000000 +0200 -+++ gnutls-2.4.1/configure.in 2008-07-02 19:39:42.000000000 +0200 -@@ -113,9 +113,6 @@ if test "$use_cxx" != "no"; then - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])], use_cxx=yes, use_cxx=no) - AC_LANG_POP(C++) - fi --AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no") --AC_MSG_CHECKING([whether to build C++ library]) --AC_MSG_RESULT($use_cxx) - - AC_MSG_CHECKING([whether C99 macros are supported]) - AC_TRY_COMPILE(,[ -@@ -524,6 +521,17 @@ AC_MSG_RESULT($minitasn1_enabled) - - AM_CONDITIONAL(ENABLE_MINITASN1, test "$minitasn1_enabled" = "yes") - -+if test "$ac_full" != 1; then -+ AC_MSG_WARN([[ -+*** -+*** C++ library disabled because some parts of GnuTLS has been disabled. -+]]) -+ use_cxx=no -+fi -+AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no") -+AC_MSG_CHECKING([whether to build C++ library]) -+AC_MSG_RESULT($use_cxx) -+ - dnl Check for libcfg+ - - SAVED_LIBS=$LIBS diff --git a/gnutls-2.4.1.tar.bz2 b/gnutls-2.4.1.tar.bz2 deleted file mode 100644 index fced69f..0000000 --- a/gnutls-2.4.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d91401a6828d7300dc2b1106ff99610479aa35af05d39746cacdab8cdc7be5fd -size 4940118 diff --git a/gnutls-2.8.5.tar.bz2 b/gnutls-2.8.5.tar.bz2 new file mode 100644 index 0000000..2d0de3a --- /dev/null +++ b/gnutls-2.8.5.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9249c29df71551e302e0186f4e1876dd6cc4c6cf2974b432c22525dde815cae8 +size 6196862 diff --git a/gnutls.changes b/gnutls.changes index f5e33d1..a86b697 100644 --- a/gnutls.changes +++ b/gnutls.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Thu Feb 4 16:46:45 CET 2010 - meissner@suse.de + +- some build fixes. + +------------------------------------------------------------------- +Thu Feb 4 16:44:52 CET 2010 - per@osbeck.com + +- updated to stable 2.8.5 + +------------------------------------------------------------------- +Fri Dec 25 22:11:03 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source +- enable parallel building + +------------------------------------------------------------------- +Wed Sep 2 05:52:45 CEST 2009 - gjhe@novell.com + +- update to lastest stable version 2.8.3 + [bnc#532750] + ------------------------------------------------------------------- Fri Mar 13 13:37:15 CET 2009 - jshi@suse.de diff --git a/gnutls.spec b/gnutls.spec index 297e17f..9a187cd 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -1,7 +1,7 @@ # -# spec file for package gnutls (Version 2.4.1) +# spec file for package gnutls (Version 2.8.5) # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,14 +20,13 @@ Name: gnutls BuildRequires: gcc-c++ libgcrypt-devel libopencdk-devel -Version: 2.4.1 -Release: 25 -License: GPL v3 or later; LGPL v2.1 or later +Version: 2.8.5 +Release: 1 +License: GPLv3+ ; LGPLv2.1+ BuildRoot: %{_tmppath}/%{name}-%{version}-build Url: http://www.gnutls.org/ Source0: %name-%version.tar.bz2 -Patch1: gnutls-2.4.1-disable_cxx.patch -Patch2: CVE-2008-4989.patch +Source1: baselibs.conf Summary: The GNU Transport Layer Security Library Group: Productivity/Networking/Security AutoReqProv: on @@ -52,7 +51,7 @@ Authors: Andrew McDonald %package -n libgnutls26 -License: LGPL v2.1 or later +License: LGPLv2.1+ Summary: The GNU Transport Layer Security Library Group: Productivity/Networking/Security @@ -71,7 +70,7 @@ Authors: Andrew McDonald %package -n libgnutls-extra26 -License: GPL v3 or later +License: GPLv3+ Summary: The GNU Transport Layer Security Library Group: Productivity/Networking/Security @@ -90,7 +89,7 @@ Authors: Andrew McDonald %package -n libgnutls-devel -License: LGPL v2.1 or later +License: LGPLv2.1+ Summary: Development package for gnutls Group: Development/Libraries/C and C++ Requires: libgnutls26 = %version glibc-devel libopencdk-devel libgcrypt-devel @@ -109,7 +108,7 @@ Authors: Andrew McDonald %package -n libgnutls-extra-devel -License: GPL v3 or later +License: GPLv3+ Summary: The GNU Transport Layer Security Library Group: Development/Libraries/C and C++ Requires: libgnutls-extra26 = %version libgnutls-devel @@ -138,8 +137,8 @@ Authors: %prep %setup -q -%patch1 -p1 -%patch2 -p1 +#%patch1 -p1 +#%patch2 -p1 %build autoreconf -fi @@ -154,7 +153,7 @@ autoreconf -fi --disable-rpath \ CFLAGS="$RPM_OPT_FLAGS" \ CXXFLAGS="$RPM_OPT_FLAGS" -make +make %{?_smp_mflags} make check %install @@ -164,7 +163,7 @@ find doc/examples -perm -111 -exec rm {} \; rm -rf %{buildroot}/usr/share/locale/en@{,bold}quot # Do not package static libs and libtool files rm -f %{buildroot}%{_libdir}/*.{a,la} -%find_lang %name +%find_lang libgnutls %clean rm -rf %buildroot @@ -187,9 +186,9 @@ rm -rf %buildroot %postun -n libgnutls-devel %install_info_delete --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz -%files -f %name.lang +%files -f libgnutls.lang %defattr(-, root, root) -%doc THANKS README NEWS ChangeLog COPYING.LIB COPYING AUTHORS doc/TODO +%doc THANKS README NEWS ChangeLog COPYING AUTHORS doc/TODO %_bindir/certtool %_bindir/gnutls-cli %_bindir/gnutls-cli-debug @@ -200,6 +199,7 @@ rm -rf %buildroot %files -n libgnutls26 %defattr(-,root,root) %_libdir/libgnutls.so.26* +%_libdir/libgnutlsxx.so.26* %files -n libgnutls-extra26 %defattr(-,root,root) @@ -208,10 +208,11 @@ rm -rf %buildroot %files -n libgnutls-devel %defattr(-, root, root) -%_bindir/libgnutls-config +#%_bindir/libgnutls-config %_includedir/* %_libdir/libgnutls.so -%_datadir/aclocal/libgnutls.m4 +%_libdir/libgnutlsxx.so +#%_datadir/aclocal/libgnutls.m4 %_libdir/pkgconfig/gnutls.pc %_mandir/man3/* %_infodir/%{name}* @@ -219,289 +220,10 @@ rm -rf %buildroot %files -n libgnutls-extra-devel %defattr(-, root, root) -%_bindir/libgnutls-extra-config +#%_bindir/libgnutls-extra-config %_libdir/libgnutls-extra.so %_libdir/libgnutls-openssl.so -%_datadir/aclocal/libgnutls-extra.m4 +#%_datadir/aclocal/libgnutls-extra.m4 %_libdir/pkgconfig/gnutls-extra.pc %changelog -* Fri Mar 13 2009 jshi@suse.de -- fix security bug [bnc#457938] - new CVE-2008-4989 -* Wed Dec 10 2008 olh@suse.de -- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade - (bnc#437293) -* Fri Nov 28 2008 jshi@suse.de -- fix security bug [bnc#441856] - CVE-2008-4989 -* Thu Oct 30 2008 olh@suse.de -- obsolete old -XXbit packages (bnc#437293) -* Sat Aug 02 2008 meissner@suse.de -- run testsuite -* Thu Jul 17 2008 mkoenig@suse.de -- update to version 2.4.1 - * libgnutls: Fix local crash in gnutls_handshake - * libgnutls: Fix memory leaks when doing a re-handshake - * Fix compiler warnings - * Fix ordering of -I's to avoid opencdk.h conflict with - system headers - * srptool: Fix a problem where --verify check does not succeed -- remove C++ wrapper lib, it is not usable without SRP -- remove patch - gnutls-1.6.1-srptool.patch -* Wed Jul 02 2008 mkoenig@suse.de -- remove gnutls main package from baselibs.conf -* Thu Jun 26 2008 mkoenig@suse.de -- update to version 2.4.0 - * The OpenPGP sub-system has been improved and now supports subkeys - * The PSK sub-system has been improved and now supports password - derivation and PSK identity hints - * The certtool --inder and --outder has been replaced - by --inraw and --outraw - * New APIs to access the raw X.509 Subject and Issuer DN's and - elements from the certificate credentials structure - * New APIs to improve working with username/passwords and PSK - * Names of constants to affect certificate printing changed - * The function gnutls_openpgp_privkey_get_id has been renamed to - gnutls_openpgp_privkey_get_key_id - * API/ABI changes in GnuTLS 2.4 - All OpenPGP related functions have been moved from - libgnutls-extra to libgnutls, and several new functions have - been added -- remove SRP functionality from C++ wrapper, otherwise it cannot - be linked against it -- removed patches - gnutls-2.2.2-uninitialized.patch - gnutls-char-signedness.patch - gnutls-GNUTLS_SA_2008_1.patch -* Mon Jun 23 2008 mkoenig@suse.de -- disable SRP [bnc#65192] -* Wed May 21 2008 mkoenig@suse.de -- fix three security bugs [bnc#392947] - CVE-2008-1948 GNUTLS-SA-2008-1-1 - Fix crash when sending invalid server name - CVE-2008-1949 GNUTLS-SA-2008-1-2 - Fix crash when sending repeated client hellos - CVE-2008-1950 GNUTLS-SA-2008-1-3 - Fix crash in cipher padding decoding for invalid record lengths -* Thu May 08 2008 mkoenig@suse.de -- fix build -* Tue Apr 29 2008 cthiel@suse.de -- obsolete gnutls- via baselibs.conf -* Thu Apr 10 2008 ro@suse.de -- added baselibs.conf file to build xxbit packages - for multilib support -* Thu Apr 03 2008 mkoenig@suse.de -- update to version 2.2.2 - * Cipher priority string handling now handle strings that - starts with NULL - * Corrected memory leaks in session resuming and DHE ciphersuites - * Increased the default certificate verification chain limits and - allowed for checks without limitation - * Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name() - and gnutls_x509_crt_get_subject_alt_name() to not null terminate - binary strings and return the proper size -* Thu Jan 31 2008 mkoenig@suse.de -- update to version 2.2.1 - * Fixes the post_client_hello_function() - * Fix for certificate selection in servers with certificate callbacks - * certtool: Fixed data corruption when using --outder - * TLS authorization support removed. - * Corrected bug which did not allow a server to run without - supporting certificates - * Introduced gnutls_session_enable_compatibility_mode() - * Added gnutls_record_disable_padding() to allow servers talking to - buggy clients - * Fixed PKCS #3 parameter export - * Added support for Camellia cipher - * certtool: Add option --quick-random - * Added capability to set a callback after the client hello is - received by the server in order to adjust parameters before - the handshake - * certtool: Fixed data corruption when using --outder - * SRP was corrected to adhere to the latest draft - * Updated the DN parser - * Added support for DSA2 using libgcrypt 1.3.0 - * Removed all the trustdb code from openpgp authentication. - We now use only the well-specified keyrings - * The gnutls_certificate_set_openpgp_* functions were modified - to include the format. This makes the interface consistent with - the x509 functions - * Introduced gnutls_session_enable_compatibility_mode() - * Added gnutls_set_default_priority2() - * Added priority functions that accept strings - * certtool: Add option --disable-quick-random to enable the - old behaviour of using /dev/random to generate keys - * Added the --v1 option to certtool, to allow generating X.509 - version 1 certificates - * Fix PKCS#3 parameter export problem - * Fixed GNUTLS_E_UNKNOWN_ALGORITHM vs GNUTLS_E_UNKNOWN_HASH_ALGORITHM - * gnutls_certificate_set_x509_key_* can now read PKCS #8 unencrypted - private keys - * Introduced the GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR error code - * Added the --to-p8 option to certtool to convert private keys - to PKCS #8 keys - * Corrected bug in decompression of expanded compression data - * The gnutls_*_convert_priority() functions were deprecated - * gnutls-cli and gnutls-serv now have a --priority option - * PKCS #8 parser can now encode/decode DSA keys - * Corrected a segfault when setting an empty gnutls_priority_t - at gnutls_priority_set() - * Added gnutls_x509_crt_get_subject_alt_name2() - * The GPL version has been changed from version 2 to version 3. - This affects the self-tests, command-line tools, the libgnutls-extra - library, the relevant guile parts, and the build environment -- API and ABI modifications, library soname switch from 13 to 26 -- change package structure: - * branch off libgnutls-extra - since this is now GPLv3 or later while libgnutls remains - LGPLv2.1 or later - * gnutls license change to GPLv3 -- build without lzo support to avoid license problems - since lzo is currently GPLv2 only -- removed merged patches: - gnutls-fix_size_t.patch -* Tue Oct 23 2007 mkoenig@suse.de -- update to version 2.0.1 -- change package layout to conform shlib policy: - rename gnutls-devel -> libgnutls-devel - new subpackage libgnutls13 -- removed patches: - gnutls-1.4.4-sign-callback.patch - gnutls-1.6.1-compiler_warnings.patch -* Thu Aug 30 2007 mkoenig@suse.de -- fix srptool [#208227] -- fix some compiler warnings -* Fri Aug 03 2007 hvogel@suse.de -- Some additions for evolution smart card support -* Thu May 10 2007 mkoenig@suse.de -- Fix segfault on s390x [#97441] - gnutls-fix_size_t.patch -* Tue Jan 23 2007 mkoenig@suse.de -- update to new stable branch 1.6.1: - * Fix the list of trusted CAs that server's send to clients. - * Fix gnutls_certificate_set_x509_crl to initialize the CRL - before using it. - * Encode UID fields in DN's as DirectoryString. - * Fix ./configure failure with non-GCC compilers. - * A GnuTLS C++ library is part of the official distribution. - * New APIs for custom push/pull function error reporting. -* Tue Oct 24 2006 mkoenig@suse.de -- move developer related docs to devel package and remove - binary stuff from docs [#212454] -* Tue Sep 19 2006 mkoenig@suse.de -- update to version 1.4.4: - * bugfix release - * fixes security vulnerability [#206636] (CVE-2006-4790) -* Thu Aug 31 2006 mkoenig@suse.de -- update to new stable branch 1.4.1: - * The command line tools now use getaddrinfo and support IPv6. - * gnutls-cli can now recognize services and port numbers with - the -p option. - * Error messages are now translated using GNU Gettext. - * GnuTLS now support TLS Inner application (TLS/IA). - * API and ABI modifications: - + Support for DHE-PSK cipher suites has been added. - + Removed the RIPEMD ciphersuites. - + Remove GnuTLS 0.8.x compatibility functions. - + Support for TLS Pre-Shared Key (TLS-PSK) ciphersuites have - been added. - + Certtool now generate keys in unencrypted PKCS#8 format for - empty passwords. - + Certtool now accept --password for --key-info and encrypted - PKCS#8 keys. - + gnutls_x509_privkey_import_pkcs8 now accept unencrypted - PEM PKCS#8 keys, - + New function to set a X.509 private key and certificate - pairs, and/or CRLs, from an PKCS#12 file. - + New APIs to acceess the client and server random fields in - a session. - + New APIs to access the TLS Pseudo-Random-Function (PRF). - + New API to access the TLS master secret. - + The function gnutls_x509_crt_to_xml now return an internal - error. - * Several bugfixes: - + Corrected a bug in certtool for 64 bit machines. - + Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly. - + Fix crash in TLS resume code, caused by TLS/IA changes. - + Corrected bugs in gnutls_certificate_set_x509_crl() and - gnutls_certificate_set_x509_trust(). - + Fixed bug in non-blocking gnutls_bye(). - + Fix read of out bounds bug in DER parser. - + Fixed bug in OpenPGP authentication handshake. -* Sat Feb 18 2006 ro@suse.de -- cleanup doc directory (.deps,.libs) -* Fri Feb 10 2006 hvogel@suse.de -- Update to version 1.2.10. This release fixes several serious - bugs that would make the DER decoder in libtasn1 crash on - invalid input [#149897]. Including: - * Corrected a bug in certtool for 64 bit machines. - * Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly - * Corrected bugs in gnutls_certificate_set_x509_crl() and - gnutls_certificate_set_x509_trust(), that caused memory - corruption if more than one certificates were added. - * Fixed bug in non-blocking gnutls_bye(). gnutls_record_send() - will no longer invalidate a session if the underlying send - fails, but it will prevent future writes. -* Wed Jan 25 2006 mls@suse.de -- converted neededforbuild to BuildRequires -* Tue Dec 20 2005 ro@suse.de -- do not package /usr/share/info/dir -* Fri Dec 09 2005 hvogel@suse.de -- update to version 1.2.9 -* Tue Oct 25 2005 hvogel@suse.de -- update to version 1.2.8 -* Mon Aug 22 2005 hvogel@suse.de -- fix data type comparison [Bug #104617] -* Sun Jul 03 2005 hvogel@suse.de -- update to version 1.2.5 -* Wed Jun 29 2005 hvogel@suse.de -- patch from mrueckert to use external lzo again -* Thu Jun 23 2005 hvogel@suse.de -- use %%install_info/%%install_info_delete -* Tue Jun 07 2005 hvogel@suse.de -- update to version 1.2.4 -* Fri Jun 03 2005 ro@suse.de -- fix specfile (don't apply non-existant patch1) -* Thu Jun 02 2005 hvogel@suse.de -- use included minilzo -* Wed May 25 2005 hvogel@suse.de -- Update to version 1.2.3 (fixes gnutls DOS Bug #83481) -- Include defines.h before gnutls.h, to pull in config.h, to make - sure memmem.h prototype memmem properly -* Sat Jan 29 2005 hvogel@suse.de -- Update to version 1.2.0 -* Wed Jan 19 2005 hvogel@suse.de -- update to version 1.1.23 -- get rid of prebuild html/ps docu again, the devel packages has - man-pages now -* Mon Dec 13 2004 hvogel@suse.de -- update to version 1.0.23 -- make build of postscript/html docu configureable -* Sat Oct 23 2004 hvogel@suse.de -- move config script to the devel package -* Thu Oct 14 2004 hvogel@suse.de -- Update to version 1.0.21 -* Tue Sep 28 2004 hvogel@suse.de -- add doc subpackage with prebuild html/ps docu (Bug #44496) -* Mon Sep 27 2004 hvogel@suse.de -- fix ac-quotation patch to include libgnutls-extra.m4 (Bug #46035) -* Tue Aug 31 2004 kukuk@suse.de -- Update to version 1.0.20 -* Mon Aug 30 2004 kukuk@suse.de -- Add libopencdk-devel to neededforbuild -* Thu Jul 15 2004 hvogel@suse.de -- add libgcrypt-devel and lipgpg-error-devel to nfb -* Wed May 19 2004 hvogel@suse.de -- update to version 1.0.13 -* Fri May 14 2004 mmj@suse.de -- Add C++ compiler to build -- Don't remove buildroot when installing -* Mon Mar 01 2004 hvogel@suse.de -- update to version 1.0.8 -* Tue Feb 17 2004 hvogel@suse.de -- update to version 1.0.6 -- fix autoconf quotations -* Wed May 14 2003 schubi@suse.de -- initial; Sourcecode received from XIMIAN