# # spec file for package gnutls (Version 2.4.1) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild Name: gnutls BuildRequires: gcc-c++ libgcrypt-devel libopencdk-devel Version: 2.4.1 Release: 24 License: GPL v3 or later; LGPL v2.1 or later BuildRoot: %{_tmppath}/%{name}-%{version}-build Url: http://www.gnutls.org/ Source0: %name-%version.tar.bz2 Patch1: gnutls-2.4.1-disable_cxx.patch Patch2: CVE-2008-4989.patch Summary: The GNU Transport Layer Security Library Group: Productivity/Networking/Security AutoReqProv: on # bug437293 %ifarch ppc64 Obsoletes: gnutls-64bit %endif # %description The GnuTLS project aims to develop a library that provides a secure layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETF's TLS working group. Authors: -------- Nikos Mavroyanopoulos Fabio Fiorina Timo Schulz Andrew McDonald %package -n libgnutls26 License: LGPL v2.1 or later Summary: The GNU Transport Layer Security Library Group: Productivity/Networking/Security %description -n libgnutls26 The GnuTLS project aims to develop a library that provides a secure layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETF's TLS working group. Authors: -------- Nikos Mavroyanopoulos Fabio Fiorina Timo Schulz Andrew McDonald %package -n libgnutls-extra26 License: GPL v3 or later Summary: The GNU Transport Layer Security Library Group: Productivity/Networking/Security %description -n libgnutls-extra26 The GnuTLS project aims to develop a library that provides a secure layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETF's TLS working group. Authors: -------- Nikos Mavroyanopoulos Fabio Fiorina Timo Schulz Andrew McDonald %package -n libgnutls-devel License: LGPL v2.1 or later Summary: Development package for gnutls Group: Development/Libraries/C and C++ Requires: libgnutls26 = %version glibc-devel libopencdk-devel libgcrypt-devel PreReq: %install_info_prereq %description -n libgnutls-devel Files needed for software development using gnutls. Authors: -------- Nikos Mavroyanopoulos Fabio Fiorina Timo Schulz Andrew McDonald %package -n libgnutls-extra-devel License: GPL v3 or later Summary: The GNU Transport Layer Security Library Group: Development/Libraries/C and C++ Requires: libgnutls-extra26 = %version libgnutls-devel # gnutls-devel last used in 10.3 Obsoletes: gnutls-devel < %version Provides: gnutls-devel = %version # bug437293 %ifarch ppc64 Obsoletes: gnutls-devel-64bit %endif # %description -n libgnutls-extra-devel The GnuTLS project aims to develop a library that provides a secure layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETF's TLS working group. Authors: -------- Nikos Mavroyanopoulos Fabio Fiorina Timo Schulz Andrew McDonald %prep %setup -q %patch1 -p1 %patch2 -p1 %build autoreconf -fi ./configure --prefix=%_prefix \ --sysconfdir=%_sysconfdir \ --libdir=%_libdir \ --mandir=%_mandir --infodir=%_infodir \ --localstatedir=%_localstatedir \ --with-included-libtasn1 \ --without-lzo \ --disable-srp-authentication \ --disable-rpath \ CFLAGS="$RPM_OPT_FLAGS" \ CXXFLAGS="$RPM_OPT_FLAGS" make make check %install make DESTDIR=$RPM_BUILD_ROOT install rm -rf doc/examples/.deps doc/examples/.libs doc/examples/*.{o,lo,la} doc/examples/Makefile{,.in} find doc/examples -perm -111 -exec rm {} \; rm -rf %{buildroot}/usr/share/locale/en@{,bold}quot # Do not package static libs and libtool files rm -f %{buildroot}%{_libdir}/*.{a,la} %find_lang %name %clean rm -rf %buildroot %post -n libgnutls26 /sbin/ldconfig %postun -n libgnutls26 /sbin/ldconfig %post -n libgnutls-extra26 /sbin/ldconfig %postun -n libgnutls-extra26 /sbin/ldconfig %post -n libgnutls-devel %install_info --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz %postun -n libgnutls-devel %install_info_delete --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz %files -f %name.lang %defattr(-, root, root) %doc THANKS README NEWS ChangeLog COPYING.LIB COPYING AUTHORS doc/TODO %_bindir/certtool %_bindir/gnutls-cli %_bindir/gnutls-cli-debug %_bindir/gnutls-serv %_bindir/psktool %_mandir/man1/* %files -n libgnutls26 %defattr(-,root,root) %_libdir/libgnutls.so.26* %files -n libgnutls-extra26 %defattr(-,root,root) %_libdir/libgnutls-extra.so.26* %_libdir/libgnutls-openssl.so.26* %files -n libgnutls-devel %defattr(-, root, root) %_bindir/libgnutls-config %_includedir/* %_libdir/libgnutls.so %_datadir/aclocal/libgnutls.m4 %_libdir/pkgconfig/gnutls.pc %_mandir/man3/* %_infodir/%{name}* %doc doc/examples doc/gnutls.html doc/*.png doc/gnutls.pdf doc/reference/html/* %files -n libgnutls-extra-devel %defattr(-, root, root) %_bindir/libgnutls-extra-config %_libdir/libgnutls-extra.so %_libdir/libgnutls-openssl.so %_datadir/aclocal/libgnutls-extra.m4 %_libdir/pkgconfig/gnutls-extra.pc %changelog * Wed Dec 10 2008 olh@suse.de - use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade (bnc#437293) * Fri Nov 28 2008 jshi@suse.de - fix security bug [bnc#441856] CVE-2008-4989 * Thu Oct 30 2008 olh@suse.de - obsolete old -XXbit packages (bnc#437293) * Sat Aug 02 2008 meissner@suse.de - run testsuite * Thu Jul 17 2008 mkoenig@suse.de - update to version 2.4.1 * libgnutls: Fix local crash in gnutls_handshake * libgnutls: Fix memory leaks when doing a re-handshake * Fix compiler warnings * Fix ordering of -I's to avoid opencdk.h conflict with system headers * srptool: Fix a problem where --verify check does not succeed - remove C++ wrapper lib, it is not usable without SRP - remove patch gnutls-1.6.1-srptool.patch * Wed Jul 02 2008 mkoenig@suse.de - remove gnutls main package from baselibs.conf * Thu Jun 26 2008 mkoenig@suse.de - update to version 2.4.0 * The OpenPGP sub-system has been improved and now supports subkeys * The PSK sub-system has been improved and now supports password derivation and PSK identity hints * The certtool --inder and --outder has been replaced by --inraw and --outraw * New APIs to access the raw X.509 Subject and Issuer DN's and elements from the certificate credentials structure * New APIs to improve working with username/passwords and PSK * Names of constants to affect certificate printing changed * The function gnutls_openpgp_privkey_get_id has been renamed to gnutls_openpgp_privkey_get_key_id * API/ABI changes in GnuTLS 2.4 All OpenPGP related functions have been moved from libgnutls-extra to libgnutls, and several new functions have been added - remove SRP functionality from C++ wrapper, otherwise it cannot be linked against it - removed patches gnutls-2.2.2-uninitialized.patch gnutls-char-signedness.patch gnutls-GNUTLS_SA_2008_1.patch * Mon Jun 23 2008 mkoenig@suse.de - disable SRP [bnc#65192] * Wed May 21 2008 mkoenig@suse.de - fix three security bugs [bnc#392947] CVE-2008-1948 GNUTLS-SA-2008-1-1 Fix crash when sending invalid server name CVE-2008-1949 GNUTLS-SA-2008-1-2 Fix crash when sending repeated client hellos CVE-2008-1950 GNUTLS-SA-2008-1-3 Fix crash in cipher padding decoding for invalid record lengths * Thu May 08 2008 mkoenig@suse.de - fix build * Tue Apr 29 2008 cthiel@suse.de - obsolete gnutls- via baselibs.conf * Thu Apr 10 2008 ro@suse.de - added baselibs.conf file to build xxbit packages for multilib support * Thu Apr 03 2008 mkoenig@suse.de - update to version 2.2.2 * Cipher priority string handling now handle strings that starts with NULL * Corrected memory leaks in session resuming and DHE ciphersuites * Increased the default certificate verification chain limits and allowed for checks without limitation * Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name() and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary strings and return the proper size * Thu Jan 31 2008 mkoenig@suse.de - update to version 2.2.1 * Fixes the post_client_hello_function() * Fix for certificate selection in servers with certificate callbacks * certtool: Fixed data corruption when using --outder * TLS authorization support removed. * Corrected bug which did not allow a server to run without supporting certificates * Introduced gnutls_session_enable_compatibility_mode() * Added gnutls_record_disable_padding() to allow servers talking to buggy clients * Fixed PKCS #3 parameter export * Added support for Camellia cipher * certtool: Add option --quick-random * Added capability to set a callback after the client hello is received by the server in order to adjust parameters before the handshake * certtool: Fixed data corruption when using --outder * SRP was corrected to adhere to the latest draft * Updated the DN parser * Added support for DSA2 using libgcrypt 1.3.0 * Removed all the trustdb code from openpgp authentication. We now use only the well-specified keyrings * The gnutls_certificate_set_openpgp_* functions were modified to include the format. This makes the interface consistent with the x509 functions * Introduced gnutls_session_enable_compatibility_mode() * Added gnutls_set_default_priority2() * Added priority functions that accept strings * certtool: Add option --disable-quick-random to enable the old behaviour of using /dev/random to generate keys * Added the --v1 option to certtool, to allow generating X.509 version 1 certificates * Fix PKCS#3 parameter export problem * Fixed GNUTLS_E_UNKNOWN_ALGORITHM vs GNUTLS_E_UNKNOWN_HASH_ALGORITHM * gnutls_certificate_set_x509_key_* can now read PKCS #8 unencrypted private keys * Introduced the GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR error code * Added the --to-p8 option to certtool to convert private keys to PKCS #8 keys * Corrected bug in decompression of expanded compression data * The gnutls_*_convert_priority() functions were deprecated * gnutls-cli and gnutls-serv now have a --priority option * PKCS #8 parser can now encode/decode DSA keys * Corrected a segfault when setting an empty gnutls_priority_t at gnutls_priority_set() * Added gnutls_x509_crt_get_subject_alt_name2() * The GPL version has been changed from version 2 to version 3. This affects the self-tests, command-line tools, the libgnutls-extra library, the relevant guile parts, and the build environment - API and ABI modifications, library soname switch from 13 to 26 - change package structure: * branch off libgnutls-extra since this is now GPLv3 or later while libgnutls remains LGPLv2.1 or later * gnutls license change to GPLv3 - build without lzo support to avoid license problems since lzo is currently GPLv2 only - removed merged patches: gnutls-fix_size_t.patch * Tue Oct 23 2007 mkoenig@suse.de - update to version 2.0.1 - change package layout to conform shlib policy: rename gnutls-devel -> libgnutls-devel new subpackage libgnutls13 - removed patches: gnutls-1.4.4-sign-callback.patch gnutls-1.6.1-compiler_warnings.patch * Thu Aug 30 2007 mkoenig@suse.de - fix srptool [#208227] - fix some compiler warnings * Fri Aug 03 2007 hvogel@suse.de - Some additions for evolution smart card support * Thu May 10 2007 mkoenig@suse.de - Fix segfault on s390x [#97441] gnutls-fix_size_t.patch * Tue Jan 23 2007 mkoenig@suse.de - update to new stable branch 1.6.1: * Fix the list of trusted CAs that server's send to clients. * Fix gnutls_certificate_set_x509_crl to initialize the CRL before using it. * Encode UID fields in DN's as DirectoryString. * Fix ./configure failure with non-GCC compilers. * A GnuTLS C++ library is part of the official distribution. * New APIs for custom push/pull function error reporting. * Tue Oct 24 2006 mkoenig@suse.de - move developer related docs to devel package and remove binary stuff from docs [#212454] * Tue Sep 19 2006 mkoenig@suse.de - update to version 1.4.4: * bugfix release * fixes security vulnerability [#206636] (CVE-2006-4790) * Thu Aug 31 2006 mkoenig@suse.de - update to new stable branch 1.4.1: * The command line tools now use getaddrinfo and support IPv6. * gnutls-cli can now recognize services and port numbers with the -p option. * Error messages are now translated using GNU Gettext. * GnuTLS now support TLS Inner application (TLS/IA). * API and ABI modifications: + Support for DHE-PSK cipher suites has been added. + Removed the RIPEMD ciphersuites. + Remove GnuTLS 0.8.x compatibility functions. + Support for TLS Pre-Shared Key (TLS-PSK) ciphersuites have been added. + Certtool now generate keys in unencrypted PKCS#8 format for empty passwords. + Certtool now accept --password for --key-info and encrypted PKCS#8 keys. + gnutls_x509_privkey_import_pkcs8 now accept unencrypted PEM PKCS#8 keys, + New function to set a X.509 private key and certificate pairs, and/or CRLs, from an PKCS#12 file. + New APIs to acceess the client and server random fields in a session. + New APIs to access the TLS Pseudo-Random-Function (PRF). + New API to access the TLS master secret. + The function gnutls_x509_crt_to_xml now return an internal error. * Several bugfixes: + Corrected a bug in certtool for 64 bit machines. + Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly. + Fix crash in TLS resume code, caused by TLS/IA changes. + Corrected bugs in gnutls_certificate_set_x509_crl() and gnutls_certificate_set_x509_trust(). + Fixed bug in non-blocking gnutls_bye(). + Fix read of out bounds bug in DER parser. + Fixed bug in OpenPGP authentication handshake. * Sat Feb 18 2006 ro@suse.de - cleanup doc directory (.deps,.libs) * Fri Feb 10 2006 hvogel@suse.de - Update to version 1.2.10. This release fixes several serious bugs that would make the DER decoder in libtasn1 crash on invalid input [#149897]. Including: * Corrected a bug in certtool for 64 bit machines. * Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly * Corrected bugs in gnutls_certificate_set_x509_crl() and gnutls_certificate_set_x509_trust(), that caused memory corruption if more than one certificates were added. * Fixed bug in non-blocking gnutls_bye(). gnutls_record_send() will no longer invalidate a session if the underlying send fails, but it will prevent future writes. * Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires * Tue Dec 20 2005 ro@suse.de - do not package /usr/share/info/dir * Fri Dec 09 2005 hvogel@suse.de - update to version 1.2.9 * Tue Oct 25 2005 hvogel@suse.de - update to version 1.2.8 * Mon Aug 22 2005 hvogel@suse.de - fix data type comparison [Bug #104617] * Sun Jul 03 2005 hvogel@suse.de - update to version 1.2.5 * Wed Jun 29 2005 hvogel@suse.de - patch from mrueckert to use external lzo again * Thu Jun 23 2005 hvogel@suse.de - use %%install_info/%%install_info_delete * Tue Jun 07 2005 hvogel@suse.de - update to version 1.2.4 * Fri Jun 03 2005 ro@suse.de - fix specfile (don't apply non-existant patch1) * Thu Jun 02 2005 hvogel@suse.de - use included minilzo * Wed May 25 2005 hvogel@suse.de - Update to version 1.2.3 (fixes gnutls DOS Bug #83481) - Include defines.h before gnutls.h, to pull in config.h, to make sure memmem.h prototype memmem properly * Sat Jan 29 2005 hvogel@suse.de - Update to version 1.2.0 * Wed Jan 19 2005 hvogel@suse.de - update to version 1.1.23 - get rid of prebuild html/ps docu again, the devel packages has man-pages now * Mon Dec 13 2004 hvogel@suse.de - update to version 1.0.23 - make build of postscript/html docu configureable * Sat Oct 23 2004 hvogel@suse.de - move config script to the devel package * Thu Oct 14 2004 hvogel@suse.de - Update to version 1.0.21 * Tue Sep 28 2004 hvogel@suse.de - add doc subpackage with prebuild html/ps docu (Bug #44496) * Mon Sep 27 2004 hvogel@suse.de - fix ac-quotation patch to include libgnutls-extra.m4 (Bug #46035) * Tue Aug 31 2004 kukuk@suse.de - Update to version 1.0.20 * Mon Aug 30 2004 kukuk@suse.de - Add libopencdk-devel to neededforbuild * Thu Jul 15 2004 hvogel@suse.de - add libgcrypt-devel and lipgpg-error-devel to nfb * Wed May 19 2004 hvogel@suse.de - update to version 1.0.13 * Fri May 14 2004 mmj@suse.de - Add C++ compiler to build - Don't remove buildroot when installing * Mon Mar 01 2004 hvogel@suse.de - update to version 1.0.8 * Tue Feb 17 2004 hvogel@suse.de - update to version 1.0.6 - fix autoconf quotations * Wed May 14 2003 schubi@suse.de - initial; Sourcecode received from XIMIAN