SHA256
1
0
forked from pool/gnutls
gnutls/gnutls.spec

508 lines
17 KiB
RPMSpec

#
# spec file for package gnutls (Version 2.4.1)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: gnutls
BuildRequires: gcc-c++ libgcrypt-devel libopencdk-devel
Version: 2.4.1
Release: 25
License: GPL v3 or later; LGPL v2.1 or later
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url: http://www.gnutls.org/
Source0: %name-%version.tar.bz2
Patch1: gnutls-2.4.1-disable_cxx.patch
Patch2: CVE-2008-4989.patch
Summary: The GNU Transport Layer Security Library
Group: Productivity/Networking/Security
AutoReqProv: on
# bug437293
%ifarch ppc64
Obsoletes: gnutls-64bit
%endif
#
%description
The GnuTLS project aims to develop a library that provides a secure
layer over a reliable transport layer. Currently the GnuTLS library
implements the proposed standards of the IETF's TLS working group.
Authors:
--------
Nikos Mavroyanopoulos
Fabio Fiorina
Timo Schulz
Andrew McDonald
%package -n libgnutls26
License: LGPL v2.1 or later
Summary: The GNU Transport Layer Security Library
Group: Productivity/Networking/Security
%description -n libgnutls26
The GnuTLS project aims to develop a library that provides a secure
layer over a reliable transport layer. Currently the GnuTLS library
implements the proposed standards of the IETF's TLS working group.
Authors:
--------
Nikos Mavroyanopoulos
Fabio Fiorina
Timo Schulz
Andrew McDonald
%package -n libgnutls-extra26
License: GPL v3 or later
Summary: The GNU Transport Layer Security Library
Group: Productivity/Networking/Security
%description -n libgnutls-extra26
The GnuTLS project aims to develop a library that provides a secure
layer over a reliable transport layer. Currently the GnuTLS library
implements the proposed standards of the IETF's TLS working group.
Authors:
--------
Nikos Mavroyanopoulos
Fabio Fiorina
Timo Schulz
Andrew McDonald
%package -n libgnutls-devel
License: LGPL v2.1 or later
Summary: Development package for gnutls
Group: Development/Libraries/C and C++
Requires: libgnutls26 = %version glibc-devel libopencdk-devel libgcrypt-devel
PreReq: %install_info_prereq
%description -n libgnutls-devel
Files needed for software development using gnutls.
Authors:
--------
Nikos Mavroyanopoulos
Fabio Fiorina
Timo Schulz
Andrew McDonald
%package -n libgnutls-extra-devel
License: GPL v3 or later
Summary: The GNU Transport Layer Security Library
Group: Development/Libraries/C and C++
Requires: libgnutls-extra26 = %version libgnutls-devel
# gnutls-devel last used in 10.3
Obsoletes: gnutls-devel < %version
Provides: gnutls-devel = %version
# bug437293
%ifarch ppc64
Obsoletes: gnutls-devel-64bit
%endif
#
%description -n libgnutls-extra-devel
The GnuTLS project aims to develop a library that provides a secure
layer over a reliable transport layer. Currently the GnuTLS library
implements the proposed standards of the IETF's TLS working group.
Authors:
--------
Nikos Mavroyanopoulos
Fabio Fiorina
Timo Schulz
Andrew McDonald
%prep
%setup -q
%patch1 -p1
%patch2 -p1
%build
autoreconf -fi
./configure --prefix=%_prefix \
--sysconfdir=%_sysconfdir \
--libdir=%_libdir \
--mandir=%_mandir --infodir=%_infodir \
--localstatedir=%_localstatedir \
--with-included-libtasn1 \
--without-lzo \
--disable-srp-authentication \
--disable-rpath \
CFLAGS="$RPM_OPT_FLAGS" \
CXXFLAGS="$RPM_OPT_FLAGS"
make
make check
%install
make DESTDIR=$RPM_BUILD_ROOT install
rm -rf doc/examples/.deps doc/examples/.libs doc/examples/*.{o,lo,la} doc/examples/Makefile{,.in}
find doc/examples -perm -111 -exec rm {} \;
rm -rf %{buildroot}/usr/share/locale/en@{,bold}quot
# Do not package static libs and libtool files
rm -f %{buildroot}%{_libdir}/*.{a,la}
%find_lang %name
%clean
rm -rf %buildroot
%post -n libgnutls26
/sbin/ldconfig
%postun -n libgnutls26
/sbin/ldconfig
%post -n libgnutls-extra26
/sbin/ldconfig
%postun -n libgnutls-extra26
/sbin/ldconfig
%post -n libgnutls-devel
%install_info --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz
%postun -n libgnutls-devel
%install_info_delete --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz
%files -f %name.lang
%defattr(-, root, root)
%doc THANKS README NEWS ChangeLog COPYING.LIB COPYING AUTHORS doc/TODO
%_bindir/certtool
%_bindir/gnutls-cli
%_bindir/gnutls-cli-debug
%_bindir/gnutls-serv
%_bindir/psktool
%_mandir/man1/*
%files -n libgnutls26
%defattr(-,root,root)
%_libdir/libgnutls.so.26*
%files -n libgnutls-extra26
%defattr(-,root,root)
%_libdir/libgnutls-extra.so.26*
%_libdir/libgnutls-openssl.so.26*
%files -n libgnutls-devel
%defattr(-, root, root)
%_bindir/libgnutls-config
%_includedir/*
%_libdir/libgnutls.so
%_datadir/aclocal/libgnutls.m4
%_libdir/pkgconfig/gnutls.pc
%_mandir/man3/*
%_infodir/%{name}*
%doc doc/examples doc/gnutls.html doc/*.png doc/gnutls.pdf doc/reference/html/*
%files -n libgnutls-extra-devel
%defattr(-, root, root)
%_bindir/libgnutls-extra-config
%_libdir/libgnutls-extra.so
%_libdir/libgnutls-openssl.so
%_datadir/aclocal/libgnutls-extra.m4
%_libdir/pkgconfig/gnutls-extra.pc
%changelog
* Fri Mar 13 2009 jshi@suse.de
- fix security bug [bnc#457938]
new CVE-2008-4989
* Wed Dec 10 2008 olh@suse.de
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
(bnc#437293)
* Fri Nov 28 2008 jshi@suse.de
- fix security bug [bnc#441856]
CVE-2008-4989
* Thu Oct 30 2008 olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
* Sat Aug 02 2008 meissner@suse.de
- run testsuite
* Thu Jul 17 2008 mkoenig@suse.de
- update to version 2.4.1
* libgnutls: Fix local crash in gnutls_handshake
* libgnutls: Fix memory leaks when doing a re-handshake
* Fix compiler warnings
* Fix ordering of -I's to avoid opencdk.h conflict with
system headers
* srptool: Fix a problem where --verify check does not succeed
- remove C++ wrapper lib, it is not usable without SRP
- remove patch
gnutls-1.6.1-srptool.patch
* Wed Jul 02 2008 mkoenig@suse.de
- remove gnutls main package from baselibs.conf
* Thu Jun 26 2008 mkoenig@suse.de
- update to version 2.4.0
* The OpenPGP sub-system has been improved and now supports subkeys
* The PSK sub-system has been improved and now supports password
derivation and PSK identity hints
* The certtool --inder and --outder has been replaced
by --inraw and --outraw
* New APIs to access the raw X.509 Subject and Issuer DN's and
elements from the certificate credentials structure
* New APIs to improve working with username/passwords and PSK
* Names of constants to affect certificate printing changed
* The function gnutls_openpgp_privkey_get_id has been renamed to
gnutls_openpgp_privkey_get_key_id
* API/ABI changes in GnuTLS 2.4
All OpenPGP related functions have been moved from
libgnutls-extra to libgnutls, and several new functions have
been added
- remove SRP functionality from C++ wrapper, otherwise it cannot
be linked against it
- removed patches
gnutls-2.2.2-uninitialized.patch
gnutls-char-signedness.patch
gnutls-GNUTLS_SA_2008_1.patch
* Mon Jun 23 2008 mkoenig@suse.de
- disable SRP [bnc#65192]
* Wed May 21 2008 mkoenig@suse.de
- fix three security bugs [bnc#392947]
CVE-2008-1948 GNUTLS-SA-2008-1-1
Fix crash when sending invalid server name
CVE-2008-1949 GNUTLS-SA-2008-1-2
Fix crash when sending repeated client hellos
CVE-2008-1950 GNUTLS-SA-2008-1-3
Fix crash in cipher padding decoding for invalid record lengths
* Thu May 08 2008 mkoenig@suse.de
- fix build
* Tue Apr 29 2008 cthiel@suse.de
- obsolete gnutls-<arch> via baselibs.conf
* Thu Apr 10 2008 ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support
* Thu Apr 03 2008 mkoenig@suse.de
- update to version 2.2.2
* Cipher priority string handling now handle strings that
starts with NULL
* Corrected memory leaks in session resuming and DHE ciphersuites
* Increased the default certificate verification chain limits and
allowed for checks without limitation
* Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
and gnutls_x509_crt_get_subject_alt_name() to not null terminate
binary strings and return the proper size
* Thu Jan 31 2008 mkoenig@suse.de
- update to version 2.2.1
* Fixes the post_client_hello_function()
* Fix for certificate selection in servers with certificate callbacks
* certtool: Fixed data corruption when using --outder
* TLS authorization support removed.
* Corrected bug which did not allow a server to run without
supporting certificates
* Introduced gnutls_session_enable_compatibility_mode()
* Added gnutls_record_disable_padding() to allow servers talking to
buggy clients
* Fixed PKCS #3 parameter export
* Added support for Camellia cipher
* certtool: Add option --quick-random
* Added capability to set a callback after the client hello is
received by the server in order to adjust parameters before
the handshake
* certtool: Fixed data corruption when using --outder
* SRP was corrected to adhere to the latest draft
* Updated the DN parser
* Added support for DSA2 using libgcrypt 1.3.0
* Removed all the trustdb code from openpgp authentication.
We now use only the well-specified keyrings
* The gnutls_certificate_set_openpgp_* functions were modified
to include the format. This makes the interface consistent with
the x509 functions
* Introduced gnutls_session_enable_compatibility_mode()
* Added gnutls_set_default_priority2()
* Added priority functions that accept strings
* certtool: Add option --disable-quick-random to enable the
old behaviour of using /dev/random to generate keys
* Added the --v1 option to certtool, to allow generating X.509
version 1 certificates
* Fix PKCS#3 parameter export problem
* Fixed GNUTLS_E_UNKNOWN_ALGORITHM vs GNUTLS_E_UNKNOWN_HASH_ALGORITHM
* gnutls_certificate_set_x509_key_* can now read PKCS #8 unencrypted
private keys
* Introduced the GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR error code
* Added the --to-p8 option to certtool to convert private keys
to PKCS #8 keys
* Corrected bug in decompression of expanded compression data
* The gnutls_*_convert_priority() functions were deprecated
* gnutls-cli and gnutls-serv now have a --priority option
* PKCS #8 parser can now encode/decode DSA keys
* Corrected a segfault when setting an empty gnutls_priority_t
at gnutls_priority_set()
* Added gnutls_x509_crt_get_subject_alt_name2()
* The GPL version has been changed from version 2 to version 3.
This affects the self-tests, command-line tools, the libgnutls-extra
library, the relevant guile parts, and the build environment
- API and ABI modifications, library soname switch from 13 to 26
- change package structure:
* branch off libgnutls-extra
since this is now GPLv3 or later while libgnutls remains
LGPLv2.1 or later
* gnutls license change to GPLv3
- build without lzo support to avoid license problems
since lzo is currently GPLv2 only
- removed merged patches:
gnutls-fix_size_t.patch
* Tue Oct 23 2007 mkoenig@suse.de
- update to version 2.0.1
- change package layout to conform shlib policy:
rename gnutls-devel -> libgnutls-devel
new subpackage libgnutls13
- removed patches:
gnutls-1.4.4-sign-callback.patch
gnutls-1.6.1-compiler_warnings.patch
* Thu Aug 30 2007 mkoenig@suse.de
- fix srptool [#208227]
- fix some compiler warnings
* Fri Aug 03 2007 hvogel@suse.de
- Some additions for evolution smart card support
* Thu May 10 2007 mkoenig@suse.de
- Fix segfault on s390x [#97441]
gnutls-fix_size_t.patch
* Tue Jan 23 2007 mkoenig@suse.de
- update to new stable branch 1.6.1:
* Fix the list of trusted CAs that server's send to clients.
* Fix gnutls_certificate_set_x509_crl to initialize the CRL
before using it.
* Encode UID fields in DN's as DirectoryString.
* Fix ./configure failure with non-GCC compilers.
* A GnuTLS C++ library is part of the official distribution.
* New APIs for custom push/pull function error reporting.
* Tue Oct 24 2006 mkoenig@suse.de
- move developer related docs to devel package and remove
binary stuff from docs [#212454]
* Tue Sep 19 2006 mkoenig@suse.de
- update to version 1.4.4:
* bugfix release
* fixes security vulnerability [#206636] (CVE-2006-4790)
* Thu Aug 31 2006 mkoenig@suse.de
- update to new stable branch 1.4.1:
* The command line tools now use getaddrinfo and support IPv6.
* gnutls-cli can now recognize services and port numbers with
the -p option.
* Error messages are now translated using GNU Gettext.
* GnuTLS now support TLS Inner application (TLS/IA).
* API and ABI modifications:
+ Support for DHE-PSK cipher suites has been added.
+ Removed the RIPEMD ciphersuites.
+ Remove GnuTLS 0.8.x compatibility functions.
+ Support for TLS Pre-Shared Key (TLS-PSK) ciphersuites have
been added.
+ Certtool now generate keys in unencrypted PKCS#8 format for
empty passwords.
+ Certtool now accept --password for --key-info and encrypted
PKCS#8 keys.
+ gnutls_x509_privkey_import_pkcs8 now accept unencrypted
PEM PKCS#8 keys,
+ New function to set a X.509 private key and certificate
pairs, and/or CRLs, from an PKCS#12 file.
+ New APIs to acceess the client and server random fields in
a session.
+ New APIs to access the TLS Pseudo-Random-Function (PRF).
+ New API to access the TLS master secret.
+ The function gnutls_x509_crt_to_xml now return an internal
error.
* Several bugfixes:
+ Corrected a bug in certtool for 64 bit machines.
+ Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly.
+ Fix crash in TLS resume code, caused by TLS/IA changes.
+ Corrected bugs in gnutls_certificate_set_x509_crl() and
gnutls_certificate_set_x509_trust().
+ Fixed bug in non-blocking gnutls_bye().
+ Fix read of out bounds bug in DER parser.
+ Fixed bug in OpenPGP authentication handshake.
* Sat Feb 18 2006 ro@suse.de
- cleanup doc directory (.deps,.libs)
* Fri Feb 10 2006 hvogel@suse.de
- Update to version 1.2.10. This release fixes several serious
bugs that would make the DER decoder in libtasn1 crash on
invalid input [#149897]. Including:
* Corrected a bug in certtool for 64 bit machines.
* Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly
* Corrected bugs in gnutls_certificate_set_x509_crl() and
gnutls_certificate_set_x509_trust(), that caused memory
corruption if more than one certificates were added.
* Fixed bug in non-blocking gnutls_bye(). gnutls_record_send()
will no longer invalidate a session if the underlying send
fails, but it will prevent future writes.
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Tue Dec 20 2005 ro@suse.de
- do not package /usr/share/info/dir
* Fri Dec 09 2005 hvogel@suse.de
- update to version 1.2.9
* Tue Oct 25 2005 hvogel@suse.de
- update to version 1.2.8
* Mon Aug 22 2005 hvogel@suse.de
- fix data type comparison [Bug #104617]
* Sun Jul 03 2005 hvogel@suse.de
- update to version 1.2.5
* Wed Jun 29 2005 hvogel@suse.de
- patch from mrueckert to use external lzo again
* Thu Jun 23 2005 hvogel@suse.de
- use %%install_info/%%install_info_delete
* Tue Jun 07 2005 hvogel@suse.de
- update to version 1.2.4
* Fri Jun 03 2005 ro@suse.de
- fix specfile (don't apply non-existant patch1)
* Thu Jun 02 2005 hvogel@suse.de
- use included minilzo
* Wed May 25 2005 hvogel@suse.de
- Update to version 1.2.3 (fixes gnutls DOS Bug #83481)
- Include defines.h before gnutls.h, to pull in config.h, to make
sure memmem.h prototype memmem properly
* Sat Jan 29 2005 hvogel@suse.de
- Update to version 1.2.0
* Wed Jan 19 2005 hvogel@suse.de
- update to version 1.1.23
- get rid of prebuild html/ps docu again, the devel packages has
man-pages now
* Mon Dec 13 2004 hvogel@suse.de
- update to version 1.0.23
- make build of postscript/html docu configureable
* Sat Oct 23 2004 hvogel@suse.de
- move config script to the devel package
* Thu Oct 14 2004 hvogel@suse.de
- Update to version 1.0.21
* Tue Sep 28 2004 hvogel@suse.de
- add doc subpackage with prebuild html/ps docu (Bug #44496)
* Mon Sep 27 2004 hvogel@suse.de
- fix ac-quotation patch to include libgnutls-extra.m4 (Bug #46035)
* Tue Aug 31 2004 kukuk@suse.de
- Update to version 1.0.20
* Mon Aug 30 2004 kukuk@suse.de
- Add libopencdk-devel to neededforbuild
* Thu Jul 15 2004 hvogel@suse.de
- add libgcrypt-devel and lipgpg-error-devel to nfb
* Wed May 19 2004 hvogel@suse.de
- update to version 1.0.13
* Fri May 14 2004 mmj@suse.de
- Add C++ compiler to build
- Don't remove buildroot when installing
* Mon Mar 01 2004 hvogel@suse.de
- update to version 1.0.8
* Tue Feb 17 2004 hvogel@suse.de
- update to version 1.0.6
- fix autoconf quotations
* Wed May 14 2003 schubi@suse.de
- initial; Sourcecode received from XIMIAN