forked from pool/gnutls
508 lines
17 KiB
RPMSpec
508 lines
17 KiB
RPMSpec
#
|
|
# spec file for package gnutls (Version 2.4.1)
|
|
#
|
|
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
#
|
|
|
|
# norootforbuild
|
|
|
|
|
|
Name: gnutls
|
|
BuildRequires: gcc-c++ libgcrypt-devel libopencdk-devel
|
|
Version: 2.4.1
|
|
Release: 25
|
|
License: GPL v3 or later; LGPL v2.1 or later
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
Url: http://www.gnutls.org/
|
|
Source0: %name-%version.tar.bz2
|
|
Patch1: gnutls-2.4.1-disable_cxx.patch
|
|
Patch2: CVE-2008-4989.patch
|
|
Summary: The GNU Transport Layer Security Library
|
|
Group: Productivity/Networking/Security
|
|
AutoReqProv: on
|
|
# bug437293
|
|
%ifarch ppc64
|
|
Obsoletes: gnutls-64bit
|
|
%endif
|
|
#
|
|
|
|
%description
|
|
The GnuTLS project aims to develop a library that provides a secure
|
|
layer over a reliable transport layer. Currently the GnuTLS library
|
|
implements the proposed standards of the IETF's TLS working group.
|
|
|
|
|
|
|
|
Authors:
|
|
--------
|
|
Nikos Mavroyanopoulos
|
|
Fabio Fiorina
|
|
Timo Schulz
|
|
Andrew McDonald
|
|
|
|
%package -n libgnutls26
|
|
License: LGPL v2.1 or later
|
|
Summary: The GNU Transport Layer Security Library
|
|
Group: Productivity/Networking/Security
|
|
|
|
%description -n libgnutls26
|
|
The GnuTLS project aims to develop a library that provides a secure
|
|
layer over a reliable transport layer. Currently the GnuTLS library
|
|
implements the proposed standards of the IETF's TLS working group.
|
|
|
|
|
|
|
|
Authors:
|
|
--------
|
|
Nikos Mavroyanopoulos
|
|
Fabio Fiorina
|
|
Timo Schulz
|
|
Andrew McDonald
|
|
|
|
%package -n libgnutls-extra26
|
|
License: GPL v3 or later
|
|
Summary: The GNU Transport Layer Security Library
|
|
Group: Productivity/Networking/Security
|
|
|
|
%description -n libgnutls-extra26
|
|
The GnuTLS project aims to develop a library that provides a secure
|
|
layer over a reliable transport layer. Currently the GnuTLS library
|
|
implements the proposed standards of the IETF's TLS working group.
|
|
|
|
|
|
|
|
Authors:
|
|
--------
|
|
Nikos Mavroyanopoulos
|
|
Fabio Fiorina
|
|
Timo Schulz
|
|
Andrew McDonald
|
|
|
|
%package -n libgnutls-devel
|
|
License: LGPL v2.1 or later
|
|
Summary: Development package for gnutls
|
|
Group: Development/Libraries/C and C++
|
|
Requires: libgnutls26 = %version glibc-devel libopencdk-devel libgcrypt-devel
|
|
PreReq: %install_info_prereq
|
|
|
|
%description -n libgnutls-devel
|
|
Files needed for software development using gnutls.
|
|
|
|
|
|
|
|
Authors:
|
|
--------
|
|
Nikos Mavroyanopoulos
|
|
Fabio Fiorina
|
|
Timo Schulz
|
|
Andrew McDonald
|
|
|
|
%package -n libgnutls-extra-devel
|
|
License: GPL v3 or later
|
|
Summary: The GNU Transport Layer Security Library
|
|
Group: Development/Libraries/C and C++
|
|
Requires: libgnutls-extra26 = %version libgnutls-devel
|
|
# gnutls-devel last used in 10.3
|
|
Obsoletes: gnutls-devel < %version
|
|
Provides: gnutls-devel = %version
|
|
# bug437293
|
|
%ifarch ppc64
|
|
Obsoletes: gnutls-devel-64bit
|
|
%endif
|
|
#
|
|
|
|
%description -n libgnutls-extra-devel
|
|
The GnuTLS project aims to develop a library that provides a secure
|
|
layer over a reliable transport layer. Currently the GnuTLS library
|
|
implements the proposed standards of the IETF's TLS working group.
|
|
|
|
|
|
|
|
Authors:
|
|
--------
|
|
Nikos Mavroyanopoulos
|
|
Fabio Fiorina
|
|
Timo Schulz
|
|
Andrew McDonald
|
|
|
|
%prep
|
|
%setup -q
|
|
%patch1 -p1
|
|
%patch2 -p1
|
|
|
|
%build
|
|
autoreconf -fi
|
|
./configure --prefix=%_prefix \
|
|
--sysconfdir=%_sysconfdir \
|
|
--libdir=%_libdir \
|
|
--mandir=%_mandir --infodir=%_infodir \
|
|
--localstatedir=%_localstatedir \
|
|
--with-included-libtasn1 \
|
|
--without-lzo \
|
|
--disable-srp-authentication \
|
|
--disable-rpath \
|
|
CFLAGS="$RPM_OPT_FLAGS" \
|
|
CXXFLAGS="$RPM_OPT_FLAGS"
|
|
make
|
|
make check
|
|
|
|
%install
|
|
make DESTDIR=$RPM_BUILD_ROOT install
|
|
rm -rf doc/examples/.deps doc/examples/.libs doc/examples/*.{o,lo,la} doc/examples/Makefile{,.in}
|
|
find doc/examples -perm -111 -exec rm {} \;
|
|
rm -rf %{buildroot}/usr/share/locale/en@{,bold}quot
|
|
# Do not package static libs and libtool files
|
|
rm -f %{buildroot}%{_libdir}/*.{a,la}
|
|
%find_lang %name
|
|
|
|
%clean
|
|
rm -rf %buildroot
|
|
|
|
%post -n libgnutls26
|
|
/sbin/ldconfig
|
|
|
|
%postun -n libgnutls26
|
|
/sbin/ldconfig
|
|
|
|
%post -n libgnutls-extra26
|
|
/sbin/ldconfig
|
|
|
|
%postun -n libgnutls-extra26
|
|
/sbin/ldconfig
|
|
|
|
%post -n libgnutls-devel
|
|
%install_info --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz
|
|
|
|
%postun -n libgnutls-devel
|
|
%install_info_delete --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz
|
|
|
|
%files -f %name.lang
|
|
%defattr(-, root, root)
|
|
%doc THANKS README NEWS ChangeLog COPYING.LIB COPYING AUTHORS doc/TODO
|
|
%_bindir/certtool
|
|
%_bindir/gnutls-cli
|
|
%_bindir/gnutls-cli-debug
|
|
%_bindir/gnutls-serv
|
|
%_bindir/psktool
|
|
%_mandir/man1/*
|
|
|
|
%files -n libgnutls26
|
|
%defattr(-,root,root)
|
|
%_libdir/libgnutls.so.26*
|
|
|
|
%files -n libgnutls-extra26
|
|
%defattr(-,root,root)
|
|
%_libdir/libgnutls-extra.so.26*
|
|
%_libdir/libgnutls-openssl.so.26*
|
|
|
|
%files -n libgnutls-devel
|
|
%defattr(-, root, root)
|
|
%_bindir/libgnutls-config
|
|
%_includedir/*
|
|
%_libdir/libgnutls.so
|
|
%_datadir/aclocal/libgnutls.m4
|
|
%_libdir/pkgconfig/gnutls.pc
|
|
%_mandir/man3/*
|
|
%_infodir/%{name}*
|
|
%doc doc/examples doc/gnutls.html doc/*.png doc/gnutls.pdf doc/reference/html/*
|
|
|
|
%files -n libgnutls-extra-devel
|
|
%defattr(-, root, root)
|
|
%_bindir/libgnutls-extra-config
|
|
%_libdir/libgnutls-extra.so
|
|
%_libdir/libgnutls-openssl.so
|
|
%_datadir/aclocal/libgnutls-extra.m4
|
|
%_libdir/pkgconfig/gnutls-extra.pc
|
|
|
|
%changelog
|
|
* Fri Mar 13 2009 jshi@suse.de
|
|
- fix security bug [bnc#457938]
|
|
new CVE-2008-4989
|
|
* Wed Dec 10 2008 olh@suse.de
|
|
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
|
|
(bnc#437293)
|
|
* Fri Nov 28 2008 jshi@suse.de
|
|
- fix security bug [bnc#441856]
|
|
CVE-2008-4989
|
|
* Thu Oct 30 2008 olh@suse.de
|
|
- obsolete old -XXbit packages (bnc#437293)
|
|
* Sat Aug 02 2008 meissner@suse.de
|
|
- run testsuite
|
|
* Thu Jul 17 2008 mkoenig@suse.de
|
|
- update to version 2.4.1
|
|
* libgnutls: Fix local crash in gnutls_handshake
|
|
* libgnutls: Fix memory leaks when doing a re-handshake
|
|
* Fix compiler warnings
|
|
* Fix ordering of -I's to avoid opencdk.h conflict with
|
|
system headers
|
|
* srptool: Fix a problem where --verify check does not succeed
|
|
- remove C++ wrapper lib, it is not usable without SRP
|
|
- remove patch
|
|
gnutls-1.6.1-srptool.patch
|
|
* Wed Jul 02 2008 mkoenig@suse.de
|
|
- remove gnutls main package from baselibs.conf
|
|
* Thu Jun 26 2008 mkoenig@suse.de
|
|
- update to version 2.4.0
|
|
* The OpenPGP sub-system has been improved and now supports subkeys
|
|
* The PSK sub-system has been improved and now supports password
|
|
derivation and PSK identity hints
|
|
* The certtool --inder and --outder has been replaced
|
|
by --inraw and --outraw
|
|
* New APIs to access the raw X.509 Subject and Issuer DN's and
|
|
elements from the certificate credentials structure
|
|
* New APIs to improve working with username/passwords and PSK
|
|
* Names of constants to affect certificate printing changed
|
|
* The function gnutls_openpgp_privkey_get_id has been renamed to
|
|
gnutls_openpgp_privkey_get_key_id
|
|
* API/ABI changes in GnuTLS 2.4
|
|
All OpenPGP related functions have been moved from
|
|
libgnutls-extra to libgnutls, and several new functions have
|
|
been added
|
|
- remove SRP functionality from C++ wrapper, otherwise it cannot
|
|
be linked against it
|
|
- removed patches
|
|
gnutls-2.2.2-uninitialized.patch
|
|
gnutls-char-signedness.patch
|
|
gnutls-GNUTLS_SA_2008_1.patch
|
|
* Mon Jun 23 2008 mkoenig@suse.de
|
|
- disable SRP [bnc#65192]
|
|
* Wed May 21 2008 mkoenig@suse.de
|
|
- fix three security bugs [bnc#392947]
|
|
CVE-2008-1948 GNUTLS-SA-2008-1-1
|
|
Fix crash when sending invalid server name
|
|
CVE-2008-1949 GNUTLS-SA-2008-1-2
|
|
Fix crash when sending repeated client hellos
|
|
CVE-2008-1950 GNUTLS-SA-2008-1-3
|
|
Fix crash in cipher padding decoding for invalid record lengths
|
|
* Thu May 08 2008 mkoenig@suse.de
|
|
- fix build
|
|
* Tue Apr 29 2008 cthiel@suse.de
|
|
- obsolete gnutls-<arch> via baselibs.conf
|
|
* Thu Apr 10 2008 ro@suse.de
|
|
- added baselibs.conf file to build xxbit packages
|
|
for multilib support
|
|
* Thu Apr 03 2008 mkoenig@suse.de
|
|
- update to version 2.2.2
|
|
* Cipher priority string handling now handle strings that
|
|
starts with NULL
|
|
* Corrected memory leaks in session resuming and DHE ciphersuites
|
|
* Increased the default certificate verification chain limits and
|
|
allowed for checks without limitation
|
|
* Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
|
|
and gnutls_x509_crt_get_subject_alt_name() to not null terminate
|
|
binary strings and return the proper size
|
|
* Thu Jan 31 2008 mkoenig@suse.de
|
|
- update to version 2.2.1
|
|
* Fixes the post_client_hello_function()
|
|
* Fix for certificate selection in servers with certificate callbacks
|
|
* certtool: Fixed data corruption when using --outder
|
|
* TLS authorization support removed.
|
|
* Corrected bug which did not allow a server to run without
|
|
supporting certificates
|
|
* Introduced gnutls_session_enable_compatibility_mode()
|
|
* Added gnutls_record_disable_padding() to allow servers talking to
|
|
buggy clients
|
|
* Fixed PKCS #3 parameter export
|
|
* Added support for Camellia cipher
|
|
* certtool: Add option --quick-random
|
|
* Added capability to set a callback after the client hello is
|
|
received by the server in order to adjust parameters before
|
|
the handshake
|
|
* certtool: Fixed data corruption when using --outder
|
|
* SRP was corrected to adhere to the latest draft
|
|
* Updated the DN parser
|
|
* Added support for DSA2 using libgcrypt 1.3.0
|
|
* Removed all the trustdb code from openpgp authentication.
|
|
We now use only the well-specified keyrings
|
|
* The gnutls_certificate_set_openpgp_* functions were modified
|
|
to include the format. This makes the interface consistent with
|
|
the x509 functions
|
|
* Introduced gnutls_session_enable_compatibility_mode()
|
|
* Added gnutls_set_default_priority2()
|
|
* Added priority functions that accept strings
|
|
* certtool: Add option --disable-quick-random to enable the
|
|
old behaviour of using /dev/random to generate keys
|
|
* Added the --v1 option to certtool, to allow generating X.509
|
|
version 1 certificates
|
|
* Fix PKCS#3 parameter export problem
|
|
* Fixed GNUTLS_E_UNKNOWN_ALGORITHM vs GNUTLS_E_UNKNOWN_HASH_ALGORITHM
|
|
* gnutls_certificate_set_x509_key_* can now read PKCS #8 unencrypted
|
|
private keys
|
|
* Introduced the GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR error code
|
|
* Added the --to-p8 option to certtool to convert private keys
|
|
to PKCS #8 keys
|
|
* Corrected bug in decompression of expanded compression data
|
|
* The gnutls_*_convert_priority() functions were deprecated
|
|
* gnutls-cli and gnutls-serv now have a --priority option
|
|
* PKCS #8 parser can now encode/decode DSA keys
|
|
* Corrected a segfault when setting an empty gnutls_priority_t
|
|
at gnutls_priority_set()
|
|
* Added gnutls_x509_crt_get_subject_alt_name2()
|
|
* The GPL version has been changed from version 2 to version 3.
|
|
This affects the self-tests, command-line tools, the libgnutls-extra
|
|
library, the relevant guile parts, and the build environment
|
|
- API and ABI modifications, library soname switch from 13 to 26
|
|
- change package structure:
|
|
* branch off libgnutls-extra
|
|
since this is now GPLv3 or later while libgnutls remains
|
|
LGPLv2.1 or later
|
|
* gnutls license change to GPLv3
|
|
- build without lzo support to avoid license problems
|
|
since lzo is currently GPLv2 only
|
|
- removed merged patches:
|
|
gnutls-fix_size_t.patch
|
|
* Tue Oct 23 2007 mkoenig@suse.de
|
|
- update to version 2.0.1
|
|
- change package layout to conform shlib policy:
|
|
rename gnutls-devel -> libgnutls-devel
|
|
new subpackage libgnutls13
|
|
- removed patches:
|
|
gnutls-1.4.4-sign-callback.patch
|
|
gnutls-1.6.1-compiler_warnings.patch
|
|
* Thu Aug 30 2007 mkoenig@suse.de
|
|
- fix srptool [#208227]
|
|
- fix some compiler warnings
|
|
* Fri Aug 03 2007 hvogel@suse.de
|
|
- Some additions for evolution smart card support
|
|
* Thu May 10 2007 mkoenig@suse.de
|
|
- Fix segfault on s390x [#97441]
|
|
gnutls-fix_size_t.patch
|
|
* Tue Jan 23 2007 mkoenig@suse.de
|
|
- update to new stable branch 1.6.1:
|
|
* Fix the list of trusted CAs that server's send to clients.
|
|
* Fix gnutls_certificate_set_x509_crl to initialize the CRL
|
|
before using it.
|
|
* Encode UID fields in DN's as DirectoryString.
|
|
* Fix ./configure failure with non-GCC compilers.
|
|
* A GnuTLS C++ library is part of the official distribution.
|
|
* New APIs for custom push/pull function error reporting.
|
|
* Tue Oct 24 2006 mkoenig@suse.de
|
|
- move developer related docs to devel package and remove
|
|
binary stuff from docs [#212454]
|
|
* Tue Sep 19 2006 mkoenig@suse.de
|
|
- update to version 1.4.4:
|
|
* bugfix release
|
|
* fixes security vulnerability [#206636] (CVE-2006-4790)
|
|
* Thu Aug 31 2006 mkoenig@suse.de
|
|
- update to new stable branch 1.4.1:
|
|
* The command line tools now use getaddrinfo and support IPv6.
|
|
* gnutls-cli can now recognize services and port numbers with
|
|
the -p option.
|
|
* Error messages are now translated using GNU Gettext.
|
|
* GnuTLS now support TLS Inner application (TLS/IA).
|
|
* API and ABI modifications:
|
|
+ Support for DHE-PSK cipher suites has been added.
|
|
+ Removed the RIPEMD ciphersuites.
|
|
+ Remove GnuTLS 0.8.x compatibility functions.
|
|
+ Support for TLS Pre-Shared Key (TLS-PSK) ciphersuites have
|
|
been added.
|
|
+ Certtool now generate keys in unencrypted PKCS#8 format for
|
|
empty passwords.
|
|
+ Certtool now accept --password for --key-info and encrypted
|
|
PKCS#8 keys.
|
|
+ gnutls_x509_privkey_import_pkcs8 now accept unencrypted
|
|
PEM PKCS#8 keys,
|
|
+ New function to set a X.509 private key and certificate
|
|
pairs, and/or CRLs, from an PKCS#12 file.
|
|
+ New APIs to acceess the client and server random fields in
|
|
a session.
|
|
+ New APIs to access the TLS Pseudo-Random-Function (PRF).
|
|
+ New API to access the TLS master secret.
|
|
+ The function gnutls_x509_crt_to_xml now return an internal
|
|
error.
|
|
* Several bugfixes:
|
|
+ Corrected a bug in certtool for 64 bit machines.
|
|
+ Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly.
|
|
+ Fix crash in TLS resume code, caused by TLS/IA changes.
|
|
+ Corrected bugs in gnutls_certificate_set_x509_crl() and
|
|
gnutls_certificate_set_x509_trust().
|
|
+ Fixed bug in non-blocking gnutls_bye().
|
|
+ Fix read of out bounds bug in DER parser.
|
|
+ Fixed bug in OpenPGP authentication handshake.
|
|
* Sat Feb 18 2006 ro@suse.de
|
|
- cleanup doc directory (.deps,.libs)
|
|
* Fri Feb 10 2006 hvogel@suse.de
|
|
- Update to version 1.2.10. This release fixes several serious
|
|
bugs that would make the DER decoder in libtasn1 crash on
|
|
invalid input [#149897]. Including:
|
|
* Corrected a bug in certtool for 64 bit machines.
|
|
* Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly
|
|
* Corrected bugs in gnutls_certificate_set_x509_crl() and
|
|
gnutls_certificate_set_x509_trust(), that caused memory
|
|
corruption if more than one certificates were added.
|
|
* Fixed bug in non-blocking gnutls_bye(). gnutls_record_send()
|
|
will no longer invalidate a session if the underlying send
|
|
fails, but it will prevent future writes.
|
|
* Wed Jan 25 2006 mls@suse.de
|
|
- converted neededforbuild to BuildRequires
|
|
* Tue Dec 20 2005 ro@suse.de
|
|
- do not package /usr/share/info/dir
|
|
* Fri Dec 09 2005 hvogel@suse.de
|
|
- update to version 1.2.9
|
|
* Tue Oct 25 2005 hvogel@suse.de
|
|
- update to version 1.2.8
|
|
* Mon Aug 22 2005 hvogel@suse.de
|
|
- fix data type comparison [Bug #104617]
|
|
* Sun Jul 03 2005 hvogel@suse.de
|
|
- update to version 1.2.5
|
|
* Wed Jun 29 2005 hvogel@suse.de
|
|
- patch from mrueckert to use external lzo again
|
|
* Thu Jun 23 2005 hvogel@suse.de
|
|
- use %%install_info/%%install_info_delete
|
|
* Tue Jun 07 2005 hvogel@suse.de
|
|
- update to version 1.2.4
|
|
* Fri Jun 03 2005 ro@suse.de
|
|
- fix specfile (don't apply non-existant patch1)
|
|
* Thu Jun 02 2005 hvogel@suse.de
|
|
- use included minilzo
|
|
* Wed May 25 2005 hvogel@suse.de
|
|
- Update to version 1.2.3 (fixes gnutls DOS Bug #83481)
|
|
- Include defines.h before gnutls.h, to pull in config.h, to make
|
|
sure memmem.h prototype memmem properly
|
|
* Sat Jan 29 2005 hvogel@suse.de
|
|
- Update to version 1.2.0
|
|
* Wed Jan 19 2005 hvogel@suse.de
|
|
- update to version 1.1.23
|
|
- get rid of prebuild html/ps docu again, the devel packages has
|
|
man-pages now
|
|
* Mon Dec 13 2004 hvogel@suse.de
|
|
- update to version 1.0.23
|
|
- make build of postscript/html docu configureable
|
|
* Sat Oct 23 2004 hvogel@suse.de
|
|
- move config script to the devel package
|
|
* Thu Oct 14 2004 hvogel@suse.de
|
|
- Update to version 1.0.21
|
|
* Tue Sep 28 2004 hvogel@suse.de
|
|
- add doc subpackage with prebuild html/ps docu (Bug #44496)
|
|
* Mon Sep 27 2004 hvogel@suse.de
|
|
- fix ac-quotation patch to include libgnutls-extra.m4 (Bug #46035)
|
|
* Tue Aug 31 2004 kukuk@suse.de
|
|
- Update to version 1.0.20
|
|
* Mon Aug 30 2004 kukuk@suse.de
|
|
- Add libopencdk-devel to neededforbuild
|
|
* Thu Jul 15 2004 hvogel@suse.de
|
|
- add libgcrypt-devel and lipgpg-error-devel to nfb
|
|
* Wed May 19 2004 hvogel@suse.de
|
|
- update to version 1.0.13
|
|
* Fri May 14 2004 mmj@suse.de
|
|
- Add C++ compiler to build
|
|
- Don't remove buildroot when installing
|
|
* Mon Mar 01 2004 hvogel@suse.de
|
|
- update to version 1.0.8
|
|
* Tue Feb 17 2004 hvogel@suse.de
|
|
- update to version 1.0.6
|
|
- fix autoconf quotations
|
|
* Wed May 14 2003 schubi@suse.de
|
|
- initial; Sourcecode received from XIMIAN
|