[mingw-gnutls] Update to 2.12.21
Erik van Pienbroek
epienbro at fedoraproject.org
Sat Nov 10 18:49:39 UTC 2012
commit 2715c6740d8fd1c260f9e712870df01d3dbf7bdf
Author: Erik van Pienbroek <epienbro at fedoraproject.org>
Date: Sat Nov 10 19:49:34 2012 +0100
Update to 2.12.21
.gitignore | 1 +
gnutls-2.12.20-build.patch | 24 ++++
gnutls-2.12.20-cli-debug-manpage.patch | 15 ++
gnutls-2.12.20-fips-algorithms.patch | 189 ++++++++++++++++++++++++++
gnutls-fix-external-libtasn1-detection.patch | 11 ++
mingw-gnutls.spec | 31 ++--
sources | 2 +-
7 files changed, 257 insertions(+), 16 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 42e6c52..94afe11 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@ gnutls-2.6.4-nosrp.tar.bz2
/gnutls-2.12.18-nosrp.tar.xz
/gnutls-2.12.19-nosrp.tar.xz
/gnutls-2.12.20-nosrp.tar.xz
+/gnutls-2.12.21-nosrp.tar.xz
diff --git a/gnutls-2.12.20-build.patch b/gnutls-2.12.20-build.patch
new file mode 100644
index 0000000..6c20588
--- /dev/null
+++ b/gnutls-2.12.20-build.patch
@@ -0,0 +1,24 @@
+diff -up gnutls-2.12.20/gl/stdio.in.h.build gnutls-2.12.20/gl/stdio.in.h
+--- gnutls-2.12.20/gl/stdio.in.h.build 2012-03-01 16:47:48.000000000 +0100
++++ gnutls-2.12.20/gl/stdio.in.h 2012-06-18 16:50:51.307755234 +0200
+@@ -698,7 +698,7 @@ _GL_WARN_ON_USE (getline, "getline is un
+ # endif
+ #endif
+
+-#if @GNULIB_GETS@
++#if 0
+ # if @REPLACE_STDIO_READ_FUNCS@ && @GNULIB_STDIO_H_NONBLOCKING@
+ # if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+ # undef gets
+diff -up gnutls-2.12.20/lib/gl/stdio.in.h.build gnutls-2.12.20/lib/gl/stdio.in.h
+--- gnutls-2.12.20/lib/gl/stdio.in.h.build 2012-03-01 16:53:13.000000000 +0100
++++ gnutls-2.12.20/lib/gl/stdio.in.h 2012-06-18 16:50:22.846115787 +0200
+@@ -698,7 +698,7 @@ _GL_WARN_ON_USE (getline, "getline is un
+ # endif
+ #endif
+
+-#if @GNULIB_GETS@
++#if 0
+ # if @REPLACE_STDIO_READ_FUNCS@ && @GNULIB_STDIO_H_NONBLOCKING@
+ # if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+ # undef gets
diff --git a/gnutls-2.12.20-cli-debug-manpage.patch b/gnutls-2.12.20-cli-debug-manpage.patch
new file mode 100644
index 0000000..3e40365
--- /dev/null
+++ b/gnutls-2.12.20-cli-debug-manpage.patch
@@ -0,0 +1,15 @@
+diff -up gnutls-2.12.20/doc/manpages/gnutls-cli-debug.1.cli-debug gnutls-2.12.20/doc/manpages/gnutls-cli-debug.1
+--- gnutls-2.12.20/doc/manpages/gnutls-cli-debug.1.cli-debug 2011-04-08 02:30:44.000000000 +0200
++++ gnutls-2.12.20/doc/manpages/gnutls-cli-debug.1 2012-08-08 14:23:24.397745283 +0200
+@@ -17,8 +17,10 @@ Enable debugging.
+ The port to connect to.
+ .IP "\-h, \-\-help"
+ Prints a short reminder of the command line options.
+-.IP "\-v, \-\-verbose"
++.IP "\-V, \-\-verbose"
+ Even more verbose output.
++.IP "\-v, \-\-version"
++Prints the program's version number.
+ .SH "SEE ALSO"
+ .BR gnutls\-cli (1),
+ .BR gnutls\-serv (1)
diff --git a/gnutls-2.12.20-fips-algorithms.patch b/gnutls-2.12.20-fips-algorithms.patch
new file mode 100644
index 0000000..f714bd4
--- /dev/null
+++ b/gnutls-2.12.20-fips-algorithms.patch
@@ -0,0 +1,189 @@
+diff -up gnutls-2.12.20/lib/gcrypt/init.c.fips gnutls-2.12.20/lib/gcrypt/init.c
+--- gnutls-2.12.20/lib/gcrypt/init.c.fips 2012-01-06 20:06:23.000000000 +0100
++++ gnutls-2.12.20/lib/gcrypt/init.c 2012-11-01 11:00:34.954835974 +0100
+@@ -43,6 +43,8 @@ static struct gcry_thread_cbs gct = {
+ .recvmsg = NULL,
+ };
+
++int gnutls_gcrypt_fips;
++
+ int
+ gnutls_crypto_init (void)
+ {
+@@ -72,6 +74,8 @@ gnutls_crypto_init (void)
+ return GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY;
+ }
+
++ gnutls_gcrypt_fips = gcry_fips_mode_active();
++
+ /* for gcrypt in order to be able to allocate memory */
+ gcry_control (GCRYCTL_DISABLE_SECMEM, NULL, 0);
+
+diff -up gnutls-2.12.20/lib/gnutls_priority.c.fips gnutls-2.12.20/lib/gnutls_priority.c
+--- gnutls-2.12.20/lib/gnutls_priority.c.fips 2012-01-06 20:06:23.000000000 +0100
++++ gnutls-2.12.20/lib/gnutls_priority.c 2012-11-01 11:02:52.505807199 +0100
+@@ -30,6 +30,7 @@
+ #include "gnutls_algorithms.h"
+ #include "gnutls_errors.h"
+ #include <gnutls_num.h>
++#include <gcrypt.h>
+
+ static void
+ break_comma_list (char *etag,
+@@ -223,6 +224,13 @@ static const int protocol_priority[] = {
+ 0
+ };
+
++static const int protocol_priority_fips[] = {
++ GNUTLS_TLS1_2,
++ GNUTLS_TLS1_1,
++ GNUTLS_TLS1_0,
++ 0
++};
++
+ static const int kx_priority_performance[] = {
+ GNUTLS_KX_RSA,
+ GNUTLS_KX_DHE_RSA,
+@@ -269,6 +277,13 @@ static const int cipher_priority_perform
+ 0
+ };
+
++static const int cipher_priority_performance_fips[] = {
++ GNUTLS_CIPHER_AES_128_CBC,
++ GNUTLS_CIPHER_3DES_CBC,
++ GNUTLS_CIPHER_AES_256_CBC,
++ 0
++};
++
+ static const int cipher_priority_normal[] = {
+ GNUTLS_CIPHER_AES_128_CBC,
+ #ifdef ENABLE_CAMELLIA
+@@ -284,6 +299,13 @@ static const int cipher_priority_normal[
+ 0
+ };
+
++static const int cipher_priority_normal_fips[] = {
++ GNUTLS_CIPHER_AES_128_CBC,
++ GNUTLS_CIPHER_AES_256_CBC,
++ GNUTLS_CIPHER_3DES_CBC,
++ 0
++};
++
+ static const int cipher_priority_secure128[] = {
+ GNUTLS_CIPHER_AES_128_CBC,
+ #ifdef ENABLE_CAMELLIA
+@@ -295,6 +317,11 @@ static const int cipher_priority_secure1
+ 0
+ };
+
++static const int cipher_priority_secure128_fips[] = {
++ GNUTLS_CIPHER_AES_128_CBC,
++ GNUTLS_CIPHER_3DES_CBC,
++ 0
++};
+
+ static const int cipher_priority_secure256[] = {
+ GNUTLS_CIPHER_AES_256_CBC,
+@@ -311,6 +338,13 @@ static const int cipher_priority_secure2
+ 0
+ };
+
++static const int cipher_priority_secure256_fips[] = {
++ GNUTLS_CIPHER_AES_256_CBC,
++ GNUTLS_CIPHER_AES_128_CBC,
++ GNUTLS_CIPHER_3DES_CBC,
++ 0
++};
++
+ /* The same as cipher_priority_security_normal + arcfour-40. */
+ static const int cipher_priority_export[] = {
+ GNUTLS_CIPHER_AES_128_CBC,
+@@ -362,6 +396,12 @@ static const int mac_priority_normal[] =
+ 0
+ };
+
++static const int mac_priority_normal_fips[] = {
++ GNUTLS_MAC_SHA1,
++ GNUTLS_MAC_SHA256,
++ 0
++};
++
+
+ static const int mac_priority_secure[] = {
+ GNUTLS_MAC_SHA256,
+@@ -462,6 +502,8 @@ gnutls_priority_set (gnutls_session_t se
+
+ #define MAX_ELEMENTS 48
+
++extern int gnutls_gcrypt_fips;
++
+ /**
+ * gnutls_priority_init:
+ * @priority_cache: is a #gnutls_prioritity_t structure.
+@@ -561,7 +603,7 @@ gnutls_priority_init (gnutls_priority_t
+ */
+ if (strcasecmp (broken_list[0], "NONE") != 0)
+ {
+- _set_priority (&(*priority_cache)->protocol, protocol_priority);
++ _set_priority (&(*priority_cache)->protocol, gnutls_gcrypt_fips?protocol_priority_fips:protocol_priority);
+ _set_priority (&(*priority_cache)->compression, comp_priority);
+ _set_priority (&(*priority_cache)->cert_type, cert_type_priority_default);
+ _set_priority (&(*priority_cache)->sign_algo, sign_priority_default);
+@@ -577,17 +619,17 @@ gnutls_priority_init (gnutls_priority_t
+ if (strcasecmp (broken_list[i], "PERFORMANCE") == 0)
+ {
+ _set_priority (&(*priority_cache)->cipher,
+- cipher_priority_performance);
++ gnutls_gcrypt_fips?cipher_priority_performance_fips:cipher_priority_performance);
+ _set_priority (&(*priority_cache)->kx, kx_priority_performance);
+- _set_priority (&(*priority_cache)->mac, mac_priority_normal);
++ _set_priority (&(*priority_cache)->mac, gnutls_gcrypt_fips?mac_priority_normal_fips:mac_priority_normal);
+ _set_priority (&(*priority_cache)->sign_algo,
+ sign_priority_default);
+ }
+ else if (strcasecmp (broken_list[i], "NORMAL") == 0)
+ {
+- _set_priority (&(*priority_cache)->cipher, cipher_priority_normal);
++ _set_priority (&(*priority_cache)->cipher, gnutls_gcrypt_fips?cipher_priority_normal_fips:cipher_priority_normal);
+ _set_priority (&(*priority_cache)->kx, kx_priority_secure);
+- _set_priority (&(*priority_cache)->mac, mac_priority_normal);
++ _set_priority (&(*priority_cache)->mac, gnutls_gcrypt_fips?mac_priority_normal_fips:mac_priority_normal);
+ _set_priority (&(*priority_cache)->sign_algo,
+ sign_priority_default);
+ }
+@@ -595,7 +637,7 @@ gnutls_priority_init (gnutls_priority_t
+ || strcasecmp (broken_list[i], "SECURE") == 0)
+ {
+ _set_priority (&(*priority_cache)->cipher,
+- cipher_priority_secure256);
++ gnutls_gcrypt_fips?cipher_priority_secure256_fips:cipher_priority_secure256);
+ _set_priority (&(*priority_cache)->kx, kx_priority_secure);
+ _set_priority (&(*priority_cache)->mac, mac_priority_secure);
+ _set_priority (&(*priority_cache)->sign_algo,
+@@ -604,7 +646,7 @@ gnutls_priority_init (gnutls_priority_t
+ else if (strcasecmp (broken_list[i], "SECURE128") == 0)
+ {
+ _set_priority (&(*priority_cache)->cipher,
+- cipher_priority_secure128);
++ gnutls_gcrypt_fips?cipher_priority_secure128_fips:cipher_priority_secure128);
+ _set_priority (&(*priority_cache)->kx, kx_priority_secure);
+ _set_priority (&(*priority_cache)->mac, mac_priority_secure);
+ _set_priority (&(*priority_cache)->sign_algo,
+@@ -646,7 +688,7 @@ gnutls_priority_init (gnutls_priority_t
+ if (strncasecmp (&broken_list[i][1], "VERS-TLS-ALL", 12) == 0)
+ {
+ bulk_fn (&(*priority_cache)->protocol,
+- protocol_priority);
++ gnutls_gcrypt_fips?protocol_priority_fips:protocol_priority);
+ }
+ else
+ {
+@@ -718,7 +760,7 @@ gnutls_priority_init (gnutls_priority_t
+ else if (strncasecmp (&broken_list[i][1], "CIPHER-ALL", 7) == 0)
+ {
+ bulk_fn (&(*priority_cache)->cipher,
+- cipher_priority_normal);
++ gnutls_gcrypt_fips?cipher_priority_normal_fips:cipher_priority_normal);
+ }
+ else
+ goto error;
diff --git a/gnutls-fix-external-libtasn1-detection.patch b/gnutls-fix-external-libtasn1-detection.patch
new file mode 100644
index 0000000..394452d
--- /dev/null
+++ b/gnutls-fix-external-libtasn1-detection.patch
@@ -0,0 +1,11 @@
+--- libextra/Makefile.in.orig 2012-11-10 19:36:18.494349100 +0100
++++ libextra/Makefile.in 2012-11-10 19:36:35.285639632 +0100
+@@ -80,7 +80,7 @@
+ @ENABLE_OPENSSL_TRUE at am__append_2 = libgnutls-openssl.la
+ @ENABLE_OPENSSL_TRUE at am__append_3 = -version-info $(LT_SSL_CURRENT):$(LT_SSL_REVISION):$(LT_SSL_AGE)
+ @ENABLE_MINITASN1_TRUE@@ENABLE_OPENSSL_TRUE at am__append_4 = ../lib/minitasn1/libminitasn1.la
+- at ENABLE_MINITASN1_FALSE@@ENABLE_OPENSSL_TRUE at am__append_5 = $(LTLIBTASN1)
++ at ENABLE_MINITASN1_FALSE@@ENABLE_OPENSSL_TRUE at am__append_5 = $(LIBTASN1_LIBS)
+ @ENABLE_OPENSSL_TRUE@@HAVE_LD_OUTPUT_DEF_TRUE at am__append_6 = \
+ @ENABLE_OPENSSL_TRUE@@HAVE_LD_OUTPUT_DEF_TRUE@ -Wl,--output-def,libgnutls-openssl-$(DLL_VERSION).def
+
diff --git a/mingw-gnutls.spec b/mingw-gnutls.spec
index e66a3c3..1a29343 100644
--- a/mingw-gnutls.spec
+++ b/mingw-gnutls.spec
@@ -1,11 +1,8 @@
%?mingw_package_header
-%global mingw_build_win32 1
-%global mingw_build_win64 1
-
Name: mingw-gnutls
-Version: 2.12.20
-Release: 2%{?dist}
+Version: 2.12.21
+Release: 1%{?dist}
Summary: MinGW GnuTLS TLS/SSL encryption library
License: GPLv3+ and LGPLv2+
@@ -26,10 +23,15 @@ Patch3: gnutls-2.12.2-nosrp.patch
Patch4: gnutls-2.12.7-dsa-skiptests.patch
# Make it build with recent glibc that removed gets
# Not needed for MinGW
-# Patch5: gnutls-2.12.20-build.patch
+#Patch5: gnutls-2.12.20-build.patch
+# Fix the gnutls-cli-debug manpage
+Patch6: gnutls-2.12.20-cli-debug-manpage.patch
+# Use only FIPS approved ciphers in the FIPS mode
+Patch7: gnutls-2.12.20-fips-algorithms.patch
# MinGW-specific patches.
Patch1001: gnutls-mingw-compile-fix.patch
+Patch1002: gnutls-fix-external-libtasn1-detection.patch
BuildRequires: mingw32-filesystem >= 95
BuildRequires: mingw32-gcc
@@ -101,25 +103,21 @@ for MinGW.
%patch1 -p1 -b .rpath
%patch2 -p1 -b .link
%patch3 -p1 -b .nosrp
-%patch4 -p1 -b .dsa-skiptests
-# %patch5 -p1 -b .build
+%patch4 -p1 -b .skiptests
+#%patch5 -p1 -b .build
+%patch6 -p1 -b .cli-debug
+%patch7 -p1 -b .fips
%patch1001 -p0 -b .mingw_compile
+%patch1002 -p0 -b .libtasn1
for i in auth_srp_rsa.c auth_srp_sb64.c auth_srp_passwd.c auth_srp.c gnutls_srp.c ext_srp.c; do
touch lib/$i
done
-%if 0%{?fedora} > 10
-libtoolize --force --copy
-aclocal
-autoreconf
-%endif
-
%build
%mingw_configure \
- --with-libtasn1-prefix=%{_prefix} \
--with-included-libcfg \
--disable-srp-authentication \
--disable-static \
@@ -191,6 +189,9 @@ rm -rf $RPM_BUILD_ROOT%{mingw64_mandir}
%changelog
+* Sat Nov 10 2012 Erik van Pienbroek <epienbro at fedoraproject.org> - 2.12.21-1
+- Update to 2.12.21
+
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.12.20-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
diff --git a/sources b/sources
index bca8ce5..38e3039 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-5051728a2cf76d2335a9854f521db98b gnutls-2.12.20-nosrp.tar.xz
+19b4eedf027e0313eff979e5fe391194 gnutls-2.12.21-nosrp.tar.xz
More information about the scm-commits
mailing list