[gnutls] Updated to 3.2.7

Nikos Mavrogiannopoulos nmav at fedoraproject.org
Mon Nov 25 16:30:04 UTC 2013 

commit ac53d6df3cbb9799f77fce1c38d0b68e154e1495
Author: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date:   Mon Nov 25 17:19:57 2013 +0100

    Updated to 3.2.7

 ecc.c                      |  301 --------------------------------------------
 gnutls-3.1.11-suiteb.patch |  119 -----------------
 gnutls-3.1.7-rpath.patch   |   39 ------
 gnutls-3.2.7-rpath.patch   |   12 ++
 gnutls-3.2.7-suiteb.patch  |   77 +++++++++++
 gnutls.spec                |   37 +++---
 hobble-gnutls              |    8 +-
 7 files changed, 112 insertions(+), 481 deletions(-)
---
diff --git a/gnutls-3.2.7-rpath.patch b/gnutls-3.2.7-rpath.patch
new file mode 100644
index 0000000..4e6aed3
--- /dev/null
+++ b/gnutls-3.2.7-rpath.patch
@@ -0,0 +1,12 @@
+diff -ur gnutls-3.2.7.orig/configure gnutls-3.2.7/configure
+--- gnutls-3.2.7.orig/configure	2013-11-23 11:09:49.000000000 +0100
++++ gnutls-3.2.7/configure	2013-11-25 16:53:05.559440656 +0100
+@@ -39652,7 +39652,7 @@
+ shlibpath_overrides_runpath=unknown
+ version_type=none
+ dynamic_linker="$host_os ld.so"
+-sys_lib_dlsearch_path_spec="/lib /usr/lib"
++sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64"
+ need_lib_prefix=unknown
+ hardcode_into_libs=no
+ 
diff --git a/gnutls-3.2.7-suiteb.patch b/gnutls-3.2.7-suiteb.patch
new file mode 100644
index 0000000..5fdb417
--- /dev/null
+++ b/gnutls-3.2.7-suiteb.patch
@@ -0,0 +1,77 @@
+diff -ur gnutls-3.2.7.orig/lib/algorithms/ecc.c gnutls-3.2.7/lib/algorithms/ecc.c
+--- gnutls-3.2.7.orig/lib/algorithms/ecc.c	2013-11-10 18:59:14.000000000 +0100
++++ gnutls-3.2.7/lib/algorithms/ecc.c	2013-11-25 17:22:28.242324562 +0100
+@@ -31,20 +31,6 @@
+ 
+ static const gnutls_ecc_curve_entry_st ecc_curves[] = {
+ 	{
+-	 .name = "SECP192R1",
+-	 .oid = "1.2.840.10045.3.1.1",
+-	 .id = GNUTLS_ECC_CURVE_SECP192R1,
+-	 .tls_id = 19,
+-	 .size = 24,
+-	 },
+-	{
+-	 .name = "SECP224R1",
+-	 .oid = "1.3.132.0.33",
+-	 .id = GNUTLS_ECC_CURVE_SECP224R1,
+-	 .tls_id = 21,
+-	 .size = 28,
+-	 },
+-	{
+ 	 .name = "SECP256R1",
+ 	 .oid = "1.2.840.10045.3.1.7",
+ 	 .id = GNUTLS_ECC_CURVE_SECP256R1,
+diff -ur gnutls-3.2.7.orig/lib/gnutls_priority.c gnutls-3.2.7/lib/gnutls_priority.c
+--- gnutls-3.2.7.orig/lib/gnutls_priority.c	2013-11-22 22:27:37.000000000 +0100
++++ gnutls-3.2.7/lib/gnutls_priority.c	2013-11-25 17:22:34.576359546 +0100
+@@ -231,8 +231,6 @@
+ }
+ 
+ static const int supported_ecc_normal[] = {
+-	GNUTLS_ECC_CURVE_SECP192R1,
+-	GNUTLS_ECC_CURVE_SECP224R1,
+ 	GNUTLS_ECC_CURVE_SECP256R1,
+ 	GNUTLS_ECC_CURVE_SECP384R1,
+ 	GNUTLS_ECC_CURVE_SECP521R1,
+Only in gnutls-3.2.7/lib: gnutls_priority.c~
+diff -ur gnutls-3.2.7.orig/lib/nettle/pk.c gnutls-3.2.7/lib/nettle/pk.c
+--- gnutls-3.2.7.orig/lib/nettle/pk.c	2013-11-10 18:59:14.000000000 +0100
++++ gnutls-3.2.7/lib/nettle/pk.c	2013-11-25 17:22:28.242324562 +0100
+@@ -625,10 +625,6 @@
+ static inline const struct ecc_curve *get_supported_curve(int curve)
+ {
+ 	switch (curve) {
+-	case GNUTLS_ECC_CURVE_SECP192R1:
+-		return &nettle_secp_192r1;
+-	case GNUTLS_ECC_CURVE_SECP224R1:
+-		return &nettle_secp_224r1;
+ 	case GNUTLS_ECC_CURVE_SECP256R1:
+ 		return &nettle_secp_256r1;
+ 	case GNUTLS_ECC_CURVE_SECP384R1:
+diff -ur gnutls-3.2.7.orig/tests/mini-xssl.c gnutls-3.2.7/tests/mini-xssl.c
+--- gnutls-3.2.7.orig/tests/mini-xssl.c	2013-11-10 18:59:14.000000000 +0100
++++ gnutls-3.2.7/tests/mini-xssl.c	2013-11-25 17:22:28.243324567 +0100
+@@ -27,7 +27,8 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ 
+-#if defined(_WIN32)
++/* uses unsupported curves */
++#if 1
+ 
+ int main()
+ {
+diff -ur gnutls-3.2.7.orig/tests/pkcs12_simple.c gnutls-3.2.7/tests/pkcs12_simple.c
+--- gnutls-3.2.7.orig/tests/pkcs12_simple.c	2013-11-10 18:59:14.000000000 +0100
++++ gnutls-3.2.7/tests/pkcs12_simple.c	2013-11-25 17:22:28.243324567 +0100
+@@ -48,6 +48,9 @@
+ 	gnutls_x509_privkey_t pkey;
+ 	int ret;
+ 
++	/* uses unsupported curves */
++	exit(77);
++
+ 	ret = global_init();
+ 	if (ret < 0)
+ 		fail("global_init failed %d\n", ret);
diff --git a/gnutls.spec b/gnutls.spec
index 78bfb46..4c85ecc 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -2,16 +2,17 @@
 %bcond_with guile
 Summary: A TLS protocol implementation
 Name: gnutls
-Version: 3.1.16
+Version: 3.2.7
 Release: 1%{?dist}
-# The libraries are LGPLv2.1+, utilities are GPLv3+, however
-# the bundled gnulib is LGPLv3+
-License: GPLv3+ and LGPLv2+ and LGPLv3+
+# The libraries are LGPLv2.1+, utilities are GPLv3+
+License: GPLv3+ and LGPLv2+
 Group: System Environment/Libraries
 BuildRequires: p11-kit-devel >= 0.11, gettext
 BuildRequires: zlib-devel, readline-devel, libtasn1-devel >= 3.1
-BuildRequires: lzo-devel, libtool, automake, autoconf, texinfo
-BuildRequires: nettle-devel >= 2.5
+BuildRequires: libtool, automake, autoconf, texinfo
+BuildRequires: autogen-libopts-devel >= 5.18 autogen
+BuildRequires: nettle-devel >= 2.7.1
+BuildRequires: trousers-devel >= 0.3.11.2
 %if %{with dane}
 BuildRequires: unbound-devel
 %endif
@@ -25,14 +26,12 @@ URL: http://www.gnutls.org/
 Source0: %{name}-%{version}-hobbled.tar.xz
 Source1: libgnutls-config
 Source2: hobble-gnutls
-Source3: ecc.c
-Patch1: gnutls-3.1.7-rpath.patch
+Patch1: gnutls-3.2.7-rpath.patch
 # Use only FIPS approved ciphers in the FIPS mode
 Patch7: gnutls-2.12.21-fips-algorithms.patch
 Patch8: gnutls-3.1.11-nosrp.patch
 # Use random port in some tests to avoid conflicts during simultaneous builds on the same machine
-Patch9: gnutls-3.1.10-tests-rndport.patch
-Patch10: gnutls-3.1.11-suiteb.patch
+Patch9: gnutls-3.2.7-suiteb.patch
 
 # Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
 Provides: bundled(gnulib) = 20130424
@@ -126,13 +125,12 @@ This package contains Guile bindings for the library.
 # later reused.
 #%patch7 -p1 -b .fips
 %patch8 -p1 -b .nosrp
-%patch9 -p1 -b .rndport
-%patch10 -p1 -b .suiteb
+%patch9 -p1 -b .suiteb
+sed 's/gnutls_srp.c//g' -i lib/Makefile.in
+sed 's/gnutls_srp.lo//g' -i lib/Makefile.in
 
 %{SOURCE2} -e
 
-cp -f %{SOURCE3} lib/algorithms
-
 %build
 
 export LDFLAGS="-Wl,--no-add-needed"
@@ -158,7 +156,7 @@ export LDFLAGS="-Wl,--no-add-needed"
            --disable-rpath
 # Note that the arm hack above is not quite right and the proper thing would
 # be to compile guile with largefile support.
-make
+make %{?_smp_mflags}
 
 %install
 make install DESTDIR=$RPM_BUILD_ROOT
@@ -178,7 +176,7 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls-dane.pc
 %find_lang gnutls
 
 %check
-make check
+make check %{?_smp_mflags}
 
 %post -p /sbin/ldconfig
 
@@ -232,6 +230,7 @@ fi
 %files utils
 %defattr(-,root,root,-)
 %{_bindir}/certtool
+%{_bindir}/tpmtool
 %{_bindir}/ocsptool
 %{_bindir}/psktool
 %{_bindir}/p11tool
@@ -257,6 +256,12 @@ fi
 %endif
 
 %changelog
+* Mon Nov 25 2013 Nikos Mavrogiannopoulos <nmav at redhat.com> 3.2.7-1
+- new upstream release
+- added dependency to autogen-libopts-devel to use the system's
+  libopts library
+- added dependency to trousers-devel to enable TPM support
+
 * Mon Nov  4 2013 Tomáš Mráz <tmraz at redhat.com> 3.1.16-1
 - new upstream release
 - fixes CVE-2013-4466 off-by-one in dane_query_tlsa()
diff --git a/hobble-gnutls b/hobble-gnutls
index 8b9633d..3302104 100755
--- a/hobble-gnutls
+++ b/hobble-gnutls
@@ -8,12 +8,8 @@ else
 fi
 
 # SRP
-for f in auth_srp_sb64.c auth_srp_passwd.c auth_srp_rsa.c \
-    gnutls_srp.c auth_srp.c ext_srp.c ; do
+for f in auth/srp_sb64.c auth/srp_passwd.c auth/srp_rsa.c \
+    gnutls_srp.c auth/srp.c ext/srp.c ; do
     eval "$CMD lib/$f"
 done
 
-# ECC
-for f in ecc.c ; do
-    eval "$CMD lib/algorithms/$f"
-done

More information about the scm-commits mailing list