[gnutls] Updated to 3.2.7
Nikos Mavrogiannopoulos
nmav at fedoraproject.org
Mon Nov 25 16:30:04 UTC 2013
commit ac53d6df3cbb9799f77fce1c38d0b68e154e1495
Author: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date: Mon Nov 25 17:19:57 2013 +0100
Updated to 3.2.7
ecc.c | 301 --------------------------------------------
gnutls-3.1.11-suiteb.patch | 119 -----------------
gnutls-3.1.7-rpath.patch | 39 ------
gnutls-3.2.7-rpath.patch | 12 ++
gnutls-3.2.7-suiteb.patch | 77 +++++++++++
gnutls.spec | 37 +++---
hobble-gnutls | 8 +-
7 files changed, 112 insertions(+), 481 deletions(-)
---
diff --git a/gnutls-3.2.7-rpath.patch b/gnutls-3.2.7-rpath.patch
new file mode 100644
index 0000000..4e6aed3
--- /dev/null
+++ b/gnutls-3.2.7-rpath.patch
@@ -0,0 +1,12 @@
+diff -ur gnutls-3.2.7.orig/configure gnutls-3.2.7/configure
+--- gnutls-3.2.7.orig/configure 2013-11-23 11:09:49.000000000 +0100
++++ gnutls-3.2.7/configure 2013-11-25 16:53:05.559440656 +0100
+@@ -39652,7 +39652,7 @@
+ shlibpath_overrides_runpath=unknown
+ version_type=none
+ dynamic_linker="$host_os ld.so"
+-sys_lib_dlsearch_path_spec="/lib /usr/lib"
++sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64"
+ need_lib_prefix=unknown
+ hardcode_into_libs=no
+
diff --git a/gnutls-3.2.7-suiteb.patch b/gnutls-3.2.7-suiteb.patch
new file mode 100644
index 0000000..5fdb417
--- /dev/null
+++ b/gnutls-3.2.7-suiteb.patch
@@ -0,0 +1,77 @@
+diff -ur gnutls-3.2.7.orig/lib/algorithms/ecc.c gnutls-3.2.7/lib/algorithms/ecc.c
+--- gnutls-3.2.7.orig/lib/algorithms/ecc.c 2013-11-10 18:59:14.000000000 +0100
++++ gnutls-3.2.7/lib/algorithms/ecc.c 2013-11-25 17:22:28.242324562 +0100
+@@ -31,20 +31,6 @@
+
+ static const gnutls_ecc_curve_entry_st ecc_curves[] = {
+ {
+- .name = "SECP192R1",
+- .oid = "1.2.840.10045.3.1.1",
+- .id = GNUTLS_ECC_CURVE_SECP192R1,
+- .tls_id = 19,
+- .size = 24,
+- },
+- {
+- .name = "SECP224R1",
+- .oid = "1.3.132.0.33",
+- .id = GNUTLS_ECC_CURVE_SECP224R1,
+- .tls_id = 21,
+- .size = 28,
+- },
+- {
+ .name = "SECP256R1",
+ .oid = "1.2.840.10045.3.1.7",
+ .id = GNUTLS_ECC_CURVE_SECP256R1,
+diff -ur gnutls-3.2.7.orig/lib/gnutls_priority.c gnutls-3.2.7/lib/gnutls_priority.c
+--- gnutls-3.2.7.orig/lib/gnutls_priority.c 2013-11-22 22:27:37.000000000 +0100
++++ gnutls-3.2.7/lib/gnutls_priority.c 2013-11-25 17:22:34.576359546 +0100
+@@ -231,8 +231,6 @@
+ }
+
+ static const int supported_ecc_normal[] = {
+- GNUTLS_ECC_CURVE_SECP192R1,
+- GNUTLS_ECC_CURVE_SECP224R1,
+ GNUTLS_ECC_CURVE_SECP256R1,
+ GNUTLS_ECC_CURVE_SECP384R1,
+ GNUTLS_ECC_CURVE_SECP521R1,
+Only in gnutls-3.2.7/lib: gnutls_priority.c~
+diff -ur gnutls-3.2.7.orig/lib/nettle/pk.c gnutls-3.2.7/lib/nettle/pk.c
+--- gnutls-3.2.7.orig/lib/nettle/pk.c 2013-11-10 18:59:14.000000000 +0100
++++ gnutls-3.2.7/lib/nettle/pk.c 2013-11-25 17:22:28.242324562 +0100
+@@ -625,10 +625,6 @@
+ static inline const struct ecc_curve *get_supported_curve(int curve)
+ {
+ switch (curve) {
+- case GNUTLS_ECC_CURVE_SECP192R1:
+- return &nettle_secp_192r1;
+- case GNUTLS_ECC_CURVE_SECP224R1:
+- return &nettle_secp_224r1;
+ case GNUTLS_ECC_CURVE_SECP256R1:
+ return &nettle_secp_256r1;
+ case GNUTLS_ECC_CURVE_SECP384R1:
+diff -ur gnutls-3.2.7.orig/tests/mini-xssl.c gnutls-3.2.7/tests/mini-xssl.c
+--- gnutls-3.2.7.orig/tests/mini-xssl.c 2013-11-10 18:59:14.000000000 +0100
++++ gnutls-3.2.7/tests/mini-xssl.c 2013-11-25 17:22:28.243324567 +0100
+@@ -27,7 +27,8 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+
+-#if defined(_WIN32)
++/* uses unsupported curves */
++#if 1
+
+ int main()
+ {
+diff -ur gnutls-3.2.7.orig/tests/pkcs12_simple.c gnutls-3.2.7/tests/pkcs12_simple.c
+--- gnutls-3.2.7.orig/tests/pkcs12_simple.c 2013-11-10 18:59:14.000000000 +0100
++++ gnutls-3.2.7/tests/pkcs12_simple.c 2013-11-25 17:22:28.243324567 +0100
+@@ -48,6 +48,9 @@
+ gnutls_x509_privkey_t pkey;
+ int ret;
+
++ /* uses unsupported curves */
++ exit(77);
++
+ ret = global_init();
+ if (ret < 0)
+ fail("global_init failed %d\n", ret);
diff --git a/gnutls.spec b/gnutls.spec
index 78bfb46..4c85ecc 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -2,16 +2,17 @@
%bcond_with guile
Summary: A TLS protocol implementation
Name: gnutls
-Version: 3.1.16
+Version: 3.2.7
Release: 1%{?dist}
-# The libraries are LGPLv2.1+, utilities are GPLv3+, however
-# the bundled gnulib is LGPLv3+
-License: GPLv3+ and LGPLv2+ and LGPLv3+
+# The libraries are LGPLv2.1+, utilities are GPLv3+
+License: GPLv3+ and LGPLv2+
Group: System Environment/Libraries
BuildRequires: p11-kit-devel >= 0.11, gettext
BuildRequires: zlib-devel, readline-devel, libtasn1-devel >= 3.1
-BuildRequires: lzo-devel, libtool, automake, autoconf, texinfo
-BuildRequires: nettle-devel >= 2.5
+BuildRequires: libtool, automake, autoconf, texinfo
+BuildRequires: autogen-libopts-devel >= 5.18 autogen
+BuildRequires: nettle-devel >= 2.7.1
+BuildRequires: trousers-devel >= 0.3.11.2
%if %{with dane}
BuildRequires: unbound-devel
%endif
@@ -25,14 +26,12 @@ URL: http://www.gnutls.org/
Source0: %{name}-%{version}-hobbled.tar.xz
Source1: libgnutls-config
Source2: hobble-gnutls
-Source3: ecc.c
-Patch1: gnutls-3.1.7-rpath.patch
+Patch1: gnutls-3.2.7-rpath.patch
# Use only FIPS approved ciphers in the FIPS mode
Patch7: gnutls-2.12.21-fips-algorithms.patch
Patch8: gnutls-3.1.11-nosrp.patch
# Use random port in some tests to avoid conflicts during simultaneous builds on the same machine
-Patch9: gnutls-3.1.10-tests-rndport.patch
-Patch10: gnutls-3.1.11-suiteb.patch
+Patch9: gnutls-3.2.7-suiteb.patch
# Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
Provides: bundled(gnulib) = 20130424
@@ -126,13 +125,12 @@ This package contains Guile bindings for the library.
# later reused.
#%patch7 -p1 -b .fips
%patch8 -p1 -b .nosrp
-%patch9 -p1 -b .rndport
-%patch10 -p1 -b .suiteb
+%patch9 -p1 -b .suiteb
+sed 's/gnutls_srp.c//g' -i lib/Makefile.in
+sed 's/gnutls_srp.lo//g' -i lib/Makefile.in
%{SOURCE2} -e
-cp -f %{SOURCE3} lib/algorithms
-
%build
export LDFLAGS="-Wl,--no-add-needed"
@@ -158,7 +156,7 @@ export LDFLAGS="-Wl,--no-add-needed"
--disable-rpath
# Note that the arm hack above is not quite right and the proper thing would
# be to compile guile with largefile support.
-make
+make %{?_smp_mflags}
%install
make install DESTDIR=$RPM_BUILD_ROOT
@@ -178,7 +176,7 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls-dane.pc
%find_lang gnutls
%check
-make check
+make check %{?_smp_mflags}
%post -p /sbin/ldconfig
@@ -232,6 +230,7 @@ fi
%files utils
%defattr(-,root,root,-)
%{_bindir}/certtool
+%{_bindir}/tpmtool
%{_bindir}/ocsptool
%{_bindir}/psktool
%{_bindir}/p11tool
@@ -257,6 +256,12 @@ fi
%endif
%changelog
+* Mon Nov 25 2013 Nikos Mavrogiannopoulos <nmav at redhat.com> 3.2.7-1
+- new upstream release
+- added dependency to autogen-libopts-devel to use the system's
+ libopts library
+- added dependency to trousers-devel to enable TPM support
+
* Mon Nov 4 2013 Tomáš Mráz <tmraz at redhat.com> 3.1.16-1
- new upstream release
- fixes CVE-2013-4466 off-by-one in dane_query_tlsa()
diff --git a/hobble-gnutls b/hobble-gnutls
index 8b9633d..3302104 100755
--- a/hobble-gnutls
+++ b/hobble-gnutls
@@ -8,12 +8,8 @@ else
fi
# SRP
-for f in auth_srp_sb64.c auth_srp_passwd.c auth_srp_rsa.c \
- gnutls_srp.c auth_srp.c ext_srp.c ; do
+for f in auth/srp_sb64.c auth/srp_passwd.c auth/srp_rsa.c \
+ gnutls_srp.c auth/srp.c ext/srp.c ; do
eval "$CMD lib/$f"
done
-# ECC
-for f in ecc.c ; do
- eval "$CMD lib/algorithms/$f"
-done
More information about the scm-commits
mailing list