[gnutls/f20] updated for 3.1.17
Nikos Mavrogiannopoulos
nmav at fedoraproject.org
Tue Nov 26 10:53:08 UTC 2013
commit 965b0c92313f4fe0271f0f0946ae6d8c6e198956
Author: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date: Tue Nov 26 11:50:01 2013 +0100
updated for 3.1.17
ecc.c | 13 ++++
gnutls-3.1.17-rpath.patch | 29 +++++++++
...1.11-suiteb.patch => gnutls-3.1.17-suiteb.patch | 53 ++++++++++------
gnutls-3.1.7-rpath.patch | 39 ------------
gnutls.spec | 64 +++++++++++++-------
hobble-gnutls | 4 +-
6 files changed, 119 insertions(+), 83 deletions(-)
---
diff --git a/ecc.c b/ecc.c
index 7ca1776..f4869b0 100644
--- a/ecc.c
+++ b/ecc.c
@@ -56,6 +56,19 @@ static const gnutls_ecc_curve_entry_st ecc_curves[] = {
.Gx = "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
.Gy = "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F"
},
+ {
+ .name = "SECP521R1",
+ .oid = "1.3.132.0.35",
+ .id = GNUTLS_ECC_CURVE_SECP521R1,
+ .tls_id = 25,
+ .size = 66,
+ .prime = "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+ .A = "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
+ .B = "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
+ .order = "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
+ .Gx = "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
+ .Gy = "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
+ },
{0, 0, 0}
};
diff --git a/gnutls-3.1.17-rpath.patch b/gnutls-3.1.17-rpath.patch
new file mode 100644
index 0000000..bac0981
--- /dev/null
+++ b/gnutls-3.1.17-rpath.patch
@@ -0,0 +1,29 @@
+diff -ur gnutls-3.1.17.orig/configure gnutls-3.1.17/configure
+--- gnutls-3.1.17.orig/configure 2013-11-23 10:55:26.000000000 +0100
++++ gnutls-3.1.17/configure 2013-11-26 11:33:04.865342480 +0100
+@@ -49103,7 +49103,7 @@
+ shlibpath_overrides_runpath=unknown
+ version_type=none
+ dynamic_linker="$host_os ld.so"
+-sys_lib_dlsearch_path_spec="/lib /usr/lib"
++sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64"
+ need_lib_prefix=unknown
+ hardcode_into_libs=no
+
+@@ -52940,7 +52940,7 @@
+ shlibpath_overrides_runpath=unknown
+ version_type=none
+ dynamic_linker="$host_os ld.so"
+-sys_lib_dlsearch_path_spec="/lib /usr/lib"
++sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64"
+ need_lib_prefix=unknown
+ hardcode_into_libs=no
+
+Only in gnutls-3.1.17: configure~
+Only in gnutls-3.1.17.orig/lib/algorithms: ecc.c
+Only in gnutls-3.1.17.orig/lib/auth: srp.c
+Only in gnutls-3.1.17.orig/lib/auth: srp_passwd.c
+Only in gnutls-3.1.17.orig/lib/auth: srp_rsa.c
+Only in gnutls-3.1.17.orig/lib/auth: srp_sb64.c
+Only in gnutls-3.1.17.orig/lib/ext: srp.c
+Only in gnutls-3.1.17.orig/lib: gnutls_srp.c
diff --git a/gnutls-3.1.11-suiteb.patch b/gnutls-3.1.17-suiteb.patch
similarity index 62%
rename from gnutls-3.1.11-suiteb.patch
rename to gnutls-3.1.17-suiteb.patch
index c4dd390..2f39294 100644
--- a/gnutls-3.1.11-suiteb.patch
+++ b/gnutls-3.1.17-suiteb.patch
@@ -1,7 +1,7 @@
-diff -up gnutls-3.1.11/lib/gnutls_ecc.c.suiteb gnutls-3.1.11/lib/gnutls_ecc.c
---- gnutls-3.1.11/lib/gnutls_ecc.c.suiteb 2013-04-27 10:04:48.000000000 +0200
-+++ gnutls-3.1.11/lib/gnutls_ecc.c 2013-05-23 10:08:45.331883555 +0200
-@@ -129,6 +129,12 @@ int ret;
+diff -ur gnutls-3.1.17.orig/lib/gnutls_ecc.c gnutls-3.1.17/lib/gnutls_ecc.c
+--- gnutls-3.1.17.orig/lib/gnutls_ecc.c 2013-04-02 22:27:35.000000000 +0200
++++ gnutls-3.1.17/lib/gnutls_ecc.c 2013-11-26 11:43:30.333701318 +0100
+@@ -129,6 +129,12 @@
goto cleanup;
}
params->params_nr++;
@@ -14,10 +14,23 @@ diff -up gnutls-3.1.11/lib/gnutls_ecc.c.suiteb gnutls-3.1.11/lib/gnutls_ecc.c
val_size = sizeof(val);
ret = _gnutls_hex2bin(st->order, strlen(st->order), val, &val_size);
-diff -up gnutls-3.1.11/lib/nettle/ecc_mulmod_cached.c.suiteb gnutls-3.1.11/lib/nettle/ecc_mulmod_cached.c
---- gnutls-3.1.11/lib/nettle/ecc_mulmod_cached.c.suiteb 2013-04-27 10:04:48.000000000 +0200
-+++ gnutls-3.1.11/lib/nettle/ecc_mulmod_cached.c 2013-05-23 10:24:56.575967312 +0200
-@@ -42,6 +42,7 @@ typedef struct
+diff -ur gnutls-3.1.17.orig/lib/gnutls_priority.c gnutls-3.1.17/lib/gnutls_priority.c
+--- gnutls-3.1.17.orig/lib/gnutls_priority.c 2013-11-19 18:36:38.000000000 +0100
++++ gnutls-3.1.17/lib/gnutls_priority.c 2013-11-26 11:43:36.716735711 +0100
+@@ -245,8 +245,6 @@
+ }
+
+ static const int supported_ecc_normal[] = {
+- GNUTLS_ECC_CURVE_SECP192R1,
+- GNUTLS_ECC_CURVE_SECP224R1,
+ GNUTLS_ECC_CURVE_SECP256R1,
+ GNUTLS_ECC_CURVE_SECP384R1,
+ GNUTLS_ECC_CURVE_SECP521R1,
+Only in gnutls-3.1.17/lib: gnutls_priority.c~
+diff -ur gnutls-3.1.17.orig/lib/nettle/ecc_mulmod_cached.c gnutls-3.1.17/lib/nettle/ecc_mulmod_cached.c
+--- gnutls-3.1.17.orig/lib/nettle/ecc_mulmod_cached.c 2013-04-02 22:27:35.000000000 +0200
++++ gnutls-3.1.17/lib/nettle/ecc_mulmod_cached.c 2013-11-26 11:43:30.334701328 +0100
+@@ -42,6 +42,7 @@
/* global cache */
static gnutls_ecc_curve_cache_entry_t *ecc_wmnaf_cache = NULL;
@@ -25,7 +38,7 @@ diff -up gnutls-3.1.11/lib/nettle/ecc_mulmod_cached.c.suiteb gnutls-3.1.11/lib/n
/* free single cache entry */
static void
-@@ -63,9 +64,10 @@ ecc_wmnaf_cache_free (void)
+@@ -63,9 +64,10 @@
gnutls_ecc_curve_cache_entry_t *p = ecc_wmnaf_cache;
if (p)
{
@@ -38,7 +51,7 @@ diff -up gnutls-3.1.11/lib/nettle/ecc_mulmod_cached.c.suiteb gnutls-3.1.11/lib/n
}
free (ecc_wmnaf_cache);
-@@ -198,7 +200,7 @@ ecc_wmnaf_cache_init (void)
+@@ -198,7 +200,7 @@
const gnutls_ecc_curve_t *p;
ret = (gnutls_ecc_curve_cache_entry_t *)
@@ -47,7 +60,7 @@ diff -up gnutls-3.1.11/lib/nettle/ecc_mulmod_cached.c.suiteb gnutls-3.1.11/lib/n
if (ret == NULL)
return GNUTLS_E_MEMORY_ERROR;
-@@ -207,12 +209,16 @@ ecc_wmnaf_cache_init (void)
+@@ -207,12 +209,16 @@
for (j = 0; *p; ++p, ++j)
{
@@ -67,7 +80,7 @@ diff -up gnutls-3.1.11/lib/nettle/ecc_mulmod_cached.c.suiteb gnutls-3.1.11/lib/n
err = GNUTLS_E_SUCCESS;
-@@ -223,7 +229,8 @@ done:
+@@ -223,7 +229,8 @@
int i;
for (i = 0; i < j; ++i)
{
@@ -77,7 +90,7 @@ diff -up gnutls-3.1.11/lib/nettle/ecc_mulmod_cached.c.suiteb gnutls-3.1.11/lib/n
}
free (ret);
-@@ -445,9 +452,11 @@ ecc_mulmod_cached_lookup (mpz_t k, ecc_p
+@@ -445,9 +452,11 @@
if (k == NULL || G == NULL || R == NULL || modulus == NULL)
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
@@ -91,9 +104,9 @@ diff -up gnutls-3.1.11/lib/nettle/ecc_mulmod_cached.c.suiteb gnutls-3.1.11/lib/n
!(mpz_cmp (G->y, ecc_wmnaf_cache[i].pos[0]->y)))
{
break;
-diff -up gnutls-3.1.11/tests/mini-xssl.c.suiteb gnutls-3.1.11/tests/mini-xssl.c
---- gnutls-3.1.11/tests/mini-xssl.c.suiteb 2013-05-10 10:10:27.000000000 +0200
-+++ gnutls-3.1.11/tests/mini-xssl.c 2013-05-23 11:58:22.670298910 +0200
+diff -ur gnutls-3.1.17.orig/tests/mini-xssl.c gnutls-3.1.17/tests/mini-xssl.c
+--- gnutls-3.1.17.orig/tests/mini-xssl.c 2013-05-30 08:50:22.000000000 +0200
++++ gnutls-3.1.17/tests/mini-xssl.c 2013-11-26 11:43:30.334701328 +0100
@@ -27,7 +27,8 @@
#include <stdio.h>
#include <stdlib.h>
@@ -104,10 +117,10 @@ diff -up gnutls-3.1.11/tests/mini-xssl.c.suiteb gnutls-3.1.11/tests/mini-xssl.c
int main()
{
-diff -up gnutls-3.1.11/tests/pkcs12_simple.c.suiteb gnutls-3.1.11/tests/pkcs12_simple.c
---- gnutls-3.1.11/tests/pkcs12_simple.c.suiteb 2013-05-10 10:10:27.000000000 +0200
-+++ gnutls-3.1.11/tests/pkcs12_simple.c 2013-05-23 11:57:59.776799848 +0200
-@@ -50,6 +50,9 @@ doit (void)
+diff -ur gnutls-3.1.17.orig/tests/pkcs12_simple.c gnutls-3.1.17/tests/pkcs12_simple.c
+--- gnutls-3.1.17.orig/tests/pkcs12_simple.c 2013-05-21 20:27:20.000000000 +0200
++++ gnutls-3.1.17/tests/pkcs12_simple.c 2013-11-26 11:43:30.334701328 +0100
+@@ -50,6 +50,9 @@
gnutls_x509_privkey_t pkey;
int ret;
diff --git a/gnutls.spec b/gnutls.spec
index 78bfb46..1b52316 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -2,7 +2,7 @@
%bcond_with guile
Summary: A TLS protocol implementation
Name: gnutls
-Version: 3.1.16
+Version: 3.1.17
Release: 1%{?dist}
# The libraries are LGPLv2.1+, utilities are GPLv3+, however
# the bundled gnulib is LGPLv3+
@@ -10,8 +10,10 @@ License: GPLv3+ and LGPLv2+ and LGPLv3+
Group: System Environment/Libraries
BuildRequires: p11-kit-devel >= 0.11, gettext
BuildRequires: zlib-devel, readline-devel, libtasn1-devel >= 3.1
-BuildRequires: lzo-devel, libtool, automake, autoconf, texinfo
+BuildRequires: libtool, automake, autoconf, texinfo
BuildRequires: nettle-devel >= 2.5
+BuildRequires: autogen-libopts-devel >= 5.18 autogen
+BuildRequires: trousers-devel >= 0.3.11.2
%if %{with dane}
BuildRequires: unbound-devel
%endif
@@ -26,13 +28,13 @@ Source0: %{name}-%{version}-hobbled.tar.xz
Source1: libgnutls-config
Source2: hobble-gnutls
Source3: ecc.c
-Patch1: gnutls-3.1.7-rpath.patch
+Patch1: gnutls-3.1.17-rpath.patch
# Use only FIPS approved ciphers in the FIPS mode
Patch7: gnutls-2.12.21-fips-algorithms.patch
Patch8: gnutls-3.1.11-nosrp.patch
# Use random port in some tests to avoid conflicts during simultaneous builds on the same machine
Patch9: gnutls-3.1.10-tests-rndport.patch
-Patch10: gnutls-3.1.11-suiteb.patch
+Patch10: gnutls-3.1.17-suiteb.patch
# Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
Provides: bundled(gnulib) = 20130424
@@ -77,44 +79,56 @@ Requires: guile
%endif
%description
-GnuTLS is a project that aims to develop a library which provides a secure
-layer, over a reliable transport layer. Currently the GnuTLS library implements
-the proposed standards by the IETF's TLS working group.
+GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
+protocols and technologies around them. It provides a simple C language
+application programming interface (API) to access the secure communications
+protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
+other required structures.
%description c++
-GnuTLS is a project that aims to develop a library which provides a secure
-layer, over a reliable transport layer. Currently the GnuTLS library implements
-the proposed standards by the IETF's TLS working group.
+GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
+protocols and technologies around them. It provides a simple C language
+application programming interface (API) to access the secure communications
+protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
+other required structures.
This package contains the C++ interface for the GnuTLS library.
%description devel
-GnuTLS is a project that aims to develop a library which provides a secure
-layer, over a reliable transport layer. Currently the GnuTLS library implements
-the proposed standards by the IETF's TLS working group.
+GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
+protocols and technologies around them. It provides a simple C language
+application programming interface (API) to access the secure communications
+protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
+other required structures.
This package contains files needed for developing applications with
the GnuTLS library.
%description utils
-GnuTLS is a project that aims to develop a library which provides a secure
-layer, over a reliable transport layer. Currently the GnuTLS library implements
-the proposed standards by the IETF's TLS working group.
+GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
+protocols and technologies around them. It provides a simple C language
+application programming interface (API) to access the secure communications
+protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
+other required structures.
This package contains command line TLS client and server and certificate
manipulation tools.
%if %{with dane}
%description dane
-GnuTLS is a project that aims to develop a library which provides a secure
-layer, over a reliable transport layer. Currently the GnuTLS library implements
-the proposed standards by the IETF's TLS working group.
+GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
+protocols and technologies around them. It provides a simple C language
+application programming interface (API) to access the secure communications
+protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
+other required structures.
This package contains library that implements the DANE protocol for verifying
TLS certificates through DNSSEC.
%endif
%if %{with guile}
%description guile
-GnuTLS is a project that aims to develop a library which provides a secure
-layer, over a reliable transport layer. Currently the GnuTLS library implements
-the proposed standards by the IETF's TLS working group.
+GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
+protocols and technologies around them. It provides a simple C language
+application programming interface (API) to access the secure communications
+protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
+other required structures.
This package contains Guile bindings for the library.
%endif
@@ -234,6 +248,7 @@ fi
%{_bindir}/certtool
%{_bindir}/ocsptool
%{_bindir}/psktool
+%{_bindir}/tpmtool
%{_bindir}/p11tool
%if %{with dane}
%{_bindir}/danetool
@@ -257,6 +272,11 @@ fi
%endif
%changelog
+* Tue Nov 26 2013 Nikos Mavrogiannopoulos <nmav at redhat.com> 3.1.17-1
+- new upstream release
+- links against the system libopts
+- links against trousers
+
* Mon Nov 4 2013 Tomáš Mráz <tmraz at redhat.com> 3.1.16-1
- new upstream release
- fixes CVE-2013-4466 off-by-one in dane_query_tlsa()
diff --git a/hobble-gnutls b/hobble-gnutls
index 8b9633d..9fd507e 100755
--- a/hobble-gnutls
+++ b/hobble-gnutls
@@ -8,8 +8,8 @@ else
fi
# SRP
-for f in auth_srp_sb64.c auth_srp_passwd.c auth_srp_rsa.c \
- gnutls_srp.c auth_srp.c ext_srp.c ; do
+for f in auth/srp_sb64.c auth/srp_passwd.c auth/srp_rsa.c \
+ gnutls_srp.c auth/srp.c ext/srp.c ; do
eval "$CMD lib/$f"
done
More information about the scm-commits
mailing list