Projects
openEuler:24.03:SP1:Everything
gnutls
_service:tar_scm:gnutls.spec
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:gnutls.spec of Package gnutls
Name: gnutls Version: 3.8.2 Release: 4 Summary: The GNU Secure Communication Protocol Library License: LGPLv2.1+ and GPLv3+ URL: https://www.gnutls.org/ Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz.sig Patch0: fix-ipv6-handshake-failed.patch Patch1: backport-CVE-2024-0553-rsa-psk-minimize-branching-after-decryption.patch Patch2: backport-CVE-2024-0567-x509-detect-loop-in-certificate-chain.patch Patch3: backport-fix-CVE-2024-28834-nettle-avoid-normalization-of-mpz_t-in-deterministic.patch Patch4: backport-fix-CVE-2024-28835-gnutls_x509_trust_list_verify_crt2-remove-length-lim.patch %bcond_without dane %bcond_with guile %bcond_without fips BuildRequires: p11-kit-devel, gettext-devel, zlib-devel, readline-devel BuildRequires: libtasn1-devel, libtool, automake, autoconf, texinfo BuildRequires: autogen-libopts-devel, gperf, gnupg2, gcc, gcc-c++ BuildRequires: nettle-devel, trousers-devel, libidn2-devel BuildRequires: libunistring-devel, net-tools, softhsm BuildRequires: p11-kit-trust, ca-certificates,gtk-doc,perl %if %{with fips} BuildRequires: fipscheck %endif %if %{with dane} BuildRequires: unbound-devel unbound-libs %endif %if %{with guile} BuildRequires: guile22-devel %endif Requires: crypto-policies, p11-kit-trust, libtasn1, nettle Recommends: trousers >= 0.3.11.2 Provides: bundled(gnulib) = 20130424 Provides: gnutls-c++ = %{version}-%{release} Obsoletes: gnutls-c++ < %{version}-%{release} %description GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, and other required structures. The project strives to provide a secure communications back-end, simple to use and integrated with the rest of the base Linux libraries. A back-end designed to work and be secure out of the box, keeping the complexity of TLS and PKI out of application code. %package devel Summary: Development files for %{name} Requires: %{name}%{?_isa} = %{version}-%{release} %if %{with dane} Requires: %{name}-dane%{?_isa} = %{version}-%{release} %endif Requires: pkgconf %description devel This package contains files needed for developing applications with %{name}. %package utils License: GPL-3.0-or-later Summary: Command line tools for TLS protocol Requires: %{name}%{?_isa} = %{version}-%{release} %if %{with dane} Requires: %{name}-dane%{?_isa} = %{version}-%{release} %endif %description utils GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and other required structures. This package contains command line TLS client and server and certificate manipulation tools. %if %{with dane} %package dane Summary: A DANE protocol implementation for GnuTLS Requires: %{name}%{?_isa} = %{version}-%{release} %description dane GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and other required structures. This package contains library that implements the DANE protocol for verifying TLS certificates through DNSSEC. %endif %package_help %if %{with guile} %package guile Summary: Guile bindings for the GNUTLS library Requires: %{name}%{?_isa} = %{version}-%{release} Requires: guile %description guile This package contains Guile bindings for the library. %endif %prep %autosetup -n %{name}-%{version} -p1 sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure rm -f lib/minitasn1/*.c lib/minitasn1/*.h rm -f src/libopts/*.c src/libopts/*.h src/libopts/compat/*.c src/libopts/compat/*.h autoreconf -fi echo "SYSTEM=NORMAL" >> tests/system.prio # Note that we explicitly enable SHA1, as SHA1 deprecation is handled # via the crypto policies %build %if "%toolchain" != "clang" CCASFLAGS="$CCASFLAGS -Wa,--generate-missing-build-notes=yes" export CCASFLAGS %endif # These should be checked by m4/guile.m4 instead of configure.ac # taking into account of _guile_suffix guile_snarf=%{_bindir}/guile-snarf2.2 export guile_snarf GUILD=%{_bindir}/guild2.2 export GUILD %configure --with-libtasn1-prefix=%{_prefix} \ %if %{with fips} --enable-fips140-mode \ %endif --enable-sha1-support \ --disable-static \ --disable-openssl-compatibility \ --disable-non-suiteb-curves \ --with-system-priority-file=%{_sysconfdir}/crypto-policies/back-ends/gnutls.config \ --with-default-trust-store-pkcs11="pkcs11:" \ --with-trousers-lib=%{_libdir}/libtspi.so.1 \ --htmldir=%{_docdir}/manual \ %if %{with guile} --enable-guile \ --with-guile-extension-dir=%{_libdir}/guile/2.2 \ %else --disable-guile \ %endif %if %{with dane} --with-unbound-root-key-file=/var/lib/unbound/root.key \ --enable-dane \ %else --disable-dane \ %endif --disable-rpath \ --with-default-priority-string="@SYSTEM" make %{?_smp_mflags} V=1 %if %{with fips} %define __spec_install_post \ %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30.*.* \ file=`basename $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30.*.hmac` && mv $RPM_BUILD_ROOT%{_libdir}/$file $RPM_BUILD_ROOT%{_libdir}/.$file && ln -s .$file $RPM_BUILD_ROOT%{_libdir}/.libgnutls.so.30.hmac \ %{nil} %endif %install make install DESTDIR=$RPM_BUILD_ROOT make -C doc install-html DESTDIR=$RPM_BUILD_ROOT %delete_la_and_a rm -f $RPM_BUILD_ROOT%{_infodir}/dir rm -f $RPM_BUILD_ROOT%{_libdir}/gnutls/libpkcs11mock1.* %if %{without dane} rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls-dane.pc %endif %find_lang gnutls %check make check %{?_smp_mflags} %files -f gnutls.lang %defattr(-,root,root) %doc README.md AUTHORS %license LICENSE doc/COPYING doc/COPYING.LESSER %{_libdir}/libgnutls.so.30* %{_libdir}/libgnutlsxx.so.* %if %{with fips} %{_libdir}/.libgnutls.so.*.hmac %endif %files utils %{_bindir}/certtool %{_bindir}/tpmtool %{_bindir}/ocsptool %{_bindir}/psktool %{_bindir}/p11tool %if %{with dane} %{_bindir}/danetool %endif %{_bindir}/gnutls* %{_mandir}/man1/* %doc doc/certtool.cfg %if %{with dane} %files dane %{_libdir}/libgnutls-dane.so.* %endif %files devel %defattr(-,root,root) %{_libdir}/pkgconfig/*.pc %{_libdir}/libgnutls*.so %{_includedir}/* %files help %defattr(-,root,root) %doc NEWS THANKS doc/certtool.cfg %{_mandir}/man1/* %{_mandir}/man3/* %{_infodir}/gnutls* %{_infodir}/pkcs11-vision* %{_docdir}/manual/* %if %{with guile} %files guile %defattr(-,root,root) %{_libdir}/guile/2.2/guile-gnutls*.so* %{_libdir}/guile/2.2/site-ccache/gnutls.go %{_libdir}/guile/2.2/site-ccache/gnutls/extra.go %{_datadir}/guile/site/2.2/gnutls.scm %{_datadir}/guile/site/2.2/gnutls/extra.scm %endif %changelog * Fri Mar 22 2024 wangyaoyong <yaoyong.oerv@isrc.iscas.ac.cn> - 3.8.2-4 - support change CC to compile with clang * Fri Mar 22 2024 xuraoqing <xuraoqing@huawei.com> - 3.8.2-3 - fix CVE-2024-28834 and CVE-2024-28835 * Wed Feb 28 2024 duyiwei <duyiwei@kylinos.cn> - 3.8.2-2 - detach the sub package gnutls-utils and gnutls-dane from gnutls * Mon Jan 29 2024 xuraoqing <xuraoqing@huawei.com> - 3.8.2-1 - update to 3.8.2 - some API and ABI modifications, see NEWS for details - New option --attime to specify current time - libgnutls: Add a mechanism to control whether to enforce extended master secret (RFC 7627) - libgnutls: Add additional PBKDF limit checks in FIPS mode as defined in SP 800-132 - libgnutls: %GNUTLS_NO_EXTENSIONS has been renamed to %GNUTLS_NO_DEFAULT_EXTENSIONS. - libgnutls: Add support for RFC 9258 external PSK importer. - libgnutls: ClientHello extensions are randomized by default, To make fingerprinting harder, TLS extensions in ClientHello messages are shuffled. - gnutls-cli: New option --starttls-name. - libgnutls: transparent KTLS support is extended to FreeBSD kernel. - libgnutls: Added support for AES-GCM-SIV ciphers (RFC 8452). - libgnutls: Add API functions to perform ECDH and DH key agreement. - libgnutls: Fix timing side-channel inside RSA-PSK key exchange(CVE-2023-5981). * Wed Jan 17 2024 xuraoqing <xuraoqing@huawei.com> - 3.8.0-3 - fix CVE-2024-0553 and CVE-2024-0567 * Mon Nov 20 2023 xuraoqing <xuraoqing@huawei.com> - 3.8.0-2 - fix CVE-2023-5981 * Thu Jul 20 2023 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 3.8.0-1 - update to 3.8.0 * Wed Feb 15 2023 xuraoqing <xuraoqing@huawei.com> - 3.7.8-2 - fix CVE-2023-0361 * Mon Jan 30 2023 xuraoqing <xuraoqing@huawei.com> - 3.7.8-1 - update to 3.7.8 * Mon Aug 29 2022 dongyuzhen <dongyuzhen@h-partners.com> - 3.7.2-5 - fix CVE-2022-2509 * Mon Aug 29 2022 yanglongkang <yanglongkang@h-partners.com> - 3.7.2-4 - fix CVE-2021-4209 * Tue Jun 14 2022 shangyibin <shangyibin1@h-partners.com> - 3.7.2-3 - fix changelog * Tue Jun 14 2022 shangyibin <shangyibin1@h-partners.com> - 3.7.2-2 - fix compile failure * Fri Sep 17 2021 wuchaochao <wuchaochao4@huawei.com> - 3.7.2-1 - update package version to 3.7.2 and remove BuildRequires autogen * Fri Jul 30 2021 shangyibin <shangyibin1@huawei.com> - 3.6.15-4 - remove init_fds test * Mon Mar 22 2021 yixiangzhike <zhangxingliang3@huawei.com> - 3.6.15-3 - fix CVE-2021-20231 CVE-2021-20232 * Sat Jan 30 2021 lirui <lirui130@huawei.com> - 3.6.15-2 - backport upsteam patches to fix testpkcs11.sh test failed * Wed Jan 20 2021 wangchen <wangchen137@huawei.com> - 3.6.15-1 - update to 3.6.15 * Wed Dec 16 2020 liquor <lirui130@huawei.com> - 3.6.14-4 - revert "Detach the sub package gnutls-utils from gnutls" add skip_if_no_datefudge function * Fri Oct 16 2020 zhangxingliang <zhangxingliang3@huawei.com> - 3.6.14-3 - Detach the sub package gnutls-utils from gnutls * Fri Sep 4 2020 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 3.6.14-2 - reject no_renegotiation alert if handshake is incomplete * Mon Jul 27 2020 wangchen <wangchen137@huawei.com> - 3.6.14-1 - update to 3.6.14 * Mon Jun 8 2020 Anakin Zhang <benjamin93@163.com> - 3.6.9-7 - fix x509 drop endless loop and pkcs12 iterations * Wed Apr 22 2020 Anakin Zhang <benjamin93@163.com> - 3.6.9-6 - fix CVE-2020-11501 * Fri Jan 10 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.6.9-5 - Type:bugfix - Id:NA - SUG:NA - DESC:clean code * Tue Nov 5 2019 openEuler Buildteam <buildteam@openeuler.org> - 3.6.9-4 - Type:bugfix - Id:NA - SUG:NA - DESC:delete redundant .hmac files in devel package * Thu Oct 24 2019 openEuler Buildteam <buildteam@openeuler.org> - 3.6.9-3 - Type:bugfix - Id:NA - SUG:NA - DESC:remove the datefudge from buildRequires * Tue Sep 24 2019 openEuler Buildteam <buildteam@openeuler.org> - 3.6.9-2 - Require adjust * Wed Sep 11 2019 openEuler Buildteam <buildteam@openeuler.org> - 3.6.9-1 - Package init
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2