1 Star 0 Fork 39

zhangxianjun/gnutls

forked from src-openEuler/gnutls 
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
gnutls.spec 11.29 KB
一键复制 编辑 原始数据 按行查看 历史
zhangxianjun 提交于 2024-11-12 10:53 . update to version 3.8.8
Name: gnutls
Version: 3.8.8
Release: 1
Summary: The GNU Secure Communication Protocol Library
License: LGPLv2.1+ and GPLv3+
URL: https://www.gnutls.org/
Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz
Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz.sig
Patch0: fix-ipv6-handshake-failed.patch
%bcond_without dane
%bcond_with guile
%bcond_without fips
BuildRequires: p11-kit-devel, gettext-devel, zlib-devel, readline-devel
BuildRequires: libtasn1-devel, libtool, automake, autoconf, texinfo
BuildRequires: autogen-libopts-devel, gperf, gnupg2, gcc, gcc-c++
BuildRequires: nettle-devel, trousers-devel, libidn2-devel
BuildRequires: libunistring-devel, net-tools, softhsm
BuildRequires: p11-kit-trust, ca-certificates,gtk-doc,perl
%if %{with fips}
BuildRequires: fipscheck
%endif
%if %{with dane}
BuildRequires: unbound-devel unbound-libs
%endif
%if %{with guile}
BuildRequires: guile22-devel
%endif
Requires: crypto-policies, p11-kit-trust, libtasn1, nettle
Recommends: trousers >= 0.3.11.2
Provides: bundled(gnulib) = 20130424
Provides: gnutls-c++ = %{version}-%{release}
Obsoletes: gnutls-c++ < %{version}-%{release}
%description
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
protocols and technologies around them. It provides a simple C language
application programming interface (API) to access the secure communications
protocols as well as APIs to parse and write X.509, PKCS #12, and other
required structures.
The project strives to provide a secure communications back-end, simple to use
and integrated with the rest of the base Linux libraries. A back-end designed
to work and be secure out of the box, keeping the complexity of TLS and PKI out
of application code.
%package devel
Summary: Development files for %{name}
Requires: %{name}%{?_isa} = %{version}-%{release}
%if %{with dane}
Requires: %{name}-dane%{?_isa} = %{version}-%{release}
%endif
Requires: pkgconf
%description devel
This package contains files needed for developing applications with %{name}.
%package utils
License: GPL-3.0-or-later
Summary: Command line tools for TLS protocol
Requires: %{name}%{?_isa} = %{version}-%{release}
%if %{with dane}
Requires: %{name}-dane%{?_isa} = %{version}-%{release}
%endif
%description utils
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
protocols and technologies around them. It provides a simple C language
application programming interface (API) to access the secure communications
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
other required structures.
This package contains command line TLS client and server and certificate
manipulation tools.
%if %{with dane}
%package dane
Summary: A DANE protocol implementation for GnuTLS
Requires: %{name}%{?_isa} = %{version}-%{release}
%description dane
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
protocols and technologies around them. It provides a simple C language
application programming interface (API) to access the secure communications
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
other required structures.
This package contains library that implements the DANE protocol for verifying
TLS certificates through DNSSEC.
%endif
%package_help
%if %{with guile}
%package guile
Summary: Guile bindings for the GNUTLS library
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: guile
%description guile
This package contains Guile bindings for the library.
%endif
%prep
%autosetup -n %{name}-%{version} -p1
sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure
rm -f lib/minitasn1/*.c lib/minitasn1/*.h
rm -f src/libopts/*.c src/libopts/*.h src/libopts/compat/*.c src/libopts/compat/*.h
autoreconf -fi
echo "SYSTEM=NORMAL" >> tests/system.prio
# Note that we explicitly enable SHA1, as SHA1 deprecation is handled
# via the crypto policies
%build
%if "%toolchain" != "clang"
CCASFLAGS="$CCASFLAGS -Wa,--generate-missing-build-notes=yes"
export CCASFLAGS
%endif
# These should be checked by m4/guile.m4 instead of configure.ac
# taking into account of _guile_suffix
guile_snarf=%{_bindir}/guile-snarf2.2
export guile_snarf
GUILD=%{_bindir}/guild2.2
export GUILD
%configure --with-libtasn1-prefix=%{_prefix} \
%if %{with fips}
--enable-fips140-mode \
%endif
--enable-sha1-support \
--disable-static \
--disable-openssl-compatibility \
--disable-non-suiteb-curves \
--with-system-priority-file=%{_sysconfdir}/crypto-policies/back-ends/gnutls.config \
--with-default-trust-store-pkcs11="pkcs11:" \
--with-trousers-lib=%{_libdir}/libtspi.so.1 \
--htmldir=%{_docdir}/manual \
%if %{with guile}
--enable-guile \
--with-guile-extension-dir=%{_libdir}/guile/2.2 \
%else
--disable-guile \
%endif
%if %{with dane}
--with-unbound-root-key-file=/var/lib/unbound/root.key \
--enable-dane \
%else
--disable-dane \
%endif
--disable-rpath \
--with-default-priority-string="@SYSTEM"
make %{?_smp_mflags} V=1
%if %{with fips}
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30.*.* \
file=`basename $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30.*.hmac` && mv $RPM_BUILD_ROOT%{_libdir}/$file $RPM_BUILD_ROOT%{_libdir}/.$file && ln -s .$file $RPM_BUILD_ROOT%{_libdir}/.libgnutls.so.30.hmac \
%{nil}
%endif
%install
make install DESTDIR=$RPM_BUILD_ROOT
make -C doc install-html DESTDIR=$RPM_BUILD_ROOT
%delete_la_and_a
rm -f $RPM_BUILD_ROOT%{_infodir}/dir
rm -f $RPM_BUILD_ROOT%{_libdir}/gnutls/libpkcs11mock1.*
%if %{without dane}
rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls-dane.pc
%endif
%find_lang gnutls
%check
make check %{?_smp_mflags}
%files -f gnutls.lang
%defattr(-,root,root)
%doc README.md AUTHORS
%license LICENSE doc/COPYING doc/COPYING.LESSER
%{_libdir}/libgnutls.so.30*
%{_libdir}/libgnutlsxx.so.*
%if %{with fips}
%{_libdir}/.libgnutls.so.*.hmac
%endif
%files utils
%{_bindir}/certtool
%{_bindir}/tpmtool
%{_bindir}/ocsptool
%{_bindir}/psktool
%{_bindir}/p11tool
%if %{with dane}
%{_bindir}/danetool
%endif
%{_bindir}/gnutls*
%doc doc/certtool.cfg
%if %{with dane}
%files dane
%{_libdir}/libgnutls-dane.so.*
%endif
%files devel
%defattr(-,root,root)
%{_libdir}/pkgconfig/*.pc
%{_libdir}/libgnutls*.so
%{_includedir}/*
%files help
%defattr(-,root,root)
%doc NEWS THANKS doc/certtool.cfg
%{_mandir}/man1/*
%{_mandir}/man3/*
%{_infodir}/gnutls*
%{_infodir}/pkcs11-vision*
%{_docdir}/manual/*
%if %{with guile}
%files guile
%defattr(-,root,root)
%{_libdir}/guile/2.2/guile-gnutls*.so*
%{_libdir}/guile/2.2/site-ccache/gnutls.go
%{_libdir}/guile/2.2/site-ccache/gnutls/extra.go
%{_datadir}/guile/site/2.2/gnutls.scm
%{_datadir}/guile/site/2.2/gnutls/extra.scm
%endif
%changelog
* Tue Nov 12 2024 zhangxianjun <zhangxianjun@kylinos.cn> - 3.8.8-1
- update to 3.8.8
- Fixed the check at src/benchmark-tls.c
- devel/generate-dlwrap.sh: remove --clang-resource-dir option
- priority: give KEM groups precedence over EC(DH) groups in TLS 1.3
- _gnutls_session_supports_group: return boolean instead of error code
- fix CVE-2024-28834,CVE-2024-28835,CVE-2024-0553,CVE-2024-0567
* Mon Sep 2 2024 xuraoqing <xuraoqing@huawei.com> - 3.8.2-5
- remove man1 from gnutls-utils
* Tue Mar 26 2024 xuraoqing <xuraoqing@huawei.com> - 3.8.2-4
- fix CVE-2024-28834 and CVE-2024-28835
* Fri Mar 22 2024 wangyaoyong <yaoyong.oerv@isrc.iscas.ac.cn> - 3.8.2-3
- support change CC to compile with clang
* Wed Feb 28 2024 duyiwei <duyiwei@kylinos.cn> - 3.8.2-2
- detach the sub package gnutls-utils and gnutls-dane from gnutls
* Mon Jan 29 2024 xuraoqing <xuraoqing@huawei.com> - 3.8.2-1
- update to 3.8.2
- some API and ABI modifications, see NEWS for details
- New option --attime to specify current time
- libgnutls: Add a mechanism to control whether to enforce extended master secret (RFC 7627)
- libgnutls: Add additional PBKDF limit checks in FIPS mode as defined in SP 800-132
- libgnutls: %GNUTLS_NO_EXTENSIONS has been renamed to %GNUTLS_NO_DEFAULT_EXTENSIONS.
- libgnutls: Add support for RFC 9258 external PSK importer.
- libgnutls: ClientHello extensions are randomized by default,
To make fingerprinting harder, TLS extensions in ClientHello messages are shuffled.
- gnutls-cli: New option --starttls-name.
- libgnutls: transparent KTLS support is extended to FreeBSD kernel.
- libgnutls: Added support for AES-GCM-SIV ciphers (RFC 8452).
- libgnutls: Add API functions to perform ECDH and DH key agreement.
- libgnutls: Fix timing side-channel inside RSA-PSK key exchange(CVE-2023-5981).
* Wed Jan 17 2024 xuraoqing <xuraoqing@huawei.com> - 3.8.0-3
- fix CVE-2024-0553 and CVE-2024-0567
* Mon Nov 20 2023 xuraoqing <xuraoqing@huawei.com> - 3.8.0-2
- fix CVE-2023-5981
* Thu Jul 20 2023 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 3.8.0-1
- update to 3.8.0
* Wed Feb 15 2023 xuraoqing <xuraoqing@huawei.com> - 3.7.8-2
- fix CVE-2023-0361
* Mon Jan 30 2023 xuraoqing <xuraoqing@huawei.com> - 3.7.8-1
- update to 3.7.8
* Mon Aug 29 2022 dongyuzhen <dongyuzhen@h-partners.com> - 3.7.2-5
- fix CVE-2022-2509
* Mon Aug 29 2022 yanglongkang <yanglongkang@h-partners.com> - 3.7.2-4
- fix CVE-2021-4209
* Tue Jun 14 2022 shangyibin <shangyibin1@h-partners.com> - 3.7.2-3
- fix changelog
* Tue Jun 14 2022 shangyibin <shangyibin1@h-partners.com> - 3.7.2-2
- fix compile failure
* Fri Sep 17 2021 wuchaochao <wuchaochao4@huawei.com> - 3.7.2-1
- update package version to 3.7.2 and remove BuildRequires autogen
* Fri Jul 30 2021 shangyibin <shangyibin1@huawei.com> - 3.6.15-4
- remove init_fds test
* Mon Mar 22 2021 yixiangzhike <zhangxingliang3@huawei.com> - 3.6.15-3
- fix CVE-2021-20231 CVE-2021-20232
* Sat Jan 30 2021 lirui <lirui130@huawei.com> - 3.6.15-2
- backport upsteam patches to fix testpkcs11.sh test failed
* Wed Jan 20 2021 wangchen <wangchen137@huawei.com> - 3.6.15-1
- update to 3.6.15
* Wed Dec 16 2020 liquor <lirui130@huawei.com> - 3.6.14-4
- revert "Detach the sub package gnutls-utils from gnutls"
add skip_if_no_datefudge function
* Fri Oct 16 2020 zhangxingliang <zhangxingliang3@huawei.com> - 3.6.14-3
- Detach the sub package gnutls-utils from gnutls
* Fri Sep 4 2020 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 3.6.14-2
- reject no_renegotiation alert if handshake is incomplete
* Mon Jul 27 2020 wangchen <wangchen137@huawei.com> - 3.6.14-1
- update to 3.6.14
* Mon Jun 8 2020 Anakin Zhang <benjamin93@163.com> - 3.6.9-7
- fix x509 drop endless loop and pkcs12 iterations
* Wed Apr 22 2020 Anakin Zhang <benjamin93@163.com> - 3.6.9-6
- fix CVE-2020-11501
* Fri Jan 10 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.6.9-5
- Type:bugfix
- Id:NA
- SUG:NA
- DESC:clean code
* Tue Nov 5 2019 openEuler Buildteam <buildteam@openeuler.org> - 3.6.9-4
- Type:bugfix
- Id:NA
- SUG:NA
- DESC:delete redundant .hmac files in devel package
* Thu Oct 24 2019 openEuler Buildteam <buildteam@openeuler.org> - 3.6.9-3
- Type:bugfix
- Id:NA
- SUG:NA
- DESC:remove the datefudge from buildRequires
* Tue Sep 24 2019 openEuler Buildteam <buildteam@openeuler.org> - 3.6.9-2
- Require adjust
* Wed Sep 11 2019 openEuler Buildteam <buildteam@openeuler.org> - 3.6.9-1
- Package init
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/zhangxianjun87/gnutls.git
git@gitee.com:zhangxianjun87/gnutls.git
zhangxianjun87
gnutls
gnutls
master

搜索帮助