rpms/gnutls
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
403 Commits 35 Branches 89 Tags
Commit Graph

403 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Abdurachmanov
74be89e798
Fix Release: to allow bumping 
Signed-off-by: David Abdurachmanov <davidlt@rivosinc.com>
 2024-09-27 10:00:23 +03:00
David Abdurachmanov
ec269babf0
Rebuilt for Fedora/RISCV (riscv64); adding .rvreX to Release: 
Signed-off-by: David Abdurachmanov <davidlt@rivosinc.com>
 2024-09-27 09:35:03 +03:00
Daiki Ueno
37c03f7739 Fix configure check on nettle_rsa_oaep_* functions 
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-07-26 15:49:32 +09:00
Daiki Ueno
b07c9547ba Enable X25519Kyber768Draft00 key exchange in TLS 
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-07-24 18:06:03 +09:00
Daiki Ueno
ee639ed085 Switch to using dlwrap for loading compression libraries 
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-07-22 20:42:21 +09:00
Yaakov Selkowitz
7e61bcbcbd Fix FIPS build with RPM 4.20 
The FIPS build runs *_install_post commands early during %install so that
the binaries will not be modified after running fipshmac, since those
commands are supposed to be no-op if re-run.  However, __debug_install_post
is only run if __debug_package is defined, which is triggered by the
automatic creation of the debuginfo subpackage where appropriate.

Previously, a hack in redhat-rpm-config caused this to be enabled by
%install, but with RPM 4.20 this is no longer needed, and the hack was
removed from redhat-rpm-config for F41.  On Fedora builds,
%mingw_debug_package triggers this and therefore it still builds, but ELN
is build without mingw and therefore there now is nothing to trigger the
debuginfo generation during %install.  As a result, the binaries would just
be stripped without any debuginfo generation during the first run, leaving
nothing to detect in the second run, and the build would fail for lack of
debug symbols/sources.

https://github.com/rpm-software-management/rpm/issues/2204
7a1571ee80
 2024-07-19 15:55:26 -04:00
Fedora Release Engineering
1dcd42a32e Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild 2024-07-18 03:21:01 +00:00
Daiki Ueno
e1613e89be Bump nettle dependency to 3.10 
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-07-09 01:35:31 +09:00
Zoltan Fridrich
d44882c396 Update to 3.8.6 upstream release 
Upstream tag: 3.8.6
Upstream commit: cd953cfa

Commit authored by Packit automation (https://packit.dev/)
 2024-07-03 15:57:21 +02:00
Zoltan Fridrich
113f492765 Build with certificate compression enabled 
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2024-06-17 11:55:48 +02:00
Daiki Ueno
87c3926250 Bump release to build against newer nettle 
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-06-17 12:43:43 +09:00
Alexander Sosedkin
595be10e4d Add gmp tarball to sources file, add gmp patch 2024-05-16 13:32:15 +02:00
Daiki Ueno
bee7049a8a Add bcond to statically link to GMP 
In CentOS Stream 9 and RHEL 9, we link to libgmp statically to ensure
zeroization of internally allocated memory areas according to FIPS
140-3. This ports the ability to Fedora, in a way it is configured
with a `--with bundled_gmp` build conditional.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-05-14 15:02:19 +09:00
Daiki Ueno
42b10964b0 Add virtual package to pull in nettle/gmp dependencies for FIPS 
This adds a new subpackage `gnutls-fips` with strict version
requirements to nettle and gmp under FIPS, as gnutls now calculates
library integrity (HMAC) over those libraries.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-04-24 15:23:17 +09:00
Zoltan Fridrich
ab660a5e4e [packit] 3.8.5 upstream release 
Upstream tag: 3.8.5
Upstream commit: 49f4ae21
 2024-04-04 15:30:28 +02:00
Zoltan Fridrich
510f2c8050 [packit] 3.8.4 upstream release 
- Resolves rhbz#2270320

Upstream tag: 3.8.4
Upstream commit: 4a4cefef
 2024-03-20 13:21:37 +01:00
Zoltan Fridrich
25900e352d Fix mingw build failure 
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2024-02-22 18:15:37 +01:00
Zoltan Fridrich
c5694f3e42 Update keyring 
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2024-01-24 10:10:45 +01:00
Zoltan Fridrich
da7f0db0fe [packit] 3.8.3 upstream release 
Upstream tag: 3.8.3
Upstream commit: 2f04c14d
 2024-01-23 10:28:06 +01:00
Fedora Release Engineering
c42ee03de2 Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-19 23:15:46 +00:00
Simon de Vlieger
be817c2d2d
Bump Nettle dependency. 
GnuTLS depends on symbols from a newer version of Nettle (3.9).

Signed-off-by: Simon de Vlieger <cmdr@supakeen.com>
 2023-12-12 10:58:20 +01:00
Daiki Ueno
23ac5676a4 Tentatively revert newly added Ed448 keys support in PKCS#11 
To fix regression with Ed25519 reported in:
https://gitlab.com/gnutls/gnutls/-/issues/1515

Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-12-01 17:44:03 +09:00
Daiki Ueno
7543c5d148 [packit] 3.8.2 upstream release 
Upstream tag: 3.8.2
Upstream commit: e840a07f
 2023-11-22 15:23:57 +09:00
Daiki Ueno
5e97cebf83 Remove patches no longer needed in 3.8.2 
Also use XFAIL_TESTS envvar to skip ktls_keyupdate.sh, instead of
patching the source code.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-11-22 14:41:15 +09:00
Daiki Ueno
d7d09eb023 Skip KTLS test if the host kernel is older than 5.11 
The ktls.sh test currently only supports kernel 5.11+.  This needs to
be checked at run time, as the koji builder might be using a different
version of kernel on the host than the one indicated by the
kernel-devel package.

Resolves: #2247135
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-11-10 05:39:53 +09:00
Stephen Gallagher
a4ef955090 Don't build with SRP on RHEL 
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
 2023-08-29 09:39:14 -04:00
Zoltan Fridrich
a0ef9addb1 [packit] 3.8.1 upstream release 
Upstream tag: 3.8.1
Upstream commit: 513570a5
 2023-08-25 14:06:59 +02:00
Daiki Ueno
44afab5191 Migrate License field to SPDX license identifier 
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-08-24 10:19:38 +09:00
Fedora Release Engineering
e4e388800c Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2023-07-19 23:57:26 +00:00
Peter Leitmann
2f8c73c631 Add TMT interop tests 2023-05-23 14:27:14 +00:00
Daiki Ueno
6a9f55ef66 Fix leftover of the previous %bcond change 
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-04-13 20:09:49 +09:00
Daiki Ueno
82e473e933 Use %bcond instead of %global for srp and mingw support 
This makes it possible to build the package with/without those
features, through rpmbuild --with/--without.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-04-11 19:38:39 +09:00
Richard W.M. Jones
e99bcaff78 Fix desychronisation with kTLS: 
https://gitlab.com/gnutls/gnutls/-/issues/1470
 2023-03-11 07:32:46 +00:00
Daniel P. Berrangé
e361bb292d Disable GNULIB's year2038 support for 64-bit time_t 
GNUTLS exposes time_t in its public API and thus the size of time_t
is ABI relevant. It can't be changed in size without breaking
ABI compatibility with applications built against GNUTLS that use
the default time_t size.

https://gitlab.com/gnutls/gnutls/-/issues/1466
https://bugzilla.redhat.com/show_bug.cgi?id=2174758
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
 2023-03-02 11:53:34 +00:00
Zoltan Fridrich
b08c1d3cb5 [packit] 3.8.0 upstream release 
Upstream tag: 3.8.0
Upstream commit: 516e466b

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2023-02-16 11:14:30 +01:00
Zoltan Fridrich
9df43c9df7 Prepare for release 
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2023-02-14 15:01:58 +01:00
Frantisek Krenzelok
a9d1c50f1a
KTLS: disable ktls_keyupdate & tls1.2 chachapoly tests 
There seems to be a kernel specific issues with CHACHA20-POLY1305 for
TLS 1.2 [1]

The test fails without a needed kernel patch

[1] https://gitlab.com/gnutls/gnutls/-/issues/1443

Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
 2023-01-20 21:55:56 +01:00
Frantisek Krenzelok
c1f8e66db2
KTLS additional ciphersuites 
Key update supported for patched kernels [1]

Configuration option `ktls = false` [2]

following ciphersuites are now supported: [3]
* TLS_AES_128_CCM_SHA256
* TLS_CHACHA20_POLY1305_SHA256

Ivalidate session on KTLS error as there is no way to recover and new
sockets as well as session have to be created. [4]

[1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1625
[2] https://gitlab.com/gnutls/gnutls/-/merge_requests/1673/diffs?commit_id=aefd7319c0b7b2410d06238246b7755b289e4837
[3] https://gitlab.com/gnutls/gnutls/-/merge_requests/1676
[4] https://gitlab.com/gnutls/gnutls/-/merge_requests/1664

Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
 2023-01-20 19:17:15 +01:00
Fedora Release Engineering
d401f95817 Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2023-01-19 05:48:39 +00:00
Frantisek Krenzelok
0596993205
gcc-analyzer: suppress warnings 
gcc analyzer causes issues in CI, this commit from upstream should fix it

Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
 2022-12-14 14:15:49 +01:00
Daniel P. Berrangé
5aa020da73 Cross-compiled mingw sub-RPMs should be 'noarch' 
Their contents should be identical (bar timestamps) regardless of which
host build arch is used, since we're cross compiling.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
 2022-10-27 16:52:20 +01:00
Zoltan Fridrich
ccfb815fcf Add conditions for mingw 
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-10-19 10:23:40 +02:00
Michael Cronenworth
cbaa7ad9b2 Merge branch 'mingw-merge' of ssh://pkgs.fedoraproject.org/forks/mooninite/rpms/gnutls into mingw-merge 
# Conflicts:
#	gnutls.spec
 2022-10-18 11:18:34 -05:00
Michael Cronenworth
86c02ce9dc Initial MinGW package support 
Merge the mingw-gnutls package into the native one.
 2022-10-18 11:16:48 -05:00
Zoltan Fridrich
9ba1f58c0f Use make macros 
Co-authored-by: Tom Stellard <tstellar@redhat.com>
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-10-18 15:39:06 +00:00
Zoltan Fridrich
8f2a1d9b48 Merge #59 Update release keyring 2022-10-18 15:34:57 +00:00
Zoltan Fridrich
30a64d9273 Update release keyring 
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-10-18 17:12:26 +02:00
Anderson Toshiyuki Sasaki
b9c750507f Enable gating and add FIPS smoke test 2022-10-18 14:30:24 +00:00
Daiki Ueno
2161d1913b Revert to not ignore errors in gpgverify 
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-10-18 14:11:46 +00:00
Zoltan Fridrich
2d72c1273b [packit] 3.7.8 upstream release 
Upstream tag: 3.7.8
Upstream commit: f527ed0e

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-10-18 14:25:18 +02:00