[packit] 3.7.7 upstream release

Upstream tag: 3.7.7
Upstream commit: 6231f181

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

.gitignore

@@ -137,3 +137,6 @@ gnutls-2.10.1-nosrp.tar.bz2
 /gnutls-3.7.3.tar.xz
 /gnutls-3.7.3.tar.xz.sig
 /gnutls-3.7.4.tar.xz
+/gnutls-3.7.5.tar.xz
+/gnutls-3.7.6.tar.xz
+/gnutls-3.7.7.tar.xz

.packit.yaml

@@ -0,0 +1,33 @@
+# See the documentation for more information:
+# https://packit.dev/docs/configuration/
+
+specfile_path: gnutls.spec
+
+files_to_sync:
+  - .packit.yaml
+  - gnutls.spec
+
+upstream_project_url: https://gitlab.com/gnutls/gnutls
+upstream_package_name: gnutls
+downstream_package_name: gnutls
+
+actions:
+  post-upstream-clone:
+    - "wget https://src.fedoraproject.org/rpms/gnutls/raw/main/f/gnutls.spec"
+    - "wget https://src.fedoraproject.org/rpms/gnutls/raw/main/f/gnutls-3.2.7-rpath.patch"
+    - "wget https://src.fedoraproject.org/rpms/gnutls/raw/main/f/gnutls-3.6.7-no-now-guile.patch"
+  get-current-version:
+    - "git describe --abbrev=0"
+  create-archive:
+    - |
+      bash -c "wget https://www.gnupg.org/ftp/gcrypt/gnutls/v$(expr $PACKIT_PROJECT_VERSION : '^\([0-9]*\.[0-9]*\)')/gnutls-${PACKIT_PROJECT_VERSION}.tar.xz"
+    - |
+      bash -c "wget https://www.gnupg.org/ftp/gcrypt/gnutls/v$(expr $PACKIT_PROJECT_VERSION : '^\([0-9]*\.[0-9]*\)')/gnutls-${PACKIT_PROJECT_VERSION}.tar.xz.sig"
+    - bash -c "echo gnutls-${PACKIT_PROJECT_VERSION}.tar.xz"
+    - bash -c "echo gnutls-${PACKIT_PROJECT_VERSION}.tar.xz.sig"
+
+jobs:
+  - job: propose_downstream
+    trigger: release
+    metadata:
+      dist_git_branches: fedora-all

README.packit

@@ -1,3 +1,3 @@
 This repository is maintained by packit.
 https://packit.dev/
-The file was generated using packit 0.49.0.
+The file was generated using packit 0.55.0.

gnutls-3.7.7-fix-ktls.patch

@@ -0,0 +1,13 @@
+diff --color -rup a/lib/handshake.c b/lib/handshake.c
+--- a/lib/handshake.c	2022-07-28 12:44:40.000000000 +0200
++++ b/lib/handshake.c	2022-07-29 12:30:00.110002282 +0200
+@@ -2861,7 +2861,8 @@ int gnutls_handshake(gnutls_session_t se
+ 
+ #ifdef ENABLE_KTLS
+ 		if (_gnutls_config_is_ktls_enabled()) {
+-			if (session->internals.pull_func ||
++			if ((session->internals.pull_func &&
++			    session->internals.pull_func != system_read) ||
+ 			    session->internals.push_func) {
+ 				_gnutls_audit_log(session,
+ 						  "Not enabling KTLS with "

gnutls.spec

@@ -1,9 +1,11 @@
 # This spec file has been automatically updated
-Version: 3.7.4
-Release: %{?autorel}%{!?autorel:1}%{?dist}
+Version: 3.7.7
+Release: %{?autorelease}%{!?autorelease:1%{?dist}}
 Patch1:	gnutls-3.6.7-no-now-guile.patch
 Patch2:	gnutls-3.2.7-rpath.patch
-%bcond_with bootstrap
+Patch3: gnutls-3.7.7-fix-ktls.patch
+
+%bcond_without bootstrap
 %bcond_without dane
 %if 0%{?rhel}
 %bcond_with guile
@@ -32,9 +34,6 @@ BuildRequires: libidn2-devel
 BuildRequires: libunistring-devel
 BuildRequires: net-tools, datefudge, softhsm, gcc, gcc-c++
 BuildRequires: gnupg2
-%if %{with fips}
-BuildRequires: fipscheck
-%endif
 
 # for a sanity check on cert loading
 BuildRequires: p11-kit-trust, ca-certificates
@@ -52,7 +51,7 @@ BuildRequires: unbound-devel unbound-libs
 %if %{with guile}
 BuildRequires: guile22-devel
 %endif
-BuildRequires: make
+BuildRequires: make gtk-doc
 URL: http://www.gnutls.org/
 %define short_version %(echo %{version} | grep -m1 -o "[0-9]*\.[0-9]*" | head -1)
 Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v%{short_version}/%{name}-%{version}.tar.xz
@@ -215,21 +214,11 @@ export GUILD
            --disable-libdane \
 %endif
            --disable-rpath \
-           --with-default-priority-string="@SYSTEM"
+           --with-default-priority-string="@SYSTEM" \
+		   --enable-ktls
 
 make %{?_smp_mflags} V=1
 
-%if %{with fips}
-%define __spec_install_post \
-	%{?__debug_package:%{__debug_install_post}} \
-	%{__arch_install_post} \
-	%{__os_install_post} \
-	rm -f $RPM_BUILD_ROOT%{_libdir}/.libgnutls.so.*.hmac \
-	fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30.*.* \
-	file=`basename $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30.*.hmac` && mv $RPM_BUILD_ROOT%{_libdir}/$file $RPM_BUILD_ROOT%{_libdir}/.$file && ln -s .$file $RPM_BUILD_ROOT%{_libdir}/.libgnutls.so.30.hmac \
-%{nil}
-%endif
-
 %install
 make install DESTDIR=$RPM_BUILD_ROOT
 make -C doc install-html DESTDIR=$RPM_BUILD_ROOT
@@ -241,6 +230,22 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/guile/2.2/guile-gnutls*.la
 rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls-dane.pc
 %endif
 
+%if %{with fips}
+# doing it twice should be a no-op the second time,
+# and this way we avoid redefining it and missing a future change
+%{__spec_install_post}
+./lib/fipshmac "$RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30" > $RPM_BUILD_ROOT%{_libdir}/.gnutls.hmac
+sed -i "s^$RPM_BUILD_ROOT/usr^^" $RPM_BUILD_ROOT%{_libdir}/.gnutls.hmac
+%endif
+
+%if %{with fips}
+%define __spec_install_post \
+	%{?__debug_package:%{__debug_install_post}} \
+	%{__arch_install_post} \
+	%{__os_install_post} \
+%{nil}
+%endif
+
 %find_lang gnutls
 
 %check
@@ -249,7 +254,7 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null
 %files -f gnutls.lang
 %{_libdir}/libgnutls.so.30*
 %if %{with fips}
-%{_libdir}/.libgnutls.so.30*.hmac
+%{_libdir}/.gnutls.hmac
 %endif
 %doc README.md AUTHORS NEWS THANKS
 %license LICENSE doc/COPYING doc/COPYING.LESSER
@@ -260,9 +265,6 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null
 %files devel
 %{_includedir}/*
 %{_libdir}/libgnutls*.so
-%if %{with fips}
-%{_libdir}/.libgnutls.so.*.hmac
-%endif
 
 %{_libdir}/pkgconfig/*.pc
 %{_mandir}/man3/*

sources

@@ -1 +1 @@
-SHA512 (gnutls-3.7.4.tar.xz) = 38b488ca1223d9aa8fc25756df08db6f29aaf76fb5816fdeaa14bd89fb431a2e1c495fefc64094f726337d5b89e198146ec7dc22e9a1bca6841a9d881b0d99e6
+SHA512 (gnutls-3.7.7.tar.xz) = ba00b20126379ec7e96c6bfa606cfb7bb0d9a5853318b29b5278a42a85ae40d39d8442778938e1f165debcdb1adaf9c63bcec59a4eb3387dd1ac99b08bcc5c08