Compare commits
14 Commits
Author | SHA1 | Date |
---|---|---|
Nikos Mavrogiannopoulos | 8952f81162 | |
Nikos Mavrogiannopoulos | b098d60c08 | |
Nikos Mavrogiannopoulos | e5ae12bbc0 | |
Nikos Mavrogiannopoulos | 94ac3507b1 | |
Nikos Mavrogiannopoulos | 2b7d1990ec | |
Nikos Mavrogiannopoulos | 1beb39592f | |
Nikos Mavrogiannopoulos | 2f80193ad3 | |
Nikos Mavrogiannopoulos | a3e666c78b | |
Nikos Mavrogiannopoulos | 31a732f7dd | |
Nikos Mavrogiannopoulos | 052f2d5f50 | |
Nikos Mavrogiannopoulos | 2c3737eddb | |
Nikos Mavrogiannopoulos | e516dc7d1d | |
Nikos Mavrogiannopoulos | 50590f6b51 | |
Nikos Mavrogiannopoulos | 2890e683a8 |
|
@ -72,3 +72,26 @@ gnutls-2.10.1-nosrp.tar.bz2
|
|||
/gnutls-3.5.7-hobbled.tar.xz
|
||||
/gnutls-3.5.8-hobbled.tar.xz
|
||||
/gnutls-3.5.9-hobbled.tar.xz
|
||||
/gnutls-3.5.10-hobbled.tar.xz
|
||||
/gnutls-3.5.11-hobbled.tar.xz
|
||||
/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
|
||||
/gnutls-3.5.12.tar.xz.sig
|
||||
/gnutls-3.5.12.tar.xz
|
||||
/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
|
||||
/gnutls-3.5.13.tar.xz.sig
|
||||
/gnutls-3.5.13.tar.xz
|
||||
/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
|
||||
/gnutls-3.5.14.tar.xz.sig
|
||||
/gnutls-3.5.14.tar.xz
|
||||
/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
|
||||
/gnutls-3.5.15.tar.xz.sig
|
||||
/gnutls-3.5.15.tar.xz
|
||||
/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
|
||||
/gnutls-3.5.16.tar.xz.sig
|
||||
/gnutls-3.5.16.tar.xz
|
||||
/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
|
||||
/gnutls-3.5.17.tar.xz.sig
|
||||
/gnutls-3.5.17.tar.xz
|
||||
/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
|
||||
/gnutls-3.5.18.tar.xz.sig
|
||||
/gnutls-3.5.18.tar.xz
|
||||
|
|
|
@ -0,0 +1,289 @@
|
|||
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
|
||||
index ec5754e89..c8b2c71f2 100644
|
||||
--- a/lib/pkcs11.c
|
||||
+++ b/lib/pkcs11.c
|
||||
@@ -264,20 +264,20 @@ pkcs11_add_module(const char* name, struct ck_function_list *module, const char
|
||||
*/
|
||||
int _gnutls_pkcs11_check_init(init_level_t req_level, void *priv, pkcs11_reinit_function cb)
|
||||
{
|
||||
- int ret;
|
||||
+ int ret, sret = 0;
|
||||
|
||||
ret = gnutls_mutex_lock(&_gnutls_pkcs11_mutex);
|
||||
if (ret != 0)
|
||||
return gnutls_assert_val(GNUTLS_E_LOCKING_ERROR);
|
||||
|
||||
- if (providers_initialized >= req_level) {
|
||||
+ if (providers_initialized > PROV_UNINITIALIZED) {
|
||||
ret = 0;
|
||||
|
||||
if (_gnutls_detect_fork(pkcs11_forkid)) {
|
||||
/* if we are initialized but a fork is detected */
|
||||
ret = _gnutls_pkcs11_reinit();
|
||||
if (ret == 0) {
|
||||
- ret = 1;
|
||||
+ sret = 1;
|
||||
if (cb) {
|
||||
int ret2 = cb(priv);
|
||||
if (ret2 < 0)
|
||||
@@ -287,25 +287,60 @@ int _gnutls_pkcs11_check_init(init_level_t req_level, void *priv, pkcs11_reinit_
|
||||
}
|
||||
}
|
||||
|
||||
- gnutls_mutex_unlock(&_gnutls_pkcs11_mutex);
|
||||
- return ret;
|
||||
- } else if (providers_initialized < req_level &&
|
||||
- (req_level == PROV_INIT_TRUSTED)) {
|
||||
- _gnutls_debug_log("Initializing needed PKCS #11 modules\n");
|
||||
- ret = auto_load(1);
|
||||
+ if (ret < 0) {
|
||||
+ gnutls_assert();
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ }
|
||||
|
||||
- providers_initialized = PROV_INIT_TRUSTED;
|
||||
- } else {
|
||||
- _gnutls_debug_log("Initializing all PKCS #11 modules\n");
|
||||
- ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_AUTO, NULL);
|
||||
+ /* Possible Transitions: PROV_UNINITIALIZED -> PROV_INIT_MANUAL -> PROV_INIT_MANUAL_TRUSTED
|
||||
+ * PROV_UNINITIALIZED -> PROV_INIT_TRUSTED -> PROV_INIT_ALL
|
||||
+ *
|
||||
+ * request for PROV_INIT_TRUSTED may result to PROV_INIT_MANUAL_TRUSTED
|
||||
+ * request for PROV_INIT_ALL may result to PROV_INIT_MANUAL or PROV_INIT_MANUAL_TRUSTED
|
||||
+ */
|
||||
+ switch(req_level) {
|
||||
+ case PROV_UNINITIALIZED:
|
||||
+ case PROV_INIT_MANUAL:
|
||||
+ break;
|
||||
+ case PROV_INIT_TRUSTED:
|
||||
+ case PROV_INIT_MANUAL_TRUSTED:
|
||||
+ if (providers_initialized < PROV_INIT_MANUAL_TRUSTED) {
|
||||
+ _gnutls_debug_log("Initializing needed PKCS #11 modules\n");
|
||||
+ ret = auto_load(1);
|
||||
+ if (ret < 0) {
|
||||
+ gnutls_assert();
|
||||
+ }
|
||||
+
|
||||
+ if (providers_initialized == PROV_INIT_MANUAL)
|
||||
+ providers_initialized = PROV_INIT_MANUAL_TRUSTED;
|
||||
+ else
|
||||
+ providers_initialized = PROV_INIT_TRUSTED;
|
||||
+
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ break;
|
||||
+ case PROV_INIT_ALL:
|
||||
+ if (providers_initialized == PROV_INIT_TRUSTED ||
|
||||
+ providers_initialized == PROV_UNINITIALIZED) {
|
||||
+ _gnutls_debug_log("Initializing all PKCS #11 modules\n");
|
||||
+ ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_AUTO, NULL);
|
||||
+ if (ret < 0) {
|
||||
+ gnutls_assert();
|
||||
+ }
|
||||
+
|
||||
+ providers_initialized = PROV_INIT_ALL;
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ break;
|
||||
}
|
||||
|
||||
- gnutls_mutex_unlock(&_gnutls_pkcs11_mutex);
|
||||
+ ret = sret;
|
||||
|
||||
- if (ret < 0)
|
||||
- return gnutls_assert_val(ret);
|
||||
+ cleanup:
|
||||
+ gnutls_mutex_unlock(&_gnutls_pkcs11_mutex);
|
||||
|
||||
- return 0;
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
|
||||
@@ -3149,11 +3184,7 @@ gnutls_pkcs11_obj_list_import_url4(gnutls_pkcs11_obj_t ** p_list,
|
||||
int ret;
|
||||
struct find_obj_data_st priv;
|
||||
|
||||
- if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED) {
|
||||
- PKCS11_CHECK_INIT_TRUSTED;
|
||||
- } else {
|
||||
- PKCS11_CHECK_INIT;
|
||||
- }
|
||||
+ PKCS11_CHECK_INIT_FLAGS(flags);
|
||||
|
||||
memset(&priv, 0, sizeof(priv));
|
||||
|
||||
@@ -3790,7 +3821,7 @@ int gnutls_pkcs11_get_raw_issuer(const char *url, gnutls_x509_crt_t cert,
|
||||
size_t id_size;
|
||||
struct p11_kit_uri *info = NULL;
|
||||
|
||||
- PKCS11_CHECK_INIT;
|
||||
+ PKCS11_CHECK_INIT_FLAGS(flags);
|
||||
|
||||
memset(&priv, 0, sizeof(priv));
|
||||
|
||||
@@ -3882,7 +3913,7 @@ int gnutls_pkcs11_get_raw_issuer_by_dn (const char *url, const gnutls_datum_t *d
|
||||
struct find_cert_st priv;
|
||||
struct p11_kit_uri *info = NULL;
|
||||
|
||||
- PKCS11_CHECK_INIT;
|
||||
+ PKCS11_CHECK_INIT_FLAGS(flags);
|
||||
|
||||
memset(&priv, 0, sizeof(priv));
|
||||
|
||||
@@ -3969,7 +4000,7 @@ int gnutls_pkcs11_get_raw_issuer_by_subject_key_id (const char *url,
|
||||
struct find_cert_st priv;
|
||||
struct p11_kit_uri *info = NULL;
|
||||
|
||||
- PKCS11_CHECK_INIT;
|
||||
+ PKCS11_CHECK_INIT_FLAGS(flags);
|
||||
|
||||
memset(&priv, 0, sizeof(priv));
|
||||
|
||||
@@ -4063,7 +4094,7 @@ unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
|
||||
size_t serial_size;
|
||||
struct p11_kit_uri *info = NULL;
|
||||
|
||||
- PKCS11_CHECK_INIT_RET(0);
|
||||
+ PKCS11_CHECK_INIT_FLAGS_RET(flags, 0);
|
||||
|
||||
memset(&priv, 0, sizeof(priv));
|
||||
|
||||
diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h
|
||||
index e27518e3f..168bb7807 100644
|
||||
--- a/lib/pkcs11_int.h
|
||||
+++ b/lib/pkcs11_int.h
|
||||
@@ -69,10 +69,14 @@ typedef int (*pkcs11_reinit_function)(void *priv);
|
||||
typedef enum init_level_t {
|
||||
PROV_UNINITIALIZED = 0,
|
||||
PROV_INIT_MANUAL,
|
||||
+ PROV_INIT_MANUAL_TRUSTED,
|
||||
PROV_INIT_TRUSTED,
|
||||
PROV_INIT_ALL
|
||||
} init_level_t;
|
||||
|
||||
+/* See _gnutls_pkcs11_check_init() for possible Transitions.
|
||||
+ */
|
||||
+
|
||||
int _gnutls_pkcs11_check_init(init_level_t req_level, void *priv, pkcs11_reinit_function cb);
|
||||
|
||||
#define FIX_KEY_USAGE(pk, usage) \
|
||||
@@ -84,20 +88,26 @@ int _gnutls_pkcs11_check_init(init_level_t req_level, void *priv, pkcs11_reinit_
|
||||
}
|
||||
|
||||
#define PKCS11_CHECK_INIT \
|
||||
- ret = _gnutls_pkcs11_check_init(PROV_INIT_MANUAL, NULL, NULL); \
|
||||
+ ret = _gnutls_pkcs11_check_init(PROV_INIT_ALL, NULL, NULL); \
|
||||
if (ret < 0) \
|
||||
return gnutls_assert_val(ret)
|
||||
|
||||
-#define PKCS11_CHECK_INIT_TRUSTED \
|
||||
- ret = _gnutls_pkcs11_check_init(PROV_INIT_TRUSTED, NULL, NULL); \
|
||||
+#define PKCS11_CHECK_INIT_RET(x) \
|
||||
+ ret = _gnutls_pkcs11_check_init(PROV_INIT_ALL, NULL, NULL); \
|
||||
+ if (ret < 0) \
|
||||
+ return gnutls_assert_val(x)
|
||||
+
|
||||
+#define PKCS11_CHECK_INIT_FLAGS(f) \
|
||||
+ ret = _gnutls_pkcs11_check_init((f & GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE)?PROV_INIT_TRUSTED:PROV_INIT_ALL, NULL, NULL); \
|
||||
if (ret < 0) \
|
||||
return gnutls_assert_val(ret)
|
||||
|
||||
-#define PKCS11_CHECK_INIT_RET(x) \
|
||||
- ret = _gnutls_pkcs11_check_init(PROV_INIT_MANUAL, NULL, NULL); \
|
||||
+#define PKCS11_CHECK_INIT_FLAGS_RET(f, x) \
|
||||
+ ret = _gnutls_pkcs11_check_init((f & GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE)?PROV_INIT_TRUSTED:PROV_INIT_ALL, NULL, NULL); \
|
||||
if (ret < 0) \
|
||||
return gnutls_assert_val(x)
|
||||
|
||||
+
|
||||
/* thus function is called for every token in the traverse_tokens
|
||||
* function. Once everything is traversed it is called with NULL tinfo.
|
||||
* It should return 0 if found what it was looking for.
|
||||
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
|
||||
index 4a9d928a3..6e9027d0b 100644
|
||||
--- a/lib/pkcs11_privkey.c
|
||||
+++ b/lib/pkcs11_privkey.c
|
||||
@@ -36,7 +36,7 @@
|
||||
/* In case of a fork, it will invalidate the open session
|
||||
* in the privkey and start another */
|
||||
#define PKCS11_CHECK_INIT_PRIVKEY(k) \
|
||||
- ret = _gnutls_pkcs11_check_init(PROV_INIT_MANUAL, k, reopen_privkey_session); \
|
||||
+ ret = _gnutls_pkcs11_check_init(PROV_INIT_ALL, k, reopen_privkey_session); \
|
||||
if (ret < 0) \
|
||||
return gnutls_assert_val(ret)
|
||||
|
||||
diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
|
||||
index 1749d49b1..ec1a52ace 100644
|
||||
--- a/lib/x509/verify-high.c
|
||||
+++ b/lib/x509/verify-high.c
|
||||
@@ -368,7 +368,7 @@ advance_iter(gnutls_x509_trust_list_t list,
|
||||
if (list->pkcs11_token != NULL) {
|
||||
if (iter->pkcs11_list == NULL) {
|
||||
ret = gnutls_pkcs11_obj_list_import_url2(&iter->pkcs11_list, &iter->pkcs11_size,
|
||||
- list->pkcs11_token, (GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_MARK_CA|GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED), 0);
|
||||
+ list->pkcs11_token, (GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE|GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_MARK_CA|GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED), 0);
|
||||
if (ret < 0)
|
||||
return gnutls_assert_val(ret);
|
||||
|
||||
@@ -964,7 +964,7 @@ int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t list,
|
||||
gnutls_datum_t der = {NULL, 0};
|
||||
/* use the token for verification */
|
||||
ret = gnutls_pkcs11_get_raw_issuer(list->pkcs11_token, cert, &der,
|
||||
- GNUTLS_X509_FMT_DER, 0);
|
||||
+ GNUTLS_X509_FMT_DER, GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE);
|
||||
if (ret < 0) {
|
||||
gnutls_assert();
|
||||
return ret;
|
||||
@@ -1036,7 +1036,7 @@ int gnutls_x509_trust_list_get_issuer_by_dn(gnutls_x509_trust_list_t list,
|
||||
gnutls_datum_t der = {NULL, 0};
|
||||
/* use the token for verification */
|
||||
ret = gnutls_pkcs11_get_raw_issuer_by_dn(list->pkcs11_token, dn, &der,
|
||||
- GNUTLS_X509_FMT_DER, 0);
|
||||
+ GNUTLS_X509_FMT_DER, GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE);
|
||||
if (ret < 0) {
|
||||
gnutls_assert();
|
||||
return ret;
|
||||
@@ -1097,7 +1097,7 @@ int gnutls_x509_trust_list_get_issuer_by_subject_key_id(gnutls_x509_trust_list_t
|
||||
gnutls_datum_t der = {NULL, 0};
|
||||
/* use the token for verification */
|
||||
ret = gnutls_pkcs11_get_raw_issuer_by_subject_key_id(list->pkcs11_token, dn, spki, &der,
|
||||
- GNUTLS_X509_FMT_DER, 0);
|
||||
+ GNUTLS_X509_FMT_DER, GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE);
|
||||
if (ret < 0) {
|
||||
gnutls_assert();
|
||||
return ret;
|
||||
diff --git a/lib/x509/verify-high2.c b/lib/x509/verify-high2.c
|
||||
index fb9f9ce10..8c75b2641 100644
|
||||
--- a/lib/x509/verify-high2.c
|
||||
+++ b/lib/x509/verify-high2.c
|
||||
@@ -188,6 +188,10 @@ int add_trust_list_pkcs11_object_url(gnutls_x509_trust_list_t list, const char *
|
||||
gnutls_pkcs11_obj_t *pcrt_list = NULL;
|
||||
unsigned int pcrt_list_size = 0, i;
|
||||
int ret;
|
||||
+
|
||||
+ /* here we don't use the flag GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE,
|
||||
+ * as we want to explicitly load from any module available in the system.
|
||||
+ */
|
||||
ret =
|
||||
gnutls_pkcs11_obj_list_import_url2(&pcrt_list, &pcrt_list_size,
|
||||
url,
|
||||
@@ -323,7 +327,7 @@ gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list,
|
||||
*/
|
||||
if (is_pkcs11_url_object(ca_file) != 0) {
|
||||
return add_trust_list_pkcs11_object_url(list, ca_file, tl_flags);
|
||||
- } else { /* token */
|
||||
+ } else { /* trusted token */
|
||||
if (list->pkcs11_token != NULL)
|
||||
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
||||
list->pkcs11_token = gnutls_strdup(ca_file);
|
||||
@@ -331,7 +335,7 @@ gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list,
|
||||
/* enumerate the certificates */
|
||||
ret = gnutls_pkcs11_obj_list_import_url(NULL, &pcrt_list_size,
|
||||
ca_file,
|
||||
- (GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_MARK_CA|GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED),
|
||||
+ (GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE|GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_MARK_CA|GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED),
|
||||
0);
|
||||
if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
|
||||
return gnutls_assert_val(ret);
|
74
gnutls.spec
74
gnutls.spec
|
@ -1,8 +1,9 @@
|
|||
# This spec file has been automatically updated
|
||||
Version: 3.5.9
|
||||
Version: 3.5.18
|
||||
Release: 2%{?dist}
|
||||
Patch1: gnutls-3.2.7-rpath.patch
|
||||
Patch2: gnutls-3.4.2-no-now-guile.patch
|
||||
Patch3: gnutls-3.5.18-pkcs11-loading.patch
|
||||
%bcond_without dane
|
||||
%bcond_without guile
|
||||
Summary: A TLS protocol implementation
|
||||
|
@ -19,6 +20,8 @@ BuildRequires: trousers-devel >= 0.3.11.2
|
|||
BuildRequires: libidn2-devel
|
||||
BuildRequires: libunistring-devel
|
||||
BuildRequires: gperf, net-tools, datefudge, softhsm
|
||||
# for a sanity check on cert loading
|
||||
BuildRequires: p11-kit-trust, ca-certificates
|
||||
Requires: crypto-policies
|
||||
Requires: p11-kit-trust
|
||||
Requires: libtasn1 >= 4.3
|
||||
|
@ -31,10 +34,9 @@ BuildRequires: unbound-devel unbound-libs
|
|||
BuildRequires: guile-devel
|
||||
%endif
|
||||
URL: http://www.gnutls.org/
|
||||
#Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/%{name}-%{version}.tar.xz
|
||||
#Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/%{name}-%{version}.tar.xz.sig
|
||||
# XXX patent tainted code removed.
|
||||
Source0: %{name}-%{version}-hobbled.tar.xz
|
||||
Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/%{name}-%{version}.tar.xz
|
||||
Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/%{name}-%{version}.tar.xz.sig
|
||||
Source2: gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
|
||||
|
||||
# Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
|
||||
Provides: bundled(gnulib) = 20130424
|
||||
|
@ -132,12 +134,13 @@ This package contains Guile bindings for the library.
|
|||
%endif
|
||||
|
||||
%prep
|
||||
gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
|
||||
|
||||
%setup -q
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
|
||||
sed 's/gnutls_srp.c//g' -i lib/Makefile.in
|
||||
sed 's/gnutls_srp.lo//g' -i lib/Makefile.in
|
||||
sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure
|
||||
rm -f lib/minitasn1/*.c lib/minitasn1/*.h
|
||||
rm -f src/libopts/*.c src/libopts/*.h src/libopts/compat/*.c src/libopts/compat/*.h
|
||||
|
@ -148,11 +151,11 @@ echo "SYSTEM=NORMAL" >> tests/system.prio
|
|||
%configure --with-libtasn1-prefix=%{_prefix} \
|
||||
--disable-static \
|
||||
--disable-openssl-compatibility \
|
||||
--disable-srp-authentication \
|
||||
--disable-non-suiteb-curves \
|
||||
--with-system-priority-file=%{_sysconfdir}/crypto-policies/back-ends/gnutls.config \
|
||||
--with-default-trust-store-pkcs11="pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit" \
|
||||
--with-default-trust-store-pkcs11="pkcs11:" \
|
||||
--with-trousers-lib=%{_libdir}/libtspi.so.1 \
|
||||
--htmldir=%{_docdir}/manual \
|
||||
%if %{with guile}
|
||||
--enable-guile \
|
||||
%else
|
||||
|
@ -171,9 +174,7 @@ make %{?_smp_mflags} V=1
|
|||
|
||||
%install
|
||||
make install DESTDIR=$RPM_BUILD_ROOT
|
||||
rm -f $RPM_BUILD_ROOT%{_bindir}/srptool
|
||||
rm -f $RPM_BUILD_ROOT%{_mandir}/man1/srptool.1
|
||||
rm -f $RPM_BUILD_ROOT%{_mandir}/man3/*srp*
|
||||
make -C doc install-html DESTDIR=$RPM_BUILD_ROOT
|
||||
rm -f $RPM_BUILD_ROOT%{_infodir}/dir
|
||||
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
||||
rm -f $RPM_BUILD_ROOT%{_libdir}/guile/2.0/guile-gnutls*.a
|
||||
|
@ -182,9 +183,6 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/gnutls/libpkcs11mock1.*
|
|||
%if %{without dane}
|
||||
rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls-dane.pc
|
||||
%endif
|
||||
# Temporary work around for #1422256
|
||||
sed -i 's/libidn2,//g' $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls.pc
|
||||
sed -i 's/-lunistring/-lunistring -lidn2/' $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls.pc
|
||||
|
||||
%find_lang gnutls
|
||||
|
||||
|
@ -238,6 +236,7 @@ fi
|
|||
%{_mandir}/man3/*
|
||||
%{_infodir}/gnutls*
|
||||
%{_infodir}/pkcs11-vision*
|
||||
%{_docdir}/manual/*
|
||||
|
||||
%files utils
|
||||
%defattr(-,root,root,-)
|
||||
|
@ -246,6 +245,7 @@ fi
|
|||
%{_bindir}/ocsptool
|
||||
%{_bindir}/psktool
|
||||
%{_bindir}/p11tool
|
||||
%{_bindir}/srptool
|
||||
%if %{with dane}
|
||||
%{_bindir}/danetool
|
||||
%endif
|
||||
|
@ -270,6 +270,50 @@ fi
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Feb 16 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.18-2
|
||||
- Backported PKCS#11 loading improvements.
|
||||
|
||||
* Fri Feb 16 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.18-1
|
||||
- Update to upstream 3.5.18 release
|
||||
|
||||
* Wed Jan 17 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.17-1
|
||||
- Update to upstream 3.5.17 release
|
||||
|
||||
* Thu Nov 30 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.17-4
|
||||
- Corrected regression from 3.5.17-3 which prevented the loading of
|
||||
arbitrary p11-kit modules (#1507402)
|
||||
|
||||
* Wed Nov 22 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.17-3
|
||||
- Apply missing patch (#1507402)
|
||||
|
||||
* Mon Nov 6 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.17-2
|
||||
- Prevent the loading of all PKCS#11 modules on certificate verification
|
||||
but only restrict to p11-kit trust module (#1507402)
|
||||
|
||||
* Sat Oct 21 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.16-1
|
||||
- Update to upstream 3.5.16 release
|
||||
|
||||
* Mon Aug 21 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.15-1
|
||||
- Update to upstream 3.5.15 release
|
||||
|
||||
* Tue Jul 04 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.14-1
|
||||
- Update to upstream 3.5.14 release
|
||||
|
||||
* Wed Jun 07 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.13-1
|
||||
- Update to upstream 3.5.13 release
|
||||
|
||||
* Thu May 11 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.12-2
|
||||
- Fix issue with p11-kit-trust arch dependency
|
||||
|
||||
* Thu May 11 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.12-1
|
||||
- Update to upstream 3.5.12 release
|
||||
|
||||
* Fri Apr 07 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.11-1
|
||||
- Update to upstream 3.5.11 release
|
||||
|
||||
* Mon Mar 06 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.10-1
|
||||
- Update to upstream 3.5.10 release
|
||||
|
||||
* Wed Feb 15 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.9-2
|
||||
- Work around missing pkg-config file (#1422256)
|
||||
|
||||
|
|
Binary file not shown.
4
sources
4
sources
|
@ -1 +1,3 @@
|
|||
SHA512 (gnutls-3.5.9-hobbled.tar.xz) = a8e308cafe6103ca613e113e6409d9fe73ad84db8c199680b437dacdecb7af0593ae8659d789dcb033c8a51d00e3d567e2a90585dfcd7008f9f49bb6e125d826
|
||||
SHA512 (gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg) = 3b1989dc6a64d1140f83a2af0773da2adb03c50d97b6da7357cf09525050651aafa21131f1e3180baa540a8af922119a256f5ff5bcd6602996a806e8e1816bad
|
||||
SHA512 (gnutls-3.5.18.tar.xz.sig) = 2eb6c668dba7d814ce1432cdaf11688c7f57d8c4fc50510739e137204b82db4add21986dbdb8a24b221a42a26cb7cd9a8244a24b07fdebd97e66f985172c4c37
|
||||
SHA512 (gnutls-3.5.18.tar.xz) = 434cf33a4221fe2edce1b531cb53690d14a0991cb2056006021f625fb018987351f8ec917c3a7803e5e64179cf1647a3002ae783736ffca3188d2d294b76df52
|
||||
|
|
Loading…
Reference in New Issue