Ignore testsuite failures & print log

Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com>
Port Gnulib test fixes from upstream
2021-05-06 07:40:12 +03:00 · 2020-09-04 13:15:41 +02:00 · 2020-09-04 13:15:23 +02:00 · 2020-09-04 13:15:15 +02:00 · 2020-08-17 22:15:49 -06:00 · 2020-08-04 09:48:35 +02:00
8 changed files with 310 additions and 95 deletions
--- a/.gitignore
+++ b/.gitignore
@ -92,3 +92,40 @@ gnutls-2.10.1-nosrp.tar.bz2
 /gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
 /gnutls-3.6.2.tar.xz.sig
 /gnutls-3.6.2.tar.xz
+/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
+/gnutls-3.6.2.tar.xz.sig
+/gnutls-3.6.2.tar.xz
+/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
+/gnutls-3.6.3.tar.xz.sig
+/gnutls-3.6.3.tar.xz
+/gnutls-3.6.4.tar.xz
+/gnutls-3.6.4.tar.xz.sig
+/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
+/gnutls-3.6.5.tar.xz.sig
+/gnutls-3.6.5.tar.xz
+/gnutls-3.6.6.tar.xz
+/gnutls-3.6.6.tar.xz.sig
+/gnutls-3.6.7.tar.xz
+/gnutls-3.6.7.tar.xz.sig
+/gnutls-3.6.8.tar.xz.sig
+/gnutls-3.6.8.tar.xz
+/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
+/gnutls-3.6.9.tar.xz.sig
+/gnutls-3.6.9.tar.xz
+/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
+/gnutls-3.6.10.tar.xz.sig
+/gnutls-3.6.10.tar.xz
+/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
+/gnutls-3.6.11.tar.xz.sig
+/gnutls-3.6.11.tar.xz
+/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
+/gnutls-3.6.12.tar.xz.sig
+/gnutls-3.6.12.tar.xz
+/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
+/gnutls-3.6.13.tar.xz.sig
+/gnutls-3.6.13.tar.xz
+/gnutls-3.6.14.tar.xz
+/gnutls-3.6.14.tar.xz.sig
+/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
+/gnutls-3.6.15.tar.xz
+/gnutls-3.6.15.tar.xz.sig
--- a/gnutls-3.4.2-no-now-guile.patch
+++ b/gnutls-3.4.2-no-now-guile.patch
@ -1,12 +0,0 @@
-diff -up gnutls-3.4.2/guile/src/Makefile.in.jx gnutls-3.4.2/guile/src/Makefile.in
--- gnutls-3.4.2/guile/src/Makefile.in.jx	2015-06-16 12:23:31.000000000 -0400
-+++ gnutls-3.4.2/guile/src/Makefile.in	2015-07-02 14:01:19.415060204 -0400
-@@ -1316,7 +1316,7 @@ guileextension_LTLIBRARIES = guile-gnutl
- # Use '-module' to build a "dlopenable module", in Libtool terms.
- # Use '-undefined' to placate Libtool on Windows; see
- # <http://lists.gnutls.org/pipermail/gnutls-devel/2014-December/007294.html>.
-guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined
-+guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined -Wl,-z,lazy
- 
- # Linking against GnuTLS.
- GNUTLS_CORE_LIBS = $(top_builddir)/lib/libgnutls.la
--- a/gnutls-3.6.1-disable-pss-tests.patch
+++ b/gnutls-3.6.1-disable-pss-tests.patch
@ -1,20 +0,0 @@
-diff --git a/tests/pkcs11/tls-neg-pkcs11-key.c b/tests/pkcs11/tls-neg-pkcs11-key.c
-index c85d878..614fcea 100644
--- a/tests/pkcs11/tls-neg-pkcs11-key.c
-+++ b/tests/pkcs11/tls-neg-pkcs11-key.c
-@@ -261,6 +261,7 @@ static const test_st tests[] = {
- 	 .key = &server_ca3_key,
- 	 .exp_kx = GNUTLS_KX_ECDHE_RSA
- 	},
-+#if 0
- 	{.name = "tls1.2: rsa-sign key with rsa-pss sigs prioritized",
- 	 .pk = GNUTLS_PK_RSA,
- 	 .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:+SIGN-RSA-SHA512:-VERS-TLS-ALL:+VERS-TLS1.2",
-@@ -292,6 +293,7 @@ static const test_st tests[] = {
- 	 .exp_kx = GNUTLS_KX_ECDHE_RSA,
- 	 .exp_serv_err = GNUTLS_E_NO_CIPHER_SUITES
- 	},
-+#endif
- 	{.name = "tls1.2: ed25519 cert, ed25519 key", /* we cannot import that key */
- 	 .pk = GNUTLS_PK_EDDSA_ED25519,
- 	 .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA",
--- a/gnutls-3.6.15-gnulib-perror-tests.patch
+++ b/gnutls-3.6.15-gnulib-perror-tests.patch
@ -0,0 +1,46 @@
+From 175e0bc72808d564074c4adcc72aeadb74adfcc6 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Thu, 27 Aug 2020 17:52:58 -0700
+Subject: [PATCH] perror, strerror_r: remove unportable tests
+
+Problem reported by Florian Weimer in:
+https://lists.gnu.org/r/bug-gnulib/2020-08/msg00220.html
+* tests/test-perror2.c (main):
+* tests/test-strerror_r.c (main): Omit unportable tests.
+---
+ ChangeLog               | 8 ++++++++
+ tests/test-perror2.c    | 3 ---
+ tests/test-strerror_r.c | 3 ---
+ 3 files changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/gl/tests/test-perror2.c b/gl/tests/test-perror2.c
+index 1d14eda7b..c6214dd25 100644
+--- a/gl/tests/test-perror2.c
+++ b/gl/tests/test-perror2.c
+@@ -79,9 +79,6 @@ main (void)
+     errno = -5;
+     perror ("");
+     ASSERT (!ferror (stderr));
+-    ASSERT (msg1 == msg2 || msg1 == msg4 || STREQ (msg1, str1));
+-    ASSERT (msg2 == msg4 || STREQ (msg2, str2));
+-    ASSERT (msg3 == msg4 || STREQ (msg3, str3));
+     ASSERT (STREQ (msg4, str4));
+ 
+     free (str1);
+diff --git a/gl/tests/test-strerror_r.c b/gl/tests/test-strerror_r.c
+index b11d6fd9f..c1dbcf837 100644
+--- a/gl/tests/test-strerror_r.c
+++ b/gl/tests/test-strerror_r.c
+@@ -165,9 +165,6 @@ main (void)
+ 
+     strerror_r (EACCES, buf, sizeof buf);
+     strerror_r (-5, buf, sizeof buf);
+-    ASSERT (msg1 == msg2 || msg1 == msg4 || STREQ (msg1, str1));
+-    ASSERT (msg2 == msg4 || STREQ (msg2, str2));
+-    ASSERT (msg3 == msg4 || STREQ (msg3, str3));
+     ASSERT (STREQ (msg4, str4));
+ 
+     free (str1);
+-- 
+2.26.2
+
--- a/gnutls-3.6.7-no-now-guile.patch
+++ b/gnutls-3.6.7-no-now-guile.patch
@ -0,0 +1,11 @@
+--- a/guile/src/Makefile.in	2019-03-27 11:51:55.984398001 +0100
+++ b/guile/src/Makefile.in	2019-03-27 11:52:27.259626076 +0100
+@@ -1472,7 +1472,7 @@
+ # Use '-module' to build a "dlopenable module", in Libtool terms.
+ # Use '-undefined' to placate Libtool on Windows; see
+ # <https://lists.gnutls.org/pipermail/gnutls-devel/2014-December/007294.html>.
+-guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined
+guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined -Wl,-z,lazy
+ 
+ # Linking against GnuTLS.
+ GNUTLS_CORE_LIBS = $(top_builddir)/lib/libgnutls.la
--- a/gnutls.spec
+++ b/gnutls.spec
@ -1,42 +1,54 @@
 # This spec file has been automatically updated
-Version:	3.6.2
-Release: 1%{?dist}
-Patch1:	gnutls-3.2.7-rpath.patch
-Patch2:	gnutls-3.4.2-no-now-guile.patch
-Patch3:	gnutls-3.6.1-disable-pss-tests.patch
+Version:	3.6.15
+Release: 1.0.riscv64%{?dist}
+Patch1:	gnutls-3.6.7-no-now-guile.patch
+Patch2:	gnutls-3.2.7-rpath.patch
+Patch3:	gnutls-3.6.15-gnulib-perror-tests.patch
 %bcond_without dane
+%if 0%{?rhel}
+%bcond_with guile
+%bcond_without fips
+%else
 %bcond_without guile
+%bcond_without fips
+%endif
+
 Summary: A TLS protocol implementation
 Name: gnutls
 # The libraries are LGPLv2.1+, utilities are GPLv3+
 License: GPLv3+ and LGPLv2+
-Group: System Environment/Libraries
 BuildRequires: p11-kit-devel >= 0.21.3, gettext-devel
 BuildRequires: zlib-devel, readline-devel, libtasn1-devel >= 4.3
 BuildRequires: libtool, automake, autoconf, texinfo
 BuildRequires: autogen-libopts-devel >= 5.18 autogen
-BuildRequires: nettle-devel >= 3.1.1
+BuildRequires: nettle-devel >= 3.5.1
 BuildRequires: trousers-devel >= 0.3.11.2
 BuildRequires: libidn2-devel
 BuildRequires: libunistring-devel
-BuildRequires: gperf, net-tools, datefudge, softhsm
+BuildRequires: gperf, net-tools, datefudge, softhsm, gcc, gcc-c++
+BuildRequires: gnupg2
+%if %{with fips}
+BuildRequires: fipscheck
+%endif
+
 # for a sanity check on cert loading
 BuildRequires: p11-kit-trust, ca-certificates
 Requires: crypto-policies
 Requires: p11-kit-trust
 Requires: libtasn1 >= 4.3
+Requires: nettle >= 3.4.1
 Recommends: trousers >= 0.3.11.2

 %if %{with dane}
 BuildRequires: unbound-devel unbound-libs
 %endif
 %if %{with guile}
-BuildRequires: guile-devel
+BuildRequires: guile22-devel
 %endif
 URL: http://www.gnutls.org/
-Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/%{name}-%{version}.tar.xz
-Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/%{name}-%{version}.tar.xz.sig
-Source2: gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
+Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/%{name}-%{version}.tar.xz
+Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/%{name}-%{version}.tar.xz.sig
+Source2: gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg

 # Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
 Provides: bundled(gnulib) = 20130424
@ -47,20 +59,16 @@ Requires: %{name}%{?_isa} = %{version}-%{release}

 %package devel
 Summary: Development files for the %{name} package
-Group: Development/Libraries
 Requires: %{name}%{?_isa} = %{version}-%{release}
 Requires: %{name}-c++%{?_isa} = %{version}-%{release}
 %if %{with dane}
 Requires: %{name}-dane%{?_isa} = %{version}-%{release}
 %endif
 Requires: pkgconfig
-Requires(post): /sbin/install-info
-Requires(preun): /sbin/install-info

 %package utils
 License: GPLv3+
 Summary: Command line tools for TLS protocol
-Group: Applications/System
 Requires: %{name}%{?_isa} = %{version}-%{release}
 %if %{with dane}
 Requires: %{name}-dane%{?_isa} = %{version}-%{release}
@ -75,9 +83,8 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
 %if %{with guile}
 %package guile
 Summary: Guile bindings for the GNUTLS library
-Group: Development/Libraries
 Requires: %{name}%{?_isa} = %{version}-%{release}
-Requires: guile
+Requires: guile22
 %endif

 %description
@ -136,10 +143,8 @@ This package contains Guile bindings for the library.
 %prep
 gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}

-%setup -q
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
+%autosetup -p1
+#autoreconf -fi

 sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure
 rm -f lib/minitasn1/*.c lib/minitasn1/*.h
@ -147,8 +152,30 @@ rm -f src/libopts/*.c src/libopts/*.h src/libopts/compat/*.c src/libopts/compat/

 echo "SYSTEM=NORMAL" >> tests/system.prio

+# Note that we explicitly enable SHA1, as SHA1 deprecation is handled
+# via the crypto policies
+
 %build
+# gnulib has bogus floating point tests which are compromised by
+# LTO affecting ppc64le builds
+%ifarch ppc64le
+%define _lto_cflags %{nil}
+%endif
+CCASFLAGS="$CCASFLAGS -Wa,--generate-missing-build-notes=yes"
+export CCASFLAGS
+
+# These should be checked by m4/guile.m4 instead of configure.ac
+# taking into account of _guile_suffix
+guile_snarf=%{_bindir}/guile-snarf2.2
+export guile_snarf
+GUILD=%{_bindir}/guild2.2
+export GUILD
+
 %configure --with-libtasn1-prefix=%{_prefix} \
+%if %{with fips}
+           --enable-fips140-mode \
+%endif
+	   --enable-sha1-support \
           --disable-static \
           --disable-openssl-compatibility \
           --disable-non-suiteb-curves \
@ -158,6 +185,7 @@ echo "SYSTEM=NORMAL" >> tests/system.prio
           --htmldir=%{_docdir}/manual \
 %if %{with guile}
           --enable-guile \
+           --with-guile-extension-dir=%{_libdir}/guile/2.2 \
 %else
           --disable-guile \
 %endif
@ -172,13 +200,23 @@ echo "SYSTEM=NORMAL" >> tests/system.prio

 make %{?_smp_mflags} V=1

+%if %{with fips}
+%define __spec_install_post \
+	%{?__debug_package:%{__debug_install_post}} \
+	%{__arch_install_post} \
+	%{__os_install_post} \
+	fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30.*.* \
+	file=`basename $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30.*.hmac` && mv $RPM_BUILD_ROOT%{_libdir}/$file $RPM_BUILD_ROOT%{_libdir}/.$file && ln -s .$file $RPM_BUILD_ROOT%{_libdir}/.libgnutls.so.30.hmac \
+%{nil}
+%endif
+
 %install
 make install DESTDIR=$RPM_BUILD_ROOT
 make -C doc install-html DESTDIR=$RPM_BUILD_ROOT
 rm -f $RPM_BUILD_ROOT%{_infodir}/dir
 rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
-rm -f $RPM_BUILD_ROOT%{_libdir}/guile/2.0/guile-gnutls*.a
-rm -f $RPM_BUILD_ROOT%{_libdir}/guile/2.0/guile-gnutls*.la
+rm -f $RPM_BUILD_ROOT%{_libdir}/guile/2.2/guile-gnutls*.a
+rm -f $RPM_BUILD_ROOT%{_libdir}/guile/2.2/guile-gnutls*.la
 rm -f $RPM_BUILD_ROOT%{_libdir}/gnutls/libpkcs11mock1.*
 %if %{without dane}
 rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls-dane.pc
@ -187,41 +225,15 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls-dane.pc
 %find_lang gnutls

 %check
-make check %{?_smp_mflags}
-
-%post -p /sbin/ldconfig
-
-%postun -p /sbin/ldconfig
-
-%post c++ -p /sbin/ldconfig
-
-%postun c++ -p /sbin/ldconfig
-
-%post devel
-if [ -f %{_infodir}/gnutls.info.gz ]; then
-    /sbin/install-info %{_infodir}/gnutls.info.gz %{_infodir}/dir || :
-fi
-
-%preun devel
-if [ $1 = 0 -a -f %{_infodir}/gnutls.info.gz ]; then
-   /sbin/install-info --delete %{_infodir}/gnutls.info.gz %{_infodir}/dir || :
-fi
-
-%if %{with dane}
-%post dane -p /sbin/ldconfig
-
-%postun dane -p /sbin/ldconfig
-%endif
-
-%if %{with guile}
-%post guile -p /sbin/ldconfig
-
-%postun guile -p /sbin/ldconfig
-%endif
+make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null || :
+cat tests/test-suite.log || :

 %files -f gnutls.lang
 %defattr(-,root,root,-)
 %{_libdir}/libgnutls.so.30*
+%if %{with fips}
+%{_libdir}/.libgnutls.so.30*.hmac
+%endif
 %doc README.md AUTHORS NEWS THANKS
 %license LICENSE doc/COPYING doc/COPYING.LESSER

@ -232,6 +244,10 @@ fi
 %defattr(-,root,root,-)
 %{_includedir}/*
 %{_libdir}/libgnutls*.so
+%if %{with fips}
+%{_libdir}/.libgnutls.so.*.hmac
+%endif
+
 %{_libdir}/pkgconfig/*.pc
 %{_mandir}/man3/*
 %{_infodir}/gnutls*
@ -262,14 +278,151 @@ fi
 %if %{with guile}
 %files guile
 %defattr(-,root,root,-)
-%{_libdir}/guile/2.0/guile-gnutls*.so*
-%{_libdir}/guile/2.0/site-ccache/gnutls.go
-%{_libdir}/guile/2.0/site-ccache/gnutls/extra.go
-%{_datadir}/guile/site/2.0/gnutls.scm
-%{_datadir}/guile/site/2.0/gnutls/extra.scm
+%{_libdir}/guile/2.2/guile-gnutls*.so*
+%{_libdir}/guile/2.2/site-ccache/gnutls.go
+%{_libdir}/guile/2.2/site-ccache/gnutls/extra.go
+%{_datadir}/guile/site/2.2/gnutls.scm
+%{_datadir}/guile/site/2.2/gnutls/extra.scm
 %endif

 %changelog
+* Thu May  6 2021 David Abdurachmanov <david.abdurachmanov@gmail.com> - 3.6.15-1.0.riscv64
+- Ignore testsuite failures
+- Print testsuite log
+
+* Fri Sep  4 2020 Daiki Ueno <dueno@redhat.com> - 3.6.15-1
+- Update to upstream 3.6.15 release
+
+* Mon Aug 17 2020 Jeff Law <law@redhat.com> - 3.6.14-7
+- Disable LTO on ppc64le
+
+* Tue Aug  4 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-6
+- Fix underlinking of libpthread
+
+* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.14-5
+- Second attempt - Rebuilt for
+  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.14-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Thu Jul 02 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.14-3
+- Rebuild with autogen built with guile-2.2 (#1852706)
+
+* Tue Jun 09 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.14-2
+- Fix memory leak when serializing iovec_t (#1845083)
+- Fix automatic libraries sonames detection (#1845806)
+
+* Thu Jun  4 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-1
+- Update to upstream 3.6.14 release
+
+* Sun May 31 2020 Daiki Ueno <dueno@redhat.com> - 3.6.13-6
+- Update gnutls-3.6.13-superseding-chain.patch
+
+* Sun May 31 2020 Daiki Ueno <dueno@redhat.com> - 3.6.13-5
+- Fix cert chain validation behavior if the last cert has expired (#1842178)
+
+* Mon May 25 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.13-4
+- Add option to gnutls-cli to wait for resumption under TLS 1.3
+
+* Tue May 19 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.13-3
+- Disable RSA blinding during FIPS self-tests
+
+* Thu May 14 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.13-2
+- Bump linked libraries soname to fix FIPS selftests (#1835265)
+
+* Tue Mar 31 2020 Daiki Ueno <dueno@redhat.com> - 3.6.13-1
+- Update to upstream 3.6.13 release
+
+* Thu Mar 26 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.12-2
+- Fix FIPS POST (#1813384)
+- Fix gnutls-serv --echo to not exit when a message is received (#1816583)
+
+* Sun Feb 02 2020 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 3.6.12-1
+- Update to upstream 3.6.12 release
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.11-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Mon Dec 02 2019 Nikos Mavrogiannopoulos <nmav@gnutls.org> - 3.6.11-1
+- Update to upstream 3.6.11 release
+
+* Sun Sep 29 2019 Nikos Mavrogiannopoulos <nmav@gnutls.org> - 3.6.10-1
+- Update to upstream 3.6.10 release
+
+* Fri Jul 26 2019 Nikos Mavrogiannopoulos <nmav@gnutls.org> - 3.6.9-1
+- Update to upstream 3.6.9 release
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.8-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Mon Jul 15 2019 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.8-2
+- Rebuilt with guile-2.2
+
+* Tue May 28 2019 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.8-1
+- Update to upstream 3.6.8 release
+
+* Wed Mar 27 2019 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 3.6.7-1
+- Update to upstream 3.6.7 release
+- Fixed CVE-2019-3836 (#1693214)
+- Fixed CVE-2019-3829 (#1693210)
+
+* Fri Feb  1 2019 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.6-1
+- Update to upstream 3.6.6 release
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.5-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Jan 11 2019 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 3.6.5-2
+- Added explicit Requires for nettle >= 3.4.1
+
+* Tue Dec 11 2018 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 3.6.5-1
+- Update to upstream 3.6.5 release
+
+* Mon Oct 29 2018 James Antill <james.antill@redhat.com> - 3.6.4-5
+- Remove ldconfig scriptlet, now done via. transfiletrigger in glibc.
+
+* Wed Oct 17 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.4-4
+- Fix issue with rehandshake affecting glib-networking (#1634736)
+
+* Tue Oct 16 2018 Tomáš Mráz <tmraz@redhat.com> - 3.6.4-3
+- Add missing annobin notes for assembler sources
+
+* Tue Oct 09 2018 Petr Menšík <pemensik@redhat.com> - 3.6.4-2
+- Rebuilt for unbound 1.8
+
+* Tue Sep 25 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.4-1
+- Updated to upstream 3.6.4 release
+- Added support for the latest version of the TLS1.3 protocol
+- Enabled SHA1 support as SHA1 deprecation is handled via the
+  fedora crypto policies.
+
+* Thu Aug 16 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-4
+- Fixed gnutls-cli input reading
+- Ensure that we do not cause issues with version rollback detection
+  and TLS1.3.
+
+* Tue Aug 07 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-3
+- Fixed ECDSA public key import (#1612803)
+
+* Thu Jul 26 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-2
+- Backported regression fixes from 3.6.2
+
+* Mon Jul 16 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-1
+- Update to upstream 3.6.3 release
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.2-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed Jun 13 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.2-4
+- Enable FIPS140-2 mode in Fedora
+
+* Wed Jun 06 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.2-3
+- Update to upstream 3.6.2 release
+
+* Fri May 25 2018 David Abdurachmanov <david.abdurachmanov@gmail.com> - 3.6.2-2
+- Add missing BuildRequires: gnupg2 for gpgv2 in %%prep
+
 * Fri Feb 16 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.2-1
 - Update to upstream 3.6.2 release

--- a/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
+++ b/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
--- a/6
+++ b/6
@ -1,3 +1,3 @@
-SHA512 (gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg) = 3b1989dc6a64d1140f83a2af0773da2adb03c50d97b6da7357cf09525050651aafa21131f1e3180baa540a8af922119a256f5ff5bcd6602996a806e8e1816bad
-SHA512 (gnutls-3.6.2.tar.xz.sig) = a1fc8acd0b48d046eda505b774e5e1a85dce8c8b2122069e6d257a50436e989cfdbc68aa294d14f98e3fec1ade129e8bd9b67b1d02f93a7a3fde5f5acb4b70d3
-SHA512 (gnutls-3.6.2.tar.xz) = 6a574d355226bdff6198ab3f70633ff2a3cff4b5d06793bdaf19d007063bd4dd515d1bd3f331a9eb1a9ad01f83007801cfa55e5fd16c1cd3461ac33d1813fb06
+SHA512 (gnutls-3.6.15.tar.xz) = f757d1532198f44bcad7b73856ce6a05bab43f6fb77fcc81c59607f146202f73023d0796d3e1e7471709cf792c8ee7d436e19407e0601bc0bda2f21512b3b01c
+SHA512 (gnutls-3.6.15.tar.xz.sig) = a6dbb6093fefddce4c76ce0015d1e0ff7bb712985007c5c6bd5ed6a8cd7529ab250bcbc98b70beeb9dc1b43dcfc65495c77b9abb43e690f24eb7bf0042af1f68
+SHA512 (gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg) = a74b92826fd0e5388c9f6d9231959e38b26aeef83138648fab66df951d8e1a4db5302b569d08515d4d6443e5e4f6c466f98319f330c820790260d22a9b9f7173
Author	SHA1	Message	Date
David Abdurachmanov	e9461d42cd	Ignore testsuite failures & print log Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com>	2021-05-06 07:40:12 +03:00
Daiki Ueno	af4a165b69	Port Gnulib test fixes from upstream	2020-09-04 13:15:41 +02:00
Daiki Ueno	c5ca9b5530	Remove unnecessary patches and bootstrapping process	2020-09-04 13:15:23 +02:00
Daiki Ueno	bbd689875c	Update to the upstream 3.6.15 release	2020-09-04 13:15:15 +02:00
Jeff Law	5fcda80cc3	Disable LTO on ppc64le	2020-08-17 22:15:49 -06:00
Daiki Ueno	edf183f7fd	Fix underlinking of libpthread	2020-08-04 09:48:35 +02:00
Fedora Release Engineering	d3626cfa1e	- Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2020-08-01 02:26:43 +00:00
Fedora Release Engineering	1ca10e2bd1	- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2020-07-27 20:54:30 +00:00
Anderson Toshiyuki Sasaki	981ebf78f1	Rebuild with autogen built with guile-2.2 Resolves: #1852706	2020-07-02 18:32:46 +02:00
Anderson Toshiyuki Sasaki	62fe4ffb98	Fix automatic libraries soname detection Previously, the automatic soname detection were failing when the -Wl,--as-needed option was provided in LDFLAGS, which lead the FIPS self-tests to fail.	2020-06-10 10:27:57 +02:00
Anderson Toshiyuki Sasaki	7ed5f7db0d	Fix memory leak when serializing iovec_t Resolves: #1845083	2020-06-09 18:09:11 +02:00
Daiki Ueno	79aed5310b	Add missing changelog entry	2020-06-04 08:53:10 +02:00
Daiki Ueno	86e1a47129	Update to 3.6.14-1.	2020-06-04 08:11:47 +02:00
Daiki Ueno	230640c591	Update gnutls-3.6.13-superseding-chain.patch	2020-05-31 15:39:54 +02:00
Daiki Ueno	ff6457e1d1	Fix cert chain validation behavior if the last cert has expired (#1842178 )	2020-05-31 15:04:20 +02:00
Anderson Toshiyuki Sasaki	bff55b411b	Add option to gnutls-cli to wait for resumption under TLS 1.3	2020-05-25 15:05:15 +02:00
Anderson Toshiyuki Sasaki	f2ea860ff5	Disable RSA blinding during FIPS self-tests Related: rhbz#1835265	2020-05-20 11:04:36 +02:00
Anderson Toshiyuki Sasaki	5de0851cf9	Bump linked libs soname to fix FIPS self-tests Resolves: rhbz#1835265	2020-05-14 10:59:56 +02:00
Anderson Toshiyuki Sasaki	fbf404e4b2	Remove gpg key from sources	2020-05-13 16:32:58 +02:00
Daiki Ueno	39036e4f9a	Update to 3.6.13-1 - Update to upstream 3.6.13 release	2020-03-31 09:46:45 +02:00
Anderson Toshiyuki Sasaki	56cb0e447f	Fix FIPS-140 power-on self-tests Backport upstream FIPS-140 power-on self-tests changes. This addresses the bug bz#1813384. This also includes a backport of a small fix to the gnutls-serv application to address the issue reported in rhbz#1816583. Resolves: #1813384, #1816583	2020-03-26 15:29:23 +01:00
Daiki Ueno	68018f33be	Remove gpgkey file from sources The line in the sources file causing conflict with "fedpkg local" as the gpgkey file is already tracked in the git repository.	2020-03-25 14:08:08 +01:00
Nikos Mavrogiannopoulos	ac40af60b7	Update to 3.6.12-1 - Update to upstream 3.6.12 release	2020-02-02 00:15:25 +01:00
Fedora Release Engineering	ecbe15cd95	- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2020-01-28 23:08:31 +00:00
Nikos Mavrogiannopoulos	682cf5e888	Update to 3.6.11-1 - Update to upstream 3.6.11 release	2019-12-02 08:20:01 +01:00
Nikos Mavrogiannopoulos	3bdec56a8d	override the system-wide priority file	2019-12-02 08:05:30 +01:00
Nikos Mavrogiannopoulos	4a8901f676	Update to 3.6.10-1 - Update to upstream 3.6.10 release	2019-09-29 21:00:47 +02:00
Nikos Mavrogiannopoulos	2148134f1b	Update to 3.6.9-1 - Update to upstream 3.6.9 release	2019-07-26 21:24:23 +02:00
Fedora Release Engineering	064127eab7	- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2019-07-25 04:31:20 +00:00
Daiki Ueno	863812f9e4	Fix build with guile22	2019-07-16 14:15:18 +02:00
Daiki Ueno	036bfab64d	Bump nettle-devel BR to 3.5.1	2019-07-16 13:06:24 +02:00
Daiki Ueno	74354b86d5	Revert "Temporarily disable gpg key checking for updating nettle" This reverts commit `e17630f891`. It turned out this doesn't help.	2019-07-15 15:06:03 +02:00
Daiki Ueno	e17630f891	Temporarily disable gpg key checking for updating nettle	2019-07-15 14:37:50 +02:00
Nikos Mavrogiannopoulos	e8f6e10f11	Depend on guile 2.2 guile22 seems to be present in all f30 builds, so do not bring an earlier version just for gnutls.	2019-07-15 14:22:04 +02:00
Nikos Mavrogiannopoulos	81c75ab2a8	updated to 3.6.8 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2019-05-28 16:38:16 +02:00
Anderson Toshiyuki Sasaki	06571b6b92	Update to 3.6.7 - Fixed CVE-2019-3836 (#1693214) - Fixed CVE-2019-3829 (#1693210) Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>	2019-03-27 13:37:48 +01:00
Nikos Mavrogiannopoulos	35567a4b6a	updated to 3.6.6 This brings an additional patch from master to allow compiling with guile 2.0 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2019-02-01 17:48:30 +01:00
Fedora Release Engineering	59d63485ad	- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2019-01-31 23:30:24 +00:00
Igor Gnatenko	c60309b751	Remove obsolete Group tag References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag	2019-01-28 20:24:05 +01:00
Igor Gnatenko	3e17b200c8	Remove obsolete scriptlets References: https://fedoraproject.org/wiki/Changes/RemoveObsoleteScriptlets Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>	2019-01-27 19:01:11 +01:00
Anderson Toshiyuki Sasaki	9bdb11f892	Add explicit Requires for nettle >= 3.4.1	2019-01-11 17:36:37 +01:00
Anderson Toshiyuki Sasaki	2858908ede	Update to 3.6.5-1 - Update to upstream 3.6.5 release	2018-12-11 15:07:26 +01:00
Nikos Mavrogiannopoulos	78a8f2e60e	removed unnecessary patch	2018-12-01 10:27:24 +01:00
Nikos Mavrogiannopoulos	906f58d1f1	corrected release path	2018-12-01 10:10:14 +01:00
Nikos Mavrogiannopoulos	f2315c5ac9	Remove ldconfig scriptlet, now done via. transfiletrigger in glibc	2018-10-30 08:25:08 +01:00
Nikos Mavrogiannopoulos	ba25b06f42	Fix issue with rehandshake affecting glib-networking (#1634736 )	2018-10-18 09:58:51 +02:00
Tomas Mraz	9d0f5cc6e3	Add missing annobin notes for assembler sources	2018-10-16 16:55:23 +02:00
Petr Menšík	23dda1cd4b	Rebuilt for unbound 1.8 Signed-off-by: Petr Menšík <pemensik@redhat.com>	2018-10-09 12:51:36 +02:00
Nikos Mavrogiannopoulos	1d95a2eb84	Updated to 3.6.4	2018-09-25 08:58:48 +02:00
Nikos Mavrogiannopoulos	bb2c5903d1	Further patches for TLS1.3 deployment	2018-08-16 09:24:17 +02:00
Nikos Mavrogiannopoulos	08085a1894	Fixed ECDSA public key import (#1612803 )	2018-08-07 15:44:42 +02:00
Nikos Mavrogiannopoulos	abd1baafcc	Backported regression fixes from upstream	2018-07-26 12:56:53 +02:00
Nikos Mavrogiannopoulos	fbb0a84717	Update to 3.6.3-1 - Update to upstream 3.6.3 release	2018-07-16 12:41:09 +02:00
Fedora Release Engineering	bd9bff0a9e	- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2018-07-13 03:09:22 +00:00
Jason Tibbitts	2ed903e5e9	Remove needless use of %defattr	2018-07-10 01:15:28 -05:00
Nikos Mavrogiannopoulos	c3056098ef	updated soname	2018-06-13 09:52:28 +02:00
Nikos Mavrogiannopoulos	739e836712	bumped version	2018-06-13 09:43:31 +02:00
Nikos Mavrogiannopoulos	d1439b69da	enable fips mode	2018-06-13 09:42:39 +02:00
Nikos Mavrogiannopoulos	137cdb9336	Update to 3.6.2-3 - Update to upstream 3.6.2 release	2018-06-06 13:40:47 +02:00
David Abdurachmanov	a6e110c7fa	Add missing BuildRequires: gnupg2 for gpgv2 in %prep Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com>	2018-05-28 10:19:37 +01:00