Summary: A TLS protocol implementation Name: gnutls Version: 2.12.20 Release: 4%{?dist} # The libgnutls library is LGPLv2+, utilities and remaining libraries are GPLv3+ License: GPLv3+ and LGPLv2+ Group: System Environment/Libraries BuildRequires: libgcrypt-devel >= 1.2.2, p11-kit-devel >= 0.11, gettext BuildRequires: zlib-devel, readline-devel, libtasn1-devel BuildRequires: lzo-devel, libtool, automake, autoconf BuildRequires: guile-devel URL: http://www.gnutls.org/ #Source0: ftp://ftp.gnutls.org/pub/gnutls/%{name}-%{version}.tar.gz #Source1: ftp://ftp.gnutls.org/pub/gnutls/%{name}-%{version}.tar.gz.sig # XXX patent tainted SRP code removed. Source0: %{name}-%{version}-nosrp.tar.xz Source1: libgnutls-config Patch1: gnutls-2.12.11-rpath.patch Patch2: gnutls-2.8.6-link-libgcrypt.patch # Remove nonexisting references from texinfo file Patch3: gnutls-2.12.2-nosrp.patch # Skip tests that are expected to fail on libgcrypt build Patch4: gnutls-2.12.7-dsa-skiptests.patch # Make it build with recent glibc that removed gets Patch5: gnutls-2.12.20-build.patch # Fix the gnutls-cli-debug manpage Patch6: gnutls-2.12.20-cli-debug-manpage.patch # Use only FIPS approved ciphers in the FIPS mode Patch7: gnutls-2.12.20-fips-algorithms.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: libgcrypt >= 1.2.2 # Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174 Provides: bundled(gnulib) = 20120301 %package c++ Summary: The C++ interface to GnuTLS Requires: %{name}%{?_isa} = %{version}-%{release} %package devel Summary: Development files for the %{name} package Group: Development/Libraries Requires: %{name}%{?_isa} = %{version}-%{release} Requires: %{name}-c++%{?_isa} = %{version}-%{release} Requires: libgcrypt-devel Requires: pkgconfig Requires(post): /sbin/install-info Requires(preun): /sbin/install-info %package utils License: GPLv3+ Summary: Command line tools for TLS protocol Group: Applications/System Requires: %{name}%{?_isa} = %{version}-%{release} %package guile Summary: Guile bindings for the GNUTLS library Group: Development/Libraries Requires: %{name}%{?_isa} = %{version}-%{release} Requires: guile %description GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implements the proposed standards by the IETF's TLS working group. %description c++ GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implements the proposed standards by the IETF's TLS working group. This package contains the C++ interface for the GnuTLS library. %description devel GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implements the proposed standards by the IETF's TLS working group. This package contains files needed for developing applications with the GnuTLS library. %description utils GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implements the proposed standards by the IETF's TLS working group. This package contains command line TLS client and server and certificate manipulation tools. %description guile GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implements the proposed standards by the IETF's TLS working group. This package contains Guile bindings for the library. %prep %setup -q %patch1 -p1 -b .rpath %patch2 -p1 -b .link %patch3 -p1 -b .nosrp %patch4 -p1 -b .skiptests %patch5 -p1 -b .build %patch6 -p1 -b .cli-debug %patch7 -p1 -b .fips for i in auth_srp_rsa.c auth_srp_sb64.c auth_srp_passwd.c auth_srp.c gnutls_srp.c ext_srp.c; do touch lib/$i done %build export LDFLAGS="-Wl,--no-add-needed" %configure --with-libtasn1-prefix=%{_prefix} \ --with-included-libcfg \ --disable-static \ --disable-openssl-compatibility \ --disable-srp-authentication \ --disable-rpath \ %ifarch %{arm} --disable-largefile \ %endif --with-libgcrypt # Note that the arm hack above is not quite right and the proper thing would # be to compile guile with largefile support. make cp lib/COPYING COPYING.LIB %install rm -fr $RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT rm -f $RPM_BUILD_ROOT%{_bindir}/srptool rm -f $RPM_BUILD_ROOT%{_bindir}/gnutls-srpcrypt cp -f %{SOURCE1} $RPM_BUILD_ROOT%{_bindir}/libgnutls-config cp -f %{SOURCE1} $RPM_BUILD_ROOT%{_bindir}/libgnutls-extra-config rm -f $RPM_BUILD_ROOT%{_mandir}/man1/srptool.1 rm -f $RPM_BUILD_ROOT%{_mandir}/man3/*srp* rm -f $RPM_BUILD_ROOT%{_infodir}/dir rm -f $RPM_BUILD_ROOT%{_libdir}/*.la rm -f $RPM_BUILD_ROOT%{_libdir}/libguile*.a %find_lang libgnutls %check make check %clean rm -fr $RPM_BUILD_ROOT %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %post c++ -p /sbin/ldconfig %postun c++ -p /sbin/ldconfig %post devel if [ -f %{_infodir}/gnutls.info.gz ]; then /sbin/install-info %{_infodir}/gnutls.info.gz %{_infodir}/dir || : fi %preun devel if [ $1 = 0 -a -f %{_infodir}/gnutls.info.gz ]; then /sbin/install-info --delete %{_infodir}/gnutls.info.gz %{_infodir}/dir || : fi %post guile -p /sbin/ldconfig %postun guile -p /sbin/ldconfig %files -f libgnutls.lang %defattr(-,root,root,-) %{_libdir}/libgnutls.so.* %{_libdir}/libgnutls-extra.so.* %doc COPYING COPYING.LIB README AUTHORS %files c++ %{_libdir}/libgnutlsxx.so.* %files devel %defattr(-,root,root,-) %{_bindir}/libgnutls*-config %{_includedir}/* %{_libdir}/libgnutls*.so %{_libdir}/pkgconfig/*.pc %{_mandir}/man3/* %{_infodir}/gnutls* %{_infodir}/pkcs11-vision* %files utils %defattr(-,root,root,-) %{_bindir}/certtool %{_bindir}/psktool %{_bindir}/p11tool %{_bindir}/gnutls* %{_mandir}/man1/* %doc doc/certtool.cfg %files guile %defattr(-,root,root,-) %{_libdir}/libguile*.so* %{_datadir}/guile/site/gnutls %{_datadir}/guile/site/gnutls.scm %changelog * Thu Nov 1 2012 Tomas Mraz 2.12.20-4 - negotiate only FIPS approved algorithms in the FIPS mode (#871826) * Wed Aug 8 2012 Tomas Mraz 2.12.20-3 - fix the gnutls-cli-debug manpage - patch by Peter Schiffer * Thu Jul 19 2012 Fedora Release Engineering - 2.12.20-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Mon Jun 18 2012 Tomas Mraz 2.12.20-1 - new upstream version * Fri May 18 2012 Tomas Mraz 2.12.19-1 - new upstream version * Thu Mar 29 2012 Tomas Mraz 2.12.18-1 - new upstream version * Thu Mar 8 2012 Tomas Mraz 2.12.17-1 - new upstream version - fix leaks in key generation (#796302) * Fri Feb 03 2012 Kevin Fenzi - 2.12.14-3 - Disable largefile on arm arch. (#787287) * Fri Jan 13 2012 Fedora Release Engineering - 2.12.14-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Mon Nov 8 2011 Tomas Mraz 2.12.14-1 - new upstream version * Mon Oct 24 2011 Tomas Mraz 2.12.12-1 - new upstream version * Thu Sep 29 2011 Tomas Mraz 2.12.11-1 - new upstream version * Fri Aug 26 2011 Tomas Mraz 2.12.9-1 - new upstream version * Tue Aug 16 2011 Tomas Mraz 2.12.8-1 - new upstream version * Mon Jul 25 2011 Tomas Mraz 2.12.7-2 - fix problem when using new libgcrypt - split libgnutlsxx to a subpackage (#455146) - drop libgnutls-openssl (#460310) * Tue Jun 21 2011 Tomas Mraz 2.12.7-1 - new upstream version * Wed May 9 2011 Tomas Mraz 2.12.4-1 - new upstream version * Tue Apr 26 2011 Tomas Mraz 2.12.3-1 - new upstream version * Mon Apr 18 2011 Tomas Mraz 2.12.2-1 - new upstream version * Thu Mar 3 2011 Tomas Mraz 2.10.5-1 - new upstream version * Tue Feb 08 2011 Fedora Release Engineering - 2.10.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Wed Dec 8 2010 Tomas Mraz 2.10.4-1 - new upstream version * Tue Dec 2 2010 Tomas Mraz 2.10.3-2 - fix buffer overflow in gnutls-serv (#659259) * Fri Nov 19 2010 Tomas Mraz 2.10.3-1 - new upstream version * Thu Sep 30 2010 Tomas Mraz 2.10.2-1 - new upstream version * Wed Sep 29 2010 jkeating - 2.10.1-4 - Rebuilt for gcc bug 634757 * Thu Sep 23 2010 Tomas Mraz 2.10.1-3 - more patching for internal errors regression (#629858) patch by Vivek Dasmohapatra * Tue Sep 21 2010 Tomas Mraz 2.10.1-2 - backported patch from upstream git hopefully fixing internal errors (#629858) * Wed Aug 4 2010 Tomas Mraz 2.10.1-1 - new upstream version * Wed Jun 2 2010 Tomas Mraz 2.8.6-2 - add support for safe renegotiation CVE-2009-3555 (#533125) * Wed May 12 2010 Tomas Mraz 2.8.6-1 - upgrade to a new upstream version * Mon Feb 15 2010 Rex Dieter 2.8.5-4 - FTBFS gnutls-2.8.5-3.fc13: ImplicitDSOLinking (#564624) * Thu Jan 28 2010 Tomas Mraz 2.8.5-3 - drop superfluous rpath from binaries - do not call autoreconf during build - specify the license on utils subpackage * Mon Jan 18 2010 Tomas Mraz 2.8.5-2 - do not create static libraries (#556052) * Mon Nov 2 2009 Tomas Mraz 2.8.5-1 - upgrade to a new upstream version * Wed Sep 23 2009 Tomas Mraz 2.8.4-1 - upgrade to a new upstream version * Fri Aug 14 2009 Tomas Mraz 2.8.3-1 - upgrade to a new upstream version * Fri Jul 24 2009 Fedora Release Engineering - 2.8.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Wed Jun 10 2009 Tomas Mraz 2.8.1-1 - upgrade to a new upstream version * Wed Jun 3 2009 Tomas Mraz 2.8.0-1 - upgrade to a new upstream version * Mon May 4 2009 Tomas Mraz 2.6.6-1 - upgrade to a new upstream version - security fixes * Tue Apr 14 2009 Tomas Mraz 2.6.5-1 - upgrade to a new upstream version, minor bugfixes only * Fri Mar 6 2009 Tomas Mraz 2.6.4-1 - upgrade to a new upstream version * Tue Feb 24 2009 Fedora Release Engineering - 2.6.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Mon Dec 15 2008 Tomas Mraz 2.6.3-1 - upgrade to a new upstream version * Thu Dec 4 2008 Tomas Mraz 2.6.2-1 - upgrade to a new upstream version * Tue Nov 11 2008 Tomas Mraz 2.4.2-3 - fix chain verification issue CVE-2008-4989 (#470079) * Thu Sep 25 2008 Tomas Mraz 2.4.2-2 - add guile subpackage (#463735) - force new libtool through autoreconf to drop unnecessary rpaths * Tue Sep 23 2008 Tomas Mraz 2.4.2-1 - new upstream version * Tue Jul 1 2008 Tomas Mraz 2.4.1-1 - new upstream version - correct the license tag - explicit --with-included-opencdk not needed - use external lzo library, internal not included anymore * Tue Jun 24 2008 Tomas Mraz 2.4.0-1 - upgrade to latest upstream * Tue May 20 2008 Tomas Mraz 2.0.4-3 - fix three security issues in gnutls handshake - GNUTLS-SA-2008-1 (#447461, #447462, #447463) * Mon Feb 4 2008 Joe Orton 2.0.4-2 - use system libtasn1 * Tue Dec 4 2007 Tomas Mraz 2.0.4-1 - upgrade to latest upstream * Tue Aug 21 2007 Tomas Mraz 1.6.3-2 - license tag fix * Wed Jun 6 2007 Tomas Mraz 1.6.3-1 - upgrade to latest upstream (#232445) * Tue Apr 10 2007 Tomas Mraz 1.4.5-2 - properly require install-info (patch by Ville Skyttä) - standard buildroot and use dist tag - add COPYING and README to doc * Wed Feb 7 2007 Tomas Mraz 1.4.5-1 - new upstream version - drop libtermcap-devel from buildrequires * Thu Sep 14 2006 Tomas Mraz 1.4.1-2 - detect forged signatures - CVE-2006-4790 (#206411), patch from upstream * Tue Jul 18 2006 Tomas Mraz - 1.4.1-1 - upgrade to new upstream version, only minor changes * Wed Jul 12 2006 Jesse Keating - 1.4.0-1.1 - rebuild * Wed Jun 14 2006 Tomas Mraz - 1.4.0-1 - upgrade to new upstream version (#192070), rebuild of dependent packages required * Tue May 16 2006 Tomas Mraz - 1.2.10-2 - added missing buildrequires * Mon Feb 13 2006 Tomas Mraz - 1.2.10-1 - updated to new version (fixes CVE-2006-0645) * Fri Feb 10 2006 Jesse Keating - 1.2.9-3.2 - bump again for double-long bug on ppc(64) * Tue Feb 07 2006 Jesse Keating - 1.2.9-3.1 - rebuilt for new gcc4.1 snapshot and glibc changes * Tue Jan 3 2006 Jesse Keating 1.2.9-3 - rebuilt * Fri Dec 9 2005 Tomas Mraz 1.2.9-2 - replaced *-config scripts with calls to pkg-config to solve multilib conflicts * Wed Nov 23 2005 Tomas Mraz 1.2.9-1 - upgrade to newest upstream - removed .la files (#172635) * Sun Aug 7 2005 Tomas Mraz 1.2.6-1 - upgrade to newest upstream (rebuild of dependencies necessary) * Mon Jul 4 2005 Tomas Mraz 1.0.25-2 - split the command line tools to utils subpackage * Sat Apr 30 2005 Tomas Mraz 1.0.25-1 - new upstream version fixes potential DOS attack * Sat Apr 23 2005 Tomas Mraz 1.0.24-2 - readd the version script dropped by upstream * Fri Apr 22 2005 Tomas Mraz 1.0.24-1 - update to the latest upstream version on the 1.0 branch * Wed Mar 2 2005 Warren Togami 1.0.20-6 - gcc4 rebuild * Tue Jan 4 2005 Ivana Varekova 1.0.20-5 - add gnutls Requires zlib-devel (#144069) * Mon Nov 08 2004 Colin Walters 1.0.20-4 - Make gnutls-devel Require libgcrypt-devel * Tue Sep 21 2004 Jeff Johnson 1.0.20-3 - rebuild with release++, otherwise unchanged. * Tue Sep 7 2004 Jeff Johnson 1.0.20-2 - patent tainted SRP code removed. * Sun Sep 5 2004 Jeff Johnson 1.0.20-1 - update to 1.0.20. - add --with-included-opencdk --with-included-libtasn1 - add --with-included-libcfg --with-included-lzo - add --disable-srp-authentication. - do "make check" after build. * Fri Mar 21 2003 Jeff Johnson 0.9.2-1 - upgrade to 0.9.2 * Tue Jun 25 2002 Jeff Johnson 0.4.4-1 - update to 0.4.4. * Fri Jun 21 2002 Tim Powers - automated rebuild * Sat May 25 2002 Jeff Johnson 0.4.3-1 - update to 0.4.3. * Tue May 21 2002 Jeff Johnson 0.4.2-1 - update to 0.4.2. - change license to LGPL. - include splint annotations patch. * Tue Apr 2 2002 Nalin Dahyabhai 0.4.0-1 - update to 0.4.0 * Thu Jan 17 2002 Nalin Dahyabhai 0.3.2-1 - update to 0.3.2 * Wed Jan 10 2002 Nalin Dahyabhai 0.3.0-1 - add a URL * Wed Dec 20 2001 Nalin Dahyabhai - initial package