| |
@@ -12,25 +12,26 @@
|
| |
print(string.sub(hash, 0, 16))
|
| |
}
|
| |
|
| |
+ %global with_srp 0%{?fedora} < 38
|
| |
+
|
| |
%global with_mingw 0
|
| |
%if 0%{?fedora}
|
| |
%global with_mingw 0%{!?_without_mingw:1}
|
| |
%endif
|
| |
|
| |
- Version: 3.7.8
|
| |
+ Version: 3.8.0
|
| |
Release: %{?autorelease}%{!?autorelease:1%{?dist}}
|
| |
- Patch: gnutls-3.6.7-no-now-guile.patch
|
| |
Patch: gnutls-3.2.7-rpath.patch
|
| |
|
| |
+ # Delete only after the kernel has been patched for thested systems
|
| |
+ Patch: gnutls-3.7.8-ktls_disable_keyupdate_test.patch
|
| |
+
|
| |
+ # follow https://gitlab.com/gnutls/gnutls/-/issues/1443
|
| |
+ Patch: gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch
|
| |
+
|
| |
%bcond_without bootstrap
|
| |
%bcond_without dane
|
| |
- %if 0%{?rhel}
|
| |
- %bcond_with guile
|
| |
%bcond_without fips
|
| |
- %else
|
| |
- %bcond_without guile
|
| |
- %bcond_without fips
|
| |
- %endif
|
| |
%bcond_with tpm12
|
| |
%bcond_without tpm2
|
| |
%bcond_without gost
|
| |
@@ -75,9 +76,6 @@
|
| |
%if %{with dane}
|
| |
BuildRequires: unbound-devel unbound-libs
|
| |
%endif
|
| |
- %if %{with guile}
|
| |
- BuildRequires: guile22-devel
|
| |
- %endif
|
| |
BuildRequires: make gtk-doc
|
| |
|
| |
%if %{with_mingw}
|
| |
@@ -135,13 +133,6 @@
|
| |
Requires: %{name}%{?_isa} = %{version}-%{release}
|
| |
%endif
|
| |
|
| |
- %if %{with guile}
|
| |
- %package guile
|
| |
- Summary: Guile bindings for the GNUTLS library
|
| |
- Requires: %{name}%{?_isa} = %{version}-%{release}
|
| |
- Requires: guile22
|
| |
- %endif
|
| |
-
|
| |
%description
|
| |
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
|
| |
protocols and technologies around them. It provides a simple C language
|
| |
@@ -185,16 +176,6 @@
|
| |
TLS certificates through DNSSEC.
|
| |
%endif
|
| |
|
| |
- %if %{with guile}
|
| |
- %description guile
|
| |
- GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
|
| |
- protocols and technologies around them. It provides a simple C language
|
| |
- application programming interface (API) to access the secure communications
|
| |
- protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
|
| |
- other required structures.
|
| |
- This package contains Guile bindings for the library.
|
| |
- %endif
|
| |
-
|
| |
%if %{with_mingw}
|
| |
%package -n mingw32-%{name}
|
| |
Summary: MinGW GnuTLS TLS/SSL encryption library
|
| |
@@ -239,15 +220,6 @@
|
| |
CCASFLAGS="$CCASFLAGS -Wa,--generate-missing-build-notes=yes"
|
| |
export CCASFLAGS
|
| |
|
| |
- %if %{with guile}
|
| |
- # These should be checked by m4/guile.m4 instead of configure.ac
|
| |
- # taking into account of _guile_suffix
|
| |
- guile_snarf=%{_bindir}/guile-snarf2.2
|
| |
- export guile_snarf
|
| |
- GUILD=%{_bindir}/guild2.2
|
| |
- export GUILD
|
| |
- %endif
|
| |
-
|
| |
%if %{with fips}
|
| |
eval $(sed -n 's/^\(\(NAME\|VERSION_ID\)=.*\)/OS_\1/p' /etc/os-release)
|
| |
export FIPS_MODULE_NAME="$OS_NAME ${OS_VERSION_ID%%.*} %name"
|
| |
@@ -267,6 +239,9 @@
|
| |
%else
|
| |
--disable-gost \
|
| |
%endif
|
| |
+ %if %{with_srp}
|
| |
+ --enable-srp-authentication \
|
| |
+ %endif
|
| |
--enable-sha1-support \
|
| |
--disable-static \
|
| |
--disable-openssl-compatibility \
|
| |
@@ -285,12 +260,6 @@
|
| |
%endif
|
| |
--enable-ktls \
|
| |
--htmldir=%{_docdir}/manual \
|
| |
- %if %{with guile}
|
| |
- --enable-guile \
|
| |
- --with-guile-extension-dir=%{_libdir}/guile/2.2 \
|
| |
- %else
|
| |
- --disable-guile \
|
| |
- %endif
|
| |
%if %{with dane}
|
| |
--with-unbound-root-key-file=/var/lib/unbound/root.key \
|
| |
--enable-libdane \
|
| |
@@ -312,11 +281,13 @@
|
| |
# MinGW does not support CCASFLAGS
|
| |
export CCASFLAGS=""
|
| |
%mingw_configure \
|
| |
+ %if %{with_srp}
|
| |
+ --enable-srp-authentication \
|
| |
+ %endif
|
| |
--enable-sha1-support \
|
| |
--disable-static \
|
| |
--disable-openssl-compatibility \
|
| |
--disable-non-suiteb-curves \
|
| |
- --disable-guile \
|
| |
--disable-libdane \
|
| |
--disable-rpath \
|
| |
--disable-nls \
|
| |
@@ -336,8 +307,6 @@
|
| |
make -C doc install-html DESTDIR=$RPM_BUILD_ROOT
|
| |
rm -f $RPM_BUILD_ROOT%{_infodir}/dir
|
| |
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
| |
- rm -f $RPM_BUILD_ROOT%{_libdir}/guile/2.2/guile-gnutls*.a
|
| |
- rm -f $RPM_BUILD_ROOT%{_libdir}/guile/2.2/guile-gnutls*.la
|
| |
%if %{without dane}
|
| |
rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls-dane.pc
|
| |
%endif
|
| |
@@ -346,8 +315,10 @@
|
| |
# doing it twice should be a no-op the second time,
|
| |
# and this way we avoid redefining it and missing a future change
|
| |
%{__spec_install_post}
|
| |
- ./lib/fipshmac "$RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30" > $RPM_BUILD_ROOT%{_libdir}/.gnutls.hmac
|
| |
- sed -i "s^$RPM_BUILD_ROOT/usr^^" $RPM_BUILD_ROOT%{_libdir}/.gnutls.hmac
|
| |
+ fname=`basename $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30.*.*`
|
| |
+ ./lib/fipshmac "$RPM_BUILD_ROOT%{_libdir}/libgnutls.so.30" > "$RPM_BUILD_ROOT%{_libdir}/.$fname.hmac"
|
| |
+ sed -i "s^$RPM_BUILD_ROOT/usr^^" "$RPM_BUILD_ROOT%{_libdir}/.$fname.hmac"
|
| |
+ ln -s ".$fname.hmac" "$RPM_BUILD_ROOT%{_libdir}/.libgnutls.so.30.hmac"
|
| |
%endif
|
| |
|
| |
%if %{with fips}
|
| |
@@ -400,7 +371,7 @@
|
| |
%files -f native_build/gnutls.lang
|
| |
%{_libdir}/libgnutls.so.30*
|
| |
%if %{with fips}
|
| |
- %{_libdir}/.gnutls.hmac
|
| |
+ %{_libdir}/.libgnutls.so.30*.hmac
|
| |
%endif
|
| |
%doc README.md AUTHORS NEWS THANKS
|
| |
%license LICENSE doc/COPYING doc/COPYING.LESSER
|
| |
@@ -426,7 +397,9 @@
|
| |
%{_bindir}/ocsptool
|
| |
%{_bindir}/psktool
|
| |
%{_bindir}/p11tool
|
| |
+ %if %{with_srp}
|
| |
%{_bindir}/srptool
|
| |
+ %endif
|
| |
%if %{with dane}
|
| |
%{_bindir}/danetool
|
| |
%endif
|
| |
@@ -439,15 +412,6 @@
|
| |
%{_libdir}/libgnutls-dane.so.*
|
| |
%endif
|
| |
|
| |
- %if %{with guile}
|
| |
- %files guile
|
| |
- %{_libdir}/guile/2.2/guile-gnutls*.so*
|
| |
- %{_libdir}/guile/2.2/site-ccache/gnutls.go
|
| |
- %{_libdir}/guile/2.2/site-ccache/gnutls/extra.go
|
| |
- %{_datadir}/guile/site/2.2/gnutls.scm
|
| |
- %{_datadir}/guile/site/2.2/gnutls/extra.scm
|
| |
- %endif
|
| |
-
|
| |
%if %{with_mingw}
|
| |
%files -n mingw32-%{name}
|
| |
%license LICENSE doc/COPYING doc/COPYING.LESSER
|
| |
@@ -459,7 +423,9 @@
|
| |
%{mingw32_bindir}/ocsptool.exe
|
| |
%{mingw32_bindir}/p11tool.exe
|
| |
%{mingw32_bindir}/psktool.exe
|
| |
+ %if %{with_srp}
|
| |
%{mingw32_bindir}/srptool.exe
|
| |
+ %endif
|
| |
%{mingw32_libdir}/libgnutls.dll.a
|
| |
%{mingw32_libdir}/libgnutls-30.def
|
| |
%{mingw32_libdir}/pkgconfig/gnutls.pc
|
| |
@@ -475,7 +441,9 @@
|
| |
%{mingw64_bindir}/ocsptool.exe
|
| |
%{mingw64_bindir}/p11tool.exe
|
| |
%{mingw64_bindir}/psktool.exe
|
| |
+ %if %{with_srp}
|
| |
%{mingw64_bindir}/srptool.exe
|
| |
+ %endif
|
| |
%{mingw64_libdir}/libgnutls.dll.a
|
| |
%{mingw64_libdir}/libgnutls-30.def
|
| |
%{mingw64_libdir}/pkgconfig/gnutls.pc
|
| |
Upstream tag: 3.8.0
Upstream commit: 516e466b