[packages/gnutls] up to 3.8.0 (fixes CVE-2023-0361)

atler atler at pld-linux.org
Sat Feb 11 15:28:57 CET 2023


commit 4fe65b0d4279fa85223879ba6150599568317560
Author: Jan Palus <atler at pld-linux.org>
Date:   Sat Feb 11 15:27:08 2023 +0100

    up to 3.8.0 (fixes CVE-2023-0361)
    
    - guile bindings developed independently now (guile-gnutls package)

 gnutls-info.patch         | 14 -----------
 gnutls-pl.po-update.patch | 60 +++++++++++++++++++++++------------------------
 gnutls.spec               | 57 ++++++++------------------------------------
 3 files changed, 40 insertions(+), 91 deletions(-)
---
diff --git a/gnutls.spec b/gnutls.spec
index c539beb..e8aed90 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -6,19 +6,20 @@
 %bcond_without	tpm2		# TPM2 support in gnutls
 %bcond_without	static_libs	# static libraries
 %bcond_without	doc		# do not generate documentation
-%bcond_without	guile		# Guile binding
 %bcond_with	af_alg		# Linux kernel AF_ALG based acceleration
+%bcond_with	heartbeat	# heartbeat extension support
 %bcond_with	ktls		# Kernel TLS support
+%bcond_with	srp		# SRP authentication support
 
 Summary:	The GNU Transport Layer Security Library
 Summary(pl.UTF-8):	Biblioteka GNU TLS (Transport Layer Security)
 Name:		gnutls
-Version:	3.7.8
-Release:	2
+Version:	3.8.0
+Release:	1
 License:	LGPL v2.1+ (libgnutls), LGPL v3+ (libdane), GPL v3+ (openssl library and tools)
 Group:		Libraries
-Source0:	ftp://ftp.gnutls.org/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz
-# Source0-md5:	c7b749bae243c341e6be717baf7ffbad
+Source0:	ftp://ftp.gnutls.org/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz
+# Source0-md5:	20a662caf20112b6b9ad1f4a64db3a97
 Patch0:		%{name}-info.patch
 Patch1:		%{name}-link.patch
 Patch2:		%{name}-pl.po-update.patch
@@ -29,7 +30,6 @@ BuildRequires:	gcc >= 5:3.2
 BuildRequires:	gettext-tools >= 0.19
 BuildRequires:	gmp-devel
 %{?with_doc:BuildRequires:	gtk-doc >= 1.14}
-%{?with_guile:BuildRequires:	guile-devel >= 5:3.0}
 BuildRequires:	libidn2-devel >= 2.0.0
 BuildRequires:	libbrotli-devel >= 1.0.0
 %{?with_af_alg:BuildRequires:	libkcapi-devel >= 1.3.0}
@@ -250,20 +250,6 @@ Static gnutls-openssl library.
 %description openssl-static -l pl.UTF-8
 Statyczna biblioteka gnutls-openssl.
 
-%package -n guile-gnutls
-Summary:	Guile bindings for GnuTLS
-Summary(pl.UTF-8):	Wiązania Guile do GnuTLS
-License:	LGPL v2.1+
-Group:		Development/Languages
-Requires:	%{name}-libs = %{version}-%{release}
-Requires:	guile >= 5:3.0
-
-%description -n guile-gnutls
-Guile bindings for GnuTLS.
-
-%description -n guile-gnutls -l pl.UTF-8
-Wiązania Guile do GnuTLS.
-
 %prep
 %setup -q
 %patch0 -p1
@@ -281,8 +267,9 @@ Wiązania Guile do GnuTLS.
 %configure \
 	%{?with_af_alg:--enable-afalg} \
 	%{!?with_doc:--disable-doc} \
-	%{!?with_guile:--disable-guile} \
+	%{__enable_disable heartbeat heartbeat-support} \
 	%{__enable_disable ktls} \
+	%{__enable_disable srp srp-authentication} \
 	%{?with_openssl:--enable-openssl-compatibility} \
 	--disable-silent-rules \
 	%{?with_static_libs:--enable-static} \
@@ -302,14 +289,6 @@ rm -rf $RPM_BUILD_ROOT
 # although libgnutls.la is obsoleted by pkg-config, there is
 # .pc file missing for libgnutls-openssl, and it needs libgnutls.la
 
-%if %{with guile}
-# guile module - dynamic only
-%{__rm} $RPM_BUILD_ROOT%{_libdir}/guile/3.*/extensions/guile-gnutls-*.la
-%if %{with static_libs}
-%{__rm} $RPM_BUILD_ROOT%{_libdir}/guile/3.*/extensions/guile-gnutls-*.a
-%endif
-%endif
-
 # images for (not installed) htmlized infos - already packaged with infos
 %if %{with doc}
 %{__rm} $RPM_BUILD_ROOT%{_docdir}/gnutls/*.png
@@ -340,9 +319,6 @@ rm -rf $RPM_BUILD_ROOT
 %post	openssl -p /sbin/ldconfig
 %postun	openssl -p /sbin/ldconfig
 
-%post	-n guile-gnutls -p /sbin/ldconfig
-%postun	-n guile-gnutls -p /sbin/ldconfig
-
 %files -f %{name}.lang
 %defattr(644,root,root,755)
 %doc AUTHORS ChangeLog NEWS README.md THANKS
@@ -351,7 +327,7 @@ rm -rf $RPM_BUILD_ROOT
 %attr(755,root,root) %{_bindir}/ocsptool
 %attr(755,root,root) %{_bindir}/p11tool
 %attr(755,root,root) %{_bindir}/psktool
-%attr(755,root,root) %{_bindir}/srptool
+%{?with_srp:%attr(755,root,root) %{_bindir}/srptool}
 %{?with_tpm:%attr(755,root,root) %{_bindir}/tpmtool}
 %if %{with doc}
 %{_mandir}/man1/certtool.1*
@@ -359,7 +335,7 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/ocsptool.1*
 %{_mandir}/man1/p11tool.1*
 %{_mandir}/man1/psktool.1*
-%{_mandir}/man1/srptool.1*
+%{?with_srp:%{_mandir}/man1/srptool.1*}
 %{_mandir}/man1/tpmtool.1*
 %{_infodir}/gnutls.info*
 %{_infodir}/gnutls-*.png
@@ -448,16 +424,3 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/libgnutls-openssl.a
 %endif
 %endif
-
-%if %{with guile}
-%files -n guile-gnutls
-%defattr(644,root,root,755)
-%attr(755,root,root) %{_libdir}/guile/3.*/extensions/guile-gnutls-v-2.so*
-%{_libdir}/guile/3.*/site-ccache/gnutls.go
-%{_libdir}/guile/3.*/site-ccache/gnutls
-%{_datadir}/guile/site/3.*/gnutls.scm
-%{_datadir}/guile/site/3.*/gnutls
-%if %{with doc}
-%{_infodir}/gnutls-guile.info*
-%endif
-%endif
diff --git a/gnutls-info.patch b/gnutls-info.patch
index 3306d92..25c660b 100644
--- a/gnutls-info.patch
+++ b/gnutls-info.patch
@@ -28,18 +28,4 @@
 +* srptool: (gnutls)srptool.		Simple SRP password tool
  @end direntry
  
- @titlepage
---- gnutls-3.0.0/doc/gnutls-guile.texi.orig	2011-05-27 18:09:02.000000000 +0200
-+++ gnutls-3.0.0/doc/gnutls-guile.texi	2011-08-04 16:39:19.246496322 +0200
-@@ -29,9 +29,9 @@
- @end quotation
- @end copying
- 
-- at dircategory Software libraries
-+ at dircategory Libraries:
- @direntry
--* GnuTLS-Guile: (gnutls-guile).		GNU Transport Layer Security Library. Guile bindings.
-+* GnuTLS-Guile: (gnutls-guile).		GNU Transport Layer Security Library. Guile bindings
- @end direntry
- 
  @titlepage
diff --git a/gnutls-pl.po-update.patch b/gnutls-pl.po-update.patch
index 79a3644..dade98c 100644
--- a/gnutls-pl.po-update.patch
+++ b/gnutls-pl.po-update.patch
@@ -13,7 +13,7 @@
 -"Project-Id-Version: gnutls-3.6.8\n"
 +"Project-Id-Version: gnutls-3.7.6\n"
  "Report-Msgid-Bugs-To: bug-gnutls at gnu.org\n"
- "POT-Creation-Date: 2022-09-27 12:48+0000\n"
+ "POT-Creation-Date: 2023-02-09 16:00+0100\n"
 -"PO-Revision-Date: 2019-06-01 08:22+0200\n"
 +"PO-Revision-Date: 2022-06-03 22:30+0200\n"
  "Last-Translator: Jakub Bogusz <qboosh at pld-linux.org>\n"
@@ -22,19 +22,19 @@
 @@ -412,10 +413,8 @@ msgid "Unsupported extension in X.509 ce
  msgstr "Nieobsługiwane rozszerzenie w certyfikacie X.509."
  
- #: lib/errors.c:188
+ #: lib/errors.c:184
 -#, fuzzy
 -#| msgid "Unsupported extension in X.509 certificate."
  msgid "Duplicate extension in X.509 certificate."
 -msgstr "Nieobsługiwane rozszerzenie w certyfikacie X.509."
 +msgstr "Powtórzone rozszerzenie w certyfikacie X.509."
  
- #: lib/errors.c:191
+ #: lib/errors.c:186
  msgid "Key usage violation in certificate has been detected."
 @@ -1070,10 +1069,10 @@ msgid "%sdirectoryName: %.*s\n"
  msgstr "%sdirectoryName: %.*s\n"
  
- #: lib/x509/output.c:149
+ #: lib/x509/output.c:169
 -#, fuzzy, c-format
 +#, c-format
  #| msgid "%s\t\t\totherName OID: %.*s\n"
@@ -42,12 +42,12 @@
 -msgstr "%s\t\t\tOID otherName: %.*s\n"
 +msgstr "%sZarejestrowany ID: %.*s\n"
  
- #: lib/x509/output.c:153
+ #: lib/x509/output.c:174
  #, c-format
 @@ -1086,10 +1085,9 @@ msgid "%sKRB5Principal: %.*s\n"
  msgstr "%sKRB5Principal: %.*s\n"
  
- #: lib/x509/output.c:161
+ #: lib/x509/output.c:184
 -#, fuzzy, c-format
 -#| msgid "%sKRB5Principal: %.*s\n"
 +#, c-format
@@ -55,12 +55,12 @@
 -msgstr "%sKRB5Principal: %.*s\n"
 +msgstr "%sNazwa zarządcy użytkownika: %.*s\n"
  
- #: lib/x509/output.c:165
+ #: lib/x509/output.c:189
  #, c-format
 @@ -1138,51 +1136,44 @@ msgid "\t\t\tAccess Method: %s (%s)\n"
  msgstr "\t\t\tMetoda dostępu: %s (%s)\n"
  
- #: lib/x509/output.c:484
+ #: lib/x509/output.c:511
 -#, fuzzy, c-format
 -#| msgid "\tRevoked certificates (%d):\n"
 +#, c-format
@@ -68,13 +68,13 @@
 -msgstr "\tUnieważnione certyfikaty (%d):\n"
 +msgstr "%s\t\t\tZnacznik czasu podpisanego certyfikatu %d:\n"
  
- #: lib/x509/output.c:488
+ #: lib/x509/output.c:516
  #, c-format
  msgid "%s\t\t\t\tVersion: %d (unknown SCT version)\n"
 -msgstr ""
 +msgstr "%s\t\t\t\tWersja: %d (nieznana wersja SCT)\n"
  
- #: lib/x509/output.c:503
+ #: lib/x509/output.c:530
 -#, fuzzy, c-format
 -#| msgid "\tVersion: %d\n"
 +#, c-format
@@ -82,7 +82,7 @@
 -msgstr "\tWersja: %d\n"
 +msgstr "%s\t\t\t\tWersja: %d\n"
  
- #: lib/x509/output.c:505
+ #: lib/x509/output.c:531
 -#, fuzzy, c-format
 -#| msgid "%s\t\t\tASCII: "
 +#, c-format
@@ -90,7 +90,7 @@
 -msgstr "%s\t\t\tASCII: "
 +msgstr "%s\t\t\t\tLog ID: "
  
- #: lib/x509/output.c:508
+ #: lib/x509/output.c:534
 -#, fuzzy, c-format
 -#| msgid "%s\t\t\tTime stamping.\n"
 +#, c-format
@@ -98,7 +98,7 @@
 -msgstr "%s\t\t\tOznaczanie czasu.\n"
 +msgstr "%s\t\t\t\tCzas: "
  
- #: lib/x509/output.c:510
+ #: lib/x509/output.c:536
 -#, fuzzy, c-format
 -#| msgid "%s\tExtensions:\n"
 +#, c-format
@@ -106,7 +106,7 @@
 -msgstr "%s\tRozszerzenia:\n"
 +msgstr "%s\t\t\t\tRozszerzenia: brak\n"
  
- #: lib/x509/output.c:512
+ #: lib/x509/output.c:538
 -#, fuzzy, c-format
 -#| msgid "\tSignature Algorithm: %s\n"
 +#, c-format
@@ -114,7 +114,7 @@
 -msgstr "\tAlgorytm podpisu: %s\n"
 +msgstr "%s\t\t\t\tAlgorytm podpisu: %s\n"
  
- #: lib/x509/output.c:514
+ #: lib/x509/output.c:540
 -#, fuzzy, c-format
 -#| msgid "\tSignature:\n"
 +#, c-format
@@ -122,12 +122,12 @@
 -msgstr "\tPodpis:\n"
 +msgstr "%s\t\t\t\tPodpis: "
  
- #: lib/x509/output.c:608
+ #: lib/x509/output.c:635
  #, c-format
 @@ -1275,10 +1266,9 @@ msgid "%s\t\t\tIpsec IKE.\n"
  msgstr "%s\t\t\tIpsec IKE.\n"
  
- #: lib/x509/output.c:770
+ #: lib/x509/output.c:797
 -#, fuzzy, c-format
 -#| msgid "%s\t\t\tEmail protection.\n"
 +#, c-format
@@ -135,12 +135,12 @@
 -msgstr "%s\t\t\tOchrona poczty elektronicznej.\n"
 +msgstr "%s\t\t\tLogowanie kartą procesorową.\n"
  
- #: lib/x509/output.c:772
+ #: lib/x509/output.c:799
  #, c-format
 @@ -1330,33 +1320,29 @@ msgid "%s\t\t\tHexdump: "
  msgstr "%s\t\t\tZrzut hex: "
  
- #: lib/x509/output.c:994
+ #: lib/x509/output.c:1023
 -#, fuzzy, c-format
 -#| msgid "%s%s: %.*s\n"
 +#, c-format
@@ -148,13 +148,13 @@
 -msgstr "%s%s: %.*s\n"
 +msgstr "%s\t\t\t%.*s\n"
  
- #: lib/x509/output.c:1022
+ #: lib/x509/output.c:1054
  #, c-format
  msgid "%s\t\t\tSignTool: %.*s\n"
 -msgstr ""
 +msgstr "%s\t\t\tSignTool: %.*s\n"
  
- #: lib/x509/output.c:1030
+ #: lib/x509/output.c:1063
 -#, fuzzy, c-format
 -#| msgid "%s%s: %.*s\n"
 +#, c-format
@@ -162,7 +162,7 @@
 -msgstr "%s%s: %.*s\n"
 +msgstr "%s\t\t\tCATool: %.*s\n"
  
- #: lib/x509/output.c:1038
+ #: lib/x509/output.c:1072
 -#, fuzzy, c-format
 -#| msgid "%s\t\t\totherName OID: %.*s\n"
 +#, c-format
@@ -170,7 +170,7 @@
 -msgstr "%s\t\t\tOID otherName: %.*s\n"
 +msgstr "%s\t\t\tSignToolCert: %.*s\n"
  
- #: lib/x509/output.c:1046
+ #: lib/x509/output.c:1081
 -#, fuzzy, c-format
 -#| msgid "%s\t\t\totherName OID: %.*s\n"
 +#, c-format
@@ -178,12 +178,12 @@
 -msgstr "%s\t\t\tOID otherName: %.*s\n"
 +msgstr "%s\t\t\tCAToolCert: %.*s\n"
  
- #: lib/x509/output.c:1113
+ #: lib/x509/output.c:1148
  #, c-format
 @@ -1436,10 +1422,9 @@ msgid "%s\t\tAuthority Information Acces
  msgstr "%s\t\tInformacje Authority Information Access (%s):\n"
  
- #: lib/x509/output.c:1330
+ #: lib/x509/output.c:1350
 -#, fuzzy, c-format
 -#| msgid "%s\t\tProxy Certificate Information (%s):\n"
 +#, c-format
@@ -191,12 +191,12 @@
 -msgstr "%s\t\tInformacja o certyfikacie proxy (%s):\n"
 +msgstr "%s\t\tSCT precertyfikatu CT (%s):\n"
  
- #: lib/x509/output.c:1341
+ #: lib/x509/output.c:1361
  #, c-format
 @@ -1452,22 +1437,20 @@ msgid "%s\t\tTLS Features (%s):\n"
  msgstr "%s\t\tWłaściwości TLS (%s):\n"
  
- #: lib/x509/output.c:1359
+ #: lib/x509/output.c:1378
 -#, fuzzy, c-format
 -#| msgid "%s\t\tSubject Key Identifier (%s):\n"
 +#, c-format
@@ -204,7 +204,7 @@
 -msgstr "%s\t\tIdentyfikator klucza przedmiotu (%s):\n"
 +msgstr "%s\t\tNarzędzie podpisywania podmiotu(%s):\n"
  
- #: lib/x509/output.c:1365
+ #: lib/x509/output.c:1383
 -#, fuzzy, c-format
 +#, c-format
  #| msgid "%s\t\tIssuer Alternative Name (%s):\n"
@@ -212,7 +212,7 @@
 -msgstr "%s\t\tAlternatywna nazwa wystawcy (%s):\n"
 +msgstr "%s\t\tNarzędzie podpisywania wystawcy (%s):\n"
  
- #: lib/x509/output.c:1374
+ #: lib/x509/output.c:1391
 -#, fuzzy, c-format
 -#| msgid "%s\t\tKey Usage (%s):\n"
 +#, c-format
@@ -220,7 +220,7 @@
 -msgstr "%s\t\tUżycie klucza (%s):\n"
 +msgstr "%s\t\tNazwa (Common Name) (%s):\n"
  
- #: lib/x509/output.c:1387
+ #: lib/x509/output.c:1405
  #, c-format
 @@ -1822,6 +1805,3 @@ msgstr "Wystąpił błąd w kluczu publi
  #: libdane/errors.c:69
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/gnutls.git/commitdiff/4fe65b0d4279fa85223879ba6150599568317560



More information about the pld-cvs-commit mailing list