[packages/gnutls] up to 3.8.0 (fixes CVE-2023-0361)
atler
atler at pld-linux.org
Sat Feb 11 15:28:57 CET 2023
commit 4fe65b0d4279fa85223879ba6150599568317560
Author: Jan Palus <atler at pld-linux.org>
Date: Sat Feb 11 15:27:08 2023 +0100
up to 3.8.0 (fixes CVE-2023-0361)
- guile bindings developed independently now (guile-gnutls package)
gnutls-info.patch | 14 -----------
gnutls-pl.po-update.patch | 60 +++++++++++++++++++++++------------------------
gnutls.spec | 57 ++++++++------------------------------------
3 files changed, 40 insertions(+), 91 deletions(-)
---
diff --git a/gnutls.spec b/gnutls.spec
index c539beb..e8aed90 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -6,19 +6,20 @@
%bcond_without tpm2 # TPM2 support in gnutls
%bcond_without static_libs # static libraries
%bcond_without doc # do not generate documentation
-%bcond_without guile # Guile binding
%bcond_with af_alg # Linux kernel AF_ALG based acceleration
+%bcond_with heartbeat # heartbeat extension support
%bcond_with ktls # Kernel TLS support
+%bcond_with srp # SRP authentication support
Summary: The GNU Transport Layer Security Library
Summary(pl.UTF-8): Biblioteka GNU TLS (Transport Layer Security)
Name: gnutls
-Version: 3.7.8
-Release: 2
+Version: 3.8.0
+Release: 1
License: LGPL v2.1+ (libgnutls), LGPL v3+ (libdane), GPL v3+ (openssl library and tools)
Group: Libraries
-Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz
-# Source0-md5: c7b749bae243c341e6be717baf7ffbad
+Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz
+# Source0-md5: 20a662caf20112b6b9ad1f4a64db3a97
Patch0: %{name}-info.patch
Patch1: %{name}-link.patch
Patch2: %{name}-pl.po-update.patch
@@ -29,7 +30,6 @@ BuildRequires: gcc >= 5:3.2
BuildRequires: gettext-tools >= 0.19
BuildRequires: gmp-devel
%{?with_doc:BuildRequires: gtk-doc >= 1.14}
-%{?with_guile:BuildRequires: guile-devel >= 5:3.0}
BuildRequires: libidn2-devel >= 2.0.0
BuildRequires: libbrotli-devel >= 1.0.0
%{?with_af_alg:BuildRequires: libkcapi-devel >= 1.3.0}
@@ -250,20 +250,6 @@ Static gnutls-openssl library.
%description openssl-static -l pl.UTF-8
Statyczna biblioteka gnutls-openssl.
-%package -n guile-gnutls
-Summary: Guile bindings for GnuTLS
-Summary(pl.UTF-8): Wiązania Guile do GnuTLS
-License: LGPL v2.1+
-Group: Development/Languages
-Requires: %{name}-libs = %{version}-%{release}
-Requires: guile >= 5:3.0
-
-%description -n guile-gnutls
-Guile bindings for GnuTLS.
-
-%description -n guile-gnutls -l pl.UTF-8
-Wiązania Guile do GnuTLS.
-
%prep
%setup -q
%patch0 -p1
@@ -281,8 +267,9 @@ Wiązania Guile do GnuTLS.
%configure \
%{?with_af_alg:--enable-afalg} \
%{!?with_doc:--disable-doc} \
- %{!?with_guile:--disable-guile} \
+ %{__enable_disable heartbeat heartbeat-support} \
%{__enable_disable ktls} \
+ %{__enable_disable srp srp-authentication} \
%{?with_openssl:--enable-openssl-compatibility} \
--disable-silent-rules \
%{?with_static_libs:--enable-static} \
@@ -302,14 +289,6 @@ rm -rf $RPM_BUILD_ROOT
# although libgnutls.la is obsoleted by pkg-config, there is
# .pc file missing for libgnutls-openssl, and it needs libgnutls.la
-%if %{with guile}
-# guile module - dynamic only
-%{__rm} $RPM_BUILD_ROOT%{_libdir}/guile/3.*/extensions/guile-gnutls-*.la
-%if %{with static_libs}
-%{__rm} $RPM_BUILD_ROOT%{_libdir}/guile/3.*/extensions/guile-gnutls-*.a
-%endif
-%endif
-
# images for (not installed) htmlized infos - already packaged with infos
%if %{with doc}
%{__rm} $RPM_BUILD_ROOT%{_docdir}/gnutls/*.png
@@ -340,9 +319,6 @@ rm -rf $RPM_BUILD_ROOT
%post openssl -p /sbin/ldconfig
%postun openssl -p /sbin/ldconfig
-%post -n guile-gnutls -p /sbin/ldconfig
-%postun -n guile-gnutls -p /sbin/ldconfig
-
%files -f %{name}.lang
%defattr(644,root,root,755)
%doc AUTHORS ChangeLog NEWS README.md THANKS
@@ -351,7 +327,7 @@ rm -rf $RPM_BUILD_ROOT
%attr(755,root,root) %{_bindir}/ocsptool
%attr(755,root,root) %{_bindir}/p11tool
%attr(755,root,root) %{_bindir}/psktool
-%attr(755,root,root) %{_bindir}/srptool
+%{?with_srp:%attr(755,root,root) %{_bindir}/srptool}
%{?with_tpm:%attr(755,root,root) %{_bindir}/tpmtool}
%if %{with doc}
%{_mandir}/man1/certtool.1*
@@ -359,7 +335,7 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/ocsptool.1*
%{_mandir}/man1/p11tool.1*
%{_mandir}/man1/psktool.1*
-%{_mandir}/man1/srptool.1*
+%{?with_srp:%{_mandir}/man1/srptool.1*}
%{_mandir}/man1/tpmtool.1*
%{_infodir}/gnutls.info*
%{_infodir}/gnutls-*.png
@@ -448,16 +424,3 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/libgnutls-openssl.a
%endif
%endif
-
-%if %{with guile}
-%files -n guile-gnutls
-%defattr(644,root,root,755)
-%attr(755,root,root) %{_libdir}/guile/3.*/extensions/guile-gnutls-v-2.so*
-%{_libdir}/guile/3.*/site-ccache/gnutls.go
-%{_libdir}/guile/3.*/site-ccache/gnutls
-%{_datadir}/guile/site/3.*/gnutls.scm
-%{_datadir}/guile/site/3.*/gnutls
-%if %{with doc}
-%{_infodir}/gnutls-guile.info*
-%endif
-%endif
diff --git a/gnutls-info.patch b/gnutls-info.patch
index 3306d92..25c660b 100644
--- a/gnutls-info.patch
+++ b/gnutls-info.patch
@@ -28,18 +28,4 @@
+* srptool: (gnutls)srptool. Simple SRP password tool
@end direntry
- @titlepage
---- gnutls-3.0.0/doc/gnutls-guile.texi.orig 2011-05-27 18:09:02.000000000 +0200
-+++ gnutls-3.0.0/doc/gnutls-guile.texi 2011-08-04 16:39:19.246496322 +0200
-@@ -29,9 +29,9 @@
- @end quotation
- @end copying
-
-- at dircategory Software libraries
-+ at dircategory Libraries:
- @direntry
--* GnuTLS-Guile: (gnutls-guile). GNU Transport Layer Security Library. Guile bindings.
-+* GnuTLS-Guile: (gnutls-guile). GNU Transport Layer Security Library. Guile bindings
- @end direntry
-
@titlepage
diff --git a/gnutls-pl.po-update.patch b/gnutls-pl.po-update.patch
index 79a3644..dade98c 100644
--- a/gnutls-pl.po-update.patch
+++ b/gnutls-pl.po-update.patch
@@ -13,7 +13,7 @@
-"Project-Id-Version: gnutls-3.6.8\n"
+"Project-Id-Version: gnutls-3.7.6\n"
"Report-Msgid-Bugs-To: bug-gnutls at gnu.org\n"
- "POT-Creation-Date: 2022-09-27 12:48+0000\n"
+ "POT-Creation-Date: 2023-02-09 16:00+0100\n"
-"PO-Revision-Date: 2019-06-01 08:22+0200\n"
+"PO-Revision-Date: 2022-06-03 22:30+0200\n"
"Last-Translator: Jakub Bogusz <qboosh at pld-linux.org>\n"
@@ -22,19 +22,19 @@
@@ -412,10 +413,8 @@ msgid "Unsupported extension in X.509 ce
msgstr "Nieobsługiwane rozszerzenie w certyfikacie X.509."
- #: lib/errors.c:188
+ #: lib/errors.c:184
-#, fuzzy
-#| msgid "Unsupported extension in X.509 certificate."
msgid "Duplicate extension in X.509 certificate."
-msgstr "Nieobsługiwane rozszerzenie w certyfikacie X.509."
+msgstr "Powtórzone rozszerzenie w certyfikacie X.509."
- #: lib/errors.c:191
+ #: lib/errors.c:186
msgid "Key usage violation in certificate has been detected."
@@ -1070,10 +1069,10 @@ msgid "%sdirectoryName: %.*s\n"
msgstr "%sdirectoryName: %.*s\n"
- #: lib/x509/output.c:149
+ #: lib/x509/output.c:169
-#, fuzzy, c-format
+#, c-format
#| msgid "%s\t\t\totherName OID: %.*s\n"
@@ -42,12 +42,12 @@
-msgstr "%s\t\t\tOID otherName: %.*s\n"
+msgstr "%sZarejestrowany ID: %.*s\n"
- #: lib/x509/output.c:153
+ #: lib/x509/output.c:174
#, c-format
@@ -1086,10 +1085,9 @@ msgid "%sKRB5Principal: %.*s\n"
msgstr "%sKRB5Principal: %.*s\n"
- #: lib/x509/output.c:161
+ #: lib/x509/output.c:184
-#, fuzzy, c-format
-#| msgid "%sKRB5Principal: %.*s\n"
+#, c-format
@@ -55,12 +55,12 @@
-msgstr "%sKRB5Principal: %.*s\n"
+msgstr "%sNazwa zarządcy użytkownika: %.*s\n"
- #: lib/x509/output.c:165
+ #: lib/x509/output.c:189
#, c-format
@@ -1138,51 +1136,44 @@ msgid "\t\t\tAccess Method: %s (%s)\n"
msgstr "\t\t\tMetoda dostępu: %s (%s)\n"
- #: lib/x509/output.c:484
+ #: lib/x509/output.c:511
-#, fuzzy, c-format
-#| msgid "\tRevoked certificates (%d):\n"
+#, c-format
@@ -68,13 +68,13 @@
-msgstr "\tUnieważnione certyfikaty (%d):\n"
+msgstr "%s\t\t\tZnacznik czasu podpisanego certyfikatu %d:\n"
- #: lib/x509/output.c:488
+ #: lib/x509/output.c:516
#, c-format
msgid "%s\t\t\t\tVersion: %d (unknown SCT version)\n"
-msgstr ""
+msgstr "%s\t\t\t\tWersja: %d (nieznana wersja SCT)\n"
- #: lib/x509/output.c:503
+ #: lib/x509/output.c:530
-#, fuzzy, c-format
-#| msgid "\tVersion: %d\n"
+#, c-format
@@ -82,7 +82,7 @@
-msgstr "\tWersja: %d\n"
+msgstr "%s\t\t\t\tWersja: %d\n"
- #: lib/x509/output.c:505
+ #: lib/x509/output.c:531
-#, fuzzy, c-format
-#| msgid "%s\t\t\tASCII: "
+#, c-format
@@ -90,7 +90,7 @@
-msgstr "%s\t\t\tASCII: "
+msgstr "%s\t\t\t\tLog ID: "
- #: lib/x509/output.c:508
+ #: lib/x509/output.c:534
-#, fuzzy, c-format
-#| msgid "%s\t\t\tTime stamping.\n"
+#, c-format
@@ -98,7 +98,7 @@
-msgstr "%s\t\t\tOznaczanie czasu.\n"
+msgstr "%s\t\t\t\tCzas: "
- #: lib/x509/output.c:510
+ #: lib/x509/output.c:536
-#, fuzzy, c-format
-#| msgid "%s\tExtensions:\n"
+#, c-format
@@ -106,7 +106,7 @@
-msgstr "%s\tRozszerzenia:\n"
+msgstr "%s\t\t\t\tRozszerzenia: brak\n"
- #: lib/x509/output.c:512
+ #: lib/x509/output.c:538
-#, fuzzy, c-format
-#| msgid "\tSignature Algorithm: %s\n"
+#, c-format
@@ -114,7 +114,7 @@
-msgstr "\tAlgorytm podpisu: %s\n"
+msgstr "%s\t\t\t\tAlgorytm podpisu: %s\n"
- #: lib/x509/output.c:514
+ #: lib/x509/output.c:540
-#, fuzzy, c-format
-#| msgid "\tSignature:\n"
+#, c-format
@@ -122,12 +122,12 @@
-msgstr "\tPodpis:\n"
+msgstr "%s\t\t\t\tPodpis: "
- #: lib/x509/output.c:608
+ #: lib/x509/output.c:635
#, c-format
@@ -1275,10 +1266,9 @@ msgid "%s\t\t\tIpsec IKE.\n"
msgstr "%s\t\t\tIpsec IKE.\n"
- #: lib/x509/output.c:770
+ #: lib/x509/output.c:797
-#, fuzzy, c-format
-#| msgid "%s\t\t\tEmail protection.\n"
+#, c-format
@@ -135,12 +135,12 @@
-msgstr "%s\t\t\tOchrona poczty elektronicznej.\n"
+msgstr "%s\t\t\tLogowanie kartą procesorową.\n"
- #: lib/x509/output.c:772
+ #: lib/x509/output.c:799
#, c-format
@@ -1330,33 +1320,29 @@ msgid "%s\t\t\tHexdump: "
msgstr "%s\t\t\tZrzut hex: "
- #: lib/x509/output.c:994
+ #: lib/x509/output.c:1023
-#, fuzzy, c-format
-#| msgid "%s%s: %.*s\n"
+#, c-format
@@ -148,13 +148,13 @@
-msgstr "%s%s: %.*s\n"
+msgstr "%s\t\t\t%.*s\n"
- #: lib/x509/output.c:1022
+ #: lib/x509/output.c:1054
#, c-format
msgid "%s\t\t\tSignTool: %.*s\n"
-msgstr ""
+msgstr "%s\t\t\tSignTool: %.*s\n"
- #: lib/x509/output.c:1030
+ #: lib/x509/output.c:1063
-#, fuzzy, c-format
-#| msgid "%s%s: %.*s\n"
+#, c-format
@@ -162,7 +162,7 @@
-msgstr "%s%s: %.*s\n"
+msgstr "%s\t\t\tCATool: %.*s\n"
- #: lib/x509/output.c:1038
+ #: lib/x509/output.c:1072
-#, fuzzy, c-format
-#| msgid "%s\t\t\totherName OID: %.*s\n"
+#, c-format
@@ -170,7 +170,7 @@
-msgstr "%s\t\t\tOID otherName: %.*s\n"
+msgstr "%s\t\t\tSignToolCert: %.*s\n"
- #: lib/x509/output.c:1046
+ #: lib/x509/output.c:1081
-#, fuzzy, c-format
-#| msgid "%s\t\t\totherName OID: %.*s\n"
+#, c-format
@@ -178,12 +178,12 @@
-msgstr "%s\t\t\tOID otherName: %.*s\n"
+msgstr "%s\t\t\tCAToolCert: %.*s\n"
- #: lib/x509/output.c:1113
+ #: lib/x509/output.c:1148
#, c-format
@@ -1436,10 +1422,9 @@ msgid "%s\t\tAuthority Information Acces
msgstr "%s\t\tInformacje Authority Information Access (%s):\n"
- #: lib/x509/output.c:1330
+ #: lib/x509/output.c:1350
-#, fuzzy, c-format
-#| msgid "%s\t\tProxy Certificate Information (%s):\n"
+#, c-format
@@ -191,12 +191,12 @@
-msgstr "%s\t\tInformacja o certyfikacie proxy (%s):\n"
+msgstr "%s\t\tSCT precertyfikatu CT (%s):\n"
- #: lib/x509/output.c:1341
+ #: lib/x509/output.c:1361
#, c-format
@@ -1452,22 +1437,20 @@ msgid "%s\t\tTLS Features (%s):\n"
msgstr "%s\t\tWłaściwości TLS (%s):\n"
- #: lib/x509/output.c:1359
+ #: lib/x509/output.c:1378
-#, fuzzy, c-format
-#| msgid "%s\t\tSubject Key Identifier (%s):\n"
+#, c-format
@@ -204,7 +204,7 @@
-msgstr "%s\t\tIdentyfikator klucza przedmiotu (%s):\n"
+msgstr "%s\t\tNarzędzie podpisywania podmiotu(%s):\n"
- #: lib/x509/output.c:1365
+ #: lib/x509/output.c:1383
-#, fuzzy, c-format
+#, c-format
#| msgid "%s\t\tIssuer Alternative Name (%s):\n"
@@ -212,7 +212,7 @@
-msgstr "%s\t\tAlternatywna nazwa wystawcy (%s):\n"
+msgstr "%s\t\tNarzędzie podpisywania wystawcy (%s):\n"
- #: lib/x509/output.c:1374
+ #: lib/x509/output.c:1391
-#, fuzzy, c-format
-#| msgid "%s\t\tKey Usage (%s):\n"
+#, c-format
@@ -220,7 +220,7 @@
-msgstr "%s\t\tUżycie klucza (%s):\n"
+msgstr "%s\t\tNazwa (Common Name) (%s):\n"
- #: lib/x509/output.c:1387
+ #: lib/x509/output.c:1405
#, c-format
@@ -1822,6 +1805,3 @@ msgstr "Wystąpił błąd w kluczu publi
#: libdane/errors.c:69
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/gnutls.git/commitdiff/4fe65b0d4279fa85223879ba6150599568317560
More information about the pld-cvs-commit
mailing list