From f8c453f68bb14f2576b604e206684950341d01ff Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Wed, 6 Nov 2024 09:44:39 +0300 Subject: [PATCH] import gnutls-3.8.8-1.el10 --- .gitignore | 4 +- .gnutls.metadata | 4 +- ....7.8-ktls_skip_tls12_chachapoly_test.patch | 25 --- SOURCES/gnutls-3.8.7-nettle-static.patch | 165 ----------------- SOURCES/gnutls-3.8.7-pkgconf-dlopen.patch | 170 ------------------ ...8.8-tests-ktls-skip-tls12-chachapoly.patch | 29 +++ SPECS/gnutls.spec | 32 ++-- 7 files changed, 55 insertions(+), 374 deletions(-) delete mode 100644 SOURCES/gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch delete mode 100644 SOURCES/gnutls-3.8.7-nettle-static.patch delete mode 100644 SOURCES/gnutls-3.8.7-pkgconf-dlopen.patch create mode 100644 SOURCES/gnutls-3.8.8-tests-ktls-skip-tls12-chachapoly.patch diff --git a/.gitignore b/.gitignore index ce1c49f..ed0cf0c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ SOURCES/gmp-6.2.1.tar.xz -SOURCES/gnutls-3.8.7.1.tar.xz -SOURCES/gnutls-3.8.7.1.tar.xz.sig +SOURCES/gnutls-3.8.8.tar.xz +SOURCES/gnutls-3.8.8.tar.xz.sig SOURCES/nettle-3.10-hobbled.tar.xz diff --git a/.gnutls.metadata b/.gnutls.metadata index bec45be..c4c3019 100644 --- a/.gnutls.metadata +++ b/.gnutls.metadata @@ -1,4 +1,4 @@ 0578d48607ec0e272177d175fd1807c30b00fdf2 SOURCES/gmp-6.2.1.tar.xz -d66729d963c7a5fb170e4b3afeb63702a9ccd265 SOURCES/gnutls-3.8.7.1.tar.xz -d4c1e07e58e09279687542c10d4463c62d12e3ce SOURCES/gnutls-3.8.7.1.tar.xz.sig +facf87b8e4ae9234f34753b4ee6cd3e66078f0bf SOURCES/gnutls-3.8.8.tar.xz +a497806fde5e59bae4d663db6bd52e1c0916b418 SOURCES/gnutls-3.8.8.tar.xz.sig 762cc3c0a8cf735353927607a147d7bb802b5aad SOURCES/nettle-3.10-hobbled.tar.xz diff --git a/SOURCES/gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch b/SOURCES/gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch deleted file mode 100644 index c3a5ace..0000000 --- a/SOURCES/gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 18c555b4d2461ad202996398609552b9c4ecd43b Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Wed, 22 Nov 2023 15:21:49 +0900 -Subject: [PATCH] gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch - -Signed-off-by: rpm-build ---- - tests/gnutls_ktls.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/tests/gnutls_ktls.c b/tests/gnutls_ktls.c -index ccbe566..049c888 100644 ---- a/tests/gnutls_ktls.c -+++ b/tests/gnutls_ktls.c -@@ -347,7 +347,6 @@ void doit(void) - { - run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-GCM"); - run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-GCM"); -- run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+CHACHA20-POLY1305"); - run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM"); - run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM"); - run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+CHACHA20-POLY1305"); --- -2.41.0 - diff --git a/SOURCES/gnutls-3.8.7-nettle-static.patch b/SOURCES/gnutls-3.8.7-nettle-static.patch deleted file mode 100644 index 2eda034..0000000 --- a/SOURCES/gnutls-3.8.7-nettle-static.patch +++ /dev/null @@ -1,165 +0,0 @@ -From 558cf23853f6ad0537daff4613d316265857b7fd Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Wed, 21 Aug 2024 14:50:54 +0900 -Subject: [PATCH] fips: skip HMAC checks of nettle libraries when statically - linked - -Since commit b6e9b10347ed577a9a37b7b28e1a039c5f6ccb16, it is possible -to link Nettle libraries statically. In that case, FIPS integrity -checks against the Nettle shared libraries should be skipped as they -are not used by GnuTLS. - -Signed-off-by: Daiki Ueno ---- - lib/fips.c | 32 ++++++++++++++++++++++++-------- - lib/fipshmac.c | 12 ++++-------- - 2 files changed, 28 insertions(+), 16 deletions(-) - -diff --git a/lib/fips.c b/lib/fips.c -index e5fce6b1b9..dc86a44354 100644 ---- a/lib/fips.c -+++ b/lib/fips.c -@@ -157,14 +157,6 @@ void _gnutls_fips_mode_reset_zombie(void) - #define GNUTLS_LIBRARY_SONAME "none" - #endif - --#ifndef NETTLE_LIBRARY_SONAME --#define NETTLE_LIBRARY_SONAME "none" --#endif -- --#ifndef HOGWEED_LIBRARY_SONAME --#define HOGWEED_LIBRARY_SONAME "none" --#endif -- - #define HMAC_SIZE 32 - #define HMAC_ALGO GNUTLS_MAC_SHA256 - #define HMAC_FORMAT_VERSION 1 -@@ -177,8 +169,12 @@ struct hmac_entry { - struct hmac_file { - int version; - struct hmac_entry gnutls; -+#ifdef NETTLE_LIBRARY_SONAME - struct hmac_entry nettle; -+#endif -+#ifdef HOGWEED_LIBRARY_SONAME - struct hmac_entry hogweed; -+#endif - #ifdef GMP_LIBRARY_SONAME - struct hmac_entry gmp; - #endif -@@ -186,8 +182,12 @@ struct hmac_file { - - struct lib_paths { - char gnutls[GNUTLS_PATH_MAX]; -+#ifdef NETTLE_LIBRARY_SONAME - char nettle[GNUTLS_PATH_MAX]; -+#endif -+#ifdef HOGWEED_LIBRARY_SONAME - char hogweed[GNUTLS_PATH_MAX]; -+#endif - #ifdef GMP_LIBRARY_SONAME - char gmp[GNUTLS_PATH_MAX]; - #endif -@@ -250,10 +250,14 @@ static int handler(void *user, const char *section, const char *name, - } - } else if (!strcmp(section, GNUTLS_LIBRARY_SONAME)) { - return lib_handler(&p->gnutls, section, name, value); -+#ifdef NETTLE_LIBRARY_SONAME - } else if (!strcmp(section, NETTLE_LIBRARY_SONAME)) { - return lib_handler(&p->nettle, section, name, value); -+#endif -+#ifdef HOGWEED_LIBRARY_SONAME - } else if (!strcmp(section, HOGWEED_LIBRARY_SONAME)) { - return lib_handler(&p->hogweed, section, name, value); -+#endif - #ifdef GMP_LIBRARY_SONAME - } else if (!strcmp(section, GMP_LIBRARY_SONAME)) { - return lib_handler(&p->gmp, section, name, value); -@@ -403,10 +407,14 @@ static int callback(struct dl_phdr_info *info, size_t size, void *data) - - if (!strcmp(soname, GNUTLS_LIBRARY_SONAME)) - _gnutls_str_cpy(paths->gnutls, GNUTLS_PATH_MAX, path); -+#ifdef NETTLE_LIBRARY_SONAME - else if (!strcmp(soname, NETTLE_LIBRARY_SONAME)) - _gnutls_str_cpy(paths->nettle, GNUTLS_PATH_MAX, path); -+#endif -+#ifdef HOGWEED_LIBRARY_SONAME - else if (!strcmp(soname, HOGWEED_LIBRARY_SONAME)) - _gnutls_str_cpy(paths->hogweed, GNUTLS_PATH_MAX, path); -+#endif - #ifdef GMP_LIBRARY_SONAME - else if (!strcmp(soname, GMP_LIBRARY_SONAME)) - _gnutls_str_cpy(paths->gmp, GNUTLS_PATH_MAX, path); -@@ -423,14 +431,18 @@ static int load_lib_paths(struct lib_paths *paths) - _gnutls_debug_log("Gnutls library path was not found\n"); - return gnutls_assert_val(GNUTLS_E_FILE_ERROR); - } -+#ifdef NETTLE_LIBRARY_SONAME - if (paths->nettle[0] == '\0') { - _gnutls_debug_log("Nettle library path was not found\n"); - return gnutls_assert_val(GNUTLS_E_FILE_ERROR); - } -+#endif -+#ifdef HOGWEED_LIBRARY_SONAME - if (paths->hogweed[0] == '\0') { - _gnutls_debug_log("Hogweed library path was not found\n"); - return gnutls_assert_val(GNUTLS_E_FILE_ERROR); - } -+#endif - #ifdef GMP_LIBRARY_SONAME - if (paths->gmp[0] == '\0') { - _gnutls_debug_log("Gmp library path was not found\n"); -@@ -483,12 +495,16 @@ static int check_binary_integrity(void) - ret = check_lib_hmac(&hmac.gnutls, paths.gnutls); - if (ret < 0) - return ret; -+#ifdef NETTLE_LIBRARY_SONAME - ret = check_lib_hmac(&hmac.nettle, paths.nettle); - if (ret < 0) - return ret; -+#endif -+#ifdef HOGWEED_LIBRARY_SONAME - ret = check_lib_hmac(&hmac.hogweed, paths.hogweed); - if (ret < 0) - return ret; -+#endif - #ifdef GMP_LIBRARY_SONAME - ret = check_lib_hmac(&hmac.gmp, paths.gmp); - if (ret < 0) -diff --git a/lib/fipshmac.c b/lib/fipshmac.c -index d3561b4c47..5c3202c561 100644 ---- a/lib/fipshmac.c -+++ b/lib/fipshmac.c -@@ -40,14 +40,6 @@ - #define GNUTLS_LIBRARY_SONAME "none" - #endif - --#ifndef NETTLE_LIBRARY_SONAME --#define NETTLE_LIBRARY_SONAME "none" --#endif -- --#ifndef HOGWEED_LIBRARY_SONAME --#define HOGWEED_LIBRARY_SONAME "none" --#endif -- - #define HMAC_SIZE 32 - #define HMAC_ALGO GNUTLS_MAC_SHA256 - #define HMAC_STR_SIZE (2 * HMAC_SIZE + 1) -@@ -117,10 +109,14 @@ static int callback(struct dl_phdr_info *info, size_t size, void *data) - - if (!strcmp(soname, GNUTLS_LIBRARY_SONAME)) - return print_lib(data ? data : path, soname); -+#ifdef NETTLE_LIBRARY_SONAME - if (!strcmp(soname, NETTLE_LIBRARY_SONAME)) - return print_lib(path, soname); -+#endif -+#ifdef HOGWEED_LIBRARY_SONAME - if (!strcmp(soname, HOGWEED_LIBRARY_SONAME)) - return print_lib(path, soname); -+#endif - #ifdef GMP_LIBRARY_SONAME - if (!strcmp(soname, GMP_LIBRARY_SONAME)) - return print_lib(path, soname); --- -2.46.0 - diff --git a/SOURCES/gnutls-3.8.7-pkgconf-dlopen.patch b/SOURCES/gnutls-3.8.7-pkgconf-dlopen.patch deleted file mode 100644 index 2adcae7..0000000 --- a/SOURCES/gnutls-3.8.7-pkgconf-dlopen.patch +++ /dev/null @@ -1,170 +0,0 @@ -From 292f96f26d7ce80e4a165c903c4fd569b85c1c1f Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Fri, 16 Aug 2024 09:42:15 +0900 -Subject: [PATCH 1/2] build: fix setting AM_CONDITIONAL for brotli and zstd - -As the with_{libbrotli,libzsttd} variables are unset if configured -with --without-{brotli,zstd}, check the unequality to "no" doesn't -work; use explicit matching with "yes" instead. - -Signed-off-by: Daiki Ueno ---- - configure.ac | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 95ec4c1515..a476176800 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1158,7 +1158,7 @@ if test x$ac_brotli != xno; then - else - AC_MSG_RESULT(no) - fi --AM_CONDITIONAL(HAVE_LIBBROTLI, test "$with_libbrotlienc" != "no" && test "$with_libbrotlidec" != "no") -+AM_CONDITIONAL(HAVE_LIBBROTLI, test "$with_libbrotlienc" = yes && test "$with_libbrotlidec" = yes) - - AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [ - save_CFLAGS=$CFLAGS -@@ -1203,7 +1203,7 @@ if test x$ac_zstd != xno; then - else - AC_MSG_RESULT(no) - fi --AM_CONDITIONAL(HAVE_LIBZSTD, test "$with_libzstd" != "no") -+AM_CONDITIONAL(HAVE_LIBZSTD, test "$with_libzstd" = yes) - - AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [ - save_CFLAGS=$CFLAGS --- -2.46.0 - - -From 546153198d2fb8fc4902f23de6254bb7988de534 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Fri, 16 Aug 2024 09:48:31 +0900 -Subject: [PATCH 2/2] build: don't emit Requires.private for dlopened libraries - -Signed-off-by: Daiki Ueno ---- - configure.ac | 36 +++++++++++++++++++++--------------- - 1 file changed, 21 insertions(+), 15 deletions(-) - -diff --git a/configure.ac b/configure.ac -index a476176800..f3e7a3aeae 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1100,11 +1100,6 @@ if test x$ac_zlib != xno; then - PKG_CHECK_EXISTS(zlib, ZLIB_HAS_PKGCONFIG=y, ZLIB_HAS_PKGCONFIG=n) - if test "$ZLIB_HAS_PKGCONFIG" = "y" ; then - PKG_CHECK_MODULES(ZLIB, [zlib]) -- if test "x$GNUTLS_REQUIRES_PRIVATE" = x; then -- GNUTLS_REQUIRES_PRIVATE="Requires.private: zlib" -- else -- GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE, zlib" -- fi - ac_zlib=yes - else - AC_LIB_HAVE_LINKFLAGS(z,, [#include ], [compress (0, 0, 0, 0);]) -@@ -1134,6 +1129,13 @@ AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [ - compress (0, 0, 0, 0);])]) - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" -+], -+ [test "$ZLIB_HAS_PKGCONFIG" = y && test "$ac_zlib" = yes], [ -+ if test "x$GNUTLS_REQUIRES_PRIVATE" = x; then -+ GNUTLS_REQUIRES_PRIVATE="Requires.private: zlib" -+ else -+ GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE, zlib" -+ fi - ]) - - AC_ARG_WITH(brotli, -@@ -1146,11 +1148,6 @@ if test x$ac_brotli != xno; then - PKG_CHECK_MODULES(LIBBROTLIDEC, [libbrotlidec >= 1.0.0], [with_libbrotlidec=yes], [with_libbrotlidec=no]) - if test "${with_libbrotlienc}" = "yes" && test "${with_libbrotlidec}" = "yes"; then - AC_DEFINE([HAVE_LIBBROTLI], 1, [Define if BROTLI compression is enabled.]) -- if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then -- GNUTLS_REQUIRES_PRIVATE="Requires.private: libbrotlienc, libbrotlidec" -- else -- GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libbrotlienc, libbrotlidec" -- fi - need_ltlibdl=yes - else - AC_MSG_WARN(*** LIBBROTLI was not found. You will not be able to use BROTLI compression.) -@@ -1180,6 +1177,13 @@ AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [ - BrotliDecoderVersion();])]) - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" -+], -+ [test "$with_libbrotlienc" = yes && test "$with_libbrotlidec" = yes], [ -+ if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then -+ GNUTLS_REQUIRES_PRIVATE="Requires.private: libbrotlienc, libbrotlidec" -+ else -+ GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libbrotlienc, libbrotlidec" -+ fi - ]) - - AC_ARG_WITH(zstd, -@@ -1191,11 +1195,6 @@ if test x$ac_zstd != xno; then - PKG_CHECK_MODULES(LIBZSTD, [libzstd >= 1.3.0], [with_libzstd=yes], [with_libzstd=no]) - if test "${with_libzstd}" = "yes"; then - AC_DEFINE([HAVE_LIBZSTD], 1, [Define if ZSTD compression is enabled.]) -- if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then -- GNUTLS_REQUIRES_PRIVATE="Requires.private: libzstd" -- else -- GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libzstd" -- fi - need_ltlibdl=yes - else - AC_MSG_WARN(*** LIBZSTD was not found. You will not be able to use ZSTD compression.) -@@ -1215,6 +1214,13 @@ AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [ - ZSTD_versionNumber();])]) - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" -+], -+ [test "$with_libzstd" = yes], [ -+ if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then -+ GNUTLS_REQUIRES_PRIVATE="Requires.private: libzstd" -+ else -+ GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libzstd" -+ fi - ]) - - AC_ARG_WITH(liboqs, --- -2.46.0 - -From 8d0ec0ccdfeaae0d56426169d4c7b490e3b07826 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Fri, 16 Aug 2024 13:35:47 +0900 -Subject: [PATCH] build: add liboqs in Requires.private in gnutls.pc if needed - -When --with-liboqs is specified and liboqs cannot be dlopen'ed, it -will be linked at build time. In that case gnutls.pc should indicate -that through Requires.private. - -Signed-off-by: Daiki Ueno ---- - configure.ac | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/configure.ac b/configure.ac -index f3e7a3aeae..93ba723323 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1256,6 +1256,13 @@ AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [ - OQS_version ();])]) - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" -+], -+ [test "$have_liboqs" = yes], [ -+ if test "x$GNUTLS_REQUIRES_PRIVATE" = x; then -+ GNUTLS_REQUIRES_PRIVATE="Requires.private: liboqs" -+ else -+ GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE, liboqs" -+ fi - ]) - - AM_CONDITIONAL(NEED_LTLIBDL, test "$need_ltlibdl" = yes) --- -2.46.0 - diff --git a/SOURCES/gnutls-3.8.8-tests-ktls-skip-tls12-chachapoly.patch b/SOURCES/gnutls-3.8.8-tests-ktls-skip-tls12-chachapoly.patch new file mode 100644 index 0000000..d93dd28 --- /dev/null +++ b/SOURCES/gnutls-3.8.8-tests-ktls-skip-tls12-chachapoly.patch @@ -0,0 +1,29 @@ +From a36b73a21e4b5b6e051b23192a645dea34c9d6af Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Tue, 5 Nov 2024 14:45:46 +0900 +Subject: [PATCH] tests: skip CHACHA20-POLY1305 in TLS 1.2 when KTLS is enabled + +Signed-off-by: Daiki Ueno +--- + tests/gnutls_ktls.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tests/gnutls_ktls.c b/tests/gnutls_ktls.c +index 90d3e9af91..d5ac4efecc 100644 +--- a/tests/gnutls_ktls.c ++++ b/tests/gnutls_ktls.c +@@ -347,9 +347,11 @@ void doit(void) + { + run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-GCM"); + run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-GCM"); ++#if 0 + if (!gnutls_fips140_mode_enabled()) { + run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+CHACHA20-POLY1305"); + } ++#endif + run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM"); + run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM"); + if (!gnutls_fips140_mode_enabled()) { +-- +2.47.0 + diff --git a/SPECS/gnutls.spec b/SPECS/gnutls.spec index a0d4d0a..3fd6178 100644 --- a/SPECS/gnutls.spec +++ b/SPECS/gnutls.spec @@ -2,7 +2,7 @@ ## (rpmautospec version 0.6.5) ## RPMAUTOSPEC: autorelease, autochangelog %define autorelease(e:s:pb:n) %{?-p:0.}%{lua: - release_number = 3; + release_number = 1; base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); print(release_number + base_release_number - 1); }%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} @@ -22,9 +22,9 @@ sha256sum:close() print(string.sub(hash, 0, 16)) } -Version: 3.8.7 +Version: 3.8.8 Release: %{?autorelease}%{!?autorelease:1%{?dist}} -# not upstreamed: can we drop this as configure is regenerated when bootstrappign? +# not upstreamed: can we drop this as configure is regenerated when bootstrapping? Patch: gnutls-3.2.7-rpath.patch # not upstreamed: modifies the generated code Patch: gnutls-3.7.2-enable-intel-cet.patch @@ -39,18 +39,18 @@ Patch: gnutls-3.7.6-drbg-reseed.patch # not upstreamed, hard blocking SHA-1 signature verification, for long-term support purposes Patch: gnutls-3.7.6-fips-sha1-sigver.patch # not upstreamed: see https://gitlab.com/gnutls/gnutls/-/issues/1443 -Patch: gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch -# upstreamed: https://gitlab.com/gnutls/gnutls/-/merge_requests/1867 -Patch: gnutls-3.8.7-pkgconf-dlopen.patch -# upstreamed: https://gitlab.com/gnutls/gnutls/-/merge_requests/1868 -Patch: gnutls-3.8.7-nettle-static.patch +Patch: gnutls-3.8.8-tests-ktls-skip-tls12-chachapoly.patch %bcond_without bootstrap %bcond_without dane %bcond_without fips %bcond_with tpm12 %bcond_without tpm2 +%if 0%{?rhel} >= 9 +%bcond_with gost +%else %bcond_without gost +%endif %bcond_without certificate_compression %bcond_without liboqs %bcond_without tests @@ -156,8 +156,8 @@ BuildRequires: mingw64-nettle >= 3.6 URL: http://www.gnutls.org/ %define short_version %(echo %{version} | grep -m1 -o "[0-9]*\.[0-9]*" | head -1) -Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v%{short_version}/%{name}-%{version}.1.tar.xz -Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v%{short_version}/%{name}-%{version}.1.tar.xz.sig +Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v%{short_version}/%{name}-%{version}.tar.xz +Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v%{short_version}/%{name}-%{version}.tar.xz.sig Source2: https://gnutls.org/gnutls-release-keyring.gpg %if %{with bundled_gmp} @@ -638,6 +638,18 @@ popd %changelog ## START: Generated by rpmautospec +* Tue Nov 05 2024 Daiki Ueno - 3.8.8-1 +- Update to 3.8.8 upstream release + +* Tue Oct 29 2024 Troy Dawson - 3.8.7-6 +- Bump release for October 2024 mass rebuild: + +* Thu Oct 10 2024 Daiki Ueno - 3.8.7-5 +- Disable GOST in RHEL-9 or later + +* Tue Oct 08 2024 Alexander Sosedkin - 3.8.7-4 +- Initial CI and gating setup for RHEL-10 + * Wed Aug 21 2024 Daiki Ueno - 3.8.7-3 - Fix issues in bundling nettle