source: projects/specs/branches/6/g/gnutls/gnutls-vl.spec @ 10689

%define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0}

Summary:        GNU TLS Library
Summary(ja):    GNU TLS ライブラリ
Name:           gnutls
Version:        2.10.5
Release:        12%{?_dist_release}
License:        GPLv3+ and LGPLv2+
# The libgnutls library is LGPLv2+, utilities and remaining libraries are GPLv3+
Group:          System Environment/Libraries
URL:            http://www.gnutls.org/
#Source0:       ftp://ftp.gnutls.org/pub/gnutls/devel/%{name}-%{version}.tar.gz
#Source1:       ftp://ftp.gnutls.org/pub/gnutls/devel/%{name}-%{version}.tar.gz.sig
# XXX patent tainted SRP code removed.
Source0:        %{name}-%{version}.tar.bz2
Source1:        libgnutls-config

#patches from fedora development
#Patch1: gnutls-2.10.2-rpath.patch
Patch2: gnutls-2.8.6-link-libgcrypt.patch
# Remove nonexisting references from texinfo file
Patch3: gnutls-2.10.1-nosrp.patch
# Backport from upstream git
Patch4: gnutls-2.10.1-handshake-errors.patch
# to fix a compilation error with glibc >= 2.16.
Patch5: gnutls-glibc-2.16.patch
Patch6: gnutls-gcrypt15.patch
Patch7: gnutls-skip-invalid-test.patch

# security fixes
Patch100: gnutls-2.10.5_CVE-2012-1573.patch
Patch110: gnutls-2.10.5_CVE-2011-4128.patch
Patch120: gnutls-2.10.5_CVE-2013-1619.patch
Patch130: gnutls-2.x_CVE-2013-2116.patch
Patch140: gnutls-2.10.5_CVE-2014-0092.patch
Patch150: gnutls-2.10.5_CVE-2014-3466.patch
Patch160: gnutls-2.x_CVE-2015-0294.patch
Patch170: gnutls-2.10.5_CVE-2015-0282.patch
Patch180: gnutls-2.10.5_CVE-2015-8313.patch
Patch190: gnutls-2.10.5_CVE-2015-7575.patch
Patch200: CVE-2014-1959.patch

BuildRoot:      %{_tmppath}/%{name}-%{version}-root

BuildRequires:  libgcrypt-devel >= 1.2.2, zlib-devel libtasn1-devel gmp-devel
BuildRequires:  gettext readline-devel libtool
BuildRequires:  guile-devel >= 1.8.6
BuildRequires:  lzo-devel
Requires:       libgcrypt >= 1.2.2, zlib
Requires:       lzo

Requires(post):   ldconfig
Requires(postun): ldconfig

Vendor:         Project Vine
Distribution:   Vine Linux

%description
GnuTLS is a project that aims to develop a library which provides a secure
layer, over a reliable transport layer. Currently the GnuTLS library implements
the proposed standards by the IETF's TLS working group.
#'

%package devel
Summary:        Development files for the GnuTLS package.
Summary(ja):    GnuTLS の開発用ファイル
Group:          Development/Libraries
Requires:       %{name} = %{version}-%{release}
Requires:       libgcrypt-devel, zlib-devel, pkgconfig
Requires:       libtasn1-devel
Requires(post,preun): /sbin/install-info

%description devel
GnuTLS is a project that aims to develop a library which provides a secure
layer, over a reliable transport layer. Currently the GnuTLS library implements
the proposed standards by the IETF's TLS working group.

This package contains files needed for developing applications with the GnuTLS
library.
#'

%package utils
Summary:        Command line tools for TLS protocol.
Summary(ja):    GnuTLS のコマンドラインツール
Group:          Applications/System
Requires:       %{name} = %{version}-%{release}

%description utils
GnuTLS is a project that aims to develop a library which provides a secure
layer, over a reliable transport layer. Currently the GnuTLS library implements
the proposed standards by the IETF's TLS working group.

This package contains command line TLS client and server and certificate
manipulation tools.
#'

%package guile
Summary: Guile bindings for the GNUTLS library
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
Requires: guile

%description guile
GnuTLS is a project that aims to develop a library which provides a secure
layer, over a reliable transport layer. Currently the GnuTLS library implements
the proposed standards by the IETF's TLS working group.
This package contains Guile bindings for the library.
#'

%package -n compat32-%{name}
Summary:        GNU TLS Library
Summary(ja):    GNU TLS ライブラリ
Group:          System Environment/Libraries
Requires:       compat32-%{name} = %{version}-%{release}

%description -n compat32-%{name}
GnuTLS is a project that aims to develop a library which provides a secure
layer, over a reliable transport layer. Currently the GnuTLS library implements
the proposed standards by the IETF's TLS working group.
#'

%package -n compat32-%{name}-devel
Summary:        Development files for the GnuTLS package.
Summary(ja):    GnuTLS の開発用ファイル
Group:          Development/Libraries
Requires:       compat32-%{name} = %{version}-%{release}
Requires:       %{name}-devel = %{version}-%{release}
Requires:       compat32-libgcrypt-devel, compat32-zlib-devel
Requires(post,preun): /sbin/install-info

%description -n compat32-%{name}-devel
GnuTLS is a project that aims to develop a library which provides a secure
layer, over a reliable transport layer. Currently the GnuTLS library implements
the proposed standards by the IETF's TLS working group.

This package contains files needed for developing applications with the GnuTLS
library.
#'

%package -n compat32-%{name}-guile
Summary: Guile bindings for the GNUTLS library
Group: Development/Libraries
Requires: compat32-%{name} = %{version}-%{release}
Requires: %{name}-guile = %{version}-%{release}

%description -n compat32-%{name}-guile
GnuTLS is a project that aims to develop a library which provides a secure
layer, over a reliable transport layer. Currently the GnuTLS library implements
the proposed standards by the IETF's TLS working group.
This package contains Guile bindings for the library.
#'

%prep
%setup -q
#%patch1 -p1 -b .rpath
%patch2 -p1 -b .link
%patch3 -p1 -b .nosrp
%patch4 -p1 -b .errors
%patch5 -p1 -b .glib-2.16
%patch6 -p1 -b .gcrypt15
%patch7 -p1 -b .skip-invalid-test

%patch100 -p1 -b .CVE-2012-1573
%patch110 -p1 -b .CVE-2011-4128
%patch120 -p1 -b .CVE-2013-1619
%patch130 -p1 -b .CVE-2013-2116
%patch140 -p1 -b .CVE-2014-0092
%patch200 -p1 -b .CVE-2014-1959
%patch150 -p1 -b .CVE-2014-3466
%patch160 -p1 -b .CVE-2015-0294
%patch170 -p1 -b .CVE-2015-0282
%patch180 -p1 -b .CVE-2015-8313
%patch190 -p1 -b .CVE-2015-7575

for i in auth_srp_rsa.c auth_srp_sb64.c auth_srp_passwd.c auth_srp.c gnutls_srp.c ext_srp.c; do
    touch lib/$i
done

%build
autoreconf
%configure \
        --with-lzo \
        --with-included-libcfg \
        --disable-srp-authentication \
        --disable-static \
        --disable-srp-authentication
#       --with-included-libtasn1 \
#       --with-included-opencdk \
#       --with-included-lzo \

# make
make %{?_smp_mflags}
cp lib/COPYING COPYING.LIB

%install
%__rm -rf %{buildroot}
%makeinstall

rm -f $RPM_BUILD_ROOT%{_bindir}/srptool
rm -f $RPM_BUILD_ROOT%{_bindir}/gnutls-srpcrypt
# replace libgnutls*-config
%__install -p -m755 %{SOURCE1} %{buildroot}%{_bindir}/libgnutls-config
%__install -p -m755 %{SOURCE1} %{buildroot}%{_bindir}/libgnutls-extra-config

rm -f $RPM_BUILD_ROOT%{_mandir}/man1/srptool.1
rm -f $RPM_BUILD_ROOT%{_mandir}/man3/*srp*
rm -f $RPM_BUILD_ROOT%{_infodir}/dir
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
rm -f $RPM_BUILD_ROOT%{_libdir}/libguile*.a

# remove unneeded files
%__rm -f %{buildroot}%{_libdir}/*.la

%find_lang libgnutls

%check
make check

%clean
rm -rf %{buildroot}

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%post devel
if [ -f %{_infodir}/gnutls.info.gz ]; then
    /sbin/install-info %{_infodir}/gnutls.info.gz %{_infodir}/dir || :
fi

%preun devel
if [ $1 = 0 -a -f %{_infodir}/gnutls.info.gz ]; then
   /sbin/install-info --delete %{_infodir}/gnutls.info.gz %{_infodir}/dir || :
fi

%post guile -p /sbin/ldconfig

%postun guile -p /sbin/ldconfig

%post -n compat32-%{name} -p /sbin/ldconfig

%postun -n compat32-%{name} -p /sbin/ldconfig

%post -n compat32-%{name}-guile -p /sbin/ldconfig

%postun -n compat32-%{name}-guile -p /sbin/ldconfig

%files -f libgnutls.lang
%defattr(-,root,root,-)
%{_libdir}/libgnutls*.so.*
%doc COPYING COPYING.LIB README AUTHORS

%files devel
%defattr(-,root,root,-)
%{_bindir}/libgnutls*-config
%{_includedir}/*
#%{_libdir}/libgnutls*.a
%{_libdir}/libgnutls*.so
%{_libdir}/pkgconfig/*.pc
%{_mandir}/man3/*
%{_infodir}/gnutls*

%files utils
%defattr(-,root,root,-)
%{_bindir}/certtool
%{_bindir}/psktool
%{_bindir}/gnutls*
%{_mandir}/man1/*
%doc doc/certtool.cfg

%files guile
%defattr(-,root,root,-)
%{_libdir}/libguile*.so*
%{_datadir}/guile/site/gnutls
%{_datadir}/guile/site/gnutls.scm

%if %{build_compat32}
%files -n compat32-%{name}
%defattr(-,root,root,-)
%{_libdir}/libgnutls*.so.*

%files -n compat32-%{name}-devel
%defattr(-,root,root,-)
#%{_libdir}/libgnutls*.a
%{_libdir}/libgnutls*.so
%{_libdir}/pkgconfig/*.pc

%files -n compat32-%{name}-guile
%defattr(-,root,root,-)
%{_libdir}/libguile*.so*
%endif

%changelog
* Wed Jul 27 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2.10.5-12
- added Patch5 to fix a compilation error with glibc >= 2.16.
- added Patch6 for compatibility with libgcrypt >= 1.5.
- added Patch7 to skip an invalid testcase.
- added Patch200 to fix CVE-2014-1959.

* Sun Jan 10 2016 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.10.5-11
- add patch for fix patch190 CVE-2015-7575

* Wed Dec  2 2015 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.10.5-10
- add patch180 for fix CVE-2015-8313

* Fri Apr 17 2015 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.10.5-9
- add patch160 for fix CVE-2015-0294 (signature algorithms)
- add patch170 for fix CVE-2015-0282 (RSA PKCS #1)

* Mon Jun  2 2014 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.10.5-8
- add patch150 for fix CVE-2014-3466 (hello)

* Fri Mar  7 2014 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.10.5-7
- add patch140 for fix CVE-2014-0092 (Certificate verification issue)
  patch140 is based on rhel6, thanks to rh team

* Sun Jun  2 2013 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.10.5-6
- add patch130 for fix CVE-2013-2116 (TLS record decoding)

* Tue Mar  5 2013 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.10.5-5
- add patch120 for fix CVE-2013-1619 (TLS CBC padding timing attack)
- use smp flag in make section

* Mon Apr 30 2012 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.10.5-4
- add patch110 for fix CVE-2011-4128 (session)

* Mon Apr 30 2012 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.10.5-3
- add patch100 for fix CVE-2012-1573 (cipher)

* Sun Apr 10 2011 IWAI, Masaharu <iwai@alib.jp> 2.10.5-2
- add Requires: libtasn1-devel for devel subpackage

* Sun Apr  3 2011 IWAI, Masaharu <iwai@alib.jp> 2.10.5-1
- new upstream release

* Sun Dec 12 2010 Toshiharu Kudoh <toshi.kd2@gmail.com> 2.10.4-1
- new upstream release

* Tue Nov 23 2010 Toshiharu Kudoh <toshi.kd2@gmail.com> 2.10.3-1
- new upstream release
- dropt patch1

* Sun Oct 9 2010 Toshiharu Kudoh <toshi.kd2@gmail.com> 2.10.2-1
- new upstream release
- added patch1,2,3,4 from Fedora development
- added BuildRequires: gettext readline-devel libtool
- added configure option
  --disable-static,--disable-srp-authentication
  - dropt *.a files from -devel package again

* Tue Sep 21 2010 IWAI, Masaharu <iwai@alib.jp> 2.8.6-2
- build with rpm-4.8.1-1 for pkg-config file

* Mon Mar 22 2010 Toshiharu Kudoh <toshi.kd2@gmail.com> 2.8.6-1
- new upstream release
- applied new naming policy to spec

* Thu Nov 19 2009 Toshiharu Kudoh <toshi.kd2@gmail.com> 2.8.5-1
- new upstream release

* Sat Sep 19 2009 Toshiharu Kudoh <toshi.kd2@gmail.com> 2.8.4-1
- new upstream release

* Wed Aug 19 2009 Toshiharu Kudoh <toshi.kd2@gmail.com> 2.8.3-1
- new upstream release

* Thu Aug 13 2009 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.8.2-1
- new upstream release with security fix (handling X.509 CN or SAN fields)

* Sat Jun 27 2009 NAKAMURA Kenta <kenta@vinelinux.org> 2.8.1-2vl5
- added compat32 package for x86_64 arch support

* Thu Jun 11 2009 Toshiharu Kudoh <toshi.kd2@gmail.com> 2.8.1-1vl5
- new upstream release
- added autoreconf
- deleted libguile*.a
- dropt Patch3
- added %post guile, %postun guile

* Sun May 03 2009 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.6.6-2
- drop *.a files from -devel package
- build with system lzo

* Sun May 03 2009 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.6.6-1
- new upstream release with security fixes (CVE-2009-1415,1416,1417)

* Wed Apr 15 2009 Toshiharu Kudoh <toshi.kd2@gmail.com> 2.6.6-1vl5
- update to 2.6.5

* Wed Mar 25 2009 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.6.4-2
- spec in UTF-8

* Sun Feb 8 2009 Toshiharu Kudoh <toshi.kd2@gmail.com> 2.6.4-1vl5
- update to 2.6.4
- modifeid Source0

* Mon Jan 19 2009 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.6.3-2vl5
- add BuildRequires: guile-devel >= 1.8.6

* Tue Jan 13 2009 Toshiharu Kudoh <toshi.kd2@gmail.com> 2.6.3-1vl5
- update to 2.6.3
- import from fedora developing's 2.6.3
  - License tag fixed
- dropped patch0, patch1, patch2
- added patch3
- added BuildRequires: gmp-devel
- add new sub-package: guile
  - added %package guile, %description guile, %files guile

* Sat Mar 22 2008 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 1.6.3-2vl5
- used %%{?_dist_release} macro

* Mon Mar 17 2008 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 1.6.3-2vl1
- update to 1.6.3 (use no-SRP source)
- import from fedora core's 1.6.3-2
  - nosrc.tar.bz2 (source0)
  - license tag fix
- build with system libtasn1

* Fri Mar 09 2007 KAZUKI SHIMURA <kazuki@ma.ccnw.ne.jp> 1.4.5-0vl1
- update to 1.4.5 (use no-SRP source)
- import from fedora core's 1.4.5-1
  - nosrc.tar.bz2 (source0)
- drop obsolete cve-2006-4790.patch (patch3)

* Tue Oct 24 2006 KAZUKI SHIMURA <kazuki@ma.ccnw.ne.jp> 1.4.1-2vl1
- [SECURITY] update to 1.4.1 (use no-SRP source)
- import from fedora core's 1.4.1-2
  - nosrp.tar.bz2 (source0)
  - libgnutls-config (source1)
  - nosrc.patch (patch0)
  - enable-psk.patch (patch1)
  - cve-2006-4790.patch (patch3)
- update required version of libgcrypt (>= 1.2.2)
- add Requires: pkgconfig to -devel package
- add %%check section
- update %%files
- add new sub-package: utils

* Sat May 14 2005 KAZUKI SHIMURA <kazuki@ma.ccnw.ne.jp> 1.0.25-0vl1
- [SECURITY FIX] upstream release
  - record packet parsing denial of service (CAN-2005-1431)

* Mon Mar 28 2005 KAZUKI SHIMURA <kazuki@ma.ccnw.ne.jp> 1.0.24-0vl1
- initial build for Vine Linux
- upstream release

* Wed Mar  2 2005 Warren Togami <wtogami@redhat.com> 1.0.20-6
- gcc4 rebuild

* Tue Jan  4 2005 Ivana Varekova <varekova@redhat.com> 1.0.20-5
- add gnutls Requires zlib-devel (#144069)

* Mon Nov 08 2004 Colin Walters <walters@redhat.com> 1.0.20-4
- Make gnutls-devel Require libgcrypt-devel

* Tue Sep 21 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-3
- rebuild with release++, otherwise unchanged.

* Tue Sep  7 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-2
- patent tainted SRP code removed.

* Sun Sep  5 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-1
- update to 1.0.20.
- add --with-included-opencdk --with-included-libtasn1
- add --with-included-libcfg --with-included-lzo
- add --disable-srp-authentication.
- do "make check" after build.

* Fri Mar 21 2003 Jeff Johnson <jbj@redhat.com> 0.9.2-1
- upgrade to 0.9.2

* Tue Jun 25 2002 Jeff Johnson <jbj@redhat.com> 0.4.4-1
- update to 0.4.4.

* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
- automated rebuild

* Sat May 25 2002 Jeff Johnson <jbj@redhat.com> 0.4.3-1
- update to 0.4.3.

* Tue May 21 2002 Jeff Johnson <jbj@redhat.com> 0.4.2-1
- update to 0.4.2.
- change license to LGPL.
- include splint annotations patch.

* Tue Apr  2 2002 Nalin Dahyabhai <nalin@redhat.com> 0.4.0-1
- update to 0.4.0

* Thu Jan 17 2002 Nalin Dahyabhai <nalin@redhat.com> 0.3.2-1
- update to 0.3.2

* Wed Jan 10 2002 Nalin Dahyabhai <nalin@redhat.com> 0.3.0-1
- add a URL

* Wed Dec 20 2001 Nalin Dahyabhai <nalin@redhat.com>
- initial package