%define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0} Summary: GNU TLS Library Summary(ja): GNU TLS ライブラリ Name: gnutls Version: 2.10.5 Release: 12%{?_dist_release} License: GPLv3+ and LGPLv2+ # The libgnutls library is LGPLv2+, utilities and remaining libraries are GPLv3+ Group: System Environment/Libraries URL: http://www.gnutls.org/ #Source0: ftp://ftp.gnutls.org/pub/gnutls/devel/%{name}-%{version}.tar.gz #Source1: ftp://ftp.gnutls.org/pub/gnutls/devel/%{name}-%{version}.tar.gz.sig # XXX patent tainted SRP code removed. Source0: %{name}-%{version}.tar.bz2 Source1: libgnutls-config #patches from fedora development #Patch1: gnutls-2.10.2-rpath.patch Patch2: gnutls-2.8.6-link-libgcrypt.patch # Remove nonexisting references from texinfo file Patch3: gnutls-2.10.1-nosrp.patch # Backport from upstream git Patch4: gnutls-2.10.1-handshake-errors.patch # to fix a compilation error with glibc >= 2.16. Patch5: gnutls-glibc-2.16.patch Patch6: gnutls-gcrypt15.patch Patch7: gnutls-skip-invalid-test.patch # security fixes Patch100: gnutls-2.10.5_CVE-2012-1573.patch Patch110: gnutls-2.10.5_CVE-2011-4128.patch Patch120: gnutls-2.10.5_CVE-2013-1619.patch Patch130: gnutls-2.x_CVE-2013-2116.patch Patch140: gnutls-2.10.5_CVE-2014-0092.patch Patch150: gnutls-2.10.5_CVE-2014-3466.patch Patch160: gnutls-2.x_CVE-2015-0294.patch Patch170: gnutls-2.10.5_CVE-2015-0282.patch Patch180: gnutls-2.10.5_CVE-2015-8313.patch Patch190: gnutls-2.10.5_CVE-2015-7575.patch Patch200: CVE-2014-1959.patch BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildRequires: libgcrypt-devel >= 1.2.2, zlib-devel libtasn1-devel gmp-devel BuildRequires: gettext readline-devel libtool BuildRequires: guile-devel >= 1.8.6 BuildRequires: lzo-devel Requires: libgcrypt >= 1.2.2, zlib Requires: lzo Requires(post): ldconfig Requires(postun): ldconfig Vendor: Project Vine Distribution: Vine Linux %description GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implements the proposed standards by the IETF's TLS working group. #' %package devel Summary: Development files for the GnuTLS package. Summary(ja): GnuTLS の開発用ファイル Group: Development/Libraries Requires: %{name} = %{version}-%{release} Requires: libgcrypt-devel, zlib-devel, pkgconfig Requires: libtasn1-devel Requires(post,preun): /sbin/install-info %description devel GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implements the proposed standards by the IETF's TLS working group. This package contains files needed for developing applications with the GnuTLS library. #' %package utils Summary: Command line tools for TLS protocol. Summary(ja): GnuTLS のコマンドラインツール Group: Applications/System Requires: %{name} = %{version}-%{release} %description utils GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implements the proposed standards by the IETF's TLS working group. This package contains command line TLS client and server and certificate manipulation tools. #' %package guile Summary: Guile bindings for the GNUTLS library Group: Development/Libraries Requires: %{name} = %{version}-%{release} Requires: guile %description guile GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implements the proposed standards by the IETF's TLS working group. This package contains Guile bindings for the library. #' %package -n compat32-%{name} Summary: GNU TLS Library Summary(ja): GNU TLS ライブラリ Group: System Environment/Libraries Requires: compat32-%{name} = %{version}-%{release} %description -n compat32-%{name} GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implements the proposed standards by the IETF's TLS working group. #' %package -n compat32-%{name}-devel Summary: Development files for the GnuTLS package. Summary(ja): GnuTLS の開発用ファイル Group: Development/Libraries Requires: compat32-%{name} = %{version}-%{release} Requires: %{name}-devel = %{version}-%{release} Requires: compat32-libgcrypt-devel, compat32-zlib-devel Requires(post,preun): /sbin/install-info %description -n compat32-%{name}-devel GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implements the proposed standards by the IETF's TLS working group. This package contains files needed for developing applications with the GnuTLS library. #' %package -n compat32-%{name}-guile Summary: Guile bindings for the GNUTLS library Group: Development/Libraries Requires: compat32-%{name} = %{version}-%{release} Requires: %{name}-guile = %{version}-%{release} %description -n compat32-%{name}-guile GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implements the proposed standards by the IETF's TLS working group. This package contains Guile bindings for the library. #' %prep %setup -q #%patch1 -p1 -b .rpath %patch2 -p1 -b .link %patch3 -p1 -b .nosrp %patch4 -p1 -b .errors %patch5 -p1 -b .glib-2.16 %patch6 -p1 -b .gcrypt15 %patch7 -p1 -b .skip-invalid-test %patch100 -p1 -b .CVE-2012-1573 %patch110 -p1 -b .CVE-2011-4128 %patch120 -p1 -b .CVE-2013-1619 %patch130 -p1 -b .CVE-2013-2116 %patch140 -p1 -b .CVE-2014-0092 %patch200 -p1 -b .CVE-2014-1959 %patch150 -p1 -b .CVE-2014-3466 %patch160 -p1 -b .CVE-2015-0294 %patch170 -p1 -b .CVE-2015-0282 %patch180 -p1 -b .CVE-2015-8313 %patch190 -p1 -b .CVE-2015-7575 for i in auth_srp_rsa.c auth_srp_sb64.c auth_srp_passwd.c auth_srp.c gnutls_srp.c ext_srp.c; do touch lib/$i done %build autoreconf %configure \ --with-lzo \ --with-included-libcfg \ --disable-srp-authentication \ --disable-static \ --disable-srp-authentication # --with-included-libtasn1 \ # --with-included-opencdk \ # --with-included-lzo \ # make make %{?_smp_mflags} cp lib/COPYING COPYING.LIB %install %__rm -rf %{buildroot} %makeinstall rm -f $RPM_BUILD_ROOT%{_bindir}/srptool rm -f $RPM_BUILD_ROOT%{_bindir}/gnutls-srpcrypt # replace libgnutls*-config %__install -p -m755 %{SOURCE1} %{buildroot}%{_bindir}/libgnutls-config %__install -p -m755 %{SOURCE1} %{buildroot}%{_bindir}/libgnutls-extra-config rm -f $RPM_BUILD_ROOT%{_mandir}/man1/srptool.1 rm -f $RPM_BUILD_ROOT%{_mandir}/man3/*srp* rm -f $RPM_BUILD_ROOT%{_infodir}/dir rm -f $RPM_BUILD_ROOT%{_libdir}/*.la rm -f $RPM_BUILD_ROOT%{_libdir}/libguile*.a # remove unneeded files %__rm -f %{buildroot}%{_libdir}/*.la %find_lang libgnutls %check make check %clean rm -rf %{buildroot} %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %post devel if [ -f %{_infodir}/gnutls.info.gz ]; then /sbin/install-info %{_infodir}/gnutls.info.gz %{_infodir}/dir || : fi %preun devel if [ $1 = 0 -a -f %{_infodir}/gnutls.info.gz ]; then /sbin/install-info --delete %{_infodir}/gnutls.info.gz %{_infodir}/dir || : fi %post guile -p /sbin/ldconfig %postun guile -p /sbin/ldconfig %post -n compat32-%{name} -p /sbin/ldconfig %postun -n compat32-%{name} -p /sbin/ldconfig %post -n compat32-%{name}-guile -p /sbin/ldconfig %postun -n compat32-%{name}-guile -p /sbin/ldconfig %files -f libgnutls.lang %defattr(-,root,root,-) %{_libdir}/libgnutls*.so.* %doc COPYING COPYING.LIB README AUTHORS %files devel %defattr(-,root,root,-) %{_bindir}/libgnutls*-config %{_includedir}/* #%{_libdir}/libgnutls*.a %{_libdir}/libgnutls*.so %{_libdir}/pkgconfig/*.pc %{_mandir}/man3/* %{_infodir}/gnutls* %files utils %defattr(-,root,root,-) %{_bindir}/certtool %{_bindir}/psktool %{_bindir}/gnutls* %{_mandir}/man1/* %doc doc/certtool.cfg %files guile %defattr(-,root,root,-) %{_libdir}/libguile*.so* %{_datadir}/guile/site/gnutls %{_datadir}/guile/site/gnutls.scm %if %{build_compat32} %files -n compat32-%{name} %defattr(-,root,root,-) %{_libdir}/libgnutls*.so.* %files -n compat32-%{name}-devel %defattr(-,root,root,-) #%{_libdir}/libgnutls*.a %{_libdir}/libgnutls*.so %{_libdir}/pkgconfig/*.pc %files -n compat32-%{name}-guile %defattr(-,root,root,-) %{_libdir}/libguile*.so* %endif %changelog * Wed Jul 27 2016 Tomohiro "Tomo-p" KATO 2.10.5-12 - added Patch5 to fix a compilation error with glibc >= 2.16. - added Patch6 for compatibility with libgcrypt >= 1.5. - added Patch7 to skip an invalid testcase. - added Patch200 to fix CVE-2014-1959. * Sun Jan 10 2016 Satoshi IWAMOTO 2.10.5-11 - add patch for fix patch190 CVE-2015-7575 * Wed Dec 2 2015 Satoshi IWAMOTO 2.10.5-10 - add patch180 for fix CVE-2015-8313 * Fri Apr 17 2015 Satoshi IWAMOTO 2.10.5-9 - add patch160 for fix CVE-2015-0294 (signature algorithms) - add patch170 for fix CVE-2015-0282 (RSA PKCS #1) * Mon Jun 2 2014 Satoshi IWAMOTO 2.10.5-8 - add patch150 for fix CVE-2014-3466 (hello) * Fri Mar 7 2014 Satoshi IWAMOTO 2.10.5-7 - add patch140 for fix CVE-2014-0092 (Certificate verification issue) patch140 is based on rhel6, thanks to rh team * Sun Jun 2 2013 Satoshi IWAMOTO 2.10.5-6 - add patch130 for fix CVE-2013-2116 (TLS record decoding) * Tue Mar 5 2013 Satoshi IWAMOTO 2.10.5-5 - add patch120 for fix CVE-2013-1619 (TLS CBC padding timing attack) - use smp flag in make section * Mon Apr 30 2012 Satoshi IWAMOTO 2.10.5-4 - add patch110 for fix CVE-2011-4128 (session) * Mon Apr 30 2012 Satoshi IWAMOTO 2.10.5-3 - add patch100 for fix CVE-2012-1573 (cipher) * Sun Apr 10 2011 IWAI, Masaharu 2.10.5-2 - add Requires: libtasn1-devel for devel subpackage * Sun Apr 3 2011 IWAI, Masaharu 2.10.5-1 - new upstream release * Sun Dec 12 2010 Toshiharu Kudoh 2.10.4-1 - new upstream release * Tue Nov 23 2010 Toshiharu Kudoh 2.10.3-1 - new upstream release - dropt patch1 * Sun Oct 9 2010 Toshiharu Kudoh 2.10.2-1 - new upstream release - added patch1,2,3,4 from Fedora development - added BuildRequires: gettext readline-devel libtool - added configure option --disable-static,--disable-srp-authentication - dropt *.a files from -devel package again * Tue Sep 21 2010 IWAI, Masaharu 2.8.6-2 - build with rpm-4.8.1-1 for pkg-config file * Mon Mar 22 2010 Toshiharu Kudoh 2.8.6-1 - new upstream release - applied new naming policy to spec * Thu Nov 19 2009 Toshiharu Kudoh 2.8.5-1 - new upstream release * Sat Sep 19 2009 Toshiharu Kudoh 2.8.4-1 - new upstream release * Wed Aug 19 2009 Toshiharu Kudoh 2.8.3-1 - new upstream release * Thu Aug 13 2009 Satoshi IWAMOTO 2.8.2-1 - new upstream release with security fix (handling X.509 CN or SAN fields) * Sat Jun 27 2009 NAKAMURA Kenta 2.8.1-2vl5 - added compat32 package for x86_64 arch support * Thu Jun 11 2009 Toshiharu Kudoh 2.8.1-1vl5 - new upstream release - added autoreconf - deleted libguile*.a - dropt Patch3 - added %post guile, %postun guile * Sun May 03 2009 Satoshi IWAMOTO 2.6.6-2 - drop *.a files from -devel package - build with system lzo * Sun May 03 2009 Satoshi IWAMOTO 2.6.6-1 - new upstream release with security fixes (CVE-2009-1415,1416,1417) * Wed Apr 15 2009 Toshiharu Kudoh 2.6.6-1vl5 - update to 2.6.5 * Wed Mar 25 2009 Satoshi IWAMOTO 2.6.4-2 - spec in UTF-8 * Sun Feb 8 2009 Toshiharu Kudoh 2.6.4-1vl5 - update to 2.6.4 - modifeid Source0 * Mon Jan 19 2009 Satoshi IWAMOTO 2.6.3-2vl5 - add BuildRequires: guile-devel >= 1.8.6 * Tue Jan 13 2009 Toshiharu Kudoh 2.6.3-1vl5 - update to 2.6.3 - import from fedora developing's 2.6.3 - License tag fixed - dropped patch0, patch1, patch2 - added patch3 - added BuildRequires: gmp-devel - add new sub-package: guile - added %package guile, %description guile, %files guile * Sat Mar 22 2008 Ryoichi INAGAKI 1.6.3-2vl5 - used %%{?_dist_release} macro * Mon Mar 17 2008 Ryoichi INAGAKI 1.6.3-2vl1 - update to 1.6.3 (use no-SRP source) - import from fedora core's 1.6.3-2 - nosrc.tar.bz2 (source0) - license tag fix - build with system libtasn1 * Fri Mar 09 2007 KAZUKI SHIMURA 1.4.5-0vl1 - update to 1.4.5 (use no-SRP source) - import from fedora core's 1.4.5-1 - nosrc.tar.bz2 (source0) - drop obsolete cve-2006-4790.patch (patch3) * Tue Oct 24 2006 KAZUKI SHIMURA 1.4.1-2vl1 - [SECURITY] update to 1.4.1 (use no-SRP source) - import from fedora core's 1.4.1-2 - nosrp.tar.bz2 (source0) - libgnutls-config (source1) - nosrc.patch (patch0) - enable-psk.patch (patch1) - cve-2006-4790.patch (patch3) - update required version of libgcrypt (>= 1.2.2) - add Requires: pkgconfig to -devel package - add %%check section - update %%files - add new sub-package: utils * Sat May 14 2005 KAZUKI SHIMURA 1.0.25-0vl1 - [SECURITY FIX] upstream release - record packet parsing denial of service (CAN-2005-1431) * Mon Mar 28 2005 KAZUKI SHIMURA 1.0.24-0vl1 - initial build for Vine Linux - upstream release * Wed Mar 2 2005 Warren Togami 1.0.20-6 - gcc4 rebuild * Tue Jan 4 2005 Ivana Varekova 1.0.20-5 - add gnutls Requires zlib-devel (#144069) * Mon Nov 08 2004 Colin Walters 1.0.20-4 - Make gnutls-devel Require libgcrypt-devel * Tue Sep 21 2004 Jeff Johnson 1.0.20-3 - rebuild with release++, otherwise unchanged. * Tue Sep 7 2004 Jeff Johnson 1.0.20-2 - patent tainted SRP code removed. * Sun Sep 5 2004 Jeff Johnson 1.0.20-1 - update to 1.0.20. - add --with-included-opencdk --with-included-libtasn1 - add --with-included-libcfg --with-included-lzo - add --disable-srp-authentication. - do "make check" after build. * Fri Mar 21 2003 Jeff Johnson 0.9.2-1 - upgrade to 0.9.2 * Tue Jun 25 2002 Jeff Johnson 0.4.4-1 - update to 0.4.4. * Fri Jun 21 2002 Tim Powers - automated rebuild * Sat May 25 2002 Jeff Johnson 0.4.3-1 - update to 0.4.3. * Tue May 21 2002 Jeff Johnson 0.4.2-1 - update to 0.4.2. - change license to LGPL. - include splint annotations patch. * Tue Apr 2 2002 Nalin Dahyabhai 0.4.0-1 - update to 0.4.0 * Thu Jan 17 2002 Nalin Dahyabhai 0.3.2-1 - update to 0.3.2 * Wed Jan 10 2002 Nalin Dahyabhai 0.3.0-1 - add a URL * Wed Dec 20 2001 Nalin Dahyabhai - initial package