From: Jan Palus Date: Sat, 11 Feb 2023 14:27:08 +0000 (+0100) Subject: up to 3.8.0 (fixes CVE-2023-0361) X-Git-Tag: auto/th/gnutls-3.8.0-1 X-Git-Url: http://git.pld-linux.org/?a=commitdiff_plain;h=4fe65b0d4279fa85223879ba6150599568317560;p=packages%2Fgnutls.git up to 3.8.0 (fixes CVE-2023-0361) - guile bindings developed independently now (guile-gnutls package) --- diff --git a/gnutls-info.patch b/gnutls-info.patch index 3306d92..25c660b 100644 --- a/gnutls-info.patch +++ b/gnutls-info.patch @@ -28,18 +28,4 @@ +* srptool: (gnutls)srptool. Simple SRP password tool @end direntry - @titlepage ---- gnutls-3.0.0/doc/gnutls-guile.texi.orig 2011-05-27 18:09:02.000000000 +0200 -+++ gnutls-3.0.0/doc/gnutls-guile.texi 2011-08-04 16:39:19.246496322 +0200 -@@ -29,9 +29,9 @@ - @end quotation - @end copying - --@dircategory Software libraries -+@dircategory Libraries: - @direntry --* GnuTLS-Guile: (gnutls-guile). GNU Transport Layer Security Library. Guile bindings. -+* GnuTLS-Guile: (gnutls-guile). GNU Transport Layer Security Library. Guile bindings - @end direntry - @titlepage diff --git a/gnutls-pl.po-update.patch b/gnutls-pl.po-update.patch index 79a3644..dade98c 100644 --- a/gnutls-pl.po-update.patch +++ b/gnutls-pl.po-update.patch @@ -13,7 +13,7 @@ -"Project-Id-Version: gnutls-3.6.8\n" +"Project-Id-Version: gnutls-3.7.6\n" "Report-Msgid-Bugs-To: bug-gnutls@gnu.org\n" - "POT-Creation-Date: 2022-09-27 12:48+0000\n" + "POT-Creation-Date: 2023-02-09 16:00+0100\n" -"PO-Revision-Date: 2019-06-01 08:22+0200\n" +"PO-Revision-Date: 2022-06-03 22:30+0200\n" "Last-Translator: Jakub Bogusz \n" @@ -22,19 +22,19 @@ @@ -412,10 +413,8 @@ msgid "Unsupported extension in X.509 ce msgstr "Nieobsługiwane rozszerzenie w certyfikacie X.509." - #: lib/errors.c:188 + #: lib/errors.c:184 -#, fuzzy -#| msgid "Unsupported extension in X.509 certificate." msgid "Duplicate extension in X.509 certificate." -msgstr "Nieobsługiwane rozszerzenie w certyfikacie X.509." +msgstr "Powtórzone rozszerzenie w certyfikacie X.509." - #: lib/errors.c:191 + #: lib/errors.c:186 msgid "Key usage violation in certificate has been detected." @@ -1070,10 +1069,10 @@ msgid "%sdirectoryName: %.*s\n" msgstr "%sdirectoryName: %.*s\n" - #: lib/x509/output.c:149 + #: lib/x509/output.c:169 -#, fuzzy, c-format +#, c-format #| msgid "%s\t\t\totherName OID: %.*s\n" @@ -42,12 +42,12 @@ -msgstr "%s\t\t\tOID otherName: %.*s\n" +msgstr "%sZarejestrowany ID: %.*s\n" - #: lib/x509/output.c:153 + #: lib/x509/output.c:174 #, c-format @@ -1086,10 +1085,9 @@ msgid "%sKRB5Principal: %.*s\n" msgstr "%sKRB5Principal: %.*s\n" - #: lib/x509/output.c:161 + #: lib/x509/output.c:184 -#, fuzzy, c-format -#| msgid "%sKRB5Principal: %.*s\n" +#, c-format @@ -55,12 +55,12 @@ -msgstr "%sKRB5Principal: %.*s\n" +msgstr "%sNazwa zarządcy użytkownika: %.*s\n" - #: lib/x509/output.c:165 + #: lib/x509/output.c:189 #, c-format @@ -1138,51 +1136,44 @@ msgid "\t\t\tAccess Method: %s (%s)\n" msgstr "\t\t\tMetoda dostępu: %s (%s)\n" - #: lib/x509/output.c:484 + #: lib/x509/output.c:511 -#, fuzzy, c-format -#| msgid "\tRevoked certificates (%d):\n" +#, c-format @@ -68,13 +68,13 @@ -msgstr "\tUnieważnione certyfikaty (%d):\n" +msgstr "%s\t\t\tZnacznik czasu podpisanego certyfikatu %d:\n" - #: lib/x509/output.c:488 + #: lib/x509/output.c:516 #, c-format msgid "%s\t\t\t\tVersion: %d (unknown SCT version)\n" -msgstr "" +msgstr "%s\t\t\t\tWersja: %d (nieznana wersja SCT)\n" - #: lib/x509/output.c:503 + #: lib/x509/output.c:530 -#, fuzzy, c-format -#| msgid "\tVersion: %d\n" +#, c-format @@ -82,7 +82,7 @@ -msgstr "\tWersja: %d\n" +msgstr "%s\t\t\t\tWersja: %d\n" - #: lib/x509/output.c:505 + #: lib/x509/output.c:531 -#, fuzzy, c-format -#| msgid "%s\t\t\tASCII: " +#, c-format @@ -90,7 +90,7 @@ -msgstr "%s\t\t\tASCII: " +msgstr "%s\t\t\t\tLog ID: " - #: lib/x509/output.c:508 + #: lib/x509/output.c:534 -#, fuzzy, c-format -#| msgid "%s\t\t\tTime stamping.\n" +#, c-format @@ -98,7 +98,7 @@ -msgstr "%s\t\t\tOznaczanie czasu.\n" +msgstr "%s\t\t\t\tCzas: " - #: lib/x509/output.c:510 + #: lib/x509/output.c:536 -#, fuzzy, c-format -#| msgid "%s\tExtensions:\n" +#, c-format @@ -106,7 +106,7 @@ -msgstr "%s\tRozszerzenia:\n" +msgstr "%s\t\t\t\tRozszerzenia: brak\n" - #: lib/x509/output.c:512 + #: lib/x509/output.c:538 -#, fuzzy, c-format -#| msgid "\tSignature Algorithm: %s\n" +#, c-format @@ -114,7 +114,7 @@ -msgstr "\tAlgorytm podpisu: %s\n" +msgstr "%s\t\t\t\tAlgorytm podpisu: %s\n" - #: lib/x509/output.c:514 + #: lib/x509/output.c:540 -#, fuzzy, c-format -#| msgid "\tSignature:\n" +#, c-format @@ -122,12 +122,12 @@ -msgstr "\tPodpis:\n" +msgstr "%s\t\t\t\tPodpis: " - #: lib/x509/output.c:608 + #: lib/x509/output.c:635 #, c-format @@ -1275,10 +1266,9 @@ msgid "%s\t\t\tIpsec IKE.\n" msgstr "%s\t\t\tIpsec IKE.\n" - #: lib/x509/output.c:770 + #: lib/x509/output.c:797 -#, fuzzy, c-format -#| msgid "%s\t\t\tEmail protection.\n" +#, c-format @@ -135,12 +135,12 @@ -msgstr "%s\t\t\tOchrona poczty elektronicznej.\n" +msgstr "%s\t\t\tLogowanie kartą procesorową.\n" - #: lib/x509/output.c:772 + #: lib/x509/output.c:799 #, c-format @@ -1330,33 +1320,29 @@ msgid "%s\t\t\tHexdump: " msgstr "%s\t\t\tZrzut hex: " - #: lib/x509/output.c:994 + #: lib/x509/output.c:1023 -#, fuzzy, c-format -#| msgid "%s%s: %.*s\n" +#, c-format @@ -148,13 +148,13 @@ -msgstr "%s%s: %.*s\n" +msgstr "%s\t\t\t%.*s\n" - #: lib/x509/output.c:1022 + #: lib/x509/output.c:1054 #, c-format msgid "%s\t\t\tSignTool: %.*s\n" -msgstr "" +msgstr "%s\t\t\tSignTool: %.*s\n" - #: lib/x509/output.c:1030 + #: lib/x509/output.c:1063 -#, fuzzy, c-format -#| msgid "%s%s: %.*s\n" +#, c-format @@ -162,7 +162,7 @@ -msgstr "%s%s: %.*s\n" +msgstr "%s\t\t\tCATool: %.*s\n" - #: lib/x509/output.c:1038 + #: lib/x509/output.c:1072 -#, fuzzy, c-format -#| msgid "%s\t\t\totherName OID: %.*s\n" +#, c-format @@ -170,7 +170,7 @@ -msgstr "%s\t\t\tOID otherName: %.*s\n" +msgstr "%s\t\t\tSignToolCert: %.*s\n" - #: lib/x509/output.c:1046 + #: lib/x509/output.c:1081 -#, fuzzy, c-format -#| msgid "%s\t\t\totherName OID: %.*s\n" +#, c-format @@ -178,12 +178,12 @@ -msgstr "%s\t\t\tOID otherName: %.*s\n" +msgstr "%s\t\t\tCAToolCert: %.*s\n" - #: lib/x509/output.c:1113 + #: lib/x509/output.c:1148 #, c-format @@ -1436,10 +1422,9 @@ msgid "%s\t\tAuthority Information Acces msgstr "%s\t\tInformacje Authority Information Access (%s):\n" - #: lib/x509/output.c:1330 + #: lib/x509/output.c:1350 -#, fuzzy, c-format -#| msgid "%s\t\tProxy Certificate Information (%s):\n" +#, c-format @@ -191,12 +191,12 @@ -msgstr "%s\t\tInformacja o certyfikacie proxy (%s):\n" +msgstr "%s\t\tSCT precertyfikatu CT (%s):\n" - #: lib/x509/output.c:1341 + #: lib/x509/output.c:1361 #, c-format @@ -1452,22 +1437,20 @@ msgid "%s\t\tTLS Features (%s):\n" msgstr "%s\t\tWłaściwości TLS (%s):\n" - #: lib/x509/output.c:1359 + #: lib/x509/output.c:1378 -#, fuzzy, c-format -#| msgid "%s\t\tSubject Key Identifier (%s):\n" +#, c-format @@ -204,7 +204,7 @@ -msgstr "%s\t\tIdentyfikator klucza przedmiotu (%s):\n" +msgstr "%s\t\tNarzędzie podpisywania podmiotu(%s):\n" - #: lib/x509/output.c:1365 + #: lib/x509/output.c:1383 -#, fuzzy, c-format +#, c-format #| msgid "%s\t\tIssuer Alternative Name (%s):\n" @@ -212,7 +212,7 @@ -msgstr "%s\t\tAlternatywna nazwa wystawcy (%s):\n" +msgstr "%s\t\tNarzędzie podpisywania wystawcy (%s):\n" - #: lib/x509/output.c:1374 + #: lib/x509/output.c:1391 -#, fuzzy, c-format -#| msgid "%s\t\tKey Usage (%s):\n" +#, c-format @@ -220,7 +220,7 @@ -msgstr "%s\t\tUżycie klucza (%s):\n" +msgstr "%s\t\tNazwa (Common Name) (%s):\n" - #: lib/x509/output.c:1387 + #: lib/x509/output.c:1405 #, c-format @@ -1822,6 +1805,3 @@ msgstr "Wystąpił błąd w kluczu publi #: libdane/errors.c:69 diff --git a/gnutls.spec b/gnutls.spec index c539beb..e8aed90 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -6,19 +6,20 @@ %bcond_without tpm2 # TPM2 support in gnutls %bcond_without static_libs # static libraries %bcond_without doc # do not generate documentation -%bcond_without guile # Guile binding %bcond_with af_alg # Linux kernel AF_ALG based acceleration +%bcond_with heartbeat # heartbeat extension support %bcond_with ktls # Kernel TLS support +%bcond_with srp # SRP authentication support Summary: The GNU Transport Layer Security Library Summary(pl.UTF-8): Biblioteka GNU TLS (Transport Layer Security) Name: gnutls -Version: 3.7.8 -Release: 2 +Version: 3.8.0 +Release: 1 License: LGPL v2.1+ (libgnutls), LGPL v3+ (libdane), GPL v3+ (openssl library and tools) Group: Libraries -Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz -# Source0-md5: c7b749bae243c341e6be717baf7ffbad +Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.8/%{name}-%{version}.tar.xz +# Source0-md5: 20a662caf20112b6b9ad1f4a64db3a97 Patch0: %{name}-info.patch Patch1: %{name}-link.patch Patch2: %{name}-pl.po-update.patch @@ -29,7 +30,6 @@ BuildRequires: gcc >= 5:3.2 BuildRequires: gettext-tools >= 0.19 BuildRequires: gmp-devel %{?with_doc:BuildRequires: gtk-doc >= 1.14} -%{?with_guile:BuildRequires: guile-devel >= 5:3.0} BuildRequires: libidn2-devel >= 2.0.0 BuildRequires: libbrotli-devel >= 1.0.0 %{?with_af_alg:BuildRequires: libkcapi-devel >= 1.3.0} @@ -250,20 +250,6 @@ Static gnutls-openssl library. %description openssl-static -l pl.UTF-8 Statyczna biblioteka gnutls-openssl. -%package -n guile-gnutls -Summary: Guile bindings for GnuTLS -Summary(pl.UTF-8): Wiązania Guile do GnuTLS -License: LGPL v2.1+ -Group: Development/Languages -Requires: %{name}-libs = %{version}-%{release} -Requires: guile >= 5:3.0 - -%description -n guile-gnutls -Guile bindings for GnuTLS. - -%description -n guile-gnutls -l pl.UTF-8 -Wiązania Guile do GnuTLS. - %prep %setup -q %patch0 -p1 @@ -281,8 +267,9 @@ Wiązania Guile do GnuTLS. %configure \ %{?with_af_alg:--enable-afalg} \ %{!?with_doc:--disable-doc} \ - %{!?with_guile:--disable-guile} \ + %{__enable_disable heartbeat heartbeat-support} \ %{__enable_disable ktls} \ + %{__enable_disable srp srp-authentication} \ %{?with_openssl:--enable-openssl-compatibility} \ --disable-silent-rules \ %{?with_static_libs:--enable-static} \ @@ -302,14 +289,6 @@ rm -rf $RPM_BUILD_ROOT # although libgnutls.la is obsoleted by pkg-config, there is # .pc file missing for libgnutls-openssl, and it needs libgnutls.la -%if %{with guile} -# guile module - dynamic only -%{__rm} $RPM_BUILD_ROOT%{_libdir}/guile/3.*/extensions/guile-gnutls-*.la -%if %{with static_libs} -%{__rm} $RPM_BUILD_ROOT%{_libdir}/guile/3.*/extensions/guile-gnutls-*.a -%endif -%endif - # images for (not installed) htmlized infos - already packaged with infos %if %{with doc} %{__rm} $RPM_BUILD_ROOT%{_docdir}/gnutls/*.png @@ -340,9 +319,6 @@ rm -rf $RPM_BUILD_ROOT %post openssl -p /sbin/ldconfig %postun openssl -p /sbin/ldconfig -%post -n guile-gnutls -p /sbin/ldconfig -%postun -n guile-gnutls -p /sbin/ldconfig - %files -f %{name}.lang %defattr(644,root,root,755) %doc AUTHORS ChangeLog NEWS README.md THANKS @@ -351,7 +327,7 @@ rm -rf $RPM_BUILD_ROOT %attr(755,root,root) %{_bindir}/ocsptool %attr(755,root,root) %{_bindir}/p11tool %attr(755,root,root) %{_bindir}/psktool -%attr(755,root,root) %{_bindir}/srptool +%{?with_srp:%attr(755,root,root) %{_bindir}/srptool} %{?with_tpm:%attr(755,root,root) %{_bindir}/tpmtool} %if %{with doc} %{_mandir}/man1/certtool.1* @@ -359,7 +335,7 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man1/ocsptool.1* %{_mandir}/man1/p11tool.1* %{_mandir}/man1/psktool.1* -%{_mandir}/man1/srptool.1* +%{?with_srp:%{_mandir}/man1/srptool.1*} %{_mandir}/man1/tpmtool.1* %{_infodir}/gnutls.info* %{_infodir}/gnutls-*.png @@ -448,16 +424,3 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libgnutls-openssl.a %endif %endif - -%if %{with guile} -%files -n guile-gnutls -%defattr(644,root,root,755) -%attr(755,root,root) %{_libdir}/guile/3.*/extensions/guile-gnutls-v-2.so* -%{_libdir}/guile/3.*/site-ccache/gnutls.go -%{_libdir}/guile/3.*/site-ccache/gnutls -%{_datadir}/guile/site/3.*/gnutls.scm -%{_datadir}/guile/site/3.*/gnutls -%if %{with doc} -%{_infodir}/gnutls-guile.info* -%endif -%endif