-# NOTE: 3.3.x is previous-stable line
-# - for 3.5.x (current stable) see DEVEL branch (requires DEVEL p11-kit)
#
# Conditional build:
%bcond_without dane # libdane (DANE with DNSSEC certificate verification)
%bcond_without openssl # libgnutls-openssl compatibility library
%bcond_without tpm # TPM support in gnutls
+%bcond_without tpm2 # TPM2 support in gnutls
%bcond_without static_libs # static libraries
%bcond_without doc # do not generate documentation
-#
+%bcond_without guile # Guile binding
+%bcond_with af_alg # Linux kernel AF_ALG based acceleration
+%bcond_with ktls # Kernel TLS support
+
Summary: The GNU Transport Layer Security Library
Summary(pl.UTF-8): Biblioteka GNU TLS (Transport Layer Security)
Name: gnutls
-Version: 3.4.9
+Version: 3.7.4
Release: 1
License: LGPL v2.1+ (libgnutls), LGPL v3+ (libdane), GPL v3+ (openssl library and tools)
Group: Libraries
-Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/%{name}-%{version}.tar.xz
-# Source0-md5: 1b3b6d55d0e2b6d01a54f53129f1da9b
+Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz
+# Source0-md5: 4bce06332c525eae540bb237433d4225
Patch0: %{name}-info.patch
Patch1: %{name}-link.patch
-URL: http://www.gnutls.org/
-BuildRequires: autoconf >= 2.61
-BuildRequires: autogen
-BuildRequires: autogen-devel
+Patch2: %{name}-pl.po-update.patch
+Patch3: zstd.patch
+URL: https://www.gnutls.org/
+BuildRequires: autoconf >= 2.63
BuildRequires: automake >= 1:1.12.2
-BuildRequires: gettext-tools >= 0.18
+BuildRequires: gcc >= 5:3.2
+BuildRequires: gettext-tools >= 0.19
BuildRequires: gmp-devel
-%{?with_doc:BuildRequires: gtk-doc >= 1.1}
-BuildRequires: guile-devel >= 5:2.0
-BuildRequires: libcfg+-devel
-BuildRequires: libidn-devel >= 0.5.6
+%{?with_doc:BuildRequires: gtk-doc >= 1.14}
+%{?with_guile:BuildRequires: guile-devel >= 5:2.2.0}
+BuildRequires: libidn2-devel >= 2.0.0
+BuildRequires: libbrotli-devel >= 1.0.0
+%{?with_af_alg:BuildRequires: libkcapi-devel >= 1.3.0}
BuildRequires: libstdc++-devel
-BuildRequires: libtasn1-devel >= 4.3
+BuildRequires: libtasn1-devel >= 4.11
+BuildRequires: libunistring-devel
BuildRequires: libtool >= 2:2
-BuildRequires: nettle-devel >= 3.1
+%{?with_ktls:BuildRequires: linux-libc-headers >= 7:4.13}
+BuildRequires: nettle-devel >= 3.6
# miniopencdk is included in sources and currently maintained
# as part of gnutls, not external package
#BuildRequires: opencdk-devel >= 0.6.6
BuildRequires: p11-kit-devel >= 0.23.1
BuildRequires: pkgconfig
BuildRequires: readline-devel
-BuildRequires: rpmbuild(macros) >= 1.383
+BuildRequires: rpmbuild(macros) >= 1.527
BuildRequires: sed >= 4.0
BuildRequires: tar >= 1:1.22
%{?with_doc:BuildRequires: texinfo >= 4.8}
+%{?with_tpm2:BuildRequires: tpm2-tss-devel}
%{?with_tpm:BuildRequires: trousers-devel >= 0.3.11}
%{?with_dane:BuildRequires: unbound-devel}
BuildRequires: xz
BuildRequires: zlib-devel
+BuildRequires: zstd-devel >= 1.3.0
Requires: %{name}-libs = %{version}-%{release}
%{?with_dane:Requires: %{name}-dane = %{version}-%{release}}
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+%define _noautostrip .*\.go
+
%description
GnuTLS is a project that aims to develop a library which provides a
secure layer, over a reliable transport layer (ie. TCP/IP). Currently
Summary: GnuTLS shared libraries
Summary(pl.UTF-8): Biblioteki współdzielone GnuTLS
Group: Libraries
-Requires: libidn >= 0.5.6
-Requires: libtasn1 >= 4.3
-Requires: nettle >= 3.1
+Requires: libbrotli >= 1.0.0
+Requires: libidn2 >= 2.0.0
+%{?with_af_alg:Requires: libkcapi >= 1.3.0}
+Requires: libtasn1 >= 4.11
+Requires: nettle >= 3.6
#Requires: opencdk >= 0.6.6
Requires: p11-kit >= 0.23.1
-%{?with_tpm:Requires: trousers-libs >= 0.3.11}
+Requires: zstd >= 1.3.0
+# dlopened libtss2-*
+%{?with_tpm2:Suggests: tpm2-tss}
+# dlopened libtspi
+%{?with_tpm:Suggests: trousers-libs >= 0.3.11}
Conflicts: gnutls < 3.2.0
%description libs
License: LGPL v2.1+ (libgnutls), GPL v3+ (openssl library)
Group: Development/Libraries
Requires: %{name}-libs = %{version}-%{release}
-Requires: libidn-devel >= 0.5.6
-Requires: libtasn1-devel >= 4.3
-Requires: nettle-devel >= 3.1
+Requires: gmp-devel
+Requires: libbrotli-devel >= 1.0.0
+Requires: libidn2-devel
+Requires: libtasn1-devel >= 4.11
+Requires: libunistring-devel
+Requires: nettle-devel >= 3.6
#Requires: opencdk-devel >= 0.6.6
Requires: p11-kit-devel >= 0.23.1
%{?with_tpm:Requires: trousers-devel >= 0.3.11}
Requires: zlib-devel
+Requires: zstd-devel >= 1.3.0
%description devel
Header files etc to develop gnutls applications.
License: LGPL v2.1+
Group: Development/Languages
Requires: %{name}-libs = %{version}-%{release}
-Requires: guile >= 5:2.0
+Requires: guile >= 5:2.2.0
%description -n guile-gnutls
Guile bindings for GnuTLS.
%setup -q
%patch0 -p1
%patch1 -p1
+%patch2 -p1
+%patch3 -p1
%{__rm} po/stamp-po
%build
-%{__mv} build-aux/snippet{,.save}
%{__libtoolize}
-%{__mv} build-aux/snippet{.save,}
-%{__aclocal} -I m4 -I gl/m4 -I src/libopts/m4 -I src/gl/m4
+%{__aclocal} -I m4 -I src/gl/m4 -I lib/unistring/m4
%{__autoconf}
%{__autoheader}
%{__automake}
%configure \
+ %{?with_af_alg:--enable-afalg} \
+ %{!?with_doc:--disable-doc} \
+ %{!?with_guile:--disable-guile} \
+ %{__enable_disable ktls} \
%{?with_openssl:--enable-openssl-compatibility} \
--disable-silent-rules \
%{?with_static_libs:--enable-static} \
--with-default-trust-store-file=/etc/certs/ca-certificates.crt \
%{!?with_tpm:--without-tpm} \
- --with-trousers-lib=%{_libdir}/libtspi.so.1 \
- %{!?with_doc:--disable-doc}
+ %{__with_without tpm2} \
+ --with-trousers-lib=%{_libdir}/libtspi.so.1
-# docs build is broken with -jN
-%{__make} -j1
+%{__make}
%install
rm -rf $RPM_BUILD_ROOT
# although libgnutls.la is obsoleted by pkg-config, there is
# .pc file missing for libgnutls-openssl, and it needs libgnutls.la
+%if %{with guile}
# guile module - dynamic only
-%{__rm} $RPM_BUILD_ROOT%{_libdir}/guile/2.0/guile-gnutls-*.la
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/guile/3.*/extensions/guile-gnutls-*.la
%if %{with static_libs}
-%{__rm} $RPM_BUILD_ROOT%{_libdir}/guile/2.0/guile-gnutls-*.a
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/guile/3.*/extensions/guile-gnutls-*.a
+%endif
+%endif
+
+# images for (not installed) htmlized infos - already packaged with infos
+%if %{with doc}
+%{__rm} $RPM_BUILD_ROOT%{_docdir}/gnutls/*.png
%endif
%{__rm} -f $RPM_BUILD_ROOT%{_infodir}/dir
%files -f %{name}.lang
%defattr(644,root,root,755)
-%doc AUTHORS ChangeLog NEWS README THANKS
+%doc AUTHORS ChangeLog NEWS README.md THANKS
%attr(755,root,root) %{_bindir}/certtool
-%attr(755,root,root) %{_bindir}/crywrap
%attr(755,root,root) %{_bindir}/gnutls-*
%attr(755,root,root) %{_bindir}/ocsptool
%attr(755,root,root) %{_bindir}/p11tool
%files c++
%defattr(644,root,root,755)
%attr(755,root,root) %{_libdir}/libgnutlsxx.so.*.*.*
-%attr(755,root,root) %ghost %{_libdir}/libgnutlsxx.so.28
+%attr(755,root,root) %ghost %{_libdir}/libgnutlsxx.so.30
%files c++-devel
%defattr(644,root,root,755)
%{_libdir}/libgnutls-dane.la
%{_includedir}/gnutls/dane.h
%{_pkgconfigdir}/gnutls-dane.pc
+%if %{with doc}
+%{_mandir}/man3/dane_*.3*
+%endif
%if %{with static_libs}
%files dane-static
%{_libdir}/libgnutls-openssl.la
%{_includedir}/gnutls/openssl.h
+%if %{with static_libs}
%files openssl-static
%defattr(644,root,root,755)
%{_libdir}/libgnutls-openssl.a
%endif
+%endif
+%if %{with guile}
%files -n guile-gnutls
%defattr(644,root,root,755)
-%attr(755,root,root) %{_libdir}/guile/2.0/guile-gnutls-v-2.so*
-%{_datadir}/guile/site/gnutls.scm
-%{_datadir}/guile/site/gnutls
-%{?with_doc:%{_infodir}/gnutls-guile.info*}
+%attr(755,root,root) %{_libdir}/guile/3.*/extensions/guile-gnutls-v-2.so*
+%{_libdir}/guile/3.*/site-ccache/gnutls.go
+%{_libdir}/guile/3.*/site-ccache/gnutls
+%{_datadir}/guile/site/3.*/gnutls.scm
+%{_datadir}/guile/site/3.*/gnutls
+%if %{with doc}
+%{_infodir}/gnutls-guile.info*
+%endif
+%endif