From 688f68e947755ed70229e501d657c21d949ac941 Mon Sep 17 00:00:00 2001 From: Jan Palus Date: Fri, 18 Mar 2022 12:39:08 +0100 Subject: [PATCH] up to 3.7.4 (new libgnutlsxx soname) - tpm2 libs now dlopened - zstd patch to fix https://gitlab.com/gnutls/gnutls/-/issues/1343 - ktls patch no longer needed --- gnutls-pl.po-update.patch | 2 +- gnutls.spec | 26 ++++++----- ktls.patch | 93 --------------------------------------- zstd.patch | 11 +++++ 4 files changed, 27 insertions(+), 105 deletions(-) delete mode 100644 ktls.patch create mode 100644 zstd.patch diff --git a/gnutls-pl.po-update.patch b/gnutls-pl.po-update.patch index 7c04ad4..3d71e94 100644 --- a/gnutls-pl.po-update.patch +++ b/gnutls-pl.po-update.patch @@ -13,7 +13,7 @@ -"Project-Id-Version: gnutls-3.6.8\n" +"Project-Id-Version: gnutls-3.7.3\n" "Report-Msgid-Bugs-To: bug-gnutls@gnu.org\n" - "POT-Creation-Date: 2022-01-18 08:10+0100\n" + "POT-Creation-Date: 2022-03-17 11:12+0100\n" -"PO-Revision-Date: 2019-06-01 08:22+0200\n" +"PO-Revision-Date: 2022-01-20 17:00+0100\n" "Last-Translator: Jakub Bogusz \n" diff --git a/gnutls.spec b/gnutls.spec index ddefca3..936f8cc 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -10,23 +10,19 @@ %bcond_with af_alg # Linux kernel AF_ALG based acceleration %bcond_with ktls # Kernel TLS support -%if %{with tpm2} -%undefine with_tpm -%endif - Summary: The GNU Transport Layer Security Library Summary(pl.UTF-8): Biblioteka GNU TLS (Transport Layer Security) Name: gnutls -Version: 3.7.3 -Release: 3 +Version: 3.7.4 +Release: 1 License: LGPL v2.1+ (libgnutls), LGPL v3+ (libdane), GPL v3+ (openssl library and tools) Group: Libraries Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz -# Source0-md5: 3723d8fee66c5d45d780ca64c089ed23 +# Source0-md5: 4bce06332c525eae540bb237433d4225 Patch0: %{name}-info.patch Patch1: %{name}-link.patch Patch2: %{name}-pl.po-update.patch -Patch3: ktls.patch +Patch3: zstd.patch URL: https://www.gnutls.org/ BuildRequires: autoconf >= 2.63 BuildRequires: automake >= 1:1.12.2 @@ -36,6 +32,7 @@ BuildRequires: gmp-devel %{?with_doc:BuildRequires: gtk-doc >= 1.14} %{?with_guile:BuildRequires: guile-devel >= 5:2.2.0} BuildRequires: libidn2-devel >= 2.0.0 +BuildRequires: libbrotli-devel >= 1.0.0 %{?with_af_alg:BuildRequires: libkcapi-devel >= 1.3.0} BuildRequires: libstdc++-devel BuildRequires: libtasn1-devel >= 4.11 @@ -58,6 +55,7 @@ BuildRequires: tar >= 1:1.22 %{?with_dane:BuildRequires: unbound-devel} BuildRequires: xz BuildRequires: zlib-devel +BuildRequires: zstd-devel >= 1.3.0 Requires: %{name}-libs = %{version}-%{release} %{?with_dane:Requires: %{name}-dane = %{version}-%{release}} BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) @@ -80,13 +78,18 @@ grupę roboczą IETF TLS. Summary: GnuTLS shared libraries Summary(pl.UTF-8): Biblioteki współdzielone GnuTLS Group: Libraries +Requires: libbrotli >= 1.0.0 Requires: libidn2 >= 2.0.0 %{?with_af_alg:Requires: libkcapi >= 1.3.0} Requires: libtasn1 >= 4.11 Requires: nettle >= 3.6 #Requires: opencdk >= 0.6.6 Requires: p11-kit >= 0.23.1 -%{?with_tpm:Requires: trousers-libs >= 0.3.11} +Requires: zstd >= 1.3.0 +# dlopened libtss2-* +%{?with_tpm2:Suggests: tpm2-tss} +# dlopened libtspi +%{?with_tpm:Suggests: trousers-libs >= 0.3.11} Conflicts: gnutls < 3.2.0 %description libs @@ -102,15 +105,16 @@ License: LGPL v2.1+ (libgnutls), GPL v3+ (openssl library) Group: Development/Libraries Requires: %{name}-libs = %{version}-%{release} Requires: gmp-devel +Requires: libbrotli-devel >= 1.0.0 Requires: libidn2-devel Requires: libtasn1-devel >= 4.11 Requires: libunistring-devel Requires: nettle-devel >= 3.6 #Requires: opencdk-devel >= 0.6.6 Requires: p11-kit-devel >= 0.23.1 -%{?with_tpm2:Requires: tpm2-tss-devel} %{?with_tpm:Requires: trousers-devel >= 0.3.11} Requires: zlib-devel +Requires: zstd-devel >= 1.3.0 %description devel Header files etc to develop gnutls applications. @@ -389,7 +393,7 @@ rm -rf $RPM_BUILD_ROOT %files c++ %defattr(644,root,root,755) %attr(755,root,root) %{_libdir}/libgnutlsxx.so.*.*.* -%attr(755,root,root) %ghost %{_libdir}/libgnutlsxx.so.28 +%attr(755,root,root) %ghost %{_libdir}/libgnutlsxx.so.30 %files c++-devel %defattr(644,root,root,755) diff --git a/ktls.patch b/ktls.patch deleted file mode 100644 index 1e6d514..0000000 --- a/ktls.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 0a14dc1b7b52abe458bb9c9bd67d89bec7ebb566 Mon Sep 17 00:00:00 2001 -From: Frantisek Krenzelok -Date: Thu, 27 Jan 2022 13:54:21 +0100 -Subject: [PATCH] KTLS: hotfix - -fixed: keys will be set only when both sockets were enabled for ktls -fixed: session->internals.ktls_enabled left uninitialized for non -ktls-enabled build - -Signed-off-by: Frantisek Krenzelok ---- - lib/handshake.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/lib/handshake.c b/lib/handshake.c -index f65430bbcf..82c895bfde 100644 ---- a/lib/handshake.c -+++ b/lib/handshake.c -@@ -2910,9 +2910,11 @@ int gnutls_handshake(gnutls_session_t session) - } - - #ifdef ENABLE_KTLS -- if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_DUPLEX)) { -+ if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_RECV) || IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND)) { - _gnutls_ktls_set_keys(session); - } -+#else -+ session->internals.ktls_enabled = 0; - #endif - - return 0; --- -GitLab - -From 4828e3923486de2725dc73bf6e6a2db57f94945f Mon Sep 17 00:00:00 2001 -From: Jan Palus -Date: Fri, 28 Jan 2022 11:07:02 +0100 -Subject: [PATCH] ktls: fix _gnutls_ktls_send_control_msg return value - -always returned 0 on success while contract mandates to return number of -bytes sent - -Fixes #1314 - -Signed-off-by: Jan Palus ---- - lib/system/ktls.c | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/lib/system/ktls.c b/lib/system/ktls.c -index 03c94f6f80..7e3cb875ed 100644 ---- a/lib/system/ktls.c -+++ b/lib/system/ktls.c -@@ -267,12 +267,13 @@ int _gnutls_ktls_send_control_msg(gnutls_session_t session, - const char *buf = data; - ssize_t ret; - int sockin, sockout; -+ size_t data_to_send = data_size; - - assert (session != NULL); - - gnutls_transport_get_int2(session, &sockin, &sockout); - -- while (data_size > 0) { -+ while (data_to_send > 0) { - char cmsg[CMSG_SPACE(sizeof (unsigned char))]; - struct msghdr msg = { 0 }; - struct iovec msg_iov; /* Vector of data to send/receive into. */ -@@ -291,7 +292,7 @@ int _gnutls_ktls_send_control_msg(gnutls_session_t session, - msg.msg_controllen = hdr->cmsg_len; - - msg_iov.iov_base = (void *)buf; -- msg_iov.iov_len = data_size; -+ msg_iov.iov_len = data_to_send; - - msg.msg_iov = &msg_iov; - msg.msg_iovlen = 1; -@@ -310,10 +311,10 @@ int _gnutls_ktls_send_control_msg(gnutls_session_t session, - } - - buf += ret; -- data_size -= ret; -+ data_to_send -= ret; - } - -- return 0; -+ return data_size; - } - - int _gnutls_ktls_recv_control_msg(gnutls_session_t session, --- -GitLab - diff --git a/zstd.patch b/zstd.patch new file mode 100644 index 0000000..0f99583 --- /dev/null +++ b/zstd.patch @@ -0,0 +1,11 @@ +--- gnutls-3.7.4/configure.ac.orig 2022-03-17 10:05:02.000000000 +0100 ++++ gnutls-3.7.4/configure.ac 2022-03-18 10:25:53.449148726 +0100 +@@ -1040,7 +1040,7 @@ + if test x$ac_zstd != xno; then + AC_MSG_RESULT(yes) + PKG_CHECK_MODULES(LIBZSTD, [libzstd >= 1.3.0], [with_libzstd=yes], [with_libzstd=no]) +- if test "${with_libzstd}" = "yes" && test "${has_zstd_h}" = "yes"; then ++ if test "${with_libzstd}" = "yes"; then + AC_DEFINE([HAVE_LIBZSTD], 1, [Define if ZSTD compression is enabled.]) + if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then + GNUTLS_REQUIRES_PRIVATE="Requires.private: libzstd" -- 2.43.0