Summary: A TLS protocol implementation. Name: gnutls Version: 1.4.1 Release: 10%{?dist}.1 License: LGPL Group: System Environment/Libraries BuildRequires: libgcrypt-devel >= 1.2.2, gettext BuildRequires: zlib-devel, readline-devel, libtermcap-devel #BuildPrereq: libtasn1-devel #BuildPrereq: opencdk-devel URL: http://www.gnutls.org/ #Source0: ftp://ftp.gnutls.org/pub/gnutls/devel/%{name}-%{version}.tar.gz #Source1: ftp://ftp.gnutls.org/pub/gnutls/devel/%{name}-%{version}.tar.gz.sig # XXX patent tainted SRP code removed. Source0: %{name}-%{version}-nosrp.tar.bz2 Source1: libgnutls-config Patch0: gnutls-1.4.0-nosrp.patch Patch1: gnutls-1.4.1-enable-psk.patch Patch3: gnutls-1.4.2-cve-2006-4790.patch Patch4: gnutls-1.4.1-sa-2008-1.patch Patch5: gnutls-1.4.1-cve-2008-4989.patch Patch6: gnutls-1.4.1-cve-2009-2730.patch Patch7: gnutls-1.4.1-cve-2009-2409.patch Patch8: gnutls-1.4.1-cve-2009-3555.patch Patch9: gnutls-1.4.1-tolerant-client.patch Patch10: gnutls-1.4.1-client-crash.patch Patch11: gnutls-1.4.1-cve-2011-4128.patch Patch12: gnutls-1.4.1-cve-2012-1569.patch Patch13: gnutls-1.4.1-cve-2012-1573.patch Patch14: gnutls-1.4.1-certtool-request.patch Patch15: gnutls-1.4.1-subject-dn.patch Patch16: gnutls-1.4.1-cve-2013-1619.patch BuildRoot: %{_tmppath}/%{name}-root Requires: libgcrypt >= 1.2.2 %package devel Summary: Development files for the %{name} package. Group: Development/Libraries Requires: %{name} = %{version}-%{release} Requires: libgcrypt-devel Requires: zlib-devel Requires: pkgconfig %package utils Summary: Command line tools for TLS protocol. Group: Applications/System Requires: %{name} = %{version}-%{release} %description GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implements the proposed standards by the IETF's TLS working group. %description devel GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implements the proposed standards by the IETF's TLS working group. This package contains files needed for developing applications with the GnuTLS library. %description utils GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implements the proposed standards by the IETF's TLS working group. This package contains command line TLS client and server and certificate manipulation tools. %prep %setup -q %patch0 -p1 -b .nosrp %patch1 -p1 -b .enable-psk %patch3 -p1 -b .no-params %patch4 -p1 -b .sa-2008-1 %patch5 -p1 -b .chain-verify %patch6 -p1 -b .decoding %patch7 -p1 -b .nomd2 %patch8 -p1 -b .reneg %patch9 -p1 -b .tolerant %patch10 -p1 -b .crash %patch11 -p1 -b .data-size %patch12 -p1 -b .length-check %patch13 -p1 -b .packet %patch14 -p1 -b .request %patch15 -p1 -b .subject-dn %patch16 -p1 -b .lucky13 for i in auth_srp_rsa.c auth_srp_sb64.c auth_srp_passwd.c auth_srp.c gnutls_srp.c ext_srp.c; do touch lib/$i done %build %configure --with-included-opencdk --with-included-libtasn1 --with-included-libcfg --with-included-lzo --disable-srp-authentication make %install rm -fr $RPM_BUILD_ROOT %makeinstall rm -f $RPM_BUILD_ROOT%{_bindir}/srptool rm -f $RPM_BUILD_ROOT%{_bindir}/gnutls-srpcrypt cp -f %{SOURCE1} $RPM_BUILD_ROOT%{_bindir}/libgnutls-config cp -f %{SOURCE1} $RPM_BUILD_ROOT%{_bindir}/libgnutls-extra-config rm -f $RPM_BUILD_ROOT%{_mandir}/man1/srptool.1 rm -f $RPM_BUILD_ROOT%{_mandir}/man3/*srp* rm -f $RPM_BUILD_ROOT%{_infodir}/dir rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %find_lang %{name} %check make check %clean rm -fr $RPM_BUILD_ROOT %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %post devel if [ -f %{_infodir}/gnutls.info.gz ]; then /sbin/install-info %{_infodir}/gnutls.info.gz %{_infodir}/dir fi %preun devel if [ $1 = 0 -a -f %{_infodir}/gnutls.info.gz ]; then /sbin/install-info --delete %{_infodir}/gnutls.info.gz %{_infodir}/dir fi %files -f %{name}.lang %defattr(-,root,root) %{_libdir}/*.so.* %files devel %defattr(-,root,root) %{_bindir}/libgnutls*-config %{_includedir}/* %{_libdir}/*.a %{_libdir}/*.so %{_datadir}/aclocal/* %{_libdir}/pkgconfig/*.pc %{_mandir}/man3/* %{_infodir}/gnutls* %files utils %defattr(-,root,root) %{_bindir}/certtool %{_bindir}/psktool %{_bindir}/gnutls* %{_mandir}/man1/* %changelog * Thu Feb 21 2013 Tomas Mraz <tmraz@redhat.com> 1.4.1-10.1 - fix CVE-2013-1619 - fix TLS-CBC timing attack (#908238) * Wed Jun 6 2012 Tomas Mraz <tmraz@redhat.com> 1.4.1-10 - do not generate invalid certificate requests without challenge password - store subject DN instead of issuer DN in the CA list * Thu Mar 22 2012 Tomas Mraz <tmraz@redhat.com> 1.4.1-9 - fix CVE-2011-4128 - buffer overflow in gnutls_session_get_data() (#752308) - fix CVE-2012-1569 - missing length check when decoding DER lengths (#804920) - fix CVE-2012-1573 - security issue in packet parsing (#805432) * Wed Feb 8 2012 Tomas Mraz <tmraz@redhat.com> 1.4.1-8 - fix multiple possible NULL dereferences and other problems that can potentially lead to segfault in the client * Tue Mar 9 2010 Tomas Mraz <tmraz@redhat.com> 1.4.1-7 - fix safe renegotiation on SSL3 protocol * Wed Mar 3 2010 Tomas Mraz <tmraz@redhat.com> 1.4.1-6 - implement safe renegotiation - CVE-2009-3555 (#533125) - do not allow MD2 in certificate signatures by default - CVE-2009-2409 (#510197) * Fri Aug 14 2009 Tomas Mraz <tmraz@redhat.com> 1.4.1-5 - fix NUL characters in DN and SAN cert fields issue, make sure gnutls_x509_crt_check_hostname() fails when certificate has no CN or SAN CVE-2009-2730 (#516231) * Tue Nov 11 2008 Tomas Mraz <tmraz@redhat.com> 1.4.1-4 - fix chain verification issue CVE-2008-4989 (#470079) * Tue May 20 2008 Tomas Mraz <tmraz@redhat.com> 1.4.1-3 - fix three security issues in gnutls handshake - GNUTLS-SA-2008-1 (#447461, #447462, #447463) * Thu Sep 14 2006 Tomas Mraz <tmraz@redhat.com> 1.4.1-2 - detect forged signatures - CVE-2006-4790 (#206411), patch from upstream * Tue Jul 18 2006 Tomas Mraz <tmraz@redhat.com> - 1.4.1-1 - upgrade to new upstream version, only minor changes * Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.4.0-1.1 - rebuild * Wed Jun 14 2006 Tomas Mraz <tmraz@redhat.com> - 1.4.0-1 - upgrade to new upstream version (#192070), rebuild of dependent packages required * Tue May 16 2006 Tomas Mraz <tmraz@redhat.com> - 1.2.10-2 - added missing buildrequires * Mon Feb 13 2006 Tomas Mraz <tmraz@redhat.com> - 1.2.10-1 - updated to new version (fixes CVE-2006-0645) * Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.2.9-3.2 - bump again for double-long bug on ppc(64) * Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.2.9-3.1 - rebuilt for new gcc4.1 snapshot and glibc changes * Tue Jan 3 2006 Jesse Keating <jkeating@redhat.com> 1.2.9-3 - rebuilt * Fri Dec 9 2005 Tomas Mraz <tmraz@redhat.com> 1.2.9-2 - replaced *-config scripts with calls to pkg-config to solve multilib conflicts * Wed Nov 23 2005 Tomas Mraz <tmraz@redhat.com> 1.2.9-1 - upgrade to newest upstream - removed .la files (#172635) * Sun Aug 7 2005 Tomas Mraz <tmraz@redhat.com> 1.2.6-1 - upgrade to newest upstream (rebuild of dependencies necessary) * Mon Jul 4 2005 Tomas Mraz <tmraz@redhat.com> 1.0.25-2 - split the command line tools to utils subpackage * Sat Apr 30 2005 Tomas Mraz <tmraz@redhat.com> 1.0.25-1 - new upstream version fixes potential DOS attack * Sat Apr 23 2005 Tomas Mraz <tmraz@redhat.com> 1.0.24-2 - readd the version script dropped by upstream * Fri Apr 22 2005 Tomas Mraz <tmraz@redhat.com> 1.0.24-1 - update to the latest upstream version on the 1.0 branch * Wed Mar 2 2005 Warren Togami <wtogami@redhat.com> 1.0.20-6 - gcc4 rebuild * Tue Jan 4 2005 Ivana Varekova <varekova@redhat.com> 1.0.20-5 - add gnutls Requires zlib-devel (#144069) * Mon Nov 08 2004 Colin Walters <walters@redhat.com> 1.0.20-4 - Make gnutls-devel Require libgcrypt-devel * Tue Sep 21 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-3 - rebuild with release++, otherwise unchanged. * Tue Sep 7 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-2 - patent tainted SRP code removed. * Sun Sep 5 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-1 - update to 1.0.20. - add --with-included-opencdk --with-included-libtasn1 - add --with-included-libcfg --with-included-lzo - add --disable-srp-authentication. - do "make check" after build. * Fri Mar 21 2003 Jeff Johnson <jbj@redhat.com> 0.9.2-1 - upgrade to 0.9.2 * Tue Jun 25 2002 Jeff Johnson <jbj@redhat.com> 0.4.4-1 - update to 0.4.4. * Fri Jun 21 2002 Tim Powers <timp@redhat.com> - automated rebuild * Sat May 25 2002 Jeff Johnson <jbj@redhat.com> 0.4.3-1 - update to 0.4.3. * Tue May 21 2002 Jeff Johnson <jbj@redhat.com> 0.4.2-1 - update to 0.4.2. - change license to LGPL. - include splint annotations patch. * Tue Apr 2 2002 Nalin Dahyabhai <nalin@redhat.com> 0.4.0-1 - update to 0.4.0 * Thu Jan 17 2002 Nalin Dahyabhai <nalin@redhat.com> 0.3.2-1 - update to 0.3.2 * Wed Jan 10 2002 Nalin Dahyabhai <nalin@redhat.com> 0.3.0-1 - add a URL * Wed Dec 20 2001 Nalin Dahyabhai <nalin@redhat.com> - initial package