Compare commits

...
Sign in to create a new pull request.

123 commits

Author SHA1 Message Date
Yaakov Selkowitz
cbe66ee3a7 Restore gmp tarball to sources 2025-11-25 09:54:16 -05:00
Yaakov Selkowitz
33160d08cb Drop RHEL10-specific patch
The test was fixed to be FIPS-compliant:

https://gitlab.com/gnutls/gnutls/-/merge_requests/1932
2025-11-25 14:42:39 +00:00
Alexander Sosedkin
98206a06fe Disable native assembly to work around bz2416812 2025-11-25 10:30:27 +01:00
Daniel P. Berrangé
c5fcada2f3 Add missing Provides: bundled(..) for gmp & leancrypto
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-11-21 16:14:40 +09:00
Daiki Ueno
9f95ff6e69 Remove unnecessary PKG_CONFIG_PATH setting
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2025-11-21 16:12:20 +09:00
Daiki Ueno
3078b09e41 Enable crypto-auditing probes
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2025-11-21 11:48:31 +09:00
Daiki Ueno
7441432f8c Minor fixes to spec file and packit configuration
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2025-11-21 11:48:21 +09:00
Daiki Ueno
000d285047 Update to 3.8.11 upstream release
- Resolves: rhbz#2416041

Upstream tag: 3.8.11
Upstream commit: b841c70e

Commit authored by Packit automation (https://packit.dev/)
2025-11-20 19:40:16 +09:00
Krenzelok Frantisek
92cc61b531 Revert "Enable kTLS by default"
This reverts commit 330d52f8da.
2025-08-26 17:33:12 +02:00
Krenzelok Frantisek
330d52f8da Enable kTLS by default
Resolves: rhbz#2130000

- https://fedoraproject.org/wiki/Changes/KTLSSupportForGnuTLS.
- kTLS is now enabled by default if all requirements are met.
- Modify the docs to reflect the change of defaults.
- Picked-up a patch that fixes state transition in the KTLS code path.
2025-08-25 17:39:12 +02:00
Zoltan Fridrich
7be798d940 Rebuild
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2025-07-29 15:04:46 +02:00
Fedora Release Engineering
b690a96329 Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild 2025-07-23 22:53:49 +00:00
Daiki Ueno
e45aaed8ab Update to 3.8.10 upstream release
Also update the bundled leancrypto to 1.5.0.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
2025-07-10 05:48:08 +09:00
Yaakov Selkowitz
25f7cc5fad Fix build on kernel 6.14+
kTLS KeyUpdate is supported as of this version, leading to the
ktls_keyupdate.sh being able to pass thereon, and therefore
the builder's kernel must now be checked here too.

https://gitlab.com/gnutls/gnutls/-/merge_requests/1934
2025-07-06 18:20:47 -04:00
Daiki Ueno
5bef1c86aa Update leancrypto to 1.3.0
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2025-04-02 17:34:52 +09:00
Peter Robinson
c3aaff5c62 Bump for gmp build 2025-03-30 11:46:20 +01:00
Zoltan Fridrich
63494651c6 Rebuild GnuTLS
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2025-03-03 11:17:54 +01:00
Daiki Ueno
6ea0d5328d Bump nettle dependency to 3.10.1
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2025-02-17 10:32:20 +09:00
Daiki Ueno
b5e51ef2d2 Rebuild against nettle 3.10.1
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2025-02-14 14:58:10 +09:00
Daiki Ueno
9c5597be5c Switch from liboqs to leancrypto
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2025-02-10 18:17:05 +09:00
Daiki Ueno
6c3a0c118e Update to gnutls 3.8.9 release
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2025-02-10 11:04:35 +09:00
Yaakov Selkowitz
e026bdad11 Fix ELN build
The bundled gmp (for RHEL builds) needs a C23 fix for a configure test:

https://src.fedoraproject.org/rpms/gmp/pull-request/8

Also, one test needs to be modified as the DEFAULT crypto policy rejects
TLS ciphers with RSA key exchange in RHEL 10:

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10-beta/html/considerations_in_adopting_rhel_10/security#security
2025-02-05 11:30:38 -05:00
Daiki Ueno
c25fdb6fa9 Disable GOST in RHEL-9 or later
Resolves: RHEL-56919
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2025-01-22 23:17:41 -05:00
Fedora Release Engineering
8d60243b00 Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild 2025-01-16 23:06:20 +00:00
Daiki Ueno
abb8fe2e0b Update to 3.8.8 upstream release
- Resolves: rhbz#2323786

Upstream tag: 3.8.8
Upstream commit: 40267b5e

Commit authored by Packit automation (https://packit.dev/)
2024-11-05 16:44:35 +09:00
Daiki Ueno
db84cc7c55 Fix build with latest mingw-gcc
mingw{32,64}-cpp are not installed by default, and
--enable-local-libopts should be unnecessary, as we have switched away
from autogen.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-11-05 16:40:46 +09:00
Daiki Ueno
a9b00cffcc Update downstream patches for 3.8.8
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-11-05 14:51:06 +09:00
Daiki Ueno
f89c924634 Remove distribution suffix before updating to 3.8.8
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-11-05 14:20:20 +09:00
Richard W.M. Jones
760d4e32b2 Remove mingw p11tool.exe
Without mingw-p11-kit we don't build this.
2024-09-13 08:34:18 +01:00
Richard W.M. Jones
9ca47ed49e Remove mingw-p11-kit dependency (RHBZ#2312031) 2024-09-12 22:12:02 +01:00
Daiki Ueno
7d85f31654 Stop pulling in compression libraries through gnutls.pc
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-08-16 10:59:05 +09:00
Daiki Ueno
e9fcd31237 Update to 3.8.7 upstream release
- Resolves: rhbz#2305086

Upstream tag: 3.8.7
Upstream commit: 994d9392

Commit authored by Packit automation (https://packit.dev/)
2024-08-15 21:03:31 +09:00
Daiki Ueno
39c1bd20e2 Remove upstreamed patches before updating to 3.8.7
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-08-15 16:56:19 +09:00
Daiki Ueno
e8ce92f749 liboqs: check whether Kyber768 is compiled in
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-07-29 09:03:27 +09:00
Daiki Ueno
37c03f7739 Fix configure check on nettle_rsa_oaep_* functions
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-07-26 15:49:32 +09:00
Daiki Ueno
b07c9547ba Enable X25519Kyber768Draft00 key exchange in TLS
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-07-24 18:06:03 +09:00
Daiki Ueno
ee639ed085 Switch to using dlwrap for loading compression libraries
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-07-22 20:42:21 +09:00
Yaakov Selkowitz
7e61bcbcbd Fix FIPS build with RPM 4.20
The FIPS build runs *_install_post commands early during %install so that
the binaries will not be modified after running fipshmac, since those
commands are supposed to be no-op if re-run.  However, __debug_install_post
is only run if __debug_package is defined, which is triggered by the
automatic creation of the debuginfo subpackage where appropriate.

Previously, a hack in redhat-rpm-config caused this to be enabled by
%install, but with RPM 4.20 this is no longer needed, and the hack was
removed from redhat-rpm-config for F41.  On Fedora builds,
%mingw_debug_package triggers this and therefore it still builds, but ELN
is build without mingw and therefore there now is nothing to trigger the
debuginfo generation during %install.  As a result, the binaries would just
be stripped without any debuginfo generation during the first run, leaving
nothing to detect in the second run, and the build would fail for lack of
debug symbols/sources.

https://github.com/rpm-software-management/rpm/issues/2204
https://src.fedoraproject.org/rpms/redhat-rpm-config/c/7a1571ee808ba13b129eab7a7ed3869e77740c3e
2024-07-19 15:55:26 -04:00
Fedora Release Engineering
1dcd42a32e Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild 2024-07-18 03:21:01 +00:00
Daiki Ueno
e1613e89be Bump nettle dependency to 3.10
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-07-09 01:35:31 +09:00
Zoltan Fridrich
d44882c396 Update to 3.8.6 upstream release
Upstream tag: 3.8.6
Upstream commit: cd953cfa

Commit authored by Packit automation (https://packit.dev/)
2024-07-03 15:57:21 +02:00
Zoltan Fridrich
113f492765 Build with certificate compression enabled
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2024-06-17 11:55:48 +02:00
Daiki Ueno
87c3926250 Bump release to build against newer nettle
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-06-17 12:43:43 +09:00
Alexander Sosedkin
595be10e4d Add gmp tarball to sources file, add gmp patch 2024-05-16 13:32:15 +02:00
Daiki Ueno
bee7049a8a Add bcond to statically link to GMP
In CentOS Stream 9 and RHEL 9, we link to libgmp statically to ensure
zeroization of internally allocated memory areas according to FIPS
140-3. This ports the ability to Fedora, in a way it is configured
with a `--with bundled_gmp` build conditional.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-05-14 15:02:19 +09:00
Daiki Ueno
42b10964b0 Add virtual package to pull in nettle/gmp dependencies for FIPS
This adds a new subpackage `gnutls-fips` with strict version
requirements to nettle and gmp under FIPS, as gnutls now calculates
library integrity (HMAC) over those libraries.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-04-24 15:23:17 +09:00
Zoltan Fridrich
ab660a5e4e [packit] 3.8.5 upstream release
Upstream tag: 3.8.5
Upstream commit: 49f4ae21
2024-04-04 15:30:28 +02:00
Zoltan Fridrich
510f2c8050 [packit] 3.8.4 upstream release
- Resolves rhbz#2270320

Upstream tag: 3.8.4
Upstream commit: 4a4cefef
2024-03-20 13:21:37 +01:00
Zoltan Fridrich
25900e352d Fix mingw build failure
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2024-02-22 18:15:37 +01:00
Zoltan Fridrich
c5694f3e42 Update keyring
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2024-01-24 10:10:45 +01:00
Zoltan Fridrich
da7f0db0fe [packit] 3.8.3 upstream release
Upstream tag: 3.8.3
Upstream commit: 2f04c14d
2024-01-23 10:28:06 +01:00
Fedora Release Engineering
c42ee03de2 Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-19 23:15:46 +00:00
Simon de Vlieger
be817c2d2d
Bump Nettle dependency.
GnuTLS depends on symbols from a newer version of Nettle (3.9).

Signed-off-by: Simon de Vlieger <cmdr@supakeen.com>
2023-12-12 10:58:20 +01:00
Daiki Ueno
23ac5676a4 Tentatively revert newly added Ed448 keys support in PKCS#11
To fix regression with Ed25519 reported in:
https://gitlab.com/gnutls/gnutls/-/issues/1515

Signed-off-by: Daiki Ueno <dueno@redhat.com>
2023-12-01 17:44:03 +09:00
Daiki Ueno
7543c5d148 [packit] 3.8.2 upstream release
Upstream tag: 3.8.2
Upstream commit: e840a07f
2023-11-22 15:23:57 +09:00
Daiki Ueno
5e97cebf83 Remove patches no longer needed in 3.8.2
Also use XFAIL_TESTS envvar to skip ktls_keyupdate.sh, instead of
patching the source code.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
2023-11-22 14:41:15 +09:00
Daiki Ueno
d7d09eb023 Skip KTLS test if the host kernel is older than 5.11
The ktls.sh test currently only supports kernel 5.11+.  This needs to
be checked at run time, as the koji builder might be using a different
version of kernel on the host than the one indicated by the
kernel-devel package.

Resolves: #2247135
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2023-11-10 05:39:53 +09:00
Stephen Gallagher
a4ef955090 Don't build with SRP on RHEL
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2023-08-29 09:39:14 -04:00
Zoltan Fridrich
a0ef9addb1 [packit] 3.8.1 upstream release
Upstream tag: 3.8.1
Upstream commit: 513570a5
2023-08-25 14:06:59 +02:00
Daiki Ueno
44afab5191 Migrate License field to SPDX license identifier
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2023-08-24 10:19:38 +09:00
Fedora Release Engineering
e4e388800c Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-07-19 23:57:26 +00:00
Peter Leitmann
2f8c73c631 Add TMT interop tests 2023-05-23 14:27:14 +00:00
Daiki Ueno
6a9f55ef66 Fix leftover of the previous %bcond change
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2023-04-13 20:09:49 +09:00
Daiki Ueno
82e473e933 Use %bcond instead of %global for srp and mingw support
This makes it possible to build the package with/without those
features, through rpmbuild --with/--without.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
2023-04-11 19:38:39 +09:00
Richard W.M. Jones
e99bcaff78 Fix desychronisation with kTLS:
https://gitlab.com/gnutls/gnutls/-/issues/1470
2023-03-11 07:32:46 +00:00
Daniel P. Berrangé
e361bb292d Disable GNULIB's year2038 support for 64-bit time_t
GNUTLS exposes time_t in its public API and thus the size of time_t
is ABI relevant. It can't be changed in size without breaking
ABI compatibility with applications built against GNUTLS that use
the default time_t size.

https://gitlab.com/gnutls/gnutls/-/issues/1466
https://bugzilla.redhat.com/show_bug.cgi?id=2174758
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-03-02 11:53:34 +00:00
Zoltan Fridrich
b08c1d3cb5 [packit] 3.8.0 upstream release
Upstream tag: 3.8.0
Upstream commit: 516e466b

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2023-02-16 11:14:30 +01:00
Zoltan Fridrich
9df43c9df7 Prepare for release
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2023-02-14 15:01:58 +01:00
Frantisek Krenzelok
a9d1c50f1a
KTLS: disable ktls_keyupdate & tls1.2 chachapoly tests
There seems to be a kernel specific issues with CHACHA20-POLY1305 for
TLS 1.2 [1]

The test fails without a needed kernel patch

[1] https://gitlab.com/gnutls/gnutls/-/issues/1443

Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
2023-01-20 21:55:56 +01:00
Frantisek Krenzelok
c1f8e66db2
KTLS additional ciphersuites
Key update supported for patched kernels [1]

Configuration option `ktls = false` [2]

following ciphersuites are now supported: [3]
* TLS_AES_128_CCM_SHA256
* TLS_CHACHA20_POLY1305_SHA256

Ivalidate session on KTLS error as there is no way to recover and new
sockets as well as session have to be created. [4]

[1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1625
[2] https://gitlab.com/gnutls/gnutls/-/merge_requests/1673/diffs?commit_id=aefd7319c0b7b2410d06238246b7755b289e4837
[3] https://gitlab.com/gnutls/gnutls/-/merge_requests/1676
[4] https://gitlab.com/gnutls/gnutls/-/merge_requests/1664

Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
2023-01-20 19:17:15 +01:00
Fedora Release Engineering
d401f95817 Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-01-19 05:48:39 +00:00
Frantisek Krenzelok
0596993205
gcc-analyzer: suppress warnings
gcc analyzer causes issues in CI, this commit from upstream should fix it

Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
2022-12-14 14:15:49 +01:00
Daniel P. Berrangé
5aa020da73 Cross-compiled mingw sub-RPMs should be 'noarch'
Their contents should be identical (bar timestamps) regardless of which
host build arch is used, since we're cross compiling.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-10-27 16:52:20 +01:00
Zoltan Fridrich
ccfb815fcf Add conditions for mingw
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2022-10-19 10:23:40 +02:00
Michael Cronenworth
cbaa7ad9b2 Merge branch 'mingw-merge' of ssh://pkgs.fedoraproject.org/forks/mooninite/rpms/gnutls into mingw-merge
# Conflicts:
#	gnutls.spec
2022-10-18 11:18:34 -05:00
Michael Cronenworth
86c02ce9dc Initial MinGW package support
Merge the mingw-gnutls package into the native one.
2022-10-18 11:16:48 -05:00
Zoltan Fridrich
9ba1f58c0f Use make macros
Co-authored-by: Tom Stellard <tstellar@redhat.com>
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2022-10-18 15:39:06 +00:00
Zoltan Fridrich
8f2a1d9b48 Merge #59 Update release keyring 2022-10-18 15:34:57 +00:00
Zoltan Fridrich
30a64d9273 Update release keyring
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2022-10-18 17:12:26 +02:00
Anderson Toshiyuki Sasaki
b9c750507f Enable gating and add FIPS smoke test 2022-10-18 14:30:24 +00:00
Daiki Ueno
2161d1913b Revert to not ignore errors in gpgverify
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2022-10-18 14:11:46 +00:00
Zoltan Fridrich
2d72c1273b [packit] 3.7.8 upstream release
Upstream tag: 3.7.8
Upstream commit: f527ed0e

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2022-10-18 14:25:18 +02:00
Michael Cronenworth
9f78d04c90 Initial MinGW package support
Merge the mingw-gnutls package into the native one.
2022-09-06 15:59:39 -05:00
Daiki Ueno
a64b049712 Port packaging changes from CentOS Stream 9
This adds the following cleanups:
- Conditionalize features with bcond: tpm2, certificate_compression, and tests
- Remove leftover libopts cleanup
- Move autoreconf invocation from %prep to %build, to speed up fedpkg prep
- Switch to using %autosetup -S git
- Ignore errors in gpgverify to work around build under FIPS
- Support FIPS module version

Signed-off-by: Daiki Ueno <dueno@redhat.com>
2022-08-26 21:07:11 +09:00
Zoltan Fridrich
9936110449 [packit] 3.7.7 upstream release
Upstream tag: 3.7.7
Upstream commit: 6231f181

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2022-07-29 12:48:05 +02:00
Frantisek Krenzelok
bde9494b1b KTLS supported by default config
KTLS is now supported/included by default.

gnutls-3.7.6-ktls-disabled-by-default.patch:
    KTLS is disabled by default and can be enabled by adding
    `ktls = true` in [global] section of system-wide configuration file.

gnutls-3.7.6-ktls-minor-fixes.patch: minor fixes

Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
2022-07-27 14:56:10 +02:00
Fedora Release Engineering
388fbfd381 Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-21 07:12:43 +00:00
Daiki Ueno
f9ad674ef4 rebuild with nettle 3.8 for fipshmac 2022-06-22 09:20:12 +09:00
Alexander Sosedkin
eaf4e9d2cd Drop fipscheck build dependency since we use internal tool 2022-06-09 14:15:13 +02:00
Daiki Ueno
4350c1e186 Fix %autorelease usage
The deprecated %autorel has been no-op since rpmautospec 0.2.  Also
put %{?dist} inside the fallback conditional as suggested:
https://packit.dev/docs/faq/#does-packit-work-with-rpmautospec
2022-06-03 16:45:50 +09:00
Zoltan Fridrich
f080bc92ec [packit] 3.7.6 upstream release
Upstream tag: 3.7.6
Upstream commit: 1f8b1ff2

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2022-05-27 14:01:14 +02:00
Alexander Sosedkin
960c18ac9e Fix hmac calculation:
* use the new format/location
* do not redefine __spec_install_post which we should not have visibility into,
  instead call it twice, which should be safe
2022-05-18 19:25:53 +02:00
Zoltan Fridrich
b4e5f3f89f [packit] 3.7.5 upstream release
Upstream tag: 3.7.5
Upstream commit: 96ce6ad4

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2022-05-17 07:57:16 +02:00
Zoltan Fridrich
c8d9176d27 Add dist tag to release
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2022-04-26 11:28:27 +02:00
Zoltan Fridrich
51d4b1440b [packit] 3.7.4 upstream release
Upstream tag: 3.7.4
Upstream commit: c46725bc

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2022-04-25 16:54:43 +02:00
Zoltan Fridrich
4ef1497ac4 Adjust macros
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2022-04-25 14:04:23 +02:00
Zoltan Fridrich
58cc7dbef0 Use rpmautospec
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2022-04-19 15:44:56 +02:00
Zoltan Fridrich
505c517370 Add gpgkey due to packit
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2022-04-14 12:20:57 +02:00
Fedora Release Engineering
4b09fb236c - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-20 06:53:57 +00:00
Daiki Ueno
2244afa0e8 Update to upstream 3.7.3 release
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2022-01-18 12:09:11 +01:00
Daiki Ueno
beca303c29 Add build-time conditional for GOST cryptography support
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2022-01-18 09:56:26 +01:00
Daiki Ueno
eaa69df8d9 Add build-time conditional for TPM 1.2 support
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2022-01-18 09:56:08 +01:00
Fedora Release Engineering
cb40e7efef - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-22 02:30:57 +00:00
Daiki Ueno
64c7d6867d Update to upstream 3.7.2 release 2021-05-29 16:06:11 +02:00
Daiki Ueno
6d9878cbb2 Switch to using %gpgverify macro 2021-03-28 08:59:25 +02:00
Daiki Ueno
0ef0aa89fa Use correct source URL 2021-03-28 08:55:38 +02:00
Daiki Ueno
46d865d845 hobble-gnutls: Remove SRP removal
The SRP patent expired in May 2015 so this doesn't make any sense.

We actually haven't used this hobble-gnutls script since 3.5.12 update
in 2017:
https://src.fedoraproject.org/rpms/gnutls/c/5651d6db313d5d2a15f7efe6b05c7eb85cfdb30b

OpenSSL also does no longer disable it since:
https://src.fedoraproject.org/rpms/openssl/c/1ff978b22e53e729cb86c4b8783b2d13cf3734b6
2021-03-28 08:55:38 +02:00
Daiki Ueno
c13cb3cf69 libpkcs11mock1.* is not installed anymore 2021-03-28 08:55:38 +02:00
Daiki Ueno
39ffb6cb21 Remove %defattr invocations which are no longer necessary 2021-03-28 08:55:37 +02:00
Daiki Ueno
9bbca443d6 Temporarily restore fipscheck dependency
This seems to be causing self-test failure in FIPS mode:
https://gitlab.com/gnutls/gnutls/-/issues/1191
2021-03-16 08:13:43 +01:00
Daiki Ueno
8841f0c3cb Update to upstream 3.7.1 release
Also remove fipscheck dependency, as it is now calculated with an
internal tool.
2021-03-13 17:29:17 +01:00
Daiki Ueno
9afae358ed Tolerate duplicate certs in the chain also with PKCS #11 trust store 2021-03-05 12:16:43 +01:00
Daiki Ueno
7e113a5794 Reduce BRs for non-bootstrapping build
Also disable guile tweaks if it's not enabled and remove non-existing
build-time options from configure command-line.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
2021-03-02 10:43:00 +01:00
Daiki Ueno
25ae742c52 Tolerate duplicate certs in the chain 2021-02-10 16:42:27 +01:00
Daiki Ueno
07736fd804 Update to 3.7.0 upstream release 2021-02-10 14:16:17 +01:00
Daiki Ueno
868ffea2e1 Fix broken tests on rawhide (#1908110) 2021-01-26 11:26:20 +01:00
Fedora Release Engineering
2a8763ec3a - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-26 08:54:44 +00:00
Tom Stellard
0eb271a9f5 Add BuildRequires: make
https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot
2021-01-05 05:13:32 +00:00
Jeff Law
6b130b528a - Re-enable LTO now that upstream GCC bugs have been fixed 2020-09-28 14:57:38 -06:00
Daiki Ueno
0e56ef2311 Port Gnulib test fixes from upstream 2020-09-04 13:13:24 +02:00
Daiki Ueno
655fab0edb Remove unnecessary patches and bootstrapping process 2020-09-04 12:51:12 +02:00
Daiki Ueno
aa2ff1da12 Update to the upstream 3.6.15 release 2020-09-04 12:47:44 +02:00
Jeff Law
f21c1c5adf Disable LTO on ppc64le 2020-08-17 22:15:19 -06:00
28 changed files with 11802 additions and 1130 deletions

1
.fmf/version Normal file
View file

@ -0,0 +1 @@
1

48
.gitignore vendored
View file

@ -126,4 +126,50 @@ gnutls-2.10.1-nosrp.tar.bz2
/gnutls-3.6.13.tar.xz
/gnutls-3.6.14.tar.xz
/gnutls-3.6.14.tar.xz.sig
/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
/gnutls-3.6.15.tar.xz
/gnutls-3.6.15.tar.xz.sig
/gnutls-3.7.0.tar.xz
/gnutls-3.7.0.tar.xz.sig
/gnutls-3.7.1.tar.xz
/gnutls-3.7.1.tar.xz.sig
/gnutls-3.7.2.tar.xz
/gnutls-3.7.2.tar.xz.sig
/gnutls-3.7.3.tar.xz
/gnutls-3.7.3.tar.xz.sig
/gnutls-3.7.4.tar.xz
/gnutls-3.7.5.tar.xz
/gnutls-3.7.6.tar.xz
/gnutls-3.7.7.tar.xz
/gnutls-3.7.8.tar.xz
/gnutls-3.8.0.tar.xz
/gnutls-3.8.0.tar.xz.sig
/gnutls-release-keyring.gpg
/gnutls-3.8.1.tar.xz
/gnutls-3.8.1.tar.xz.sig
/gnutls-3.8.2.tar.xz
/gnutls-3.8.2.tar.xz.sig
/gnutls-3.8.3.tar.xz
/gnutls-3.8.3.tar.xz.sig
/gnutls-3.8.4.tar.xz
/gnutls-3.8.4.tar.xz.sig
/gnutls-3.8.5.tar.xz
/gnutls-3.8.5.tar.xz.sig
/gnutls-3.8.6.tar.xz
/gnutls-3.8.6.tar.xz.sig
/gmp-6.2.1.tar.xz
/gnutls-3.8.7.tar.xz
/gnutls-3.8.7.tar.xz.sig
/gnutls-3.8.7.1.tar.xz
/gnutls-3.8.7.1.tar.xz.sig
/gnutls-3.8.8.tar.xz
/gnutls-3.8.8.tar.xz.sig
/gnutls-3.8.9.tar.xz
/gnutls-3.8.9.tar.xz.sig
/leancrypto-1.2.0.tar.gz
/leancrypto-1.3.0.tar.gz
/gnutls-3.8.10.tar.xz
/gnutls-3.8.10.tar.xz.sig
/leancrypto-1.5.0.tar.gz
/gnutls-3.8.11.tar.xz
/gnutls-3.8.11.tar.xz.sig
/leancrypto-1.6.0.tar.gz

31
.packit.yaml Normal file
View file

@ -0,0 +1,31 @@
# See the documentation for more information:
# https://packit.dev/docs/configuration/
specfile_path: gnutls.spec
files_to_sync:
- .packit.yaml
- gnutls.spec
upstream_project_url: https://gitlab.com/gnutls/gnutls
upstream_package_name: gnutls
downstream_package_name: gnutls
actions:
post-upstream-clone:
- "wget https://src.fedoraproject.org/rpms/gnutls/raw/main/f/gnutls.spec"
- "wget https://src.fedoraproject.org/rpms/gnutls/raw/main/f/gnutls-3.2.7-rpath.patch"
get-current-version:
- "git describe --abbrev=0"
create-archive:
- |
bash -c "wget https://www.gnupg.org/ftp/gcrypt/gnutls/v$(expr $PACKIT_PROJECT_VERSION : '^\([0-9]*\.[0-9]*\)')/gnutls-${PACKIT_PROJECT_VERSION}.tar.xz"
- |
bash -c "wget https://www.gnupg.org/ftp/gcrypt/gnutls/v$(expr $PACKIT_PROJECT_VERSION : '^\([0-9]*\.[0-9]*\)')/gnutls-${PACKIT_PROJECT_VERSION}.tar.xz.sig"
- bash -c "echo gnutls-${PACKIT_PROJECT_VERSION}.tar.xz"
- bash -c "echo gnutls-${PACKIT_PROJECT_VERSION}.tar.xz.sig"
jobs:
- job: propose_downstream
trigger: release
dist_git_branches: fedora-all

3
README.packit Normal file
View file

@ -0,0 +1,3 @@
This repository is maintained by packit.
https://packit.dev/
The file was generated using packit 1.12.0.

815
changelog Normal file
View file

@ -0,0 +1,815 @@
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.7.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Jan 18 2022 Daiki Ueno <dueno@redhat.com> - 3.7.3-1
- Update to upstream 3.7.3 release
- Remove dependency on autogen
- Add build-time conditionals for TPM 1.2 and GOST cryptography
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.7.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Sat May 29 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-1
- Update to upstream 3.7.2 release
* Sun Mar 28 2021 Daiki Ueno <dueno@redhat.com> - 3.7.1-3
- Remove %%defattr invocations which are no longer necessary
- libpkcs11mock1.* is not installed anymore
- hobble-gnutls: Remove SRP removal
- Use correct source URL
- Switch to using %%gpgverify macro
* Tue Mar 16 2021 Daiki Ueno <dueno@redhat.com> - 3.7.1-2
- Restore fipscheck dependency
* Sat Mar 13 2021 Daiki Ueno <dueno@redhat.com> - 3.7.1-1
- Update to upstream 3.7.1 release
- Remove fipscheck dependency, as it is now calculated with an
internal tool
* Fri Mar 5 2021 Daiki Ueno <dueno@redhat.com> - 3.7.0-4
- Tolerate duplicate certs in the chain also with PKCS #11 trust store
* Tue Mar 2 2021 Daiki Ueno <dueno@redhat.com> - 3.7.0-3
- Reduce BRs for non-bootstrapping build
* Wed Feb 10 2021 Daiki Ueno <dueno@redhat.com> - 3.7.0-2
- Tolerate duplicate certs in the chain
* Mon Feb 8 2021 Daiki Ueno <dueno@redhat.com> - 3.7.0-1
- Update to upstream 3.7.0 release
- Temporarily disable LTO
* Tue Jan 26 2021 Daiki Ueno <dueno@redhat.com> - 3.6.15-4
- Fix broken tests on rawhide (#1908110)
- Add BuildRequires: make (by Tom Stellard)
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.15-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Sep 28 2020 Jeff Law <law@redhat.com> - 3.6.15-2
- Re-enable LTO now that upstream GCC bugs have been fixed
* Fri Sep 4 2020 Daiki Ueno <dueno@redhat.com> - 3.6.15-1
- Update to upstream 3.6.15 release
* Mon Aug 17 2020 Jeff Law <law@redhat.com> - 3.6.14-7
- Disable LTO on ppc64le
* Tue Aug 4 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-6
- Fix underlinking of libpthread
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.14-5
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.14-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu Jul 02 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.14-3
- Rebuild with autogen built with guile-2.2 (#1852706)
* Tue Jun 09 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.14-2
- Fix memory leak when serializing iovec_t (#1845083)
- Fix automatic libraries sonames detection (#1845806)
* Thu Jun 4 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-1
- Update to upstream 3.6.14 release
* Sun May 31 2020 Daiki Ueno <dueno@redhat.com> - 3.6.13-6
- Update gnutls-3.6.13-superseding-chain.patch
* Sun May 31 2020 Daiki Ueno <dueno@redhat.com> - 3.6.13-5
- Fix cert chain validation behavior if the last cert has expired (#1842178)
* Mon May 25 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.13-4
- Add option to gnutls-cli to wait for resumption under TLS 1.3
* Tue May 19 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.13-3
- Disable RSA blinding during FIPS self-tests
* Thu May 14 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.13-2
- Bump linked libraries soname to fix FIPS selftests (#1835265)
* Tue Mar 31 2020 Daiki Ueno <dueno@redhat.com> - 3.6.13-1
- Update to upstream 3.6.13 release
* Thu Mar 26 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.12-2
- Fix FIPS POST (#1813384)
- Fix gnutls-serv --echo to not exit when a message is received (#1816583)
* Sun Feb 02 2020 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 3.6.12-1
- Update to upstream 3.6.12 release
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Dec 02 2019 Nikos Mavrogiannopoulos <nmav@gnutls.org> - 3.6.11-1
- Update to upstream 3.6.11 release
* Sun Sep 29 2019 Nikos Mavrogiannopoulos <nmav@gnutls.org> - 3.6.10-1
- Update to upstream 3.6.10 release
* Fri Jul 26 2019 Nikos Mavrogiannopoulos <nmav@gnutls.org> - 3.6.9-1
- Update to upstream 3.6.9 release
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Jul 15 2019 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.8-2
- Rebuilt with guile-2.2
* Tue May 28 2019 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.8-1
- Update to upstream 3.6.8 release
* Wed Mar 27 2019 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 3.6.7-1
- Update to upstream 3.6.7 release
- Fixed CVE-2019-3836 (#1693214)
- Fixed CVE-2019-3829 (#1693210)
* Fri Feb 1 2019 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.6-1
- Update to upstream 3.6.6 release
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jan 11 2019 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 3.6.5-2
- Added explicit Requires for nettle >= 3.4.1
* Tue Dec 11 2018 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 3.6.5-1
- Update to upstream 3.6.5 release
* Mon Oct 29 2018 James Antill <james.antill@redhat.com> - 3.6.4-5
- Remove ldconfig scriptlet, now done via. transfiletrigger in glibc.
* Wed Oct 17 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.4-4
- Fix issue with rehandshake affecting glib-networking (#1634736)
* Tue Oct 16 2018 Tomáš Mráz <tmraz@redhat.com> - 3.6.4-3
- Add missing annobin notes for assembler sources
* Tue Oct 09 2018 Petr Menšík <pemensik@redhat.com> - 3.6.4-2
- Rebuilt for unbound 1.8
* Tue Sep 25 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.4-1
- Updated to upstream 3.6.4 release
- Added support for the latest version of the TLS1.3 protocol
- Enabled SHA1 support as SHA1 deprecation is handled via the
fedora crypto policies.
* Thu Aug 16 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-4
- Fixed gnutls-cli input reading
- Ensure that we do not cause issues with version rollback detection
and TLS1.3.
* Tue Aug 07 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-3
- Fixed ECDSA public key import (#1612803)
* Thu Jul 26 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-2
- Backported regression fixes from 3.6.2
* Mon Jul 16 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-1
- Update to upstream 3.6.3 release
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Jun 13 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.2-4
- Enable FIPS140-2 mode in Fedora
* Wed Jun 06 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.2-3
- Update to upstream 3.6.2 release
* Fri May 25 2018 David Abdurachmanov <david.abdurachmanov@gmail.com> - 3.6.2-2
- Add missing BuildRequires: gnupg2 for gpgv2 in %%prep
* Fri Feb 16 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.2-1
- Update to upstream 3.6.2 release
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Fri Feb 2 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.1-4
- Rebuilt to address incompatibility with new nettle
* Thu Nov 30 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.1-3
- Corrected regression from 3.6.1-2 which prevented the loading of
arbitrary p11-kit modules (#1507402)
* Mon Nov 6 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.1-2
- Prevent the loading of all PKCS#11 modules on certificate verification
but only restrict to p11-kit trust module (#1507402)
* Sat Oct 21 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.1-1
- Update to upstream 3.6.1 release
* Mon Aug 21 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.0-1
- Update to upstream 3.6.0 release
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.14-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.14-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Tue Jul 04 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.14-1
- Update to upstream 3.5.14 release
* Wed Jun 07 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.13-1
- Update to upstream 3.5.13 release
* Thu May 11 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.12-2
- Fix issue with p11-kit-trust arch dependency
* Thu May 11 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.12-1
- Update to upstream 3.5.12 release
* Fri Apr 07 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.11-1
- Update to upstream 3.5.11 release
* Mon Mar 06 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.10-1
- Update to upstream 3.5.10 release
* Wed Feb 15 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.9-2
- Work around missing pkg-config file (#1422256)
* Tue Feb 14 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.5.9-1
- Update to upstream 3.5.9 release
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Sat Feb 4 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.5.8-2
- Added patch fix initialization issue in gnutls_pkcs11_obj_list_import_url4
* Mon Jan 9 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.5.8-1
- New upstream release
* Tue Dec 13 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.5.7-3
- Fix PKCS#8 file loading (#1404084)
* Thu Dec 8 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.5.7-1
- New upstream release
* Fri Nov 4 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.5.6-1
- New upstream release
* Tue Oct 11 2016 walters@redhat.com - 3.5.5-2
- Apply patch to fix compatibility with ostree (#1383708)
* Mon Oct 10 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.5.5-1
- New upstream release
* Thu Sep 8 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.5.4-1
- New upstream release
* Mon Aug 29 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.5.3-2
- Work around #1371082 for x86
- Fixed issue with DTLS sliding window implementation (#1370881)
* Tue Aug 9 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.5.3-1
- New upstream release
* Wed Jul 6 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.5.2-1
- New upstream release
* Wed Jun 15 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.5.1-1
- New upstream release
* Tue Jun 7 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.4.13-1
- New upstream release (#1343258)
- Addresses issue with setuid programs introduced in 3.4.12 (#1343342)
* Fri May 20 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.4.12-1
- New upstream release
* Mon Apr 11 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.4.11-1
- New upstream release
* Fri Mar 4 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.4.10-1
- New upstream release (#1314576)
* Wed Feb 3 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.4.9-1
- Fix broken key usage flags introduced in 3.4.8 (#1303355)
* Mon Jan 11 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.4.8-1
- New upstream release (#1297079)
* Mon Nov 23 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.4.7-1
- New upstream release (#1284300)
- Documentation updates (#1282864)
- Adds interface to set unique IDs in certificates (#1281343)
- Allow arbitrary key sizes with ARCFOUR (#1284401)
* Wed Oct 21 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.4.6-1
- New upstream release (#1273672)
- Enhances p11tool to write CKA_ISSUER and CKA_SERIAL_NUMBER (#1272178)
* Tue Oct 20 2015 Adam Williamson <awilliam@redhat.com> - 3.4.5-2
- fix interaction with Chrome 45+ (master secret extension) (#1273102)
* Mon Sep 14 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.4.5-1
- New upstream release (#1252192)
- Eliminates hard limits on CRL parsing of certtool.
* Mon Aug 10 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.4.4-1
- new upstream release
- no longer requires trousers patch
- fixes issue in gnutls_x509_privkey_import (#1250020)
* Mon Jul 13 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.4.3-2
- Don't link against trousers but rather dlopen() it when available.
That avoids a dependency on openssl by the main library.
* Mon Jul 13 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.4.3-1
- new upstream release
* Thu Jul 02 2015 Adam Jackson <ajax@redhat.com> 3.4.2-3
- Only disable -z now for the guile modules
* Thu Jun 18 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.4.2-2
- rename the symbol version for internal symbols to avoid clashes
with 3.3.x.
* Wed Jun 17 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.4.2-1
- new upstream release
* Tue May 5 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.4.1-2
- Provide missing GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA definition
* Mon May 4 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.4.1-1
- new upstream release
* Sat May 02 2015 Kalev Lember <kalevlember@gmail.com> - 3.3.14-2
- Rebuilt for GCC 5 C++11 ABI change
* Mon Mar 30 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.14-1
- new upstream release
- improved BER decoding of PKCS #12 structures (#1131461)
* Fri Mar 6 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.13-3
- Build with hardened flags
- Removed -Wl,--no-add-needed linker flag
* Fri Feb 27 2015 Till Maas <opensource@till.name> - 3.3.13-2
- Do not build with hardened flags
* Thu Feb 26 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.13-1
- new upstream release
* Sat Feb 21 2015 Till Maas <opensource@till.name> - 3.3.12-3
- Make build verbose
- Use %%license
* Sat Feb 21 2015 Till Maas <opensource@till.name> - 3.3.12-2
- Rebuilt for Fedora 23 Change
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
* Mon Jan 19 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.12-1
- new upstream release
* Mon Jan 5 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.11-2
- enabled guile bindings (#1177847)
* Thu Dec 11 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.11-1
- new upstream release
* Mon Nov 10 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.10-1
- new upstream release
* Thu Oct 23 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.9-2
- applied fix for issue in get-issuer (#1155901)
* Mon Oct 13 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.9-1
- new upstream release
* Fri Sep 19 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-2
- strip rpath from library
* Thu Sep 18 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-1
- new upstream release
* Mon Aug 25 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.7-1
- new upstream release
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.3.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Wed Jul 23 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.6-1
- new upstream release
* Tue Jul 01 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.5-2
- Added work-around for s390 builds with gcc 4.9 (#1102324)
* Mon Jun 30 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.5-1
- new upstream release
* Tue Jun 17 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.4-3
- explicitly depend on p11-kit-trust
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.3.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Mon Jun 02 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.4-1
- new upstream release
* Fri May 30 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.3-1
- new upstream release
* Wed May 21 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.2-2
- Require crypto-policies
* Fri May 09 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.2-1
- new upstream release
* Mon May 05 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.1-4
- Replaced /etc/crypto-profiles/apps with /etc/crypto-policies/back-ends.
- Added support for "very weak" profile.
* Mon Apr 28 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.1-2
- gnutls_global_deinit() will not do anything if the previous
initialization has failed (#1091053)
* Mon Apr 28 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.1-1
- new upstream release
* Mon Apr 14 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.0-1
- new upstream release
* Tue Apr 08 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.2.13-1
- new upstream release
* Wed Mar 05 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.2.12.1-1
- new upstream release
* Mon Mar 03 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.2.12-1
- new upstream release
* Mon Feb 03 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.2.10-2
- use p11-kit trust store for certificate verification
* Mon Feb 03 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.2.10-1
- new upstream release
* Tue Jan 14 2014 Tomáš Mráz <tmraz@redhat.com> 3.2.8-2
- build the crywrap tool
* Mon Dec 23 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.2.8-1
- new upstream release
* Wed Dec 4 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.2.7-2
- Use the correct root key for unbound /var/lib/unbound/root.key (#1012494)
- Pull asm fixes from upstream (#973210)
* Mon Nov 25 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.2.7-1
- new upstream release
- added dependency to autogen-libopts-devel to use the system's
libopts library
- added dependency to trousers-devel to enable TPM support
* Mon Nov 4 2013 Tomáš Mráz <tmraz@redhat.com> 3.1.16-1
- new upstream release
- fixes CVE-2013-4466 off-by-one in dane_query_tlsa()
* Fri Oct 25 2013 Tomáš Mráz <tmraz@redhat.com> 3.1.15-1
- new upstream release
- fixes CVE-2013-4466 buffer overflow in handling DANE entries
* Wed Oct 16 2013 Tomáš Mráz <tmraz@redhat.com> 3.1.13-3
- enable ECC NIST Suite B curves
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.1.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon Jul 15 2013 Tomáš Mráz <tmraz@redhat.com> 3.1.13-1
- new upstream release
* Mon May 13 2013 Tomáš Mráz <tmraz@redhat.com> 3.1.11-1
- new upstream release
* Mon Mar 25 2013 Tomas Mraz <tmraz@redhat.com> 3.1.10-1
- new upstream release
- license of the library is back to LGPLv2.1+
* Fri Mar 15 2013 Tomas Mraz <tmraz@redhat.com> 3.1.9-1
- new upstream release
* Thu Mar 7 2013 Tomas Mraz <tmraz@redhat.com> 3.1.8-3
- drop the temporary old library
* Tue Feb 26 2013 Tomas Mraz <tmraz@redhat.com> 3.1.8-2
- don't send ECC algos as supported (#913797)
* Thu Feb 21 2013 Tomas Mraz <tmraz@redhat.com> 3.1.8-1
- new upstream version
* Wed Feb 6 2013 Tomas Mraz <tmraz@redhat.com> 3.1.7-1
- new upstream version, requires rebuild of dependencies
- this release temporarily includes old compatibility .so
* Tue Feb 5 2013 Tomas Mraz <tmraz@redhat.com> 2.12.22-2
- rebuilt with new libtasn1
- make guile bindings optional - breaks i686 build and there is
no dependent package
* Tue Jan 8 2013 Tomas Mraz <tmraz@redhat.com> 2.12.22-1
- new upstream version
* Wed Nov 28 2012 Tomas Mraz <tmraz@redhat.com> 2.12.21-2
- use RSA bit sizes supported by libgcrypt in FIPS mode for security
levels (#879643)
* Fri Nov 9 2012 Tomas Mraz <tmraz@redhat.com> 2.12.21-1
- new upstream version
* Thu Nov 1 2012 Tomas Mraz <tmraz@redhat.com> 2.12.20-4
- negotiate only FIPS approved algorithms in the FIPS mode (#871826)
* Wed Aug 8 2012 Tomas Mraz <tmraz@redhat.com> 2.12.20-3
- fix the gnutls-cli-debug manpage - patch by Peter Schiffer
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.12.20-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Mon Jun 18 2012 Tomas Mraz <tmraz@redhat.com> 2.12.20-1
- new upstream version
* Fri May 18 2012 Tomas Mraz <tmraz@redhat.com> 2.12.19-1
- new upstream version
* Thu Mar 29 2012 Tomas Mraz <tmraz@redhat.com> 2.12.18-1
- new upstream version
* Thu Mar 8 2012 Tomas Mraz <tmraz@redhat.com> 2.12.17-1
- new upstream version
- fix leaks in key generation (#796302)
* Fri Feb 03 2012 Kevin Fenzi <kevin@scrye.com> - 2.12.14-3
- Disable largefile on arm arch. (#787287)
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.12.14-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Nov 8 2011 Tomas Mraz <tmraz@redhat.com> 2.12.14-1
- new upstream version
* Mon Oct 24 2011 Tomas Mraz <tmraz@redhat.com> 2.12.12-1
- new upstream version
* Thu Sep 29 2011 Tomas Mraz <tmraz@redhat.com> 2.12.11-1
- new upstream version
* Fri Aug 26 2011 Tomas Mraz <tmraz@redhat.com> 2.12.9-1
- new upstream version
* Tue Aug 16 2011 Tomas Mraz <tmraz@redhat.com> 2.12.8-1
- new upstream version
* Mon Jul 25 2011 Tomas Mraz <tmraz@redhat.com> 2.12.7-2
- fix problem when using new libgcrypt
- split libgnutlsxx to a subpackage (#455146)
- drop libgnutls-openssl (#460310)
* Tue Jun 21 2011 Tomas Mraz <tmraz@redhat.com> 2.12.7-1
- new upstream version
* Mon May 9 2011 Tomas Mraz <tmraz@redhat.com> 2.12.4-1
- new upstream version
* Tue Apr 26 2011 Tomas Mraz <tmraz@redhat.com> 2.12.3-1
- new upstream version
* Mon Apr 18 2011 Tomas Mraz <tmraz@redhat.com> 2.12.2-1
- new upstream version
* Thu Mar 3 2011 Tomas Mraz <tmraz@redhat.com> 2.10.5-1
- new upstream version
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.10.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Wed Dec 8 2010 Tomas Mraz <tmraz@redhat.com> 2.10.4-1
- new upstream version
* Thu Dec 2 2010 Tomas Mraz <tmraz@redhat.com> 2.10.3-2
- fix buffer overflow in gnutls-serv (#659259)
* Fri Nov 19 2010 Tomas Mraz <tmraz@redhat.com> 2.10.3-1
- new upstream version
* Thu Sep 30 2010 Tomas Mraz <tmraz@redhat.com> 2.10.2-1
- new upstream version
* Wed Sep 29 2010 jkeating - 2.10.1-4
- Rebuilt for gcc bug 634757
* Thu Sep 23 2010 Tomas Mraz <tmraz@redhat.com> 2.10.1-3
- more patching for internal errors regression (#629858)
patch by Vivek Dasmohapatra
* Tue Sep 21 2010 Tomas Mraz <tmraz@redhat.com> 2.10.1-2
- backported patch from upstream git hopefully fixing internal errors
(#629858)
* Wed Aug 4 2010 Tomas Mraz <tmraz@redhat.com> 2.10.1-1
- new upstream version
* Wed Jun 2 2010 Tomas Mraz <tmraz@redhat.com> 2.8.6-2
- add support for safe renegotiation CVE-2009-3555 (#533125)
* Wed May 12 2010 Tomas Mraz <tmraz@redhat.com> 2.8.6-1
- upgrade to a new upstream version
* Mon Feb 15 2010 Rex Dieter <rdieter@fedoraproject.org> 2.8.5-4
- FTBFS gnutls-2.8.5-3.fc13: ImplicitDSOLinking (#564624)
* Thu Jan 28 2010 Tomas Mraz <tmraz@redhat.com> 2.8.5-3
- drop superfluous rpath from binaries
- do not call autoreconf during build
- specify the license on utils subpackage
* Mon Jan 18 2010 Tomas Mraz <tmraz@redhat.com> 2.8.5-2
- do not create static libraries (#556052)
* Mon Nov 2 2009 Tomas Mraz <tmraz@redhat.com> 2.8.5-1
- upgrade to a new upstream version
* Wed Sep 23 2009 Tomas Mraz <tmraz@redhat.com> 2.8.4-1
- upgrade to a new upstream version
* Fri Aug 14 2009 Tomas Mraz <tmraz@redhat.com> 2.8.3-1
- upgrade to a new upstream version
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.8.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Wed Jun 10 2009 Tomas Mraz <tmraz@redhat.com> 2.8.1-1
- upgrade to a new upstream version
* Wed Jun 3 2009 Tomas Mraz <tmraz@redhat.com> 2.8.0-1
- upgrade to a new upstream version
* Mon May 4 2009 Tomas Mraz <tmraz@redhat.com> 2.6.6-1
- upgrade to a new upstream version - security fixes
* Tue Apr 14 2009 Tomas Mraz <tmraz@redhat.com> 2.6.5-1
- upgrade to a new upstream version, minor bugfixes only
* Fri Mar 6 2009 Tomas Mraz <tmraz@redhat.com> 2.6.4-1
- upgrade to a new upstream version
* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Mon Dec 15 2008 Tomas Mraz <tmraz@redhat.com> 2.6.3-1
- upgrade to a new upstream version
* Thu Dec 4 2008 Tomas Mraz <tmraz@redhat.com> 2.6.2-1
- upgrade to a new upstream version
* Tue Nov 11 2008 Tomas Mraz <tmraz@redhat.com> 2.4.2-3
- fix chain verification issue CVE-2008-4989 (#470079)
* Thu Sep 25 2008 Tomas Mraz <tmraz@redhat.com> 2.4.2-2
- add guile subpackage (#463735)
- force new libtool through autoreconf to drop unnecessary rpaths
* Tue Sep 23 2008 Tomas Mraz <tmraz@redhat.com> 2.4.2-1
- new upstream version
* Tue Jul 1 2008 Tomas Mraz <tmraz@redhat.com> 2.4.1-1
- new upstream version
- correct the license tag
- explicit --with-included-opencdk not needed
- use external lzo library, internal not included anymore
* Tue Jun 24 2008 Tomas Mraz <tmraz@redhat.com> 2.4.0-1
- upgrade to latest upstream
* Tue May 20 2008 Tomas Mraz <tmraz@redhat.com> 2.0.4-3
- fix three security issues in gnutls handshake - GNUTLS-SA-2008-1
(#447461, #447462, #447463)
* Mon Feb 4 2008 Joe Orton <jorton@redhat.com> 2.0.4-2
- use system libtasn1
* Tue Dec 4 2007 Tomas Mraz <tmraz@redhat.com> 2.0.4-1
- upgrade to latest upstream
* Tue Aug 21 2007 Tomas Mraz <tmraz@redhat.com> 1.6.3-2
- license tag fix
* Wed Jun 6 2007 Tomas Mraz <tmraz@redhat.com> 1.6.3-1
- upgrade to latest upstream (#232445)
* Tue Apr 10 2007 Tomas Mraz <tmraz@redhat.com> 1.4.5-2
- properly require install-info (patch by Ville Skyttä)
- standard buildroot and use dist tag
- add COPYING and README to doc
* Wed Feb 7 2007 Tomas Mraz <tmraz@redhat.com> 1.4.5-1
- new upstream version
- drop libtermcap-devel from buildrequires
* Thu Sep 14 2006 Tomas Mraz <tmraz@redhat.com> 1.4.1-2
- detect forged signatures - CVE-2006-4790 (#206411), patch
from upstream
* Tue Jul 18 2006 Tomas Mraz <tmraz@redhat.com> - 1.4.1-1
- upgrade to new upstream version, only minor changes
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.4.0-1.1
- rebuild
* Wed Jun 14 2006 Tomas Mraz <tmraz@redhat.com> - 1.4.0-1
- upgrade to new upstream version (#192070), rebuild
of dependent packages required
* Tue May 16 2006 Tomas Mraz <tmraz@redhat.com> - 1.2.10-2
- added missing buildrequires
* Mon Feb 13 2006 Tomas Mraz <tmraz@redhat.com> - 1.2.10-1
- updated to new version (fixes CVE-2006-0645)
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.2.9-3.2
- bump again for double-long bug on ppc(64)
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.2.9-3.1
- rebuilt for new gcc4.1 snapshot and glibc changes
* Tue Jan 3 2006 Jesse Keating <jkeating@redhat.com> 1.2.9-3
- rebuilt
* Fri Dec 9 2005 Tomas Mraz <tmraz@redhat.com> 1.2.9-2
- replaced *-config scripts with calls to pkg-config to
solve multilib conflicts
* Wed Nov 23 2005 Tomas Mraz <tmraz@redhat.com> 1.2.9-1
- upgrade to newest upstream
- removed .la files (#172635)
* Sun Aug 7 2005 Tomas Mraz <tmraz@redhat.com> 1.2.6-1
- upgrade to newest upstream (rebuild of dependencies necessary)
* Mon Jul 4 2005 Tomas Mraz <tmraz@redhat.com> 1.0.25-2
- split the command line tools to utils subpackage
* Sat Apr 30 2005 Tomas Mraz <tmraz@redhat.com> 1.0.25-1
- new upstream version fixes potential DOS attack
* Sat Apr 23 2005 Tomas Mraz <tmraz@redhat.com> 1.0.24-2
- readd the version script dropped by upstream
* Fri Apr 22 2005 Tomas Mraz <tmraz@redhat.com> 1.0.24-1
- update to the latest upstream version on the 1.0 branch
* Wed Mar 2 2005 Warren Togami <wtogami@redhat.com> 1.0.20-6
- gcc4 rebuild
* Tue Jan 4 2005 Ivana Varekova <varekova@redhat.com> 1.0.20-5
- add gnutls Requires zlib-devel (#144069)
* Mon Nov 08 2004 Colin Walters <walters@redhat.com> 1.0.20-4
- Make gnutls-devel Require libgcrypt-devel
* Tue Sep 21 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-3
- rebuild with release++, otherwise unchanged.
* Tue Sep 7 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-2
- patent tainted SRP code removed.
* Sun Sep 5 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-1
- update to 1.0.20.
- add --with-included-opencdk --with-included-libtasn1
- add --with-included-libcfg --with-included-lzo
- add --disable-srp-authentication.
- do "make check" after build.
* Fri Mar 21 2003 Jeff Johnson <jbj@redhat.com> 0.9.2-1
- upgrade to 0.9.2
* Tue Jun 25 2002 Jeff Johnson <jbj@redhat.com> 0.4.4-1
- update to 0.4.4.
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
- automated rebuild
* Sat May 25 2002 Jeff Johnson <jbj@redhat.com> 0.4.3-1
- update to 0.4.3.
* Tue May 21 2002 Jeff Johnson <jbj@redhat.com> 0.4.2-1
- update to 0.4.2.
- change license to LGPL.
- include splint annotations patch.
* Tue Apr 2 2002 Nalin Dahyabhai <nalin@redhat.com> 0.4.0-1
- update to 0.4.0
* Thu Jan 17 2002 Nalin Dahyabhai <nalin@redhat.com> 0.3.2-1
- update to 0.3.2
* Thu Jan 10 2002 Nalin Dahyabhai <nalin@redhat.com> 0.3.0-1
- add a URL
* Thu Dec 20 2001 Nalin Dahyabhai <nalin@redhat.com>
- initial package

1
ci.fmf Normal file
View file

@ -0,0 +1 @@
resultsdb-testcase: separate

14
gating.yml Normal file
View file

@ -0,0 +1,14 @@
--- !Policy
product_versions:
- fedora-*
decision_context: bodhi_update_push_testing
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
--- !Policy
product_versions:
- fedora-*
decision_context: bodhi_update_push_stable
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}

13
gmp-6.2.1-c23.patch Normal file
View file

@ -0,0 +1,13 @@
diff --git a/acinclude.m4 b/acinclude.m4
index 906071c..a466b7c 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -609,7 +609,7 @@ GMP_PROG_CC_WORKS_PART([$1], [long long reliability test 1],
#if defined (__GNUC__) && ! defined (__cplusplus)
typedef unsigned long long t1;typedef t1*t2;
-void g(){}
+void g(int, t2, t1, t2, t2, int){}
void h(){}
static __inline__ t1 e(t2 rp,t2 up,int n,t1 v0)
{t1 c,x,r;int i;if(v0){c=1;for(i=1;i<n;i++){x=up[i];r=x+1;rp[i]=r;}}return c;}

3515
gmp-6.2.1-intel-cet.patch Normal file

File diff suppressed because it is too large Load diff

View file

@ -1,60 +0,0 @@
From b57b820a3f0464e3151dd675af4f28ad109d683c Mon Sep 17 00:00:00 2001
From: Vitezslav Cizek <vcizek@suse.com>
Date: Tue, 9 Jun 2020 13:54:04 +0200
Subject: [PATCH] configure: improve nettle, gmp, and hogweed soname detection
Some linkers might optimize away the libraries passed on the
command line if they aren't actually needed, such as gnu ld with
--as-needed.
The ldd output then won't list the shared libraries and the
detection will fail.
Make sure nettle and others are really used.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
---
configure.ac | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
index e4ca66aec..ccbe4e563 100644
--- a/configure.ac
+++ b/configure.ac
@@ -741,7 +741,10 @@ LIBS=$save_LIBS
save_LIBS=$LIBS
LIBS="$LIBS $GMP_LIBS"
AC_MSG_CHECKING([gmp soname])
-AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
+AC_LINK_IFELSE([AC_LANG_PROGRAM([
+ #include <gmp.h>],[
+ mpz_t n;
+ mpz_init(n);])],
[gmp_so=`(eval "$LDDPROG conftest$EXEEXT $LDDPOSTPROC") | grep '^libgmp\.so'`],
[gmp_so=none])
if test -z "$gmp_so"; then
@@ -754,7 +757,10 @@ LIBS=$save_LIBS
save_LIBS=$LIBS
LIBS="$LIBS $NETTLE_LIBS"
AC_MSG_CHECKING([nettle soname])
-AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
+AC_LINK_IFELSE([AC_LANG_PROGRAM([
+ #include <nettle/sha2.h>],[
+ struct sha256_ctx ctx;
+ sha256_init(&ctx);])],
[nettle_so=`(eval "$LDDPROG conftest$EXEEXT $LDDPOSTPROC") | grep '^libnettle\.so'`],
[nettle_so=none])
if test -z "$nettle_so"; then
@@ -767,7 +773,10 @@ LIBS=$save_LIBS
save_LIBS=$LIBS
LIBS="$LIBS $HOGWEED_LIBS"
AC_MSG_CHECKING([hogweed soname])
-AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
+AC_LINK_IFELSE([AC_LANG_PROGRAM([
+ #include <nettle/rsa.h>],[
+ struct rsa_private_key priv;
+ nettle_rsa_private_key_init(&priv);])],
[hogweed_so=`(eval "$LDDPROG conftest$EXEEXT $LDDPOSTPROC") | grep '^libhogweed\.so'`],
[hogweed_so=none])
if test -z "$hogweed_so"; then
--
2.25.4

View file

@ -1,152 +0,0 @@
From 6fbff7fc8aabeee2254405f254220bbe8c05c67d Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Fri, 5 Jun 2020 16:26:33 +0200
Subject: [PATCH] crypto-api: always allocate memory when serializing iovec_t
The AEAD iov interface falls back to serializing the input buffers if
the low-level cipher doesn't support scatter/gather encryption.
However, there was a bug in the functions used for the serialization,
which causes memory leaks under a certain condition (i.e. the number
of input buffers is 1).
This patch makes the logic of the functions simpler, by removing a
micro-optimization that tries to minimize the number of calls to
malloc/free.
The original problem was reported by Marius Steffen in:
https://bugzilla.samba.org/show_bug.cgi?id=14399
and the cause was investigated by Alexander Haase in:
https://gitlab.com/gnutls/gnutls/-/merge_requests/1277
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/crypto-api.c | 36 +++++++++++-------------------------
tests/aead-cipher-vec.c | 33 ++++++++++++++++++---------------
2 files changed, 29 insertions(+), 40 deletions(-)
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
index 45be64ed1..8524f5ed4 100644
--- a/lib/crypto-api.c
+++ b/lib/crypto-api.c
@@ -891,32 +891,23 @@ gnutls_aead_cipher_encrypt(gnutls_aead_cipher_hd_t handle,
struct iov_store_st {
void *data;
size_t size;
- unsigned allocated;
};
static void iov_store_free(struct iov_store_st *s)
{
- if (s->allocated) {
- gnutls_free(s->data);
- s->allocated = 0;
- }
+ gnutls_free(s->data);
}
static int iov_store_grow(struct iov_store_st *s, size_t length)
{
- if (s->allocated || s->data == NULL) {
- s->size += length;
- s->data = gnutls_realloc(s->data, s->size);
- if (s->data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- s->allocated = 1;
- } else {
- void *data = s->data;
- size_t size = s->size + length;
- s->data = gnutls_malloc(size);
- memcpy(s->data, data, s->size);
- s->size += length;
- }
+ void *data;
+
+ s->size += length;
+ data = gnutls_realloc(s->data, s->size);
+ if (data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ s->data = data;
return 0;
}
@@ -926,11 +917,6 @@ copy_from_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt)
memset(dst, 0, sizeof(*dst));
if (iovcnt == 0) {
return 0;
- } else if (iovcnt == 1) {
- dst->data = iov[0].iov_base;
- dst->size = iov[0].iov_len;
- /* implies: dst->allocated = 0; */
- return 0;
} else {
int i;
uint8_t *p;
@@ -944,11 +930,11 @@ copy_from_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt)
p = dst->data;
for (i=0;i<iovcnt;i++) {
- memcpy(p, iov[i].iov_base, iov[i].iov_len);
+ if (iov[i].iov_len > 0)
+ memcpy(p, iov[i].iov_base, iov[i].iov_len);
p += iov[i].iov_len;
}
- dst->allocated = 1;
return 0;
}
}
diff --git a/tests/aead-cipher-vec.c b/tests/aead-cipher-vec.c
index fba9010d9..6a30a35f7 100644
--- a/tests/aead-cipher-vec.c
+++ b/tests/aead-cipher-vec.c
@@ -49,6 +49,7 @@ static void start(const char *name, int algo)
giovec_t auth_iov[2];
uint8_t tag[64];
size_t tag_size = 0;
+ size_t i;
key.data = key16;
key.size = gnutls_cipher_get_key_size(algo);
@@ -82,21 +83,23 @@ static void start(const char *name, int algo)
if (ret < 0)
fail("gnutls_cipher_init: %s\n", gnutls_strerror(ret));
- ret = gnutls_aead_cipher_encryptv2(ch,
- iv.data, iv.size,
- auth_iov, 2,
- iov, 3,
- tag, &tag_size);
- if (ret < 0)
- fail("could not encrypt data: %s\n", gnutls_strerror(ret));
-
- ret = gnutls_aead_cipher_decryptv2(ch,
- iv.data, iv.size,
- auth_iov, 2,
- iov, 3,
- tag, tag_size);
- if (ret < 0)
- fail("could not decrypt data: %s\n", gnutls_strerror(ret));
+ for (i = 0; i < 2; i++) {
+ ret = gnutls_aead_cipher_encryptv2(ch,
+ iv.data, iv.size,
+ auth_iov, 2,
+ iov, i + 1,
+ tag, &tag_size);
+ if (ret < 0)
+ fail("could not encrypt data: %s\n", gnutls_strerror(ret));
+
+ ret = gnutls_aead_cipher_decryptv2(ch,
+ iv.data, iv.size,
+ auth_iov, 2,
+ iov, i + 1,
+ tag, tag_size);
+ if (ret < 0)
+ fail("could not decrypt data: %s\n", gnutls_strerror(ret));
+ }
gnutls_aead_cipher_deinit(ch);
}
--
2.25.4

View file

@ -1,50 +0,0 @@
From f15c02b1fb9faf3e06db2c51196a27b0f9d72672 Mon Sep 17 00:00:00 2001
From: James Bottomley <James.Bottomley@HansenPartnership.com>
Date: Sun, 28 Jun 2020 21:33:09 +0200
Subject: [PATCH] build: use $(LIBPTHREAD) rather than non-existent
$(LTLIBPTHREAD)
On a very recent openSUSE build, libgnutls is getting built without
libpthread. This caused a thread related error when trying to load a
pkcs11 module that uses threading. The reason is rather convoluted:
glibc actually controls all the pthread_ function calls, but it
returns success without doing anything unless -lpthread is in the link
list. What's happening is that gnutls_system_mutex_init() is being
called on _gnutls_pkcs11_mutex before library pthreading is
initialized, so the pthread_mutex_init ends up being a nop. Then, when
the pkcs11 module is loaded, pthreads get initialized and the call to
pthread_mutex_lock is real, but errors out on the uninitialized mutex.
The problem seems to be that nothing in the gnulib macros gnutls
relies on for threading support detection actually sets LTLIBPTHREAD,
they only set LIBPTHREAD. The fix is to use LIBPTHREAD in
lib/Makefile.in
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
bootstrap.conf | 4 ++--
lib/Makefile.am | 8 +++++++-
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/lib/Makefile.am b/lib/Makefile.am
index fa47ac5e6..02504d8d1 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -168,7 +168,13 @@ libgnutls_la_LIBADD += accelerated/libaccelerated.la
endif
if !WINDOWS
-thirdparty_libadd += $(LTLIBPTHREAD)
+# p11-kit does not work without threading support:
+# https://github.com/p11-glue/p11-kit/pull/183
+if ENABLE_PKCS11
+thirdparty_libadd += $(LIBPMULTITHREAD)
+else
+thirdparty_libadd += $(LIBPTHREAD)
+endif
endif
if NEEDS_LIBRT
--
2.26.2

View file

@ -1,11 +0,0 @@
--- a/guile/src/Makefile.in 2019-03-27 11:51:55.984398001 +0100
+++ b/guile/src/Makefile.in 2019-03-27 11:52:27.259626076 +0100
@@ -1472,7 +1472,7 @@
# Use '-module' to build a "dlopenable module", in Libtool terms.
# Use '-undefined' to placate Libtool on Windows; see
# <https://lists.gnutls.org/pipermail/gnutls-devel/2014-December/007294.html>.
-guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined
+guile_gnutls_v_2_la_LDFLAGS = -module -no-undefined -Wl,-z,lazy
# Linking against GnuTLS.
GNUTLS_CORE_LIBS = $(top_builddir)/lib/libgnutls.la

View file

@ -0,0 +1,114 @@
From e0eb2bbb212a5c9d72311c59e7235832a0075dcc Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 9 Jul 2025 18:54:48 +0900
Subject: [PATCH] add tests/ktls_utils.h
Signed-off-by: rpm-build <rpm-build>
---
tests/ktls_utils.h | 94 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 94 insertions(+)
create mode 100644 tests/ktls_utils.h
diff --git a/tests/ktls_utils.h b/tests/ktls_utils.h
new file mode 100644
index 0000000..231618d
--- /dev/null
+++ b/tests/ktls_utils.h
@@ -0,0 +1,94 @@
+#ifndef GNUTLS_TESTS_KTLS_UTILS_H
+#define GNUTLS_TESTS_KTLS_UTILS_H
+
+#include <fcntl.h>
+#include <signal.h>
+
+#include <netinet/in.h>
+
+#include <sys/socket.h>
+#include <sys/wait.h>
+
+/* Sets the NONBLOCK flag on the socket(fd) */
+inline static int set_nonblocking(int fd)
+{
+ int flags = fcntl(fd, F_GETFL, 0);
+ if (flags == -1) {
+ return 1;
+ }
+
+ if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1) {
+ return 2;
+ }
+
+ return 0;
+}
+
+/* Creates a pair of TCP connected sockets */
+static int create_socket_pair(int *client_fd, int *server_fd)
+{
+ int ret;
+ struct sockaddr_in saddr;
+ socklen_t addrlen;
+ int listener;
+
+ listener = socket(AF_INET, SOCK_STREAM, 0);
+ if (listener == -1) {
+ fail("error in listener(): %s\n", strerror(errno));
+ return 1;
+ }
+
+ int opt = 0;
+ setsockopt(listener, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
+
+ memset(&saddr, 0, sizeof(saddr));
+ saddr.sin_family = AF_INET;
+ saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ saddr.sin_port = 0;
+
+ ret = bind(listener, (struct sockaddr *)&saddr, sizeof(saddr));
+ if (ret == -1) {
+ fail("error in bind(): %s\n", strerror(errno));
+ return 1;
+ }
+
+ addrlen = sizeof(saddr);
+ ret = getsockname(listener, (struct sockaddr *)&saddr, &addrlen);
+ if (ret == -1) {
+ fail("error in getsockname(): %s\n", strerror(errno));
+ return 1;
+ }
+
+ ret = listen(listener, 1);
+ if (ret == -1) {
+ fail("error in listen(): %s\n", strerror(errno));
+ close(listener);
+ return 1;
+ }
+
+ *client_fd = socket(AF_INET, SOCK_STREAM, 0);
+ if (*client_fd < 0) {
+ fail("error in socket(): %s\n", strerror(errno));
+ return 1;
+ }
+
+ ret = connect(*client_fd, (struct sockaddr *)&saddr, addrlen);
+ if (ret < 0) {
+ fail("error in connect(): %s\n", strerror(errno));
+ close(listener);
+ close(*client_fd);
+ return 1;
+ }
+
+ *server_fd = accept(listener, NULL, NULL);
+ if (*server_fd < 0) {
+ fail("error in accept(): %s\n", strerror(errno));
+ close(listener);
+ close(*client_fd);
+ return 1;
+ }
+
+ return 0;
+}
+
+#endif //GNUTLS_TESTS_KTLS_UTILS_H
--
2.49.0

View file

@ -0,0 +1,58 @@
From 15fb5ad536c375a74cc0d87859c9fc919d924c9d Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Thu, 10 Jul 2025 05:45:06 +0900
Subject: [PATCH] support VPATH build for mldsa tests
Signed-off-by: rpm-build <rpm-build>
---
tests/cert-tests/mldsa.sh | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/tests/cert-tests/mldsa.sh b/tests/cert-tests/mldsa.sh
index 7e31e11..55e31ce 100644
--- a/tests/cert-tests/mldsa.sh
+++ b/tests/cert-tests/mldsa.sh
@@ -130,7 +130,7 @@ for variant in 44 65 87; do
# Check default
TMPKEYDEFAULT=$testdir/key-$algo-$format-default
TMPKEY=$testdir/key-$algo-$format
- ${VALGRIND} "${CERTTOOL}" -k --no-text --infile "data/key-$algo-$format.pem" >"$TMPKEYDEFAULT"
+ ${VALGRIND} "${CERTTOOL}" -k --no-text --infile "$srcdir/data/key-$algo-$format.pem" >"$TMPKEYDEFAULT"
if [ $? != 0 ]; then
cat "$TMPKEYDEFAULT"
exit 1
@@ -138,19 +138,19 @@ for variant in 44 65 87; do
# The "expandedKey" format doesn't have public key part
if [ "$format" = seed ] || [ "$format" = both ]; then
- if ! "${DIFF}" "$TMPKEYDEFAULT" "data/key-$algo-both.pem"; then
+ if ! "${DIFF}" "$TMPKEYDEFAULT" "$srcdir/data/key-$algo-both.pem"; then
exit 1
fi
fi
# Check roundtrip with --key-format
- ${VALGRIND} "${CERTTOOL}" -k --no-text --key-format "$format" --infile "data/key-$algo-$format.pem" >"$TMPKEY"
+ ${VALGRIND} "${CERTTOOL}" -k --no-text --key-format "$format" --infile "$srcdir/data/key-$algo-$format.pem" >"$TMPKEY"
if [ $? != 0 ]; then
cat "$TMPKEY"
exit 1
fi
- if ! "${DIFF}" "$TMPKEY" "data/key-$algo-$format.pem"; then
+ if ! "${DIFF}" "$TMPKEY" "$srcdir/data/key-$algo-$format.pem"; then
exit 1
fi
done
@@ -164,7 +164,7 @@ for n in 1; do
fi
echo "Testing inconsistent ML-DSA key ($n)"
- if "${CERTTOOL}" -k --infile "data/key-mldsa-inconsistent$n.pem"; then
+ if "${CERTTOOL}" -k --infile "$srcdir/data/key-mldsa-inconsistent$n.pem"; then
exit 1
fi
done
--
2.49.0

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,27 @@
From a9800309197fe5aef913944b2fc77164946f0689 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Tue, 23 Jul 2024 16:04:56 +0900
Subject: [PATCH] build: link against libhogweed when checking
nettle_rsa_oaep_*
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index fb0aefe1f4..8b55808bd7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -795,7 +795,7 @@ AM_CONDITIONAL([NEED_SIV_GCM], [test "$ac_cv_func_nettle_siv_gcm_encrypt_message
# Check for RSA-OAEP
save_LIBS=$LIBS
-LIBS="$LIBS $NETTLE_LIBS"
+LIBS="$LIBS $HOGWEED_LIBS $NETTLE_LIBS $GMP_LIBS"
AC_CHECK_FUNCS(nettle_rsa_oaep_sha256_encrypt)
LIBS=$save_LIBS
AM_CONDITIONAL([NEED_RSA_OAEP], [test "$ac_cv_func_nettle_rsa_oaep_sha256_encrypt" != yes])
--
2.45.2

View file

@ -0,0 +1,29 @@
From a36b73a21e4b5b6e051b23192a645dea34c9d6af Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Tue, 5 Nov 2024 14:45:46 +0900
Subject: [PATCH] tests: skip CHACHA20-POLY1305 in TLS 1.2 when KTLS is enabled
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
tests/gnutls_ktls.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tests/gnutls_ktls.c b/tests/gnutls_ktls.c
index 90d3e9af91..d5ac4efecc 100644
--- a/tests/gnutls_ktls.c
+++ b/tests/gnutls_ktls.c
@@ -347,9 +347,11 @@ void doit(void)
{
run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-GCM");
run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-GCM");
+#if 0
if (!gnutls_fips140_mode_enabled()) {
run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+CHACHA20-POLY1305");
}
+#endif
run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM");
run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM");
if (!gnutls_fips140_mode_enabled()) {
--
2.47.0

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff

View file

@ -6,10 +6,3 @@ if [ "$1" = "-e" ] ; then
else
CMD="rm -f"
fi
# SRP
for f in auth/srp_sb64.c auth/srp_passwd.c auth/srp_rsa.c \
srp.c auth/srp.c ext/srp.c ; do
eval "$CMD lib/$f"
done

4
plans/fips-smoke.fmf Normal file
View file

@ -0,0 +1,4 @@
summary: Runs FIPS library integrity checks.
name: fips-smoke
execute:
script: if [[ $(GNUTLS_DEBUG_LEVEL=99 GNUTLS_FORCE_FIPS_MODE=1 certtool 2>&1 | grep "Error") ]]; then exit 1; else exit 0; fi;

10
plans/nss-2way.fmf Normal file
View file

@ -0,0 +1,10 @@
summary: Upstreamed gnutls-openssl interop-2way tests
contact: Stanislav Zidek <szidek@redhat.com>
discover:
# upstreamed tests (public)
- name: interop-nss-2way
how: fmf
url: https://gitlab.com/redhat-crypto/tests/interop.git
filter: 'tag: interop-gnutls & tag: interop-nss & tag: interop-2way'
execute:
how: tmt

10
plans/openssl-2way.fmf Normal file
View file

@ -0,0 +1,10 @@
summary: Upstreamed gnutls-openssl interop-2way tests
contact: Stanislav Zidek <szidek@redhat.com>
discover:
# upstreamed tests (public)
- name: interop-openssl-2way
how: fmf
url: https://gitlab.com/redhat-crypto/tests/interop.git
filter: 'tag: interop-gnutls & tag: interop-openssl & tag: interop-2way'
execute:
how: tmt

View file

@ -0,0 +1,10 @@
summary: Upstreamed gnutls interop tests - short tests which do not need to run in parallel
contact: Stanislav Zidek <szidek@redhat.com>
discover:
# upstreamed tests (public)
- name: interop-gnutls-short
how: fmf
url: https://gitlab.com/redhat-crypto/tests/interop.git
filter: 'tag: interop-gnutls & tag: -interop-slow'
execute:
how: tmt

View file

@ -1,3 +1,5 @@
SHA512 (gnutls-3.6.14.tar.xz) = b2d427b5542a4679117c011dffa8efb0e0bffa3ce9cebc319f8998d03f80f4168d08f9fda35df18dbeaaada59e479d325a6c1c77d5ca7f8ce221b44e42bfe604
SHA512 (gnutls-3.6.14.tar.xz.sig) = 88e31d484ab2e2e9a6a080d1bb0e2219aa0ec85af9ea4abe8292bc8ae2d6784273414227142a2ebe0142b907a5ac6aa4d407388357f13d96b96eca8f8c61103a
SHA512 (gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg) = a74b92826fd0e5388c9f6d9231959e38b26aeef83138648fab66df951d8e1a4db5302b569d08515d4d6443e5e4f6c466f98319f330c820790260d22a9b9f7173
SHA512 (gnutls-3.8.11.tar.xz) = 68f9e5bec3aa6686fd3319cc9c88a5cc44e2a75144049fc9de5fb55fef2241b4e16996af4be5dd48308abbee8cfaed6c862903f6bb89aff5dfa5410075bd7386
SHA512 (gnutls-3.8.11.tar.xz.sig) = 90883e5736299b103844ca42b85d371969ef66b50b60cb185e814ad9978598796e9ed07a590245ff28ac6ac084b1dee93fae0845576464583a5941835990957d
SHA512 (gnutls-release-keyring.gpg) = 8c2b39239d1d8c5319757fcf669f28a11de7f8ec4a726f9904c57ba8105bea80240083c0de71b747115907bab46569f10cf58004137cc7884ac5c20f8319ae0a
SHA512 (gmp-6.2.1.tar.xz) = c99be0950a1d05a0297d65641dd35b75b74466f7bf03c9e8a99895a3b2f9a0856cd17887738fa51cf7499781b65c049769271cbcb77d057d2e9f1ec52e07dd84
SHA512 (leancrypto-1.6.0.tar.gz) = cb6ace4a1642208dd7656b62a48e99d6261f471aa7967b738057745a4534abfa11d380dd5de98a737c0c13b1e1cb37ce780e02297eefc1cf839581629d34e100