diff --git a/.gitignore b/.gitignore index 579177f..eec36cb 100644 --- a/.gitignore +++ b/.gitignore @@ -162,3 +162,5 @@ gnutls-2.10.1-nosrp.tar.bz2 /gnutls-3.8.7.1.tar.xz /gnutls-3.8.7.1.tar.xz.sig /nettle-3.10-hobbled.tar.xz +/gnutls-3.8.8.tar.xz +/gnutls-3.8.8.tar.xz.sig diff --git a/gnutls-3.8.8-tests-ktls-skip-tls12-chachapoly.patch b/gnutls-3.8.8-tests-ktls-skip-tls12-chachapoly.patch new file mode 100644 index 0000000..d93dd28 --- /dev/null +++ b/gnutls-3.8.8-tests-ktls-skip-tls12-chachapoly.patch @@ -0,0 +1,29 @@ +From a36b73a21e4b5b6e051b23192a645dea34c9d6af Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Tue, 5 Nov 2024 14:45:46 +0900 +Subject: [PATCH] tests: skip CHACHA20-POLY1305 in TLS 1.2 when KTLS is enabled + +Signed-off-by: Daiki Ueno +--- + tests/gnutls_ktls.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tests/gnutls_ktls.c b/tests/gnutls_ktls.c +index 90d3e9af91..d5ac4efecc 100644 +--- a/tests/gnutls_ktls.c ++++ b/tests/gnutls_ktls.c +@@ -347,9 +347,11 @@ void doit(void) + { + run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-GCM"); + run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-GCM"); ++#if 0 + if (!gnutls_fips140_mode_enabled()) { + run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+CHACHA20-POLY1305"); + } ++#endif + run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM"); + run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM"); + if (!gnutls_fips140_mode_enabled()) { +-- +2.47.0 + diff --git a/gnutls.spec b/gnutls.spec index 2384a56..9d6f892 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -12,9 +12,9 @@ sha256sum:close() print(string.sub(hash, 0, 16)) } -Version: 3.8.7 +Version: 3.8.8 Release: %{?autorelease}%{!?autorelease:1%{?dist}} -# not upstreamed: can we drop this as configure is regenerated when bootstrappign? +# not upstreamed: can we drop this as configure is regenerated when bootstrapping? Patch: gnutls-3.2.7-rpath.patch # not upstreamed: modifies the generated code Patch: gnutls-3.7.2-enable-intel-cet.patch @@ -29,11 +29,7 @@ Patch: gnutls-3.7.6-drbg-reseed.patch # not upstreamed, hard blocking SHA-1 signature verification, for long-term support purposes Patch: gnutls-3.7.6-fips-sha1-sigver.patch # not upstreamed: see https://gitlab.com/gnutls/gnutls/-/issues/1443 -Patch: gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch -# upstreamed: https://gitlab.com/gnutls/gnutls/-/merge_requests/1867 -Patch: gnutls-3.8.7-pkgconf-dlopen.patch -# upstreamed: https://gitlab.com/gnutls/gnutls/-/merge_requests/1868 -Patch: gnutls-3.8.7-nettle-static.patch +Patch: gnutls-3.8.8-tests-ktls-skip-tls12-chachapoly.patch %bcond_without bootstrap %bcond_without dane @@ -150,8 +146,8 @@ BuildRequires: mingw64-nettle >= 3.6 URL: http://www.gnutls.org/ %define short_version %(echo %{version} | grep -m1 -o "[0-9]*\.[0-9]*" | head -1) -Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v%{short_version}/%{name}-%{version}.1.tar.xz -Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v%{short_version}/%{name}-%{version}.1.tar.xz.sig +Source0: https://www.gnupg.org/ftp/gcrypt/gnutls/v%{short_version}/%{name}-%{version}.tar.xz +Source1: https://www.gnupg.org/ftp/gcrypt/gnutls/v%{short_version}/%{name}-%{version}.tar.xz.sig Source2: https://gnutls.org/gnutls-release-keyring.gpg %if %{with bundled_gmp} diff --git a/sources b/sources index 96fb383..6cf7a0d 100644 --- a/sources +++ b/sources @@ -1,5 +1,5 @@ -SHA512 (gnutls-3.8.7.1.tar.xz) = 429cea78e227d838105791b28a18270c3d2418bfb951c322771e6323d5f712204d63d66a6606ce9604a92d236a8dd07d651232c717264472d27eb6de26ddc733 -SHA512 (gnutls-3.8.7.1.tar.xz.sig) = 53ebdaa9775ae22f7eb5e7d6f5411ec667c9c880cea84e23651b6d1994fb1398c09d8efa39b21c96f8be29fa09c2436bdd732a061308956ca1650e3e1878ed57 +SHA512 (gnutls-3.8.8.tar.xz) = 4f617c63e8e8392e400d72c9e39989fcd782268b4a4c4e36bbfb0444a4b5bcb0f53054f04a6dce99ab89c0f38f57430c95aaaec6eb9209b8e9329140abf230c3 +SHA512 (gnutls-3.8.8.tar.xz.sig) = fdff792511e9e5de203a1dfd66bf521c12fb74a19de651ffa1f7359dafdd1dad59ae57d0f95fa363c4167f798e6b624b4ae1f84d4e0737ff690c2fb0e5a5bdce SHA512 (gnutls-release-keyring.gpg) = 8c2b39239d1d8c5319757fcf669f28a11de7f8ec4a726f9904c57ba8105bea80240083c0de71b747115907bab46569f10cf58004137cc7884ac5c20f8319ae0a SHA512 (gmp-6.2.1.tar.xz) = c99be0950a1d05a0297d65641dd35b75b74466f7bf03c9e8a99895a3b2f9a0856cd17887738fa51cf7499781b65c049769271cbcb77d057d2e9f1ec52e07dd84 SHA512 (nettle-3.10-hobbled.tar.xz) = 5f2bba913e8ac9c3bef91e59cb7784f609ee6a4549157503583441770fb57782530391906c271316936297ccd691174578a9a584b4a374dfc6214c206b020cb2