rpms/gnutls
7
0
Fork 0
Code Issues Pull Requests Releases Activity
403 Commits 7 Branches 47 Tags 1.1 MiB
daac4e78f5
Commit Graph

403 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daiki Ueno
daac4e78f5 Update to 3.8.7 upstream release 
Upstream tag: 3.8.7
Upstream commit: 994d9392

Commit authored by Packit automation (https://packit.dev/)

Related: RHEL-50011
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-08-16 13:44:43 +09:00
Daiki Ueno
3ac22bcadb Forward port downstream patches from c9s 
Related: RHEL-50011
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-08-15 09:38:50 +09:00
Daiki Ueno
0ad408d5bc liboqs: check whether Kyber768 is compiled in 
Related: RHEL-50011
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-07-29 09:13:24 +09:00
Daiki Ueno
3559e33707 Fix configure check on nettle_rsa_oaep_* functions 
Related: RHEL-50011
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-07-28 08:17:10 +09:00
Daiki Ueno
1cd714c58b Enable X25519Kyber768Draft00 key exchange in TLS 
Related: RHEL-50011
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-07-28 08:17:10 +09:00
Daiki Ueno
9f3cab5d41 Switch to using dlwrap for loading compression libraries 
Related: RHEL-50011
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-07-28 08:17:10 +09:00
Yaakov Selkowitz
e7ce6b1ef5 Fix FIPS build with RPM 4.20 
The FIPS build runs *_install_post commands early during %install so that
the binaries will not be modified after running fipshmac, since those
commands are supposed to be no-op if re-run.  However, __debug_install_post
is only run if __debug_package is defined, which is triggered by the
automatic creation of the debuginfo subpackage where appropriate.

Previously, a hack in redhat-rpm-config caused this to be enabled by
%install, but with RPM 4.20 this is no longer needed, and the hack was
removed from redhat-rpm-config for F41.  On Fedora builds,
%mingw_debug_package triggers this and therefore it still builds, but ELN
is build without mingw and therefore there now is nothing to trigger the
debuginfo generation during %install.  As a result, the binaries would just
be stripped without any debuginfo generation during the first run, leaving
nothing to detect in the second run, and the build would fail for lack of
debug symbols/sources.

https://github.com/rpm-software-management/rpm/issues/2204
7a1571ee80

Related: RHEL-50011
 2024-07-28 08:17:10 +09:00
Zoltan Fridrich
7a0d2e97dd Update to 3.8.6 upstream release 
Upstream tag: 3.8.6
Upstream commit: cd953cfa

Commit authored by Packit automation (https://packit.dev/)

Resolves: RHEL-50011
 2024-07-27 10:39:23 +09:00
Alexander Sosedkin
e3df0307e0 Rebuild against nettle-3.9.1-11.el10 2024-07-02 16:05:49 +02:00
Troy Dawson
1fcc00cba9 Bump release for June 2024 mass rebuild 2024-06-24 08:44:49 -07:00
Zoltan Fridrich
c3464bd0f2 Build with certificate compression enabled 
Resolves: RHEL-42514

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2024-06-17 15:42:00 +02:00
Alexander Sosedkin
d0d82d7432 Add gmp tarball to sources file, add gmp patch 
Related: RHEL-35857
 2024-05-16 21:00:10 +09:00
Daiki Ueno
c8d0a15246 Add bcond to statically link to GMP 
In CentOS Stream 9 and RHEL 9, we link to libgmp statically to ensure
zeroization of internally allocated memory areas according to FIPS
140-3. This ports the ability to Fedora, in a way it is configured
with a `--with bundled_gmp` build conditional.

Resolves: RHEL-35857
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-05-16 20:57:31 +09:00
Daiki Ueno
e49ae825cb Add virtual package to pull in nettle/gmp dependencies for FIPS 
This adds a new subpackage `gnutls-fips` with strict version
requirements to nettle and gmp under FIPS, as gnutls now calculates
library integrity (HMAC) over those libraries.

Related: RHEL-35857
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2024-05-16 17:52:24 +09:00
Zoltan Fridrich
2ab069ca80 3.8.5 upstream release 
Upstream tag: 3.8.5
Upstream commit: 49f4ae21

Related: RHEL-35857
 2024-05-16 17:51:59 +09:00
Zoltan Fridrich
4f944dc84a 3.8.4 upstream release 
Upstream tag: 3.8.4
Upstream commit: 4a4cefef

Related: RHEL-35857
 2024-05-16 17:51:26 +09:00
Zoltan Fridrich
fc9a2819eb Fix mingw build failure 
Related: RHEL-35857
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2024-05-16 17:50:57 +09:00
Zoltan Fridrich
c5694f3e42 Update keyring 
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2024-01-24 10:10:45 +01:00
Zoltan Fridrich
da7f0db0fe [packit] 3.8.3 upstream release 
Upstream tag: 3.8.3
Upstream commit: 2f04c14d
 2024-01-23 10:28:06 +01:00
Fedora Release Engineering
c42ee03de2 Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-19 23:15:46 +00:00
Simon de Vlieger
be817c2d2d
Bump Nettle dependency. 
GnuTLS depends on symbols from a newer version of Nettle (3.9).

Signed-off-by: Simon de Vlieger <cmdr@supakeen.com>
 2023-12-12 10:58:20 +01:00
Daiki Ueno
23ac5676a4 Tentatively revert newly added Ed448 keys support in PKCS#11 
To fix regression with Ed25519 reported in:
https://gitlab.com/gnutls/gnutls/-/issues/1515

Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-12-01 17:44:03 +09:00
Daiki Ueno
7543c5d148 [packit] 3.8.2 upstream release 
Upstream tag: 3.8.2
Upstream commit: e840a07f
 2023-11-22 15:23:57 +09:00
Daiki Ueno
5e97cebf83 Remove patches no longer needed in 3.8.2 
Also use XFAIL_TESTS envvar to skip ktls_keyupdate.sh, instead of
patching the source code.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-11-22 14:41:15 +09:00
Daiki Ueno
d7d09eb023 Skip KTLS test if the host kernel is older than 5.11 
The ktls.sh test currently only supports kernel 5.11+.  This needs to
be checked at run time, as the koji builder might be using a different
version of kernel on the host than the one indicated by the
kernel-devel package.

Resolves: #2247135
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-11-10 05:39:53 +09:00
Stephen Gallagher
a4ef955090 Don't build with SRP on RHEL 
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
 2023-08-29 09:39:14 -04:00
Zoltan Fridrich
a0ef9addb1 [packit] 3.8.1 upstream release 
Upstream tag: 3.8.1
Upstream commit: 513570a5
 2023-08-25 14:06:59 +02:00
Daiki Ueno
44afab5191 Migrate License field to SPDX license identifier 
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-08-24 10:19:38 +09:00
Fedora Release Engineering
e4e388800c Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2023-07-19 23:57:26 +00:00
Peter Leitmann
2f8c73c631 Add TMT interop tests 2023-05-23 14:27:14 +00:00
Daiki Ueno
6a9f55ef66 Fix leftover of the previous %bcond change 
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-04-13 20:09:49 +09:00
Daiki Ueno
82e473e933 Use %bcond instead of %global for srp and mingw support 
This makes it possible to build the package with/without those
features, through rpmbuild --with/--without.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2023-04-11 19:38:39 +09:00
Richard W.M. Jones
e99bcaff78 Fix desychronisation with kTLS: 
https://gitlab.com/gnutls/gnutls/-/issues/1470
 2023-03-11 07:32:46 +00:00
Daniel P. Berrangé
e361bb292d Disable GNULIB's year2038 support for 64-bit time_t 
GNUTLS exposes time_t in its public API and thus the size of time_t
is ABI relevant. It can't be changed in size without breaking
ABI compatibility with applications built against GNUTLS that use
the default time_t size.

https://gitlab.com/gnutls/gnutls/-/issues/1466
https://bugzilla.redhat.com/show_bug.cgi?id=2174758
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
 2023-03-02 11:53:34 +00:00
Zoltan Fridrich
b08c1d3cb5 [packit] 3.8.0 upstream release 
Upstream tag: 3.8.0
Upstream commit: 516e466b

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2023-02-16 11:14:30 +01:00
Zoltan Fridrich
9df43c9df7 Prepare for release 
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2023-02-14 15:01:58 +01:00
Frantisek Krenzelok
a9d1c50f1a
KTLS: disable ktls_keyupdate & tls1.2 chachapoly tests 
There seems to be a kernel specific issues with CHACHA20-POLY1305 for
TLS 1.2 [1]

The test fails without a needed kernel patch

[1] https://gitlab.com/gnutls/gnutls/-/issues/1443

Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
 2023-01-20 21:55:56 +01:00
Frantisek Krenzelok
c1f8e66db2
KTLS additional ciphersuites 
Key update supported for patched kernels [1]

Configuration option `ktls = false` [2]

following ciphersuites are now supported: [3]
* TLS_AES_128_CCM_SHA256
* TLS_CHACHA20_POLY1305_SHA256

Ivalidate session on KTLS error as there is no way to recover and new
sockets as well as session have to be created. [4]

[1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1625
[2] https://gitlab.com/gnutls/gnutls/-/merge_requests/1673/diffs?commit_id=aefd7319c0b7b2410d06238246b7755b289e4837
[3] https://gitlab.com/gnutls/gnutls/-/merge_requests/1676
[4] https://gitlab.com/gnutls/gnutls/-/merge_requests/1664

Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
 2023-01-20 19:17:15 +01:00
Fedora Release Engineering
d401f95817 Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2023-01-19 05:48:39 +00:00
Frantisek Krenzelok
0596993205
gcc-analyzer: suppress warnings 
gcc analyzer causes issues in CI, this commit from upstream should fix it

Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
 2022-12-14 14:15:49 +01:00
Daniel P. Berrangé
5aa020da73 Cross-compiled mingw sub-RPMs should be 'noarch' 
Their contents should be identical (bar timestamps) regardless of which
host build arch is used, since we're cross compiling.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
 2022-10-27 16:52:20 +01:00
Zoltan Fridrich
ccfb815fcf Add conditions for mingw 
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-10-19 10:23:40 +02:00
Michael Cronenworth
cbaa7ad9b2 Merge branch 'mingw-merge' of ssh://pkgs.fedoraproject.org/forks/mooninite/rpms/gnutls into mingw-merge 
# Conflicts:
#	gnutls.spec
 2022-10-18 11:18:34 -05:00
Michael Cronenworth
86c02ce9dc Initial MinGW package support 
Merge the mingw-gnutls package into the native one.
 2022-10-18 11:16:48 -05:00
Zoltan Fridrich
9ba1f58c0f Use make macros 
Co-authored-by: Tom Stellard <tstellar@redhat.com>
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-10-18 15:39:06 +00:00
Zoltan Fridrich
8f2a1d9b48 Merge #59 Update release keyring 2022-10-18 15:34:57 +00:00
Zoltan Fridrich
30a64d9273 Update release keyring 
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-10-18 17:12:26 +02:00
Anderson Toshiyuki Sasaki
b9c750507f Enable gating and add FIPS smoke test 2022-10-18 14:30:24 +00:00
Daiki Ueno
2161d1913b Revert to not ignore errors in gpgverify 
Signed-off-by: Daiki Ueno <dueno@redhat.com>
 2022-10-18 14:11:46 +00:00
Zoltan Fridrich
2d72c1273b [packit] 3.7.8 upstream release 
Upstream tag: 3.7.8
Upstream commit: f527ed0e

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-10-18 14:25:18 +02:00