|
|
519d7d |
%bcond_without dane
|
|
|
519d7d |
%bcond_with guile
|
|
|
519d7d |
Summary: A TLS protocol implementation
|
|
|
519d7d |
Name: gnutls
|
|
|
519d7d |
Version: 3.3.29
|
|
|
519d7d |
Release: 9%{?dist}
|
|
|
519d7d |
# The libraries are LGPLv2.1+, utilities are GPLv3+
|
|
|
519d7d |
License: GPLv3+ and LGPLv2+
|
|
|
519d7d |
Group: System Environment/Libraries
|
|
|
519d7d |
BuildRequires: p11-kit-devel >= 0.23.1, gettext
|
|
|
519d7d |
BuildRequires: zlib-devel, readline-devel, libtasn1-devel >= 3.8
|
|
|
519d7d |
BuildRequires: libtool, automake, autoconf, texinfo
|
|
|
519d7d |
BuildRequires: autogen-libopts-devel >= 5.18 autogen gettext-devel
|
|
|
519d7d |
BuildRequires: nettle-devel >= 2.7.1
|
|
|
519d7d |
BuildRequires: trousers-devel >= 0.3.11.2
|
|
|
519d7d |
BuildRequires: libidn-devel
|
|
|
519d7d |
BuildRequires: gperf
|
|
|
519d7d |
BuildRequires: fipscheck
|
|
|
519d7d |
BuildRequires: softhsm, net-tools
|
|
|
519d7d |
Requires: p11-kit-trust
|
|
|
519d7d |
# The automatic dependency on libtasn1 and p11-kit is insufficient,
|
|
|
519d7d |
Requires: libtasn1 >= 3.9
|
|
|
519d7d |
Requires: p11-kit >= 0.23.1
|
|
|
519d7d |
Requires: trousers >= 0.3.11.2
|
|
|
519d7d |
%if %{with dane}
|
|
|
519d7d |
BuildRequires: unbound-devel unbound-libs
|
|
|
519d7d |
%endif
|
|
|
519d7d |
%if %{with guile}
|
|
|
519d7d |
BuildRequires: guile-devel
|
|
|
519d7d |
%endif
|
|
|
519d7d |
URL: http://www.gnutls.org/
|
|
|
519d7d |
#Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/%{name}-%{version}.tar.xz
|
|
|
519d7d |
#Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/%{name}-%{version}.tar.xz.sig
|
|
|
519d7d |
# XXX patent tainted code removed.
|
|
|
519d7d |
Source0: %{name}-%{version}-hobbled.tar.xz
|
|
|
519d7d |
Source1: libgnutls-config
|
|
|
519d7d |
Source2: hobble-gnutls
|
|
|
519d7d |
Patch1: gnutls-3.2.7-rpath.patch
|
|
|
519d7d |
Patch2: gnutls-3.1.11-nosrp.patch
|
|
|
519d7d |
Patch4: gnutls-3.3.8-fips-key.patch
|
|
|
519d7d |
Patch5: gnutls-3.3.8-padlock-disable.patch
|
|
|
519d7d |
# In 3.3.8 we were shipping an early backport of a fix in GNUTLS_E_APPLICATION_DATA
|
|
|
519d7d |
# behavior, which was using 3.4.0 semantics. We continue shipping to support
|
|
|
519d7d |
# any applications depending on that.
|
|
|
519d7d |
Patch6: gnutls-3.3.22-eapp-data.patch
|
|
|
519d7d |
Patch7: gnutls-3.3.26-dh-params-1024.patch
|
|
|
519d7d |
# Backport serv --sni-hostname option support (rhbz#1444792)
|
|
|
519d7d |
Patch8: gnutls-3.3.29-serv-sni-hostname.patch
|
|
|
519d7d |
Patch9: gnutls-3.3.29-serv-unrec-name.patch
|
|
|
519d7d |
Patch10: gnutls-3.3.29-cli-sni-hostname.patch
|
|
|
519d7d |
Patch11: gnutls-3.3.29-tests-sni-hostname.patch
|
|
|
519d7d |
# Do not try to retrieve PIN from URI more than once
|
|
|
519d7d |
Patch12: gnutls-3.3.29-pkcs11-retrieve-pin-from-uri-once.patch
|
|
|
519d7d |
# Backport of fixes to address CVE-2018-10844 CVE-2018-10845 CVE-2018-10846
|
|
|
519d7d |
# (rhbz#1589708 rhbz#1589707 rhbz1589704)
|
|
|
519d7d |
Patch13: gnutls-3.3.29-dummy-wait-account-len-field.patch
|
|
|
519d7d |
Patch14: gnutls-3.3.29-dummy-wait-hash-same-amount-of-blocks.patch
|
|
|
519d7d |
Patch15: gnutls-3.3.29-cbc-mac-verify-ssl3-min-pad.patch
|
|
|
519d7d |
Patch16: gnutls-3.3.29-remove-hmac-sha384-sha256-from-default.patch
|
|
|
519d7d |
# Adjustment on tests
|
|
|
519d7d |
Patch17: gnutls-3.3.29-do-not-run-sni-hostname-windows.patch
|
|
|
519d7d |
# Backport testpkcs11 test. This test checks rhbz#1375307
|
|
|
519d7d |
Patch18: gnutls-3.3.29-testpkcs11.patch
|
|
|
519d7d |
# Disable failing PKCS#11 tests brought from master branch. The reasons are:
|
|
|
519d7d |
# - ECC key generation without login is not supported
|
|
|
519d7d |
# - Certificates are marked as private objects
|
|
|
519d7d |
# - "--load-pubkey" option is not supported
|
|
|
519d7d |
# - "--test-sign" option is not supported
|
|
|
519d7d |
# - Certificates do not inherit its ID from the private key
|
|
|
519d7d |
Patch19: gnutls-3.3.29-disable-failing-tests.patch
|
|
|
519d7d |
# Do not mark certificates as private objects and re-enable test for this
|
|
|
519d7d |
Patch20: gnutls-3.3.29-do-not-mark-object-as-private.patch
|
|
|
519d7d |
Patch21: gnutls-3.3.29-re-enable-check-cert-write.patch
|
|
|
519d7d |
# Increase the length of the RSA keys generated in testpkcs11 to 2048 bits.
|
|
|
519d7d |
# This allows the test to run in FIPS mode
|
|
|
519d7d |
Patch22: gnutls-3.3.29-tests-pkcs11-increase-RSA-gen-size.patch
|
|
|
519d7d |
# Enlarge buffer size to support resumption with large keys (rhbz#1542461)
|
|
|
519d7d |
Patch23: gnutls-3.3.29-serv-large-key-resumption.patch
|
|
|
519d7d |
# HMAC-SHA-256 cipher suites brought back downstream for compatibility
|
|
|
519d7d |
# The priority was set below AEAD
|
|
|
519d7d |
Patch24: gnutls-3.3.29-bring-back-hmac-sha256.patch
|
|
|
519d7d |
# Run KAT startup test for ECDSA (using secp256r1 curve) (rhbz#1673919)
|
|
|
519d7d |
Patch25: gnutls-3.3.29-fips140-fix-ecdsa-kat-selftest.patch
|
|
|
519d7d |
# Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
|
|
|
519d7d |
Provides: bundled(gnulib) = 20130424
|
|
|
519d7d |
|
|
|
519d7d |
%package c++
|
|
|
519d7d |
Summary: The C++ interface to GnuTLS
|
|
|
519d7d |
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
|
519d7d |
|
|
|
519d7d |
%package devel
|
|
|
519d7d |
Summary: Development files for the %{name} package
|
|
|
519d7d |
Group: Development/Libraries
|
|
|
519d7d |
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
|
519d7d |
Requires: %{name}-c++%{?_isa} = %{version}-%{release}
|
|
|
519d7d |
%if %{with dane}
|
|
|
519d7d |
Requires: %{name}-dane%{?_isa} = %{version}-%{release}
|
|
|
519d7d |
%endif
|
|
|
519d7d |
Requires: pkgconfig
|
|
|
519d7d |
Requires(post): /sbin/install-info
|
|
|
519d7d |
Requires(preun): /sbin/install-info
|
|
|
519d7d |
|
|
|
519d7d |
%package utils
|
|
|
519d7d |
License: GPLv3+
|
|
|
519d7d |
Summary: Command line tools for TLS protocol
|
|
|
519d7d |
Group: Applications/System
|
|
|
519d7d |
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
|
519d7d |
%if %{with dane}
|
|
|
519d7d |
Requires: %{name}-dane%{?_isa} = %{version}-%{release}
|
|
|
519d7d |
%endif
|
|
|
519d7d |
|
|
|
519d7d |
%if %{with dane}
|
|
|
519d7d |
%package dane
|
|
|
519d7d |
Summary: A DANE protocol implementation for GnuTLS
|
|
|
519d7d |
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
|
519d7d |
%endif
|
|
|
519d7d |
|
|
|
519d7d |
%if %{with guile}
|
|
|
519d7d |
%package guile
|
|
|
519d7d |
Summary: Guile bindings for the GNUTLS library
|
|
|
519d7d |
Group: Development/Libraries
|
|
|
519d7d |
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
|
519d7d |
Requires: guile
|
|
|
519d7d |
%endif
|
|
|
519d7d |
|
|
|
519d7d |
%description
|
|
|
519d7d |
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
|
|
|
519d7d |
protocols and technologies around them. It provides a simple C language
|
|
|
519d7d |
application programming interface (API) to access the secure communications
|
|
|
519d7d |
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
|
|
|
519d7d |
other required structures.
|
|
|
519d7d |
|
|
|
519d7d |
%description c++
|
|
|
519d7d |
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
|
|
|
519d7d |
protocols and technologies around them. It provides a simple C language
|
|
|
519d7d |
application programming interface (API) to access the secure communications
|
|
|
519d7d |
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
|
|
|
519d7d |
other required structures.
|
|
|
519d7d |
This package contains the C++ interface for the GnuTLS library.
|
|
|
519d7d |
|
|
|
519d7d |
%description devel
|
|
|
519d7d |
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
|
|
|
519d7d |
protocols and technologies around them. It provides a simple C language
|
|
|
519d7d |
application programming interface (API) to access the secure communications
|
|
|
519d7d |
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
|
|
|
519d7d |
other required structures.
|
|
|
519d7d |
This package contains files needed for developing applications with
|
|
|
519d7d |
the GnuTLS library.
|
|
|
519d7d |
|
|
|
519d7d |
%description utils
|
|
|
519d7d |
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
|
|
|
519d7d |
protocols and technologies around them. It provides a simple C language
|
|
|
519d7d |
application programming interface (API) to access the secure communications
|
|
|
519d7d |
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
|
|
|
519d7d |
other required structures.
|
|
|
519d7d |
This package contains command line TLS client and server and certificate
|
|
|
519d7d |
manipulation tools.
|
|
|
519d7d |
|
|
|
519d7d |
%if %{with dane}
|
|
|
519d7d |
%description dane
|
|
|
519d7d |
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
|
|
|
519d7d |
protocols and technologies around them. It provides a simple C language
|
|
|
519d7d |
application programming interface (API) to access the secure communications
|
|
|
519d7d |
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
|
|
|
519d7d |
other required structures.
|
|
|
519d7d |
This package contains library that implements the DANE protocol for verifying
|
|
|
519d7d |
TLS certificates through DNSSEC.
|
|
|
519d7d |
%endif
|
|
|
519d7d |
|
|
|
519d7d |
%if %{with guile}
|
|
|
519d7d |
%description guile
|
|
|
519d7d |
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
|
|
|
519d7d |
protocols and technologies around them. It provides a simple C language
|
|
|
519d7d |
application programming interface (API) to access the secure communications
|
|
|
519d7d |
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
|
|
|
519d7d |
other required structures.
|
|
|
519d7d |
This package contains Guile bindings for the library.
|
|
|
519d7d |
%endif
|
|
|
519d7d |
|
|
|
519d7d |
%prep
|
|
|
519d7d |
%setup -q
|
|
|
519d7d |
|
|
|
519d7d |
%patch1 -p1 -b .rpath
|
|
|
519d7d |
%patch2 -p1 -b .nosrp
|
|
|
519d7d |
%patch4 -p1 -b .fips-key
|
|
|
519d7d |
%patch5 -p1 -b .padlock-disable
|
|
|
519d7d |
%patch6 -p1 -b .eapp-data
|
|
|
519d7d |
%patch7 -p1 -b .dh-1024
|
|
|
519d7d |
%patch8 -p1
|
|
|
519d7d |
%patch9 -p1
|
|
|
519d7d |
%patch10 -p1
|
|
|
519d7d |
%patch11 -p1
|
|
|
519d7d |
%patch12 -p1
|
|
|
519d7d |
%patch13 -p1
|
|
|
519d7d |
%patch14 -p1
|
|
|
519d7d |
%patch15 -p1
|
|
|
519d7d |
%patch16 -p1
|
|
|
519d7d |
%patch17 -p1
|
|
|
519d7d |
%patch18 -p1
|
|
|
519d7d |
%patch19 -p1
|
|
|
519d7d |
%patch20 -p1
|
|
|
519d7d |
%patch21 -p1
|
|
|
519d7d |
%patch22 -p1
|
|
|
519d7d |
%patch23 -p1
|
|
|
519d7d |
%patch24 -p1
|
|
|
519d7d |
%patch25 -p1
|
|
|
519d7d |
|
|
|
519d7d |
sed 's/gnutls_srp.c//g' -i lib/Makefile.in
|
|
|
519d7d |
sed 's/gnutls_srp.lo//g' -i lib/Makefile.in
|
|
|
519d7d |
rm -f lib/minitasn1/*.c lib/minitasn1/*.h
|
|
|
519d7d |
rm -f src/libopts/*.c src/libopts/*.h src/libopts/compat/*.c src/libopts/compat/*.h
|
|
|
519d7d |
|
|
|
519d7d |
# Touch man pages to avoid them to be regenerated after patches which change
|
|
|
519d7d |
# .def files
|
|
|
519d7d |
touch doc/manpages/gnutls-serv.1
|
|
|
519d7d |
touch doc/manpages/gnutls-cli.1
|
|
|
519d7d |
|
|
|
519d7d |
# Fix permissions for files brought by patches
|
|
|
519d7d |
chmod ugo+x %{_builddir}/%{name}-%{version}/tests/testpkcs11.sh
|
|
|
519d7d |
chmod ugo+x %{_builddir}/%{name}-%{version}/tests/sni-hostname.sh
|
|
|
519d7d |
|
|
|
519d7d |
%{SOURCE2} -e
|
|
|
519d7d |
autoreconf -if
|
|
|
519d7d |
|
|
|
519d7d |
%build
|
|
|
519d7d |
export LDFLAGS="-Wl,--no-add-needed"
|
|
|
519d7d |
|
|
|
519d7d |
%configure --with-libtasn1-prefix=%{_prefix} \
|
|
|
519d7d |
--with-default-trust-store-pkcs11="pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit" \
|
|
|
519d7d |
--with-included-libcfg \
|
|
|
519d7d |
--with-arcfour128 \
|
|
|
519d7d |
--with-ssl3 \
|
|
|
519d7d |
--disable-static \
|
|
|
519d7d |
--disable-openssl-compatibility \
|
|
|
519d7d |
--disable-srp-authentication \
|
|
|
519d7d |
--disable-non-suiteb-curves \
|
|
|
519d7d |
--with-trousers-lib=%{_libdir}/libtspi.so.1 \
|
|
|
519d7d |
--enable-fips140-mode \
|
|
|
519d7d |
%if %{with guile}
|
|
|
519d7d |
--enable-guile \
|
|
|
519d7d |
%ifarch %{arm}
|
|
|
519d7d |
--disable-largefile \
|
|
|
519d7d |
%endif
|
|
|
519d7d |
%else
|
|
|
519d7d |
--disable-guile \
|
|
|
519d7d |
%endif
|
|
|
519d7d |
%if %{with dane}
|
|
|
519d7d |
--with-unbound-root-key-file=/var/lib/unbound/root.key \
|
|
|
519d7d |
--enable-dane \
|
|
|
519d7d |
%else
|
|
|
519d7d |
--disable-dane \
|
|
|
519d7d |
%endif
|
|
|
519d7d |
--disable-rpath
|
|
|
519d7d |
# Note that the arm hack above is not quite right and the proper thing would
|
|
|
519d7d |
# be to compile guile with largefile support.
|
|
|
519d7d |
make %{?_smp_mflags}
|
|
|
519d7d |
|
|
|
519d7d |
%define __spec_install_post \
|
|
|
519d7d |
%{?__debug_package:%{__debug_install_post}} \
|
|
|
519d7d |
%{__arch_install_post} \
|
|
|
519d7d |
%{__os_install_post} \
|
|
|
519d7d |
fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.28.*.* \
|
|
|
519d7d |
file=`basename $RPM_BUILD_ROOT%{_libdir}/libgnutls.so.28.*.hmac` && mv $RPM_BUILD_ROOT%{_libdir}/$file $RPM_BUILD_ROOT%{_libdir}/.$file && ln -s .$file $RPM_BUILD_ROOT%{_libdir}/.libgnutls.so.28.hmac \
|
|
|
519d7d |
%{nil}
|
|
|
519d7d |
|
|
|
519d7d |
%install
|
|
|
519d7d |
make install DESTDIR=$RPM_BUILD_ROOT
|
|
|
519d7d |
rm -f $RPM_BUILD_ROOT%{_bindir}/srptool
|
|
|
519d7d |
rm -f $RPM_BUILD_ROOT%{_bindir}/gnutls-srpcrypt
|
|
|
519d7d |
cp -f %{SOURCE1} $RPM_BUILD_ROOT%{_bindir}/libgnutls-config
|
|
|
519d7d |
rm -f $RPM_BUILD_ROOT%{_mandir}/man1/srptool.1
|
|
|
519d7d |
rm -f $RPM_BUILD_ROOT%{_mandir}/man3/*srp*
|
|
|
519d7d |
rm -f $RPM_BUILD_ROOT%{_infodir}/dir
|
|
|
519d7d |
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
|
|
519d7d |
rm -f $RPM_BUILD_ROOT%{_libdir}/libguile*.a
|
|
|
519d7d |
%if %{without dane}
|
|
|
519d7d |
rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls-dane.pc
|
|
|
519d7d |
%endif
|
|
|
519d7d |
|
|
|
519d7d |
%find_lang gnutls
|
|
|
519d7d |
|
|
|
519d7d |
%check
|
|
|
519d7d |
make check %{?_smp_mflags}
|
|
|
519d7d |
|
|
|
519d7d |
%post -p /sbin/ldconfig
|
|
|
519d7d |
|
|
|
519d7d |
%postun -p /sbin/ldconfig
|
|
|
519d7d |
|
|
|
519d7d |
%post c++ -p /sbin/ldconfig
|
|
|
519d7d |
|
|
|
519d7d |
%postun c++ -p /sbin/ldconfig
|
|
|
519d7d |
|
|
|
519d7d |
%post devel
|
|
|
519d7d |
if [ -f %{_infodir}/gnutls.info.gz ]; then
|
|
|
519d7d |
/sbin/install-info %{_infodir}/gnutls.info.gz %{_infodir}/dir || :
|
|
|
519d7d |
fi
|
|
|
519d7d |
|
|
|
519d7d |
%preun devel
|
|
|
519d7d |
if [ $1 = 0 -a -f %{_infodir}/gnutls.info.gz ]; then
|
|
|
519d7d |
/sbin/install-info --delete %{_infodir}/gnutls.info.gz %{_infodir}/dir || :
|
|
|
519d7d |
fi
|
|
|
519d7d |
|
|
|
519d7d |
%if %{with dane}
|
|
|
519d7d |
%post dane -p /sbin/ldconfig
|
|
|
519d7d |
|
|
|
519d7d |
%postun dane -p /sbin/ldconfig
|
|
|
519d7d |
%endif
|
|
|
519d7d |
|
|
|
519d7d |
%if %{with guile}
|
|
|
519d7d |
%post guile -p /sbin/ldconfig
|
|
|
519d7d |
|
|
|
519d7d |
%postun guile -p /sbin/ldconfig
|
|
|
519d7d |
%endif
|
|
|
519d7d |
|
|
|
519d7d |
%files -f gnutls.lang
|
|
|
519d7d |
%defattr(-,root,root,-)
|
|
|
519d7d |
%{_libdir}/libgnutls.so.28*
|
|
|
519d7d |
%{_libdir}/.libgnutls.so.28*.hmac
|
|
|
519d7d |
%doc COPYING COPYING.LESSER README AUTHORS NEWS THANKS
|
|
|
519d7d |
|
|
|
519d7d |
%files c++
|
|
|
519d7d |
%{_libdir}/libgnutlsxx.so.*
|
|
|
519d7d |
|
|
|
519d7d |
%files devel
|
|
|
519d7d |
%defattr(-,root,root,-)
|
|
|
519d7d |
%{_bindir}/libgnutls*-config
|
|
|
519d7d |
%{_includedir}/*
|
|
|
519d7d |
%{_libdir}/libgnutls*.so
|
|
|
519d7d |
%{_libdir}/.libgnutls.so.*.hmac
|
|
|
519d7d |
%{_libdir}/pkgconfig/*.pc
|
|
|
519d7d |
%{_mandir}/man3/*
|
|
|
519d7d |
%{_infodir}/gnutls*
|
|
|
519d7d |
%{_infodir}/pkcs11-vision*
|
|
|
519d7d |
|
|
|
519d7d |
%files utils
|
|
|
519d7d |
%defattr(-,root,root,-)
|
|
|
519d7d |
%{_bindir}/certtool
|
|
|
519d7d |
%{_bindir}/tpmtool
|
|
|
519d7d |
%{_bindir}/ocsptool
|
|
|
519d7d |
%{_bindir}/psktool
|
|
|
519d7d |
%{_bindir}/p11tool
|
|
|
519d7d |
%{_bindir}/crywrap
|
|
|
519d7d |
%if %{with dane}
|
|
|
519d7d |
%{_bindir}/danetool
|
|
|
519d7d |
%endif
|
|
|
519d7d |
%{_bindir}/gnutls*
|
|
|
519d7d |
%{_mandir}/man1/*
|
|
|
519d7d |
%doc doc/certtool.cfg
|
|
|
519d7d |
|
|
|
519d7d |
%if %{with dane}
|
|
|
519d7d |
%files dane
|
|
|
519d7d |
%defattr(-,root,root,-)
|
|
|
519d7d |
%{_libdir}/libgnutls-dane.so.*
|
|
|
519d7d |
%endif
|
|
|
519d7d |
|
|
|
519d7d |
%if %{with guile}
|
|
|
519d7d |
%files guile
|
|
|
519d7d |
%defattr(-,root,root,-)
|
|
|
519d7d |
%{_libdir}/libguile*.so*
|
|
|
519d7d |
%{_datadir}/guile/site/gnutls
|
|
|
519d7d |
%{_datadir}/guile/site/gnutls.scm
|
|
|
519d7d |
%endif
|
|
|
519d7d |
|
|
|
519d7d |
%changelog
|
|
|
519d7d |
* Tue Feb 12 2019 Anderson Sasaki <ansasaki@redhat.com> 3.3.29-9
|
|
|
519d7d |
- Make sure the FIPS startup KAT selftest run for ECDSA (#1673919)
|
|
|
519d7d |
|
|
|
519d7d |
* Fri Jul 20 2018 Anderson Sasaki <ansasaki@redhat.com> 3.3.29-8
|
|
|
519d7d |
- Backported --sni-hostname option which allows overriding the hostname
|
|
|
519d7d |
advertised to the peer (#1444792)
|
|
|
519d7d |
- Improved counter-measures in TLS CBC record padding for lucky13 attack
|
|
|
519d7d |
(CVE-2018-10844, #1589704, CVE-2018-10845, #1589707)
|
|
|
519d7d |
- Added counter-measures for "Just in Time" PRIME + PROBE cache-based attack
|
|
|
519d7d |
(CVE-2018-10846, #1589708)
|
|
|
519d7d |
- Address p11tool issue in object deletion in batch mode (#1375307)
|
|
|
519d7d |
- Backport PKCS#11 tests from master branch. Some tests were disabled due to
|
|
|
519d7d |
unsupported features in 3.3.x (--load-pubkey and --test-sign options, ECC key
|
|
|
519d7d |
generation without login, and certificates do not inherit ID from the private
|
|
|
519d7d |
key)
|
|
|
519d7d |
- p11tool explicitly marks certificates and public keys as NOT private objects
|
|
|
519d7d |
and private keys as private objects
|
|
|
519d7d |
- Enlarge buffer size to support resumption with large keys (#1542461)
|
|
|
519d7d |
- Legacy HMAC-SHA384 cipher suites were disabled by default
|
|
|
519d7d |
- Added DSA key generation to p11tool (#1464896)
|
|
|
519d7d |
- Address session renegotiation issue using client certificate (#1434091)
|
|
|
519d7d |
- Address issue when importing private keys into Atos HSM (#1460125)
|
|
|
519d7d |
|
|
|
519d7d |
* Fri May 26 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.26-9
|
|
|
519d7d |
- Address crash in OCSP status request extension, by eliminating the
|
|
|
519d7d |
unneeded parsing (CVE-2017-7507, #1455828)
|
|
|
519d7d |
|
|
|
519d7d |
* Wed Apr 26 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.26-7
|
|
|
519d7d |
- Address interoperability issue with 3.5.x (#1388932)
|
|
|
519d7d |
- Reject CAs which are both trusted and blacklisted in trust module (#1375303)
|
|
|
519d7d |
- Added new functions to set issuer and subject ID in certificates (#1378373)
|
|
|
519d7d |
- Reject connections with less than 1024-bit DH parameters (#1335931)
|
|
|
519d7d |
- Fix issue that made GnuTLS parse only the first 32 extensions (#1383748)
|
|
|
519d7d |
- Mention limitations of certtool in manpage (#1375463)
|
|
|
519d7d |
- Read PKCS#8 files with HMAC-SHA256 -as generated by openssl 1.1 (#1380642)
|
|
|
519d7d |
- Do not link directly to trousers but instead use dlopen (#1379739)
|
|
|
519d7d |
- Fix incorrect OCSP validation (#1377569)
|
|
|
519d7d |
- Added support for pin-value in PKCS#11 URIs (#1379283)
|
|
|
519d7d |
- Added the --id option to p11tool (#1399232)
|
|
|
519d7d |
- Improved sanity checks in RSA key generation (#1444780)
|
|
|
519d7d |
- Addressed CVE-2017-5334, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337,
|
|
|
519d7d |
CVE-2017-7869
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Jul 12 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.24-1
|
|
|
519d7d |
- Addressed issue with DSA public keys smaller than 2^1024 (#1238279)
|
|
|
519d7d |
- Addressed two-byte buffer overflow in the DTLS-0.9 protocol (#1209365)
|
|
|
519d7d |
- When writing certificates to smart cards write the CKA_ISSUER and
|
|
|
519d7d |
CKA_SERIAL_NUMBER fields to allow NSS reading them (#1272179)
|
|
|
519d7d |
- Use the shared system certificate store (#1110750)
|
|
|
519d7d |
- Address MD5 transcript collision attacks in TLS key exchange (#1289888,
|
|
|
519d7d |
CVE-2015-7575)
|
|
|
519d7d |
- Allow hashing data over 2^32 bytes (#1306953)
|
|
|
519d7d |
- Ensure written PKCS#11 public keys are not marked as private (#1339453)
|
|
|
519d7d |
- Ensure secure_getenv() is called on all uses of environment variables
|
|
|
519d7d |
(#1344591).
|
|
|
519d7d |
- Fix issues related to PKCS #11 private key listing on certain HSMs
|
|
|
519d7d |
(#1351389)
|
|
|
519d7d |
|
|
|
519d7d |
* Fri Jun 5 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-13
|
|
|
519d7d |
- Corrected reseed and respect of max_number_of_bits_per_request in
|
|
|
519d7d |
FIPS140-2 mode. Also enhanced the initial tests. (#1228199)
|
|
|
519d7d |
|
|
|
519d7d |
* Mon Jan 5 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-12
|
|
|
519d7d |
- corrected fix of handshake buffer resets (#1153106)
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Dec 11 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-11
|
|
|
519d7d |
- Applied fix for urandom FD in FIPS140 mode (#1165047)
|
|
|
519d7d |
- Applied fix for FIPS140-2 related regression (#1110696)
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Dec 2 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-10
|
|
|
519d7d |
- Amended fix for urandom FD to avoid regression in FIPS140 mode (#1165047)
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Nov 18 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-9
|
|
|
519d7d |
- Amended fix for FIPS enforcement issue (#1163848)
|
|
|
519d7d |
- Fixed issue with applications that close all file descriptors (#1165047)
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Nov 13 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-8
|
|
|
519d7d |
- Applied fix for FIPS enforcement issue when only /etc/system-fips
|
|
|
519d7d |
existed (#1163848)
|
|
|
519d7d |
|
|
|
519d7d |
* Fri Nov 7 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-7
|
|
|
519d7d |
- Applied fix for CVE-2014-8564 (#1161473)
|
|
|
519d7d |
|
|
|
519d7d |
* Wed Oct 29 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-6
|
|
|
519d7d |
- when generating test DH keys, enforce the q_bits.
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Oct 21 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-5
|
|
|
519d7d |
- do not enforce FIPS140-2 policies in non-FIPS140 mode (#1154774)
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Oct 16 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-4
|
|
|
519d7d |
- reverted change to use the p11-kit certificate storage (#1110750)
|
|
|
519d7d |
- added functions to test DH/ECDH in FIPS-140-2 mode and fixed
|
|
|
519d7d |
RSA key generation (#1110696)
|
|
|
519d7d |
- added manual dependencies on libtasn1 3.8 as well as p11-kit 0.20.7
|
|
|
519d7d |
- fixed SHA224 in SSSE3 optimized code
|
|
|
519d7d |
- fixed issue with handshake buffer resets (#1153106)
|
|
|
519d7d |
- fixed issue in RSA key generation with specific seeds in FIPS140-2 mode
|
|
|
519d7d |
|
|
|
519d7d |
* Wed Oct 01 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-3
|
|
|
519d7d |
- added dependency on libtasn1 3.8 (#1110696)
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Sep 18 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-2
|
|
|
519d7d |
- disabled padlock CPU support in FIPS140-2 mode
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Sep 18 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-1
|
|
|
519d7d |
- updated to latest stable release
|
|
|
519d7d |
|
|
|
519d7d |
* Fri Sep 05 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-1.b2
|
|
|
519d7d |
- updated with latest bug fixes for 3.3.x branch
|
|
|
519d7d |
- delete bundled files
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Sep 04 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8b1-1
|
|
|
519d7d |
- updated with latest bug fixes for 3.3.x branch
|
|
|
519d7d |
|
|
|
519d7d |
* Fri Aug 22 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.7-1
|
|
|
519d7d |
- new upstream release (#1110696)
|
|
|
519d7d |
- allow DSA/DH key generation with 1024 when not in FIPS140-2 mode (#1132705)
|
|
|
519d7d |
|
|
|
519d7d |
* Fri Aug 15 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.7b1-1
|
|
|
519d7d |
- updated with latest bug fixes for 3.3.x branch
|
|
|
519d7d |
- utilize the p11-kit trust store (#1110750)
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Jul 29 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.6-2
|
|
|
519d7d |
- correct path of fipscheck links
|
|
|
519d7d |
|
|
|
519d7d |
* Wed Jul 23 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.6-1
|
|
|
519d7d |
- rebased to 3.3.6 and enabled fips mode (#1110696)
|
|
|
519d7d |
|
|
|
519d7d |
* Wed May 28 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.1.18-9
|
|
|
519d7d |
- fix session ID length check (#1102027)
|
|
|
519d7d |
- fixes null pointer dereference (#1101727)
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Feb 25 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.1.18-8
|
|
|
519d7d |
- fixes CVE-2014-0092 (#1071815)
|
|
|
519d7d |
|
|
|
519d7d |
* Fri Feb 14 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.1.18-7
|
|
|
519d7d |
- fixes CVE-2014-1959
|
|
|
519d7d |
|
|
|
519d7d |
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 3.1.18-6
|
|
|
519d7d |
- Mass rebuild 2014-01-24
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Jan 14 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.1.18-5
|
|
|
519d7d |
- Fixed issue with gnutls.info not being available (#1053487)
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Jan 14 2014 Tomáš Mráz <tmraz@redhat.com> 3.1.18-4
|
|
|
519d7d |
- build the crywrap tool
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Jan 02 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.1.18-3
|
|
|
519d7d |
- fixes crash in gnutls_global_deinit (#1047037)
|
|
|
519d7d |
|
|
|
519d7d |
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 3.1.18-2
|
|
|
519d7d |
- Mass rebuild 2013-12-27
|
|
|
519d7d |
|
|
|
519d7d |
* Mon Dec 23 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.1.18-1
|
|
|
519d7d |
- new upstream release (#1040886)
|
|
|
519d7d |
- Use the correct root key for unbound
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Nov 5 2013 Tomáš Mráz <tmraz@redhat.com> 3.1.16-1
|
|
|
519d7d |
- new upstream release
|
|
|
519d7d |
- fixes CVE-2013-4466 off-by-one in dane_query_tlsa()
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Oct 29 2013 Tomáš Mráz <tmraz@redhat.com> 3.1.15-1
|
|
|
519d7d |
- new upstream release
|
|
|
519d7d |
- fixes CVE-2013-4466 buffer overflow in handling DANE entries
|
|
|
519d7d |
|
|
|
519d7d |
* Mon Jul 15 2013 Tomáš Mráz <tmraz@redhat.com> 3.1.13-1
|
|
|
519d7d |
- new upstream release
|
|
|
519d7d |
|
|
|
519d7d |
* Thu May 23 2013 Tomáš Mráz <tmraz@redhat.com> 3.1.11-1
|
|
|
519d7d |
- new upstream release
|
|
|
519d7d |
- enable ECC NIST Suite B curves
|
|
|
519d7d |
|
|
|
519d7d |
* Mon Mar 25 2013 Tomas Mraz <tmraz@redhat.com> 3.1.10-1
|
|
|
519d7d |
- new upstream release
|
|
|
519d7d |
- license of the library is back to LGPLv2.1+
|
|
|
519d7d |
|
|
|
519d7d |
* Fri Mar 15 2013 Tomas Mraz <tmraz@redhat.com> 3.1.9-1
|
|
|
519d7d |
- new upstream release
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Mar 7 2013 Tomas Mraz <tmraz@redhat.com> 3.1.8-3
|
|
|
519d7d |
- drop the temporary old library
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Feb 26 2013 Tomas Mraz <tmraz@redhat.com> 3.1.8-2
|
|
|
519d7d |
- don't send ECC algos as supported (#913797)
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Feb 21 2013 Tomas Mraz <tmraz@redhat.com> 3.1.8-1
|
|
|
519d7d |
- new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Wed Feb 6 2013 Tomas Mraz <tmraz@redhat.com> 3.1.7-1
|
|
|
519d7d |
- new upstream version, requires rebuild of dependencies
|
|
|
519d7d |
- this release temporarily includes old compatibility .so
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Feb 5 2013 Tomas Mraz <tmraz@redhat.com> 2.12.22-2
|
|
|
519d7d |
- rebuilt with new libtasn1
|
|
|
519d7d |
- make guile bindings optional - breaks i686 build and there is
|
|
|
519d7d |
no dependent package
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Jan 8 2013 Tomas Mraz <tmraz@redhat.com> 2.12.22-1
|
|
|
519d7d |
- new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Wed Nov 28 2012 Tomas Mraz <tmraz@redhat.com> 2.12.21-2
|
|
|
519d7d |
- use RSA bit sizes supported by libgcrypt in FIPS mode for security
|
|
|
519d7d |
levels (#879643)
|
|
|
519d7d |
|
|
|
519d7d |
* Fri Nov 9 2012 Tomas Mraz <tmraz@redhat.com> 2.12.21-1
|
|
|
519d7d |
- new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Nov 1 2012 Tomas Mraz <tmraz@redhat.com> 2.12.20-4
|
|
|
519d7d |
- negotiate only FIPS approved algorithms in the FIPS mode (#871826)
|
|
|
519d7d |
|
|
|
519d7d |
* Wed Aug 8 2012 Tomas Mraz <tmraz@redhat.com> 2.12.20-3
|
|
|
519d7d |
- fix the gnutls-cli-debug manpage - patch by Peter Schiffer
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.12.20-2
|
|
|
519d7d |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
|
|
519d7d |
|
|
|
519d7d |
* Mon Jun 18 2012 Tomas Mraz <tmraz@redhat.com> 2.12.20-1
|
|
|
519d7d |
- new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Fri May 18 2012 Tomas Mraz <tmraz@redhat.com> 2.12.19-1
|
|
|
519d7d |
- new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Mar 29 2012 Tomas Mraz <tmraz@redhat.com> 2.12.18-1
|
|
|
519d7d |
- new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Mar 8 2012 Tomas Mraz <tmraz@redhat.com> 2.12.17-1
|
|
|
519d7d |
- new upstream version
|
|
|
519d7d |
- fix leaks in key generation (#796302)
|
|
|
519d7d |
|
|
|
519d7d |
* Fri Feb 03 2012 Kevin Fenzi <kevin@scrye.com> - 2.12.14-3
|
|
|
519d7d |
- Disable largefile on arm arch. (#787287)
|
|
|
519d7d |
|
|
|
519d7d |
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.12.14-2
|
|
|
519d7d |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Nov 8 2011 Tomas Mraz <tmraz@redhat.com> 2.12.14-1
|
|
|
519d7d |
- new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Mon Oct 24 2011 Tomas Mraz <tmraz@redhat.com> 2.12.12-1
|
|
|
519d7d |
- new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Sep 29 2011 Tomas Mraz <tmraz@redhat.com> 2.12.11-1
|
|
|
519d7d |
- new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Fri Aug 26 2011 Tomas Mraz <tmraz@redhat.com> 2.12.9-1
|
|
|
519d7d |
- new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Aug 16 2011 Tomas Mraz <tmraz@redhat.com> 2.12.8-1
|
|
|
519d7d |
- new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Mon Jul 25 2011 Tomas Mraz <tmraz@redhat.com> 2.12.7-2
|
|
|
519d7d |
- fix problem when using new libgcrypt
|
|
|
519d7d |
- split libgnutlsxx to a subpackage (#455146)
|
|
|
519d7d |
- drop libgnutls-openssl (#460310)
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Jun 21 2011 Tomas Mraz <tmraz@redhat.com> 2.12.7-1
|
|
|
519d7d |
- new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Mon May 9 2011 Tomas Mraz <tmraz@redhat.com> 2.12.4-1
|
|
|
519d7d |
- new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Apr 26 2011 Tomas Mraz <tmraz@redhat.com> 2.12.3-1
|
|
|
519d7d |
- new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Mon Apr 18 2011 Tomas Mraz <tmraz@redhat.com> 2.12.2-1
|
|
|
519d7d |
- new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Mar 3 2011 Tomas Mraz <tmraz@redhat.com> 2.10.5-1
|
|
|
519d7d |
- new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.10.4-2
|
|
|
519d7d |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
|
|
519d7d |
|
|
|
519d7d |
* Wed Dec 8 2010 Tomas Mraz <tmraz@redhat.com> 2.10.4-1
|
|
|
519d7d |
- new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Dec 2 2010 Tomas Mraz <tmraz@redhat.com> 2.10.3-2
|
|
|
519d7d |
- fix buffer overflow in gnutls-serv (#659259)
|
|
|
519d7d |
|
|
|
519d7d |
* Fri Nov 19 2010 Tomas Mraz <tmraz@redhat.com> 2.10.3-1
|
|
|
519d7d |
- new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Sep 30 2010 Tomas Mraz <tmraz@redhat.com> 2.10.2-1
|
|
|
519d7d |
- new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Wed Sep 29 2010 jkeating - 2.10.1-4
|
|
|
519d7d |
- Rebuilt for gcc bug 634757
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Sep 23 2010 Tomas Mraz <tmraz@redhat.com> 2.10.1-3
|
|
|
519d7d |
- more patching for internal errors regression (#629858)
|
|
|
519d7d |
patch by Vivek Dasmohapatra
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Sep 21 2010 Tomas Mraz <tmraz@redhat.com> 2.10.1-2
|
|
|
519d7d |
- backported patch from upstream git hopefully fixing internal errors
|
|
|
519d7d |
(#629858)
|
|
|
519d7d |
|
|
|
519d7d |
* Wed Aug 4 2010 Tomas Mraz <tmraz@redhat.com> 2.10.1-1
|
|
|
519d7d |
- new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Wed Jun 2 2010 Tomas Mraz <tmraz@redhat.com> 2.8.6-2
|
|
|
519d7d |
- add support for safe renegotiation CVE-2009-3555 (#533125)
|
|
|
519d7d |
|
|
|
519d7d |
* Wed May 12 2010 Tomas Mraz <tmraz@redhat.com> 2.8.6-1
|
|
|
519d7d |
- upgrade to a new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Mon Feb 15 2010 Rex Dieter <rdieter@fedoraproject.org> 2.8.5-4
|
|
|
519d7d |
- FTBFS gnutls-2.8.5-3.fc13: ImplicitDSOLinking (#564624)
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Jan 28 2010 Tomas Mraz <tmraz@redhat.com> 2.8.5-3
|
|
|
519d7d |
- drop superfluous rpath from binaries
|
|
|
519d7d |
- do not call autoreconf during build
|
|
|
519d7d |
- specify the license on utils subpackage
|
|
|
519d7d |
|
|
|
519d7d |
* Mon Jan 18 2010 Tomas Mraz <tmraz@redhat.com> 2.8.5-2
|
|
|
519d7d |
- do not create static libraries (#556052)
|
|
|
519d7d |
|
|
|
519d7d |
* Mon Nov 2 2009 Tomas Mraz <tmraz@redhat.com> 2.8.5-1
|
|
|
519d7d |
- upgrade to a new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Wed Sep 23 2009 Tomas Mraz <tmraz@redhat.com> 2.8.4-1
|
|
|
519d7d |
- upgrade to a new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Fri Aug 14 2009 Tomas Mraz <tmraz@redhat.com> 2.8.3-1
|
|
|
519d7d |
- upgrade to a new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.8.1-2
|
|
|
519d7d |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
|
|
519d7d |
|
|
|
519d7d |
* Wed Jun 10 2009 Tomas Mraz <tmraz@redhat.com> 2.8.1-1
|
|
|
519d7d |
- upgrade to a new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Wed Jun 3 2009 Tomas Mraz <tmraz@redhat.com> 2.8.0-1
|
|
|
519d7d |
- upgrade to a new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Mon May 4 2009 Tomas Mraz <tmraz@redhat.com> 2.6.6-1
|
|
|
519d7d |
- upgrade to a new upstream version - security fixes
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Apr 14 2009 Tomas Mraz <tmraz@redhat.com> 2.6.5-1
|
|
|
519d7d |
- upgrade to a new upstream version, minor bugfixes only
|
|
|
519d7d |
|
|
|
519d7d |
* Fri Mar 6 2009 Tomas Mraz <tmraz@redhat.com> 2.6.4-1
|
|
|
519d7d |
- upgrade to a new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.3-2
|
|
|
519d7d |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
|
|
519d7d |
|
|
|
519d7d |
* Mon Dec 15 2008 Tomas Mraz <tmraz@redhat.com> 2.6.3-1
|
|
|
519d7d |
- upgrade to a new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Dec 4 2008 Tomas Mraz <tmraz@redhat.com> 2.6.2-1
|
|
|
519d7d |
- upgrade to a new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Nov 11 2008 Tomas Mraz <tmraz@redhat.com> 2.4.2-3
|
|
|
519d7d |
- fix chain verification issue CVE-2008-4989 (#470079)
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Sep 25 2008 Tomas Mraz <tmraz@redhat.com> 2.4.2-2
|
|
|
519d7d |
- add guile subpackage (#463735)
|
|
|
519d7d |
- force new libtool through autoreconf to drop unnecessary rpaths
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Sep 23 2008 Tomas Mraz <tmraz@redhat.com> 2.4.2-1
|
|
|
519d7d |
- new upstream version
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Jul 1 2008 Tomas Mraz <tmraz@redhat.com> 2.4.1-1
|
|
|
519d7d |
- new upstream version
|
|
|
519d7d |
- correct the license tag
|
|
|
519d7d |
- explicit --with-included-opencdk not needed
|
|
|
519d7d |
- use external lzo library, internal not included anymore
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Jun 24 2008 Tomas Mraz <tmraz@redhat.com> 2.4.0-1
|
|
|
519d7d |
- upgrade to latest upstream
|
|
|
519d7d |
|
|
|
519d7d |
* Tue May 20 2008 Tomas Mraz <tmraz@redhat.com> 2.0.4-3
|
|
|
519d7d |
- fix three security issues in gnutls handshake - GNUTLS-SA-2008-1
|
|
|
519d7d |
(#447461, #447462, #447463)
|
|
|
519d7d |
|
|
|
519d7d |
* Mon Feb 4 2008 Joe Orton <jorton@redhat.com> 2.0.4-2
|
|
|
519d7d |
- use system libtasn1
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Dec 4 2007 Tomas Mraz <tmraz@redhat.com> 2.0.4-1
|
|
|
519d7d |
- upgrade to latest upstream
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Aug 21 2007 Tomas Mraz <tmraz@redhat.com> 1.6.3-2
|
|
|
519d7d |
- license tag fix
|
|
|
519d7d |
|
|
|
519d7d |
* Wed Jun 6 2007 Tomas Mraz <tmraz@redhat.com> 1.6.3-1
|
|
|
519d7d |
- upgrade to latest upstream (#232445)
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Apr 10 2007 Tomas Mraz <tmraz@redhat.com> 1.4.5-2
|
|
|
519d7d |
- properly require install-info (patch by Ville Skyttä)
|
|
|
519d7d |
- standard buildroot and use dist tag
|
|
|
519d7d |
- add COPYING and README to doc
|
|
|
519d7d |
|
|
|
519d7d |
* Wed Feb 7 2007 Tomas Mraz <tmraz@redhat.com> 1.4.5-1
|
|
|
519d7d |
- new upstream version
|
|
|
519d7d |
- drop libtermcap-devel from buildrequires
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Sep 14 2006 Tomas Mraz <tmraz@redhat.com> 1.4.1-2
|
|
|
519d7d |
- detect forged signatures - CVE-2006-4790 (#206411), patch
|
|
|
519d7d |
from upstream
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Jul 18 2006 Tomas Mraz <tmraz@redhat.com> - 1.4.1-1
|
|
|
519d7d |
- upgrade to new upstream version, only minor changes
|
|
|
519d7d |
|
|
|
519d7d |
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.4.0-1.1
|
|
|
519d7d |
- rebuild
|
|
|
519d7d |
|
|
|
519d7d |
* Wed Jun 14 2006 Tomas Mraz <tmraz@redhat.com> - 1.4.0-1
|
|
|
519d7d |
- upgrade to new upstream version (#192070), rebuild
|
|
|
519d7d |
of dependent packages required
|
|
|
519d7d |
|
|
|
519d7d |
* Tue May 16 2006 Tomas Mraz <tmraz@redhat.com> - 1.2.10-2
|
|
|
519d7d |
- added missing buildrequires
|
|
|
519d7d |
|
|
|
519d7d |
* Mon Feb 13 2006 Tomas Mraz <tmraz@redhat.com> - 1.2.10-1
|
|
|
519d7d |
- updated to new version (fixes CVE-2006-0645)
|
|
|
519d7d |
|
|
|
519d7d |
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.2.9-3.2
|
|
|
519d7d |
- bump again for double-long bug on ppc(64)
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.2.9-3.1
|
|
|
519d7d |
- rebuilt for new gcc4.1 snapshot and glibc changes
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Jan 3 2006 Jesse Keating <jkeating@redhat.com> 1.2.9-3
|
|
|
519d7d |
- rebuilt
|
|
|
519d7d |
|
|
|
519d7d |
* Fri Dec 9 2005 Tomas Mraz <tmraz@redhat.com> 1.2.9-2
|
|
|
519d7d |
- replaced *-config scripts with calls to pkg-config to
|
|
|
519d7d |
solve multilib conflicts
|
|
|
519d7d |
|
|
|
519d7d |
* Wed Nov 23 2005 Tomas Mraz <tmraz@redhat.com> 1.2.9-1
|
|
|
519d7d |
- upgrade to newest upstream
|
|
|
519d7d |
- removed .la files (#172635)
|
|
|
519d7d |
|
|
|
519d7d |
* Sun Aug 7 2005 Tomas Mraz <tmraz@redhat.com> 1.2.6-1
|
|
|
519d7d |
- upgrade to newest upstream (rebuild of dependencies necessary)
|
|
|
519d7d |
|
|
|
519d7d |
* Mon Jul 4 2005 Tomas Mraz <tmraz@redhat.com> 1.0.25-2
|
|
|
519d7d |
- split the command line tools to utils subpackage
|
|
|
519d7d |
|
|
|
519d7d |
* Sat Apr 30 2005 Tomas Mraz <tmraz@redhat.com> 1.0.25-1
|
|
|
519d7d |
- new upstream version fixes potential DOS attack
|
|
|
519d7d |
|
|
|
519d7d |
* Sat Apr 23 2005 Tomas Mraz <tmraz@redhat.com> 1.0.24-2
|
|
|
519d7d |
- readd the version script dropped by upstream
|
|
|
519d7d |
|
|
|
519d7d |
* Fri Apr 22 2005 Tomas Mraz <tmraz@redhat.com> 1.0.24-1
|
|
|
519d7d |
- update to the latest upstream version on the 1.0 branch
|
|
|
519d7d |
|
|
|
519d7d |
* Wed Mar 2 2005 Warren Togami <wtogami@redhat.com> 1.0.20-6
|
|
|
519d7d |
- gcc4 rebuild
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Jan 4 2005 Ivana Varekova <varekova@redhat.com> 1.0.20-5
|
|
|
519d7d |
- add gnutls Requires zlib-devel (#144069)
|
|
|
519d7d |
|
|
|
519d7d |
* Mon Nov 08 2004 Colin Walters <walters@redhat.com> 1.0.20-4
|
|
|
519d7d |
- Make gnutls-devel Require libgcrypt-devel
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Sep 21 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-3
|
|
|
519d7d |
- rebuild with release++, otherwise unchanged.
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Sep 7 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-2
|
|
|
519d7d |
- patent tainted SRP code removed.
|
|
|
519d7d |
|
|
|
519d7d |
* Sun Sep 5 2004 Jeff Johnson <jbj@redhat.com> 1.0.20-1
|
|
|
519d7d |
- update to 1.0.20.
|
|
|
519d7d |
- add --with-included-opencdk --with-included-libtasn1
|
|
|
519d7d |
- add --with-included-libcfg --with-included-lzo
|
|
|
519d7d |
- add --disable-srp-authentication.
|
|
|
519d7d |
- do "make check" after build.
|
|
|
519d7d |
|
|
|
519d7d |
* Fri Mar 21 2003 Jeff Johnson <jbj@redhat.com> 0.9.2-1
|
|
|
519d7d |
- upgrade to 0.9.2
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Jun 25 2002 Jeff Johnson <jbj@redhat.com> 0.4.4-1
|
|
|
519d7d |
- update to 0.4.4.
|
|
|
519d7d |
|
|
|
519d7d |
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
|
|
|
519d7d |
- automated rebuild
|
|
|
519d7d |
|
|
|
519d7d |
* Sat May 25 2002 Jeff Johnson <jbj@redhat.com> 0.4.3-1
|
|
|
519d7d |
- update to 0.4.3.
|
|
|
519d7d |
|
|
|
519d7d |
* Tue May 21 2002 Jeff Johnson <jbj@redhat.com> 0.4.2-1
|
|
|
519d7d |
- update to 0.4.2.
|
|
|
519d7d |
- change license to LGPL.
|
|
|
519d7d |
- include splint annotations patch.
|
|
|
519d7d |
|
|
|
519d7d |
* Tue Apr 2 2002 Nalin Dahyabhai <nalin@redhat.com> 0.4.0-1
|
|
|
519d7d |
- update to 0.4.0
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Jan 17 2002 Nalin Dahyabhai <nalin@redhat.com> 0.3.2-1
|
|
|
519d7d |
- update to 0.3.2
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Jan 10 2002 Nalin Dahyabhai <nalin@redhat.com> 0.3.0-1
|
|
|
519d7d |
- add a URL
|
|
|
519d7d |
|
|
|
519d7d |
* Thu Dec 20 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
519d7d |
- initial package
|