%global srcname gnutls

Summary:        A TLS protocol implementation
Name:           gnutls30
Version:        3.5.19
Release:        2%{?dist}
# The libraries are LGPLv2.1+ (packaged), utilities are GPLv3+ (unpackaged)
License:        LGPLv2+
URL:            https://www.gnutls.org/
Source0:	ftp://ftp.gnutls.org/gcrypt/gnutls/%{srcname}-%{version}.tar.xz
Source1:	ftp://ftp.gnutls.org/gcrypt/gnutls/%{srcname}-%{version}.tar.xz.sig
Source100:      README.fedora

# Fix usage of libidn2 symbols so that gnutls30 can be used (#1683812)
Patch0001:	0001-Add-version-check-for-internal-idn2-symbols.patch

BuildRequires:  zlib-devel, libidn2-devel, gmp-devel, nettle-devel
BuildRequires:  unbound-devel, libunistring-devel
BuildRequires:  chrpath

# Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
Provides:       bundled(gnulib) = 20130424
# libtasn1 >= 4.3 unavailable in EPEL, bundled version provided
Provides:       bundled(libtasn1) = 4.8
# autogen-libopts-devel >= 5.18 unavailable in EPEL, bundled version provided
# libopts is not used when building without utilities
#Provides:       bundled(autogen-libopts)

%description
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
protocols and technologies around them. It provides a simple C language
application programming interface (API) to access the secure communications
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
other required structures.

%package dane
Summary:        A DANE protocol implementation for GnuTLS
Requires:       %{name}%{?_isa} = %{version}-%{release}

%description dane
This package contains library that implements the DANE protocol for verifying
TLS certificates through DNSSEC.

%package devel
Summary:        Development files for the gnutls30 package
Requires:       %{name}%{?_isa} = %{version}-%{release}
Requires:       %{name}-dane%{?_isa} = %{version}-%{release}

%description devel
This package contains files needed for developing applications with
the GnuTLS library.

%prep
%autosetup -n %{srcname}-%{version} -p1

install -m 0644 %{SOURCE100} README.fedora

sed -e 's/gnutls_srp.c//g' -e 's/gnutls_srp.lo//g' -i lib/Makefile.in
sed -e 's/srp_passwd.c//g' -e 's/srp_passwd.lo//g' -i lib/auth/Makefile.in
sed -e 's/srp_rsa.c//g' -e 's/srp_rsa.lo//g' -i lib/auth/Makefile.in
sed -e 's/srp_sb64.c//g' -e 's/srp_sb64.lo//g' -i lib/auth/Makefile.in
sed -e 's/srp.c//g' -e 's/srp.lo//g' -i lib/ext/Makefile.in

%build

# NLS is disabled to avoid locales conflict with the gnutls package.

%configure \
    --disable-silent-rules \
    --disable-static \
    --disable-rpath \
    --disable-gcc-warnings \
    --enable-sha1-support \
%ifarch %{ix86}
    --disable-hardware-acceleration \
%endif
    \
    --disable-doc \
    --disable-manpages \
    --disable-tools \
    --disable-guile \
    \
    --disable-nls \
    --without-tpm \
    --without-p11-kit \
    \
    --disable-non-suiteb-curves \
    --disable-srp-authentication \
    \
    --enable-cxx \
    --enable-libdane --with-unbound-root-key-file=/var/lib/unbound/root.key \
    --disable-openssl-compatiblity \
    \
    --with-included-libtasn1

make %{?_smp_mflags}

%install
%make_install

# wipe libool archives
rm -f %{buildroot}%{_libdir}/*.la

# make sure rpath is not used
chrpath -d %{buildroot}%{_libdir}/*.so

# move headers to avoid conflicts with gnutls-devel
install -m 0755 -d %{buildroot}%{_includedir}/%{name}
mv %{buildroot}%{_includedir}/gnutls %{buildroot}%{_includedir}/%{name}/gnutls

# move and fix unversioned symlinks as well
install -m 0755 -d %{buildroot}%{_libdir}/%{name}
for so in %{buildroot}%{_libdir}/*.so; do
    ln -s ../$(readlink "$so") %{buildroot}%{_libdir}/%{name}/$(basename "$so")
    rm "$so"
done

# fix paths to libdir and includedir in pkg-config
mv %{buildroot}%{_libdir}/pkgconfig %{buildroot}%{_libdir}/%{name}/pkgconfig
for pc in %{buildroot}%{_libdir}/%{name}/pkgconfig/*.pc; do
    sed -e '/^libdir=/c libdir=%{_libdir}/%{name}' \
        -e '/^includedir=/c includedir=%{_includedir}/%{name}' \
        -i "$pc"
done

%check
make check

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%post dane -p /sbin/ldconfig

%postun dane -p /sbin/ldconfig

%files
%doc doc/COPYING.LESSER
%{_libdir}/libgnutls.so.*
%{_libdir}/libgnutlsxx.so.*

%files dane
%{_libdir}/libgnutls-dane.so.*

%files devel
%doc README.fedora
%{_includedir}/gnutls30
%{_libdir}/gnutls30

%changelog
* Thu Feb 28 2019 Neal Gompa <ngompa@datto.com> 3.5.19-2
- Fix usage of libidn2 symbols so that gnutls30 can be used (#1683812)

* Mon Oct  1 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.5.19-1
- Updated to 3.5.19

* Tue Sep 25 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.5.18-1
- Updated to 3.5.18

* Wed Jan 11 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.5.8-1
- Adress CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 (#1411845,#1411846)

* Mon Dec 19 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.5.7-2
- Fix PKCS#8 file loading (related to #1404084)

* Thu Dec  8 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.5.7-1
- new upstream release

* Wed Sep 14 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.5.4-1
- addresses OCSP verification issue (#1374266)
- addresses DTLS issue (#1370881)

* Fri Aug 26 2016 Jan Vcelak <jvcelak@fedoraproject.org> - 3.5.3-4
- disable hardware acceleration on i686 (fixes shlib-with-non-pic-code)
- replace custom patches with the ones merged upstream

* Wed Aug 24 2016 Jan Vcelak <jvcelak@fedoraproject.org> - 3.5.3-3
- fix License field
- remove rpath from libgnutlsxx and libgnutls-dane

* Wed Aug 24 2016 Jan Vcelak <jvcelak@fedoraproject.org> - 3.5.3-2
- avoid conflict with gnutls-devel from RHEL base
- add ldconfig into post and postun
- add Provides for bundled libraries

* Fri Aug 12 2016 Jan Vcelak <jvcelak@fedoraproject.org> - 3.5.3-1
- initial library only package for EPEL 6