%global srcname gnutls
Summary: A TLS protocol implementation
Name: gnutls30
Version: 3.5.19
Release: 2%{?dist}
# The libraries are LGPLv2.1+ (packaged), utilities are GPLv3+ (unpackaged)
License: LGPLv2+
URL: https://www.gnutls.org/
Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/%{srcname}-%{version}.tar.xz
Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/%{srcname}-%{version}.tar.xz.sig
Source100: README.fedora
# Fix usage of libidn2 symbols so that gnutls30 can be used (#1683812)
Patch0001: 0001-Add-version-check-for-internal-idn2-symbols.patch
BuildRequires: zlib-devel, libidn2-devel, gmp-devel, nettle-devel
BuildRequires: unbound-devel, libunistring-devel
BuildRequires: chrpath
# Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
Provides: bundled(gnulib) = 20130424
# libtasn1 >= 4.3 unavailable in EPEL, bundled version provided
Provides: bundled(libtasn1) = 4.8
# autogen-libopts-devel >= 5.18 unavailable in EPEL, bundled version provided
# libopts is not used when building without utilities
#Provides: bundled(autogen-libopts)
%description
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
protocols and technologies around them. It provides a simple C language
application programming interface (API) to access the secure communications
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
other required structures.
%package dane
Summary: A DANE protocol implementation for GnuTLS
Requires: %{name}%{?_isa} = %{version}-%{release}
%description dane
This package contains library that implements the DANE protocol for verifying
TLS certificates through DNSSEC.
%package devel
Summary: Development files for the gnutls30 package
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: %{name}-dane%{?_isa} = %{version}-%{release}
%description devel
This package contains files needed for developing applications with
the GnuTLS library.
%prep
%autosetup -n %{srcname}-%{version} -p1
install -m 0644 %{SOURCE100} README.fedora
sed -e 's/gnutls_srp.c//g' -e 's/gnutls_srp.lo//g' -i lib/Makefile.in
sed -e 's/srp_passwd.c//g' -e 's/srp_passwd.lo//g' -i lib/auth/Makefile.in
sed -e 's/srp_rsa.c//g' -e 's/srp_rsa.lo//g' -i lib/auth/Makefile.in
sed -e 's/srp_sb64.c//g' -e 's/srp_sb64.lo//g' -i lib/auth/Makefile.in
sed -e 's/srp.c//g' -e 's/srp.lo//g' -i lib/ext/Makefile.in
%build
# NLS is disabled to avoid locales conflict with the gnutls package.
%configure \
--disable-silent-rules \
--disable-static \
--disable-rpath \
--disable-gcc-warnings \
--enable-sha1-support \
%ifarch %{ix86}
--disable-hardware-acceleration \
%endif
\
--disable-doc \
--disable-manpages \
--disable-tools \
--disable-guile \
\
--disable-nls \
--without-tpm \
--without-p11-kit \
\
--disable-non-suiteb-curves \
--disable-srp-authentication \
\
--enable-cxx \
--enable-libdane --with-unbound-root-key-file=/var/lib/unbound/root.key \
--disable-openssl-compatiblity \
\
--with-included-libtasn1
make %{?_smp_mflags}
%install
%make_install
# wipe libool archives
rm -f %{buildroot}%{_libdir}/*.la
# make sure rpath is not used
chrpath -d %{buildroot}%{_libdir}/*.so
# move headers to avoid conflicts with gnutls-devel
install -m 0755 -d %{buildroot}%{_includedir}/%{name}
mv %{buildroot}%{_includedir}/gnutls %{buildroot}%{_includedir}/%{name}/gnutls
# move and fix unversioned symlinks as well
install -m 0755 -d %{buildroot}%{_libdir}/%{name}
for so in %{buildroot}%{_libdir}/*.so; do
ln -s ../$(readlink "$so") %{buildroot}%{_libdir}/%{name}/$(basename "$so")
rm "$so"
done
# fix paths to libdir and includedir in pkg-config
mv %{buildroot}%{_libdir}/pkgconfig %{buildroot}%{_libdir}/%{name}/pkgconfig
for pc in %{buildroot}%{_libdir}/%{name}/pkgconfig/*.pc; do
sed -e '/^libdir=/c libdir=%{_libdir}/%{name}' \
-e '/^includedir=/c includedir=%{_includedir}/%{name}' \
-i "$pc"
done
%check
make check
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%post dane -p /sbin/ldconfig
%postun dane -p /sbin/ldconfig
%files
%doc doc/COPYING.LESSER
%{_libdir}/libgnutls.so.*
%{_libdir}/libgnutlsxx.so.*
%files dane
%{_libdir}/libgnutls-dane.so.*
%files devel
%doc README.fedora
%{_includedir}/gnutls30
%{_libdir}/gnutls30
%changelog
* Thu Feb 28 2019 Neal Gompa <ngompa@datto.com> 3.5.19-2
- Fix usage of libidn2 symbols so that gnutls30 can be used (#1683812)
* Mon Oct 1 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.5.19-1
- Updated to 3.5.19
* Tue Sep 25 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.5.18-1
- Updated to 3.5.18
* Wed Jan 11 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.5.8-1
- Adress CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 (#1411845,#1411846)
* Mon Dec 19 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.5.7-2
- Fix PKCS#8 file loading (related to #1404084)
* Thu Dec 8 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.5.7-1
- new upstream release
* Wed Sep 14 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.5.4-1
- addresses OCSP verification issue (#1374266)
- addresses DTLS issue (#1370881)
* Fri Aug 26 2016 Jan Vcelak <jvcelak@fedoraproject.org> - 3.5.3-4
- disable hardware acceleration on i686 (fixes shlib-with-non-pic-code)
- replace custom patches with the ones merged upstream
* Wed Aug 24 2016 Jan Vcelak <jvcelak@fedoraproject.org> - 3.5.3-3
- fix License field
- remove rpath from libgnutlsxx and libgnutls-dane
* Wed Aug 24 2016 Jan Vcelak <jvcelak@fedoraproject.org> - 3.5.3-2
- avoid conflict with gnutls-devel from RHEL base
- add ldconfig into post and postun
- add Provides for bundled libraries
* Fri Aug 12 2016 Jan Vcelak <jvcelak@fedoraproject.org> - 3.5.3-1
- initial library only package for EPEL 6