diff --git a/ecc.c b/ecc.c index 7ca1776..f4869b0 100644 --- a/ecc.c +++ b/ecc.c @@ -56,6 +56,19 @@ static const gnutls_ecc_curve_entry_st ecc_curves[] = { .Gx = "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7", .Gy = "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F" }, + { + .name = "SECP521R1", + .oid = "1.3.132.0.35", + .id = GNUTLS_ECC_CURVE_SECP521R1, + .tls_id = 25, + .size = 66, + .prime = "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + .A = "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", + .B = "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", + .order = "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", + .Gx = "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", + .Gy = "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650", + }, {0, 0, 0} }; diff --git a/gnutls-3.1.11-suiteb.patch b/gnutls-3.1.11-suiteb.patch deleted file mode 100644 index c4dd390..0000000 --- a/gnutls-3.1.11-suiteb.patch +++ /dev/null @@ -1,119 +0,0 @@ -diff -up gnutls-3.1.11/lib/gnutls_ecc.c.suiteb gnutls-3.1.11/lib/gnutls_ecc.c ---- gnutls-3.1.11/lib/gnutls_ecc.c.suiteb 2013-04-27 10:04:48.000000000 +0200 -+++ gnutls-3.1.11/lib/gnutls_ecc.c 2013-05-23 10:08:45.331883555 +0200 -@@ -129,6 +129,12 @@ int ret; - goto cleanup; - } - params->params_nr++; -+ -+ if (_gnutls_mpi_get_nbits(params->params[ECC_PRIME]) < 256) -+ { -+ ret = gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); -+ goto cleanup; -+ } - - val_size = sizeof(val); - ret = _gnutls_hex2bin(st->order, strlen(st->order), val, &val_size); -diff -up gnutls-3.1.11/lib/nettle/ecc_mulmod_cached.c.suiteb gnutls-3.1.11/lib/nettle/ecc_mulmod_cached.c ---- gnutls-3.1.11/lib/nettle/ecc_mulmod_cached.c.suiteb 2013-04-27 10:04:48.000000000 +0200 -+++ gnutls-3.1.11/lib/nettle/ecc_mulmod_cached.c 2013-05-23 10:24:56.575967312 +0200 -@@ -42,6 +42,7 @@ typedef struct - - /* global cache */ - static gnutls_ecc_curve_cache_entry_t *ecc_wmnaf_cache = NULL; -+static gnutls_ecc_curve_cache_entry_t *ecc_wmnaf_cache_last = NULL; - - /* free single cache entry */ - static void -@@ -63,9 +64,10 @@ ecc_wmnaf_cache_free (void) - gnutls_ecc_curve_cache_entry_t *p = ecc_wmnaf_cache; - if (p) - { -- for (; p->id != GNUTLS_ECC_CURVE_INVALID; ++p) -+ for (; p <= ecc_wmnaf_cache_last; ++p) - { -- _ecc_wmnaf_cache_entry_free (p); -+ if (p->id != GNUTLS_ECC_CURVE_INVALID) -+ _ecc_wmnaf_cache_entry_free (p); - } - - free (ecc_wmnaf_cache); -@@ -198,7 +200,7 @@ ecc_wmnaf_cache_init (void) - const gnutls_ecc_curve_t *p; - - ret = (gnutls_ecc_curve_cache_entry_t *) -- malloc (MAX_ALGOS * sizeof (gnutls_ecc_curve_cache_entry_t)); -+ calloc (MAX_ALGOS, sizeof (gnutls_ecc_curve_cache_entry_t)); - if (ret == NULL) - return GNUTLS_E_MEMORY_ERROR; - -@@ -207,12 +209,16 @@ ecc_wmnaf_cache_init (void) - - for (j = 0; *p; ++p, ++j) - { -- if ((err = _ecc_wmnaf_cache_entry_init (ret + *p - 1, *p)) != 0) -+ gnutls_ecc_curve_cache_entry_t *entry; -+ -+ entry = ret + *p - 1; -+ if ((err = _ecc_wmnaf_cache_entry_init (entry, *p)) != 0) - goto done; -+ if (ecc_wmnaf_cache_last < entry) -+ ecc_wmnaf_cache_last = entry; - } - -- /* nullify last cache entry id */ -- ret[j].id = GNUTLS_ECC_CURVE_INVALID; -+ /* no need to nullify last cache entry id, done by calloc */ - - err = GNUTLS_E_SUCCESS; - -@@ -223,7 +229,8 @@ done: - int i; - for (i = 0; i < j; ++i) - { -- _ecc_wmnaf_cache_entry_free (ret + i); -+ --p; -+ _ecc_wmnaf_cache_entry_free (ret + *p - 1); - } - - free (ret); -@@ -445,9 +452,11 @@ ecc_mulmod_cached_lookup (mpz_t k, ecc_p - if (k == NULL || G == NULL || R == NULL || modulus == NULL) - return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; - -- for (i = 0; (id = ecc_wmnaf_cache[i].id); ++i) -+ for (i = 0; ecc_wmnaf_cache + i <= ecc_wmnaf_cache_last; ++i) - { -- if (!(mpz_cmp (G->x, ecc_wmnaf_cache[i].pos[0]->x)) && -+ id = ecc_wmnaf_cache[i].id; -+ if (id && -+ !(mpz_cmp (G->x, ecc_wmnaf_cache[i].pos[0]->x)) && - !(mpz_cmp (G->y, ecc_wmnaf_cache[i].pos[0]->y))) - { - break; -diff -up gnutls-3.1.11/tests/mini-xssl.c.suiteb gnutls-3.1.11/tests/mini-xssl.c ---- gnutls-3.1.11/tests/mini-xssl.c.suiteb 2013-05-10 10:10:27.000000000 +0200 -+++ gnutls-3.1.11/tests/mini-xssl.c 2013-05-23 11:58:22.670298910 +0200 -@@ -27,7 +27,8 @@ - #include - #include - --#if defined(_WIN32) -+/* uses unsupported curves */ -+#if 1 - - int main() - { -diff -up gnutls-3.1.11/tests/pkcs12_simple.c.suiteb gnutls-3.1.11/tests/pkcs12_simple.c ---- gnutls-3.1.11/tests/pkcs12_simple.c.suiteb 2013-05-10 10:10:27.000000000 +0200 -+++ gnutls-3.1.11/tests/pkcs12_simple.c 2013-05-23 11:57:59.776799848 +0200 -@@ -50,6 +50,9 @@ doit (void) - gnutls_x509_privkey_t pkey; - int ret; - -+ /* uses unsupported curves */ -+ exit(77); -+ - ret = global_init (); - if (ret < 0) - fail ("global_init failed %d\n", ret); diff --git a/gnutls-3.1.17-rpath.patch b/gnutls-3.1.17-rpath.patch new file mode 100644 index 0000000..bac0981 --- /dev/null +++ b/gnutls-3.1.17-rpath.patch @@ -0,0 +1,29 @@ +diff -ur gnutls-3.1.17.orig/configure gnutls-3.1.17/configure +--- gnutls-3.1.17.orig/configure 2013-11-23 10:55:26.000000000 +0100 ++++ gnutls-3.1.17/configure 2013-11-26 11:33:04.865342480 +0100 +@@ -49103,7 +49103,7 @@ + shlibpath_overrides_runpath=unknown + version_type=none + dynamic_linker="$host_os ld.so" +-sys_lib_dlsearch_path_spec="/lib /usr/lib" ++sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64" + need_lib_prefix=unknown + hardcode_into_libs=no + +@@ -52940,7 +52940,7 @@ + shlibpath_overrides_runpath=unknown + version_type=none + dynamic_linker="$host_os ld.so" +-sys_lib_dlsearch_path_spec="/lib /usr/lib" ++sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64" + need_lib_prefix=unknown + hardcode_into_libs=no + +Only in gnutls-3.1.17: configure~ +Only in gnutls-3.1.17.orig/lib/algorithms: ecc.c +Only in gnutls-3.1.17.orig/lib/auth: srp.c +Only in gnutls-3.1.17.orig/lib/auth: srp_passwd.c +Only in gnutls-3.1.17.orig/lib/auth: srp_rsa.c +Only in gnutls-3.1.17.orig/lib/auth: srp_sb64.c +Only in gnutls-3.1.17.orig/lib/ext: srp.c +Only in gnutls-3.1.17.orig/lib: gnutls_srp.c diff --git a/gnutls-3.1.17-suiteb.patch b/gnutls-3.1.17-suiteb.patch new file mode 100644 index 0000000..2f39294 --- /dev/null +++ b/gnutls-3.1.17-suiteb.patch @@ -0,0 +1,132 @@ +diff -ur gnutls-3.1.17.orig/lib/gnutls_ecc.c gnutls-3.1.17/lib/gnutls_ecc.c +--- gnutls-3.1.17.orig/lib/gnutls_ecc.c 2013-04-02 22:27:35.000000000 +0200 ++++ gnutls-3.1.17/lib/gnutls_ecc.c 2013-11-26 11:43:30.333701318 +0100 +@@ -129,6 +129,12 @@ + goto cleanup; + } + params->params_nr++; ++ ++ if (_gnutls_mpi_get_nbits(params->params[ECC_PRIME]) < 256) ++ { ++ ret = gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); ++ goto cleanup; ++ } + + val_size = sizeof(val); + ret = _gnutls_hex2bin(st->order, strlen(st->order), val, &val_size); +diff -ur gnutls-3.1.17.orig/lib/gnutls_priority.c gnutls-3.1.17/lib/gnutls_priority.c +--- gnutls-3.1.17.orig/lib/gnutls_priority.c 2013-11-19 18:36:38.000000000 +0100 ++++ gnutls-3.1.17/lib/gnutls_priority.c 2013-11-26 11:43:36.716735711 +0100 +@@ -245,8 +245,6 @@ + } + + static const int supported_ecc_normal[] = { +- GNUTLS_ECC_CURVE_SECP192R1, +- GNUTLS_ECC_CURVE_SECP224R1, + GNUTLS_ECC_CURVE_SECP256R1, + GNUTLS_ECC_CURVE_SECP384R1, + GNUTLS_ECC_CURVE_SECP521R1, +Only in gnutls-3.1.17/lib: gnutls_priority.c~ +diff -ur gnutls-3.1.17.orig/lib/nettle/ecc_mulmod_cached.c gnutls-3.1.17/lib/nettle/ecc_mulmod_cached.c +--- gnutls-3.1.17.orig/lib/nettle/ecc_mulmod_cached.c 2013-04-02 22:27:35.000000000 +0200 ++++ gnutls-3.1.17/lib/nettle/ecc_mulmod_cached.c 2013-11-26 11:43:30.334701328 +0100 +@@ -42,6 +42,7 @@ + + /* global cache */ + static gnutls_ecc_curve_cache_entry_t *ecc_wmnaf_cache = NULL; ++static gnutls_ecc_curve_cache_entry_t *ecc_wmnaf_cache_last = NULL; + + /* free single cache entry */ + static void +@@ -63,9 +64,10 @@ + gnutls_ecc_curve_cache_entry_t *p = ecc_wmnaf_cache; + if (p) + { +- for (; p->id != GNUTLS_ECC_CURVE_INVALID; ++p) ++ for (; p <= ecc_wmnaf_cache_last; ++p) + { +- _ecc_wmnaf_cache_entry_free (p); ++ if (p->id != GNUTLS_ECC_CURVE_INVALID) ++ _ecc_wmnaf_cache_entry_free (p); + } + + free (ecc_wmnaf_cache); +@@ -198,7 +200,7 @@ + const gnutls_ecc_curve_t *p; + + ret = (gnutls_ecc_curve_cache_entry_t *) +- malloc (MAX_ALGOS * sizeof (gnutls_ecc_curve_cache_entry_t)); ++ calloc (MAX_ALGOS, sizeof (gnutls_ecc_curve_cache_entry_t)); + if (ret == NULL) + return GNUTLS_E_MEMORY_ERROR; + +@@ -207,12 +209,16 @@ + + for (j = 0; *p; ++p, ++j) + { +- if ((err = _ecc_wmnaf_cache_entry_init (ret + *p - 1, *p)) != 0) ++ gnutls_ecc_curve_cache_entry_t *entry; ++ ++ entry = ret + *p - 1; ++ if ((err = _ecc_wmnaf_cache_entry_init (entry, *p)) != 0) + goto done; ++ if (ecc_wmnaf_cache_last < entry) ++ ecc_wmnaf_cache_last = entry; + } + +- /* nullify last cache entry id */ +- ret[j].id = GNUTLS_ECC_CURVE_INVALID; ++ /* no need to nullify last cache entry id, done by calloc */ + + err = GNUTLS_E_SUCCESS; + +@@ -223,7 +229,8 @@ + int i; + for (i = 0; i < j; ++i) + { +- _ecc_wmnaf_cache_entry_free (ret + i); ++ --p; ++ _ecc_wmnaf_cache_entry_free (ret + *p - 1); + } + + free (ret); +@@ -445,9 +452,11 @@ + if (k == NULL || G == NULL || R == NULL || modulus == NULL) + return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; + +- for (i = 0; (id = ecc_wmnaf_cache[i].id); ++i) ++ for (i = 0; ecc_wmnaf_cache + i <= ecc_wmnaf_cache_last; ++i) + { +- if (!(mpz_cmp (G->x, ecc_wmnaf_cache[i].pos[0]->x)) && ++ id = ecc_wmnaf_cache[i].id; ++ if (id && ++ !(mpz_cmp (G->x, ecc_wmnaf_cache[i].pos[0]->x)) && + !(mpz_cmp (G->y, ecc_wmnaf_cache[i].pos[0]->y))) + { + break; +diff -ur gnutls-3.1.17.orig/tests/mini-xssl.c gnutls-3.1.17/tests/mini-xssl.c +--- gnutls-3.1.17.orig/tests/mini-xssl.c 2013-05-30 08:50:22.000000000 +0200 ++++ gnutls-3.1.17/tests/mini-xssl.c 2013-11-26 11:43:30.334701328 +0100 +@@ -27,7 +27,8 @@ + #include + #include + +-#if defined(_WIN32) ++/* uses unsupported curves */ ++#if 1 + + int main() + { +diff -ur gnutls-3.1.17.orig/tests/pkcs12_simple.c gnutls-3.1.17/tests/pkcs12_simple.c +--- gnutls-3.1.17.orig/tests/pkcs12_simple.c 2013-05-21 20:27:20.000000000 +0200 ++++ gnutls-3.1.17/tests/pkcs12_simple.c 2013-11-26 11:43:30.334701328 +0100 +@@ -50,6 +50,9 @@ + gnutls_x509_privkey_t pkey; + int ret; + ++ /* uses unsupported curves */ ++ exit(77); ++ + ret = global_init (); + if (ret < 0) + fail ("global_init failed %d\n", ret); diff --git a/gnutls-3.1.7-rpath.patch b/gnutls-3.1.7-rpath.patch deleted file mode 100644 index d087db9..0000000 --- a/gnutls-3.1.7-rpath.patch +++ /dev/null @@ -1,39 +0,0 @@ -diff -up gnutls-3.1.7/configure.rpath gnutls-3.1.7/configure ---- gnutls-3.1.7/configure.rpath 2013-02-04 02:40:23.000000000 +0100 -+++ gnutls-3.1.7/configure 2013-02-05 21:04:57.128932440 +0100 -@@ -48519,7 +48519,7 @@ shlibpath_var= - shlibpath_overrides_runpath=unknown - version_type=none - dynamic_linker="$host_os ld.so" --sys_lib_dlsearch_path_spec="/lib /usr/lib" -+sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64" - need_lib_prefix=unknown - hardcode_into_libs=no - -@@ -48962,7 +48962,7 @@ fi - # Append ld.so.conf contents to the search path - if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` -- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" -+ sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64 $lt_ld_extra" - fi - - # We used to test for /lib/ld.so.1 and disable shared libraries on -@@ -52353,7 +52353,7 @@ shlibpath_var= - shlibpath_overrides_runpath=unknown - version_type=none - dynamic_linker="$host_os ld.so" --sys_lib_dlsearch_path_spec="/lib /usr/lib" -+sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64" - need_lib_prefix=unknown - hardcode_into_libs=no - -@@ -52794,7 +52794,7 @@ fi - # Append ld.so.conf contents to the search path - if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` -- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" -+ sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64 $lt_ld_extra" - fi - - # We used to test for /lib/ld.so.1 and disable shared libraries on diff --git a/gnutls.spec b/gnutls.spec index 78bfb46..1b52316 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -2,7 +2,7 @@ %bcond_with guile Summary: A TLS protocol implementation Name: gnutls -Version: 3.1.16 +Version: 3.1.17 Release: 1%{?dist} # The libraries are LGPLv2.1+, utilities are GPLv3+, however # the bundled gnulib is LGPLv3+ @@ -10,8 +10,10 @@ License: GPLv3+ and LGPLv2+ and LGPLv3+ Group: System Environment/Libraries BuildRequires: p11-kit-devel >= 0.11, gettext BuildRequires: zlib-devel, readline-devel, libtasn1-devel >= 3.1 -BuildRequires: lzo-devel, libtool, automake, autoconf, texinfo +BuildRequires: libtool, automake, autoconf, texinfo BuildRequires: nettle-devel >= 2.5 +BuildRequires: autogen-libopts-devel >= 5.18 autogen +BuildRequires: trousers-devel >= 0.3.11.2 %if %{with dane} BuildRequires: unbound-devel %endif @@ -26,13 +28,13 @@ Source0: %{name}-%{version}-hobbled.tar.xz Source1: libgnutls-config Source2: hobble-gnutls Source3: ecc.c -Patch1: gnutls-3.1.7-rpath.patch +Patch1: gnutls-3.1.17-rpath.patch # Use only FIPS approved ciphers in the FIPS mode Patch7: gnutls-2.12.21-fips-algorithms.patch Patch8: gnutls-3.1.11-nosrp.patch # Use random port in some tests to avoid conflicts during simultaneous builds on the same machine Patch9: gnutls-3.1.10-tests-rndport.patch -Patch10: gnutls-3.1.11-suiteb.patch +Patch10: gnutls-3.1.17-suiteb.patch # Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174 Provides: bundled(gnulib) = 20130424 @@ -77,44 +79,56 @@ Requires: guile %endif %description -GnuTLS is a project that aims to develop a library which provides a secure -layer, over a reliable transport layer. Currently the GnuTLS library implements -the proposed standards by the IETF's TLS working group. +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. %description c++ -GnuTLS is a project that aims to develop a library which provides a secure -layer, over a reliable transport layer. Currently the GnuTLS library implements -the proposed standards by the IETF's TLS working group. +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. This package contains the C++ interface for the GnuTLS library. %description devel -GnuTLS is a project that aims to develop a library which provides a secure -layer, over a reliable transport layer. Currently the GnuTLS library implements -the proposed standards by the IETF's TLS working group. +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. This package contains files needed for developing applications with the GnuTLS library. %description utils -GnuTLS is a project that aims to develop a library which provides a secure -layer, over a reliable transport layer. Currently the GnuTLS library implements -the proposed standards by the IETF's TLS working group. +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. This package contains command line TLS client and server and certificate manipulation tools. %if %{with dane} %description dane -GnuTLS is a project that aims to develop a library which provides a secure -layer, over a reliable transport layer. Currently the GnuTLS library implements -the proposed standards by the IETF's TLS working group. +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. This package contains library that implements the DANE protocol for verifying TLS certificates through DNSSEC. %endif %if %{with guile} %description guile -GnuTLS is a project that aims to develop a library which provides a secure -layer, over a reliable transport layer. Currently the GnuTLS library implements -the proposed standards by the IETF's TLS working group. +GnuTLS is a secure communications library implementing the SSL, TLS and DTLS +protocols and technologies around them. It provides a simple C language +application programming interface (API) to access the secure communications +protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and +other required structures. This package contains Guile bindings for the library. %endif @@ -234,6 +248,7 @@ fi %{_bindir}/certtool %{_bindir}/ocsptool %{_bindir}/psktool +%{_bindir}/tpmtool %{_bindir}/p11tool %if %{with dane} %{_bindir}/danetool @@ -257,6 +272,11 @@ fi %endif %changelog +* Tue Nov 26 2013 Nikos Mavrogiannopoulos 3.1.17-1 +- new upstream release +- links against the system libopts +- links against trousers + * Mon Nov 4 2013 Tomáš Mráz 3.1.16-1 - new upstream release - fixes CVE-2013-4466 off-by-one in dane_query_tlsa() diff --git a/hobble-gnutls b/hobble-gnutls index 8b9633d..9fd507e 100755 --- a/hobble-gnutls +++ b/hobble-gnutls @@ -8,8 +8,8 @@ else fi # SRP -for f in auth_srp_sb64.c auth_srp_passwd.c auth_srp_rsa.c \ - gnutls_srp.c auth_srp.c ext_srp.c ; do +for f in auth/srp_sb64.c auth/srp_passwd.c auth/srp_rsa.c \ + gnutls_srp.c auth/srp.c ext/srp.c ; do eval "$CMD lib/$f" done