diff --git a/.gitignore b/.gitignore index 9ab04c0..88febd0 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,4 @@ gnutls-2.10.1-nosrp.tar.bz2 /gnutls-2.12.20-nosrp.tar.xz /gnutls-2.12.21-nosrp.tar.xz /gnutls-2.12.22-nosrp.tar.xz +/gnutls-3.1.7-hobbled.tar.xz diff --git a/gnutls-2.12.11-rpath.patch b/gnutls-2.12.11-rpath.patch deleted file mode 100644 index 4190a38..0000000 --- a/gnutls-2.12.11-rpath.patch +++ /dev/null @@ -1,103 +0,0 @@ -diff -up gnutls-2.12.11/build-aux/config.rpath gnutls-2.12.11/build-aux/config -diff -up gnutls-2.12.11/configure.rpath gnutls-2.12.11/configure ---- gnutls-2.12.11/configure.rpath 2011-09-18 20:32:37.000000000 +0200 -+++ gnutls-2.12.11/configure 2011-09-27 18:32:17.000000000 +0200 -@@ -16377,7 +16377,7 @@ shlibpath_var= - shlibpath_overrides_runpath=unknown - version_type=none - dynamic_linker="$host_os ld.so" --sys_lib_dlsearch_path_spec="/lib /usr/lib" -+sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64" - need_lib_prefix=unknown - hardcode_into_libs=no - -@@ -16835,7 +16835,7 @@ fi - # Append ld.so.conf contents to the search path - if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` -- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" -+ sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64 $lt_ld_extra" - fi - - # We used to test for /lib/ld.so.1 and disable shared libraries on -@@ -20228,7 +20228,7 @@ shlibpath_var= - shlibpath_overrides_runpath=unknown - version_type=none - dynamic_linker="$host_os ld.so" --sys_lib_dlsearch_path_spec="/lib /usr/lib" -+sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64" - need_lib_prefix=unknown - hardcode_into_libs=no - -@@ -20684,7 +20684,7 @@ fi - # Append ld.so.conf contents to the search path - if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` -- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" -+ sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64 $lt_ld_extra" - fi - - # We used to test for /lib/ld.so.1 and disable shared libraries on -diff -up gnutls-2.12.11/lib/build-aux/config.rpath gnutls-2.12.11/lib/build-aux/config -diff -up gnutls-2.12.11/lib/configure.rpath gnutls-2.12.11/lib/configure ---- gnutls-2.12.11/lib/configure.rpath 2011-09-18 20:31:32.000000000 +0200 -+++ gnutls-2.12.11/lib/configure 2011-09-27 18:33:22.000000000 +0200 -@@ -11989,7 +11989,7 @@ shlibpath_var= - shlibpath_overrides_runpath=unknown - version_type=none - dynamic_linker="$host_os ld.so" --sys_lib_dlsearch_path_spec="/lib /usr/lib" -+sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64" - need_lib_prefix=unknown - hardcode_into_libs=no - -@@ -12447,7 +12447,7 @@ fi - # Append ld.so.conf contents to the search path - if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` -- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" -+ sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64 $lt_ld_extra" - fi - - # We used to test for /lib/ld.so.1 and disable shared libraries on -@@ -30102,7 +30102,8 @@ shlibpath_var= - shlibpath_overrides_runpath=unknown - version_type=none - dynamic_linker="$host_os ld.so" --sys_lib_dlsearch_path_spec="/lib /usr/lib" -+ -+sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64" - need_lib_prefix=unknown - hardcode_into_libs=no - -@@ -30558,7 +30559,7 @@ fi - # Append ld.so.conf contents to the search path - if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` -- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" -+ sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64 $lt_ld_extra" - fi - - # We used to test for /lib/ld.so.1 and disable shared libraries on -diff -up gnutls-2.12.11/libextra/build-aux/config.rpath gnutls-2.12.11/libextra/build-aux/config -diff -up gnutls-2.12.11/libextra/configure.rpath gnutls-2.12.11/libextra/configure ---- gnutls-2.12.11/libextra/configure.rpath 2011-09-18 20:32:07.000000000 +0200 -+++ gnutls-2.12.11/libextra/configure 2011-09-27 18:33:55.000000000 +0200 -@@ -10658,7 +10658,7 @@ shlibpath_var= - shlibpath_overrides_runpath=unknown - version_type=none - dynamic_linker="$host_os ld.so" --sys_lib_dlsearch_path_spec="/lib /usr/lib" -+sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64" - need_lib_prefix=unknown - hardcode_into_libs=no - -@@ -11116,7 +11116,7 @@ fi - # Append ld.so.conf contents to the search path - if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` -- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" -+ sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64 $lt_ld_extra" - fi - - # We used to test for /lib/ld.so.1 and disable shared libraries on diff --git a/gnutls-2.12.2-nosrp.patch b/gnutls-2.12.2-nosrp.patch deleted file mode 100644 index eb31172..0000000 --- a/gnutls-2.12.2-nosrp.patch +++ /dev/null @@ -1,53 +0,0 @@ -diff -up gnutls-2.12.2/doc/cha-auth.texi.nosrp gnutls-2.12.2/doc/cha-auth.texi ---- gnutls-2.12.2/doc/cha-auth.texi.nosrp 2011-04-08 02:30:44.000000000 +0200 -+++ gnutls-2.12.2/doc/cha-auth.texi 2011-04-19 09:46:25.000000000 +0200 -@@ -255,9 +255,9 @@ authenticated using a certificate with R - - If clients supporting @acronym{SRP} know the username and password - before the connection, should initialize the client credentials and --call the function @ref{gnutls_srp_set_client_credentials}. -+call the function gnutls_srp_set_client_credentials. - Alternatively they could specify a callback function by using the --function @ref{gnutls_srp_set_client_credentials_function}. This has -+function gnutls_srp_set_client_credentials_function. This has - the advantage that allows probing the server for @acronym{SRP} - support. In that case the callback function will be called twice per - handshake. The first time is before the ciphersuite is negotiated, -@@ -272,20 +272,20 @@ In server side the default behaviour of - the usernames and @acronym{SRP} verifiers from password files. These - password files are the ones used by the @emph{Stanford srp libraries} - and can be specified using the --@ref{gnutls_srp_set_server_credentials_file}. If a different -+gnutls_srp_set_server_credentials_file. If a different - password file format is to be used, then the function --@ref{gnutls_srp_set_server_credentials_function}, should be called, -+gnutls_srp_set_server_credentials_function, should be called, - in order to set an appropriate callback. - - Some helper functions such as - - @itemize - --@item @ref{gnutls_srp_verifier} -+@item gnutls_srp_verifier - --@item @ref{gnutls_srp_base64_encode} -+@item gnutls_srp_base64_encode - --@item @ref{gnutls_srp_base64_decode} -+@item gnutls_srp_base64_decode - - @end itemize - -diff -up gnutls-2.12.2/doc/cha-library.texi.nosrp gnutls-2.12.2/doc/cha-library.texi ---- gnutls-2.12.2/doc/cha-library.texi.nosrp 2011-04-08 02:30:44.000000000 +0200 -+++ gnutls-2.12.2/doc/cha-library.texi 2011-04-19 09:44:58.000000000 +0200 -@@ -174,7 +174,7 @@ data to the transport layer. - @end itemize - - Other callback functions such as the one set by --@ref{gnutls_srp_set_server_credentials_function}, may require more -+gnutls_srp_set_server_credentials_function, may require more - complicated input, including data to be allocated. These callbacks - should allocate and free memory using the functions shown below. - diff --git a/gnutls-2.12.20-cli-debug-manpage.patch b/gnutls-2.12.20-cli-debug-manpage.patch deleted file mode 100644 index 3e40365..0000000 --- a/gnutls-2.12.20-cli-debug-manpage.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -up gnutls-2.12.20/doc/manpages/gnutls-cli-debug.1.cli-debug gnutls-2.12.20/doc/manpages/gnutls-cli-debug.1 ---- gnutls-2.12.20/doc/manpages/gnutls-cli-debug.1.cli-debug 2011-04-08 02:30:44.000000000 +0200 -+++ gnutls-2.12.20/doc/manpages/gnutls-cli-debug.1 2012-08-08 14:23:24.397745283 +0200 -@@ -17,8 +17,10 @@ Enable debugging. - The port to connect to. - .IP "\-h, \-\-help" - Prints a short reminder of the command line options. --.IP "\-v, \-\-verbose" -+.IP "\-V, \-\-verbose" - Even more verbose output. -+.IP "\-v, \-\-version" -+Prints the program's version number. - .SH "SEE ALSO" - .BR gnutls\-cli (1), - .BR gnutls\-serv (1) diff --git a/gnutls-2.12.7-dsa-skiptests.patch b/gnutls-2.12.7-dsa-skiptests.patch deleted file mode 100644 index 64fa224..0000000 --- a/gnutls-2.12.7-dsa-skiptests.patch +++ /dev/null @@ -1,51 +0,0 @@ -diff -up gnutls-2.12.7/tests/dsa/testdsa.skiptests gnutls-2.12.7/tests/dsa/testdsa ---- gnutls-2.12.7/tests/dsa/testdsa.skiptests 2011-06-05 21:12:47.000000000 +0200 -+++ gnutls-2.12.7/tests/dsa/testdsa 2011-06-21 23:36:20.000000000 +0200 -@@ -60,14 +60,14 @@ $CLI $DEBUG -p $PORT 127.0.0.1 --insecur - echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.0" - - #try with client key of 2048 bits (should fail) --$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem /dev/null 2>&1 && \ -- fail "Succeeded connection to a server with a client DSA 2048 key and TLS 1.0!" -- --echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.0" -+#$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem /dev/null 2>&1 && \ -+# fail "Succeeded connection to a server with a client DSA 2048 key and TLS 1.0!" -+# -+#echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.0" - - #try with client key of 3072 bits (should fail) --$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem /dev/null 2>&1 && \ -- fail "Succeeded connection to a server with a client DSA 3072 key and TLS 1.0!" -+#$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem /dev/null 2>&1 && \ -+# fail "Succeeded connection to a server with a client DSA 3072 key and TLS 1.0!" - - kill $PID - wait -@@ -94,19 +94,21 @@ $CLI $DEBUG -p $PORT 127.0.0.1 --insecur - echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.2" - - #try with client key of 2048 bits (should succeed) --$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem /dev/null || \ -- fail "Failed connection to a server with a client DSA 2048 key and TLS 1.2!" -+#$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem /dev/null || \ -+# fail "Failed connection to a server with a client DSA 2048 key and TLS 1.2!" - --echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.2" -+#echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.2" - - #try with client key of 3072 bits (should succeed) --$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem /dev/null || \ -- fail "Failed connection to a server with a client DSA 3072 key and TLS 1.2!" -+#$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem /dev/null || \ -+# fail "Failed connection to a server with a client DSA 3072 key and TLS 1.2!" - - - kill $PID - wait - -+exit 0 -+ - # DSA 2048 + TLS 1.0 - - echo "Checking DSA-2048 with TLS 1.0" diff --git a/gnutls-2.8.6-link-libgcrypt.patch b/gnutls-2.8.6-link-libgcrypt.patch deleted file mode 100644 index 973306f..0000000 --- a/gnutls-2.8.6-link-libgcrypt.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -up gnutls-2.8.6/doc/examples/Makefile.am.link gnutls-2.8.6/doc/examples/Makefile.am ---- gnutls-2.8.6/doc/examples/Makefile.am.link 2010-01-24 11:06:21.000000000 +0100 -+++ gnutls-2.8.6/doc/examples/Makefile.am 2010-05-12 21:22:51.000000000 +0200 -@@ -30,7 +30,7 @@ LDADD = libexamples.la \ - ../../lib/libgnutls.la \ - ../../libextra/libgnutls-extra.la \ - ../../gl/libgnu.la \ -- $(LIBSOCKET) $(INET_NTOP_LIB) $(INET_PTON_LIB) -+ $(LTLIBGCRYPT) $(LIBSOCKET) $(INET_NTOP_LIB) $(INET_PTON_LIB) - - CXX_LDADD = $(LDADD) \ - ../../lib/libgnutlsxx.la -diff -up gnutls-2.8.6/doc/examples/Makefile.in.link gnutls-2.8.6/doc/examples/Makefile.in ---- gnutls-2.8.6/doc/examples/Makefile.in.link 2010-03-15 11:29:19.000000000 +0100 -+++ gnutls-2.8.6/doc/examples/Makefile.in 2010-05-12 21:23:25.000000000 +0200 -@@ -827,7 +827,7 @@ LDADD = libexamples.la \ - ../../lib/libgnutls.la \ - ../../libextra/libgnutls-extra.la \ - ../../gl/libgnu.la \ -- $(LIBSOCKET) $(INET_NTOP_LIB) $(INET_PTON_LIB) -+ $(LTLIBGCRYPT) $(LIBSOCKET) $(INET_NTOP_LIB) $(INET_PTON_LIB) - - CXX_LDADD = $(LDADD) \ - ../../lib/libgnutlsxx.la diff --git a/gnutls-3.1.7-noecc.patch b/gnutls-3.1.7-noecc.patch new file mode 100644 index 0000000..cb8d5ba --- /dev/null +++ b/gnutls-3.1.7-noecc.patch @@ -0,0 +1,609 @@ +diff -up gnutls-3.1.7/lib/algorithms/kx.c.noecc gnutls-3.1.7/lib/algorithms/kx.c +--- gnutls-3.1.7/lib/algorithms/kx.c.noecc 2013-02-01 20:02:07.000000000 +0100 ++++ gnutls-3.1.7/lib/algorithms/kx.c 2013-02-05 21:13:08.700750694 +0100 +@@ -29,9 +29,11 @@ + extern mod_auth_st rsa_auth_struct; + extern mod_auth_st rsa_export_auth_struct; + extern mod_auth_st dhe_rsa_auth_struct; ++#ifdef ENABLE_ECC + extern mod_auth_st ecdhe_rsa_auth_struct; + extern mod_auth_st ecdhe_psk_auth_struct; + extern mod_auth_st ecdhe_ecdsa_auth_struct; ++#endif + extern mod_auth_st dhe_dss_auth_struct; + extern mod_auth_st anon_auth_struct; + extern mod_auth_st anon_ecdh_auth_struct; +@@ -92,14 +94,18 @@ typedef struct gnutls_kx_algo_entry gnut + static const gnutls_kx_algo_entry _gnutls_kx_algorithms[] = { + #ifdef ENABLE_ANON + {"ANON-DH", GNUTLS_KX_ANON_DH, &anon_auth_struct, 1, 0}, ++#ifdef ENABLE_ECC + {"ANON-ECDH", GNUTLS_KX_ANON_ECDH, &anon_ecdh_auth_struct, 0, 0}, + #endif ++#endif + {"RSA", GNUTLS_KX_RSA, &rsa_auth_struct, 0, 0}, + {"RSA-EXPORT", GNUTLS_KX_RSA_EXPORT, &rsa_export_auth_struct, 0, + 1 /* needs RSA params */ }, + {"DHE-RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1, 0}, ++#ifdef ENABLE_ECC + {"ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, &ecdhe_rsa_auth_struct, 0, 0}, + {"ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, &ecdhe_ecdsa_auth_struct, 0, 0}, ++#endif + {"DHE-DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1, 0}, + + #ifdef ENABLE_SRP +@@ -111,8 +117,10 @@ static const gnutls_kx_algo_entry _gnutl + {"PSK", GNUTLS_KX_PSK, &psk_auth_struct, 0, 0}, + {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct, + 1 /* needs DHE params */ , 0}, ++#ifdef ENABLE_ECC + {"ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, &ecdhe_psk_auth_struct, 0 , 0}, + #endif ++#endif + {0, 0, 0, 0, 0} + }; + +diff -up gnutls-3.1.7/lib/algorithms/publickey.c.noecc gnutls-3.1.7/lib/algorithms/publickey.c +--- gnutls-3.1.7/lib/algorithms/publickey.c.noecc 2013-02-01 20:02:07.000000000 +0100 ++++ gnutls-3.1.7/lib/algorithms/publickey.c 2013-02-05 21:13:08.701750716 +0100 +@@ -50,8 +50,10 @@ static const gnutls_pk_map pk_mappings[] + {GNUTLS_KX_RSA_EXPORT, GNUTLS_PK_RSA, CIPHER_SIGN}, + {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN}, + {GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN}, ++#ifdef ENABLE_ECC + {GNUTLS_KX_ECDHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN}, + {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EC, CIPHER_SIGN}, ++#endif + {GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN}, + {GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN}, + {0, 0, 0} +@@ -97,7 +99,9 @@ static const gnutls_pk_entry pk_algorith + {"DSA", PK_DSA_OID, GNUTLS_PK_DSA}, + {"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, GNUTLS_PK_UNKNOWN}, + {"GOST R 34.10-94", PK_GOST_R3410_94_OID, GNUTLS_PK_UNKNOWN}, ++#ifdef ENABLE_ECC + {"EC", "1.2.840.10045.2.1", GNUTLS_PK_EC}, ++#endif + {0, 0, 0} + }; + +diff -up gnutls-3.1.7/lib/algorithms/sign.c.noecc gnutls-3.1.7/lib/algorithms/sign.c +--- gnutls-3.1.7/lib/algorithms/sign.c.noecc 2013-02-01 20:02:07.000000000 +0100 ++++ gnutls-3.1.7/lib/algorithms/sign.c 2013-02-05 21:13:08.701750716 +0100 +@@ -43,6 +43,14 @@ typedef struct gnutls_sign_entry gnutls_ + #define TLS_SIGN_AID_UNKNOWN {255, 255} + static const sign_algorithm_st unknown_tls_aid = TLS_SIGN_AID_UNKNOWN; + ++#ifndef ENABLE_ECC ++#define GNUTLS_SIGN_ECDSA_SHA1 0 ++#define GNUTLS_SIGN_ECDSA_SHA224 0 ++#define GNUTLS_SIGN_ECDSA_SHA256 0 ++#define GNUTLS_SIGN_ECDSA_SHA384 0 ++#define GNUTLS_SIGN_ECDSA_SHA512 0 ++#endif ++ + static const gnutls_sign_entry sign_algorithms[] = { + {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA, + GNUTLS_DIG_SHA1, {2, 1}}, +diff -up gnutls-3.1.7/lib/auth/anon_ecdh.c.noecc gnutls-3.1.7/lib/auth/anon_ecdh.c +--- gnutls-3.1.7/lib/auth/anon_ecdh.c.noecc 2013-02-01 20:02:07.000000000 +0100 ++++ gnutls-3.1.7/lib/auth/anon_ecdh.c 2013-02-05 21:13:08.701750716 +0100 +@@ -28,6 +28,7 @@ + #include + + #ifdef ENABLE_ANON ++#ifdef ENABLE_ECC + + #include "gnutls_auth.h" + #include "gnutls_errors.h" +@@ -136,4 +137,5 @@ proc_anon_ecdh_server_kx (gnutls_session + return 0; + } + ++#endif + #endif /* ENABLE_ANON */ +diff -up gnutls-3.1.7/lib/auth/cert.c.noecc gnutls-3.1.7/lib/auth/cert.c +--- gnutls-3.1.7/lib/auth/cert.c.noecc 2013-02-01 20:02:07.000000000 +0100 ++++ gnutls-3.1.7/lib/auth/cert.c 2013-02-05 21:13:08.701750716 +0100 +@@ -63,7 +63,11 @@ static gnutls_privkey_t alloc_and_load_p + key, int deinit); + #endif + ++#ifdef ENABLE_ECC + #define MAX_CLIENT_SIGN_ALGOS 3 ++#else ++#define MAX_CLIENT_SIGN_ALGOS 2 ++#endif + #define CERTTYPE_SIZE (MAX_CLIENT_SIGN_ALGOS+1) + typedef enum CertificateSigType + { RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64 +@@ -1424,8 +1428,10 @@ _gnutls_check_supported_sign_algo (Certi + return GNUTLS_PK_RSA; + case DSA_SIGN: + return GNUTLS_PK_DSA; ++#ifdef ENABLE_ECC + case ECDSA_SIGN: + return GNUTLS_PK_EC; ++#endif + } + + return -1; +@@ -1712,7 +1718,9 @@ _gnutls_gen_cert_server_cert_req (gnutls + tmp_data[0] = CERTTYPE_SIZE - 1; + tmp_data[1] = RSA_SIGN; + tmp_data[2] = DSA_SIGN; ++#ifdef ENABLE_ECC + tmp_data[3] = ECDSA_SIGN; /* only these for now */ ++#endif + + ret = _gnutls_buffer_append_data (data, tmp_data, CERTTYPE_SIZE); + if (ret < 0) +diff -up gnutls-3.1.7/lib/auth/dhe.c.noecc gnutls-3.1.7/lib/auth/dhe.c +--- gnutls-3.1.7/lib/auth/dhe.c.noecc 2013-02-01 20:02:07.000000000 +0100 ++++ gnutls-3.1.7/lib/auth/dhe.c 2013-02-05 21:13:08.702750739 +0100 +@@ -43,6 +43,7 @@ static int gen_dhe_server_kx (gnutls_ses + static int proc_dhe_server_kx (gnutls_session_t, uint8_t *, size_t); + static int proc_dhe_client_kx (gnutls_session_t, uint8_t *, size_t); + ++#ifdef ENABLE_ECC + const mod_auth_st ecdhe_ecdsa_auth_struct = { + "ECDHE_ECDSA", + _gnutls_gen_cert_server_crt, +@@ -76,6 +77,7 @@ const mod_auth_st ecdhe_rsa_auth_struct + _gnutls_proc_cert_client_crt_vrfy, + _gnutls_proc_cert_cert_req + }; ++#endif + + const mod_auth_st dhe_rsa_auth_struct = { + "DHE_RSA", +diff -up gnutls-3.1.7/lib/auth/dhe_psk.c.noecc gnutls-3.1.7/lib/auth/dhe_psk.c +--- gnutls-3.1.7/lib/auth/dhe_psk.c.noecc 2013-02-01 20:02:07.000000000 +0100 ++++ gnutls-3.1.7/lib/auth/dhe_psk.c 2013-02-05 21:13:08.702750739 +0100 +@@ -68,6 +68,7 @@ const mod_auth_st dhe_psk_auth_struct = + NULL + }; + ++#ifdef ENABLE_ECC + const mod_auth_st ecdhe_psk_auth_struct = { + "ECDHE PSK", + NULL, +@@ -84,6 +85,7 @@ const mod_auth_st ecdhe_psk_auth_struct + NULL, + NULL + }; ++#endif + + static int + gen_psk_client_kx (gnutls_session_t session, gnutls_buffer_st* data) +@@ -184,6 +186,7 @@ gen_psk_server_kx (gnutls_session_t sess + return ret; + } + ++#ifdef ENABLE_ECC + static int + gen_ecdhe_psk_server_kx (gnutls_session_t session, gnutls_buffer_st* data) + { +@@ -208,7 +211,7 @@ gen_ecdhe_psk_server_kx (gnutls_session_ + + return ret; + } +- ++#endif + + static int + proc_psk_client_kx (gnutls_session_t session, uint8_t * data, +@@ -289,6 +292,7 @@ proc_psk_client_kx (gnutls_session_t ses + + } + ++#ifdef ENABLE_ECC + static int + proc_ecdhe_psk_client_kx (gnutls_session_t session, uint8_t * data, + size_t _data_size) +@@ -353,6 +357,7 @@ proc_ecdhe_psk_client_kx (gnutls_session + + return ret; + } ++#endif + + int + proc_psk_server_kx (gnutls_session_t session, uint8_t * data, +diff -up gnutls-3.1.7/lib/auth/ecdh_common.c.noecc gnutls-3.1.7/lib/auth/ecdh_common.c +--- gnutls-3.1.7/lib/auth/ecdh_common.c.noecc 2013-02-01 20:02:07.000000000 +0100 ++++ gnutls-3.1.7/lib/auth/ecdh_common.c 2013-02-05 21:13:08.702750739 +0100 +@@ -41,6 +41,8 @@ + #include + #include + ++#ifdef ENABLE_ECC ++ + static int calc_ecdh_key( gnutls_session_t session, gnutls_datum_t * psk_key) + { + gnutls_pk_params_st pub; +@@ -243,3 +245,4 @@ int _gnutls_ecdh_common_print_server_kx + + return data->length; + } ++#endif +diff -up gnutls-3.1.7/lib/auth/ecdh_common.h.noecc gnutls-3.1.7/lib/auth/ecdh_common.h +--- gnutls-3.1.7/lib/auth/ecdh_common.h.noecc 2013-02-01 20:02:07.000000000 +0100 ++++ gnutls-3.1.7/lib/auth/ecdh_common.h 2013-02-05 21:13:08.702750739 +0100 +@@ -25,6 +25,8 @@ + + #include + ++#ifdef ENABLE_ECC ++ + int + _gnutls_gen_ecdh_common_client_kx (gnutls_session_t session, + gnutls_buffer_st* data); +@@ -45,6 +47,14 @@ int _gnutls_ecdh_common_print_server_kx + int _gnutls_proc_ecdh_common_server_kx (gnutls_session_t session, uint8_t * data, + size_t _data_size); + ++#else ++ ++#define _gnutls_gen_ecdh_common_client_kx_int(session, data, psk_key) GNUTLS_E_INTERNAL_ERROR ++#define _gnutls_proc_ecdh_common_client_kx(session, data, _data_size, curve, psk_key) GNUTLS_E_INTERNAL_ERROR ++#define _gnutls_ecdh_common_print_server_kx(session, data, curve) GNUTLS_E_INTERNAL_ERROR ++#define _gnutls_proc_ecdh_common_server_kx(session, data, _data_size) GNUTLS_E_INTERNAL_ERROR ++ ++#endif + + + #endif +diff -up gnutls-3.1.7/lib/ext/ecc.c.noecc gnutls-3.1.7/lib/ext/ecc.c +--- gnutls-3.1.7/lib/ext/ecc.c.noecc 2013-02-01 20:02:07.000000000 +0100 ++++ gnutls-3.1.7/lib/ext/ecc.c 2013-02-05 21:13:08.702750739 +0100 +@@ -35,6 +35,7 @@ + /* Maps record size to numbers according to the + * extensions draft. + */ ++#ifdef ENABLE_ECC + + static int _gnutls_supported_ecc_recv_params (gnutls_session_t session, + const uint8_t * data, +@@ -269,3 +270,5 @@ _gnutls_session_supports_ecc_curve (gnut + + return GNUTLS_E_ECC_UNSUPPORTED_CURVE; + } ++ ++#endif +diff -up gnutls-3.1.7/lib/gnutls_extensions.c.noecc gnutls-3.1.7/lib/gnutls_extensions.c +--- gnutls-3.1.7/lib/gnutls_extensions.c.noecc 2013-02-04 02:50:34.000000000 +0100 ++++ gnutls-3.1.7/lib/gnutls_extensions.c 2013-02-05 21:13:08.702750739 +0100 +@@ -350,6 +350,7 @@ _gnutls_ext_init (void) + if (ret != GNUTLS_E_SUCCESS) + return ret; + ++#ifdef ENABLE_ECC + ret = _gnutls_ext_register (&ext_mod_supported_ecc); + if (ret != GNUTLS_E_SUCCESS) + return ret; +@@ -357,6 +358,7 @@ _gnutls_ext_init (void) + ret = _gnutls_ext_register (&ext_mod_supported_ecc_pf); + if (ret != GNUTLS_E_SUCCESS) + return ret; ++#endif + + ret = _gnutls_ext_register (&ext_mod_sig); + if (ret != GNUTLS_E_SUCCESS) +diff -up gnutls-3.1.7/lib/nettle/init.c.noecc gnutls-3.1.7/lib/nettle/init.c +--- gnutls-3.1.7/lib/nettle/init.c.noecc 2013-02-01 20:02:09.000000000 +0100 ++++ gnutls-3.1.7/lib/nettle/init.c 2013-02-05 21:13:08.703750762 +0100 +@@ -32,7 +32,11 @@ + int + gnutls_crypto_init (void) + { ++#ifdef ENABLE_ECC + return ecc_wmnaf_cache_init(); ++#else ++ return 0; ++#endif + } + + /* Functions that refer to the deinitialization of the nettle library. +@@ -41,5 +45,7 @@ gnutls_crypto_init (void) + void + gnutls_crypto_deinit (void) + { ++#ifdef ENABLE_ECC + ecc_wmnaf_cache_free(); ++#endif + } +diff -up gnutls-3.1.7/lib/nettle/Makefile.am.noecc gnutls-3.1.7/lib/nettle/Makefile.am +--- gnutls-3.1.7/lib/nettle/Makefile.am.noecc 2012-12-03 20:36:50.000000000 +0100 ++++ gnutls-3.1.7/lib/nettle/Makefile.am 2013-02-05 21:13:08.703750762 +0100 +@@ -33,9 +33,13 @@ endif + + noinst_LTLIBRARIES = libcrypto.la + ++#if ENABLE_ECC ++#ECC_SOURCES = ecc_free.c ecc.h ecc_make_key.c ecc_shared_secret.c \ ++# ecc_map.c ecc_mulmod.c ecc_mulmod_cached.c \ ++# ecc_points.c ecc_projective_dbl_point_3.c ecc_projective_isneutral.c \ ++# ecc_projective_check_point.c ecc_projective_negate_point.c \ ++# ecc_projective_add_point_ng.c ecc_sign_hash.c ecc_verify_hash.c ++#endif ++ + libcrypto_la_SOURCES = pk.c mpi.c mac.c cipher.c rnd.c init.c egd.c egd.h \ +- multi.c wmnaf.c ecc_free.c ecc.h ecc_make_key.c ecc_shared_secret.c \ +- ecc_map.c ecc_mulmod.c ecc_mulmod_cached.c \ +- ecc_points.c ecc_projective_dbl_point_3.c ecc_projective_isneutral.c \ +- ecc_projective_check_point.c ecc_projective_negate_point.c \ +- ecc_projective_add_point_ng.c ecc_sign_hash.c ecc_verify_hash.c gnettle.h ++ multi.c wmnaf.c $(ECC_SOURCES) gnettle.h +diff -up gnutls-3.1.7/lib/nettle/pk.c.noecc gnutls-3.1.7/lib/nettle/pk.c +--- gnutls-3.1.7/lib/nettle/pk.c.noecc 2013-02-01 20:02:09.000000000 +0100 ++++ gnutls-3.1.7/lib/nettle/pk.c 2013-02-05 21:13:08.704750784 +0100 +@@ -137,6 +137,7 @@ static int _wrap_nettle_pk_derive(gnutls + + switch (algo) + { ++#ifdef ENABLE_ECC + case GNUTLS_PK_EC: + { + ecc_key ecc_pub, ecc_priv; +@@ -182,6 +183,7 @@ ecc_cleanup: + out->size = sz; + break; + } ++#endif + default: + gnutls_assert (); + ret = GNUTLS_E_INTERNAL_ERROR; +@@ -326,6 +328,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorith + + switch (algo) + { ++#ifdef ENABLE_ECC + case GNUTLS_PK_EC: /* we do ECDSA */ + { + ecc_key priv; +@@ -369,6 +372,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorith + } + break; + } ++#endif + case GNUTLS_PK_DSA: + { + struct dsa_public_key pub; +@@ -470,6 +474,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algori + + switch (algo) + { ++#ifdef ENABLE_ECC + case GNUTLS_PK_EC: /* ECDSA */ + { + ecc_key pub; +@@ -509,6 +514,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algori + _ecc_params_clear( &pub); + break; + } ++#endif + case GNUTLS_PK_DSA: + { + struct dsa_public_key pub; +@@ -705,6 +711,7 @@ rsa_fail: + + break; + } ++#ifdef ENABLE_ECC + case GNUTLS_PK_EC: + { + ecc_key key; +@@ -758,6 +765,7 @@ ecc_fail: + + break; + } ++#endif + default: + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; +@@ -874,6 +882,7 @@ dsa_cleanup: + } + + break; ++#ifdef ENABLE_ECC + case GNUTLS_PK_EC: + { + int curve = params->flags; +@@ -923,6 +932,7 @@ ecc_cleanup: + ecc_del_point(R); + } + break; ++#endif + default: + ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + } +diff -up gnutls-3.1.7/tests/cert-tests/dane.noecc gnutls-3.1.7/tests/cert-tests/dane +--- gnutls-3.1.7/tests/cert-tests/dane.noecc 2013-01-25 20:24:10.000000000 +0100 ++++ gnutls-3.1.7/tests/cert-tests/dane 2013-02-06 18:32:53.381803965 +0100 +@@ -22,6 +22,8 @@ + + set -e + ++exit 77 ++ + srcdir=${srcdir:-.} + DANETOOL=${DANETOOL:-../../src/danetool$EXEEXT} + +diff -up gnutls-3.1.7/tests/dtls/dtls-nb.noecc gnutls-3.1.7/tests/dtls/dtls-nb +--- gnutls-3.1.7/tests/dtls/dtls-nb.noecc 2012-12-03 20:36:51.000000000 +0100 ++++ gnutls-3.1.7/tests/dtls/dtls-nb 2013-02-06 17:30:21.148616598 +0100 +@@ -22,9 +22,7 @@ + + set -e + +-if test "${WINDIR}" != "";then +- exit 77 +-fi ++exit 77 + + ./dtls-stress -nb -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished + ./dtls-stress -nb -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone +diff -up gnutls-3.1.7/tests/dtls/dtls.noecc gnutls-3.1.7/tests/dtls/dtls +--- gnutls-3.1.7/tests/dtls/dtls.noecc 2012-12-03 20:36:51.000000000 +0100 ++++ gnutls-3.1.7/tests/dtls/dtls 2013-02-06 17:30:12.732428591 +0100 +@@ -22,9 +22,7 @@ + + set -e + +-if test "${WINDIR}" != "";then +- exit 77 +-fi ++exit 77 + + ./dtls-stress -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished + ./dtls-stress -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone +diff -up gnutls-3.1.7/tests/ecdsa/ecdsa.noecc gnutls-3.1.7/tests/ecdsa/ecdsa +--- gnutls-3.1.7/tests/ecdsa/ecdsa.noecc 2012-12-03 20:36:51.000000000 +0100 ++++ gnutls-3.1.7/tests/ecdsa/ecdsa 2013-02-06 17:31:19.991931090 +0100 +@@ -22,6 +22,8 @@ + + #set -e + ++exit 77 ++ + srcdir=${srcdir:-.} + CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT} + +diff -up gnutls-3.1.7/tests/mini-dtls-record.c.noecc gnutls-3.1.7/tests/mini-dtls-record.c +--- gnutls-3.1.7/tests/mini-dtls-record.c.noecc 2013-01-17 20:07:30.000000000 +0100 ++++ gnutls-3.1.7/tests/mini-dtls-record.c 2013-02-06 16:49:30.236481581 +0100 +@@ -27,7 +27,7 @@ + #include + #include + +-#if defined(_WIN32) ++#if defined(_WIN32) || !defined(ENABLE_ECC) + + int + main () +diff -up gnutls-3.1.7/tests/mini-dtls-rehandshake.c.noecc gnutls-3.1.7/tests/mini-dtls-rehandshake.c +--- gnutls-3.1.7/tests/mini-dtls-rehandshake.c.noecc 2012-12-03 20:36:51.000000000 +0100 ++++ gnutls-3.1.7/tests/mini-dtls-rehandshake.c 2013-02-06 16:50:11.803404151 +0100 +@@ -27,7 +27,7 @@ + #include + #include + +-#if defined(_WIN32) ++#if defined(_WIN32) || !defined(ENABLE_ECC) + + int main() + { +diff -up gnutls-3.1.7/tests/mini-dtls-srtp.c.noecc gnutls-3.1.7/tests/mini-dtls-srtp.c +--- gnutls-3.1.7/tests/mini-dtls-srtp.c.noecc 2012-12-03 20:36:51.000000000 +0100 ++++ gnutls-3.1.7/tests/mini-dtls-srtp.c 2013-02-06 16:51:05.009585051 +0100 +@@ -27,7 +27,7 @@ + #include + #include + +-#if defined(_WIN32) || !defined(ENABLE_DTLS_SRTP) ++#if defined(_WIN32) || !defined(ENABLE_DTLS_SRTP) || !defined(ENABLE_ECC) + + int + main (int argc, char** argv) +diff -up gnutls-3.1.7/tests/mini-handshake-timeout.c.noecc gnutls-3.1.7/tests/mini-handshake-timeout.c +--- gnutls-3.1.7/tests/mini-handshake-timeout.c.noecc 2012-12-03 20:36:51.000000000 +0100 ++++ gnutls-3.1.7/tests/mini-handshake-timeout.c 2013-02-06 16:51:28.466105661 +0100 +@@ -28,7 +28,7 @@ + #include + #include + +-#if defined(_WIN32) ++#if defined(_WIN32) || !defined(ENABLE_ECC) + + int main() + { +@@ -142,7 +142,11 @@ initialize_tls_session (gnutls_session_t + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ +- gnutls_priority_set_direct (*session, "NORMAL:+ANON-ECDH", NULL); ++#ifdef ENABLE_ECC ++ gnutls_priority_set_direct (session, "NORMAL:+ANON-ECDH", NULL); ++#else ++ gnutls_priority_set_direct (session, "NORMAL:+ANON-DH", NULL); ++#endif + } + + static void +diff -up gnutls-3.1.7/tests/mini-loss-time.c.noecc gnutls-3.1.7/tests/mini-loss-time.c +--- gnutls-3.1.7/tests/mini-loss-time.c.noecc 2012-12-03 20:36:51.000000000 +0100 ++++ gnutls-3.1.7/tests/mini-loss-time.c 2013-02-06 16:51:47.254522659 +0100 +@@ -28,7 +28,7 @@ + #include + #include + +-#if defined(_WIN32) ++#if defined(_WIN32) || !defined(ENABLE_ECC) + + int main() + { +diff -up gnutls-3.1.7/tests/mini-record.c.noecc gnutls-3.1.7/tests/mini-record.c +--- gnutls-3.1.7/tests/mini-record.c.noecc 2013-01-23 20:31:17.000000000 +0100 ++++ gnutls-3.1.7/tests/mini-record.c 2013-02-06 16:52:07.965982266 +0100 +@@ -27,7 +27,7 @@ + #include + #include + +-#if defined(_WIN32) ++#if defined(_WIN32) || !defined(ENABLE_ECC) + + int main() + { +diff -up gnutls-3.1.7/tests/mini-xssl.c.noecc gnutls-3.1.7/tests/mini-xssl.c +--- gnutls-3.1.7/tests/mini-xssl.c.noecc 2013-01-27 18:16:02.000000000 +0100 ++++ gnutls-3.1.7/tests/mini-xssl.c 2013-02-06 16:29:32.288396176 +0100 +@@ -27,7 +27,7 @@ + #include + #include + +-#if defined(_WIN32) ++#if defined(_WIN32) || !defined(ENABLE_ECC) + + int main() + { +diff -up gnutls-3.1.7/tests/pkcs12_simple.c.noecc gnutls-3.1.7/tests/pkcs12_simple.c +--- gnutls-3.1.7/tests/pkcs12_simple.c.noecc 2012-12-06 09:01:28.000000000 +0100 ++++ gnutls-3.1.7/tests/pkcs12_simple.c 2013-02-06 17:01:39.813123531 +0100 +@@ -50,6 +50,10 @@ doit (void) + gnutls_x509_privkey_t pkey; + int ret; + ++#ifndef ENABLE_ECC ++ exit(77); ++#endif ++ + ret = gnutls_global_init (); + if (ret < 0) + fail ("gnutls_global_init failed %d\n", ret); +diff -up gnutls-3.1.7/tests/slow/keygen.c.noecc gnutls-3.1.7/tests/slow/keygen.c +--- gnutls-3.1.7/tests/slow/keygen.c.noecc 2012-12-03 20:36:52.000000000 +0100 ++++ gnutls-3.1.7/tests/slow/keygen.c 2013-02-06 17:23:10.831725585 +0100 +@@ -65,6 +65,11 @@ doit (void) + if (algorithm == GNUTLS_PK_DH) + continue; + ++#ifndef ENABLE_ECC ++ if (algorithm == GNUTLS_PK_EC) ++ continue; ++#endif ++ + ret = gnutls_x509_privkey_init (&pkey); + if (ret < 0) + { +diff -up gnutls-3.1.7/tests/srp/mini-srp.c.noecc gnutls-3.1.7/tests/srp/mini-srp.c +--- gnutls-3.1.7/tests/srp/mini-srp.c.noecc 2012-12-03 20:36:52.000000000 +0100 ++++ gnutls-3.1.7/tests/srp/mini-srp.c 2013-02-06 17:36:50.419312453 +0100 +@@ -27,7 +27,7 @@ + #include + #include + +-#if defined(_WIN32) ++#if defined(_WIN32) || !defined(ENABLE_SRP) + + int main() + { diff --git a/gnutls-3.1.7-rpath.patch b/gnutls-3.1.7-rpath.patch new file mode 100644 index 0000000..d087db9 --- /dev/null +++ b/gnutls-3.1.7-rpath.patch @@ -0,0 +1,39 @@ +diff -up gnutls-3.1.7/configure.rpath gnutls-3.1.7/configure +--- gnutls-3.1.7/configure.rpath 2013-02-04 02:40:23.000000000 +0100 ++++ gnutls-3.1.7/configure 2013-02-05 21:04:57.128932440 +0100 +@@ -48519,7 +48519,7 @@ shlibpath_var= + shlibpath_overrides_runpath=unknown + version_type=none + dynamic_linker="$host_os ld.so" +-sys_lib_dlsearch_path_spec="/lib /usr/lib" ++sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64" + need_lib_prefix=unknown + hardcode_into_libs=no + +@@ -48962,7 +48962,7 @@ fi + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` +- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" ++ sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64 $lt_ld_extra" + fi + + # We used to test for /lib/ld.so.1 and disable shared libraries on +@@ -52353,7 +52353,7 @@ shlibpath_var= + shlibpath_overrides_runpath=unknown + version_type=none + dynamic_linker="$host_os ld.so" +-sys_lib_dlsearch_path_spec="/lib /usr/lib" ++sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64" + need_lib_prefix=unknown + hardcode_into_libs=no + +@@ -52794,7 +52794,7 @@ fi + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` +- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" ++ sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64 $lt_ld_extra" + fi + + # We used to test for /lib/ld.so.1 and disable shared libraries on diff --git a/gnutls.spec b/gnutls.spec index 523f83e..d386ff4 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -1,33 +1,36 @@ +%bcond_without dane %bcond_with guile Summary: A TLS protocol implementation Name: gnutls -Version: 2.12.22 -Release: 2%{?dist} -# The libgnutls library is LGPLv2+, utilities and remaining libraries are GPLv3+ -License: GPLv3+ and LGPLv2+ +Version: 3.1.7 +Release: 1%{?dist} +# The libgnutls library is LGPLv3+, utilities and remaining libraries are GPLv3+ +License: GPLv3+ and LGPLv3+ Group: System Environment/Libraries BuildRequires: libgcrypt-devel >= 1.2.2, p11-kit-devel >= 0.11, gettext BuildRequires: zlib-devel, readline-devel, libtasn1-devel >= 2.14 BuildRequires: lzo-devel, libtool, automake, autoconf +BuildRequires: nettle-devel >= 2.5 +%if %{with dane} +BuildRequires: unbound-devel +%endif %if %{with guile} BuildRequires: guile-devel %endif +# temporary compat library for buildroots +BuildRequires: gnutls URL: http://www.gnutls.org/ -#Source0: ftp://ftp.gnutls.org/pub/gnutls/%{name}-%{version}.tar.gz -#Source1: ftp://ftp.gnutls.org/pub/gnutls/%{name}-%{version}.tar.gz.sig -# XXX patent tainted SRP code removed. -Source0: %{name}-%{version}-nosrp.tar.xz +#Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/%{name}-%{version}.tar.xz +#Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/%{name}-%{version}.tar.xz.sig +# XXX patent tainted code removed. +Source0: %{name}-%{version}-hobbled.tar.xz Source1: libgnutls-config -Patch1: gnutls-2.12.11-rpath.patch -Patch2: gnutls-2.8.6-link-libgcrypt.patch -# Remove nonexisting references from texinfo file -Patch3: gnutls-2.12.2-nosrp.patch -# Skip tests that are expected to fail on libgcrypt build -Patch4: gnutls-2.12.7-dsa-skiptests.patch -# Fix the gnutls-cli-debug manpage -Patch6: gnutls-2.12.20-cli-debug-manpage.patch +Source2: hobble-gnutls +Patch1: gnutls-3.1.7-rpath.patch # Use only FIPS approved ciphers in the FIPS mode Patch7: gnutls-2.12.21-fips-algorithms.patch +# Make ECC optional as it is now hobbled +Patch8: gnutls-3.1.7-noecc.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: libgcrypt >= 1.2.2 @@ -43,6 +46,9 @@ Summary: Development files for the %{name} package Group: Development/Libraries Requires: %{name}%{?_isa} = %{version}-%{release} Requires: %{name}-c++%{?_isa} = %{version}-%{release} +%if %{with dane} +Requires: %{name}-dane%{?_isa} = %{version}-%{release} +%endif Requires: libgcrypt-devel Requires: pkgconfig Requires(post): /sbin/install-info @@ -53,6 +59,15 @@ License: GPLv3+ Summary: Command line tools for TLS protocol Group: Applications/System Requires: %{name}%{?_isa} = %{version}-%{release} +%if %{with dane} +Requires: %{name}-dane%{?_isa} = %{version}-%{release} +%endif + +%if %{with dane} +%package dane +Summary: A DANE protocol implementation for GnuTLS +Requires: %{name}%{?_isa} = %{version}-%{release} +%endif %if %{with guile} %package guile @@ -87,6 +102,15 @@ the proposed standards by the IETF's TLS working group. This package contains command line TLS client and server and certificate manipulation tools. +%if %{with dane} +%description dane +GnuTLS is a project that aims to develop a library which provides a secure +layer, over a reliable transport layer. Currently the GnuTLS library implements +the proposed standards by the IETF's TLS working group. +This package contains library that implements the DANE protocol for verifying +TLS certificates through DNSSEC. +%endif + %if %{with guile} %description guile GnuTLS is a project that aims to develop a library which provides a secure @@ -99,15 +123,12 @@ This package contains Guile bindings for the library. %setup -q %patch1 -p1 -b .rpath -%patch2 -p1 -b .link -%patch3 -p1 -b .nosrp -%patch4 -p1 -b .skiptests -%patch6 -p1 -b .cli-debug -%patch7 -p1 -b .fips +# This patch is not applicable as we use nettle now but some parts will be +# later reused. +#%patch7 -p1 -b .fips +%patch8 -p1 -b .noecc -for i in auth_srp_rsa.c auth_srp_sb64.c auth_srp_passwd.c auth_srp.c gnutls_srp.c ext_srp.c; do - touch lib/$i -done +%{SOURCE2} -e %build @@ -124,6 +145,11 @@ export LDFLAGS="-Wl,--no-add-needed" %else --disable-guile \ %endif +%if %{with dane} + --enable-dane \ +%else + --disable-dane \ +%endif %ifarch %{arm} --disable-largefile \ %endif @@ -131,7 +157,6 @@ export LDFLAGS="-Wl,--no-add-needed" # Note that the arm hack above is not quite right and the proper thing would # be to compile guile with largefile support. make -cp lib/COPYING COPYING.LIB %install rm -fr $RPM_BUILD_ROOT @@ -145,7 +170,18 @@ rm -f $RPM_BUILD_ROOT%{_mandir}/man3/*srp* rm -f $RPM_BUILD_ROOT%{_infodir}/dir rm -f $RPM_BUILD_ROOT%{_libdir}/*.la rm -f $RPM_BUILD_ROOT%{_libdir}/libguile*.a -%find_lang libgnutls +%if %{without dane} +rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls-dane.pc +%endif + +# temporary compat library for buildroots +install %{_libdir}/libgnutls.so.26.*.* $RPM_BUILD_ROOT/%{_libdir} +pushd $RPM_BUILD_ROOT/%{_libdir} +ln -s libgnutls.so.26.*.* $RPM_BUILD_ROOT/%{_libdir}/libgnutls.so.26 +popd + + +%find_lang gnutls %check make check @@ -171,17 +207,25 @@ if [ $1 = 0 -a -f %{_infodir}/gnutls.info.gz ]; then /sbin/install-info --delete %{_infodir}/gnutls.info.gz %{_infodir}/dir || : fi +%if %{with dane} +%post dane -p /sbin/ldconfig + +%postun dane -p /sbin/ldconfig +%endif + %if %{with guile} %post guile -p /sbin/ldconfig %postun guile -p /sbin/ldconfig %endif -%files -f libgnutls.lang +%files -f gnutls.lang %defattr(-,root,root,-) -%{_libdir}/libgnutls.so.* -%{_libdir}/libgnutls-extra.so.* -%doc COPYING COPYING.LIB README AUTHORS +%{_libdir}/libgnutls.so.28* +%{_libdir}/libgnutls-xssl.so.0* +%doc COPYING COPYING.LESSER README AUTHORS NEWS THANKS +# temporary compat library for buildroots +%{_libdir}/*.so.26* %files c++ %{_libdir}/libgnutlsxx.so.* @@ -199,12 +243,22 @@ fi %files utils %defattr(-,root,root,-) %{_bindir}/certtool +%{_bindir}/ocsptool %{_bindir}/psktool %{_bindir}/p11tool +%if %{with dane} +%{_bindir}/danetool +%endif %{_bindir}/gnutls* %{_mandir}/man1/* %doc doc/certtool.cfg +%if %{with dane} +%files dane +%defattr(-,root,root,-) +%{_libdir}/libgnutls-dane.so.* +%endif + %if %{with guile} %files guile %defattr(-,root,root,-) @@ -214,6 +268,10 @@ fi %endif %changelog +* Wed Feb 6 2013 Tomas Mraz 3.1.7-1 +- new upstream version, requires rebuild of dependencies +- this release temporarily includes old compatibility .so + * Tue Feb 5 2013 Tomas Mraz 2.12.22-2 - rebuilt with new libtasn1 - make guile bindings optional - breaks i686 build and there is diff --git a/hobble-gnutls b/hobble-gnutls new file mode 100755 index 0000000..f33cfb5 --- /dev/null +++ b/hobble-gnutls @@ -0,0 +1,23 @@ +#!/bin/sh +set -x + +if [ "$1" = "-e" ] ; then + CMD="cat < /dev/null >" +else + CMD="rm -f" +fi + +# SRP +for f in auth_srp_sb64.c auth_srp_passwd.c auth_srp_rsa.c \ + gnutls_srp.c auth_srp.c ext_srp.c ; do + eval "$CMD lib/$f" +done + +# ECC +for f in ecc_free.c ecc_make_key.c ecc_shared_secret.c \ + ecc_map.c ecc_mulmod.c ecc_mulmod_cached.c \ + ecc_points.c ecc_projective_dbl_point_3.c ecc_projective_isneutral.c \ + ecc_projective_check_point.c ecc_projective_negate_point.c \ + ecc_projective_add_point_ng.c ecc_sign_hash.c ecc_verify_hash.c ; do + eval "$CMD lib/nettle/$f" +done diff --git a/remove-srp b/remove-srp deleted file mode 100755 index 6f385bb..0000000 --- a/remove-srp +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -set -x - -rm -f lib/auth_srp_sb64.c lib/auth_srp_passwd.c lib/auth_srp_rsa.c -rm -f lib/gnutls_srp.c lib/auth_srp.c lib/ext_srp.c diff --git a/sources b/sources index 55affa8..a69115c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -21a57b10b4fe9cd515841974bd8c2cb7 gnutls-2.12.22-nosrp.tar.xz +075ba552c072eba77669d941f308d3fb gnutls-3.1.7-hobbled.tar.xz