Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2026-04-18 21:30:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnutls (Old) and /work/SRC/openSUSE:Factory/.gnutls.new.11940 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls" Sat Apr 18 21:30:56 2026 rev:168 rq:1347712 version:3.8.12 Changes: -------- --- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2026-03-27 16:48:25.552714092 +0100 +++ /work/SRC/openSUSE:Factory/.gnutls.new.11940/gnutls.changes 2026-04-18 21:30:59.276412662 +0200 @@ -1,0 +2,11 @@ +Fri Apr 17 11:26:12 UTC 2026 - Pedro Monreal <[email protected]> + +- Fix build with libnettle 4.0: (bsc#1257934) + * Support building with Nettle 4 [PR2075] + * accelerated: don't register custom HMAC for AArch64 if + Nettle 4 [PR2080] + * Add patches: + - gnutls-libnettle4-2075.patch + - gnutls-libnettle4-2080.patch + +------------------------------------------------------------------- New: ---- gnutls-libnettle4-2075.patch gnutls-libnettle4-2080.patch ----------(New B)---------- New: * Add patches: - gnutls-libnettle4-2075.patch - gnutls-libnettle4-2080.patch New: - gnutls-libnettle4-2075.patch - gnutls-libnettle4-2080.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.0cvwow/_old 2026-04-18 21:31:01.720512074 +0200 +++ /var/tmp/diff_new_pack.0cvwow/_new 2026-04-18 21:31:01.740512888 +0200 @@ -70,6 +70,9 @@ Patch5: gnutls-FIPS-140-3-references.patch #PATCH-FIX-SUSE bsc#1260395 Fix build with autoconf 2.73 Patch6: gnutls-C23.patch +#PATCH-FIX-UPSTREAM bsc#1257934 Fix build with libnettle 4.0 +Patch7: gnutls-libnettle4-2075.patch +Patch8: gnutls-libnettle4-2080.patch BuildRequires: autogen BuildRequires: automake BuildRequires: datefudge ++++++ gnutls-libnettle4-2075.patch ++++++ ++++ 1943 lines (skipped) ++++++ gnutls-libnettle4-2080.patch ++++++ >From 80b2fd8c6606949b9639f860d73b01dd6ba450ac Mon Sep 17 00:00:00 2001 From: Daiki Ueno <[email protected]> Date: Wed, 4 Mar 2026 10:07:22 +0900 Subject: [PATCH 1/2] accelerated: don't register custom HMAC for AArch64 if Nettle 4 As a follow-up of commit 4e3921c36529110a94c2a63e0d6601c502901589, add missing #ifdefs for AArch64, as Nettle 4 doesn't provide an easy way to implement a custom HMAC instance. Signed-off-by: Daiki Ueno <[email protected]> --- lib/accelerated/aarch64/aarch64-common.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lib/accelerated/aarch64/aarch64-common.c b/lib/accelerated/aarch64/aarch64-common.c index 12b7386fc6..ce8fc8301a 100644 --- a/lib/accelerated/aarch64/aarch64-common.c +++ b/lib/accelerated/aarch64/aarch64-common.c @@ -141,11 +141,13 @@ static void _register_aarch64_crypto(unsigned capabilities) gnutls_assert(); } +#if defined(HAVE_LIBNETTLE) && defined(HMAC_SET_KEY) ret = gnutls_crypto_single_mac_register( GNUTLS_MAC_SHA1, 80, &_gnutls_hmac_sha_aarch64, 0); if (ret < 0) { gnutls_assert(); } +#endif } if (_gnutls_arm_cpuid_s & ARMV8_SHA256) { @@ -157,11 +159,13 @@ static void _register_aarch64_crypto(unsigned capabilities) gnutls_assert(); } +#if defined(HAVE_LIBNETTLE) && defined(HMAC_SET_KEY) ret = gnutls_crypto_single_mac_register( GNUTLS_MAC_SHA224, 80, &_gnutls_hmac_sha_aarch64, 0); if (ret < 0) { gnutls_assert(); } +#endif ret = gnutls_crypto_single_digest_register( GNUTLS_DIG_SHA256, 80, &_gnutls_sha_aarch64, 0); @@ -169,11 +173,13 @@ static void _register_aarch64_crypto(unsigned capabilities) gnutls_assert(); } +#if defined(HAVE_LIBNETTLE) && defined(HMAC_SET_KEY) ret = gnutls_crypto_single_mac_register( GNUTLS_MAC_SHA256, 80, &_gnutls_hmac_sha_aarch64, 0); if (ret < 0) { gnutls_assert(); } +#endif ret = gnutls_crypto_single_digest_register( GNUTLS_DIG_SHA384, 80, &_gnutls_sha_aarch64, 0); @@ -181,11 +187,13 @@ static void _register_aarch64_crypto(unsigned capabilities) gnutls_assert(); } +#if defined(HAVE_LIBNETTLE) && defined(HMAC_SET_KEY) ret = gnutls_crypto_single_mac_register( GNUTLS_MAC_SHA384, 80, &_gnutls_hmac_sha_aarch64, 0); if (ret < 0) { gnutls_assert(); } +#endif ret = gnutls_crypto_single_digest_register( GNUTLS_DIG_SHA512, 80, &_gnutls_sha_aarch64, 0); @@ -193,11 +201,13 @@ static void _register_aarch64_crypto(unsigned capabilities) gnutls_assert(); } +#if defined(HAVE_LIBNETTLE) && defined(HMAC_SET_KEY) ret = gnutls_crypto_single_mac_register( GNUTLS_MAC_SHA512, 80, &_gnutls_hmac_sha_aarch64, 0); if (ret < 0) { gnutls_assert(); } +#endif } if (_gnutls_arm_cpuid_s & ARMV8_AES) { -- GitLab >From cea3a4e66e950f87e7f7a9fe319b1aef34250013 Mon Sep 17 00:00:00 2001 From: Daiki Ueno <[email protected]> Date: Tue, 3 Mar 2026 15:41:44 +0900 Subject: [PATCH 2/2] nettle: revert workaround for base64_decode_update return values This reverts commit d6014115969655005968491be1da8892ddedc134, as it turned out that the change of error return value was only available in an unreleased version of Nettle. Signed-off-by: Daiki Ueno <[email protected]> --- lib/x509_b64.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/lib/x509_b64.c b/lib/x509_b64.c index 3fb2c94dfb..0ffbfa91bf 100644 --- a/lib/x509_b64.c +++ b/lib/x509_b64.c @@ -285,10 +285,7 @@ int _gnutls_base64_decode(const uint8_t *data, size_t data_size, ret = base64_decode_update(&ctx, &size, result->data, pdata.size, (void *)pdata.data); - /* Nettle 4 returns -1 on error, while Nettle 3 returns 0; - * catch both - */ - if (ret <= 0 || size == 0) { + if (ret == 0 || size == 0) { gnutls_assert(); ret = GNUTLS_E_BASE64_DECODING_ERROR; goto fail; -- GitLab
