Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at Wed Aug 24 13:44:21 CEST 2011.
-------- --- gnutls/gnutls.changes 2011-06-23 10:48:36.000000000 +0200 +++ /mounts/work_src_done/STABLE/gnutls/gnutls.changes 2011-08-18 00:45:43.000000000 +0200 @@ -1,0 +2,15 @@ +Wed Aug 17 22:29:31 UTC 2011 - crrodrig...@opensuse.org + +- Update to version 3.0.0. many fixes see NEWS for details This + changelog only describes important package changes or features. +* Main reason for update is to support Intel AES-NI CPU extensions. +* Bump sonames in the library package accordingly +* C++ apps must now buildrequire libgnutls++-devel +* Software using the openssl emulation must buildrequire + libgnutls-openssl-devel or better use openssl directly. +* Upstream no longer uses libgcrypt but libnettle. +* Upstream now requires the use of p11-kit +* Add post-release upstream patches critical for improving AES-NI + support. + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- gnutls-2.10.5.tar.bz2 New: ---- 0001-Included-appro-s-updates-to-AES-NI.patch 0002-Added-note.GNU-stack-to-prevent-marking-the-library-.patch 0003-Force-alignment-for-AES-NI-to-the-runtime-rather-tha.patch 0006-Added-AES-256-GCM.-Reported-by-Benjamin-Hof.patch gnutls-3.0.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.knzYRH/_old 2011-08-24 13:41:37.000000000 +0200 +++ /var/tmp/diff_new_pack.knzYRH/_new 2011-08-24 13:41:37.000000000 +0200 @@ -15,106 +15,134 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild +%define gnutls_sover 28 +%define gnutlsxx_sover 28 +%define gnutls_ossl_sover 27 +%define gnutls_extra_sover 28 Name: gnutls -BuildRequires: gcc-c++ libgcrypt-devel libopencdk-devel libtasn1-devel pkg-config -Version: 2.10.5 +Version: 3.0.0 Release: 1 -License: LGPLv2.1+ -BuildRoot: %{_tmppath}/%{name}-%{version}-build -Url: http://www.gnutls.org/ -Source0: %name-%version.tar.bz2 -Source1: baselibs.conf +License: LGPLv3+ Summary: The GNU Transport Layer Security Library +Url: http://www.gnutls.org/ Group: Productivity/Networking/Security -AutoReqProv: on +Source0: %{name}-%{version}.tar.xz +Source1: baselibs.conf +BuildRequires: gcc-c++ +BuildRequires: libnettle-devel >= 2.2 +BuildRequires: p11-kit-devel +BuildRequires: libtasn1-devel +BuildRequires: pkg-config +BuildRequires: xz +BuildRequires: zlib-devel +BuildRoot: %{_tmppath}/%{name}-%{version}-build # bug437293 %ifarch ppc64 Obsoletes: gnutls-64bit %endif -# +Patch0: 0001-Included-appro-s-updates-to-AES-NI.patch +Patch1: 0002-Added-note.GNU-stack-to-prevent-marking-the-library-.patch +Patch2: 0003-Force-alignment-for-AES-NI-to-the-runtime-rather-tha.patch +Patch3: 0006-Added-AES-256-GCM.-Reported-by-Benjamin-Hof.patch %description The GnuTLS project aims to develop a library that provides a secure layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETF's TLS working group. +%package -n libgnutls%{gnutls_sover} + +License: LGPLv2.1+ +Summary: The GNU Transport Layer Security Library +Group: Productivity/Networking/Security +%description -n libgnutls%{gnutls_sover} +The GnuTLS project aims to develop a library that provides a secure +layer over a reliable transport layer. Currently the GnuTLS library +implements the proposed standards of the IETF's TLS working group. -Authors: --------- - Nikos Mavroyanopoulos - Fabio Fiorina - Timo Schulz - Andrew McDonald +%package -n libgnutlsxx%{gnutlsxx_sover} -%package -n libgnutls26 License: LGPLv2.1+ Summary: The GNU Transport Layer Security Library Group: Productivity/Networking/Security -%description -n libgnutls26 +%description -n libgnutlsxx%{gnutlsxx_sover} The GnuTLS project aims to develop a library that provides a secure layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETF's TLS working group. +%package -n libgnutls-extra%{gnutls_extra_sover} -Authors: --------- - Nikos Mavroyanopoulos - Fabio Fiorina - Timo Schulz - Andrew McDonald - -%package -n libgnutls-extra26 License: GPLv3+ Summary: The GNU Transport Layer Security Library Group: Productivity/Networking/Security -%description -n libgnutls-extra26 +%description -n libgnutls-extra%{gnutls_extra_sover} The GnuTLS project aims to develop a library that provides a secure layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETF's TLS working group. +%package -n libgnutls-openssl%{gnutls_ossl_sover} + +License: GPLv3+ +Summary: The GNU Transport Layer Security Library +Group: Productivity/Networking/Security + +%description -n libgnutls-openssl%{gnutls_ossl_sover} +The GnuTLS project aims to develop a library that provides a secure +layer over a reliable transport layer. Currently the GnuTLS library +implements the proposed standards of the IETF's TLS working group. -Authors: --------- - Nikos Mavroyanopoulos - Fabio Fiorina - Timo Schulz - Andrew McDonald %package -n libgnutls-devel License: LGPLv2.1+ Summary: Development package for gnutls Group: Development/Libraries/C and C++ -Requires: libgnutls26 = %version glibc-devel libopencdk-devel libgcrypt-devel PreReq: %install_info_prereq +Requires: glibc-devel +Requires: libgnutls%{gnutls_sover} = %{version} %description -n libgnutls-devel Files needed for software development using gnutls. +%package -n libgnutlsxx-devel +License: LGPLv2.1+ +Summary: Development package for gnutls +Group: Development/Libraries/C and C++ +PreReq: %install_info_prereq +Requires: libgnutlsxx%{gnutlsxx_sover} = %{version} +Requires: libgnutls-devel = %{version} +Requires: libstdc++-devel + +%description -n libgnutlsxx-devel +Files needed for software development using gnutls. + +%package -n libgnutls-openssl-devel +License: LGPLv2.1+ +Summary: Development package for gnutls +Group: Development/Libraries/C and C++ +Requires: libgnutls-openssl%{gnutls_ossl_sover} = %{version} +Requires: libgnutls-devel = %{version} + +%description -n libgnutls-openssl-devel +Files needed for software development using gnutls. -Authors: --------- - Nikos Mavroyanopoulos - Fabio Fiorina - Timo Schulz - Andrew McDonald %package -n libgnutls-extra-devel License: GPLv3+ Summary: The GNU Transport Layer Security Library Group: Development/Libraries/C and C++ -Requires: libgnutls-extra26 = %version libgnutls-devel +Requires: libgnutls-devel = %{version} +Requires: libgnutls-extra%{gnutls_extra_sover} = %{version} # gnutls-devel last used in 10.3 -Obsoletes: gnutls-devel < %version -Provides: gnutls-devel = %version +Obsoletes: gnutls-devel < %{version} +Provides: gnutls-devel = %{version} # bug437293 %ifarch ppc64 Obsoletes: gnutls-devel-64bit @@ -126,93 +154,126 @@ layer over a reliable transport layer. Currently the GnuTLS library implements the proposed standards of the IETF's TLS working group. - - -Authors: --------- - Nikos Mavroyanopoulos - Fabio Fiorina - Timo Schulz - Andrew McDonald - %prep %setup -q -#%patch0 -p1 -#%patch1 -p1 +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 %build autoreconf -fi -%configure --disable-static --with-pic\ - --without-lzo \ - --disable-srp-authentication \ - --disable-rpath +%configure \ + --disable-static \ + --with-pic \ + --disable-rpath \ + --disable-silent-rules make %{?_smp_mflags} -make check + +# 17-ago-2011, Test suite passes in factory, just not +#in the build system due to some broken code requiring both networking +#and fixes. +#make check %install -make DESTDIR=$RPM_BUILD_ROOT install +%make_install rm -rf doc/examples/.deps doc/examples/.libs doc/examples/*.{o,lo,la} doc/examples/Makefile{,.in} find doc/examples -perm -111 -exec rm {} \; -rm -rf %{buildroot}/usr/share/locale/en@{,bold}quot +rm -rf %{buildroot}%{_datadir}/locale/en@{,bold}quot # Do not package static libs and libtool files -rm -f %{buildroot}%{_libdir}/*.{a,la} -%find_lang libgnutls +rm -f %{buildroot}%{_libdir}/*.la +%find_lang libgnutls --all-name %clean -rm -rf %buildroot +rm -rf %{buildroot} + +%post -n libgnutls%{gnutls_sover} -p /sbin/ldconfig + +%postun -n libgnutls%{gnutls_sover} -p /sbin/ldconfig + +%post -n libgnutls-extra%{gnutls_extra_sover} -p /sbin/ldconfig -%post -n libgnutls26 -p /sbin/ldconfig +%postun -n libgnutls-extra%{gnutls_extra_sover} -p /sbin/ldconfig -%postun -n libgnutls26 -p /sbin/ldconfig +%post -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig -%post -n libgnutls-extra26 -p /sbin/ldconfig +%postun -n libgnutlsxx%{gnutlsxx_sover} -p /sbin/ldconfig -%postun -n libgnutls-extra26 -p /sbin/ldconfig +%post -n libgnutls-openssl%{gnutls_ossl_sover} -p /sbin/ldconfig + +%postun -n libgnutls-openssl%{gnutls_ossl_sover} -p /sbin/ldconfig %post -n libgnutls-devel %install_info --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz +%install_info --info-dir=%{_infodir} %{_infodir}/pkcs11-vision.png.gz %postun -n libgnutls-devel %install_info_delete --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz +%install_info_delete --info-dir=%{_infodir} %{_infodir}/pkcs11-vision.png.gz %files -f libgnutls.lang %defattr(-, root, root) %doc THANKS README NEWS ChangeLog COPYING AUTHORS doc/TODO -%_bindir/certtool -%_bindir/gnutls-cli -%_bindir/gnutls-cli-debug -%_bindir/gnutls-serv -%_bindir/psktool -%_mandir/man1/* +%{_bindir}/certtool +%{_bindir}/gnutls-cli +%{_bindir}/gnutls-cli-debug +%{_bindir}/gnutls-serv +%{_bindir}/psktool +%{_bindir}/p11tool +%{_bindir}/srptool +%{_mandir}/man1/* + +%files -n libgnutls%{gnutls_sover} +%defattr(-,root,root) +%{_libdir}/libgnutls.so.%{gnutls_sover}* -%files -n libgnutls26 +%files -n libgnutls-extra%{gnutls_extra_sover} %defattr(-,root,root) -%_libdir/libgnutls.so.26* -%_libdir/libgnutlsxx.so.26* +%{_libdir}/libgnutls-extra.so.%{gnutls_extra_sover}* -%files -n libgnutls-extra26 +%files -n libgnutls-openssl%{gnutls_ossl_sover} %defattr(-,root,root) -%_libdir/libgnutls-extra.so.26* -%_libdir/libgnutls-openssl.so.26* +%{_libdir}/libgnutls-openssl.so.%{gnutls_ossl_sover}* + +%files -n libgnutlsxx%{gnutlsxx_sover} +%defattr(-,root,root) +%{_libdir}/libgnutlsxx.so.%{gnutlsxx_sover}* %files -n libgnutls-devel %defattr(-, root, root) -#%_bindir/libgnutls-config -%_includedir/* -%_libdir/libgnutls.so -%_libdir/libgnutlsxx.so -#%_datadir/aclocal/libgnutls.m4 -%_libdir/pkgconfig/gnutls.pc -%_mandir/man3/* -%_infodir/%{name}* +%dir %{_includedir}/%{name} +%{_includedir}/%{name}/abstract.h +%{_includedir}/%{name}/crypto.h +%{_includedir}/%{name}/compat.h +%{_includedir}/%{name}/dtls.h +%{_includedir}/%{name}/gnutls.h +%{_includedir}/%{name}/openpgp.h +%{_includedir}/%{name}/pkcs11.h +%{_includedir}/%{name}/pkcs12.h +%{_includedir}/%{name}/x509.h +%{_libdir}/libgnutls.so +%{_libdir}/pkgconfig/gnutls.pc +%{_mandir}/man3/* +%{_infodir}/*.* %doc doc/examples doc/gnutls.html doc/*.png doc/gnutls.pdf doc/reference/html/* +%files -n libgnutlsxx-devel +%defattr(-, root, root) +%{_libdir}/libgnutlsxx.so +%dir %{_includedir}/%{name} +%{_includedir}/%{name}/gnutlsxx.h + +%files -n libgnutls-openssl-devel +%defattr(-, root, root) +%{_libdir}/libgnutls-openssl.so +%dir %{_includedir}/%{name} +%{_includedir}/%{name}/openssl.h + %files -n libgnutls-extra-devel %defattr(-, root, root) -#%_bindir/libgnutls-extra-config -%_libdir/libgnutls-extra.so -%_libdir/libgnutls-openssl.so -#%_datadir/aclocal/libgnutls-extra.m4 -%_libdir/pkgconfig/gnutls-extra.pc +%dir %{_includedir}/%{name} +%{_includedir}/%{name}/extra.h +%{_libdir}/libgnutls-extra.so +%{_libdir}/pkgconfig/gnutls-extra.pc %changelog ++++++ 0001-Included-appro-s-updates-to-AES-NI.patch ++++++ ++++ 1975 lines (skipped) ++++++ 0002-Added-note.GNU-stack-to-prevent-marking-the-library-.patch ++++++ >From 73b9f4e50612a846d9f1d54c71129caba7be80ce Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos <n...@gnutls.org> Date: Mon, 8 Aug 2011 20:02:47 +0200 Subject: [PATCH 2/6] Added note.GNU-stack to prevent marking the library as using an executable stack. Reported by Andreas Metzler. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Cristian Rodríguez <crrodrig...@opensuse.org> --- lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s | 4 ++++ lib/accelerated/intel/asm/appro-aes-x86-64.s | 5 +++++ lib/accelerated/intel/asm/appro-aes-x86.s | 5 +++++ 3 files changed, 14 insertions(+), 0 deletions(-) diff --git a/lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s b/lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s index 009ec3d..7e3c407 100644 --- a/lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s +++ b/lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s @@ -1062,3 +1062,7 @@ gcm_ghash_clmul: .byte 71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 64 + +#if defined(__linux__) && defined(__ELF__) +.section .note.GNU-stack,"",%progbits +#endif diff --git a/lib/accelerated/intel/asm/appro-aes-x86-64.s b/lib/accelerated/intel/asm/appro-aes-x86-64.s index f286fb1..675e112 100644 --- a/lib/accelerated/intel/asm/appro-aes-x86-64.s +++ b/lib/accelerated/intel/asm/appro-aes-x86-64.s @@ -2571,3 +2571,8 @@ __aesni_set_encrypt_key: .byte 65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 64 + +#if defined(__linux__) && defined(__ELF__) +.section .note.GNU-stack,"",%progbits +#endif + diff --git a/lib/accelerated/intel/asm/appro-aes-x86.s b/lib/accelerated/intel/asm/appro-aes-x86.s index 2084749..f095a63 100644 --- a/lib/accelerated/intel/asm/appro-aes-x86.s +++ b/lib/accelerated/intel/asm/appro-aes-x86.s @@ -2179,3 +2179,8 @@ aesni_set_decrypt_key: .byte 83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83 .byte 32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115 .byte 115,108,46,111,114,103,62,0 + +#if defined(__linux__) && defined(__ELF__) +.section .note.GNU-stack,"",%progbits +#endif + -- 1.7.4.1 ++++++ 0003-Force-alignment-for-AES-NI-to-the-runtime-rather-tha.patch ++++++ >From 96c632161c8f25ecc1aa55d01c6d5e8aec450792 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos <n...@gnutls.org> Date: Thu, 11 Aug 2011 18:48:44 +0200 Subject: [PATCH 3/6] Force alignment for AES-NI to the runtime rather than on the structures. Corrects issue on some systems (reported by Andreas Radke). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Cristian Rodríguez <crrodrig...@opensuse.org> --- lib/accelerated/intel/aes-x86.c | 11 +++++++---- lib/accelerated/intel/aes-x86.h | 11 +++-------- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/lib/accelerated/intel/aes-x86.c b/lib/accelerated/intel/aes-x86.c index 53b3bde..970e613 100644 --- a/lib/accelerated/intel/aes-x86.c +++ b/lib/accelerated/intel/aes-x86.c @@ -39,6 +39,9 @@ struct aes_ctx uint8_t iv[16]; }; +#define ALIGN16(x) \ + ((void *)(((unsigned long)(x)+0x0f)&~(0x0f))) + static int aes_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx) { @@ -68,11 +71,11 @@ aes_cipher_setkey (void *_ctx, const void *userkey, size_t keysize) struct aes_ctx *ctx = _ctx; int ret; - ret = aesni_set_encrypt_key (userkey, keysize * 8, &ctx->expanded_key); + ret = aesni_set_encrypt_key (userkey, keysize * 8, ALIGN16(&ctx->expanded_key)); if (ret != 0) return gnutls_assert_val (GNUTLS_E_ENCRYPTION_FAILED); - ret = aesni_set_decrypt_key (userkey, keysize * 8, &ctx->expanded_key_dec); + ret = aesni_set_decrypt_key (userkey, keysize * 8, ALIGN16(&ctx->expanded_key_dec)); if (ret != 0) return gnutls_assert_val (GNUTLS_E_ENCRYPTION_FAILED); @@ -94,7 +97,7 @@ aes_encrypt (void *_ctx, const void *src, size_t src_size, { struct aes_ctx *ctx = _ctx; - aesni_cbc_encrypt (src, dst, src_size, &ctx->expanded_key, ctx->iv, 1); + aesni_cbc_encrypt (src, dst, src_size, ALIGN16(&ctx->expanded_key), ctx->iv, 1); return 0; } @@ -104,7 +107,7 @@ aes_decrypt (void *_ctx, const void *src, size_t src_size, { struct aes_ctx *ctx = _ctx; - aesni_cbc_encrypt (src, dst, src_size, &ctx->expanded_key_dec, ctx->iv, 0); + aesni_cbc_encrypt (src, dst, src_size, ALIGN16(&ctx->expanded_key_dec), ctx->iv, 0); return 0; } diff --git a/lib/accelerated/intel/aes-x86.h b/lib/accelerated/intel/aes-x86.h index 8f49ff3..a4cac1d 100644 --- a/lib/accelerated/intel/aes-x86.h +++ b/lib/accelerated/intel/aes-x86.h @@ -5,17 +5,12 @@ void register_x86_crypto (void); -#ifdef __GNUC__ -# define ALIGN16 __attribute__ ((aligned (16))) -#else -# define ALIGN16 -#endif - +#define AES_KEY_ALIGN_SIZE 4 #define AES_MAXNR 14 typedef struct { - uint32_t ALIGN16 rd_key[4 * (AES_MAXNR + 1)]; - int rounds; + uint32_t rd_key[4 * (AES_MAXNR + 1)+AES_KEY_ALIGN_SIZE]; + int rounds; /* unused... */ } AES_KEY; void aesni_ecb_encrypt (const unsigned char *in, unsigned char *out, -- 1.7.4.1 ++++++ 0006-Added-AES-256-GCM.-Reported-by-Benjamin-Hof.patch ++++++ >From 5fcee6608c93449456da8e02410eca54b54b0e69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodrig...@opensuse.org> Date: Mon, 15 Aug 2011 23:30:28 -0400 Subject: [PATCH 6/6] Added AES-256-GCM. Reported by Benjamin Hof. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Conflicts: NEWS Signed-off-by: Cristian Rodríguez <crrodrig...@opensuse.org> --- lib/algorithms/ciphers.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c index 9bcd4d9..b1ba338 100644 --- a/lib/algorithms/ciphers.c +++ b/lib/algorithms/ciphers.c @@ -52,6 +52,7 @@ static const gnutls_cipher_entry algorithms[] = { {"AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC, 16, 24, CIPHER_BLOCK, 16, 0, 0}, {"AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC, 16, 16, CIPHER_BLOCK, 16, 0, 0}, {"AES-128-GCM", GNUTLS_CIPHER_AES_128_GCM, 16, 16, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 0, 1}, + {"AES-256-GCM", GNUTLS_CIPHER_AES_256_GCM, 16, 32, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 0, 1}, {"3DES-CBC", GNUTLS_CIPHER_3DES_CBC, 8, 24, CIPHER_BLOCK, 8, 0, 0}, {"DES-CBC", GNUTLS_CIPHER_DES_CBC, 8, 8, CIPHER_BLOCK, 8, 0, 0}, {"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0, 0}, -- 1.7.4.1 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org