File gnutls.spec of Package gnutls

#
# spec file for package gnutls (Version 2.4.1)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#

# norootforbuild


Name:           gnutls
BuildRequires:  gcc-c++ libgcrypt-devel libopencdk-devel
Version:        2.4.1
Release:        24
License:        GPL v3 or later; LGPL v2.1 or later
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
Url:            http://www.gnutls.org/
Source0:        %name-%version.tar.bz2
Patch1:         gnutls-2.4.1-disable_cxx.patch
Patch2:         CVE-2008-4989.patch
Summary:        The GNU Transport Layer Security Library
Group:          Productivity/Networking/Security
AutoReqProv:    on
# bug437293
%ifarch ppc64
Obsoletes:      gnutls-64bit
%endif
%ifarch  ppc
Obsoletes:      gnutls-32bit
%endif
#

%description
The GnuTLS project aims to develop a library that provides a secure
layer over a reliable transport layer. Currently the GnuTLS library
implements the proposed standards of the IETF's TLS working group.



Authors:
--------
    Nikos Mavroyanopoulos
    Fabio Fiorina
    Timo Schulz
    Andrew McDonald

%package -n libgnutls26
License:        LGPL v2.1 or later
Summary:        The GNU Transport Layer Security Library
Group:          Productivity/Networking/Security

%description -n libgnutls26
The GnuTLS project aims to develop a library that provides a secure
layer over a reliable transport layer. Currently the GnuTLS library
implements the proposed standards of the IETF's TLS working group.



Authors:
--------
    Nikos Mavroyanopoulos
    Fabio Fiorina
    Timo Schulz
    Andrew McDonald

%package -n libgnutls-extra26
License:        GPL v3 or later
Summary:        The GNU Transport Layer Security Library
Group:          Productivity/Networking/Security

%description -n libgnutls-extra26
The GnuTLS project aims to develop a library that provides a secure
layer over a reliable transport layer. Currently the GnuTLS library
implements the proposed standards of the IETF's TLS working group.



Authors:
--------
    Nikos Mavroyanopoulos
    Fabio Fiorina
    Timo Schulz
    Andrew McDonald

%package -n libgnutls-devel
License:        LGPL v2.1 or later
Summary:        Development package for gnutls
Group:          Development/Libraries/C and C++
Requires:       libgnutls26 = %version glibc-devel libopencdk-devel libgcrypt-devel
PreReq:         %install_info_prereq

%description -n libgnutls-devel
Files needed for software development using gnutls.



Authors:
--------
    Nikos Mavroyanopoulos
    Fabio Fiorina
    Timo Schulz
    Andrew McDonald

%package -n libgnutls-extra-devel
License:        GPL v3 or later
Summary:        The GNU Transport Layer Security Library
Group:          Development/Libraries/C and C++
Requires:       libgnutls-extra26 = %version libgnutls-devel
# gnutls-devel last used in 10.3
Obsoletes:      gnutls-devel < %version
Provides:       gnutls-devel = %version
# bug437293
%ifarch ppc64
Obsoletes:      gnutls-devel-64bit
%endif
%ifarch  ppc
Obsoletes:      gnutls-devel-32bit
%endif
#

%description -n libgnutls-extra-devel
The GnuTLS project aims to develop a library that provides a secure
layer over a reliable transport layer. Currently the GnuTLS library
implements the proposed standards of the IETF's TLS working group.



Authors:
--------
    Nikos Mavroyanopoulos
    Fabio Fiorina
    Timo Schulz
    Andrew McDonald

%prep
%setup -q
%patch1 -p1
%patch2 -p1

%build
autoreconf -fi
./configure --prefix=%_prefix \
            --sysconfdir=%_sysconfdir \
            --libdir=%_libdir \
	    --mandir=%_mandir --infodir=%_infodir \
	    --localstatedir=%_localstatedir \
	    --with-included-libtasn1 \
	    --without-lzo \
	    --disable-srp-authentication \
	    --disable-rpath \
            CFLAGS="$RPM_OPT_FLAGS" \
            CXXFLAGS="$RPM_OPT_FLAGS"
make
make check

%install
make DESTDIR=$RPM_BUILD_ROOT install
rm -rf doc/examples/.deps doc/examples/.libs doc/examples/*.{o,lo,la} doc/examples/Makefile{,.in}
find doc/examples -perm -111 -exec rm {} \;
rm -rf %{buildroot}/usr/share/locale/en@{,bold}quot
# Do not package static libs and libtool files
rm -f %{buildroot}%{_libdir}/*.{a,la}
%find_lang %name

%clean
rm -rf %buildroot

%post -n libgnutls26
/sbin/ldconfig

%postun -n libgnutls26
/sbin/ldconfig

%post -n libgnutls-extra26
/sbin/ldconfig

%postun -n libgnutls-extra26
/sbin/ldconfig

%post -n libgnutls-devel
%install_info --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz

%postun -n libgnutls-devel
%install_info_delete --info-dir=%{_infodir} %{_infodir}/gnutls.info.gz

%files -f %name.lang
%defattr(-, root, root)
%doc THANKS README NEWS ChangeLog COPYING.LIB COPYING AUTHORS doc/TODO
%_bindir/certtool
%_bindir/gnutls-cli
%_bindir/gnutls-cli-debug
%_bindir/gnutls-serv
%_bindir/psktool
%_mandir/man1/*

%files -n libgnutls26
%defattr(-,root,root)
%_libdir/libgnutls.so.26*

%files -n libgnutls-extra26
%defattr(-,root,root)
%_libdir/libgnutls-extra.so.26*
%_libdir/libgnutls-openssl.so.26*

%files -n libgnutls-devel
%defattr(-, root, root)
%_bindir/libgnutls-config
%_includedir/*
%_libdir/libgnutls.so
%_datadir/aclocal/libgnutls.m4
%_libdir/pkgconfig/gnutls.pc
%_mandir/man3/*
%_infodir/%{name}*
%doc doc/examples doc/gnutls.html doc/*.png doc/gnutls.pdf doc/reference/html/*

%files -n libgnutls-extra-devel
%defattr(-, root, root)
%_bindir/libgnutls-extra-config
%_libdir/libgnutls-extra.so
%_libdir/libgnutls-openssl.so
%_datadir/aclocal/libgnutls-extra.m4
%_libdir/pkgconfig/gnutls-extra.pc

%changelog
* Tue Dec 09 2008 ro@suse.de
- remove ix86 from ifarch statement obsoleting 32bit package
* Fri Nov 28 2008 jshi@suse.de
- fix security bug [bnc#441856]
  CVE-2008-4989
* Thu Oct 30 2008 olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
* Sat Aug 02 2008 meissner@suse.de
- run testsuite
* Thu Jul 17 2008 mkoenig@suse.de
- update to version 2.4.1
  * libgnutls: Fix local crash in gnutls_handshake
  * libgnutls: Fix memory leaks when doing a re-handshake
  * Fix compiler warnings
  * Fix ordering of -I's to avoid opencdk.h conflict with
  system headers
  * srptool: Fix a problem where --verify check does not succeed
- remove C++ wrapper lib, it is not usable without SRP
- remove patch
  gnutls-1.6.1-srptool.patch
* Wed Jul 02 2008 mkoenig@suse.de
- remove gnutls main package from baselibs.conf
* Thu Jun 26 2008 mkoenig@suse.de
- update to version 2.4.0
  * The OpenPGP sub-system has been improved and now supports subkeys
  * The PSK sub-system has been improved and now supports password
  derivation and PSK identity hints
  * The certtool --inder and --outder has been replaced
  by --inraw and --outraw
  * New APIs to access the raw X.509 Subject and Issuer DN's and
  elements from the certificate credentials structure
  * New APIs to improve working with username/passwords and PSK
  * Names of constants to affect certificate printing changed
  * The function gnutls_openpgp_privkey_get_id has been renamed to
  gnutls_openpgp_privkey_get_key_id
  * API/ABI changes in GnuTLS 2.4
  All OpenPGP related functions have been moved from
  libgnutls-extra to libgnutls, and several new functions have
  been added
- remove SRP functionality from C++ wrapper, otherwise it cannot
  be linked against it
- removed patches
  gnutls-2.2.2-uninitialized.patch
  gnutls-char-signedness.patch
  gnutls-GNUTLS_SA_2008_1.patch
* Mon Jun 23 2008 mkoenig@suse.de
- disable SRP [bnc#65192]
* Wed May 21 2008 mkoenig@suse.de
- fix three security bugs [bnc#392947]
  CVE-2008-1948 GNUTLS-SA-2008-1-1
  Fix crash when sending invalid server name
  CVE-2008-1949 GNUTLS-SA-2008-1-2
  Fix crash when sending repeated client hellos
  CVE-2008-1950 GNUTLS-SA-2008-1-3
  Fix crash in cipher padding decoding for invalid record lengths
* Thu May 08 2008 mkoenig@suse.de
- fix build
* Tue Apr 29 2008 cthiel@suse.de
- obsolete gnutls-<arch> via baselibs.conf
* Thu Apr 10 2008 ro@suse.de
- added baselibs.conf file to build xxbit packages
  for multilib support
* Thu Apr 03 2008 mkoenig@suse.de
- update to version 2.2.2
  * Cipher priority string handling now handle strings that
  starts with NULL
  * Corrected memory leaks in session resuming and DHE ciphersuites
  * Increased the default certificate verification chain limits and
  allowed for checks without limitation
  * Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
  and gnutls_x509_crt_get_subject_alt_name() to not null terminate
  binary strings and return the proper size
* Thu Jan 31 2008 mkoenig@suse.de
- update to version 2.2.1
  * Fixes the post_client_hello_function()
  * Fix for certificate selection in servers with certificate callbacks
  * certtool: Fixed data corruption when using --outder
  * TLS authorization support removed.
  * Corrected bug which did not allow a server to run without
  supporting certificates
  * Introduced gnutls_session_enable_compatibility_mode()
  * Added gnutls_record_disable_padding() to allow servers talking to
  buggy clients
  * Fixed PKCS #3 parameter export
  * Added support for Camellia cipher
  * certtool: Add option --quick-random
  * Added capability to set a callback after the client hello is
  received by the server in order to adjust parameters before
  the handshake
  * certtool: Fixed data corruption when using --outder
  * SRP was corrected to adhere to the latest draft
  * Updated the DN parser
  * Added support for DSA2 using libgcrypt 1.3.0
  * Removed all the trustdb code from openpgp authentication.
  We now use only the well-specified keyrings
  * The gnutls_certificate_set_openpgp_* functions were modified
  to include the format. This makes the interface consistent with
  the x509 functions
  * Introduced gnutls_session_enable_compatibility_mode()
  * Added gnutls_set_default_priority2()
  * Added priority functions that accept strings
  * certtool: Add option --disable-quick-random to enable the
  old behaviour of using /dev/random to generate keys
  * Added the --v1 option to certtool, to allow generating X.509
  version 1 certificates
  * Fix PKCS#3 parameter export problem
  * Fixed GNUTLS_E_UNKNOWN_ALGORITHM vs GNUTLS_E_UNKNOWN_HASH_ALGORITHM
  * gnutls_certificate_set_x509_key_* can now read PKCS #8 unencrypted
  private keys
  * Introduced the GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR error code
  * Added the --to-p8 option to certtool to convert private keys
  to PKCS #8 keys
  * Corrected bug in decompression of expanded compression data
  * The gnutls_*_convert_priority() functions were deprecated
  * gnutls-cli and gnutls-serv now have a --priority option
  * PKCS #8 parser can now encode/decode DSA keys
  * Corrected a segfault when setting an empty gnutls_priority_t
  at gnutls_priority_set()
  * Added gnutls_x509_crt_get_subject_alt_name2()
  * The GPL version has been changed from version 2 to version 3.
  This affects the self-tests, command-line tools, the libgnutls-extra
  library, the relevant guile parts, and the build environment
- API and ABI modifications, library soname switch from 13 to 26
- change package structure:
  * branch off libgnutls-extra
  since this is now GPLv3 or later while libgnutls remains
  LGPLv2.1 or later
  * gnutls license change to GPLv3
- build without lzo support to avoid license problems
  since lzo is currently GPLv2 only
- removed merged patches:
  gnutls-fix_size_t.patch
* Tue Oct 23 2007 mkoenig@suse.de
- update to version 2.0.1
- change package layout to conform shlib policy:
  rename gnutls-devel -> libgnutls-devel
  new subpackage libgnutls13
- removed patches:
  gnutls-1.4.4-sign-callback.patch
  gnutls-1.6.1-compiler_warnings.patch
* Thu Aug 30 2007 mkoenig@suse.de
- fix srptool [#208227]
- fix some compiler warnings
* Fri Aug 03 2007 hvogel@suse.de
- Some additions for evolution smart card support
* Thu May 10 2007 mkoenig@suse.de
- Fix segfault on s390x [#97441]
  gnutls-fix_size_t.patch
* Tue Jan 23 2007 mkoenig@suse.de
- update to new stable branch 1.6.1:
  * Fix the list of trusted CAs that server's send to clients.
  * Fix gnutls_certificate_set_x509_crl to initialize the CRL
  before using it.
  * Encode UID fields in DN's as DirectoryString.
  * Fix ./configure failure with non-GCC compilers.
  * A GnuTLS C++ library is part of the official distribution.
  * New APIs for custom push/pull function error reporting.
* Tue Oct 24 2006 mkoenig@suse.de
- move developer related docs to devel package and remove
  binary stuff from docs [#212454]
* Tue Sep 19 2006 mkoenig@suse.de
- update to version 1.4.4:
  * bugfix release
  * fixes security vulnerability [#206636] (CVE-2006-4790)
* Thu Aug 31 2006 mkoenig@suse.de
- update to new stable branch 1.4.1:
  * The command line tools now use getaddrinfo and support IPv6.
  * gnutls-cli can now recognize services and port numbers with
  the -p option.
  * Error messages are now translated using GNU Gettext.
  * GnuTLS now support TLS Inner application (TLS/IA).
  * API and ABI modifications:
  + Support for DHE-PSK cipher suites has been added.
  + Removed the RIPEMD ciphersuites.
  + Remove GnuTLS 0.8.x compatibility functions.
  + Support for TLS Pre-Shared Key (TLS-PSK) ciphersuites have
  been added.
  + Certtool now generate keys in unencrypted PKCS#8 format for
  empty passwords.
  + Certtool now accept --password for --key-info and encrypted
  PKCS#8 keys.
  + gnutls_x509_privkey_import_pkcs8 now accept unencrypted
  PEM PKCS#8 keys,
  + New function to set a X.509 private key and certificate
  pairs, and/or CRLs, from an PKCS#12 file.
  + New APIs to acceess the client and server random fields in
  a session.
  + New APIs to access the TLS Pseudo-Random-Function (PRF).
  + New API to access the TLS master secret.
  + The function gnutls_x509_crt_to_xml now return an internal
  error.
  * Several bugfixes:
  + Corrected a bug in certtool for 64 bit machines.
  + Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly.
  + Fix crash in TLS resume code, caused by TLS/IA changes.
  + Corrected bugs in gnutls_certificate_set_x509_crl() and
  gnutls_certificate_set_x509_trust().
  + Fixed bug in non-blocking gnutls_bye().
  + Fix read of out bounds bug in DER parser.
  + Fixed bug in OpenPGP authentication handshake.
* Sat Feb 18 2006 ro@suse.de
- cleanup doc directory (.deps,.libs)
* Fri Feb 10 2006 hvogel@suse.de
- Update to version 1.2.10. This release fixes several serious
  bugs that would make the DER decoder in libtasn1 crash on
  invalid input [#149897]. Including:
  * Corrected a bug in certtool for 64 bit machines.
  * Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly
  * Corrected bugs in gnutls_certificate_set_x509_crl() and
  gnutls_certificate_set_x509_trust(), that caused memory
  corruption if more than one certificates were added.
  * Fixed bug in non-blocking gnutls_bye(). gnutls_record_send()
  will no longer invalidate a session if the underlying send
  fails, but it will prevent future writes.
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Tue Dec 20 2005 ro@suse.de
- do not package /usr/share/info/dir
* Fri Dec 09 2005 hvogel@suse.de
- update to version 1.2.9
* Tue Oct 25 2005 hvogel@suse.de
- update to version 1.2.8
* Mon Aug 22 2005 hvogel@suse.de
- fix data type comparison [Bug #104617]
* Sun Jul 03 2005 hvogel@suse.de
- update to version 1.2.5
* Wed Jun 29 2005 hvogel@suse.de
- patch from mrueckert to use external lzo again
* Thu Jun 23 2005 hvogel@suse.de
- use %%install_info/%%install_info_delete
* Tue Jun 07 2005 hvogel@suse.de
- update to version 1.2.4
* Fri Jun 03 2005 ro@suse.de
- fix specfile (don't apply non-existant patch1)
* Thu Jun 02 2005 hvogel@suse.de
- use included minilzo
* Wed May 25 2005 hvogel@suse.de
- Update to version 1.2.3 (fixes gnutls DOS Bug #83481)
- Include defines.h before gnutls.h, to pull in config.h, to make
  sure memmem.h prototype memmem properly
* Sat Jan 29 2005 hvogel@suse.de
- Update to version 1.2.0
* Wed Jan 19 2005 hvogel@suse.de
- update to version 1.1.23
- get rid of prebuild html/ps docu again, the devel packages has
  man-pages now
* Mon Dec 13 2004 hvogel@suse.de
- update to version 1.0.23
- make build of postscript/html docu configureable
* Sat Oct 23 2004 hvogel@suse.de
- move config script to the devel package
* Thu Oct 14 2004 hvogel@suse.de
- Update to version 1.0.21
* Tue Sep 28 2004 hvogel@suse.de
- add doc subpackage with prebuild html/ps docu (Bug #44496)
* Mon Sep 27 2004 hvogel@suse.de
- fix ac-quotation patch to include libgnutls-extra.m4 (Bug #46035)
* Tue Aug 31 2004 kukuk@suse.de
- Update to version 1.0.20
* Mon Aug 30 2004 kukuk@suse.de
- Add libopencdk-devel to neededforbuild
* Thu Jul 15 2004 hvogel@suse.de
- add libgcrypt-devel and lipgpg-error-devel to nfb
* Wed May 19 2004 hvogel@suse.de
- update to version 1.0.13
* Fri May 14 2004 mmj@suse.de
- Add C++ compiler to build
- Don't remove buildroot when installing
* Mon Mar 01 2004 hvogel@suse.de
- update to version 1.0.8
* Tue Feb 17 2004 hvogel@suse.de
- update to version 1.0.6
- fix autoconf quotations
* Wed May 14 2003 schubi@suse.de
- initial; Sourcecode received from XIMIAN
openSUSE Build Service is sponsored by