From b157c0a36e62ebfc50a84aa4687d2b5323c1ad09 Mon Sep 17 00:00:00 2001 From: Kevin Mihelich Date: Wed, 6 Nov 2024 01:22:52 +0000 Subject: [PATCH] core/gnutls to 3.8.8-1 --- core/gnutls/.SRCINFO | 10 ++--- core/gnutls/MR1866.patch | 81 ---------------------------------------- core/gnutls/PKGBUILD | 15 +++----- 3 files changed, 9 insertions(+), 97 deletions(-) delete mode 100644 core/gnutls/MR1866.patch diff --git a/core/gnutls/.SRCINFO b/core/gnutls/.SRCINFO index 4a50eef11..65864195c 100644 --- a/core/gnutls/.SRCINFO +++ b/core/gnutls/.SRCINFO @@ -1,6 +1,6 @@ pkgbase = gnutls pkgdesc = A library which provides a secure layer over a reliable transport layer - pkgver = 3.8.7 + pkgver = 3.8.8 pkgrel = 1 url = https://www.gnutls.org/ arch = x86_64 @@ -25,16 +25,14 @@ pkgbase = gnutls options = !zipman backup = etc/gnutls/config backup = etc/modules-load.d/gnutls.conf - source = https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.7.1.tar.xz - source = https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.7.1.tar.xz.sig + source = https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.8.tar.xz + source = https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.8.tar.xz.sig source = config source = gnutls-ktls_disable_keyupdate_test.patch - source = MR1866.patch validpgpkeys = 462225C3B46F34879FC8496CD605848ED7E69871 - sha256sums = 9ca0ddaccce28a74fa18d738744190afb3b0daebef74e6ad686bf7bef99abd60 + sha256sums = ac4f020e583880b51380ed226e59033244bc536cad2623f2e26f5afa2939d8fb sha256sums = SKIP sha256sums = 22e614510fe52defe8c233ce3e5ead2205739fd967657ce3176ca121f3c562b5 sha256sums = 2a911615739cb327b6dced36b595ea10c89f40bb7274d062dab14a9ecfe89708 - sha256sums = 4fe4b334d39eb0a845cda18da1cfdbcbd12ada5fffc9f41d400cee3d2695b509 pkgname = gnutls diff --git a/core/gnutls/MR1866.patch b/core/gnutls/MR1866.patch deleted file mode 100644 index b646d8fa1..000000000 --- a/core/gnutls/MR1866.patch +++ /dev/null @@ -1,81 +0,0 @@ -From b64e8e1f72a1c41d3df346c17efd49bcd65b1e8b Mon Sep 17 00:00:00 2001 -From: Andreas Metzler -Date: Thu, 15 Aug 2024 12:42:56 +0200 -Subject: [PATCH 1/2] Also set ENABLE_DSA for tests in cert-tests subdirectory. - -Signed-off-by: Andreas Metzler ---- - tests/cert-tests/Makefile.am | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am -index ea5673d37e..5a695dbebc 100644 ---- a/tests/cert-tests/Makefile.am -+++ b/tests/cert-tests/Makefile.am -@@ -180,6 +180,12 @@ if WINDOWS - TESTS_ENVIRONMENT += WINDOWS=1 - endif - -+if ENABLE_DSA -+TESTS_ENVIRONMENT += ENABLE_DSA=1 -+else -+TESTS_ENVIRONMENT += ENABLE_DSA=0 -+endif -+ - if ENABLE_GOST - TESTS_ENVIRONMENT += ENABLE_GOST=1 - else --- -GitLab - - -From f3e8eac0586a19f4dafd89f68006a536b826e65a Mon Sep 17 00:00:00 2001 -From: Andreas Metzler -Date: Thu, 15 Aug 2024 16:22:02 +0200 -Subject: [PATCH 2/2] revert back to datefudge for "openssl ocsp". - -openssl's -attime only changes the verification logic but not the -generation. - -Broken by: d1bc7f644422c4d87edfcd9fafe7f292a1a3a6de - -Signed-off-by: Andreas Metzler ---- - tests/ocsp-tests/ocsp-must-staple-connection.sh | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/tests/ocsp-tests/ocsp-must-staple-connection.sh b/tests/ocsp-tests/ocsp-must-staple-connection.sh -index bfa785e040..94d41ce245 100755 ---- a/tests/ocsp-tests/ocsp-must-staple-connection.sh -+++ b/tests/ocsp-tests/ocsp-must-staple-connection.sh -@@ -48,6 +48,8 @@ fi - - . "${srcdir}/scripts/common.sh" - -+skip_if_no_datefudge -+ - eval "${GETPORT}" - # Port for gnutls-serv - TLS_SERVER_PORT=$PORT -@@ -69,7 +71,6 @@ fi - - CERTDATE="2016-04-28 00:00:00" - TESTDATE="2016-04-29 00:00:00" --EPOCHTESTDATE=1461888000 - EXP_OCSP_DATE="2016-03-27 00:00:00" - - OCSP_PID="" -@@ -129,8 +130,8 @@ cp "${srcdir}/ocsp-tests/certs/ocsp_index.txt.attr" ${ATTRFILE} - # SO_REUSEADDR usage. - PORT=${OCSP_PORT} - launch_bare_server \ -- "${OPENSSL}" ocsp -attime "${EPOCHTESTDATE}" \ -- -index "${INDEXFILE}" -text \ -+ "$FAKETIME" "${TESTDATE}" \ -+ "${OPENSSL}" ocsp -index "${INDEXFILE}" -text \ - -port "${OCSP_PORT}" \ - -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" \ - -rkey "${srcdir}/ocsp-tests/certs/ocsp-server.key" \ --- -GitLab - diff --git a/core/gnutls/PKGBUILD b/core/gnutls/PKGBUILD index 7484f6d62..f16dc25e3 100644 --- a/core/gnutls/PKGBUILD +++ b/core/gnutls/PKGBUILD @@ -5,7 +5,7 @@ # - compile v7 with -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64 pkgname=gnutls -pkgver=3.8.7 +pkgver=3.8.8 pkgrel=1 pkgdesc="A library which provides a secure layer over a reliable transport layer" arch=('x86_64') @@ -21,24 +21,19 @@ checkdepends=('net-tools' 'tpm2-tools') optdepends=('tpm2-tss: support for TPM2 wrapped keys') backup=(etc/gnutls/config etc/modules-load.d/gnutls.conf) -source=(#https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/${pkgname}-${pkgver}.tar.xz{,.sig} - https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/${pkgname}-${pkgver}.1.tar.xz{,.sig} +source=(https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/${pkgname}-${pkgver}.tar.xz{,.sig} config - gnutls-ktls_disable_keyupdate_test.patch - MR1866.patch) -sha256sums=('9ca0ddaccce28a74fa18d738744190afb3b0daebef74e6ad686bf7bef99abd60' + gnutls-ktls_disable_keyupdate_test.patch) +sha256sums=('ac4f020e583880b51380ed226e59033244bc536cad2623f2e26f5afa2939d8fb' 'SKIP' '22e614510fe52defe8c233ce3e5ead2205739fd967657ce3176ca121f3c562b5' - '2a911615739cb327b6dced36b595ea10c89f40bb7274d062dab14a9ecfe89708' - '4fe4b334d39eb0a845cda18da1cfdbcbd12ada5fffc9f41d400cee3d2695b509') + '2a911615739cb327b6dced36b595ea10c89f40bb7274d062dab14a9ecfe89708') validpgpkeys=('462225C3B46F34879FC8496CD605848ED7E69871') # "Daiki Ueno " #validpgpkeys=('5D46CB0F763405A7053556F47A75A648B3F9220C') # "Zoltan Fridrich " prepare() { cd ${pkgname}-${pkgver} patch -Np1 -i ../gnutls-ktls_disable_keyupdate_test.patch - # fix broken test - patch -Np1 -i ../MR1866.patch autoreconf -vfi }