core/gnutls to 3.8.8-1

This commit is contained in:
Kevin Mihelich 2024-11-06 01:22:52 +00:00
parent 98e2d7bff6
commit b157c0a36e
3 changed files with 9 additions and 97 deletions

View file

@ -1,6 +1,6 @@
pkgbase = gnutls pkgbase = gnutls
pkgdesc = A library which provides a secure layer over a reliable transport layer pkgdesc = A library which provides a secure layer over a reliable transport layer
pkgver = 3.8.7 pkgver = 3.8.8
pkgrel = 1 pkgrel = 1
url = https://www.gnutls.org/ url = https://www.gnutls.org/
arch = x86_64 arch = x86_64
@ -25,16 +25,14 @@ pkgbase = gnutls
options = !zipman options = !zipman
backup = etc/gnutls/config backup = etc/gnutls/config
backup = etc/modules-load.d/gnutls.conf backup = etc/modules-load.d/gnutls.conf
source = https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.7.1.tar.xz source = https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.8.tar.xz
source = https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.7.1.tar.xz.sig source = https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.8.tar.xz.sig
source = config source = config
source = gnutls-ktls_disable_keyupdate_test.patch source = gnutls-ktls_disable_keyupdate_test.patch
source = MR1866.patch
validpgpkeys = 462225C3B46F34879FC8496CD605848ED7E69871 validpgpkeys = 462225C3B46F34879FC8496CD605848ED7E69871
sha256sums = 9ca0ddaccce28a74fa18d738744190afb3b0daebef74e6ad686bf7bef99abd60 sha256sums = ac4f020e583880b51380ed226e59033244bc536cad2623f2e26f5afa2939d8fb
sha256sums = SKIP sha256sums = SKIP
sha256sums = 22e614510fe52defe8c233ce3e5ead2205739fd967657ce3176ca121f3c562b5 sha256sums = 22e614510fe52defe8c233ce3e5ead2205739fd967657ce3176ca121f3c562b5
sha256sums = 2a911615739cb327b6dced36b595ea10c89f40bb7274d062dab14a9ecfe89708 sha256sums = 2a911615739cb327b6dced36b595ea10c89f40bb7274d062dab14a9ecfe89708
sha256sums = 4fe4b334d39eb0a845cda18da1cfdbcbd12ada5fffc9f41d400cee3d2695b509
pkgname = gnutls pkgname = gnutls

View file

@ -1,81 +0,0 @@
From b64e8e1f72a1c41d3df346c17efd49bcd65b1e8b Mon Sep 17 00:00:00 2001
From: Andreas Metzler <ametzler@bebt.de>
Date: Thu, 15 Aug 2024 12:42:56 +0200
Subject: [PATCH 1/2] Also set ENABLE_DSA for tests in cert-tests subdirectory.
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
---
tests/cert-tests/Makefile.am | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index ea5673d37e..5a695dbebc 100644
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -180,6 +180,12 @@ if WINDOWS
TESTS_ENVIRONMENT += WINDOWS=1
endif
+if ENABLE_DSA
+TESTS_ENVIRONMENT += ENABLE_DSA=1
+else
+TESTS_ENVIRONMENT += ENABLE_DSA=0
+endif
+
if ENABLE_GOST
TESTS_ENVIRONMENT += ENABLE_GOST=1
else
--
GitLab
From f3e8eac0586a19f4dafd89f68006a536b826e65a Mon Sep 17 00:00:00 2001
From: Andreas Metzler <ametzler@bebt.de>
Date: Thu, 15 Aug 2024 16:22:02 +0200
Subject: [PATCH 2/2] revert back to datefudge for "openssl ocsp".
openssl's -attime only changes the verification logic but not the
generation.
Broken by: d1bc7f644422c4d87edfcd9fafe7f292a1a3a6de
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
---
tests/ocsp-tests/ocsp-must-staple-connection.sh | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/tests/ocsp-tests/ocsp-must-staple-connection.sh b/tests/ocsp-tests/ocsp-must-staple-connection.sh
index bfa785e040..94d41ce245 100755
--- a/tests/ocsp-tests/ocsp-must-staple-connection.sh
+++ b/tests/ocsp-tests/ocsp-must-staple-connection.sh
@@ -48,6 +48,8 @@ fi
. "${srcdir}/scripts/common.sh"
+skip_if_no_datefudge
+
eval "${GETPORT}"
# Port for gnutls-serv
TLS_SERVER_PORT=$PORT
@@ -69,7 +71,6 @@ fi
CERTDATE="2016-04-28 00:00:00"
TESTDATE="2016-04-29 00:00:00"
-EPOCHTESTDATE=1461888000
EXP_OCSP_DATE="2016-03-27 00:00:00"
OCSP_PID=""
@@ -129,8 +130,8 @@ cp "${srcdir}/ocsp-tests/certs/ocsp_index.txt.attr" ${ATTRFILE}
# SO_REUSEADDR usage.
PORT=${OCSP_PORT}
launch_bare_server \
- "${OPENSSL}" ocsp -attime "${EPOCHTESTDATE}" \
- -index "${INDEXFILE}" -text \
+ "$FAKETIME" "${TESTDATE}" \
+ "${OPENSSL}" ocsp -index "${INDEXFILE}" -text \
-port "${OCSP_PORT}" \
-rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" \
-rkey "${srcdir}/ocsp-tests/certs/ocsp-server.key" \
--
GitLab

View file

@ -5,7 +5,7 @@
# - compile v7 with -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64 # - compile v7 with -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64
pkgname=gnutls pkgname=gnutls
pkgver=3.8.7 pkgver=3.8.8
pkgrel=1 pkgrel=1
pkgdesc="A library which provides a secure layer over a reliable transport layer" pkgdesc="A library which provides a secure layer over a reliable transport layer"
arch=('x86_64') arch=('x86_64')
@ -21,24 +21,19 @@ checkdepends=('net-tools' 'tpm2-tools')
optdepends=('tpm2-tss: support for TPM2 wrapped keys') optdepends=('tpm2-tss: support for TPM2 wrapped keys')
backup=(etc/gnutls/config backup=(etc/gnutls/config
etc/modules-load.d/gnutls.conf) etc/modules-load.d/gnutls.conf)
source=(#https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/${pkgname}-${pkgver}.tar.xz{,.sig} source=(https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/${pkgname}-${pkgver}.tar.xz{,.sig}
https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/${pkgname}-${pkgver}.1.tar.xz{,.sig}
config config
gnutls-ktls_disable_keyupdate_test.patch gnutls-ktls_disable_keyupdate_test.patch)
MR1866.patch) sha256sums=('ac4f020e583880b51380ed226e59033244bc536cad2623f2e26f5afa2939d8fb'
sha256sums=('9ca0ddaccce28a74fa18d738744190afb3b0daebef74e6ad686bf7bef99abd60'
'SKIP' 'SKIP'
'22e614510fe52defe8c233ce3e5ead2205739fd967657ce3176ca121f3c562b5' '22e614510fe52defe8c233ce3e5ead2205739fd967657ce3176ca121f3c562b5'
'2a911615739cb327b6dced36b595ea10c89f40bb7274d062dab14a9ecfe89708' '2a911615739cb327b6dced36b595ea10c89f40bb7274d062dab14a9ecfe89708')
'4fe4b334d39eb0a845cda18da1cfdbcbd12ada5fffc9f41d400cee3d2695b509')
validpgpkeys=('462225C3B46F34879FC8496CD605848ED7E69871') # "Daiki Ueno <ueno@unixuser.org>" validpgpkeys=('462225C3B46F34879FC8496CD605848ED7E69871') # "Daiki Ueno <ueno@unixuser.org>"
#validpgpkeys=('5D46CB0F763405A7053556F47A75A648B3F9220C') # "Zoltan Fridrich <zfridric@redhat.com>" #validpgpkeys=('5D46CB0F763405A7053556F47A75A648B3F9220C') # "Zoltan Fridrich <zfridric@redhat.com>"
prepare() { prepare() {
cd ${pkgname}-${pkgver} cd ${pkgname}-${pkgver}
patch -Np1 -i ../gnutls-ktls_disable_keyupdate_test.patch patch -Np1 -i ../gnutls-ktls_disable_keyupdate_test.patch
# fix broken test
patch -Np1 -i ../MR1866.patch
autoreconf -vfi autoreconf -vfi
} }