diff --git a/gnutls/.SRCINFO b/gnutls/.SRCINFO new file mode 100644 index 0000000000..4a50eef11d --- /dev/null +++ b/gnutls/.SRCINFO @@ -0,0 +1,40 @@ +pkgbase = gnutls + pkgdesc = A library which provides a secure layer over a reliable transport layer + pkgver = 3.8.7 + pkgrel = 1 + url = https://www.gnutls.org/ + arch = x86_64 + license = GPL-3.0-or-later AND LGPL-2.1-or-later + checkdepends = net-tools + checkdepends = tpm2-tools + makedepends = tpm2-tss + makedepends = gtk-doc + depends = glibc + depends = gcc-libs + depends = gmp + depends = libtasn1 + depends = zlib + depends = nettle + depends = libp11-kit + depends = libidn2 + depends = zstd + depends = libidn2.so + depends = libunistring + depends = brotli + optdepends = tpm2-tss: support for TPM2 wrapped keys + options = !zipman + backup = etc/gnutls/config + backup = etc/modules-load.d/gnutls.conf + source = https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.7.1.tar.xz + source = https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.7.1.tar.xz.sig + source = config + source = gnutls-ktls_disable_keyupdate_test.patch + source = MR1866.patch + validpgpkeys = 462225C3B46F34879FC8496CD605848ED7E69871 + sha256sums = 9ca0ddaccce28a74fa18d738744190afb3b0daebef74e6ad686bf7bef99abd60 + sha256sums = SKIP + sha256sums = 22e614510fe52defe8c233ce3e5ead2205739fd967657ce3176ca121f3c562b5 + sha256sums = 2a911615739cb327b6dced36b595ea10c89f40bb7274d062dab14a9ecfe89708 + sha256sums = 4fe4b334d39eb0a845cda18da1cfdbcbd12ada5fffc9f41d400cee3d2695b509 + +pkgname = gnutls diff --git a/gnutls/.nvchecker.toml b/gnutls/.nvchecker.toml new file mode 100644 index 0000000000..7d10f8a4a7 --- /dev/null +++ b/gnutls/.nvchecker.toml @@ -0,0 +1,4 @@ +[gnutls] +source = "gitlab" +gitlab = "gnutls/gnutls" +use_max_tag = true diff --git a/gnutls/MR1866.patch b/gnutls/MR1866.patch new file mode 100644 index 0000000000..b646d8fa1d --- /dev/null +++ b/gnutls/MR1866.patch @@ -0,0 +1,81 @@ +From b64e8e1f72a1c41d3df346c17efd49bcd65b1e8b Mon Sep 17 00:00:00 2001 +From: Andreas Metzler +Date: Thu, 15 Aug 2024 12:42:56 +0200 +Subject: [PATCH 1/2] Also set ENABLE_DSA for tests in cert-tests subdirectory. + +Signed-off-by: Andreas Metzler +--- + tests/cert-tests/Makefile.am | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am +index ea5673d37e..5a695dbebc 100644 +--- a/tests/cert-tests/Makefile.am ++++ b/tests/cert-tests/Makefile.am +@@ -180,6 +180,12 @@ if WINDOWS + TESTS_ENVIRONMENT += WINDOWS=1 + endif + ++if ENABLE_DSA ++TESTS_ENVIRONMENT += ENABLE_DSA=1 ++else ++TESTS_ENVIRONMENT += ENABLE_DSA=0 ++endif ++ + if ENABLE_GOST + TESTS_ENVIRONMENT += ENABLE_GOST=1 + else +-- +GitLab + + +From f3e8eac0586a19f4dafd89f68006a536b826e65a Mon Sep 17 00:00:00 2001 +From: Andreas Metzler +Date: Thu, 15 Aug 2024 16:22:02 +0200 +Subject: [PATCH 2/2] revert back to datefudge for "openssl ocsp". + +openssl's -attime only changes the verification logic but not the +generation. + +Broken by: d1bc7f644422c4d87edfcd9fafe7f292a1a3a6de + +Signed-off-by: Andreas Metzler +--- + tests/ocsp-tests/ocsp-must-staple-connection.sh | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/tests/ocsp-tests/ocsp-must-staple-connection.sh b/tests/ocsp-tests/ocsp-must-staple-connection.sh +index bfa785e040..94d41ce245 100755 +--- a/tests/ocsp-tests/ocsp-must-staple-connection.sh ++++ b/tests/ocsp-tests/ocsp-must-staple-connection.sh +@@ -48,6 +48,8 @@ fi + + . "${srcdir}/scripts/common.sh" + ++skip_if_no_datefudge ++ + eval "${GETPORT}" + # Port for gnutls-serv + TLS_SERVER_PORT=$PORT +@@ -69,7 +71,6 @@ fi + + CERTDATE="2016-04-28 00:00:00" + TESTDATE="2016-04-29 00:00:00" +-EPOCHTESTDATE=1461888000 + EXP_OCSP_DATE="2016-03-27 00:00:00" + + OCSP_PID="" +@@ -129,8 +130,8 @@ cp "${srcdir}/ocsp-tests/certs/ocsp_index.txt.attr" ${ATTRFILE} + # SO_REUSEADDR usage. + PORT=${OCSP_PORT} + launch_bare_server \ +- "${OPENSSL}" ocsp -attime "${EPOCHTESTDATE}" \ +- -index "${INDEXFILE}" -text \ ++ "$FAKETIME" "${TESTDATE}" \ ++ "${OPENSSL}" ocsp -index "${INDEXFILE}" -text \ + -port "${OCSP_PORT}" \ + -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" \ + -rkey "${srcdir}/ocsp-tests/certs/ocsp-server.key" \ +-- +GitLab + diff --git a/gnutls/PKGBUILD b/gnutls/PKGBUILD index a0ffbc1b34..48bca6f6c8 100644 --- a/gnutls/PKGBUILD +++ b/gnutls/PKGBUILD @@ -3,7 +3,7 @@ # Contributor: Jan de Groot pkgname=gnutls -pkgver=3.8.6 +pkgver=3.8.7 pkgrel=1 pkgdesc="A library which provides a secure layer over a reliable transport layer" arch=(x86_64 powerpc64le powerpc64 powerpc riscv64) @@ -19,19 +19,24 @@ checkdepends=('net-tools' 'tpm2-tools') optdepends=('tpm2-tss: support for TPM2 wrapped keys') backup=(etc/gnutls/config etc/modules-load.d/gnutls.conf) -source=(https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/${pkgname}-${pkgver}.tar.xz{,.sig} +source=(#https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/${pkgname}-${pkgver}.tar.xz{,.sig} + https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/${pkgname}-${pkgver}.1.tar.xz{,.sig} config - gnutls-ktls_disable_keyupdate_test.patch) -sha256sums=('2e1588aae53cb32d43937f1f4eca28febd9c0c7aa1734fc5dd61a7e81e0ebcdd' + gnutls-ktls_disable_keyupdate_test.patch + MR1866.patch) +sha256sums=('9ca0ddaccce28a74fa18d738744190afb3b0daebef74e6ad686bf7bef99abd60' 'SKIP' '22e614510fe52defe8c233ce3e5ead2205739fd967657ce3176ca121f3c562b5' - '2a911615739cb327b6dced36b595ea10c89f40bb7274d062dab14a9ecfe89708') -#validpgpkeys=('462225C3B46F34879FC8496CD605848ED7E69871') # "Daiki Ueno " -validpgpkeys=('5D46CB0F763405A7053556F47A75A648B3F9220C') # "Zoltan Fridrich " + '2a911615739cb327b6dced36b595ea10c89f40bb7274d062dab14a9ecfe89708' + '4fe4b334d39eb0a845cda18da1cfdbcbd12ada5fffc9f41d400cee3d2695b509') +validpgpkeys=('462225C3B46F34879FC8496CD605848ED7E69871') # "Daiki Ueno " +#validpgpkeys=('5D46CB0F763405A7053556F47A75A648B3F9220C') # "Zoltan Fridrich " prepare() { cd ${pkgname}-${pkgver} patch -Np1 -i ../gnutls-ktls_disable_keyupdate_test.patch + # fix broken test + patch -Np1 -i ../MR1866.patch autoreconf -vfi }