Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package gnutls for openSUSE:Factory checked 
in at 2023-05-26 20:15:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
 and      /work/SRC/openSUSE:Factory/.gnutls.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "gnutls"

Fri May 26 20:15:10 2023 rev:148 rq:1089038 version:3.8.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes    2023-05-16 
14:21:50.473825675 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new.1533/gnutls.changes  2023-05-26 
20:15:16.268190299 +0200
@@ -1,0 +2,13 @@
+Wed May 24 11:01:10 UTC 2023 - Pedro Monreal <pmonr...@suse.com>
+
+- FIPS: Skip the fixed HMAC verification for nettle, hogweed and
+  gmp libraries. These calculated HMACs change for every build of
+  each of these packages, we only have to verify that for gnutls.
+  * Add gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch [bsc#1211476]
+
+-------------------------------------------------------------------
+Mon May 22 11:32:53 UTC 2023 - Pedro Monreal <pmonr...@suse.com>
+
+- FIPS: Merge libgnutls30-hmac package into the library [bsc#1185116]
+
+-------------------------------------------------------------------

New:
----
  gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ gnutls.spec ++++++
--- /var/tmp/diff_new_pack.CCukVp/_old  2023-05-26 20:15:16.900194066 +0200
+++ /var/tmp/diff_new_pack.CCukVp/_new  2023-05-26 20:15:16.904194090 +0200
@@ -62,9 +62,11 @@
 Patch101:       gnutls-FIPS-PCT-ECDH.patch
 #PATCH-FIX-SUSE bsc#1207346 FIPS: Change FIPS 140-2 references to FIPS 140-3
 Patch102:       gnutls-FIPS-140-3-references.patch
+#PATCH-FIX-SUSE bsc#1211476 FIPS: Skip fixed HMAC verification for nettle, 
hogweed and gmp
+Patch103:       gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
 %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
 #PATCH-FIX-SUSE bsc#1202146 FIPS: Port gnutls to use jitterentropy
-Patch103:       gnutls-FIPS-jitterentropy.patch
+Patch104:       gnutls-FIPS-jitterentropy.patch
 %endif
 BuildRequires:  autogen
 BuildRequires:  automake
@@ -118,10 +120,10 @@
 
 %package -n libgnutls%{gnutls_sover}
 Summary:        The GNU Transport Layer Security Library
-# install libgnutls and libgnutls-hmac close together (bsc#1090765)
 License:        LGPL-2.1-or-later
 Group:          System/Libraries
-Suggests:       libgnutls%{gnutls_sover}-hmac = %{version}-%{release}
+Provides:       libgnutls%{gnutls_sover}-hmac = %{version}-%{release}
+Obsoletes:      libgnutls%{gnutls_sover}-hmac < %{version}-%{release}
 %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
 Requires:       crypto-policies
 %endif
@@ -131,15 +133,6 @@
 layer. Currently the GnuTLS library implements the proposed standards
 of the IETF's TLS working group.
 
-%package -n libgnutls%{gnutls_sover}-hmac
-Summary:        Checksums of the GNU Transport Layer Security Library
-License:        LGPL-2.1-or-later
-Group:          System/Libraries
-Requires:       libgnutls%{gnutls_sover} = %{version}-%{release}
-
-%description -n libgnutls%{gnutls_sover}-hmac
-FIPS SHA256 checksums of the libgnutls library.
-
 %if %{with dane}
 %package -n libgnutls-dane%{gnutls_dane_sover}
 Summary:        DANE support for the GNU Transport Layer Security Library
@@ -339,9 +332,6 @@
 %files -n libgnutls%{gnutls_sover}
 %license LICENSE
 %{_libdir}/libgnutls.so.%{gnutls_sover}*
-
-%files -n libgnutls%{gnutls_sover}-hmac
-%license LICENSE
 %{_libdir}/.libgnutls.so.%{gnutls_sover}*.hmac
 
 %if %{with dane}

++++++ baselibs.conf ++++++
--- /var/tmp/diff_new_pack.CCukVp/_old  2023-05-26 20:15:16.932194257 +0200
+++ /var/tmp/diff_new_pack.CCukVp/_new  2023-05-26 20:15:16.936194280 +0200
@@ -1,8 +1,8 @@
 libgnutls30
   obsoletes "gnutls-<targettype>"
+  provides "libgnutls30-<targettype> = <version>-%release"
+  obsoletes "libgnutls30-<targettype> < <version>-%release"
 libgnutls-devel
   requires -libgnutls-<targettype>
   requires "libgnutls30-<targettype> = <version>"
-libgnutls30-hmac
-  requires "libgnutls30-<targettype> = <version>-%release"
 


++++++ gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch ++++++
Index: gnutls-3.8.0/lib/fips.c
===================================================================
--- gnutls-3.8.0.orig/lib/fips.c
+++ gnutls-3.8.0/lib/fips.c
@@ -467,6 +467,11 @@ static int check_binary_integrity(void)
        ret = check_lib_hmac(&hmac.gnutls, paths.gnutls);
        if (ret < 0)
                return ret;
+# if 0
+       /* Disable nettle, hogweed and gpm HMAC verification as
+        * they are calculated during build of the respective
+        * packages and can differ from the ones listed here.
+        */
        ret = check_lib_hmac(&hmac.nettle, paths.nettle);
        if (ret < 0)
                return ret;
@@ -476,6 +481,7 @@ static int check_binary_integrity(void)
        ret = check_lib_hmac(&hmac.gmp, paths.gmp);
        if (ret < 0)
                return ret;
+# endif
 
        return 0;
 }

Reply via email to