Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2023-05-30 22:01:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnutls (Old) and /work/SRC/openSUSE:Factory/.gnutls.new.1533 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls" Tue May 30 22:01:41 2023 rev:149 rq:1089748 version:3.8.0 Changes: -------- --- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2023-05-26 20:15:16.268190299 +0200 +++ /work/SRC/openSUSE:Factory/.gnutls.new.1533/gnutls.changes 2023-05-30 22:01:44.934765061 +0200 @@ -1,0 +2,6 @@ +Mon May 29 07:27:23 UTC 2023 - Pedro Monreal <pmonr...@suse.com> + +- FIPS: Fix baselibs.conf to mention libgnutls30-hmac [bsc#1211476] + Extend also the checks in gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.JFyGQp/_old 2023-05-30 22:01:45.682769469 +0200 +++ /var/tmp/diff_new_pack.JFyGQp/_new 2023-05-30 22:01:45.686769493 +0200 @@ -1,7 +1,7 @@ libgnutls30 obsoletes "gnutls-<targettype>" - provides "libgnutls30-<targettype> = <version>-%release" - obsoletes "libgnutls30-<targettype> < <version>-%release" + provides "libgnutls30-hmac-<targettype> = <version>-%release" + obsoletes "libgnutls30-hmac-<targettype> < <version>-%release" libgnutls-devel requires -libgnutls-<targettype> requires "libgnutls30-<targettype> = <version>" ++++++ gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch ++++++ --- /var/tmp/diff_new_pack.JFyGQp/_old 2023-05-30 22:01:45.710769634 +0200 +++ /var/tmp/diff_new_pack.JFyGQp/_new 2023-05-30 22:01:45.714769658 +0200 @@ -2,7 +2,95 @@ =================================================================== --- gnutls-3.8.0.orig/lib/fips.c +++ gnutls-3.8.0/lib/fips.c -@@ -467,6 +467,11 @@ static int check_binary_integrity(void) +@@ -171,16 +171,28 @@ struct hmac_entry { + struct hmac_file { + int version; + struct hmac_entry gnutls; ++#if 0 ++ /* Disable nettle, hogweed and gpm HMAC verification as ++ * they are calculated during build of the respective ++ * packages and can differ from the ones listed here. ++ */ + struct hmac_entry nettle; + struct hmac_entry hogweed; + struct hmac_entry gmp; ++#endif + }; + + struct lib_paths { + char gnutls[GNUTLS_PATH_MAX]; ++#if 0 ++ /* Disable nettle, hogweed and gpm HMAC verification as ++ * they are calculated during build of the respective ++ * packages and can differ from the ones listed here. ++ */ + char nettle[GNUTLS_PATH_MAX]; + char hogweed[GNUTLS_PATH_MAX]; + char gmp[GNUTLS_PATH_MAX]; ++#endif + }; + + /* +@@ -241,12 +253,18 @@ static int handler(void *user, const cha + } + } else if (!strcmp(section, GNUTLS_LIBRARY_NAME)) { + return lib_handler(&p->gnutls, section, name, value); ++#if 0 ++ /* Disable nettle, hogweed and gpm HMAC verification as ++ * they are calculated during build of the respective ++ * packages and can differ from the ones listed here. ++ */ + } else if (!strcmp(section, NETTLE_LIBRARY_NAME)) { + return lib_handler(&p->nettle, section, name, value); + } else if (!strcmp(section, HOGWEED_LIBRARY_NAME)) { + return lib_handler(&p->hogweed, section, name, value); + } else if (!strcmp(section, GMP_LIBRARY_NAME)) { + return lib_handler(&p->gmp, section, name, value); ++#endif + } else { + return 0; + } +@@ -391,12 +409,18 @@ static int callback(struct dl_phdr_info + + if (!strcmp(soname, GNUTLS_LIBRARY_SONAME)) + _gnutls_str_cpy(paths->gnutls, GNUTLS_PATH_MAX, path); ++#if 0 ++ /* Disable nettle, hogweed and gpm HMAC verification as ++ * they are calculated during build of the respective ++ * packages and can differ from the ones listed here. ++ */ + else if (!strcmp(soname, NETTLE_LIBRARY_SONAME)) + _gnutls_str_cpy(paths->nettle, GNUTLS_PATH_MAX, path); + else if (!strcmp(soname, HOGWEED_LIBRARY_SONAME)) + _gnutls_str_cpy(paths->hogweed, GNUTLS_PATH_MAX, path); + else if (!strcmp(soname, GMP_LIBRARY_SONAME)) + _gnutls_str_cpy(paths->gmp, GNUTLS_PATH_MAX, path); ++#endif + return 0; + } + +@@ -409,6 +433,11 @@ static int load_lib_paths(struct lib_pat + _gnutls_debug_log("Gnutls library path was not found\n"); + return gnutls_assert_val(GNUTLS_E_FILE_ERROR); + } ++#if 0 ++ /* Disable nettle, hogweed and gpm HMAC verification as ++ * they are calculated during build of the respective ++ * packages and can differ from the ones listed here. ++ */ + if (paths->nettle[0] == '\0') { + _gnutls_debug_log("Nettle library path was not found\n"); + return gnutls_assert_val(GNUTLS_E_FILE_ERROR); +@@ -421,7 +450,7 @@ static int load_lib_paths(struct lib_pat + _gnutls_debug_log("Gmp library path was not found\n"); + return gnutls_assert_val(GNUTLS_E_FILE_ERROR); + } +- ++#endif + return GNUTLS_E_SUCCESS; + } + +@@ -467,6 +496,11 @@ static int check_binary_integrity(void) ret = check_lib_hmac(&hmac.gnutls, paths.gnutls); if (ret < 0) return ret; @@ -14,7 +102,7 @@ ret = check_lib_hmac(&hmac.nettle, paths.nettle); if (ret < 0) return ret; -@@ -476,6 +481,7 @@ static int check_binary_integrity(void) +@@ -476,6 +510,7 @@ static int check_binary_integrity(void) ret = check_lib_hmac(&hmac.gmp, paths.gmp); if (ret < 0) return ret;