Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package gnutls for openSUSE:Factory checked
in at 2023-05-30 22:01:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gnutls (Old)
and /work/SRC/openSUSE:Factory/.gnutls.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls"
Tue May 30 22:01:41 2023 rev:149 rq:1089748 version:3.8.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2023-05-26
20:15:16.268190299 +0200
+++ /work/SRC/openSUSE:Factory/.gnutls.new.1533/gnutls.changes 2023-05-30
22:01:44.934765061 +0200
@@ -1,0 +2,6 @@
+Mon May 29 07:27:23 UTC 2023 - Pedro Monreal <pmonr...@suse.com>
+
+- FIPS: Fix baselibs.conf to mention libgnutls30-hmac [bsc#1211476]
+ Extend also the checks in gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ baselibs.conf ++++++
--- /var/tmp/diff_new_pack.JFyGQp/_old 2023-05-30 22:01:45.682769469 +0200
+++ /var/tmp/diff_new_pack.JFyGQp/_new 2023-05-30 22:01:45.686769493 +0200
@@ -1,7 +1,7 @@
libgnutls30
obsoletes "gnutls-<targettype>"
- provides "libgnutls30-<targettype> = <version>-%release"
- obsoletes "libgnutls30-<targettype> < <version>-%release"
+ provides "libgnutls30-hmac-<targettype> = <version>-%release"
+ obsoletes "libgnutls30-hmac-<targettype> < <version>-%release"
libgnutls-devel
requires -libgnutls-<targettype>
requires "libgnutls30-<targettype> = <version>"
++++++ gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch ++++++
--- /var/tmp/diff_new_pack.JFyGQp/_old 2023-05-30 22:01:45.710769634 +0200
+++ /var/tmp/diff_new_pack.JFyGQp/_new 2023-05-30 22:01:45.714769658 +0200
@@ -2,7 +2,95 @@
===================================================================
--- gnutls-3.8.0.orig/lib/fips.c
+++ gnutls-3.8.0/lib/fips.c
-@@ -467,6 +467,11 @@ static int check_binary_integrity(void)
+@@ -171,16 +171,28 @@ struct hmac_entry {
+ struct hmac_file {
+ int version;
+ struct hmac_entry gnutls;
++#if 0
++ /* Disable nettle, hogweed and gpm HMAC verification as
++ * they are calculated during build of the respective
++ * packages and can differ from the ones listed here.
++ */
+ struct hmac_entry nettle;
+ struct hmac_entry hogweed;
+ struct hmac_entry gmp;
++#endif
+ };
+
+ struct lib_paths {
+ char gnutls[GNUTLS_PATH_MAX];
++#if 0
++ /* Disable nettle, hogweed and gpm HMAC verification as
++ * they are calculated during build of the respective
++ * packages and can differ from the ones listed here.
++ */
+ char nettle[GNUTLS_PATH_MAX];
+ char hogweed[GNUTLS_PATH_MAX];
+ char gmp[GNUTLS_PATH_MAX];
++#endif
+ };
+
+ /*
+@@ -241,12 +253,18 @@ static int handler(void *user, const cha
+ }
+ } else if (!strcmp(section, GNUTLS_LIBRARY_NAME)) {
+ return lib_handler(&p->gnutls, section, name, value);
++#if 0
++ /* Disable nettle, hogweed and gpm HMAC verification as
++ * they are calculated during build of the respective
++ * packages and can differ from the ones listed here.
++ */
+ } else if (!strcmp(section, NETTLE_LIBRARY_NAME)) {
+ return lib_handler(&p->nettle, section, name, value);
+ } else if (!strcmp(section, HOGWEED_LIBRARY_NAME)) {
+ return lib_handler(&p->hogweed, section, name, value);
+ } else if (!strcmp(section, GMP_LIBRARY_NAME)) {
+ return lib_handler(&p->gmp, section, name, value);
++#endif
+ } else {
+ return 0;
+ }
+@@ -391,12 +409,18 @@ static int callback(struct dl_phdr_info
+
+ if (!strcmp(soname, GNUTLS_LIBRARY_SONAME))
+ _gnutls_str_cpy(paths->gnutls, GNUTLS_PATH_MAX, path);
++#if 0
++ /* Disable nettle, hogweed and gpm HMAC verification as
++ * they are calculated during build of the respective
++ * packages and can differ from the ones listed here.
++ */
+ else if (!strcmp(soname, NETTLE_LIBRARY_SONAME))
+ _gnutls_str_cpy(paths->nettle, GNUTLS_PATH_MAX, path);
+ else if (!strcmp(soname, HOGWEED_LIBRARY_SONAME))
+ _gnutls_str_cpy(paths->hogweed, GNUTLS_PATH_MAX, path);
+ else if (!strcmp(soname, GMP_LIBRARY_SONAME))
+ _gnutls_str_cpy(paths->gmp, GNUTLS_PATH_MAX, path);
++#endif
+ return 0;
+ }
+
+@@ -409,6 +433,11 @@ static int load_lib_paths(struct lib_pat
+ _gnutls_debug_log("Gnutls library path was not found\n");
+ return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
+ }
++#if 0
++ /* Disable nettle, hogweed and gpm HMAC verification as
++ * they are calculated during build of the respective
++ * packages and can differ from the ones listed here.
++ */
+ if (paths->nettle[0] == '\0') {
+ _gnutls_debug_log("Nettle library path was not found\n");
+ return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
+@@ -421,7 +450,7 @@ static int load_lib_paths(struct lib_pat
+ _gnutls_debug_log("Gmp library path was not found\n");
+ return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
+ }
+-
++#endif
+ return GNUTLS_E_SUCCESS;
+ }
+
+@@ -467,6 +496,11 @@ static int check_binary_integrity(void)
ret = check_lib_hmac(&hmac.gnutls, paths.gnutls);
if (ret < 0)
return ret;
@@ -14,7 +102,7 @@
ret = check_lib_hmac(&hmac.nettle, paths.nettle);
if (ret < 0)
return ret;
-@@ -476,6 +481,7 @@ static int check_binary_integrity(void)
+@@ -476,6 +510,7 @@ static int check_binary_integrity(void)
ret = check_lib_hmac(&hmac.gmp, paths.gmp);
if (ret < 0)
return ret;
