Blob Blame History Raw
Name:           nettle
Version:        2.7.1
Release:        9%{?dist}
Summary:        A low-level cryptographic library

Group:          Development/Libraries
License:        LGPLv2+
URL:            http://www.lysator.liu.se/~nisse/nettle/
Source0:	%{name}-%{version}-hobbled.tar.gz
#Source0:        http://www.lysator.liu.se/~nisse/archive/%{name}-%{version}.tar.gz
Patch0:		nettle-2.7.1-remove-ecc-testsuite.patch
Patch1:		nettle-2.7.1-tmpalloc.patch
Patch2:		nettle-2.7.1-sha3-fix.patch
Patch3:		nettle-2.7.1-ecc-cve.patch
Patch4:		nettle-2.7.1-powm-sec.patch
# https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009458.html
Patch5:		nettle-2.7.1-ecdsa-verify.patch

BuildRequires:  gmp-devel m4 texinfo-tex texlive-dvips ghostscript
BuildRequires:  fipscheck
BuildRequires:	libtool, automake, autoconf, texinfo

Requires(post): info
Requires(preun): info


%package devel
Summary:        Development headers for a low-level cryptographic library
Group:          Development/Libraries
Requires:       %{name} = %{version}-%{release}
Requires:       gmp-devel%{?_isa}

%description
Nettle is a cryptographic library that is designed to fit easily in more
or less any context: In crypto toolkits for object-oriented languages
(C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in
kernel space.

%description devel
Nettle is a cryptographic library that is designed to fit easily in more
or less any context: In crypto toolkits for object-oriented languages
(C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in
kernel space.  This package contains the files needed for developing 
applications with nettle.


%prep
%setup -q
# Disable -ggdb3 which makes debugedit unhappy
sed s/ggdb3/g/ -i configure
sed 's/ecc-192.c//g' -i Makefile.in
sed 's/ecc-224.c//g' -i Makefile.in
%patch0 -p1
%patch1 -p1 -b .tmpalloc
%patch2 -p1 -b .sha3
%patch3 -p1 -b .ecc-cve
%patch4 -p1 -b .powm-sec
%patch5 -p1 -b .ecdsa-verify

%build
%configure --enable-shared
make %{?_smp_mflags}

%define __spec_install_post \
	%{?__debug_package:%{__debug_install_post}} \
	%{__arch_install_post} \
	%{__os_install_post} \
	fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/libnettle.so.4.* \
	fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/libhogweed.so.2.* \
	file=`basename $RPM_BUILD_ROOT%{_libdir}/libnettle.so.4.*.hmac` && mv $RPM_BUILD_ROOT%{_libdir}/$file $RPM_BUILD_ROOT%{_libdir}/.$file && ln -s .$file $RPM_BUILD_ROOT%{_libdir}/.libnettle.so.4.hmac \
	file=`basename $RPM_BUILD_ROOT%{_libdir}/libhogweed.so.2.*.hmac` && mv $RPM_BUILD_ROOT%{_libdir}/$file $RPM_BUILD_ROOT%{_libdir}/.$file && ln -s .$file $RPM_BUILD_ROOT%{_libdir}/.libhogweed.so.2.hmac \
%{nil}


%install
make install DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
make install-shared DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
mkdir -p $RPM_BUILD_ROOT%{_infodir}
install -p -m 644 nettle.info $RPM_BUILD_ROOT%{_infodir}/
rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
rm -f $RPM_BUILD_ROOT%{_infodir}/dir
chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libnettle.so.4.*
chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libhogweed.so.2.*
%check
make check

%files
%doc AUTHORS ChangeLog COPYING.LIB NEWS README TODO
%{_infodir}/nettle.info.gz
%{_bindir}/nettle-lfib-stream
%{_bindir}/pkcs1-conv
%{_bindir}/sexp-conv
%{_bindir}/nettle-hash
%{_libdir}/libnettle.so.4
%{_libdir}/libnettle.so.4.*
%{_libdir}/libhogweed.so.2
%{_libdir}/libhogweed.so.2.*
%{_libdir}/.libhogweed.so.*.hmac
%{_libdir}/.libnettle.so.*.hmac


%files devel
%doc descore.README nettle.html nettle.pdf COPYING.LIB
%{_includedir}/nettle
%{_libdir}/libnettle.so
%{_libdir}/libhogweed.so
%{_libdir}/pkgconfig/hogweed.pc
%{_libdir}/pkgconfig/nettle.pc

%post
/sbin/install-info %{_infodir}/%{name}.info %{_infodir}/dir || :
/sbin/ldconfig

%preun
if [ $1 = 0 ]; then
  /sbin/install-info --delete %{_infodir}/%{name}.info %{_infodir}/dir || :
fi

%postun -p /sbin/ldconfig



%changelog
* Wed Apr  7 2021 Daiki Ueno <dueno@redhat.com> - 2.7.1-9
- Port fixes for potential miscalculation in ecdsa_verify (#1943156)

* Mon Aug  8 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.7.1-8
- Use a cache-silent version of mpz_powm to prevent cache-timing
  attacks against RSA and DSA in shared VMs. (#1364897,CVE-2016-6489)

* Wed Mar  2 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.7.1-5
- Fixed SHA-3 implementation to conform to final standard (#1252936)
- Fixed CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 which caused issues
  in secp256r1 and secp384r1 calculations (#1314374)

* Tue Jul 29 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.7.1-4
- Correct path of links (#1117782)

* Mon Jul 28 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.7.1-3
- Added fipshmac checksum (#1117782)

* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2.7.1-2
- Mass rebuild 2014-01-24

* Wed Jan 15 2014 Tomáš Mráz <tmraz@redhat.com> - 2.7.1-1
- Updated to nettle 2.7.1

* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2.6-4
- Mass rebuild 2013-12-27

* Fri Dec 13 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.6-3
- Added patch nettle-tmpalloc.patch (#1033570)

* Wed Feb  6 2013 Tomáš Mráz <tmraz@redhat.com> - 2.6-2
- nettle includes use gmp.h

* Tue Feb  5 2013 Tomáš Mráz <tmraz@redhat.com> - 2.6-1
- New upstream release

* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Thu Jul 05 2012 David Woodhouse <dwmw2@infradead.org> - 2.4-3
- Remove explicit buildroot handling and defattr.

* Wed Jul 04 2012 David Woodhouse <dwmw2@infradead.org> - 2.4-2
- Review feedback

* Mon Jun 18 2012 David Woodhouse <dwmw2@infradead.org> - 2.4-1
- Revive package (GnuTLS needs it), disable static, update to current release 2.4

* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.15-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.15-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

* Thu Apr 10 2008 Ian Weller <ianweller@gmail.com> 1.15-5
- Moved static lib to -static

* Mon Mar 24 2008 Ian Weller <ianweller@gmail.com> 1.15-4
- Added libraries and ldconfig

* Mon Feb 18 2008 Ian Weller <ianweller@gmail.com> 1.15-3
- Added provides -static to -devel

* Sun Feb 17 2008 Ian Weller <ianweller@gmail.com> 1.15-2
- Removed redundant requires
- Removed redundant documentation between packages
- Fixed license tag
- Fixed -devel description
- Added the static library back to -devel
- Added make clean

* Fri Feb 08 2008 Ian Weller <ianweller@gmail.com> 1.15-1
- First package build.