Name: nettle
Version: 2.7.1
Release: 9%{?dist}
Summary: A low-level cryptographic library
Group: Development/Libraries
License: LGPLv2+
URL: http://www.lysator.liu.se/~nisse/nettle/
Source0: %{name}-%{version}-hobbled.tar.gz
#Source0: http://www.lysator.liu.se/~nisse/archive/%{name}-%{version}.tar.gz
Patch0: nettle-2.7.1-remove-ecc-testsuite.patch
Patch1: nettle-2.7.1-tmpalloc.patch
Patch2: nettle-2.7.1-sha3-fix.patch
Patch3: nettle-2.7.1-ecc-cve.patch
Patch4: nettle-2.7.1-powm-sec.patch
# https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009458.html
Patch5: nettle-2.7.1-ecdsa-verify.patch
BuildRequires: gmp-devel m4 texinfo-tex texlive-dvips ghostscript
BuildRequires: fipscheck
BuildRequires: libtool, automake, autoconf, texinfo
Requires(post): info
Requires(preun): info
%package devel
Summary: Development headers for a low-level cryptographic library
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
Requires: gmp-devel%{?_isa}
%description
Nettle is a cryptographic library that is designed to fit easily in more
or less any context: In crypto toolkits for object-oriented languages
(C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in
kernel space.
%description devel
Nettle is a cryptographic library that is designed to fit easily in more
or less any context: In crypto toolkits for object-oriented languages
(C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in
kernel space. This package contains the files needed for developing
applications with nettle.
%prep
%setup -q
# Disable -ggdb3 which makes debugedit unhappy
sed s/ggdb3/g/ -i configure
sed 's/ecc-192.c//g' -i Makefile.in
sed 's/ecc-224.c//g' -i Makefile.in
%patch0 -p1
%patch1 -p1 -b .tmpalloc
%patch2 -p1 -b .sha3
%patch3 -p1 -b .ecc-cve
%patch4 -p1 -b .powm-sec
%patch5 -p1 -b .ecdsa-verify
%build
%configure --enable-shared
make %{?_smp_mflags}
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/libnettle.so.4.* \
fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/libhogweed.so.2.* \
file=`basename $RPM_BUILD_ROOT%{_libdir}/libnettle.so.4.*.hmac` && mv $RPM_BUILD_ROOT%{_libdir}/$file $RPM_BUILD_ROOT%{_libdir}/.$file && ln -s .$file $RPM_BUILD_ROOT%{_libdir}/.libnettle.so.4.hmac \
file=`basename $RPM_BUILD_ROOT%{_libdir}/libhogweed.so.2.*.hmac` && mv $RPM_BUILD_ROOT%{_libdir}/$file $RPM_BUILD_ROOT%{_libdir}/.$file && ln -s .$file $RPM_BUILD_ROOT%{_libdir}/.libhogweed.so.2.hmac \
%{nil}
%install
make install DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
make install-shared DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
mkdir -p $RPM_BUILD_ROOT%{_infodir}
install -p -m 644 nettle.info $RPM_BUILD_ROOT%{_infodir}/
rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
rm -f $RPM_BUILD_ROOT%{_infodir}/dir
chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libnettle.so.4.*
chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libhogweed.so.2.*
%check
make check
%files
%doc AUTHORS ChangeLog COPYING.LIB NEWS README TODO
%{_infodir}/nettle.info.gz
%{_bindir}/nettle-lfib-stream
%{_bindir}/pkcs1-conv
%{_bindir}/sexp-conv
%{_bindir}/nettle-hash
%{_libdir}/libnettle.so.4
%{_libdir}/libnettle.so.4.*
%{_libdir}/libhogweed.so.2
%{_libdir}/libhogweed.so.2.*
%{_libdir}/.libhogweed.so.*.hmac
%{_libdir}/.libnettle.so.*.hmac
%files devel
%doc descore.README nettle.html nettle.pdf COPYING.LIB
%{_includedir}/nettle
%{_libdir}/libnettle.so
%{_libdir}/libhogweed.so
%{_libdir}/pkgconfig/hogweed.pc
%{_libdir}/pkgconfig/nettle.pc
%post
/sbin/install-info %{_infodir}/%{name}.info %{_infodir}/dir || :
/sbin/ldconfig
%preun
if [ $1 = 0 ]; then
/sbin/install-info --delete %{_infodir}/%{name}.info %{_infodir}/dir || :
fi
%postun -p /sbin/ldconfig
%changelog
* Wed Apr 7 2021 Daiki Ueno <dueno@redhat.com> - 2.7.1-9
- Port fixes for potential miscalculation in ecdsa_verify (#1943156)
* Mon Aug 8 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.7.1-8
- Use a cache-silent version of mpz_powm to prevent cache-timing
attacks against RSA and DSA in shared VMs. (#1364897,CVE-2016-6489)
* Wed Mar 2 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.7.1-5
- Fixed SHA-3 implementation to conform to final standard (#1252936)
- Fixed CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 which caused issues
in secp256r1 and secp384r1 calculations (#1314374)
* Tue Jul 29 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.7.1-4
- Correct path of links (#1117782)
* Mon Jul 28 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.7.1-3
- Added fipshmac checksum (#1117782)
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2.7.1-2
- Mass rebuild 2014-01-24
* Wed Jan 15 2014 Tomáš Mráz <tmraz@redhat.com> - 2.7.1-1
- Updated to nettle 2.7.1
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2.6-4
- Mass rebuild 2013-12-27
* Fri Dec 13 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.6-3
- Added patch nettle-tmpalloc.patch (#1033570)
* Wed Feb 6 2013 Tomáš Mráz <tmraz@redhat.com> - 2.6-2
- nettle includes use gmp.h
* Tue Feb 5 2013 Tomáš Mráz <tmraz@redhat.com> - 2.6-1
- New upstream release
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Jul 05 2012 David Woodhouse <dwmw2@infradead.org> - 2.4-3
- Remove explicit buildroot handling and defattr.
* Wed Jul 04 2012 David Woodhouse <dwmw2@infradead.org> - 2.4-2
- Review feedback
* Mon Jun 18 2012 David Woodhouse <dwmw2@infradead.org> - 2.4-1
- Revive package (GnuTLS needs it), disable static, update to current release 2.4
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.15-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.15-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Thu Apr 10 2008 Ian Weller <ianweller@gmail.com> 1.15-5
- Moved static lib to -static
* Mon Mar 24 2008 Ian Weller <ianweller@gmail.com> 1.15-4
- Added libraries and ldconfig
* Mon Feb 18 2008 Ian Weller <ianweller@gmail.com> 1.15-3
- Added provides -static to -devel
* Sun Feb 17 2008 Ian Weller <ianweller@gmail.com> 1.15-2
- Removed redundant requires
- Removed redundant documentation between packages
- Fixed license tag
- Fixed -devel description
- Added the static library back to -devel
- Added make clean
* Fri Feb 08 2008 Ian Weller <ianweller@gmail.com> 1.15-1
- First package build.