Accepting request 185475 from Base:System

- Updated to 3.2.3 ** libgnutls: Fixes in parsing of priority strings. Patch by Stefan Buehler. ** libgnutls: Solve issue with received TLS packets that exceed 2^14. (this fixes a bug that was accidentally introduced in 3.2.2) ** libgnutls: Removed gnulib modules under LGPLv3 that could possibly be used by the library. ** libgnutls: Fixes in gnutls_record_send_range(). Report and initial fix by Alfredo Pironti. - Updated to 3.2.2 ** libgnutls: Several optimizations in the related to packet processing subsystems. ** libgnutls: DTLS replay detection can now be disabled (to be used in certain transport layers like SCTP). ** libgnutls: Fixes in SRTP extension generation when MKI is being used. ** libgnutls: Added ability to set hooks before or after sending or receiving any handshake message with gnutls_handshake_set_hook_function(). - gnutls-3.2.3-noecc.patch: updated to disable ECC. - automake-1.12.patch: upstream, dropped - gnutls-32bit.patch: upstream, dropped - gnutls-3.2.1-pkcs11.diff: upstream, dropped OBS-URL: https://build.opensuse.org/request/show/185475 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=62
2013-08-01 15:15:14 +00:00 · 2013-08-01 15:15:14 +00:00 · a11fa3fadd
commit a11fa3fadd
parent 76f004feaf
11 changed files with 258 additions and 253 deletions
--- a/automake-1.12.patch
+++ b/automake-1.12.patch
@ -1,52 +0,0 @@
 Index: gnutls-3.2.1/aclocal.m4
 ===================================================================
 --- gnutls-3.2.1.orig/aclocal.m4
 +++ gnutls-3.2.1/aclocal.m4
@@ -517,7 +517,7 @@ AM_MISSING_PROG(AUTOHEADER, autoheader)
 AM_MISSING_PROG(MAKEINFO, makeinfo)
 AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
 AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
 -AC_REQUIRE([AM_PROG_MKDIR_P])dnl
 +AC_REQUIRE([AC_PROG_MKDIR_P])dnl
 # We need awk for the "check" target.  The system "awk" is bad on
 # some platforms.
 AC_REQUIRE([AC_PROG_AWK])dnl
@@ -761,10 +761,10 @@ fi
 # serial 1
 -# AM_PROG_MKDIR_P
 +# AC_PROG_MKDIR_P
 # ---------------
 # Check for `mkdir -p'.
 -AC_DEFUN([AM_PROG_MKDIR_P],
 +AC_DEFUN([AC_PROG_MKDIR_P],
 [AC_PREREQ([2.60])dnl
 AC_REQUIRE([AC_PROG_MKDIR_P])dnl
 dnl Automake 1.8 to 1.9.6 used to define mkdir_p.  We now use MKDIR_P,
 Index: gnutls-3.2.1/gl/m4/gnulib-common.m4
 ===================================================================
 --- gnutls-3.2.1.orig/gl/m4/gnulib-common.m4
 +++ gnutls-3.2.1/gl/m4/gnulib-common.m4
@@ -303,7 +303,7 @@ m4_ifdef([AC_PROG_MKDIR_P], [
     AC_SUBST([MKDIR_P])])], [
   dnl For autoconf < 2.60: Backport of AC_PROG_MKDIR_P.
   AC_DEFUN_ONCE([AC_PROG_MKDIR_P],
 -    [AC_REQUIRE([AM_PROG_MKDIR_P])dnl defined by automake
 +    [AC_REQUIRE([AC_PROG_MKDIR_P])dnl defined by automake
      MKDIR_P='$(mkdir_p)'
      AC_SUBST([MKDIR_P])])])
 ])
 Index: gnutls-3.2.1/m4/po.m4
 ===================================================================
 --- gnutls-3.2.1.orig/m4/po.m4
 +++ gnutls-3.2.1/m4/po.m4
@@ -24,7 +24,7 @@ AC_DEFUN([AM_PO_SUBDIRS],
 [
   AC_REQUIRE([AC_PROG_MAKE_SET])dnl
   AC_REQUIRE([AC_PROG_INSTALL])dnl
 -  AC_REQUIRE([AM_PROG_MKDIR_P])dnl defined by automake
 +  AC_REQUIRE([AC_PROG_MKDIR_P])dnl defined by automake
   AC_REQUIRE([AM_NLS])dnl
   dnl Release version of the gettext macros. This is used to ensure that
--- a/gnutls-3.2.1-pkcs11.diff
+++ b/gnutls-3.2.1-pkcs11.diff
@ -1,28 +0,0 @@
 From 9008620a9c452fb33942f0f8ee03a44fdf277475 Mon Sep 17 00:00:00 2001
 From: Stef Walter <stefw@redhat.com>
 Date: Thu, 4 Jul 2013 16:15:03 +0200
 Subject: [PATCH] pkcs11: Use the correct attribute length for CKA_TRUSTED
 CKA_TRUSTED is a CK_BBOOL value in PKCS#11. Since object searches
 are done with the attribute byte values, we need to get the length
 exactly right.
 ---
 lib/pkcs11.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/lib/pkcs11.c b/lib/pkcs11.c
 index 27ea3f4..3da3b92 100644
 --- a/lib/pkcs11.c
 +++ b/lib/pkcs11.c
@@ -2201,7 +2201,7 @@ find_objs (struct pkcs11_session_info* sinfo,
   struct ck_attribute *attr;
   ck_object_class_t class = (ck_object_class_t)-1;
   ck_certificate_type_t type = (ck_certificate_type_t)-1;
 -  unsigned int trusted;
 +  unsigned char trusted;
   unsigned long category;
   ck_rv_t rv;
   ck_object_handle_t obj;
 -- 
 1.8.3.1
--- a/gnutls-3.2.1.tar.xz
+++ b/gnutls-3.2.1.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:abfa8165947837ada2363355ada25d913f48e6bb261f0a67f20d2fb6079e22fe
 size 5127332
--- a/gnutls-3.2.1.tar.xz.sig
+++ b/gnutls-3.2.1.tar.xz.sig
--- a/gnutls-3.2.3-noecc.patch
+++ b/gnutls-3.2.3-noecc.patch
@ -1,7 +1,7 @@
-Index: gnutls-3.2.1/lib/algorithms/kx.c
+Index: gnutls-3.2.3/lib/algorithms/kx.c
 ===================================================================
--- gnutls-3.2.1.orig/lib/algorithms/kx.c
+--- gnutls-3.2.3.orig/lib/algorithms/kx.c
-+++ gnutls-3.2.1/lib/algorithms/kx.c
+++ gnutls-3.2.3/lib/algorithms/kx.c
@@ -28,9 +28,11 @@
 extern mod_auth_st rsa_auth_struct;
@ -14,18 +14,25 @@ Index: gnutls-3.2.1/lib/algorithms/kx.c
 extern mod_auth_st dhe_dss_auth_struct;
 extern mod_auth_st anon_auth_struct;
 extern mod_auth_st anon_ecdh_auth_struct;
-@@ -57,8 +59,10 @@ static const gnutls_cred_map cred_mappin
+@@ -57,13 +59,17 @@ static const gnutls_cred_map cred_mappin
   {GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
   {GNUTLS_KX_ANON_ECDH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
   {GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
-+#ifdef ENABLE_ECC
+#ifdef ENABLE_ECDHE
   {GNUTLS_KX_ECDHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
   {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
 +#endif
   {GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
   {GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
   {GNUTLS_KX_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
-@@ -98,7 +102,7 @@ static const gnutls_kx_algo_entry _gnutl
+   {GNUTLS_KX_DHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
 +#ifdef ENABLE_ECDHE
   {GNUTLS_KX_ECDHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
 +#endif
   {GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP},
   {GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
   {GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
@@ -98,7 +104,7 @@ static const gnutls_kx_algo_entry _gnutl
   {"DHE-RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1},
   {"DHE-DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1},
 #endif
@ -34,7 +41,7 @@ Index: gnutls-3.2.1/lib/algorithms/kx.c
   {"ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, &ecdhe_rsa_auth_struct, 0},
   {"ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, &ecdhe_ecdsa_auth_struct, 0},
 #endif
-@@ -113,7 +117,7 @@ static const gnutls_kx_algo_entry _gnutl
+@@ -113,7 +119,7 @@ static const gnutls_kx_algo_entry _gnutl
   {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct,
    1 /* needs DHE params */},
 # endif
@ -43,10 +50,10 @@ Index: gnutls-3.2.1/lib/algorithms/kx.c
   {"ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, &ecdhe_psk_auth_struct, 0},
 # endif
 #endif
-Index: gnutls-3.2.1/lib/algorithms/publickey.c
+Index: gnutls-3.2.3/lib/algorithms/publickey.c
 ===================================================================
--- gnutls-3.2.1.orig/lib/algorithms/publickey.c
+--- gnutls-3.2.3.orig/lib/algorithms/publickey.c
-+++ gnutls-3.2.1/lib/algorithms/publickey.c
+++ gnutls-3.2.3/lib/algorithms/publickey.c
@@ -49,8 +49,10 @@ static const gnutls_pk_map pk_mappings[]
   {GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
   {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
@ -68,29 +75,10 @@ Index: gnutls-3.2.1/lib/algorithms/publickey.c
   {0, 0, 0}
 };
-Index: gnutls-3.2.1/lib/algorithms/sign.c
+Index: gnutls-3.2.3/lib/auth/cert.c
 ===================================================================
--- gnutls-3.2.1.orig/lib/algorithms/sign.c
+--- gnutls-3.2.3.orig/lib/auth/cert.c
-+++ gnutls-3.2.1/lib/algorithms/sign.c
+++ gnutls-3.2.3/lib/auth/cert.c
@@ -43,6 +43,14 @@ typedef struct gnutls_sign_entry gnutls_
 #define TLS_SIGN_AID_UNKNOWN {255, 255}
 static const sign_algorithm_st unknown_tls_aid = TLS_SIGN_AID_UNKNOWN;
 +#ifndef ENABLE_ECC
 +#define GNUTLS_SIGN_ECDSA_SHA1 0
 +#define GNUTLS_SIGN_ECDSA_SHA224 0
 +#define GNUTLS_SIGN_ECDSA_SHA256 0
 +#define GNUTLS_SIGN_ECDSA_SHA384 0
 +#define GNUTLS_SIGN_ECDSA_SHA512 0
 +#endif
 +
 static const gnutls_sign_entry sign_algorithms[] = {
   {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA,
    GNUTLS_DIG_SHA1, {2, 1}},
 Index: gnutls-3.2.1/lib/auth/cert.c
 ===================================================================
 --- gnutls-3.2.1.orig/lib/auth/cert.c
 +++ gnutls-3.2.1/lib/auth/cert.c
@@ -63,7 +63,11 @@ static gnutls_privkey_t alloc_and_load_p
                                                    key, int deinit);
 #endif
@ -114,7 +102,7 @@ Index: gnutls-3.2.1/lib/auth/cert.c
     }
   return -1;
-@@ -1726,7 +1732,9 @@ _gnutls_gen_cert_server_cert_req (gnutls
+@@ -1735,7 +1741,9 @@ _gnutls_gen_cert_server_cert_req (gnutls
   tmp_data[0] = CERTTYPE_SIZE - 1;
   tmp_data[1] = RSA_SIGN;
   tmp_data[2] = DSA_SIGN;
@ -124,10 +112,10 @@ Index: gnutls-3.2.1/lib/auth/cert.c
   ret = _gnutls_buffer_append_data (data, tmp_data, CERTTYPE_SIZE);
   if (ret < 0)
-Index: gnutls-3.2.1/lib/auth/dhe_psk.c
+Index: gnutls-3.2.3/lib/auth/dhe_psk.c
 ===================================================================
--- gnutls-3.2.1.orig/lib/auth/dhe_psk.c
+--- gnutls-3.2.3.orig/lib/auth/dhe_psk.c
-+++ gnutls-3.2.1/lib/auth/dhe_psk.c
+++ gnutls-3.2.3/lib/auth/dhe_psk.c
@@ -92,6 +92,7 @@ const mod_auth_st ecdhe_psk_auth_struct
 };
 #endif
@ -192,10 +180,10 @@ Index: gnutls-3.2.1/lib/auth/dhe_psk.c
 +#endif
 #endif /* ENABLE_PSK */
-Index: gnutls-3.2.1/lib/ext/ecc.c
+Index: gnutls-3.2.3/lib/ext/ecc.c
 ===================================================================
--- gnutls-3.2.1.orig/lib/ext/ecc.c
+--- gnutls-3.2.3.orig/lib/ext/ecc.c
-+++ gnutls-3.2.1/lib/ext/ecc.c
+++ gnutls-3.2.3/lib/ext/ecc.c
@@ -35,6 +35,7 @@
 /* Maps record size to numbers according to the
  * extensions draft.
@ -210,10 +198,10 @@ Index: gnutls-3.2.1/lib/ext/ecc.c
 }
 +
 +#endif
-Index: gnutls-3.2.1/lib/gnutls_extensions.c
+Index: gnutls-3.2.3/lib/gnutls_extensions.c
 ===================================================================
--- gnutls-3.2.1.orig/lib/gnutls_extensions.c
+--- gnutls-3.2.3.orig/lib/gnutls_extensions.c
-+++ gnutls-3.2.1/lib/gnutls_extensions.c
+++ gnutls-3.2.3/lib/gnutls_extensions.c
@@ -351,6 +351,7 @@ _gnutls_ext_init (void)
   if (ret != GNUTLS_E_SUCCESS)
     return ret;
@ -230,10 +218,10 @@ Index: gnutls-3.2.1/lib/gnutls_extensions.c
   ret = _gnutls_ext_register (&ext_mod_sig);
   if (ret != GNUTLS_E_SUCCESS)
-Index: gnutls-3.2.1/lib/gnutls_priority.c
+Index: gnutls-3.2.3/lib/gnutls_priority.c
 ===================================================================
--- gnutls-3.2.1.orig/lib/gnutls_priority.c
+--- gnutls-3.2.3.orig/lib/gnutls_priority.c
-+++ gnutls-3.2.1/lib/gnutls_priority.c
+++ gnutls-3.2.3/lib/gnutls_priority.c
@@ -245,35 +245,45 @@ gnutls_certificate_type_set_priority (gn
 }
@ -356,10 +344,10 @@ Index: gnutls-3.2.1/lib/gnutls_priority.c
   0
 };
-Index: gnutls-3.2.1/lib/nettle/pk.c
+Index: gnutls-3.2.3/lib/nettle/pk.c
 ===================================================================
--- gnutls-3.2.1.orig/lib/nettle/pk.c
+--- gnutls-3.2.3.orig/lib/nettle/pk.c
-+++ gnutls-3.2.1/lib/nettle/pk.c
+++ gnutls-3.2.3/lib/nettle/pk.c
@@ -146,6 +146,7 @@ static int _wrap_nettle_pk_derive(gnutls
   switch (algo)
@ -384,7 +372,7 @@ Index: gnutls-3.2.1/lib/nettle/pk.c
     case GNUTLS_PK_EC: /* we do ECDSA */
       {
         struct ecc_scalar priv;
-@@ -369,6 +372,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorith
+@@ -370,6 +373,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorith
           }
         break;
       }
@ -392,7 +380,7 @@ Index: gnutls-3.2.1/lib/nettle/pk.c
     case GNUTLS_PK_DSA:
       {
         struct dsa_public_key pub;
-@@ -470,6 +474,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algori
+@@ -472,6 +476,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algori
   switch (algo)
     {
@ -400,7 +388,7 @@ Index: gnutls-3.2.1/lib/nettle/pk.c
     case GNUTLS_PK_EC: /* ECDSA */
       {
         struct ecc_point pub;
-@@ -511,6 +516,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algori
+@@ -514,6 +519,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algori
         ecc_point_clear( &pub);
         break;
       }
@ -408,7 +396,7 @@ Index: gnutls-3.2.1/lib/nettle/pk.c
     case GNUTLS_PK_DSA:
       {
         struct dsa_public_key pub;
-@@ -717,6 +723,7 @@ rsa_fail:
+@@ -721,6 +727,7 @@ rsa_fail:
         break;
       }
@ -416,7 +404,7 @@ Index: gnutls-3.2.1/lib/nettle/pk.c
     case GNUTLS_PK_EC:
       {
         struct ecc_scalar key;
-@@ -757,6 +764,7 @@ ecc_cleanup:
+@@ -761,6 +768,7 @@ ecc_cleanup:
         break;
       }
@ -424,7 +412,7 @@ Index: gnutls-3.2.1/lib/nettle/pk.c
     default:
       gnutls_assert ();
       return GNUTLS_E_INVALID_REQUEST;
-@@ -873,6 +881,7 @@ dsa_cleanup:
+@@ -877,6 +885,7 @@ dsa_cleanup:
       }
       break;
@ -432,7 +420,7 @@ Index: gnutls-3.2.1/lib/nettle/pk.c
     case GNUTLS_PK_EC:
       {
         struct ecc_point r, pub;
-@@ -934,6 +943,7 @@ ecc_cleanup:
+@@ -938,6 +947,7 @@ ecc_cleanup:
         ecc_point_clear(&pub);
       }  
       break;
@ -440,10 +428,10 @@ Index: gnutls-3.2.1/lib/nettle/pk.c
     default:
       ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
     }
-Index: gnutls-3.2.1/tests/cert-tests/dane
+Index: gnutls-3.2.3/tests/cert-tests/dane
 ===================================================================
--- gnutls-3.2.1.orig/tests/cert-tests/dane
+--- gnutls-3.2.3.orig/tests/cert-tests/dane
-+++ gnutls-3.2.1/tests/cert-tests/dane
+++ gnutls-3.2.3/tests/cert-tests/dane
@@ -22,6 +22,8 @@
 set -e
@ -453,10 +441,10 @@ Index: gnutls-3.2.1/tests/cert-tests/dane
 srcdir=${srcdir:-.}
 DANETOOL=${DANETOOL:-../../src/danetool$EXEEXT}
-Index: gnutls-3.2.1/tests/dtls/dtls-nb
+Index: gnutls-3.2.3/tests/dtls/dtls-nb
 ===================================================================
--- gnutls-3.2.1.orig/tests/dtls/dtls-nb
+--- gnutls-3.2.3.orig/tests/dtls/dtls-nb
-+++ gnutls-3.2.1/tests/dtls/dtls-nb
+++ gnutls-3.2.3/tests/dtls/dtls-nb
@@ -22,9 +22,7 @@
 set -e
@ -468,10 +456,10 @@ Index: gnutls-3.2.1/tests/dtls/dtls-nb
 ./dtls-stress -nb -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished
 ./dtls-stress -nb -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone
-Index: gnutls-3.2.1/tests/dtls/dtls
+Index: gnutls-3.2.3/tests/dtls/dtls
 ===================================================================
--- gnutls-3.2.1.orig/tests/dtls/dtls
+--- gnutls-3.2.3.orig/tests/dtls/dtls
-+++ gnutls-3.2.1/tests/dtls/dtls
+++ gnutls-3.2.3/tests/dtls/dtls
@@ -22,9 +22,7 @@
 set -e
@ -483,10 +471,10 @@ Index: gnutls-3.2.1/tests/dtls/dtls
 ./dtls-stress -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished
 ./dtls-stress -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone
-Index: gnutls-3.2.1/tests/ecdsa/ecdsa
+Index: gnutls-3.2.3/tests/ecdsa/ecdsa
 ===================================================================
--- gnutls-3.2.1.orig/tests/ecdsa/ecdsa
+--- gnutls-3.2.3.orig/tests/ecdsa/ecdsa
-+++ gnutls-3.2.1/tests/ecdsa/ecdsa
+++ gnutls-3.2.3/tests/ecdsa/ecdsa
@@ -22,6 +22,8 @@
 #set -e
@ -496,10 +484,10 @@ Index: gnutls-3.2.1/tests/ecdsa/ecdsa
 srcdir=${srcdir:-.}
 CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
-Index: gnutls-3.2.1/tests/mini-dtls-heartbeat.c
+Index: gnutls-3.2.3/tests/mini-dtls-heartbeat.c
 ===================================================================
--- gnutls-3.2.1.orig/tests/mini-dtls-heartbeat.c
+--- gnutls-3.2.3.orig/tests/mini-dtls-heartbeat.c
-+++ gnutls-3.2.1/tests/mini-dtls-heartbeat.c
+++ gnutls-3.2.3/tests/mini-dtls-heartbeat.c
@@ -27,7 +27,7 @@
 #include <stdio.h>
 #include <stdlib.h>
@ -509,11 +497,11 @@ Index: gnutls-3.2.1/tests/mini-dtls-heartbeat.c
 int
 main ()
-Index: gnutls-3.2.1/tests/mini-dtls-record.c
+Index: gnutls-3.2.3/tests/mini-dtls-record.c
 ===================================================================
--- gnutls-3.2.1.orig/tests/mini-dtls-record.c
+--- gnutls-3.2.3.orig/tests/mini-dtls-record.c
-+++ gnutls-3.2.1/tests/mini-dtls-record.c
+++ gnutls-3.2.3/tests/mini-dtls-record.c
-@@ -27,7 +27,7 @@
+@@ -29,7 +29,7 @@
 #include <stdio.h>
 #include <stdlib.h>
@ -522,10 +510,10 @@ Index: gnutls-3.2.1/tests/mini-dtls-record.c
 int
 main ()
-Index: gnutls-3.2.1/tests/mini-dtls-rehandshake.c
+Index: gnutls-3.2.3/tests/mini-dtls-rehandshake.c
 ===================================================================
--- gnutls-3.2.1.orig/tests/mini-dtls-rehandshake.c
+--- gnutls-3.2.3.orig/tests/mini-dtls-rehandshake.c
-+++ gnutls-3.2.1/tests/mini-dtls-rehandshake.c
+++ gnutls-3.2.3/tests/mini-dtls-rehandshake.c
@@ -27,7 +27,7 @@
 #include <stdio.h>
 #include <stdlib.h>
@ -535,10 +523,10 @@ Index: gnutls-3.2.1/tests/mini-dtls-rehandshake.c
 int main()
 {
-Index: gnutls-3.2.1/tests/mini-dtls-srtp.c
+Index: gnutls-3.2.3/tests/mini-dtls-srtp.c
 ===================================================================
--- gnutls-3.2.1.orig/tests/mini-dtls-srtp.c
+--- gnutls-3.2.3.orig/tests/mini-dtls-srtp.c
-+++ gnutls-3.2.1/tests/mini-dtls-srtp.c
+++ gnutls-3.2.3/tests/mini-dtls-srtp.c
@@ -27,7 +27,7 @@
 #include <stdio.h>
 #include <stdlib.h>
@ -548,10 +536,10 @@ Index: gnutls-3.2.1/tests/mini-dtls-srtp.c
 int
 main (int argc, char** argv)
-Index: gnutls-3.2.1/tests/mini-handshake-timeout.c
+Index: gnutls-3.2.3/tests/mini-handshake-timeout.c
 ===================================================================
--- gnutls-3.2.1.orig/tests/mini-handshake-timeout.c
+--- gnutls-3.2.3.orig/tests/mini-handshake-timeout.c
-+++ gnutls-3.2.1/tests/mini-handshake-timeout.c
+++ gnutls-3.2.3/tests/mini-handshake-timeout.c
@@ -28,7 +28,7 @@
 #include <stdlib.h>
 #include <string.h>
@ -574,10 +562,10 @@ Index: gnutls-3.2.1/tests/mini-handshake-timeout.c
 }
 static void
-Index: gnutls-3.2.1/tests/mini-loss-time.c
+Index: gnutls-3.2.3/tests/mini-loss-time.c
 ===================================================================
--- gnutls-3.2.1.orig/tests/mini-loss-time.c
+--- gnutls-3.2.3.orig/tests/mini-loss-time.c
-+++ gnutls-3.2.1/tests/mini-loss-time.c
+++ gnutls-3.2.3/tests/mini-loss-time.c
@@ -28,7 +28,7 @@
 #include <stdlib.h>
 #include <string.h>
@ -587,10 +575,10 @@ Index: gnutls-3.2.1/tests/mini-loss-time.c
 int main()
 {
-Index: gnutls-3.2.1/tests/mini-record.c
+Index: gnutls-3.2.3/tests/mini-record.c
 ===================================================================
--- gnutls-3.2.1.orig/tests/mini-record.c
+--- gnutls-3.2.3.orig/tests/mini-record.c
-+++ gnutls-3.2.1/tests/mini-record.c
+++ gnutls-3.2.3/tests/mini-record.c
@@ -27,7 +27,7 @@
 #include <stdio.h>
 #include <stdlib.h>
@ -600,10 +588,10 @@ Index: gnutls-3.2.1/tests/mini-record.c
 int main()
 {
-Index: gnutls-3.2.1/tests/mini-record-range.c
+Index: gnutls-3.2.3/tests/mini-record-range.c
 ===================================================================
--- gnutls-3.2.1.orig/tests/mini-record-range.c
+--- gnutls-3.2.3.orig/tests/mini-record-range.c
-+++ gnutls-3.2.1/tests/mini-record-range.c
+++ gnutls-3.2.3/tests/mini-record-range.c
@@ -27,7 +27,7 @@
 #include <stdio.h>
 #include <stdlib.h>
@ -613,10 +601,10 @@ Index: gnutls-3.2.1/tests/mini-record-range.c
 int main()
 {
-Index: gnutls-3.2.1/tests/mini-xssl.c
+Index: gnutls-3.2.3/tests/mini-xssl.c
 ===================================================================
--- gnutls-3.2.1.orig/tests/mini-xssl.c
+--- gnutls-3.2.3.orig/tests/mini-xssl.c
-+++ gnutls-3.2.1/tests/mini-xssl.c
+++ gnutls-3.2.3/tests/mini-xssl.c
@@ -27,7 +27,7 @@
 #include <stdio.h>
 #include <stdlib.h>
@ -626,10 +614,10 @@ Index: gnutls-3.2.1/tests/mini-xssl.c
 int main()
 {
-Index: gnutls-3.2.1/tests/pkcs12_simple.c
+Index: gnutls-3.2.3/tests/pkcs12_simple.c
 ===================================================================
--- gnutls-3.2.1.orig/tests/pkcs12_simple.c
+--- gnutls-3.2.3.orig/tests/pkcs12_simple.c
-+++ gnutls-3.2.1/tests/pkcs12_simple.c
+++ gnutls-3.2.3/tests/pkcs12_simple.c
@@ -50,6 +50,10 @@ doit (void)
   gnutls_x509_privkey_t pkey;
   int ret;
@ -641,10 +629,10 @@ Index: gnutls-3.2.1/tests/pkcs12_simple.c
   ret = global_init ();
   if (ret < 0)
     fail ("global_init failed %d\n", ret);
-Index: gnutls-3.2.1/tests/slow/keygen.c
+Index: gnutls-3.2.3/tests/slow/keygen.c
 ===================================================================
--- gnutls-3.2.1.orig/tests/slow/keygen.c
+--- gnutls-3.2.3.orig/tests/slow/keygen.c
-+++ gnutls-3.2.1/tests/slow/keygen.c
+++ gnutls-3.2.3/tests/slow/keygen.c
@@ -65,6 +65,11 @@ doit (void)
                 if (algorithm == GNUTLS_PK_DH)
                     continue;
@ -657,10 +645,10 @@ Index: gnutls-3.2.1/tests/slow/keygen.c
                 ret = gnutls_x509_privkey_init (&pkey);
                 if (ret < 0)
                   {
-Index: gnutls-3.2.1/tests/srp/mini-srp.c
+Index: gnutls-3.2.3/tests/srp/mini-srp.c
 ===================================================================
--- gnutls-3.2.1.orig/tests/srp/mini-srp.c
+--- gnutls-3.2.3.orig/tests/srp/mini-srp.c
-+++ gnutls-3.2.1/tests/srp/mini-srp.c
+++ gnutls-3.2.3/tests/srp/mini-srp.c
@@ -27,7 +27,7 @@
 #include <stdio.h>
 #include <stdlib.h>
@ -670,10 +658,10 @@ Index: gnutls-3.2.1/tests/srp/mini-srp.c
 int main()
 {
-Index: gnutls-3.2.1/lib/auth/ecdhe.c
+Index: gnutls-3.2.3/lib/auth/ecdhe.c
 ===================================================================
--- gnutls-3.2.1.orig/lib/auth/ecdhe.c
+--- gnutls-3.2.3.orig/lib/auth/ecdhe.c
-+++ gnutls-3.2.1/lib/auth/ecdhe.c
+++ gnutls-3.2.3/lib/auth/ecdhe.c
@@ -50,7 +50,7 @@ static int
 proc_ecdhe_client_kx (gnutls_session_t session,
                                     uint8_t * data, size_t _data_size);
@ -683,10 +671,10 @@ Index: gnutls-3.2.1/lib/auth/ecdhe.c
 const mod_auth_st ecdhe_ecdsa_auth_struct = {
   "ECDHE_ECDSA",
   _gnutls_gen_cert_server_crt,
-Index: gnutls-3.2.1/tests/mini-dtls-hello-verify.c
+Index: gnutls-3.2.3/tests/mini-dtls-hello-verify.c
 ===================================================================
--- gnutls-3.2.1.orig/tests/mini-dtls-hello-verify.c
+--- gnutls-3.2.3.orig/tests/mini-dtls-hello-verify.c
-+++ gnutls-3.2.1/tests/mini-dtls-hello-verify.c
+++ gnutls-3.2.3/tests/mini-dtls-hello-verify.c
@@ -27,7 +27,7 @@
 #include <stdio.h>
 #include <stdlib.h>
@ -696,10 +684,10 @@ Index: gnutls-3.2.1/tests/mini-dtls-hello-verify.c
 int main()
 {
-Index: gnutls-3.2.1/tests/mini-alpn.c
+Index: gnutls-3.2.3/tests/mini-alpn.c
 ===================================================================
--- gnutls-3.2.1.orig/tests/mini-alpn.c
+--- gnutls-3.2.3.orig/tests/mini-alpn.c
-+++ gnutls-3.2.1/tests/mini-alpn.c
+++ gnutls-3.2.3/tests/mini-alpn.c
@@ -25,7 +25,7 @@
 #include <stdio.h>
 #include <stdlib.h>
@ -709,3 +697,112 @@ Index: gnutls-3.2.1/tests/mini-alpn.c
 int
 main (int argc, char** argv)
 Index: gnutls-3.2.3/tests/mini-dtls-large.c
 ===================================================================
 --- gnutls-3.2.3.orig/tests/mini-dtls-large.c
 +++ gnutls-3.2.3/tests/mini-dtls-large.c
@@ -25,7 +25,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 -#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT)
 +#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT) || !defined(ENABLE_ECC)
 int
 main ()
@@ -194,7 +194,11 @@ server (int fd)
      * are adequate.
      */
     gnutls_priority_set_direct (session,
 +#ifdef ENABLE_ECDH
                                 "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
 +#else
 +                                "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
 +#endif
                                 NULL);
     gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
 Index: gnutls-3.2.3/tests/priorities.c
 ===================================================================
 --- gnutls-3.2.3.orig/tests/priorities.c
 +++ gnutls-3.2.3/tests/priorities.c
@@ -73,7 +73,7 @@ unsigned i, si, count = 0;
 for (i=0;i<ret;i++)
   fprintf(stderr, "%s\n", gnutls_cipher_get_name(t[i]));
 #endif
 -      fail("expected %d ciphers, found %d\n", expected_ciphers, ret);
 +      fail("%s: expected %d ciphers, found %d\n", prio, expected_ciphers, ret);
       exit(1);
     }
@@ -86,7 +86,7 @@ for (i=0;i<ret;i++)
   if (count != expected_cs) 
     {
 -      fail("expected %d ciphersuites, found %d\n", expected_cs, count);
 +      fail("%s: expected %d ciphersuites, found %d\n", prio, expected_cs, count);
       exit(1);
     }
 }
@@ -94,21 +94,37 @@ for (i=0;i<ret;i++)
 void
 doit (void)
 {
 +#ifdef ENABLE_ECC
 const int normal = 40;
 const int null = 5;
 const int sec128 = 32;
 +#else
 +const int normal = 27;
 +const int null = 3;
 +const int sec128 = 21;
 +#endif
   try_prio("NORMAL", normal, 8);
   try_prio("NORMAL:-MAC-ALL:+MD5:+MAC-ALL", normal, 8);
   try_prio("NORMAL:+CIPHER-ALL", normal, 8); /* all (except null) */
   try_prio("NORMAL:-CIPHER-ALL:+NULL", null, 1); /* null */
   try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL", normal+null, 9); /* should be null + all */
 +#ifdef ENABLE_ECC
   try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 10, 1); /* should be null + all */
 +#else
 +  try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 6, 1); /* should be null + all */
 +#endif
   try_prio("PERFORMANCE", normal, 8);
 +#ifdef ENABLE_ECC
   try_prio("SECURE256", 6, 3);
 +#else
 +  try_prio("SECURE256", 3, 3);
 +#endif
   try_prio("SECURE128", sec128, 6);
   try_prio("SECURE128:+SECURE256", sec128, 6); /* should be the same as SECURE128 */
   try_prio("SECURE128:+SECURE256:+NORMAL", normal, 8); /* should be the same as NORMAL */
 +#ifdef ENABLE_ECC
   try_prio("SUITEB192", 1, 1);
 +#endif
 }
 Index: gnutls-3.2.3/tests/mini-x509-callbacks.c
 ===================================================================
 --- gnutls-3.2.3.orig/tests/mini-x509-callbacks.c
 +++ gnutls-3.2.3/tests/mini-x509-callbacks.c
@@ -56,13 +56,19 @@ unsigned int msg_order[] = {
 	GNUTLS_HANDSHAKE_CLIENT_HELLO,
 	GNUTLS_HANDSHAKE_SERVER_HELLO,
 	GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
 +#ifndef ENABLE_ECC
 +	/*Sent: CERTIFICATE REQUEST, expected SERVER KEY EXCHANGE*/
 +	GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST,
 +#else
 	GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE,
 	GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST,
 +#endif
 	GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
 	GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
 	GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE,
 	GNUTLS_HANDSHAKE_FINISHED,
 	GNUTLS_HANDSHAKE_FINISHED,
 +
 };
 static int handshake_callback (gnutls_session_t session, unsigned int htype, unsigned post, unsigned int incoming)
--- a/gnutls-3.2.3.tar.xz
+++ b/gnutls-3.2.3.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:0543ca13ce9ee1dea95a9349d319623b74d93b8a23935543197b1682bb7f2b5b
 size 5119264
--- a/gnutls-3.2.3.tar.xz.sig
+++ b/gnutls-3.2.3.tar.xz.sig
--- a/gnutls-32bit.patch
+++ b/gnutls-32bit.patch
@ -1,35 +0,0 @@
 From b12040aeab5fbaf02677571db1d8bf1995bd5ee0 Mon Sep 17 00:00:00 2001
 From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 Date: Sun, 2 Jun 2013 12:10:06 +0200
 Subject: [PATCH] Avoid comparing the expiration date to prevent false positive error in 32-bit systems.
 ---
 tests/cert-tests/pem-decoding |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)
 diff --git a/tests/cert-tests/pem-decoding b/tests/cert-tests/pem-decoding
 index fe769ec..f8c6372 100755
 --- a/tests/cert-tests/pem-decoding
 +++ b/tests/cert-tests/pem-decoding
@@ -61,7 +61,9 @@ if test "$rc" != "0"; then
   exit $rc
 fi
 -diff $srcdir/complex-cert.pem tmp-pem.pem
 +cat $srcdir/complex-cert.pem |grep -v "Not After:" >tmp1
 +cat $srcdir/tmp-pem.pem |grep -v "Not After:" >tmp2
 +diff tmp1 tmp2
 rc=$?
 if test "$rc" != "0"; then
@@ -69,6 +71,6 @@ if test "$rc" != "0"; then
   exit $rc
 fi
 -rm -f tmp-pem.pem
 +rm -f tmp-pem.pem tmp1 tmp2
 exit 0
 -- 
 1.7.1
--- a/gnutls-implement-trust-store-dir.diff
+++ b/gnutls-implement-trust-store-dir.diff
@ -1,8 +1,8 @@
-Index: gnutls-3.2.1/configure.ac
+Index: gnutls-3.2.3/configure.ac
 ===================================================================
--- gnutls-3.2.1.orig/configure.ac
+--- gnutls-3.2.3.orig/configure.ac
-+++ gnutls-3.2.1/configure.ac
+++ gnutls-3.2.3/configure.ac
-@@ -398,6 +398,25 @@ if test "$with_default_trust_store_file"
+@@ -418,6 +418,25 @@ if test "$with_default_trust_store_file"
   with_default_trust_store_file=""
 fi
@ -28,7 +28,7 @@ Index: gnutls-3.2.1/configure.ac
 AC_ARG_WITH([default-crl-file],
   [AS_HELP_STRING([--with-default-crl-file=FILE],
     [use the given CRL file as default])])
-@@ -407,6 +426,11 @@ if test "x$with_default_trust_store_file
+@@ -427,6 +446,11 @@ if test "x$with_default_trust_store_file
     ["$with_default_trust_store_file"], [use the given file default trust store])
 fi
@ -40,7 +40,7 @@ Index: gnutls-3.2.1/configure.ac
 if test "x$with_default_crl_file" != x; then
   AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE],
     ["$with_default_crl_file"], [use the given CRL file])
-@@ -683,6 +707,7 @@ AC_MSG_NOTICE([System files:
+@@ -704,6 +728,7 @@ AC_MSG_NOTICE([System files:
   Trust store pkcs:     $with_default_trust_store_pkcs11
   Trust store file:     $with_default_trust_store_file
@ -48,10 +48,10 @@ Index: gnutls-3.2.1/configure.ac
   CRL file:             $with_default_crl_file
   DNSSEC root key file: $unbound_root_key_file
 ])
-Index: gnutls-3.2.1/lib/system.c
+Index: gnutls-3.2.3/lib/system.c
 ===================================================================
--- gnutls-3.2.1.orig/lib/system.c
+--- gnutls-3.2.3.orig/lib/system.c
-+++ gnutls-3.2.1/lib/system.c
+++ gnutls-3.2.3/lib/system.c
@@ -385,7 +385,45 @@ const char *home_dir = getenv ("HOME");
   return 0;
 }
--- a/gnutls.changes
+++ b/gnutls.changes
@ -1,3 +1,37 @@
 -------------------------------------------------------------------
 Thu Aug  1 13:42:11 UTC 2013 - meissner@suse.com
 - Updated to 3.2.3
  ** libgnutls: Fixes in parsing of priority strings. Patch by Stefan
     Buehler.
  ** libgnutls: Solve issue with received TLS packets that exceed 2^14.
     (this fixes a bug that was accidentally introduced in 3.2.2)
  ** libgnutls: Removed gnulib modules under LGPLv3 that could possibly
     be used by the library.
  ** libgnutls: Fixes in gnutls_record_send_range(). Report and initial
     fix by Alfredo Pironti.
 - Updated to 3.2.2
  ** libgnutls: Several optimizations in the related to packet processing
     subsystems.
  ** libgnutls: DTLS replay detection can now be disabled (to be used
     in certain transport layers like SCTP).
  ** libgnutls: Fixes in SRTP extension generation when MKI is being used.
  ** libgnutls: Added ability to set hooks before or
     after sending or receiving any handshake message with
     gnutls_handshake_set_hook_function().
 - gnutls-3.2.3-noecc.patch: updated to disable ECC.
 - automake-1.12.patch: upstream, dropped
 - gnutls-32bit.patch: upstream, dropped
 - gnutls-3.2.1-pkcs11.diff: upstream, dropped
 -------------------------------------------------------------------
 Fri Jul 26 12:45:45 UTC 2013 - lnussel@suse.de
--- a/gnutls.spec
+++ b/gnutls.spec
@ -21,7 +21,7 @@
 %define gnutls_ossl_sover 27
 Name:           gnutls
-Version:        3.2.1
+Version:        3.2.3
 Release:        0
 Summary:        The GNU Transport Layer Security Library
 License:        LGPL-2.1+ and GPL-3.0+
@ -32,20 +32,12 @@ Source0:        ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/%{name}-%{version}.tar.x
 Source1:        ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/%{name}-%{version}.tar.xz.sig
 Source2:        %name.keyring
 Source3:        baselibs.conf
 # https://gitorious.org/gnutls/gnutls/commit/7613c3251430a212fe5d6001863045f20eca7563
 # PATCH-UPSTREAM lnussel@suse.de -- fix reading ca-certificates # via pkcs11 interface
 Patch1:         gnutls-3.2.1-pkcs11.diff
 Patch2:         automake-1.12.patch
 # PATCH-FIX-OPENSUSE gnutls-3.0.26-skip-test-fwrite.patch andreas.stieger@gmx.de -- skip a failing test
 Patch3:         gnutls-3.0.26-skip-test-fwrite.patch
 # https://gitorious.org/gnutls/gnutls/commit/b12040aeab5fbaf02677571db1d8bf1995bd5ee0?format=patch
 # PATCH-UPSTREAM gnutls-32bit.patch meissner@suse.de -- avoid dates after 2037 with 32bit time_t
 Patch4:         gnutls-32bit.patch
 # Disable elliptic curves for reasons. - meissner&cfarrell
-Patch5:         gnutls-3.2.1-noecc.patch
+Patch5:         gnutls-3.2.3-noecc.patch
 Patch6:         gnutls-implement-trust-store-dir.diff
 BuildRequires:  automake
@ -143,10 +135,7 @@ Files needed for software development using gnutls.
 %prep
 %setup -q
 %patch1 -p1
 %patch2 -p1
 %patch3
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1