From a4119f3566ee12966e3b0546950fdfa50861e3a140da07786d8e4fd43880cb93 Mon Sep 17 00:00:00 2001
From: Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
Date: Mon, 31 May 2021 09:16:21 +0000
Subject: [PATCH 1/2] Accepting request 895665 from
 home:pmonrealgonzalez:branches:security:tls

- Rework the crypto-policies dependencies in libraries [bsc#1186385]

OBS-URL: https://build.opensuse.org/request/show/895665
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=53
---
 gnutls.changes |  5 +++++
 gnutls.spec    | 11 ++++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/gnutls.changes b/gnutls.changes
index 2521949..0ebe332 100644
--- a/gnutls.changes
+++ b/gnutls.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed May 26 11:51:56 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Rework the crypto-policies dependencies in libraries [bsc#1186385]
+
 -------------------------------------------------------------------
 Thu May 13 16:34:28 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
 
diff --git a/gnutls.spec b/gnutls.spec
index 34bd502..98a7773 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -94,6 +94,9 @@ Summary:        The GNU Transport Layer Security Library
 # install libopenssl and libopenssl-hmac close together (bsc#1090765)
 License:        LGPL-2.1-or-later
 Group:          System/Libraries
+%if 0%{?suse_version} && ! 0%{?sle_version}
+Requires:       crypto-policies
+%endif
 Suggests:       libgnutls%{gnutls_sover}-hmac = %{version}-%{release}
 
 %description -n libgnutls%{gnutls_sover}
@@ -124,6 +127,9 @@ This package contains the "DANE" part of gnutls.
 Summary:        C++ API for the GNU Transport Layer Security Library
 License:        LGPL-2.1-or-later
 Group:          System/Libraries
+%if 0%{?suse_version} && ! 0%{?sle_version}
+Requires:       crypto-policies
+%endif
 
 %description -n libgnutlsxx%{gnutlsxx_sover}
 The GnuTLS library provides a secure layer over a reliable transport
@@ -134,8 +140,11 @@ of the IETF's TLS working group.
 Summary:        Development package for the GnuTLS C API
 License:        LGPL-2.1-or-later
 Group:          Development/Libraries/C and C++
+%if 0%{?suse_version} && ! 0%{?sle_version}
+Requires:       crypto-policies
+%endif
 Requires:       glibc-devel
-Requires:       gnutls = %{version}-%{release}
+Requires:       gnutls = %{version}
 Requires:       libgnutls%{gnutls_sover} = %{version}
 Requires(pre):  %{install_info_prereq}
 Provides:       gnutls-devel = %{version}-%{release}

From b3497d31346e19f45877e8df4cbc7bbeac62790caa9b1705f3fb01dd40d50cf0 Mon Sep 17 00:00:00 2001
From: Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
Date: Tue, 1 Jun 2021 12:42:43 +0000
Subject: [PATCH 2/2] Accepting request 896474 from
 home:susnux:branches:security:tls

Update to version 3.7.2

OBS-URL: https://build.opensuse.org/request/show/896474
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=54
---
 gnutls-3.7.1.tar.xz     |   3 ---
 gnutls-3.7.1.tar.xz.sig | Bin 580 -> 0 bytes
 gnutls-3.7.2.tar.xz     |   3 +++
 gnutls-3.7.2.tar.xz.sig | Bin 0 -> 566 bytes
 gnutls.changes          |  17 +++++++++++++++++
 gnutls.spec             |  12 +++++++++++-
 6 files changed, 31 insertions(+), 4 deletions(-)
 delete mode 100644 gnutls-3.7.1.tar.xz
 delete mode 100644 gnutls-3.7.1.tar.xz.sig
 create mode 100644 gnutls-3.7.2.tar.xz
 create mode 100644 gnutls-3.7.2.tar.xz.sig

diff --git a/gnutls-3.7.1.tar.xz b/gnutls-3.7.1.tar.xz
deleted file mode 100644
index bad97ee..0000000
--- a/gnutls-3.7.1.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3777d7963eca5e06eb315686163b7b3f5045e2baac5e54e038ace9835e5cac6f
-size 6038388
diff --git a/gnutls-3.7.1.tar.xz.sig b/gnutls-3.7.1.tar.xz.sig
deleted file mode 100644
index 9be009b9c8c5a0564280454166c6b79d38e9991dcb8dd8e4c2f074fb58fd7fc2..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 580
zcmV-K0=xZ*0zm`-0SEvq79j*iA|=DLZ#0LW$VqJ01%!^*=9qB>0$@nDlMNhoWo~ak
zXKr;aZ*pe<3JDO_1%!^*=9qEa2@n8_Qj**U>~w<nNC!S^st|8sh0{{M|KgLr*U93l
z3d&JfscJ}UfXKmVkyn#XM+p-W7}_US!_-=l>;kkC83?`m;wVkSV+5rpdf4u$CSvth
zJu@4FYtx85drw5nWKk@JWr4KGwcgt0%HWw;vs)hB$_eb`dm*|Qayn?iJ|!hGA3Dy;
z1puApK<~Wa9-N=`!OxPh6Z>k`;eF=k6rNNlhE)(A>@NBpFyb<e4Gk!I<^nI|Sxsup
z&Sc93{wlD1DFoZ^y(;Gcd5pAqbv%zkC&mG{ONU7Ai6FS863aQ|I(><1Ig4o;6zyAI
zQgjqszW<T)<EL9Tl*;cAO^nP#B)R#5%<tGu;I9k9O42RjK$X(~2k$$B%Yo3QG_M(-
z7r_a$2++CmbHjjT4{^^G6FBi-4Gp_1o{UPCU6YLa6Y1iR>>!vI9E^Js1n9jnaVK9h
zgS|VZPQZsXyv9VhyXlkxsNur)XM<CZ{HjBW;d(nGFt0uu_$RY~1vYp9`MwyU)yrQr
zLr%JN6>{31(=yE|P2qdc*}9Ev@p64gV`3?;n9A;QQ2mt>e3SBnJhI<v;0ML|VUPR0
zjY1qJKPhX_V}lR`imKt1fy3O;8}O-Z#br*AV!4!zTdDc^pnzO^JA8oh1;6`aY@$_c
Sr!!Fd7sUpKBVcPb()U@E&lltX

diff --git a/gnutls-3.7.2.tar.xz b/gnutls-3.7.2.tar.xz
new file mode 100644
index 0000000..9d64f36
--- /dev/null
+++ b/gnutls-3.7.2.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:646e6c5a9a185faa4cea796d378a1ba8e1148dbb197ca6605f95986a25af2752
+size 6091508
diff --git a/gnutls-3.7.2.tar.xz.sig b/gnutls-3.7.2.tar.xz.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..b824c33ca90bc5227d7ac2baada366f60423bdf58feeb373f7c69b922f4db8d2
GIT binary patch
literal 566
zcmV-60?GY}0y6{v0SEvc79j*iA|=DLZ#0LW$VqJ01%!^*=9qB>0${QKqW}sC5Y`2R
zj@RaxadRIK0FB*6&5Rp)tlSX`q2s+^I@4wgW!J@rNTG3!pm5Yqk&ON)bQ7Nm53Qt&
z71D~Uy_&s|O#CR%ZD>3^{SoDdVs4UI$YVW&G;B9e-=2mWZ&9{Pn6Yt!oUa)Iz(J!R
zzPe|cjqFrL<tOy=d*rd!Hk98C#jEK6;ROJngz*iu#;sr$X+yv|l!f<LOqhz9r^&9*
z^JGl<isgN}G@C}ADB(I8H(v9rg--ZPFzpc($o939Wb2I7vTmt`S;#zM-WgypCt!`O
zF?Q(9Bn^Rk^P>({PUI!blr3E~Kc-p1gAE9I5w^(FU*Vp{V4}U2r>03!AWd;a#H#3m
zP;hE|i{<rvw|@jSUg#0RMaDZ5A!>9Y==>#WSci)!2Tlf$=Jg&FoKI@CQ_38g7GSEw
z6h;fy3i?h^mm=@j44V@Q`Fr`4lYVZn5rs)F`QWr&)2W)y{lKfEblG;UP%)C9+^%ba
zFm_2!af@$oCaQM*n0I2j1Y++jy#dsUN6B3UuXVm|L{rar_^t!bRIr$SclUfcBkvqv
z1gp}$SIEYBNpj+NeGh8Uwu-L`b5BeZD$7cn2COAA0v&y_KYR^gXeRX=)-S1JK{sXw
z{s<8u6;Z>3k?Z6@-`ddv0ajKG_^1s^0RE%=#b~*i)~}zj4&o9Gjp}2B(Xdh0|EhyR
E5A-Szz5oCK

literal 0
HcmV?d00001

diff --git a/gnutls.changes b/gnutls.changes
index 0ebe332..920d559 100644
--- a/gnutls.changes
+++ b/gnutls.changes
@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Tue Jun  1 01:00:34 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
+
+- Update to version 3.7.2
+  * Added Linux kernel AF_ALG based acceleration
+  * Fixed timing of early data exchange
+  * The priority string option DISABLE_TLS13_COMPAT_MODE was added
+    to disable TLS 1.3 middlebox compatibility mode
+  * The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to
+    GNUTLS_NO_IMPLICIT_INIT to reflect the purpose 
+  * certtool:
+    * When signing a CSR, CRL distribution point (CDP) is no
+      longer copied from the signing CA by default
+    * When producing certificates and certificate requests, subject
+      DN components that are provided individually will now be
+      ordered by assumed scale
+
 -------------------------------------------------------------------
 Wed May 26 11:51:56 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
 
diff --git a/gnutls.spec b/gnutls.spec
index 98a7773..8d63e6f 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -25,10 +25,16 @@
 %else
 %bcond_with dane
 %endif
+# Enable Linux kernel AF_ALG based acceleration
+%if 0%{?suse_version} >= 1550
+%bcond_without kcapi
+%else
+%bcond_with kcapi
+%endif
 %bcond_with tpm
 %bcond_without guile
 Name:           gnutls
-Version:        3.7.1
+Version:        3.7.2
 Release:        0
 Summary:        The GNU Transport Layer Security Library
 License:        GPL-3.0-or-later AND LGPL-2.1-or-later
@@ -61,6 +67,9 @@ BuildRequires:  pkgconfig
 BuildRequires:  xz
 BuildRequires:  zlib-devel
 BuildRequires:  pkgconfig(autoopts)
+%if %{with kcapi}
+BuildRequires:  pkgconfig(libkcapi)
+%endif
 %if 0%{?suse_version} <= 1320
 BuildRequires:  net-tools
 %else
@@ -201,6 +210,7 @@ export CXXFLAGS="%{optflags} -fPIE"
         --disable-static \
         --disable-rpath \
         --disable-silent-rules \
+        %{?with_kcapi:--enable-afalg} \
         --with-default-trust-store-dir=%{_localstatedir}/lib/ca-certificates/pem \
         --with-system-priority-file=%{_sysconfdir}/crypto-policies/back-ends/gnutls.config \
         --with-default-priority-string="@SYSTEM" \