From 60b4dea541000d5b317e1acf2fd7be60c8b6dd9e343d36b58810c467ba60e6f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tchvatal@suse.com>
Date: Mon, 15 Oct 2018 08:27:49 +0000
Subject: [PATCH] - Version update to 3.6.4:   ** libgnutls: Added the final
 (RFC8446) version numbering of the TLS1.3 protocol.   ** libgnutls: Corrected
 regression since 3.6.3 in the callbacks set with     
 gnutls_certificate_set_retrieve_function() which could not handle the case
 where      no certificates were returned, or the callbacks were set to NULL
 (see #528).   ** libgnutls: gnutls_handshake() on server returns early on
 handshake when no      certificate is presented by client and the
 gnutls_init() flag GNUTLS_ENABLE_EARLY_START      is specified.   **
 libgnutls: Added session ticket key rotation on server side with TOTP.     
 The key set with gnutls_session_ticket_enable_server() is used as a     
 master key to generate time-based keys for tickets. The rotation      relates
 to the gnutls_db_set_cache_expiration() period.   ** libgnutls: The 'record
 size limit' extension is added and preferred to the      'max record size'
 extension when possible.   ** libgnutls: Provide a more flexible PKCS#11
 search of trust store certificates.      This addresses the problem where the
 CA certificate doesn't have a subject key      identifier whereas the end
 certificates have an authority key identifier (#569)   ** libgnutls:
 gnutls_privkey_export_gost_raw2(), gnutls_privkey_import_gost_raw(),     
 gnutls_pubkey_export_gost_raw2(), gnutls_pubkey_import_gost_raw() import     
 and export GOST parameters in the "native" little endian format used for
 these      curves. This is an intentional incompatible change with 3.6.3.  
 ** libgnutls: Added support for seperately negotiating client and server
 certificate types      as defined in RFC7250. This mechanism must be
 explicitly enabled via the      GNUTLS_ENABLE_CERT_TYPE_NEG flag in
 gnutls_init().

OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=10
---
 gnutls-3.6.3.tar.xz     |   3 ---
 gnutls-3.6.3.tar.xz.sig | Bin 310 -> 0 bytes
 gnutls-3.6.4.tar.xz     |   3 +++
 gnutls-3.6.4.tar.xz.sig | Bin 0 -> 310 bytes
 gnutls.changes          |  28 ++++++++++++++++++++++++++++
 gnutls.spec             |   8 ++++----
 6 files changed, 35 insertions(+), 7 deletions(-)
 delete mode 100644 gnutls-3.6.3.tar.xz
 delete mode 100644 gnutls-3.6.3.tar.xz.sig
 create mode 100644 gnutls-3.6.4.tar.xz
 create mode 100644 gnutls-3.6.4.tar.xz.sig

diff --git a/gnutls-3.6.3.tar.xz b/gnutls-3.6.3.tar.xz
deleted file mode 100644
index 1a9c38b..0000000
--- a/gnutls-3.6.3.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ed642b66a4ecf4851ab2d809cd1475c297b6201d8e8bd14b4d1c08b53ffca993
-size 8010284
diff --git a/gnutls-3.6.3.tar.xz.sig b/gnutls-3.6.3.tar.xz.sig
deleted file mode 100644
index 40737635f8ea03187e2c3da469f25dfc8a931e40795063e6dd216123ed365a98..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 310
zcmV-60m=S}0W$;u0SEvc79j*#`?XxB^Qfx~P&aef97u=pXPRXN0$WTzrT_{F5ZD|@
zhw*2cWx{O-|9DYQbf@FmLFKV++K+oBGCPrIXF>A-!)Ei6erqy({I?}u;f2yZJoeED
z1&`*<2cj}9@AD~;&C&Y*9ELJ1{%CQ_xSNaiv-7OXE5t-9fr?Nltl1N<yGpft!CsFP
z^)7sNJ*UxDf9*QU9wHE11Nu(ra!AI6XU31Ivn>O>?ta$(B3l#_miihz;dHCzDJWBj
z2?;=GPk3U3%aU|=^-1+ODrDjNHQ;3?7k`Tfk~^#WD@QFyC)twOinlMtcLN*Svrt=O
z%-Xh8b{fKyl7stId+WuNSn%J}3B09Z9-3b!1J$Glb+D`>eIlbK^)ODveM|ADvlRPe
Ij*+beP$5>7NB{r;

diff --git a/gnutls-3.6.4.tar.xz b/gnutls-3.6.4.tar.xz
new file mode 100644
index 0000000..5759e19
--- /dev/null
+++ b/gnutls-3.6.4.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c663a792fbc84349c27c36059181f2ca86c9442e75ee8b0ad72f5f9b35deab3a
+size 8076364
diff --git a/gnutls-3.6.4.tar.xz.sig b/gnutls-3.6.4.tar.xz.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..2b06d97bbc1218fe281ee7bd5254385d34d2792c8adfbbd4545250c22a2e0be0
GIT binary patch
literal 310
zcmV-60m=S}0W$;u0SEvc79j*#`?XxB^Qfx~P&aef97u=pXPRXN0$ZsC%>W7s5ZD|@
zhw*2cWvGJ({111@?(8K06>$e>&5klzF?ykNVKD%ZO0b;hTp?b;TwE<-S7AN^RK*9D
z_o#4SEIOY`TLRCKMPCk0u@<06D7-mg^c)*^(Q$~~!KCTTwNajSDf<_RUv8`?Y4N(5
z(<tlh$XRwfCitSX+CuzT>6s(gjPMsV;|wQt=NDfhj?QATs_bwo#MPrrZC*^2gpVU)
z3#@Ep|J}+C8M_RlV@#|%2LM0c9M5+eZ2YKC>7dFDrHKWFUyrQ`8vDg28U%u?I=#>p
zws$j1+!>dhiU=$<kHQ7>Qo6tO5gQF7ck6SaBkHt;bCm@}1Fd|nfY1o$h}JdYI$q3i
I_5}}yX6KrWGynhq

literal 0
HcmV?d00001

diff --git a/gnutls.changes b/gnutls.changes
index 4124eef..39b9a87 100644
--- a/gnutls.changes
+++ b/gnutls.changes
@@ -1,3 +1,31 @@
+-------------------------------------------------------------------
+Mon Oct 15 08:26:48 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
+
+- Version update to 3.6.4:
+  ** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol.
+  ** libgnutls: Corrected regression since 3.6.3 in the callbacks set with
+     gnutls_certificate_set_retrieve_function() which could not handle the case where
+     no certificates were returned, or the callbacks were set to NULL (see #528).
+  ** libgnutls: gnutls_handshake() on server returns early on handshake when no
+     certificate is presented by client and the gnutls_init() flag GNUTLS_ENABLE_EARLY_START
+     is specified.
+  ** libgnutls: Added session ticket key rotation on server side with TOTP.
+     The key set with gnutls_session_ticket_enable_server() is used as a
+     master key to generate time-based keys for tickets. The rotation
+     relates to the gnutls_db_set_cache_expiration() period.
+  ** libgnutls: The 'record size limit' extension is added and preferred to the
+     'max record size' extension when possible.
+  ** libgnutls: Provide a more flexible PKCS#11 search of trust store certificates.
+     This addresses the problem where the CA certificate doesn't have a subject key
+     identifier whereas the end certificates have an authority key identifier (#569)
+  ** libgnutls: gnutls_privkey_export_gost_raw2(), gnutls_privkey_import_gost_raw(),
+     gnutls_pubkey_export_gost_raw2(), gnutls_pubkey_import_gost_raw() import
+     and export GOST parameters in the "native" little endian format used for these
+     curves. This is an intentional incompatible change with 3.6.3.
+  ** libgnutls: Added support for seperately negotiating client and server certificate types
+     as defined in RFC7250. This mechanism must be explicitly enabled via the
+     GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init().
+
 -------------------------------------------------------------------
 Tue Sep 18 08:39:56 UTC 2018 - schwab@suse.de
 
diff --git a/gnutls.spec b/gnutls.spec
index 5243e8c..4cdebf6 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -20,8 +20,8 @@
 %define gnutlsxx_sover 28
 %define gnutls_dane_sover 0
 
-# unbound isn't in SLE (bsc#1086428)
-%if 0%{?is_opensuse}
+# unbound isn't in SLE12 (bsc#1086428)
+%if 0%{?is_opensuse} || 0%{?suse_version} >= 1500
 %bcond_without dane
 %else
 %bcond_with dane
@@ -29,7 +29,7 @@
 %bcond_with tpm
 %bcond_without guile
 Name:           gnutls
-Version:        3.6.3
+Version:        3.6.4
 Release:        0
 Summary:        The GNU Transport Layer Security Library
 License:        LGPL-2.1-or-later AND GPL-3.0-or-later