From a11fa3fadd9064fafa9ce80a8a679ebdfdd91dfed98ecc61fba674cc0b93c1c4 Mon Sep 17 00:00:00 2001
From: Stephan Kulow <coolo@suse.com>
Date: Thu, 1 Aug 2013 15:15:14 +0000
Subject: [PATCH] Accepting request 185475 from Base:System

- Updated to 3.2.3
  ** libgnutls: Fixes in parsing of priority strings. Patch by Stefan
     Buehler.
  ** libgnutls: Solve issue with received TLS packets that exceed 2^14.
     (this fixes a bug that was accidentally introduced in 3.2.2)
  ** libgnutls: Removed gnulib modules under LGPLv3 that could possibly
     be used by the library.
  ** libgnutls: Fixes in gnutls_record_send_range(). Report and initial
     fix by Alfredo Pironti.
- Updated to 3.2.2
  ** libgnutls: Several optimizations in the related to packet processing
     subsystems.
  ** libgnutls: DTLS replay detection can now be disabled (to be used
     in certain transport layers like SCTP).
  ** libgnutls: Fixes in SRTP extension generation when MKI is being used.
  ** libgnutls: Added ability to set hooks before or
     after sending or receiving any handshake message with
     gnutls_handshake_set_hook_function().
- gnutls-3.2.3-noecc.patch: updated to disable ECC.
- automake-1.12.patch: upstream, dropped
- gnutls-32bit.patch: upstream, dropped
- gnutls-3.2.1-pkcs11.diff: upstream, dropped

OBS-URL: https://build.opensuse.org/request/show/185475
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=62
---
 automake-1.12.patch                           |  52 ---
 gnutls-3.2.1-pkcs11.diff                      |  28 --
 gnutls-3.2.1.tar.xz                           |   3 -
 gnutls-3.2.1.tar.xz.sig                       | Bin 287 -> 0 bytes
 ....1-noecc.patch => gnutls-3.2.3-noecc.patch | 323 ++++++++++++------
 gnutls-3.2.3.tar.xz                           |   3 +
 gnutls-3.2.3.tar.xz.sig                       | Bin 0 -> 286 bytes
 gnutls-32bit.patch                            |  35 --
 gnutls-implement-trust-store-dir.diff         |  18 +-
 gnutls.changes                                |  34 ++
 gnutls.spec                                   |  15 +-
 11 files changed, 258 insertions(+), 253 deletions(-)
 delete mode 100644 automake-1.12.patch
 delete mode 100644 gnutls-3.2.1-pkcs11.diff
 delete mode 100644 gnutls-3.2.1.tar.xz
 delete mode 100644 gnutls-3.2.1.tar.xz.sig
 rename gnutls-3.2.1-noecc.patch => gnutls-3.2.3-noecc.patch (65%)
 create mode 100644 gnutls-3.2.3.tar.xz
 create mode 100644 gnutls-3.2.3.tar.xz.sig
 delete mode 100644 gnutls-32bit.patch

diff --git a/automake-1.12.patch b/automake-1.12.patch
deleted file mode 100644
index 02f1160..0000000
--- a/automake-1.12.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-Index: gnutls-3.2.1/aclocal.m4
-===================================================================
---- gnutls-3.2.1.orig/aclocal.m4
-+++ gnutls-3.2.1/aclocal.m4
-@@ -517,7 +517,7 @@ AM_MISSING_PROG(AUTOHEADER, autoheader)
- AM_MISSING_PROG(MAKEINFO, makeinfo)
- AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
- AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
--AC_REQUIRE([AM_PROG_MKDIR_P])dnl
-+AC_REQUIRE([AC_PROG_MKDIR_P])dnl
- # We need awk for the "check" target.  The system "awk" is bad on
- # some platforms.
- AC_REQUIRE([AC_PROG_AWK])dnl
-@@ -761,10 +761,10 @@ fi
- 
- # serial 1
- 
--# AM_PROG_MKDIR_P
-+# AC_PROG_MKDIR_P
- # ---------------
- # Check for `mkdir -p'.
--AC_DEFUN([AM_PROG_MKDIR_P],
-+AC_DEFUN([AC_PROG_MKDIR_P],
- [AC_PREREQ([2.60])dnl
- AC_REQUIRE([AC_PROG_MKDIR_P])dnl
- dnl Automake 1.8 to 1.9.6 used to define mkdir_p.  We now use MKDIR_P,
-Index: gnutls-3.2.1/gl/m4/gnulib-common.m4
-===================================================================
---- gnutls-3.2.1.orig/gl/m4/gnulib-common.m4
-+++ gnutls-3.2.1/gl/m4/gnulib-common.m4
-@@ -303,7 +303,7 @@ m4_ifdef([AC_PROG_MKDIR_P], [
-     AC_SUBST([MKDIR_P])])], [
-   dnl For autoconf < 2.60: Backport of AC_PROG_MKDIR_P.
-   AC_DEFUN_ONCE([AC_PROG_MKDIR_P],
--    [AC_REQUIRE([AM_PROG_MKDIR_P])dnl defined by automake
-+    [AC_REQUIRE([AC_PROG_MKDIR_P])dnl defined by automake
-      MKDIR_P='$(mkdir_p)'
-      AC_SUBST([MKDIR_P])])])
- ])
-Index: gnutls-3.2.1/m4/po.m4
-===================================================================
---- gnutls-3.2.1.orig/m4/po.m4
-+++ gnutls-3.2.1/m4/po.m4
-@@ -24,7 +24,7 @@ AC_DEFUN([AM_PO_SUBDIRS],
- [
-   AC_REQUIRE([AC_PROG_MAKE_SET])dnl
-   AC_REQUIRE([AC_PROG_INSTALL])dnl
--  AC_REQUIRE([AM_PROG_MKDIR_P])dnl defined by automake
-+  AC_REQUIRE([AC_PROG_MKDIR_P])dnl defined by automake
-   AC_REQUIRE([AM_NLS])dnl
- 
-   dnl Release version of the gettext macros. This is used to ensure that
diff --git a/gnutls-3.2.1-pkcs11.diff b/gnutls-3.2.1-pkcs11.diff
deleted file mode 100644
index 8b2d063..0000000
--- a/gnutls-3.2.1-pkcs11.diff
+++ /dev/null
@@ -1,28 +0,0 @@
-From 9008620a9c452fb33942f0f8ee03a44fdf277475 Mon Sep 17 00:00:00 2001
-From: Stef Walter <stefw@redhat.com>
-Date: Thu, 4 Jul 2013 16:15:03 +0200
-Subject: [PATCH] pkcs11: Use the correct attribute length for CKA_TRUSTED
-
-CKA_TRUSTED is a CK_BBOOL value in PKCS#11. Since object searches
-are done with the attribute byte values, we need to get the length
-exactly right.
----
- lib/pkcs11.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/pkcs11.c b/lib/pkcs11.c
-index 27ea3f4..3da3b92 100644
---- a/lib/pkcs11.c
-+++ b/lib/pkcs11.c
-@@ -2201,7 +2201,7 @@ find_objs (struct pkcs11_session_info* sinfo,
-   struct ck_attribute *attr;
-   ck_object_class_t class = (ck_object_class_t)-1;
-   ck_certificate_type_t type = (ck_certificate_type_t)-1;
--  unsigned int trusted;
-+  unsigned char trusted;
-   unsigned long category;
-   ck_rv_t rv;
-   ck_object_handle_t obj;
--- 
-1.8.3.1
-
diff --git a/gnutls-3.2.1.tar.xz b/gnutls-3.2.1.tar.xz
deleted file mode 100644
index fb3f89b..0000000
--- a/gnutls-3.2.1.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:abfa8165947837ada2363355ada25d913f48e6bb261f0a67f20d2fb6079e22fe
-size 5127332
diff --git a/gnutls-3.2.1.tar.xz.sig b/gnutls-3.2.1.tar.xz.sig
deleted file mode 100644
index c8ebaca8ceb8e423a957f4ca39c96f20d23489a3a362677c94989d9c404ef066..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 287
zcmV+)0pR|L0UQJX0RjL91p-m2*f0PJ2@suLs`ii*xIz}b2meSMakAO8GA7S+i+E`B
zNjhzROERVrB<BSJED4pI7#lenSZ%QUS6B&ro+TsWd+^>V(dO7TZ<#C4!KC?k-X47b
zANFK1t;G?gE?SA#aAn`@6{%^E*cZ>MBzmPLsUzW);|t|Kvg=?UoFLZ;#P4t;yq}03
z19CE%H}bX#(1S6Fa#HQMp<MuDSS;16FyXvM5s)jd!E}oWVxj+^)tMX>2xi3{O3TLe
zL~YB8;j`IU#!}zm)o)OIf_7z0wK2P!eSVy+e+pyHe7;ciI@~g2Twef|I-b4L!$fkj
lQq2l6KB>r!!T*5|5=YJmN`@C)M8Ke97x4nWf=o~y&vHhsgU<i}

diff --git a/gnutls-3.2.1-noecc.patch b/gnutls-3.2.3-noecc.patch
similarity index 65%
rename from gnutls-3.2.1-noecc.patch
rename to gnutls-3.2.3-noecc.patch
index db4835f..9b45115 100644
--- a/gnutls-3.2.1-noecc.patch
+++ b/gnutls-3.2.3-noecc.patch
@@ -1,7 +1,7 @@
-Index: gnutls-3.2.1/lib/algorithms/kx.c
+Index: gnutls-3.2.3/lib/algorithms/kx.c
 ===================================================================
---- gnutls-3.2.1.orig/lib/algorithms/kx.c
-+++ gnutls-3.2.1/lib/algorithms/kx.c
+--- gnutls-3.2.3.orig/lib/algorithms/kx.c
++++ gnutls-3.2.3/lib/algorithms/kx.c
 @@ -28,9 +28,11 @@
  
  extern mod_auth_st rsa_auth_struct;
@@ -14,18 +14,25 @@ Index: gnutls-3.2.1/lib/algorithms/kx.c
  extern mod_auth_st dhe_dss_auth_struct;
  extern mod_auth_st anon_auth_struct;
  extern mod_auth_st anon_ecdh_auth_struct;
-@@ -57,8 +59,10 @@ static const gnutls_cred_map cred_mappin
+@@ -57,13 +59,17 @@ static const gnutls_cred_map cred_mappin
    {GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
    {GNUTLS_KX_ANON_ECDH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
    {GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
-+#ifdef ENABLE_ECC
++#ifdef ENABLE_ECDHE
    {GNUTLS_KX_ECDHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
    {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
 +#endif
    {GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
    {GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
    {GNUTLS_KX_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
-@@ -98,7 +102,7 @@ static const gnutls_kx_algo_entry _gnutl
+   {GNUTLS_KX_DHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
++#ifdef ENABLE_ECDHE
+   {GNUTLS_KX_ECDHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
++#endif
+   {GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP},
+   {GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
+   {GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
+@@ -98,7 +104,7 @@ static const gnutls_kx_algo_entry _gnutl
    {"DHE-RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1},
    {"DHE-DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1},
  #endif
@@ -34,7 +41,7 @@ Index: gnutls-3.2.1/lib/algorithms/kx.c
    {"ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, &ecdhe_rsa_auth_struct, 0},
    {"ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, &ecdhe_ecdsa_auth_struct, 0},
  #endif
-@@ -113,7 +117,7 @@ static const gnutls_kx_algo_entry _gnutl
+@@ -113,7 +119,7 @@ static const gnutls_kx_algo_entry _gnutl
    {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct,
     1 /* needs DHE params */},
  # endif
@@ -43,10 +50,10 @@ Index: gnutls-3.2.1/lib/algorithms/kx.c
    {"ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, &ecdhe_psk_auth_struct, 0},
  # endif
  #endif
-Index: gnutls-3.2.1/lib/algorithms/publickey.c
+Index: gnutls-3.2.3/lib/algorithms/publickey.c
 ===================================================================
---- gnutls-3.2.1.orig/lib/algorithms/publickey.c
-+++ gnutls-3.2.1/lib/algorithms/publickey.c
+--- gnutls-3.2.3.orig/lib/algorithms/publickey.c
++++ gnutls-3.2.3/lib/algorithms/publickey.c
 @@ -49,8 +49,10 @@ static const gnutls_pk_map pk_mappings[]
    {GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
    {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
@@ -68,29 +75,10 @@ Index: gnutls-3.2.1/lib/algorithms/publickey.c
    {0, 0, 0}
  };
  
-Index: gnutls-3.2.1/lib/algorithms/sign.c
+Index: gnutls-3.2.3/lib/auth/cert.c
 ===================================================================
---- gnutls-3.2.1.orig/lib/algorithms/sign.c
-+++ gnutls-3.2.1/lib/algorithms/sign.c
-@@ -43,6 +43,14 @@ typedef struct gnutls_sign_entry gnutls_
- #define TLS_SIGN_AID_UNKNOWN {255, 255}
- static const sign_algorithm_st unknown_tls_aid = TLS_SIGN_AID_UNKNOWN;
- 
-+#ifndef ENABLE_ECC
-+#define GNUTLS_SIGN_ECDSA_SHA1 0
-+#define GNUTLS_SIGN_ECDSA_SHA224 0
-+#define GNUTLS_SIGN_ECDSA_SHA256 0
-+#define GNUTLS_SIGN_ECDSA_SHA384 0
-+#define GNUTLS_SIGN_ECDSA_SHA512 0
-+#endif
-+
- static const gnutls_sign_entry sign_algorithms[] = {
-   {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA,
-    GNUTLS_DIG_SHA1, {2, 1}},
-Index: gnutls-3.2.1/lib/auth/cert.c
-===================================================================
---- gnutls-3.2.1.orig/lib/auth/cert.c
-+++ gnutls-3.2.1/lib/auth/cert.c
+--- gnutls-3.2.3.orig/lib/auth/cert.c
++++ gnutls-3.2.3/lib/auth/cert.c
 @@ -63,7 +63,11 @@ static gnutls_privkey_t alloc_and_load_p
                                                     key, int deinit);
  #endif
@@ -114,7 +102,7 @@ Index: gnutls-3.2.1/lib/auth/cert.c
      }
  
    return -1;
-@@ -1726,7 +1732,9 @@ _gnutls_gen_cert_server_cert_req (gnutls
+@@ -1735,7 +1741,9 @@ _gnutls_gen_cert_server_cert_req (gnutls
    tmp_data[0] = CERTTYPE_SIZE - 1;
    tmp_data[1] = RSA_SIGN;
    tmp_data[2] = DSA_SIGN;
@@ -124,10 +112,10 @@ Index: gnutls-3.2.1/lib/auth/cert.c
  
    ret = _gnutls_buffer_append_data (data, tmp_data, CERTTYPE_SIZE);
    if (ret < 0)
-Index: gnutls-3.2.1/lib/auth/dhe_psk.c
+Index: gnutls-3.2.3/lib/auth/dhe_psk.c
 ===================================================================
---- gnutls-3.2.1.orig/lib/auth/dhe_psk.c
-+++ gnutls-3.2.1/lib/auth/dhe_psk.c
+--- gnutls-3.2.3.orig/lib/auth/dhe_psk.c
++++ gnutls-3.2.3/lib/auth/dhe_psk.c
 @@ -92,6 +92,7 @@ const mod_auth_st ecdhe_psk_auth_struct
  };
  #endif
@@ -192,10 +180,10 @@ Index: gnutls-3.2.1/lib/auth/dhe_psk.c
 +#endif
  
  #endif /* ENABLE_PSK */
-Index: gnutls-3.2.1/lib/ext/ecc.c
+Index: gnutls-3.2.3/lib/ext/ecc.c
 ===================================================================
---- gnutls-3.2.1.orig/lib/ext/ecc.c
-+++ gnutls-3.2.1/lib/ext/ecc.c
+--- gnutls-3.2.3.orig/lib/ext/ecc.c
++++ gnutls-3.2.3/lib/ext/ecc.c
 @@ -35,6 +35,7 @@
  /* Maps record size to numbers according to the
   * extensions draft.
@@ -210,10 +198,10 @@ Index: gnutls-3.2.1/lib/ext/ecc.c
  }
 +
 +#endif
-Index: gnutls-3.2.1/lib/gnutls_extensions.c
+Index: gnutls-3.2.3/lib/gnutls_extensions.c
 ===================================================================
---- gnutls-3.2.1.orig/lib/gnutls_extensions.c
-+++ gnutls-3.2.1/lib/gnutls_extensions.c
+--- gnutls-3.2.3.orig/lib/gnutls_extensions.c
++++ gnutls-3.2.3/lib/gnutls_extensions.c
 @@ -351,6 +351,7 @@ _gnutls_ext_init (void)
    if (ret != GNUTLS_E_SUCCESS)
      return ret;
@@ -230,10 +218,10 @@ Index: gnutls-3.2.1/lib/gnutls_extensions.c
  
    ret = _gnutls_ext_register (&ext_mod_sig);
    if (ret != GNUTLS_E_SUCCESS)
-Index: gnutls-3.2.1/lib/gnutls_priority.c
+Index: gnutls-3.2.3/lib/gnutls_priority.c
 ===================================================================
---- gnutls-3.2.1.orig/lib/gnutls_priority.c
-+++ gnutls-3.2.1/lib/gnutls_priority.c
+--- gnutls-3.2.3.orig/lib/gnutls_priority.c
++++ gnutls-3.2.3/lib/gnutls_priority.c
 @@ -245,35 +245,45 @@ gnutls_certificate_type_set_priority (gn
  }
  
@@ -356,10 +344,10 @@ Index: gnutls-3.2.1/lib/gnutls_priority.c
    0
  };
  
-Index: gnutls-3.2.1/lib/nettle/pk.c
+Index: gnutls-3.2.3/lib/nettle/pk.c
 ===================================================================
---- gnutls-3.2.1.orig/lib/nettle/pk.c
-+++ gnutls-3.2.1/lib/nettle/pk.c
+--- gnutls-3.2.3.orig/lib/nettle/pk.c
++++ gnutls-3.2.3/lib/nettle/pk.c
 @@ -146,6 +146,7 @@ static int _wrap_nettle_pk_derive(gnutls
  
    switch (algo)
@@ -384,7 +372,7 @@ Index: gnutls-3.2.1/lib/nettle/pk.c
      case GNUTLS_PK_EC: /* we do ECDSA */
        {
          struct ecc_scalar priv;
-@@ -369,6 +372,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorith
+@@ -370,6 +373,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorith
            }
          break;
        }
@@ -392,7 +380,7 @@ Index: gnutls-3.2.1/lib/nettle/pk.c
      case GNUTLS_PK_DSA:
        {
          struct dsa_public_key pub;
-@@ -470,6 +474,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algori
+@@ -472,6 +476,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algori
  
    switch (algo)
      {
@@ -400,7 +388,7 @@ Index: gnutls-3.2.1/lib/nettle/pk.c
      case GNUTLS_PK_EC: /* ECDSA */
        {
          struct ecc_point pub;
-@@ -511,6 +516,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algori
+@@ -514,6 +519,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algori
          ecc_point_clear( &pub);
          break;
        }
@@ -408,7 +396,7 @@ Index: gnutls-3.2.1/lib/nettle/pk.c
      case GNUTLS_PK_DSA:
        {
          struct dsa_public_key pub;
-@@ -717,6 +723,7 @@ rsa_fail:
+@@ -721,6 +727,7 @@ rsa_fail:
  
          break;
        }
@@ -416,7 +404,7 @@ Index: gnutls-3.2.1/lib/nettle/pk.c
      case GNUTLS_PK_EC:
        {
          struct ecc_scalar key;
-@@ -757,6 +764,7 @@ ecc_cleanup:
+@@ -761,6 +768,7 @@ ecc_cleanup:
          
          break;
        }
@@ -424,7 +412,7 @@ Index: gnutls-3.2.1/lib/nettle/pk.c
      default:
        gnutls_assert ();
        return GNUTLS_E_INVALID_REQUEST;
-@@ -873,6 +881,7 @@ dsa_cleanup:
+@@ -877,6 +885,7 @@ dsa_cleanup:
        }
  
        break;
@@ -432,7 +420,7 @@ Index: gnutls-3.2.1/lib/nettle/pk.c
      case GNUTLS_PK_EC:
        {
          struct ecc_point r, pub;
-@@ -934,6 +943,7 @@ ecc_cleanup:
+@@ -938,6 +947,7 @@ ecc_cleanup:
          ecc_point_clear(&pub);
        }  
        break;
@@ -440,10 +428,10 @@ Index: gnutls-3.2.1/lib/nettle/pk.c
      default:
        ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
      }
-Index: gnutls-3.2.1/tests/cert-tests/dane
+Index: gnutls-3.2.3/tests/cert-tests/dane
 ===================================================================
---- gnutls-3.2.1.orig/tests/cert-tests/dane
-+++ gnutls-3.2.1/tests/cert-tests/dane
+--- gnutls-3.2.3.orig/tests/cert-tests/dane
++++ gnutls-3.2.3/tests/cert-tests/dane
 @@ -22,6 +22,8 @@
  
  set -e
@@ -453,10 +441,10 @@ Index: gnutls-3.2.1/tests/cert-tests/dane
  srcdir=${srcdir:-.}
  DANETOOL=${DANETOOL:-../../src/danetool$EXEEXT}
  
-Index: gnutls-3.2.1/tests/dtls/dtls-nb
+Index: gnutls-3.2.3/tests/dtls/dtls-nb
 ===================================================================
---- gnutls-3.2.1.orig/tests/dtls/dtls-nb
-+++ gnutls-3.2.1/tests/dtls/dtls-nb
+--- gnutls-3.2.3.orig/tests/dtls/dtls-nb
++++ gnutls-3.2.3/tests/dtls/dtls-nb
 @@ -22,9 +22,7 @@
  
  set -e
@@ -468,10 +456,10 @@ Index: gnutls-3.2.1/tests/dtls/dtls-nb
  
  ./dtls-stress -nb -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished
  ./dtls-stress -nb -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone
-Index: gnutls-3.2.1/tests/dtls/dtls
+Index: gnutls-3.2.3/tests/dtls/dtls
 ===================================================================
---- gnutls-3.2.1.orig/tests/dtls/dtls
-+++ gnutls-3.2.1/tests/dtls/dtls
+--- gnutls-3.2.3.orig/tests/dtls/dtls
++++ gnutls-3.2.3/tests/dtls/dtls
 @@ -22,9 +22,7 @@
  
  set -e
@@ -483,10 +471,10 @@ Index: gnutls-3.2.1/tests/dtls/dtls
  
  ./dtls-stress -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished
  ./dtls-stress -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone
-Index: gnutls-3.2.1/tests/ecdsa/ecdsa
+Index: gnutls-3.2.3/tests/ecdsa/ecdsa
 ===================================================================
---- gnutls-3.2.1.orig/tests/ecdsa/ecdsa
-+++ gnutls-3.2.1/tests/ecdsa/ecdsa
+--- gnutls-3.2.3.orig/tests/ecdsa/ecdsa
++++ gnutls-3.2.3/tests/ecdsa/ecdsa
 @@ -22,6 +22,8 @@
  
  #set -e
@@ -496,10 +484,10 @@ Index: gnutls-3.2.1/tests/ecdsa/ecdsa
  srcdir=${srcdir:-.}
  CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
  
-Index: gnutls-3.2.1/tests/mini-dtls-heartbeat.c
+Index: gnutls-3.2.3/tests/mini-dtls-heartbeat.c
 ===================================================================
---- gnutls-3.2.1.orig/tests/mini-dtls-heartbeat.c
-+++ gnutls-3.2.1/tests/mini-dtls-heartbeat.c
+--- gnutls-3.2.3.orig/tests/mini-dtls-heartbeat.c
++++ gnutls-3.2.3/tests/mini-dtls-heartbeat.c
 @@ -27,7 +27,7 @@
  #include <stdio.h>
  #include <stdlib.h>
@@ -509,11 +497,11 @@ Index: gnutls-3.2.1/tests/mini-dtls-heartbeat.c
  
  int
  main ()
-Index: gnutls-3.2.1/tests/mini-dtls-record.c
+Index: gnutls-3.2.3/tests/mini-dtls-record.c
 ===================================================================
---- gnutls-3.2.1.orig/tests/mini-dtls-record.c
-+++ gnutls-3.2.1/tests/mini-dtls-record.c
-@@ -27,7 +27,7 @@
+--- gnutls-3.2.3.orig/tests/mini-dtls-record.c
++++ gnutls-3.2.3/tests/mini-dtls-record.c
+@@ -29,7 +29,7 @@
  #include <stdio.h>
  #include <stdlib.h>
  
@@ -522,10 +510,10 @@ Index: gnutls-3.2.1/tests/mini-dtls-record.c
  
  int
  main ()
-Index: gnutls-3.2.1/tests/mini-dtls-rehandshake.c
+Index: gnutls-3.2.3/tests/mini-dtls-rehandshake.c
 ===================================================================
---- gnutls-3.2.1.orig/tests/mini-dtls-rehandshake.c
-+++ gnutls-3.2.1/tests/mini-dtls-rehandshake.c
+--- gnutls-3.2.3.orig/tests/mini-dtls-rehandshake.c
++++ gnutls-3.2.3/tests/mini-dtls-rehandshake.c
 @@ -27,7 +27,7 @@
  #include <stdio.h>
  #include <stdlib.h>
@@ -535,10 +523,10 @@ Index: gnutls-3.2.1/tests/mini-dtls-rehandshake.c
  
  int main()
  {
-Index: gnutls-3.2.1/tests/mini-dtls-srtp.c
+Index: gnutls-3.2.3/tests/mini-dtls-srtp.c
 ===================================================================
---- gnutls-3.2.1.orig/tests/mini-dtls-srtp.c
-+++ gnutls-3.2.1/tests/mini-dtls-srtp.c
+--- gnutls-3.2.3.orig/tests/mini-dtls-srtp.c
++++ gnutls-3.2.3/tests/mini-dtls-srtp.c
 @@ -27,7 +27,7 @@
  #include <stdio.h>
  #include <stdlib.h>
@@ -548,10 +536,10 @@ Index: gnutls-3.2.1/tests/mini-dtls-srtp.c
  
  int
  main (int argc, char** argv)
-Index: gnutls-3.2.1/tests/mini-handshake-timeout.c
+Index: gnutls-3.2.3/tests/mini-handshake-timeout.c
 ===================================================================
---- gnutls-3.2.1.orig/tests/mini-handshake-timeout.c
-+++ gnutls-3.2.1/tests/mini-handshake-timeout.c
+--- gnutls-3.2.3.orig/tests/mini-handshake-timeout.c
++++ gnutls-3.2.3/tests/mini-handshake-timeout.c
 @@ -28,7 +28,7 @@
  #include <stdlib.h>
  #include <string.h>
@@ -574,10 +562,10 @@ Index: gnutls-3.2.1/tests/mini-handshake-timeout.c
  }
  
  static void
-Index: gnutls-3.2.1/tests/mini-loss-time.c
+Index: gnutls-3.2.3/tests/mini-loss-time.c
 ===================================================================
---- gnutls-3.2.1.orig/tests/mini-loss-time.c
-+++ gnutls-3.2.1/tests/mini-loss-time.c
+--- gnutls-3.2.3.orig/tests/mini-loss-time.c
++++ gnutls-3.2.3/tests/mini-loss-time.c
 @@ -28,7 +28,7 @@
  #include <stdlib.h>
  #include <string.h>
@@ -587,10 +575,10 @@ Index: gnutls-3.2.1/tests/mini-loss-time.c
  
  int main()
  {
-Index: gnutls-3.2.1/tests/mini-record.c
+Index: gnutls-3.2.3/tests/mini-record.c
 ===================================================================
---- gnutls-3.2.1.orig/tests/mini-record.c
-+++ gnutls-3.2.1/tests/mini-record.c
+--- gnutls-3.2.3.orig/tests/mini-record.c
++++ gnutls-3.2.3/tests/mini-record.c
 @@ -27,7 +27,7 @@
  #include <stdio.h>
  #include <stdlib.h>
@@ -600,10 +588,10 @@ Index: gnutls-3.2.1/tests/mini-record.c
  
  int main()
  {
-Index: gnutls-3.2.1/tests/mini-record-range.c
+Index: gnutls-3.2.3/tests/mini-record-range.c
 ===================================================================
---- gnutls-3.2.1.orig/tests/mini-record-range.c
-+++ gnutls-3.2.1/tests/mini-record-range.c
+--- gnutls-3.2.3.orig/tests/mini-record-range.c
++++ gnutls-3.2.3/tests/mini-record-range.c
 @@ -27,7 +27,7 @@
  #include <stdio.h>
  #include <stdlib.h>
@@ -613,10 +601,10 @@ Index: gnutls-3.2.1/tests/mini-record-range.c
  
  int main()
  {
-Index: gnutls-3.2.1/tests/mini-xssl.c
+Index: gnutls-3.2.3/tests/mini-xssl.c
 ===================================================================
---- gnutls-3.2.1.orig/tests/mini-xssl.c
-+++ gnutls-3.2.1/tests/mini-xssl.c
+--- gnutls-3.2.3.orig/tests/mini-xssl.c
++++ gnutls-3.2.3/tests/mini-xssl.c
 @@ -27,7 +27,7 @@
  #include <stdio.h>
  #include <stdlib.h>
@@ -626,10 +614,10 @@ Index: gnutls-3.2.1/tests/mini-xssl.c
  
  int main()
  {
-Index: gnutls-3.2.1/tests/pkcs12_simple.c
+Index: gnutls-3.2.3/tests/pkcs12_simple.c
 ===================================================================
---- gnutls-3.2.1.orig/tests/pkcs12_simple.c
-+++ gnutls-3.2.1/tests/pkcs12_simple.c
+--- gnutls-3.2.3.orig/tests/pkcs12_simple.c
++++ gnutls-3.2.3/tests/pkcs12_simple.c
 @@ -50,6 +50,10 @@ doit (void)
    gnutls_x509_privkey_t pkey;
    int ret;
@@ -641,10 +629,10 @@ Index: gnutls-3.2.1/tests/pkcs12_simple.c
    ret = global_init ();
    if (ret < 0)
      fail ("global_init failed %d\n", ret);
-Index: gnutls-3.2.1/tests/slow/keygen.c
+Index: gnutls-3.2.3/tests/slow/keygen.c
 ===================================================================
---- gnutls-3.2.1.orig/tests/slow/keygen.c
-+++ gnutls-3.2.1/tests/slow/keygen.c
+--- gnutls-3.2.3.orig/tests/slow/keygen.c
++++ gnutls-3.2.3/tests/slow/keygen.c
 @@ -65,6 +65,11 @@ doit (void)
                  if (algorithm == GNUTLS_PK_DH)
                      continue;
@@ -657,10 +645,10 @@ Index: gnutls-3.2.1/tests/slow/keygen.c
                  ret = gnutls_x509_privkey_init (&pkey);
                  if (ret < 0)
                    {
-Index: gnutls-3.2.1/tests/srp/mini-srp.c
+Index: gnutls-3.2.3/tests/srp/mini-srp.c
 ===================================================================
---- gnutls-3.2.1.orig/tests/srp/mini-srp.c
-+++ gnutls-3.2.1/tests/srp/mini-srp.c
+--- gnutls-3.2.3.orig/tests/srp/mini-srp.c
++++ gnutls-3.2.3/tests/srp/mini-srp.c
 @@ -27,7 +27,7 @@
  #include <stdio.h>
  #include <stdlib.h>
@@ -670,10 +658,10 @@ Index: gnutls-3.2.1/tests/srp/mini-srp.c
  
  int main()
  {
-Index: gnutls-3.2.1/lib/auth/ecdhe.c
+Index: gnutls-3.2.3/lib/auth/ecdhe.c
 ===================================================================
---- gnutls-3.2.1.orig/lib/auth/ecdhe.c
-+++ gnutls-3.2.1/lib/auth/ecdhe.c
+--- gnutls-3.2.3.orig/lib/auth/ecdhe.c
++++ gnutls-3.2.3/lib/auth/ecdhe.c
 @@ -50,7 +50,7 @@ static int
  proc_ecdhe_client_kx (gnutls_session_t session,
                                      uint8_t * data, size_t _data_size);
@@ -683,10 +671,10 @@ Index: gnutls-3.2.1/lib/auth/ecdhe.c
  const mod_auth_st ecdhe_ecdsa_auth_struct = {
    "ECDHE_ECDSA",
    _gnutls_gen_cert_server_crt,
-Index: gnutls-3.2.1/tests/mini-dtls-hello-verify.c
+Index: gnutls-3.2.3/tests/mini-dtls-hello-verify.c
 ===================================================================
---- gnutls-3.2.1.orig/tests/mini-dtls-hello-verify.c
-+++ gnutls-3.2.1/tests/mini-dtls-hello-verify.c
+--- gnutls-3.2.3.orig/tests/mini-dtls-hello-verify.c
++++ gnutls-3.2.3/tests/mini-dtls-hello-verify.c
 @@ -27,7 +27,7 @@
  #include <stdio.h>
  #include <stdlib.h>
@@ -696,10 +684,10 @@ Index: gnutls-3.2.1/tests/mini-dtls-hello-verify.c
  
  int main()
  {
-Index: gnutls-3.2.1/tests/mini-alpn.c
+Index: gnutls-3.2.3/tests/mini-alpn.c
 ===================================================================
---- gnutls-3.2.1.orig/tests/mini-alpn.c
-+++ gnutls-3.2.1/tests/mini-alpn.c
+--- gnutls-3.2.3.orig/tests/mini-alpn.c
++++ gnutls-3.2.3/tests/mini-alpn.c
 @@ -25,7 +25,7 @@
  #include <stdio.h>
  #include <stdlib.h>
@@ -709,3 +697,112 @@ Index: gnutls-3.2.1/tests/mini-alpn.c
  
  int
  main (int argc, char** argv)
+Index: gnutls-3.2.3/tests/mini-dtls-large.c
+===================================================================
+--- gnutls-3.2.3.orig/tests/mini-dtls-large.c
++++ gnutls-3.2.3/tests/mini-dtls-large.c
+@@ -25,7 +25,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ 
+-#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT)
++#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT) || !defined(ENABLE_ECC)
+ 
+ int
+ main ()
+@@ -194,7 +194,11 @@ server (int fd)
+      * are adequate.
+      */
+     gnutls_priority_set_direct (session,
++#ifdef ENABLE_ECDH
+                                 "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
++#else
++                                "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
++#endif
+                                 NULL);
+ 
+     gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
+Index: gnutls-3.2.3/tests/priorities.c
+===================================================================
+--- gnutls-3.2.3.orig/tests/priorities.c
++++ gnutls-3.2.3/tests/priorities.c
+@@ -73,7 +73,7 @@ unsigned i, si, count = 0;
+ for (i=0;i<ret;i++)
+   fprintf(stderr, "%s\n", gnutls_cipher_get_name(t[i]));
+ #endif
+-      fail("expected %d ciphers, found %d\n", expected_ciphers, ret);
++      fail("%s: expected %d ciphers, found %d\n", prio, expected_ciphers, ret);
+       exit(1);
+     }
+   
+@@ -86,7 +86,7 @@ for (i=0;i<ret;i++)
+   
+   if (count != expected_cs) 
+     {
+-      fail("expected %d ciphersuites, found %d\n", expected_cs, count);
++      fail("%s: expected %d ciphersuites, found %d\n", prio, expected_cs, count);
+       exit(1);
+     }
+ }
+@@ -94,21 +94,37 @@ for (i=0;i<ret;i++)
+ void
+ doit (void)
+ {
++#ifdef ENABLE_ECC
+ const int normal = 40;
+ const int null = 5;
+ const int sec128 = 32;
++#else
++const int normal = 27;
++const int null = 3;
++const int sec128 = 21;
++#endif
+ 
+   try_prio("NORMAL", normal, 8);
+   try_prio("NORMAL:-MAC-ALL:+MD5:+MAC-ALL", normal, 8);
+   try_prio("NORMAL:+CIPHER-ALL", normal, 8); /* all (except null) */
+   try_prio("NORMAL:-CIPHER-ALL:+NULL", null, 1); /* null */
+   try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL", normal+null, 9); /* should be null + all */
++#ifdef ENABLE_ECC
+   try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 10, 1); /* should be null + all */
++#else
++  try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 6, 1); /* should be null + all */
++#endif
+   try_prio("PERFORMANCE", normal, 8);
++#ifdef ENABLE_ECC
+   try_prio("SECURE256", 6, 3);
++#else
++  try_prio("SECURE256", 3, 3);
++#endif
+   try_prio("SECURE128", sec128, 6);
+   try_prio("SECURE128:+SECURE256", sec128, 6); /* should be the same as SECURE128 */
+   try_prio("SECURE128:+SECURE256:+NORMAL", normal, 8); /* should be the same as NORMAL */
++#ifdef ENABLE_ECC
+   try_prio("SUITEB192", 1, 1);
++#endif
+ }
+ 
+Index: gnutls-3.2.3/tests/mini-x509-callbacks.c
+===================================================================
+--- gnutls-3.2.3.orig/tests/mini-x509-callbacks.c
++++ gnutls-3.2.3/tests/mini-x509-callbacks.c
+@@ -56,13 +56,19 @@ unsigned int msg_order[] = {
+ 	GNUTLS_HANDSHAKE_CLIENT_HELLO,
+ 	GNUTLS_HANDSHAKE_SERVER_HELLO,
+ 	GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
++#ifndef ENABLE_ECC
++	/*Sent: CERTIFICATE REQUEST, expected SERVER KEY EXCHANGE*/
++	GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST,
++#else
+ 	GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE,
+ 	GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST,
++#endif
+ 	GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
+ 	GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
+ 	GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE,
+ 	GNUTLS_HANDSHAKE_FINISHED,
+ 	GNUTLS_HANDSHAKE_FINISHED,
++
+ };
+ 
+ static int handshake_callback (gnutls_session_t session, unsigned int htype, unsigned post, unsigned int incoming)
diff --git a/gnutls-3.2.3.tar.xz b/gnutls-3.2.3.tar.xz
new file mode 100644
index 0000000..338156c
--- /dev/null
+++ b/gnutls-3.2.3.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0543ca13ce9ee1dea95a9349d319623b74d93b8a23935543197b1682bb7f2b5b
+size 5119264
diff --git a/gnutls-3.2.3.tar.xz.sig b/gnutls-3.2.3.tar.xz.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..b75f599a115aaca6090115805c1f66a058162e824dfdfb76ccf9175b50771a09
GIT binary patch
literal 286
zcmV+(0pb3M0UHDW0RjL91p-m`Vmkl|2@suLs`ii*xI($P2l&C+!0bk3dk@ubv)vfB
z*>)5rzQLY*6S7jL$gJ8ae~1w^TWz#aAH)@$VJ5pxO~THqnO0FS8*;tA%Giz$`h#u~
z4|!D;i5Umt)f^uw_f576!+r<&uPdb0%EnI(>Ew@q#oWQ&|0x#l$nXGsgp3oN?-;{A
zr8wt#O%ROrRdj*z?$+Z?Ky4I*1^%fw;WYDA_5o)U8gGp>$g^kXs9W+VAVOC@$$teo
z94?2PjN_2RZFqM>fi!uuxGqCeVkRsp$nfAA4`73@m{!=td}F0WZ+8sowphP1@e4ZA
kN_91G;9lnFC;qPdv1ABE(kD5Z1|9UzSAJdoL(Twcpc37N>;M1&

literal 0
HcmV?d00001

diff --git a/gnutls-32bit.patch b/gnutls-32bit.patch
deleted file mode 100644
index 19070c5..0000000
--- a/gnutls-32bit.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From b12040aeab5fbaf02677571db1d8bf1995bd5ee0 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-Date: Sun, 2 Jun 2013 12:10:06 +0200
-Subject: [PATCH] Avoid comparing the expiration date to prevent false positive error in 32-bit systems.
-
----
- tests/cert-tests/pem-decoding |    6 ++++--
- 1 files changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/tests/cert-tests/pem-decoding b/tests/cert-tests/pem-decoding
-index fe769ec..f8c6372 100755
---- a/tests/cert-tests/pem-decoding
-+++ b/tests/cert-tests/pem-decoding
-@@ -61,7 +61,9 @@ if test "$rc" != "0"; then
-   exit $rc
- fi
- 
--diff $srcdir/complex-cert.pem tmp-pem.pem
-+cat $srcdir/complex-cert.pem |grep -v "Not After:" >tmp1
-+cat $srcdir/tmp-pem.pem |grep -v "Not After:" >tmp2
-+diff tmp1 tmp2
- rc=$?
- 
- if test "$rc" != "0"; then
-@@ -69,6 +71,6 @@ if test "$rc" != "0"; then
-   exit $rc
- fi
- 
--rm -f tmp-pem.pem
-+rm -f tmp-pem.pem tmp1 tmp2
- 
- exit 0
--- 
-1.7.1
-
diff --git a/gnutls-implement-trust-store-dir.diff b/gnutls-implement-trust-store-dir.diff
index e7fb953..97e8339 100644
--- a/gnutls-implement-trust-store-dir.diff
+++ b/gnutls-implement-trust-store-dir.diff
@@ -1,8 +1,8 @@
-Index: gnutls-3.2.1/configure.ac
+Index: gnutls-3.2.3/configure.ac
 ===================================================================
---- gnutls-3.2.1.orig/configure.ac
-+++ gnutls-3.2.1/configure.ac
-@@ -398,6 +398,25 @@ if test "$with_default_trust_store_file"
+--- gnutls-3.2.3.orig/configure.ac
++++ gnutls-3.2.3/configure.ac
+@@ -418,6 +418,25 @@ if test "$with_default_trust_store_file"
    with_default_trust_store_file=""
  fi
  
@@ -28,7 +28,7 @@ Index: gnutls-3.2.1/configure.ac
  AC_ARG_WITH([default-crl-file],
    [AS_HELP_STRING([--with-default-crl-file=FILE],
      [use the given CRL file as default])])
-@@ -407,6 +426,11 @@ if test "x$with_default_trust_store_file
+@@ -427,6 +446,11 @@ if test "x$with_default_trust_store_file
      ["$with_default_trust_store_file"], [use the given file default trust store])
  fi
  
@@ -40,7 +40,7 @@ Index: gnutls-3.2.1/configure.ac
  if test "x$with_default_crl_file" != x; then
    AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE],
      ["$with_default_crl_file"], [use the given CRL file])
-@@ -683,6 +707,7 @@ AC_MSG_NOTICE([System files:
+@@ -704,6 +728,7 @@ AC_MSG_NOTICE([System files:
  
    Trust store pkcs:     $with_default_trust_store_pkcs11
    Trust store file:     $with_default_trust_store_file
@@ -48,10 +48,10 @@ Index: gnutls-3.2.1/configure.ac
    CRL file:             $with_default_crl_file
    DNSSEC root key file: $unbound_root_key_file
  ])
-Index: gnutls-3.2.1/lib/system.c
+Index: gnutls-3.2.3/lib/system.c
 ===================================================================
---- gnutls-3.2.1.orig/lib/system.c
-+++ gnutls-3.2.1/lib/system.c
+--- gnutls-3.2.3.orig/lib/system.c
++++ gnutls-3.2.3/lib/system.c
 @@ -385,7 +385,45 @@ const char *home_dir = getenv ("HOME");
    return 0;
  }
diff --git a/gnutls.changes b/gnutls.changes
index 4f23ab5..869762e 100644
--- a/gnutls.changes
+++ b/gnutls.changes
@@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Thu Aug  1 13:42:11 UTC 2013 - meissner@suse.com
+
+- Updated to 3.2.3
+  ** libgnutls: Fixes in parsing of priority strings. Patch by Stefan
+     Buehler.
+
+  ** libgnutls: Solve issue with received TLS packets that exceed 2^14.
+     (this fixes a bug that was accidentally introduced in 3.2.2)
+
+  ** libgnutls: Removed gnulib modules under LGPLv3 that could possibly
+     be used by the library.
+
+  ** libgnutls: Fixes in gnutls_record_send_range(). Report and initial
+     fix by Alfredo Pironti.
+
+- Updated to 3.2.2
+  ** libgnutls: Several optimizations in the related to packet processing
+     subsystems.
+
+  ** libgnutls: DTLS replay detection can now be disabled (to be used
+     in certain transport layers like SCTP).
+
+  ** libgnutls: Fixes in SRTP extension generation when MKI is being used.
+
+  ** libgnutls: Added ability to set hooks before or
+     after sending or receiving any handshake message with
+     gnutls_handshake_set_hook_function().
+
+- gnutls-3.2.3-noecc.patch: updated to disable ECC.
+- automake-1.12.patch: upstream, dropped
+- gnutls-32bit.patch: upstream, dropped
+- gnutls-3.2.1-pkcs11.diff: upstream, dropped
+
 -------------------------------------------------------------------
 Fri Jul 26 12:45:45 UTC 2013 - lnussel@suse.de
 
diff --git a/gnutls.spec b/gnutls.spec
index 29b1d75..23c66d5 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -21,7 +21,7 @@
 %define gnutls_ossl_sover 27
 
 Name:           gnutls
-Version:        3.2.1
+Version:        3.2.3
 Release:        0
 Summary:        The GNU Transport Layer Security Library
 License:        LGPL-2.1+ and GPL-3.0+
@@ -32,20 +32,12 @@ Source0:        ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/%{name}-%{version}.tar.x
 Source1:        ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/%{name}-%{version}.tar.xz.sig
 Source2:        %name.keyring
 Source3:        baselibs.conf
-# https://gitorious.org/gnutls/gnutls/commit/7613c3251430a212fe5d6001863045f20eca7563
-# PATCH-UPSTREAM lnussel@suse.de -- fix reading ca-certificates # via pkcs11 interface
-Patch1:         gnutls-3.2.1-pkcs11.diff
 
-Patch2:         automake-1.12.patch
 # PATCH-FIX-OPENSUSE gnutls-3.0.26-skip-test-fwrite.patch andreas.stieger@gmx.de -- skip a failing test
 Patch3:         gnutls-3.0.26-skip-test-fwrite.patch
 
-# https://gitorious.org/gnutls/gnutls/commit/b12040aeab5fbaf02677571db1d8bf1995bd5ee0?format=patch
-# PATCH-UPSTREAM gnutls-32bit.patch meissner@suse.de -- avoid dates after 2037 with 32bit time_t
-Patch4:         gnutls-32bit.patch
-
 # Disable elliptic curves for reasons. - meissner&cfarrell
-Patch5:         gnutls-3.2.1-noecc.patch
+Patch5:         gnutls-3.2.3-noecc.patch
 Patch6:         gnutls-implement-trust-store-dir.diff
 
 BuildRequires:  automake
@@ -143,10 +135,7 @@ Files needed for software development using gnutls.
 
 %prep
 %setup -q
-%patch1 -p1
-%patch2 -p1
 %patch3
-%patch4 -p1
 %patch5 -p1
 %patch6 -p1