Accepting request 181378 from Base:System

- Disable all ECC algorithms.
- gnutls-32bit.patch: upstream patch to make test
  work with 32bit time_t.
- gnutls-implement-trust-store-dir.diff
  currently not yet forward ported.
- Updated to GnuTLS 3.2.1
  ** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain
     openssl versions.
  ** libgnutls: Fixes in interrupted function resumption. Report
     and patch by Tim Kosse.
  ** libgnutls: Corrected issue when receiving client hello verify
     requests in DTLS.
  ** libgnutls: Fixes in DTLS record overhead size calculations.
  ** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported by
     Mann Ern Kang.
- Updated to GnuTLS 3.2.0
  ** libgnutls: Use nettle's elliptic curve implementation.
  ** libgnutls: Added Salsa20 cipher
  ** libgnutls: Added UMAC-96 and UMAC-128
  ** libgnutls: Added ciphersuites involving Salsa20 and UMAC-96.
     As they are not standardized they are defined using private ciphersuite numbers.
  ** libgnutls: Added support for DTLS 1.2.
  ** libgnutls: Added support for the Application Layer Protocol
     Negotiation (ALPN) extension.
  ** libgnutls: Removed support for the RSA-EXPORT ciphersuites.
  ** libgnutls: Avoid linking to librt (that also avoids unnecessary
     linking to pthreads if p11-kit isn't used).
- Updated to GnuTLS 3.1.10 (released 2013-03-22)
  ** certtool: When generating PKCS #12 files use by default the 
  ARCFOUR (RC4) cipher to be compatible with devices that don't

OBS-URL: https://build.opensuse.org/request/show/181378
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=58

gnutls.spec

@@ -21,25 +21,38 @@
 %define gnutls_ossl_sover 27
 
 Name:           gnutls
-Version:        3.0.28
+Version:        3.2.1
 Release:        0
 Summary:        The GNU Transport Layer Security Library
-License:        LGPL-3.0+ and GPL-3.0+
+License:        LGPL-2.1+ and GPL-3.0+
 Group:          Productivity/Networking/Security
 Url:            http://www.gnutls.org/
-Source0:        ftp://ftp.gnutls.org/gcrypt/gnutls/v3.0/%{name}-%{version}.tar.xz
-Source1:        baselibs.conf
-# suse specific, add support for certificate directories -- lnussel
+Source0:        ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/%{name}-%{version}.tar.xz
+# signature is checked by source services.
+Source1:        ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/%{name}-%{version}.tar.xz.sig
+Source2:        %name.keyring
+Source3:        baselibs.conf
+# suse specific, add support for certificate directories -- lnussel/meissner
 Patch1:         gnutls-implement-trust-store-dir.diff
+
 Patch2:         automake-1.12.patch
 # PATCH-FIX-OPENSUSE gnutls-3.0.26-skip-test-fwrite.patch andreas.stieger@gmx.de -- skip a failing test
 Patch3:         gnutls-3.0.26-skip-test-fwrite.patch
+
+# https://gitorious.org/gnutls/gnutls/commit/b12040aeab5fbaf02677571db1d8bf1995bd5ee0?format=patch
+# PATCH-UPSTREAM gnutls-32bit.patch meissner@suse.de -- avoid dates after 2037 with 32bit time_t
+Patch4:         gnutls-32bit.patch
+
+# Disable elliptic curves for reasons. - meissner&cfarrell
+Patch5:         gnutls-3.2.1-noecc.patch
+
 BuildRequires:  automake
 BuildRequires:  gcc-c++
 BuildRequires:  libidn-devel
-BuildRequires:  libnettle-devel >= 2.2
+BuildRequires:  libnettle-devel >= 2.7
 BuildRequires:  libtasn1-devel >= 2.14
 BuildRequires:  libtool
+BuildRequires:  valgrind
 %if %suse_version >= 1230
 BuildRequires:  makeinfo
 %endif
@@ -60,7 +73,7 @@ implements the proposed standards of the IETF's TLS working group.
 
 %package -n libgnutls%{gnutls_sover}
 Summary:        The GNU Transport Layer Security Library
-License:        LGPL-3.0+
+License:        LGPL-2.1+
 Group:          Productivity/Networking/Security
 
 %description -n libgnutls%{gnutls_sover}
@@ -70,7 +83,7 @@ implements the proposed standards of the IETF's TLS working group.
 
 %package -n libgnutlsxx%{gnutlsxx_sover}
 Summary:        The GNU Transport Layer Security Library
-License:        LGPL-3.0+
+License:        LGPL-2.1+
 Group:          Productivity/Networking/Security
 
 %description -n libgnutlsxx%{gnutlsxx_sover}
@@ -92,7 +105,7 @@ implements the proposed standards of the IETF's TLS working group.
 
 %package -n libgnutls-devel
 Summary:        Development package for gnutls
-License:        LGPL-3.0+
+License:        LGPL-2.1+
 Group:          Development/Libraries/C and C++
 PreReq:         %install_info_prereq
 Requires:       glibc-devel
@@ -104,7 +117,7 @@ Files needed for software development using gnutls.
 
 %package -n libgnutlsxx-devel
 Summary:        Development package for gnutls
-License:        LGPL-3.0+
+License:        LGPL-2.1+
 Group:          Development/Libraries/C and C++
 PreReq:         %install_info_prereq
 Requires:       libgnutls-devel = %{version}
@@ -128,19 +141,22 @@ Files needed for software development using gnutls.
 
 %prep
 %setup -q
-%patch1
+%patch1 -p1
 %patch2 -p1
 %patch3
-echo %{_includedir}/%{name}/abstract.h
+%patch4 -p1
+%patch5 -p1
 
 %build
 autoreconf -if
+# echde explicitly disabled - meissner&cfarrell
 %configure \
         --disable-static \
         --with-pic \
         --disable-rpath \
         --disable-silent-rules \
 	--with-default-trust-store-dir=/etc/ssl/certs \
+	--disable-ecdhe \
         --with-sysroot=/%{?_sysroot}
 %__make %{?_smp_mflags}
 
@@ -200,11 +216,13 @@ rm -rf %{buildroot}
 %{_bindir}/psktool
 %{_bindir}/p11tool
 %{_bindir}/srptool
+%{_bindir}/danetool
 %{_mandir}/man1/*
 
 %files -n libgnutls%{gnutls_sover}
 %defattr(-,root,root)
 %{_libdir}/libgnutls.so.%{gnutls_sover}*
+%{_libdir}/libgnutls-xssl.so.*
 
 %files -n libgnutls-openssl%{gnutls_ossl_sover}
 %defattr(-,root,root)
@@ -227,7 +245,10 @@ rm -rf %{buildroot}
 %{_includedir}/%{name}/pkcs11.h
 %{_includedir}/%{name}/pkcs12.h
 %{_includedir}/%{name}/x509.h
+%{_includedir}/%{name}/tpm.h
+%{_includedir}/%{name}/xssl.h
 %{_libdir}/libgnutls.so
+%{_libdir}/libgnutls-xssl.so
 %{_libdir}/pkgconfig/gnutls.pc
 %{_mandir}/man3/*
 %{_infodir}/*.*