From de9af101617f690bed6032fa85c1939b923872b3 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Mon, 3 Mar 2014 08:23:15 +0100
Subject: [PATCH] updated to 3.2.12

---
 .gitignore                        |  1 +
 gnutls-3.2.10-init-keyword.patch  | 36 -------------------------------
 gnutls-3.2.10-supported-ecc.patch | 34 -----------------------------
 gnutls.spec                       | 11 +++++-----
 sources                           |  2 +-
 5 files changed, 7 insertions(+), 77 deletions(-)
 delete mode 100644 gnutls-3.2.10-init-keyword.patch
 delete mode 100644 gnutls-3.2.10-supported-ecc.patch

diff --git a/.gitignore b/.gitignore
index 0a5f789..8447b84 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,3 +31,4 @@ gnutls-2.10.1-nosrp.tar.bz2
 /gnutls-3.2.7-hobbled.tar.xz
 /gnutls-3.2.8-hobbled.tar.xz
 /gnutls-3.2.10-hobbled.tar.xz
+/gnutls-3.2.12.tar.xz
diff --git a/gnutls-3.2.10-init-keyword.patch b/gnutls-3.2.10-init-keyword.patch
deleted file mode 100644
index cb1b05b..0000000
--- a/gnutls-3.2.10-init-keyword.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 46139267e1e9eaab46364357e9447ca75f29b4f1 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-Date: Sun, 2 Feb 2014 08:50:14 +0100
-Subject: [PATCH 4/8] When two initial keywords are specified then treat the
- second as having the '+' modifier.
-
-This will handle SECURE256:SECURE128 the same way as SECURE256:+SECURE128.
----
- lib/gnutls_priority.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
-index 875f9b0..6bb02e2 100644
---- a/lib/gnutls_priority.c
-+++ b/lib/gnutls_priority.c
-@@ -788,6 +788,7 @@ gnutls_priority_init(gnutls_priority_t * priority_cache,
- 	char *broken_list[MAX_ELEMENTS];
- 	int broken_list_size = 0, i = 0, j;
- 	char *darg = NULL;
-+	unsigned ikeyword_set = 0;
- 	int algo;
- 	rmadd_func *fn;
- 	bulk_rmadd_func *bulk_fn;
-@@ -842,7 +843,8 @@ gnutls_priority_init(gnutls_priority_t * priority_cache,
- 	}
- 
- 	for (; i < broken_list_size; i++) {
--		if (check_level(broken_list[i], *priority_cache, 0) != 0) {
-+		if (check_level(broken_list[i], *priority_cache, ikeyword_set) != 0) {
-+			ikeyword_set = 1;
- 			continue;
- 		} else if (broken_list[i][0] == '!'
- 			   || broken_list[i][0] == '+'
--- 
-1.8.5.3
-
diff --git a/gnutls-3.2.10-supported-ecc.patch b/gnutls-3.2.10-supported-ecc.patch
deleted file mode 100644
index 0934025..0000000
--- a/gnutls-3.2.10-supported-ecc.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 45ec742d6db94b8a5aa2f4f1b3f560d948230e3b Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-Date: Sat, 1 Feb 2014 20:24:40 +0100
-Subject: [PATCH 1/8] tolerate servers that included the SUPPORTED ECC
- extension.
-
-This is an extension that is defined to be sent by the client but there
-are servers that include it as well. Most other implementations tolerate
-this behavior so we do.
----
- lib/ext/ecc.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/lib/ext/ecc.c b/lib/ext/ecc.c
-index b913cb0..a851ddd 100644
---- a/lib/ext/ecc.c
-+++ b/lib/ext/ecc.c
-@@ -91,9 +91,10 @@ _gnutls_supported_ecc_recv_params(gnutls_session_t session,
- 	const uint8_t *p = data;
- 
- 	if (session->security_parameters.entity == GNUTLS_CLIENT) {
--		/* A client shouldn't receive this extension */
--		return
--		    gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
-+		/* A client shouldn't receive this extension, but of course
-+		 * there are servers out there that send it. Just ignore it. */
-+		_gnutls_debug_log("received SUPPORTED ECC extension on client side!!!\n");
-+		return 0;
- 	} else {		/* SERVER SIDE - we must check if the sent supported ecc type is the right one 
- 				 */
- 		if (data_size < 2)
--- 
-1.8.5.3
-
diff --git a/gnutls.spec b/gnutls.spec
index 018b8b0..65b860e 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -2,8 +2,8 @@
 %bcond_with guile
 Summary: A TLS protocol implementation
 Name: gnutls
-Version: 3.2.10
-Release: 2%{?dist}
+Version: 3.2.12
+Release: 1%{?dist}
 # The libraries are LGPLv2.1+, utilities are GPLv3+
 License: GPLv3+ and LGPLv2+
 Group: System Environment/Libraries
@@ -29,8 +29,6 @@ Source1: libgnutls-config
 Source2: hobble-gnutls
 Patch1: gnutls-3.2.7-rpath.patch
 # Use only FIPS approved ciphers in the FIPS mode
-Patch2: gnutls-3.2.10-init-keyword.patch
-Patch3: gnutls-3.2.10-supported-ecc.patch
 Patch7: gnutls-2.12.21-fips-algorithms.patch
 Patch8: gnutls-3.1.11-nosrp.patch
 
@@ -133,8 +131,6 @@ This package contains Guile bindings for the library.
 %setup -q
 
 %patch1 -p1 -b .rpath
-%patch2 -p1 -b .ikeyword
-%patch3 -p1 -b .secc
 # This patch is not applicable as we use nettle now but some parts will be
 # later reused.
 #%patch7 -p1 -b .fips
@@ -272,6 +268,9 @@ fi
 %endif
 
 %changelog
+* Mon Mar 03 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.2.12-1
+- new upstream release
+
 * Mon Feb 03 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.2.10-2
 - use p11-kit trust store for certificate verification
 
diff --git a/sources b/sources
index 6d325d8..abae5fe 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-35c6925f73eba02b12ddb0ad76dd537e  gnutls-3.2.10-hobbled.tar.xz
+f507365940de8f095e1d867c6f0842f6  gnutls-3.2.12.tar.xz