diff --git a/.gnutls.metadata b/.gnutls.metadata
new file mode 100644
index 0000000..3939140
--- /dev/null
+++ b/.gnutls.metadata
@@ -0,0 +1 @@
+4855db9457aff5c00d35827097171d51f367237f SOURCES/gnutls-3.1.16-hobbled.tar.xz
diff --git a/README.md b/README.md
deleted file mode 100644
index 0e7897f..0000000
--- a/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-The master branch has no content
-
-Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6
-
-If you find this file in a distro specific branch, it means that no content has been checked in yet
diff --git a/SOURCES/ecc.c b/SOURCES/ecc.c
new file mode 100644
index 0000000..7ca1776
--- /dev/null
+++ b/SOURCES/ecc.c
@@ -0,0 +1,301 @@
+/*
+ * Copyright (C) 2011-2012 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see
+ *
+ */
+
+#include
+#include
+#include
+#include
+
+
+/* Supported ECC curves
+ */
+
+static const gnutls_ecc_curve_entry_st ecc_curves[] = {
+ {
+ .name = "SECP256R1",
+ .oid = "1.2.840.10045.3.1.7",
+ .id = GNUTLS_ECC_CURVE_SECP256R1,
+ .tls_id = 23,
+ .size = 32,
+ .prime = "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
+ .A = "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
+ .B = "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
+ .order = "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
+ .Gx = "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
+ .Gy = "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
+ },
+ {
+ .name = "SECP384R1",
+ .oid = "1.3.132.0.34",
+ .id = GNUTLS_ECC_CURVE_SECP384R1,
+ .tls_id = 24,
+ .size = 48,
+ .prime = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
+ .A = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
+ .B = "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
+ .order = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
+ .Gx = "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
+ .Gy = "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F"
+ },
+ {0, 0, 0}
+};
+
+#define GNUTLS_ECC_CURVE_LOOP(b) \
+ { const gnutls_ecc_curve_entry_st *p; \
+ for(p = ecc_curves; p->name != NULL; p++) { b ; } }
+
+
+/* Returns the TLS id of the given curve
+ */
+int
+_gnutls_tls_id_to_ecc_curve (int num)
+{
+ gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID;
+
+ GNUTLS_ECC_CURVE_LOOP (
+ if (p->tls_id == num)
+ {
+ ret = p->id;
+ break;
+ }
+ );
+
+ return ret;
+}
+
+/**
+ * gnutls_ecc_curve_list:
+ *
+ * Get the list of supported elliptic curves.
+ *
+ * This function is not thread safe.
+ *
+ * Returns: Return a (0)-terminated list of #gnutls_ecc_curve_t
+ * integers indicating the available curves.
+ **/
+const gnutls_ecc_curve_t *
+gnutls_ecc_curve_list (void)
+{
+static gnutls_ecc_curve_t supported_curves[MAX_ALGOS] = { 0 };
+
+ if (supported_curves[0] == 0)
+ {
+ int i = 0;
+
+ GNUTLS_ECC_CURVE_LOOP (
+ supported_curves[i++]=p->id;
+ );
+ supported_curves[i++]=0;
+ }
+
+ return supported_curves;
+}
+
+/* Maps numbers to TLS NamedCurve IDs (RFC4492).
+ * Returns a negative number on error.
+ */
+int
+_gnutls_ecc_curve_get_tls_id (gnutls_ecc_curve_t supported_ecc)
+{
+ int ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+
+ GNUTLS_ECC_CURVE_LOOP (
+ if (p->id == supported_ecc)
+ {
+ ret = p->tls_id;
+ break;
+ }
+ );
+
+ return ret;
+}
+
+/*-
+ * _gnutls_oid_to_ecc_curve:
+ * @oid: is a curve's OID
+ *
+ * Returns: return a #gnutls_ecc_curve_t value corresponding to
+ * the specified OID, or %GNUTLS_ECC_CURVE_INVALID on error.
+ -*/
+gnutls_ecc_curve_t _gnutls_oid_to_ecc_curve (const char* oid)
+{
+ gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID;
+
+ GNUTLS_ECC_CURVE_LOOP (
+ if (strcasecmp (p->oid, oid) == 0)
+ {
+ ret = p->id;
+ break;
+ }
+ );
+
+ return ret;
+}
+
+/*-
+ * _gnutls_ecc_curve_get_id:
+ * @name: is a curve name
+ *
+ * The names are compared in a case insensitive way.
+ *
+ * Returns: return a #gnutls_ecc_curve_t value corresponding to
+ * the specified curve, or %GNUTLS_ECC_CURVE_INVALID on error.
+ -*/
+gnutls_ecc_curve_t
+_gnutls_ecc_curve_get_id (const char *name)
+{
+ gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID;
+
+ GNUTLS_ECC_CURVE_LOOP (
+ if (strcasecmp (p->name, name) == 0)
+ {
+ ret = p->id;
+ break;
+ }
+ );
+
+ return ret;
+}
+
+/*-
+ * _gnutls_ecc_bits_to_curve:
+ * @bits: is a security parameter in bits
+ *
+ * Returns: return a #gnutls_ecc_curve_t value corresponding to
+ * the specified bit length, or %GNUTLS_ECC_CURVE_INVALID on error.
+ -*/
+gnutls_ecc_curve_t
+_gnutls_ecc_bits_to_curve (int bits)
+{
+ gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_SECP224R1;
+
+ GNUTLS_ECC_CURVE_LOOP (
+ if (8*p->size >= bits)
+ {
+ ret = p->id;
+ break;
+ }
+ );
+
+ return ret;
+}
+
+/**
+ * gnutls_ecc_curve_get_name:
+ * @curve: is an ECC curve
+ *
+ * Convert a #gnutls_ecc_curve_t value to a string.
+ *
+ * Returns: a string that contains the name of the specified
+ * curve or %NULL.
+ *
+ * Since: 3.0
+ **/
+const char *
+gnutls_ecc_curve_get_name (gnutls_ecc_curve_t curve)
+{
+ const char *ret = NULL;
+
+ GNUTLS_ECC_CURVE_LOOP(
+ if (p->id == curve)
+ {
+ ret = p->name;
+ break;
+ }
+ );
+
+ return ret;
+}
+
+/*-
+ * _gnutls_ecc_curve_get_oid:
+ * @curve: is an ECC curve
+ *
+ * Convert a #gnutls_ecc_curve_t value to a string.
+ *
+ * Returns: a string that contains the name of the specified
+ * curve or %NULL.
+ -*/
+const char *
+_gnutls_ecc_curve_get_oid (gnutls_ecc_curve_t curve)
+{
+ const char *ret = NULL;
+
+ GNUTLS_ECC_CURVE_LOOP(
+ if (p->id == curve)
+ {
+ ret = p->oid;
+ break;
+ }
+ );
+
+ return ret;
+}
+
+/*-
+ * _gnutls_ecc_curve_get_params:
+ * @curve: is an ECC curve
+ *
+ * Returns the information on a curve.
+ *
+ * Returns: a pointer to #gnutls_ecc_curve_entry_st or %NULL.
+ -*/
+const gnutls_ecc_curve_entry_st *
+_gnutls_ecc_curve_get_params (gnutls_ecc_curve_t curve)
+{
+ const gnutls_ecc_curve_entry_st *ret = NULL;
+
+ GNUTLS_ECC_CURVE_LOOP(
+ if (p->id == curve)
+ {
+ ret = p;
+ break;
+ }
+ );
+
+ return ret;
+}
+
+/**
+ * gnutls_ecc_curve_get_size:
+ * @curve: is an ECC curve
+ *
+ * Returns the size in bytes of the curve.
+ *
+ * Returns: a the size or (0).
+ *
+ * Since: 3.0
+ **/
+int gnutls_ecc_curve_get_size (gnutls_ecc_curve_t curve)
+{
+ int ret = 0;
+
+ GNUTLS_ECC_CURVE_LOOP(
+ if (p->id == curve)
+ {
+ ret = p->size;
+ break;
+ }
+ );
+
+ return ret;
+}
diff --git a/SOURCES/gnutls-2.12.21-fips-algorithms.patch b/SOURCES/gnutls-2.12.21-fips-algorithms.patch
new file mode 100644
index 0000000..f40af01
--- /dev/null
+++ b/SOURCES/gnutls-2.12.21-fips-algorithms.patch
@@ -0,0 +1,209 @@
+diff -up gnutls-2.12.21/lib/gcrypt/init.c.fips gnutls-2.12.21/lib/gcrypt/init.c
+--- gnutls-2.12.21/lib/gcrypt/init.c.fips 2012-01-06 20:06:23.000000000 +0100
++++ gnutls-2.12.21/lib/gcrypt/init.c 2012-11-09 19:57:54.651624659 +0100
+@@ -43,6 +43,8 @@ static struct gcry_thread_cbs gct = {
+ .recvmsg = NULL,
+ };
+
++int gnutls_gcrypt_fips;
++
+ int
+ gnutls_crypto_init (void)
+ {
+@@ -72,6 +74,8 @@ gnutls_crypto_init (void)
+ return GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY;
+ }
+
++ gnutls_gcrypt_fips = gcry_fips_mode_active();
++
+ /* for gcrypt in order to be able to allocate memory */
+ gcry_control (GCRYCTL_DISABLE_SECMEM, NULL, 0);
+
+diff -up gnutls-2.12.21/lib/gnutls_algorithms.c.fips gnutls-2.12.21/lib/gnutls_algorithms.c
+--- gnutls-2.12.21/lib/gnutls_algorithms.c.fips 2012-01-06 20:06:23.000000000 +0100
++++ gnutls-2.12.21/lib/gnutls_algorithms.c 2012-11-28 14:19:34.507948036 +0100
+@@ -44,11 +44,11 @@ typedef struct
+ } gnutls_sec_params_entry;
+
+ static const gnutls_sec_params_entry sec_params[] = {
+- {"Weak", GNUTLS_SEC_PARAM_WEAK, 64, 816, 1024, 128, 128},
+- {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1248, 2048, 160, 160},
+- {"Normal", GNUTLS_SEC_PARAM_NORMAL, 112, 2432, 3072, 224, 224},
+- {"High", GNUTLS_SEC_PARAM_HIGH, 128, 3248, 3072, 256, 256},
+- {"Ultra", GNUTLS_SEC_PARAM_ULTRA, 256, 15424, 3072, 512, 512},
++ {"Weak", GNUTLS_SEC_PARAM_WEAK, 64, 1024, 1024, 128, 128},
++ {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1280, 2048, 160, 160},
++ {"Normal", GNUTLS_SEC_PARAM_NORMAL, 112, 2560, 3072, 224, 224},
++ {"High", GNUTLS_SEC_PARAM_HIGH, 128, 3328, 3072, 256, 256},
++ {"Ultra", GNUTLS_SEC_PARAM_ULTRA, 256, 15616, 3072, 512, 512},
+ {NULL, 0, 0, 0, 0, 0}
+ };
+
+diff -up gnutls-2.12.21/lib/gnutls_priority.c.fips gnutls-2.12.21/lib/gnutls_priority.c
+--- gnutls-2.12.21/lib/gnutls_priority.c.fips 2012-11-08 17:11:11.000000000 +0100
++++ gnutls-2.12.21/lib/gnutls_priority.c 2012-11-09 19:57:54.651624659 +0100
+@@ -30,6 +30,7 @@
+ #include "gnutls_algorithms.h"
+ #include "gnutls_errors.h"
+ #include
++#include
+
+ static void
+ break_comma_list (char *etag,
+@@ -223,6 +224,13 @@ static const int protocol_priority[] = {
+ 0
+ };
+
++static const int protocol_priority_fips[] = {
++ GNUTLS_TLS1_2,
++ GNUTLS_TLS1_1,
++ GNUTLS_TLS1_0,
++ 0
++};
++
+ static const int kx_priority_performance[] = {
+ GNUTLS_KX_RSA,
+ GNUTLS_KX_DHE_RSA,
+@@ -269,6 +277,13 @@ static const int cipher_priority_perform
+ 0
+ };
+
++static const int cipher_priority_performance_fips[] = {
++ GNUTLS_CIPHER_AES_128_CBC,
++ GNUTLS_CIPHER_3DES_CBC,
++ GNUTLS_CIPHER_AES_256_CBC,
++ 0
++};
++
+ static const int cipher_priority_normal[] = {
+ GNUTLS_CIPHER_AES_128_CBC,
+ #ifdef ENABLE_CAMELLIA
+@@ -284,6 +299,13 @@ static const int cipher_priority_normal[
+ 0
+ };
+
++static const int cipher_priority_normal_fips[] = {
++ GNUTLS_CIPHER_AES_128_CBC,
++ GNUTLS_CIPHER_AES_256_CBC,
++ GNUTLS_CIPHER_3DES_CBC,
++ 0
++};
++
+ static const int cipher_priority_secure128[] = {
+ GNUTLS_CIPHER_AES_128_CBC,
+ #ifdef ENABLE_CAMELLIA
+@@ -295,6 +317,11 @@ static const int cipher_priority_secure1
+ 0
+ };
+
++static const int cipher_priority_secure128_fips[] = {
++ GNUTLS_CIPHER_AES_128_CBC,
++ GNUTLS_CIPHER_3DES_CBC,
++ 0
++};
+
+ static const int cipher_priority_secure256[] = {
+ GNUTLS_CIPHER_AES_256_CBC,
+@@ -311,6 +338,13 @@ static const int cipher_priority_secure2
+ 0
+ };
+
++static const int cipher_priority_secure256_fips[] = {
++ GNUTLS_CIPHER_AES_256_CBC,
++ GNUTLS_CIPHER_AES_128_CBC,
++ GNUTLS_CIPHER_3DES_CBC,
++ 0
++};
++
+ /* The same as cipher_priority_security_normal + arcfour-40. */
+ static const int cipher_priority_export[] = {
+ GNUTLS_CIPHER_AES_128_CBC,
+@@ -362,6 +396,12 @@ static const int mac_priority_normal[] =
+ 0
+ };
+
++static const int mac_priority_normal_fips[] = {
++ GNUTLS_MAC_SHA1,
++ GNUTLS_MAC_SHA256,
++ 0
++};
++
+
+ static const int mac_priority_secure[] = {
+ GNUTLS_MAC_SHA256,
+@@ -462,6 +502,8 @@ gnutls_priority_set (gnutls_session_t se
+
+ #define MAX_ELEMENTS 48
+
++extern int gnutls_gcrypt_fips;
++
+ /**
+ * gnutls_priority_init:
+ * @priority_cache: is a #gnutls_prioritity_t structure.
+@@ -561,7 +603,7 @@ gnutls_priority_init (gnutls_priority_t
+ */
+ if (strcasecmp (broken_list[0], "NONE") != 0)
+ {
+- _set_priority (&(*priority_cache)->protocol, protocol_priority);
++ _set_priority (&(*priority_cache)->protocol, gnutls_gcrypt_fips?protocol_priority_fips:protocol_priority);
+ _set_priority (&(*priority_cache)->compression, comp_priority);
+ _set_priority (&(*priority_cache)->cert_type, cert_type_priority_default);
+ _set_priority (&(*priority_cache)->sign_algo, sign_priority_default);
+@@ -577,17 +619,17 @@ gnutls_priority_init (gnutls_priority_t
+ if (strcasecmp (broken_list[i], "PERFORMANCE") == 0)
+ {
+ _set_priority (&(*priority_cache)->cipher,
+- cipher_priority_performance);
++ gnutls_gcrypt_fips?cipher_priority_performance_fips:cipher_priority_performance);
+ _set_priority (&(*priority_cache)->kx, kx_priority_performance);
+- _set_priority (&(*priority_cache)->mac, mac_priority_normal);
++ _set_priority (&(*priority_cache)->mac, gnutls_gcrypt_fips?mac_priority_normal_fips:mac_priority_normal);
+ _set_priority (&(*priority_cache)->sign_algo,
+ sign_priority_default);
+ }
+ else if (strcasecmp (broken_list[i], "NORMAL") == 0)
+ {
+- _set_priority (&(*priority_cache)->cipher, cipher_priority_normal);
++ _set_priority (&(*priority_cache)->cipher, gnutls_gcrypt_fips?cipher_priority_normal_fips:cipher_priority_normal);
+ _set_priority (&(*priority_cache)->kx, kx_priority_secure);
+- _set_priority (&(*priority_cache)->mac, mac_priority_normal);
++ _set_priority (&(*priority_cache)->mac, gnutls_gcrypt_fips?mac_priority_normal_fips:mac_priority_normal);
+ _set_priority (&(*priority_cache)->sign_algo,
+ sign_priority_default);
+ }
+@@ -595,7 +637,7 @@ gnutls_priority_init (gnutls_priority_t
+ || strcasecmp (broken_list[i], "SECURE") == 0)
+ {
+ _set_priority (&(*priority_cache)->cipher,
+- cipher_priority_secure256);
++ gnutls_gcrypt_fips?cipher_priority_secure256_fips:cipher_priority_secure256);
+ _set_priority (&(*priority_cache)->kx, kx_priority_secure);
+ _set_priority (&(*priority_cache)->mac, mac_priority_secure);
+ _set_priority (&(*priority_cache)->sign_algo,
+@@ -604,7 +646,7 @@ gnutls_priority_init (gnutls_priority_t
+ else if (strcasecmp (broken_list[i], "SECURE128") == 0)
+ {
+ _set_priority (&(*priority_cache)->cipher,
+- cipher_priority_secure128);
++ gnutls_gcrypt_fips?cipher_priority_secure128_fips:cipher_priority_secure128);
+ _set_priority (&(*priority_cache)->kx, kx_priority_secure);
+ _set_priority (&(*priority_cache)->mac, mac_priority_secure);
+ _set_priority (&(*priority_cache)->sign_algo,
+@@ -646,7 +688,7 @@ gnutls_priority_init (gnutls_priority_t
+ if (strncasecmp (&broken_list[i][1], "VERS-TLS-ALL", 12) == 0)
+ {
+ bulk_fn (&(*priority_cache)->protocol,
+- protocol_priority);
++ gnutls_gcrypt_fips?protocol_priority_fips:protocol_priority);
+ }
+ else
+ {
+@@ -718,7 +760,7 @@ gnutls_priority_init (gnutls_priority_t
+ else if (strncasecmp (&broken_list[i][1], "CIPHER-ALL", 7) == 0)
+ {
+ bulk_fn (&(*priority_cache)->cipher,
+- cipher_priority_normal);
++ gnutls_gcrypt_fips?cipher_priority_normal_fips:cipher_priority_normal);
+ }
+ else
+ goto error;
diff --git a/SOURCES/gnutls-3.1.10-tests-rndport.patch b/SOURCES/gnutls-3.1.10-tests-rndport.patch
new file mode 100644
index 0000000..6fe2236
--- /dev/null
+++ b/SOURCES/gnutls-3.1.10-tests-rndport.patch
@@ -0,0 +1,24 @@
+diff -up gnutls-3.1.10/tests/dsa/testdsa.rndport gnutls-3.1.10/tests/dsa/testdsa
+--- gnutls-3.1.10/tests/dsa/testdsa.rndport 2013-03-21 21:42:28.000000000 +0100
++++ gnutls-3.1.10/tests/dsa/testdsa 2013-03-26 15:50:38.973561603 +0100
+@@ -23,7 +23,7 @@
+ srcdir="${srcdir:-.}"
+ SERV="${SERV:-../../src/gnutls-serv} -q"
+ CLI="${CLI:-../../src/gnutls-cli}"
+-PORT="${PORT:-5559}"
++PORT="${PORT:-$((RANDOM+5000))}"
+ DEBUG=""
+ unset RETCODE
+
+diff -up gnutls-3.1.10/tests/openpgp-certs/testcerts.rndport gnutls-3.1.10/tests/openpgp-certs/testcerts
+--- gnutls-3.1.10/tests/openpgp-certs/testcerts.rndport 2013-03-21 21:42:28.000000000 +0100
++++ gnutls-3.1.10/tests/openpgp-certs/testcerts 2013-03-26 15:52:33.207007952 +0100
+@@ -23,7 +23,7 @@
+ srcdir="${srcdir:-.}"
+ SERV="${SERV:-../../src/gnutls-serv} -q"
+ CLI="${CLI:-../../src/gnutls-cli}"
+-PORT="${PORT:-5557}"
++PORT="${PORT:-$((RANDOM+5000))}"
+ DEBUG=""
+
+ if test "${WINDIR}" != "";then
diff --git a/SOURCES/gnutls-3.1.11-nosrp.patch b/SOURCES/gnutls-3.1.11-nosrp.patch
new file mode 100644
index 0000000..29227c0
--- /dev/null
+++ b/SOURCES/gnutls-3.1.11-nosrp.patch
@@ -0,0 +1,12 @@
+diff -up gnutls-3.1.10/tests/srp/mini-srp.c.noecc gnutls-3.1.10/tests/srp/mini-srp.c
+--- gnutls-3.1.10/tests/srp/mini-srp.c.noecc 2013-03-21 21:42:28.000000000 +0100
++++ gnutls-3.1.10/tests/srp/mini-srp.c 2013-03-25 13:42:20.753422209 +0100
+@@ -27,7 +27,7 @@
+ #include
+ #include
+
+-#if defined(_WIN32)
++#if defined(_WIN32) || !defined(ENABLE_SRP)
+
+ int main()
+ {
diff --git a/SOURCES/gnutls-3.1.11-suiteb.patch b/SOURCES/gnutls-3.1.11-suiteb.patch
new file mode 100644
index 0000000..c4dd390
--- /dev/null
+++ b/SOURCES/gnutls-3.1.11-suiteb.patch
@@ -0,0 +1,119 @@
+diff -up gnutls-3.1.11/lib/gnutls_ecc.c.suiteb gnutls-3.1.11/lib/gnutls_ecc.c
+--- gnutls-3.1.11/lib/gnutls_ecc.c.suiteb 2013-04-27 10:04:48.000000000 +0200
++++ gnutls-3.1.11/lib/gnutls_ecc.c 2013-05-23 10:08:45.331883555 +0200
+@@ -129,6 +129,12 @@ int ret;
+ goto cleanup;
+ }
+ params->params_nr++;
++
++ if (_gnutls_mpi_get_nbits(params->params[ECC_PRIME]) < 256)
++ {
++ ret = gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
++ goto cleanup;
++ }
+
+ val_size = sizeof(val);
+ ret = _gnutls_hex2bin(st->order, strlen(st->order), val, &val_size);
+diff -up gnutls-3.1.11/lib/nettle/ecc_mulmod_cached.c.suiteb gnutls-3.1.11/lib/nettle/ecc_mulmod_cached.c
+--- gnutls-3.1.11/lib/nettle/ecc_mulmod_cached.c.suiteb 2013-04-27 10:04:48.000000000 +0200
++++ gnutls-3.1.11/lib/nettle/ecc_mulmod_cached.c 2013-05-23 10:24:56.575967312 +0200
+@@ -42,6 +42,7 @@ typedef struct
+
+ /* global cache */
+ static gnutls_ecc_curve_cache_entry_t *ecc_wmnaf_cache = NULL;
++static gnutls_ecc_curve_cache_entry_t *ecc_wmnaf_cache_last = NULL;
+
+ /* free single cache entry */
+ static void
+@@ -63,9 +64,10 @@ ecc_wmnaf_cache_free (void)
+ gnutls_ecc_curve_cache_entry_t *p = ecc_wmnaf_cache;
+ if (p)
+ {
+- for (; p->id != GNUTLS_ECC_CURVE_INVALID; ++p)
++ for (; p <= ecc_wmnaf_cache_last; ++p)
+ {
+- _ecc_wmnaf_cache_entry_free (p);
++ if (p->id != GNUTLS_ECC_CURVE_INVALID)
++ _ecc_wmnaf_cache_entry_free (p);
+ }
+
+ free (ecc_wmnaf_cache);
+@@ -198,7 +200,7 @@ ecc_wmnaf_cache_init (void)
+ const gnutls_ecc_curve_t *p;
+
+ ret = (gnutls_ecc_curve_cache_entry_t *)
+- malloc (MAX_ALGOS * sizeof (gnutls_ecc_curve_cache_entry_t));
++ calloc (MAX_ALGOS, sizeof (gnutls_ecc_curve_cache_entry_t));
+ if (ret == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+@@ -207,12 +209,16 @@ ecc_wmnaf_cache_init (void)
+
+ for (j = 0; *p; ++p, ++j)
+ {
+- if ((err = _ecc_wmnaf_cache_entry_init (ret + *p - 1, *p)) != 0)
++ gnutls_ecc_curve_cache_entry_t *entry;
++
++ entry = ret + *p - 1;
++ if ((err = _ecc_wmnaf_cache_entry_init (entry, *p)) != 0)
+ goto done;
++ if (ecc_wmnaf_cache_last < entry)
++ ecc_wmnaf_cache_last = entry;
+ }
+
+- /* nullify last cache entry id */
+- ret[j].id = GNUTLS_ECC_CURVE_INVALID;
++ /* no need to nullify last cache entry id, done by calloc */
+
+ err = GNUTLS_E_SUCCESS;
+
+@@ -223,7 +229,8 @@ done:
+ int i;
+ for (i = 0; i < j; ++i)
+ {
+- _ecc_wmnaf_cache_entry_free (ret + i);
++ --p;
++ _ecc_wmnaf_cache_entry_free (ret + *p - 1);
+ }
+
+ free (ret);
+@@ -445,9 +452,11 @@ ecc_mulmod_cached_lookup (mpz_t k, ecc_p
+ if (k == NULL || G == NULL || R == NULL || modulus == NULL)
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+
+- for (i = 0; (id = ecc_wmnaf_cache[i].id); ++i)
++ for (i = 0; ecc_wmnaf_cache + i <= ecc_wmnaf_cache_last; ++i)
+ {
+- if (!(mpz_cmp (G->x, ecc_wmnaf_cache[i].pos[0]->x)) &&
++ id = ecc_wmnaf_cache[i].id;
++ if (id &&
++ !(mpz_cmp (G->x, ecc_wmnaf_cache[i].pos[0]->x)) &&
+ !(mpz_cmp (G->y, ecc_wmnaf_cache[i].pos[0]->y)))
+ {
+ break;
+diff -up gnutls-3.1.11/tests/mini-xssl.c.suiteb gnutls-3.1.11/tests/mini-xssl.c
+--- gnutls-3.1.11/tests/mini-xssl.c.suiteb 2013-05-10 10:10:27.000000000 +0200
++++ gnutls-3.1.11/tests/mini-xssl.c 2013-05-23 11:58:22.670298910 +0200
+@@ -27,7 +27,8 @@
+ #include
+ #include
+
+-#if defined(_WIN32)
++/* uses unsupported curves */
++#if 1
+
+ int main()
+ {
+diff -up gnutls-3.1.11/tests/pkcs12_simple.c.suiteb gnutls-3.1.11/tests/pkcs12_simple.c
+--- gnutls-3.1.11/tests/pkcs12_simple.c.suiteb 2013-05-10 10:10:27.000000000 +0200
++++ gnutls-3.1.11/tests/pkcs12_simple.c 2013-05-23 11:57:59.776799848 +0200
+@@ -50,6 +50,9 @@ doit (void)
+ gnutls_x509_privkey_t pkey;
+ int ret;
+
++ /* uses unsupported curves */
++ exit(77);
++
+ ret = global_init ();
+ if (ret < 0)
+ fail ("global_init failed %d\n", ret);
diff --git a/SOURCES/gnutls-3.1.7-rpath.patch b/SOURCES/gnutls-3.1.7-rpath.patch
new file mode 100644
index 0000000..d087db9
--- /dev/null
+++ b/SOURCES/gnutls-3.1.7-rpath.patch
@@ -0,0 +1,39 @@
+diff -up gnutls-3.1.7/configure.rpath gnutls-3.1.7/configure
+--- gnutls-3.1.7/configure.rpath 2013-02-04 02:40:23.000000000 +0100
++++ gnutls-3.1.7/configure 2013-02-05 21:04:57.128932440 +0100
+@@ -48519,7 +48519,7 @@ shlibpath_var=
+ shlibpath_overrides_runpath=unknown
+ version_type=none
+ dynamic_linker="$host_os ld.so"
+-sys_lib_dlsearch_path_spec="/lib /usr/lib"
++sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64"
+ need_lib_prefix=unknown
+ hardcode_into_libs=no
+
+@@ -48962,7 +48962,7 @@ fi
+ # Append ld.so.conf contents to the search path
+ if test -f /etc/ld.so.conf; then
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
+- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
++ sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64 $lt_ld_extra"
+ fi
+
+ # We used to test for /lib/ld.so.1 and disable shared libraries on
+@@ -52353,7 +52353,7 @@ shlibpath_var=
+ shlibpath_overrides_runpath=unknown
+ version_type=none
+ dynamic_linker="$host_os ld.so"
+-sys_lib_dlsearch_path_spec="/lib /usr/lib"
++sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64"
+ need_lib_prefix=unknown
+ hardcode_into_libs=no
+
+@@ -52794,7 +52794,7 @@ fi
+ # Append ld.so.conf contents to the search path
+ if test -f /etc/ld.so.conf; then
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
+- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
++ sys_lib_dlsearch_path_spec="/lib /usr/lib /lib64 /usr/lib64 $lt_ld_extra"
+ fi
+
+ # We used to test for /lib/ld.so.1 and disable shared libraries on
diff --git a/SOURCES/hobble-gnutls b/SOURCES/hobble-gnutls
new file mode 100755
index 0000000..8b9633d
--- /dev/null
+++ b/SOURCES/hobble-gnutls
@@ -0,0 +1,19 @@
+#!/bin/sh
+set -x
+
+if [ "$1" = "-e" ] ; then
+ CMD="cat < /dev/null >"
+else
+ CMD="rm -f"
+fi
+
+# SRP
+for f in auth_srp_sb64.c auth_srp_passwd.c auth_srp_rsa.c \
+ gnutls_srp.c auth_srp.c ext_srp.c ; do
+ eval "$CMD lib/$f"
+done
+
+# ECC
+for f in ecc.c ; do
+ eval "$CMD lib/algorithms/$f"
+done
diff --git a/SOURCES/libgnutls-config b/SOURCES/libgnutls-config
new file mode 100755
index 0000000..8970bf4
--- /dev/null
+++ b/SOURCES/libgnutls-config
@@ -0,0 +1,91 @@
+#!/bin/sh
+
+prefix=/usr
+exec_prefix=/usr
+exec_prefix_set=no
+
+name=`basename $0`
+name=${name#lib}
+name=${name%-config}
+
+libs=`pkg-config --libs $name`
+cflags=`pkg-config --cflags $name`
+version=`pkg-config --modversion $name`
+
+usage()
+{
+
+echo Usage: lib$name-config [OPTIONS]
+ cat <&2
+fi
+
+while test $# -gt 0; do
+ case "$1" in
+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+ *) optarg= ;;
+ esac
+
+ case $1 in
+ --prefix=*)
+ prefix=$optarg
+ if test $exec_prefix_set = no ; then
+ exec_prefix=$optarg
+ fi
+ ;;
+ --prefix)
+ echo_prefix=yes
+ ;;
+ --exec-prefix=*)
+ exec_prefix=$optarg
+ exec_prefix_set=yes
+ ;;
+ --exec-prefix)
+ echo_exec_prefix=yes
+ ;;
+ --version)
+ echo $version
+ exit 0
+ ;;
+ --cflags)
+ echo_cflags=yes
+ ;;
+ --libs)
+ echo_libs=yes
+ ;;
+ --help)
+ usage 0
+ ;;
+ *)
+ usage 1 1>&2
+ ;;
+ esac
+ shift
+done
+
+if test "$echo_prefix" = "yes"; then
+ echo $prefix
+fi
+
+if test "$echo_exec_prefix" = "yes"; then
+ echo $exec_prefix
+fi
+
+if test "$echo_cflags" = "yes"; then
+ echo $cflags
+fi
+
+if test "$echo_libs" = "yes"; then
+ echo $libs
+fi
diff --git a/SPECS/gnutls.spec b/SPECS/gnutls.spec
new file mode 100644
index 0000000..01b1542
--- /dev/null
+++ b/SPECS/gnutls.spec
@@ -0,0 +1,600 @@
+%bcond_without dane
+%bcond_with guile
+Summary: A TLS protocol implementation
+Name: gnutls
+Version: 3.1.16
+Release: 1%{?dist}
+# The libraries are LGPLv2.1+, utilities are GPLv3+, however
+# the bundled gnulib is LGPLv3+
+License: GPLv3+ and LGPLv2+ and LGPLv3+
+Group: System Environment/Libraries
+BuildRequires: p11-kit-devel >= 0.11, gettext
+BuildRequires: zlib-devel, readline-devel, libtasn1-devel >= 3.1
+BuildRequires: lzo-devel, libtool, automake, autoconf, texinfo
+BuildRequires: nettle-devel >= 2.5
+%if %{with dane}
+BuildRequires: unbound-devel
+%endif
+%if %{with guile}
+BuildRequires: guile-devel
+%endif
+URL: http://www.gnutls.org/
+#Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/%{name}-%{version}.tar.xz
+#Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/%{name}-%{version}.tar.xz.sig
+# XXX patent tainted code removed.
+Source0: %{name}-%{version}-hobbled.tar.xz
+Source1: libgnutls-config
+Source2: hobble-gnutls
+Source3: ecc.c
+Patch1: gnutls-3.1.7-rpath.patch
+# Use only FIPS approved ciphers in the FIPS mode
+Patch7: gnutls-2.12.21-fips-algorithms.patch
+Patch8: gnutls-3.1.11-nosrp.patch
+# Use random port in some tests to avoid conflicts during simultaneous builds on the same machine
+Patch9: gnutls-3.1.10-tests-rndport.patch
+Patch10: gnutls-3.1.11-suiteb.patch
+
+# Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
+Provides: bundled(gnulib) = 20130424
+
+%package c++
+Summary: The C++ interface to GnuTLS
+Requires: %{name}%{?_isa} = %{version}-%{release}
+
+%package devel
+Summary: Development files for the %{name} package
+Group: Development/Libraries
+Requires: %{name}%{?_isa} = %{version}-%{release}
+Requires: %{name}-c++%{?_isa} = %{version}-%{release}
+%if %{with dane}
+Requires: %{name}-dane%{?_isa} = %{version}-%{release}
+%endif
+Requires: pkgconfig
+Requires(post): /sbin/install-info
+Requires(preun): /sbin/install-info
+
+%package utils
+License: GPLv3+
+Summary: Command line tools for TLS protocol
+Group: Applications/System
+Requires: %{name}%{?_isa} = %{version}-%{release}
+%if %{with dane}
+Requires: %{name}-dane%{?_isa} = %{version}-%{release}
+%endif
+
+%if %{with dane}
+%package dane
+Summary: A DANE protocol implementation for GnuTLS
+Requires: %{name}%{?_isa} = %{version}-%{release}
+%endif
+
+%if %{with guile}
+%package guile
+Summary: Guile bindings for the GNUTLS library
+Group: Development/Libraries
+Requires: %{name}%{?_isa} = %{version}-%{release}
+Requires: guile
+%endif
+
+%description
+GnuTLS is a project that aims to develop a library which provides a secure
+layer, over a reliable transport layer. Currently the GnuTLS library implements
+the proposed standards by the IETF's TLS working group.
+
+%description c++
+GnuTLS is a project that aims to develop a library which provides a secure
+layer, over a reliable transport layer. Currently the GnuTLS library implements
+the proposed standards by the IETF's TLS working group.
+This package contains the C++ interface for the GnuTLS library.
+
+%description devel
+GnuTLS is a project that aims to develop a library which provides a secure
+layer, over a reliable transport layer. Currently the GnuTLS library implements
+the proposed standards by the IETF's TLS working group.
+This package contains files needed for developing applications with
+the GnuTLS library.
+
+%description utils
+GnuTLS is a project that aims to develop a library which provides a secure
+layer, over a reliable transport layer. Currently the GnuTLS library implements
+the proposed standards by the IETF's TLS working group.
+This package contains command line TLS client and server and certificate
+manipulation tools.
+
+%if %{with dane}
+%description dane
+GnuTLS is a project that aims to develop a library which provides a secure
+layer, over a reliable transport layer. Currently the GnuTLS library implements
+the proposed standards by the IETF's TLS working group.
+This package contains library that implements the DANE protocol for verifying
+TLS certificates through DNSSEC.
+%endif
+
+%if %{with guile}
+%description guile
+GnuTLS is a project that aims to develop a library which provides a secure
+layer, over a reliable transport layer. Currently the GnuTLS library implements
+the proposed standards by the IETF's TLS working group.
+This package contains Guile bindings for the library.
+%endif
+
+%prep
+%setup -q
+
+%patch1 -p1 -b .rpath
+# This patch is not applicable as we use nettle now but some parts will be
+# later reused.
+#%patch7 -p1 -b .fips
+%patch8 -p1 -b .nosrp
+%patch9 -p1 -b .rndport
+%patch10 -p1 -b .suiteb
+
+%{SOURCE2} -e
+
+cp -f %{SOURCE3} lib/algorithms
+
+%build
+
+export LDFLAGS="-Wl,--no-add-needed"
+
+%configure --with-libtasn1-prefix=%{_prefix} \
+ --with-included-libcfg \
+ --disable-static \
+ --disable-openssl-compatibility \
+ --disable-srp-authentication \
+%if %{with guile}
+ --enable-guile \
+%ifarch %{arm}
+ --disable-largefile \
+%endif
+%else
+ --disable-guile \
+%endif
+%if %{with dane}
+ --enable-dane \
+%else
+ --disable-dane \
+%endif
+ --disable-rpath
+# Note that the arm hack above is not quite right and the proper thing would
+# be to compile guile with largefile support.
+make
+
+%install
+make install DESTDIR=$RPM_BUILD_ROOT
+rm -f $RPM_BUILD_ROOT%{_bindir}/srptool
+rm -f $RPM_BUILD_ROOT%{_bindir}/gnutls-srpcrypt
+cp -f %{SOURCE1} $RPM_BUILD_ROOT%{_bindir}/libgnutls-config
+cp -f %{SOURCE1} $RPM_BUILD_ROOT%{_bindir}/libgnutls-extra-config
+rm -f $RPM_BUILD_ROOT%{_mandir}/man1/srptool.1
+rm -f $RPM_BUILD_ROOT%{_mandir}/man3/*srp*
+rm -f $RPM_BUILD_ROOT%{_infodir}/dir
+rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
+rm -f $RPM_BUILD_ROOT%{_libdir}/libguile*.a
+%if %{without dane}
+rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gnutls-dane.pc
+%endif
+
+%find_lang gnutls
+
+%check
+make check
+
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+%post c++ -p /sbin/ldconfig
+
+%postun c++ -p /sbin/ldconfig
+
+%post devel
+if [ -f %{_infodir}/gnutls.info.gz ]; then
+ /sbin/install-info %{_infodir}/gnutls.info.gz %{_infodir}/dir || :
+fi
+
+%preun devel
+if [ $1 = 0 -a -f %{_infodir}/gnutls.info.gz ]; then
+ /sbin/install-info --delete %{_infodir}/gnutls.info.gz %{_infodir}/dir || :
+fi
+
+%if %{with dane}
+%post dane -p /sbin/ldconfig
+
+%postun dane -p /sbin/ldconfig
+%endif
+
+%if %{with guile}
+%post guile -p /sbin/ldconfig
+
+%postun guile -p /sbin/ldconfig
+%endif
+
+%files -f gnutls.lang
+%defattr(-,root,root,-)
+%{_libdir}/libgnutls.so.28*
+%{_libdir}/libgnutls-xssl.so.0*
+%doc COPYING COPYING.LESSER README AUTHORS NEWS THANKS
+
+%files c++
+%{_libdir}/libgnutlsxx.so.*
+
+%files devel
+%defattr(-,root,root,-)
+%{_bindir}/libgnutls*-config
+%{_includedir}/*
+%{_libdir}/libgnutls*.so
+%{_libdir}/pkgconfig/*.pc
+%{_mandir}/man3/*
+%{_infodir}/gnutls*
+%{_infodir}/pkcs11-vision*
+
+%files utils
+%defattr(-,root,root,-)
+%{_bindir}/certtool
+%{_bindir}/ocsptool
+%{_bindir}/psktool
+%{_bindir}/p11tool
+%if %{with dane}
+%{_bindir}/danetool
+%endif
+%{_bindir}/gnutls*
+%{_mandir}/man1/*
+%doc doc/certtool.cfg
+
+%if %{with dane}
+%files dane
+%defattr(-,root,root,-)
+%{_libdir}/libgnutls-dane.so.*
+%endif
+
+%if %{with guile}
+%files guile
+%defattr(-,root,root,-)
+%{_libdir}/libguile*.so*
+%{_datadir}/guile/site/gnutls
+%{_datadir}/guile/site/gnutls.scm
+%endif
+
+%changelog
+* Tue Nov 5 2013 Tomáš Mráz 3.1.16-1
+- new upstream release
+- fixes CVE-2013-4466 off-by-one in dane_query_tlsa()
+
+* Tue Oct 29 2013 Tomáš Mráz 3.1.15-1
+- new upstream release
+- fixes CVE-2013-4466 buffer overflow in handling DANE entries
+
+* Mon Jul 15 2013 Tomáš Mráz 3.1.13-1
+- new upstream release
+
+* Thu May 23 2013 Tomáš Mráz 3.1.11-1
+- new upstream release
+- enable ECC NIST Suite B curves
+
+* Mon Mar 25 2013 Tomas Mraz 3.1.10-1
+- new upstream release
+- license of the library is back to LGPLv2.1+
+
+* Fri Mar 15 2013 Tomas Mraz 3.1.9-1
+- new upstream release
+
+* Thu Mar 7 2013 Tomas Mraz 3.1.8-3
+- drop the temporary old library
+
+* Tue Feb 26 2013 Tomas Mraz 3.1.8-2
+- don't send ECC algos as supported (#913797)
+
+* Thu Feb 21 2013 Tomas Mraz 3.1.8-1
+- new upstream version
+
+* Wed Feb 6 2013 Tomas Mraz 3.1.7-1
+- new upstream version, requires rebuild of dependencies
+- this release temporarily includes old compatibility .so
+
+* Tue Feb 5 2013 Tomas Mraz 2.12.22-2
+- rebuilt with new libtasn1
+- make guile bindings optional - breaks i686 build and there is
+ no dependent package
+
+* Tue Jan 8 2013 Tomas Mraz 2.12.22-1
+- new upstream version
+
+* Wed Nov 28 2012 Tomas Mraz 2.12.21-2
+- use RSA bit sizes supported by libgcrypt in FIPS mode for security
+ levels (#879643)
+
+* Fri Nov 9 2012 Tomas Mraz 2.12.21-1
+- new upstream version
+
+* Thu Nov 1 2012 Tomas Mraz 2.12.20-4
+- negotiate only FIPS approved algorithms in the FIPS mode (#871826)
+
+* Wed Aug 8 2012 Tomas Mraz 2.12.20-3
+- fix the gnutls-cli-debug manpage - patch by Peter Schiffer
+
+* Thu Jul 19 2012 Fedora Release Engineering - 2.12.20-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Mon Jun 18 2012 Tomas Mraz 2.12.20-1
+- new upstream version
+
+* Fri May 18 2012 Tomas Mraz 2.12.19-1
+- new upstream version
+
+* Thu Mar 29 2012 Tomas Mraz 2.12.18-1
+- new upstream version
+
+* Thu Mar 8 2012 Tomas Mraz 2.12.17-1
+- new upstream version
+- fix leaks in key generation (#796302)
+
+* Fri Feb 03 2012 Kevin Fenzi - 2.12.14-3
+- Disable largefile on arm arch. (#787287)
+
+* Fri Jan 13 2012 Fedora Release Engineering - 2.12.14-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Tue Nov 8 2011 Tomas Mraz 2.12.14-1
+- new upstream version
+
+* Mon Oct 24 2011 Tomas Mraz 2.12.12-1
+- new upstream version
+
+* Thu Sep 29 2011 Tomas Mraz 2.12.11-1
+- new upstream version
+
+* Fri Aug 26 2011 Tomas Mraz 2.12.9-1
+- new upstream version
+
+* Tue Aug 16 2011 Tomas Mraz 2.12.8-1
+- new upstream version
+
+* Mon Jul 25 2011 Tomas Mraz 2.12.7-2
+- fix problem when using new libgcrypt
+- split libgnutlsxx to a subpackage (#455146)
+- drop libgnutls-openssl (#460310)
+
+* Tue Jun 21 2011 Tomas Mraz 2.12.7-1
+- new upstream version
+
+* Mon May 9 2011 Tomas Mraz 2.12.4-1
+- new upstream version
+
+* Tue Apr 26 2011 Tomas Mraz 2.12.3-1
+- new upstream version
+
+* Mon Apr 18 2011 Tomas Mraz 2.12.2-1
+- new upstream version
+
+* Thu Mar 3 2011 Tomas Mraz 2.10.5-1
+- new upstream version
+
+* Tue Feb 08 2011 Fedora Release Engineering - 2.10.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Wed Dec 8 2010 Tomas Mraz 2.10.4-1
+- new upstream version
+
+* Thu Dec 2 2010 Tomas Mraz 2.10.3-2
+- fix buffer overflow in gnutls-serv (#659259)
+
+* Fri Nov 19 2010 Tomas Mraz 2.10.3-1
+- new upstream version
+
+* Thu Sep 30 2010 Tomas Mraz 2.10.2-1
+- new upstream version
+
+* Wed Sep 29 2010 jkeating - 2.10.1-4
+- Rebuilt for gcc bug 634757
+
+* Thu Sep 23 2010 Tomas Mraz 2.10.1-3
+- more patching for internal errors regression (#629858)
+ patch by Vivek Dasmohapatra
+
+* Tue Sep 21 2010 Tomas Mraz 2.10.1-2
+- backported patch from upstream git hopefully fixing internal errors
+ (#629858)
+
+* Wed Aug 4 2010 Tomas Mraz 2.10.1-1
+- new upstream version
+
+* Wed Jun 2 2010 Tomas Mraz 2.8.6-2
+- add support for safe renegotiation CVE-2009-3555 (#533125)
+
+* Wed May 12 2010 Tomas Mraz 2.8.6-1
+- upgrade to a new upstream version
+
+* Mon Feb 15 2010 Rex Dieter 2.8.5-4
+- FTBFS gnutls-2.8.5-3.fc13: ImplicitDSOLinking (#564624)
+
+* Thu Jan 28 2010 Tomas Mraz 2.8.5-3
+- drop superfluous rpath from binaries
+- do not call autoreconf during build
+- specify the license on utils subpackage
+
+* Mon Jan 18 2010 Tomas Mraz 2.8.5-2
+- do not create static libraries (#556052)
+
+* Mon Nov 2 2009 Tomas Mraz 2.8.5-1
+- upgrade to a new upstream version
+
+* Wed Sep 23 2009 Tomas Mraz 2.8.4-1
+- upgrade to a new upstream version
+
+* Fri Aug 14 2009 Tomas Mraz 2.8.3-1
+- upgrade to a new upstream version
+
+* Fri Jul 24 2009 Fedora Release Engineering - 2.8.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Wed Jun 10 2009 Tomas Mraz 2.8.1-1
+- upgrade to a new upstream version
+
+* Wed Jun 3 2009 Tomas Mraz 2.8.0-1
+- upgrade to a new upstream version
+
+* Mon May 4 2009 Tomas Mraz 2.6.6-1
+- upgrade to a new upstream version - security fixes
+
+* Tue Apr 14 2009 Tomas Mraz 2.6.5-1
+- upgrade to a new upstream version, minor bugfixes only
+
+* Fri Mar 6 2009 Tomas Mraz 2.6.4-1
+- upgrade to a new upstream version
+
+* Tue Feb 24 2009 Fedora Release Engineering - 2.6.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Mon Dec 15 2008 Tomas Mraz 2.6.3-1
+- upgrade to a new upstream version
+
+* Thu Dec 4 2008 Tomas Mraz 2.6.2-1
+- upgrade to a new upstream version
+
+* Tue Nov 11 2008 Tomas Mraz 2.4.2-3
+- fix chain verification issue CVE-2008-4989 (#470079)
+
+* Thu Sep 25 2008 Tomas Mraz 2.4.2-2
+- add guile subpackage (#463735)
+- force new libtool through autoreconf to drop unnecessary rpaths
+
+* Tue Sep 23 2008 Tomas Mraz 2.4.2-1
+- new upstream version
+
+* Tue Jul 1 2008 Tomas Mraz 2.4.1-1
+- new upstream version
+- correct the license tag
+- explicit --with-included-opencdk not needed
+- use external lzo library, internal not included anymore
+
+* Tue Jun 24 2008 Tomas Mraz 2.4.0-1
+- upgrade to latest upstream
+
+* Tue May 20 2008 Tomas Mraz 2.0.4-3
+- fix three security issues in gnutls handshake - GNUTLS-SA-2008-1
+ (#447461, #447462, #447463)
+
+* Mon Feb 4 2008 Joe Orton 2.0.4-2
+- use system libtasn1
+
+* Tue Dec 4 2007 Tomas Mraz 2.0.4-1
+- upgrade to latest upstream
+
+* Tue Aug 21 2007 Tomas Mraz 1.6.3-2
+- license tag fix
+
+* Wed Jun 6 2007 Tomas Mraz 1.6.3-1
+- upgrade to latest upstream (#232445)
+
+* Tue Apr 10 2007 Tomas Mraz 1.4.5-2
+- properly require install-info (patch by Ville Skyttä)
+- standard buildroot and use dist tag
+- add COPYING and README to doc
+
+* Wed Feb 7 2007 Tomas Mraz 1.4.5-1
+- new upstream version
+- drop libtermcap-devel from buildrequires
+
+* Thu Sep 14 2006 Tomas Mraz 1.4.1-2
+- detect forged signatures - CVE-2006-4790 (#206411), patch
+ from upstream
+
+* Tue Jul 18 2006 Tomas Mraz - 1.4.1-1
+- upgrade to new upstream version, only minor changes
+
+* Wed Jul 12 2006 Jesse Keating - 1.4.0-1.1
+- rebuild
+
+* Wed Jun 14 2006 Tomas Mraz - 1.4.0-1
+- upgrade to new upstream version (#192070), rebuild
+ of dependent packages required
+
+* Tue May 16 2006 Tomas Mraz - 1.2.10-2
+- added missing buildrequires
+
+* Mon Feb 13 2006 Tomas Mraz - 1.2.10-1
+- updated to new version (fixes CVE-2006-0645)
+
+* Fri Feb 10 2006 Jesse Keating - 1.2.9-3.2
+- bump again for double-long bug on ppc(64)
+
+* Tue Feb 07 2006 Jesse Keating - 1.2.9-3.1
+- rebuilt for new gcc4.1 snapshot and glibc changes
+
+* Tue Jan 3 2006 Jesse Keating 1.2.9-3
+- rebuilt
+
+* Fri Dec 9 2005 Tomas Mraz 1.2.9-2
+- replaced *-config scripts with calls to pkg-config to
+ solve multilib conflicts
+
+* Wed Nov 23 2005 Tomas Mraz 1.2.9-1
+- upgrade to newest upstream
+- removed .la files (#172635)
+
+* Sun Aug 7 2005 Tomas Mraz 1.2.6-1
+- upgrade to newest upstream (rebuild of dependencies necessary)
+
+* Mon Jul 4 2005 Tomas Mraz 1.0.25-2
+- split the command line tools to utils subpackage
+
+* Sat Apr 30 2005 Tomas Mraz 1.0.25-1
+- new upstream version fixes potential DOS attack
+
+* Sat Apr 23 2005 Tomas Mraz 1.0.24-2
+- readd the version script dropped by upstream
+
+* Fri Apr 22 2005 Tomas Mraz 1.0.24-1
+- update to the latest upstream version on the 1.0 branch
+
+* Wed Mar 2 2005 Warren Togami 1.0.20-6
+- gcc4 rebuild
+
+* Tue Jan 4 2005 Ivana Varekova 1.0.20-5
+- add gnutls Requires zlib-devel (#144069)
+
+* Mon Nov 08 2004 Colin Walters 1.0.20-4
+- Make gnutls-devel Require libgcrypt-devel
+
+* Tue Sep 21 2004 Jeff Johnson 1.0.20-3
+- rebuild with release++, otherwise unchanged.
+
+* Tue Sep 7 2004 Jeff Johnson 1.0.20-2
+- patent tainted SRP code removed.
+
+* Sun Sep 5 2004 Jeff Johnson 1.0.20-1
+- update to 1.0.20.
+- add --with-included-opencdk --with-included-libtasn1
+- add --with-included-libcfg --with-included-lzo
+- add --disable-srp-authentication.
+- do "make check" after build.
+
+* Fri Mar 21 2003 Jeff Johnson 0.9.2-1
+- upgrade to 0.9.2
+
+* Tue Jun 25 2002 Jeff Johnson 0.4.4-1
+- update to 0.4.4.
+
+* Fri Jun 21 2002 Tim Powers
+- automated rebuild
+
+* Sat May 25 2002 Jeff Johnson 0.4.3-1
+- update to 0.4.3.
+
+* Tue May 21 2002 Jeff Johnson 0.4.2-1
+- update to 0.4.2.
+- change license to LGPL.
+- include splint annotations patch.
+
+* Tue Apr 2 2002 Nalin Dahyabhai 0.4.0-1
+- update to 0.4.0
+
+* Thu Jan 17 2002 Nalin Dahyabhai 0.3.2-1
+- update to 0.3.2
+
+* Thu Jan 10 2002 Nalin Dahyabhai 0.3.0-1
+- add a URL
+
+* Thu Dec 20 2001 Nalin Dahyabhai
+- initial package