up to 3.7.4 (new libgnutlsxx soname)auto/th/gnutls-3.7.4-1

- tpm2 libs now dlopened
- zstd patch to fix https://gitlab.com/gnutls/gnutls/-/issues/1343
- ktls patch no longer needed

4 files changed, 27 insertions, 105 deletions

diff --git a/gnutls-pl.po-update.patch b/gnutls-pl.po-update.patch
index 7c04ad4..3d71e94 100644
--- a/gnutls-pl.po-update.patch
+++ b/gnutls-pl.po-update.patch
@@ -13,7 +13,7 @@
 -"Project-Id-Version: gnutls-3.6.8\n"
 +"Project-Id-Version: gnutls-3.7.3\n"
  "Report-Msgid-Bugs-To: bug-gnutls@gnu.org\n"
- "POT-Creation-Date: 2022-01-18 08:10+0100\n"
+ "POT-Creation-Date: 2022-03-17 11:12+0100\n"
 -"PO-Revision-Date: 2019-06-01 08:22+0200\n"
 +"PO-Revision-Date: 2022-01-20 17:00+0100\n"
  "Last-Translator: Jakub Bogusz <qboosh@pld-linux.org>\n"
diff --git a/gnutls.spec b/gnutls.spec
index ddefca3..936f8cc 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -10,23 +10,19 @@
 %bcond_with	af_alg		# Linux kernel AF_ALG based acceleration
 %bcond_with	ktls		# Kernel TLS support
 
-%if %{with tpm2}
-%undefine	with_tpm
-%endif
-
 Summary:	The GNU Transport Layer Security Library
 Summary(pl.UTF-8):	Biblioteka GNU TLS (Transport Layer Security)
 Name:		gnutls
-Version:	3.7.3
-Release:	3
+Version:	3.7.4
+Release:	1
 License:	LGPL v2.1+ (libgnutls), LGPL v3+ (libdane), GPL v3+ (openssl library and tools)
 Group:		Libraries
 Source0:	ftp://ftp.gnutls.org/gcrypt/gnutls/v3.7/%{name}-%{version}.tar.xz
-# Source0-md5:	3723d8fee66c5d45d780ca64c089ed23
+# Source0-md5:	4bce06332c525eae540bb237433d4225
 Patch0:		%{name}-info.patch
 Patch1:		%{name}-link.patch
 Patch2:		%{name}-pl.po-update.patch
-Patch3:		ktls.patch
+Patch3:		zstd.patch
 URL:		https://www.gnutls.org/
 BuildRequires:	autoconf >= 2.63
 BuildRequires:	automake >= 1:1.12.2
@@ -36,6 +32,7 @@ BuildRequires:	gmp-devel
 %{?with_doc:BuildRequires:	gtk-doc >= 1.14}
 %{?with_guile:BuildRequires:	guile-devel >= 5:2.2.0}
 BuildRequires:	libidn2-devel >= 2.0.0
+BuildRequires:	libbrotli-devel >= 1.0.0
 %{?with_af_alg:BuildRequires:	libkcapi-devel >= 1.3.0}
 BuildRequires:	libstdc++-devel
 BuildRequires:	libtasn1-devel >= 4.11
@@ -58,6 +55,7 @@ BuildRequires:	tar >= 1:1.22
 %{?with_dane:BuildRequires:	unbound-devel}
 BuildRequires:	xz
 BuildRequires:	zlib-devel
+BuildRequires:	zstd-devel >= 1.3.0
 Requires:	%{name}-libs = %{version}-%{release}
 %{?with_dane:Requires:	%{name}-dane = %{version}-%{release}}
 BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
@@ -80,13 +78,18 @@ grupę roboczą IETF TLS.
 Summary:	GnuTLS shared libraries
 Summary(pl.UTF-8):	Biblioteki współdzielone GnuTLS
 Group:		Libraries
+Requires:	libbrotli >= 1.0.0
 Requires:	libidn2 >= 2.0.0
 %{?with_af_alg:Requires:	libkcapi >= 1.3.0}
 Requires:	libtasn1 >= 4.11
 Requires:	nettle >= 3.6
 #Requires:	opencdk >= 0.6.6
 Requires:	p11-kit >= 0.23.1
-%{?with_tpm:Requires:	trousers-libs >= 0.3.11}
+Requires:	zstd >= 1.3.0
+# dlopened libtss2-*
+%{?with_tpm2:Suggests:	tpm2-tss}
+# dlopened libtspi
+%{?with_tpm:Suggests:	trousers-libs >= 0.3.11}
 Conflicts:	gnutls < 3.2.0
 
 %description libs
@@ -102,15 +105,16 @@ License:	LGPL v2.1+ (libgnutls), GPL v3+ (openssl library)
 Group:		Development/Libraries
 Requires:	%{name}-libs = %{version}-%{release}
 Requires:	gmp-devel
+Requires:	libbrotli-devel >= 1.0.0
 Requires:	libidn2-devel
 Requires:	libtasn1-devel >= 4.11
 Requires:	libunistring-devel
 Requires:	nettle-devel >= 3.6
 #Requires:	opencdk-devel >= 0.6.6
 Requires:	p11-kit-devel >= 0.23.1
-%{?with_tpm2:Requires:	tpm2-tss-devel}
 %{?with_tpm:Requires:	trousers-devel >= 0.3.11}
 Requires:	zlib-devel
+Requires:	zstd-devel >= 1.3.0
 
 %description devel
 Header files etc to develop gnutls applications.
@@ -389,7 +393,7 @@ rm -rf $RPM_BUILD_ROOT
 %files c++
 %defattr(644,root,root,755)
 %attr(755,root,root) %{_libdir}/libgnutlsxx.so.*.*.*
-%attr(755,root,root) %ghost %{_libdir}/libgnutlsxx.so.28
+%attr(755,root,root) %ghost %{_libdir}/libgnutlsxx.so.30
 
 %files c++-devel
 %defattr(644,root,root,755)
diff --git a/ktls.patch b/ktls.patch
deleted file mode 100644
index 1e6d514..0000000
--- a/ktls.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From 0a14dc1b7b52abe458bb9c9bd67d89bec7ebb566 Mon Sep 17 00:00:00 2001
-From: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
-Date: Thu, 27 Jan 2022 13:54:21 +0100
-Subject: [PATCH] KTLS: hotfix
-
-fixed: keys will be set only when both sockets were enabled for ktls
-fixed: session->internals.ktls_enabled left uninitialized for non
-ktls-enabled build
-
-Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
----
- lib/handshake.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/lib/handshake.c b/lib/handshake.c
-index f65430bbcf..82c895bfde 100644
---- a/lib/handshake.c
-+++ b/lib/handshake.c
-@@ -2910,9 +2910,11 @@ int gnutls_handshake(gnutls_session_t session)
- 	}
- 
- #ifdef ENABLE_KTLS
--	if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_DUPLEX)) {
-+	if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_RECV) || IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND)) {
- 		_gnutls_ktls_set_keys(session);
- 	}
-+#else
-+	session->internals.ktls_enabled = 0;
- #endif
- 
- 	return 0;
--- 
-GitLab
-
-From 4828e3923486de2725dc73bf6e6a2db57f94945f Mon Sep 17 00:00:00 2001
-From: Jan Palus <jpalus@fastmail.com>
-Date: Fri, 28 Jan 2022 11:07:02 +0100
-Subject: [PATCH] ktls: fix _gnutls_ktls_send_control_msg return value
-
-always returned 0 on success while contract mandates to return number of
-bytes sent
-
-Fixes #1314
-
-Signed-off-by: Jan Palus <jpalus@fastmail.com>
----
- lib/system/ktls.c | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/lib/system/ktls.c b/lib/system/ktls.c
-index 03c94f6f80..7e3cb875ed 100644
---- a/lib/system/ktls.c
-+++ b/lib/system/ktls.c
-@@ -267,12 +267,13 @@ int _gnutls_ktls_send_control_msg(gnutls_session_t session,
- 	const char *buf = data;
- 	ssize_t ret;
- 	int sockin, sockout;
-+	size_t data_to_send = data_size;
- 
- 	assert (session != NULL);
- 
- 	gnutls_transport_get_int2(session, &sockin, &sockout);
- 
--	while (data_size > 0) {
-+	while (data_to_send > 0) {
- 		char cmsg[CMSG_SPACE(sizeof (unsigned char))];
- 		struct msghdr msg = { 0 };
- 		struct iovec msg_iov;   /* Vector of data to send/receive into. */
-@@ -291,7 +292,7 @@ int _gnutls_ktls_send_control_msg(gnutls_session_t session,
- 		msg.msg_controllen = hdr->cmsg_len;
- 
- 		msg_iov.iov_base = (void *)buf;
--		msg_iov.iov_len = data_size;
-+		msg_iov.iov_len = data_to_send;
- 
- 		msg.msg_iov = &msg_iov;
- 		msg.msg_iovlen = 1;
-@@ -310,10 +311,10 @@ int _gnutls_ktls_send_control_msg(gnutls_session_t session,
- 		}
- 
- 		buf += ret;
--		data_size -= ret;
-+		data_to_send -= ret;
- 	}
- 
--	return 0;
-+	return data_size;
- }
- 
- int _gnutls_ktls_recv_control_msg(gnutls_session_t session,
--- 
-GitLab
-
diff --git a/zstd.patch b/zstd.patch
new file mode 100644
index 0000000..0f99583
--- /dev/null
+++ b/zstd.patch
@@ -0,0 +1,11 @@
+--- gnutls-3.7.4/configure.ac.orig	2022-03-17 10:05:02.000000000 +0100
++++ gnutls-3.7.4/configure.ac	2022-03-18 10:25:53.449148726 +0100
+@@ -1040,7 +1040,7 @@
+ if test x$ac_zstd != xno; then
+     AC_MSG_RESULT(yes)
+     PKG_CHECK_MODULES(LIBZSTD, [libzstd >= 1.3.0], [with_libzstd=yes], [with_libzstd=no])
+-    if test "${with_libzstd}" = "yes" && test "${has_zstd_h}" = "yes"; then
++    if test "${with_libzstd}" = "yes"; then
+ 	AC_DEFINE([HAVE_LIBZSTD], 1, [Define if ZSTD compression is enabled.])
+ 	if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
+ 	    GNUTLS_REQUIRES_PRIVATE="Requires.private: libzstd"