libtcnative-1-0-1.3.7-160000.1.1

- Update to 1.3.7: [bsc#1260322]
  1.3.7
  * Code: Refactor access to ASN1_OCTET_STRING to use setters to fix
    errors when building against the latest OpenSSL 4.0.x code. (markt)
  * Fix: Fix the handling of OCSP requests with multiple responder URIs.
    (jfclere)
  * Fix: Fix the handling of TRY_AGAIN responses to OCSP requests when
    soft fail is disabled. (jfclere)
  1.3.6
  * Code: Refactor the SSL_CONF_CTX clean-up to align it with SSL and
    SSL_CTX clean-up. (markt)
  * Fix: Fix unnecessarily large buffer allocation when filtering out NULL
    and export ciphers. Pull requests #35 and #37 provided by chenjp.
    (markt)
  * Fix: Fix a potential memory leak if an invalid OpenSSLConf is
    provided. Pull request #36 provided by chenjp. (markt)
  * Fix: Refactor setting of OCSP configuration defaults as they were only
    applied if the SSL_CONF_CTX was used. While one was always used with
    Tomcat versions aware of the OCSP configuration options, one was not
    always used with Tomcat versions unaware of the OCSP configuration
    options leading to OCSP verification being enabled by default when the
    expected behaviour was disabled by default. (markt)
  * Code: Improve performance for the rare case of handling large OCSP
    responses. (markt)
  1.3.5
  * Fix: Remove group write permissions from the files in the tar.gz
    source archive. (markt)
  * Fix: Clear an additional error in OCSP processing that was preventing
    OCSP soft fail working with Tomcat's APR/native connector. (markt)
  1.3.4
  * Fix: Correct logic error that prevented the configuration of TLS 1.3
    cipher suites. (markt)
  1.3.3
  * Fix: Refactor the addition of TLS 1.3 cipher suite configuration to
    avoid a regression when running a version of Tomcat that pre-dates
    this change. (markt)
  1.3.2
  * Update: Rename configure.in to modern autotools style configure.ac.
    (rjung)
  * Update: Fix incomplete updates for autotools generated files during
    "buildconf" execution. (rjung)
  * Update: Improve quoting in tcnative.m4. (rjung)
  * Update: Update the minimum version of autoconf for releasing to 2.68.
    (rjung)
  * Fix: Fix the autoconf warnings when creating a release. (markt)
  * Update: The Windows binaries are now built with OCSP support enabled
    by default. (markt)
  * Add: Include a nonce with OCSP requests and check the nonce, if any,
    in the OCSP response. (markt)
  * Add: Expand verification of OCSP responses. (markt)
  * Add: Add the ability to configure the OCSP checks to soft-fail - i.e.
    if the responder cannot be contacted or fails to respond in a timely
    manner the OCSP check will not fail. (markt)
  * Add: Add a configurable timeout to the writing of OCSP requests and
    reading of OCSP responses. (markt)
  * Add: Add the ability to control the OCSP verification flags. (markt)
  * Add: Configure TLS 1.3 connections from the provided ciphers list as
    well as connections using TLS 1.2 and earlier. Pull request provided
    by gastush. (markt)
  * Update: Update the Windows build environment to use Visual Studio
    2022. (markt)
  1.3.1
  * Fix: Fix a crash on Windows when SSLContext.setCACertificate() is
    invoked with a null value for caCertificateFile and a non-null value
    for caCertificatePath until properly addressed with
    https://github.com/openssl/openssl/issues/24416. (michaelo)
  * Add: Use ERR_error_string_n with a definite buffer length as a named
    constant. (schultz)
  * Add: Ensure local reference capacity is available when creating new
    arrays and Strings. (schultz)
  * Update: Update the recommended minimum version of OpenSSL to 3.0.14.
    (markt)
  1.3.0
  * Update: Drop useless compile.optimize option. (michaelo)
  * Update: Align Java source compile configuration with Tomcat.
    (michaelo)
  * Fix: Fix version set in DLL header on Windows. (michaelo)
  * Update: Remove an unreachable if condition around CRLs in
    sslcontext.c. (michaelo)
  * Fix: 67818: When calling SSL.setVerify() or SSLContext.setVerify(),
    the default verify paths are no longer set. Only the explicitly
    configured trust store, if any, will be used. (michaelo)
  * Update: Update the minimum supported version of LibreSSL to 3.5.2.
    (markt)
  * Design: Remove NPN support as NPN was never standardised and browser
    support was removed in 2019. (markt)
  * Update: Update the recommended minimum version of OpenSSL to 3.0.13.
    (markt)

- Fix build after removal of the default %%{java_home} define

- Update to 1.2.39:
  * Fix: 67061: If the insecure optionalNoCA certificate verification
    mode is used, disable OCSP if enabled else client certificates
    from unknown certificate authorities will be rejected.
  * Update: Update the recommended minimum version of OpenSSL to
    3.0.11.
  * Change the hardcoded libopenssl-1_1-devel to libopenssl-devel
    for distributions that have the right version

- Version update to version 1.2.38:
  * Align default pass phrase prompt with HTTPd.
  * #66669: Fix memory leak in SNI processing.
  * Update the recommended minimum version of OpenSSL to 1.1.1v.
  * Update the recommended minimum version of APR to 1.7.4.
  * Document the TLS rengotiation behaviour.
  * Add HOWTO-RELEASE.txt that describes the release process.
  * Refactor library initialization so it is compatible with Tomcat
    10.1.x onwards where a number of Java classes have been removed.
  * Map the OpenSSL 3.x FIPS behaviour to the OpenSSL 1.x API to
    allow clients to determine if the FIPS provider is being used
    when Tomcat Native is compiled against OpenSSL 3.x.
  * #66035: Fix crash when attempting to read TLS session ID after
    a handshake failure.
  * Enable download_deps.sh to be called from any directory.
  * Fix release script so it works with the current git layout.
  * #65441: Correct previous fix that enabled building to continue
    with OpenSSL 3.x.
  * #65659: Remove remaining reference to pkg-config which is no
    longer included in the Tomcat Native distribution.
  * #65181: Additional changes required to provided support for
    using OpenSSL Engines that use proprietary key formats.
  * #65329: Correct handling of WINVER in make file to use correct
    constant for Windows 7. Add constants for Windows 8, Windows 8.1
    and Windows 10. Rename WINNT to WIN2k as it is used for Windows
    2000 upwards, not Windows NT upwards.
  * Add a patch for APR that fixes an issue where some Windows
    systems in some configurations would only listen on IPv6
    addresses on dual stack systems even though configured to listen
    on both IPv6 and IPv4 addresses.
  * Correct a regression in the fix for 65181 that prevented an
    error message from being displayed if an invalid key file was
    provided and no OpenSSL Engine was configured.
  * #65181: Improve support for using OpenSSL Engines that use
    proprietary key formats.
  * Enable building to continue against OpenSSL 3.x and 1.1.1.
  * Incomplete name mangling fix for C++ compilers in tcn_api.h.
  * Improve OS-specific header include for native thread id.
  * Disable keylog callback support for LibreSSL.
  * Add support for SSLContext.addChainCertificateRaw() with
    LibreSSL 2.9.1 and up.
  * Add support for HP-UX's _lwp_self() in our ssl_thread_id(void).
  * Remove default option passed for rpath to linker on HP-UX.
  * Add an option to allow the OCSP responder check to be bypassed.
    Note that if OCSP is enabled, a missing responder is now treated
    as an error.
  * #64429: Fix compilation with LibreSSL.
  * #63671: libtcnative does not compile with OpenSSL < 1.1.0 and
    APR w/o threading support.
  * Correct configure message for OpenSSL libdir.
  * #64260: Clean up install target.
  * #64315: configure output for OpenSSL wrong/incomplete sometimes.
  * Drop obsolete build time workarounds for HP-UX.
  * Add support for FreeBSD's pthread_getthreadid_np() in our
    ssl_thread_id(void).
  * #64316: Introduce tcn_get_thread_id(void) to reduce code
    duplication.
  * Fix linking against OpenSSL in non-standard locations on FreeBSD.
- Removed patch:
  * libtcnative-1-0-bsc1199170.patch
    + fix integrated

- Fix for SG#63251, bsc#1199170 (thanks to ohollmann@suse.com)
- added patches
  fix https://github.com/apache/tomcat-native/commit/5ac1175a0cf24aae2a285b3f3fb877ff83aef0c0
  + libtcnative-1-0-bsc1199170.patch

- Add GPG keyring.

- Version update to version 1.2.23:
  * See changelog.html for in-depth upstream changes

- Version update to version 1.2.21:
  * See changelog.html for in-depth upstream changes
  * Fix incompatibility with Tomcat (bsc#1130843)

- Version update to version 1.2.23:
  * Fix compatibility with Tomcat (bsc#1144465)
  * See changelog.html for in-depth upstream changes

- Version update to version 1.2.16:
  * See changelog.html for in-depth upstream changes
  * Fixes build breakage with newer version of openssl

- Version update to version 1.2.4:
  * See changelog.html for in-depth upstream changes
  * This connector to properly work requires openssl 1.0.2 or newer
    so do not backport to other codestreams.

- Remove keyring file as there is new keyring and I didn't find it
  on the web

- Update to version 1.1.32
  * Fix: 53952: Add support for TLSv1.2 and TLSv1.1.
  * Fix: 56844: Use OpenSSL 1.0.1j with Windows binaries.
  * Update: Use APR 1.5.1 with Windows binaries
- Remove tomcat-native-nosslv2.patch; merged on upstream release
- Remove %gpg_verify tag and gpg-offline require; let OBS handles
  gpg verification

- version 1.1.30
  * Fixed double-free in ssl_ocsp_request. Patch provided by
  Aristotelis.
  * Other minor bugfixes.
- openSUSE: Fix build when openssl does not have SSLv2 support.
  (tomcat-native-nosslv2.patch)

- Update to 1.1.27 (bugfix release)
  * fix high CUP usage on client's IP address change
  * add CPU information to OS info for Linux
  * fix FIPS mode for listeners; resolves 'Low level API
    call to digest MD5 forbidden in FIPS mode!' errors.
  * update add clearOptions function to allow access to
    OpenSSL's SSL_CTX_clear_options function.
  * fix regression in pollset return value.
- add gpg verification
- add javapackages-tools
- drop config-guess-sub-update.patch

- config-guess-sub-update.patch: update config.guess/sub for aarch64

- update to 1.1.24
  * add support for per-socket timeouts inside poller

- update to 1.1.23 - latest upstream version
  * autodetect java7
  * better support for ipv6
  * OCSP verification support
  * explicit use in FIPS mode allowed
  * and fixes many bugs, leaks and crashes
- split the spec from tomcat6 sources as it was never needed

- fixes bnc#622430 - move .so file to main package

- build from tomcat-native-1.1.20-src.tar.gz
- package needs work, does not have to live in tomcat src any more

- Tomcat update to 6.0.20
- APR update to 1.3.3 - the bugfix release

- Tomcat update to 6.0.18

- move the .so file to -devel subpackage to prevent of an rpmlint error

- The first release in SUSE (1.2.12)
  - fix of enhancenment request [bnc#202339]