Compare commits
14 commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
5aacc8cd4f | ||
|
|
2d25b601bf | ||
|
|
02604373b4 | ||
|
|
cf8e00c764 | ||
|
|
7b240b0959 | ||
|
|
a5bbb28088 | ||
|
|
a68aefef99 | ||
|
|
10f6e99293 | ||
|
|
75c72994c6 | ||
|
|
ee88c45f9f | ||
|
|
bdd006b412 | ||
|
|
262cc0d561 | ||
|
|
36d1e2827b | ||
|
|
341d862ca3 |
7 changed files with 304 additions and 6 deletions
8
.gitignore
vendored
8
.gitignore
vendored
|
|
@ -121,3 +121,11 @@ gnutls-2.10.1-nosrp.tar.bz2
|
|||
/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
|
||||
/gnutls-3.6.12.tar.xz.sig
|
||||
/gnutls-3.6.12.tar.xz
|
||||
/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
|
||||
/gnutls-3.6.13.tar.xz.sig
|
||||
/gnutls-3.6.13.tar.xz
|
||||
/gnutls-3.6.14.tar.xz
|
||||
/gnutls-3.6.14.tar.xz.sig
|
||||
/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
|
||||
/gnutls-3.6.15.tar.xz
|
||||
/gnutls-3.6.15.tar.xz.sig
|
||||
|
|
|
|||
60
gnutls-3.6.14-configure-fix-soname-detection.patch
Normal file
60
gnutls-3.6.14-configure-fix-soname-detection.patch
Normal file
|
|
@ -0,0 +1,60 @@
|
|||
From b57b820a3f0464e3151dd675af4f28ad109d683c Mon Sep 17 00:00:00 2001
|
||||
From: Vitezslav Cizek <vcizek@suse.com>
|
||||
Date: Tue, 9 Jun 2020 13:54:04 +0200
|
||||
Subject: [PATCH] configure: improve nettle, gmp, and hogweed soname detection
|
||||
|
||||
Some linkers might optimize away the libraries passed on the
|
||||
command line if they aren't actually needed, such as gnu ld with
|
||||
--as-needed.
|
||||
The ldd output then won't list the shared libraries and the
|
||||
detection will fail.
|
||||
Make sure nettle and others are really used.
|
||||
|
||||
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
|
||||
---
|
||||
configure.ac | 15 ++++++++++++---
|
||||
1 file changed, 12 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index e4ca66aec..ccbe4e563 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -741,7 +741,10 @@ LIBS=$save_LIBS
|
||||
save_LIBS=$LIBS
|
||||
LIBS="$LIBS $GMP_LIBS"
|
||||
AC_MSG_CHECKING([gmp soname])
|
||||
-AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
|
||||
+AC_LINK_IFELSE([AC_LANG_PROGRAM([
|
||||
+ #include <gmp.h>],[
|
||||
+ mpz_t n;
|
||||
+ mpz_init(n);])],
|
||||
[gmp_so=`(eval "$LDDPROG conftest$EXEEXT $LDDPOSTPROC") | grep '^libgmp\.so'`],
|
||||
[gmp_so=none])
|
||||
if test -z "$gmp_so"; then
|
||||
@@ -754,7 +757,10 @@ LIBS=$save_LIBS
|
||||
save_LIBS=$LIBS
|
||||
LIBS="$LIBS $NETTLE_LIBS"
|
||||
AC_MSG_CHECKING([nettle soname])
|
||||
-AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
|
||||
+AC_LINK_IFELSE([AC_LANG_PROGRAM([
|
||||
+ #include <nettle/sha2.h>],[
|
||||
+ struct sha256_ctx ctx;
|
||||
+ sha256_init(&ctx);])],
|
||||
[nettle_so=`(eval "$LDDPROG conftest$EXEEXT $LDDPOSTPROC") | grep '^libnettle\.so'`],
|
||||
[nettle_so=none])
|
||||
if test -z "$nettle_so"; then
|
||||
@@ -767,7 +773,10 @@ LIBS=$save_LIBS
|
||||
save_LIBS=$LIBS
|
||||
LIBS="$LIBS $HOGWEED_LIBS"
|
||||
AC_MSG_CHECKING([hogweed soname])
|
||||
-AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
|
||||
+AC_LINK_IFELSE([AC_LANG_PROGRAM([
|
||||
+ #include <nettle/rsa.h>],[
|
||||
+ struct rsa_private_key priv;
|
||||
+ nettle_rsa_private_key_init(&priv);])],
|
||||
[hogweed_so=`(eval "$LDDPROG conftest$EXEEXT $LDDPOSTPROC") | grep '^libhogweed\.so'`],
|
||||
[hogweed_so=none])
|
||||
if test -z "$hogweed_so"; then
|
||||
--
|
||||
2.25.4
|
||||
|
||||
152
gnutls-3.6.14-fix-iovec-memory-leak.patch
Normal file
152
gnutls-3.6.14-fix-iovec-memory-leak.patch
Normal file
|
|
@ -0,0 +1,152 @@
|
|||
From 6fbff7fc8aabeee2254405f254220bbe8c05c67d Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <ueno@gnu.org>
|
||||
Date: Fri, 5 Jun 2020 16:26:33 +0200
|
||||
Subject: [PATCH] crypto-api: always allocate memory when serializing iovec_t
|
||||
|
||||
The AEAD iov interface falls back to serializing the input buffers if
|
||||
the low-level cipher doesn't support scatter/gather encryption.
|
||||
However, there was a bug in the functions used for the serialization,
|
||||
which causes memory leaks under a certain condition (i.e. the number
|
||||
of input buffers is 1).
|
||||
|
||||
This patch makes the logic of the functions simpler, by removing a
|
||||
micro-optimization that tries to minimize the number of calls to
|
||||
malloc/free.
|
||||
|
||||
The original problem was reported by Marius Steffen in:
|
||||
https://bugzilla.samba.org/show_bug.cgi?id=14399
|
||||
and the cause was investigated by Alexander Haase in:
|
||||
https://gitlab.com/gnutls/gnutls/-/merge_requests/1277
|
||||
|
||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||
---
|
||||
lib/crypto-api.c | 36 +++++++++++-------------------------
|
||||
tests/aead-cipher-vec.c | 33 ++++++++++++++++++---------------
|
||||
2 files changed, 29 insertions(+), 40 deletions(-)
|
||||
|
||||
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
|
||||
index 45be64ed1..8524f5ed4 100644
|
||||
--- a/lib/crypto-api.c
|
||||
+++ b/lib/crypto-api.c
|
||||
@@ -891,32 +891,23 @@ gnutls_aead_cipher_encrypt(gnutls_aead_cipher_hd_t handle,
|
||||
struct iov_store_st {
|
||||
void *data;
|
||||
size_t size;
|
||||
- unsigned allocated;
|
||||
};
|
||||
|
||||
static void iov_store_free(struct iov_store_st *s)
|
||||
{
|
||||
- if (s->allocated) {
|
||||
- gnutls_free(s->data);
|
||||
- s->allocated = 0;
|
||||
- }
|
||||
+ gnutls_free(s->data);
|
||||
}
|
||||
|
||||
static int iov_store_grow(struct iov_store_st *s, size_t length)
|
||||
{
|
||||
- if (s->allocated || s->data == NULL) {
|
||||
- s->size += length;
|
||||
- s->data = gnutls_realloc(s->data, s->size);
|
||||
- if (s->data == NULL)
|
||||
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
|
||||
- s->allocated = 1;
|
||||
- } else {
|
||||
- void *data = s->data;
|
||||
- size_t size = s->size + length;
|
||||
- s->data = gnutls_malloc(size);
|
||||
- memcpy(s->data, data, s->size);
|
||||
- s->size += length;
|
||||
- }
|
||||
+ void *data;
|
||||
+
|
||||
+ s->size += length;
|
||||
+ data = gnutls_realloc(s->data, s->size);
|
||||
+ if (data == NULL)
|
||||
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
|
||||
+
|
||||
+ s->data = data;
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -926,11 +917,6 @@ copy_from_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt)
|
||||
memset(dst, 0, sizeof(*dst));
|
||||
if (iovcnt == 0) {
|
||||
return 0;
|
||||
- } else if (iovcnt == 1) {
|
||||
- dst->data = iov[0].iov_base;
|
||||
- dst->size = iov[0].iov_len;
|
||||
- /* implies: dst->allocated = 0; */
|
||||
- return 0;
|
||||
} else {
|
||||
int i;
|
||||
uint8_t *p;
|
||||
@@ -944,11 +930,11 @@ copy_from_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt)
|
||||
|
||||
p = dst->data;
|
||||
for (i=0;i<iovcnt;i++) {
|
||||
- memcpy(p, iov[i].iov_base, iov[i].iov_len);
|
||||
+ if (iov[i].iov_len > 0)
|
||||
+ memcpy(p, iov[i].iov_base, iov[i].iov_len);
|
||||
p += iov[i].iov_len;
|
||||
}
|
||||
|
||||
- dst->allocated = 1;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
diff --git a/tests/aead-cipher-vec.c b/tests/aead-cipher-vec.c
|
||||
index fba9010d9..6a30a35f7 100644
|
||||
--- a/tests/aead-cipher-vec.c
|
||||
+++ b/tests/aead-cipher-vec.c
|
||||
@@ -49,6 +49,7 @@ static void start(const char *name, int algo)
|
||||
giovec_t auth_iov[2];
|
||||
uint8_t tag[64];
|
||||
size_t tag_size = 0;
|
||||
+ size_t i;
|
||||
|
||||
key.data = key16;
|
||||
key.size = gnutls_cipher_get_key_size(algo);
|
||||
@@ -82,21 +83,23 @@ static void start(const char *name, int algo)
|
||||
if (ret < 0)
|
||||
fail("gnutls_cipher_init: %s\n", gnutls_strerror(ret));
|
||||
|
||||
- ret = gnutls_aead_cipher_encryptv2(ch,
|
||||
- iv.data, iv.size,
|
||||
- auth_iov, 2,
|
||||
- iov, 3,
|
||||
- tag, &tag_size);
|
||||
- if (ret < 0)
|
||||
- fail("could not encrypt data: %s\n", gnutls_strerror(ret));
|
||||
-
|
||||
- ret = gnutls_aead_cipher_decryptv2(ch,
|
||||
- iv.data, iv.size,
|
||||
- auth_iov, 2,
|
||||
- iov, 3,
|
||||
- tag, tag_size);
|
||||
- if (ret < 0)
|
||||
- fail("could not decrypt data: %s\n", gnutls_strerror(ret));
|
||||
+ for (i = 0; i < 2; i++) {
|
||||
+ ret = gnutls_aead_cipher_encryptv2(ch,
|
||||
+ iv.data, iv.size,
|
||||
+ auth_iov, 2,
|
||||
+ iov, i + 1,
|
||||
+ tag, &tag_size);
|
||||
+ if (ret < 0)
|
||||
+ fail("could not encrypt data: %s\n", gnutls_strerror(ret));
|
||||
+
|
||||
+ ret = gnutls_aead_cipher_decryptv2(ch,
|
||||
+ iv.data, iv.size,
|
||||
+ auth_iov, 2,
|
||||
+ iov, i + 1,
|
||||
+ tag, tag_size);
|
||||
+ if (ret < 0)
|
||||
+ fail("could not decrypt data: %s\n", gnutls_strerror(ret));
|
||||
+ }
|
||||
|
||||
gnutls_aead_cipher_deinit(ch);
|
||||
}
|
||||
--
|
||||
2.25.4
|
||||
|
||||
46
gnutls-3.6.15-gnulib-perror-tests.patch
Normal file
46
gnutls-3.6.15-gnulib-perror-tests.patch
Normal file
|
|
@ -0,0 +1,46 @@
|
|||
From 175e0bc72808d564074c4adcc72aeadb74adfcc6 Mon Sep 17 00:00:00 2001
|
||||
From: Paul Eggert <eggert@cs.ucla.edu>
|
||||
Date: Thu, 27 Aug 2020 17:52:58 -0700
|
||||
Subject: [PATCH] perror, strerror_r: remove unportable tests
|
||||
|
||||
Problem reported by Florian Weimer in:
|
||||
https://lists.gnu.org/r/bug-gnulib/2020-08/msg00220.html
|
||||
* tests/test-perror2.c (main):
|
||||
* tests/test-strerror_r.c (main): Omit unportable tests.
|
||||
---
|
||||
ChangeLog | 8 ++++++++
|
||||
tests/test-perror2.c | 3 ---
|
||||
tests/test-strerror_r.c | 3 ---
|
||||
3 files changed, 8 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/gl/tests/test-perror2.c b/gl/tests/test-perror2.c
|
||||
index 1d14eda7b..c6214dd25 100644
|
||||
--- a/gl/tests/test-perror2.c
|
||||
+++ b/gl/tests/test-perror2.c
|
||||
@@ -79,9 +79,6 @@ main (void)
|
||||
errno = -5;
|
||||
perror ("");
|
||||
ASSERT (!ferror (stderr));
|
||||
- ASSERT (msg1 == msg2 || msg1 == msg4 || STREQ (msg1, str1));
|
||||
- ASSERT (msg2 == msg4 || STREQ (msg2, str2));
|
||||
- ASSERT (msg3 == msg4 || STREQ (msg3, str3));
|
||||
ASSERT (STREQ (msg4, str4));
|
||||
|
||||
free (str1);
|
||||
diff --git a/gl/tests/test-strerror_r.c b/gl/tests/test-strerror_r.c
|
||||
index b11d6fd9f..c1dbcf837 100644
|
||||
--- a/gl/tests/test-strerror_r.c
|
||||
+++ b/gl/tests/test-strerror_r.c
|
||||
@@ -165,9 +165,6 @@ main (void)
|
||||
|
||||
strerror_r (EACCES, buf, sizeof buf);
|
||||
strerror_r (-5, buf, sizeof buf);
|
||||
- ASSERT (msg1 == msg2 || msg1 == msg4 || STREQ (msg1, str1));
|
||||
- ASSERT (msg2 == msg4 || STREQ (msg2, str2));
|
||||
- ASSERT (msg3 == msg4 || STREQ (msg3, str3));
|
||||
ASSERT (STREQ (msg4, str4));
|
||||
|
||||
free (str1);
|
||||
--
|
||||
2.26.2
|
||||
|
||||
38
gnutls.spec
38
gnutls.spec
|
|
@ -1,8 +1,9 @@
|
|||
# This spec file has been automatically updated
|
||||
Version: 3.6.12
|
||||
Version: 3.6.15
|
||||
Release: 1%{?dist}
|
||||
Patch1: gnutls-3.6.7-no-now-guile.patch
|
||||
Patch2: gnutls-3.2.7-rpath.patch
|
||||
Patch3: gnutls-3.6.15-gnulib-perror-tests.patch
|
||||
%bcond_without dane
|
||||
%if 0%{?rhel}
|
||||
%bcond_with guile
|
||||
|
|
@ -47,7 +48,7 @@ BuildRequires: guile22-devel
|
|||
URL: http://www.gnutls.org/
|
||||
Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/%{name}-%{version}.tar.xz
|
||||
Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/%{name}-%{version}.tar.xz.sig
|
||||
Source2: gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
|
||||
Source2: gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
|
||||
|
||||
# Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
|
||||
Provides: bundled(gnulib) = 20130424
|
||||
|
|
@ -143,7 +144,6 @@ This package contains Guile bindings for the library.
|
|||
gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
|
||||
|
||||
%autosetup -p1
|
||||
autoreconf
|
||||
|
||||
sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure
|
||||
rm -f lib/minitasn1/*.c lib/minitasn1/*.h
|
||||
|
|
@ -279,6 +279,38 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Sep 4 2020 Daiki Ueno <dueno@redhat.com> - 3.6.15-1
|
||||
- Update to upstream 3.6.15 release
|
||||
|
||||
* Tue Jun 09 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.14-2
|
||||
- Fix memory leak when serializing iovec_t (#1845083)
|
||||
- Fix automatic libraries sonames detection (#1845806)
|
||||
|
||||
* Thu Jun 4 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-1
|
||||
- Update to upstream 3.6.14 release
|
||||
|
||||
* Sun May 31 2020 Daiki Ueno <dueno@redhat.com> - 3.6.13-6
|
||||
- Update gnutls-3.6.13-superseding-chain.patch
|
||||
|
||||
* Sun May 31 2020 Daiki Ueno <dueno@redhat.com> - 3.6.13-5
|
||||
- Fix cert chain validation behavior if the last cert has expired (#1842178)
|
||||
|
||||
* Mon May 25 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.13-4
|
||||
- Add option to gnutls-cli to wait for resumption under TLS 1.3
|
||||
|
||||
* Tue May 19 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.13-3
|
||||
- Disable RSA blinding during FIPS self-tests
|
||||
|
||||
* Wed May 13 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.13-2
|
||||
- Bump linked libraries soname to fix FIPS selftests (#1835265)
|
||||
|
||||
* Tue Mar 31 2020 Daiki Ueno <dueno@redhat.com> - 3.6.13-1
|
||||
- Update to upstream 3.6.13 release
|
||||
|
||||
* Thu Mar 26 2020 Anderson Sasaki <ansasaki@redhat.com> - 3.6.12-2
|
||||
- Fix FIPS POST (#1813384)
|
||||
- Fix gnutls-serv --echo to not exit when a message is received (#1816583)
|
||||
|
||||
* Sun Feb 02 2020 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 3.6.12-1
|
||||
- Update to upstream 3.6.12 release
|
||||
|
||||
|
|
|
|||
Binary file not shown.
6
sources
6
sources
|
|
@ -1,3 +1,3 @@
|
|||
SHA512 (gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg) = 3b1989dc6a64d1140f83a2af0773da2adb03c50d97b6da7357cf09525050651aafa21131f1e3180baa540a8af922119a256f5ff5bcd6602996a806e8e1816bad
|
||||
SHA512 (gnutls-3.6.12.tar.xz.sig) = fee2a330c047303b683824176ed2e14dba38ad22cddb548d6259bc8639e0c5dab7a1c93af84860193335271c9cb3810c046bb89b73d8c8a8cf61307108e957b5
|
||||
SHA512 (gnutls-3.6.12.tar.xz) = e1031fd1239d8b0f056a6b736e4c72c9268fb635f273527f310771c608b841cad7b6631401382ec3040d9b539180bf421882bf43427ad3549a5787d2864c2fa5
|
||||
SHA512 (gnutls-3.6.15.tar.xz) = f757d1532198f44bcad7b73856ce6a05bab43f6fb77fcc81c59607f146202f73023d0796d3e1e7471709cf792c8ee7d436e19407e0601bc0bda2f21512b3b01c
|
||||
SHA512 (gnutls-3.6.15.tar.xz.sig) = a6dbb6093fefddce4c76ce0015d1e0ff7bb712985007c5c6bd5ed6a8cd7529ab250bcbc98b70beeb9dc1b43dcfc65495c77b9abb43e690f24eb7bf0042af1f68
|
||||
SHA512 (gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg) = a74b92826fd0e5388c9f6d9231959e38b26aeef83138648fab66df951d8e1a4db5302b569d08515d4d6443e5e4f6c466f98319f330c820790260d22a9b9f7173
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue