Compare commits
6 commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
0cd2688fa7 | ||
|
|
f7d5531089 | ||
|
|
af4a165b69 | ||
|
|
c5ca9b5530 | ||
|
|
bbd689875c | ||
|
|
5fcda80cc3 |
8 changed files with 70 additions and 270 deletions
4
.gitignore
vendored
4
.gitignore
vendored
|
|
@ -127,3 +127,7 @@ gnutls-2.10.1-nosrp.tar.bz2
|
|||
/gnutls-3.6.14.tar.xz
|
||||
/gnutls-3.6.14.tar.xz.sig
|
||||
/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
|
||||
/gnutls-3.6.15.tar.xz
|
||||
/gnutls-3.6.15.tar.xz.sig
|
||||
/gnutls-3.6.16.tar.xz
|
||||
/gnutls-3.6.16.tar.xz.sig
|
||||
|
|
|
|||
|
|
@ -1,60 +0,0 @@
|
|||
From b57b820a3f0464e3151dd675af4f28ad109d683c Mon Sep 17 00:00:00 2001
|
||||
From: Vitezslav Cizek <vcizek@suse.com>
|
||||
Date: Tue, 9 Jun 2020 13:54:04 +0200
|
||||
Subject: [PATCH] configure: improve nettle, gmp, and hogweed soname detection
|
||||
|
||||
Some linkers might optimize away the libraries passed on the
|
||||
command line if they aren't actually needed, such as gnu ld with
|
||||
--as-needed.
|
||||
The ldd output then won't list the shared libraries and the
|
||||
detection will fail.
|
||||
Make sure nettle and others are really used.
|
||||
|
||||
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
|
||||
---
|
||||
configure.ac | 15 ++++++++++++---
|
||||
1 file changed, 12 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index e4ca66aec..ccbe4e563 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -741,7 +741,10 @@ LIBS=$save_LIBS
|
||||
save_LIBS=$LIBS
|
||||
LIBS="$LIBS $GMP_LIBS"
|
||||
AC_MSG_CHECKING([gmp soname])
|
||||
-AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
|
||||
+AC_LINK_IFELSE([AC_LANG_PROGRAM([
|
||||
+ #include <gmp.h>],[
|
||||
+ mpz_t n;
|
||||
+ mpz_init(n);])],
|
||||
[gmp_so=`(eval "$LDDPROG conftest$EXEEXT $LDDPOSTPROC") | grep '^libgmp\.so'`],
|
||||
[gmp_so=none])
|
||||
if test -z "$gmp_so"; then
|
||||
@@ -754,7 +757,10 @@ LIBS=$save_LIBS
|
||||
save_LIBS=$LIBS
|
||||
LIBS="$LIBS $NETTLE_LIBS"
|
||||
AC_MSG_CHECKING([nettle soname])
|
||||
-AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
|
||||
+AC_LINK_IFELSE([AC_LANG_PROGRAM([
|
||||
+ #include <nettle/sha2.h>],[
|
||||
+ struct sha256_ctx ctx;
|
||||
+ sha256_init(&ctx);])],
|
||||
[nettle_so=`(eval "$LDDPROG conftest$EXEEXT $LDDPOSTPROC") | grep '^libnettle\.so'`],
|
||||
[nettle_so=none])
|
||||
if test -z "$nettle_so"; then
|
||||
@@ -767,7 +773,10 @@ LIBS=$save_LIBS
|
||||
save_LIBS=$LIBS
|
||||
LIBS="$LIBS $HOGWEED_LIBS"
|
||||
AC_MSG_CHECKING([hogweed soname])
|
||||
-AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
|
||||
+AC_LINK_IFELSE([AC_LANG_PROGRAM([
|
||||
+ #include <nettle/rsa.h>],[
|
||||
+ struct rsa_private_key priv;
|
||||
+ nettle_rsa_private_key_init(&priv);])],
|
||||
[hogweed_so=`(eval "$LDDPROG conftest$EXEEXT $LDDPOSTPROC") | grep '^libhogweed\.so'`],
|
||||
[hogweed_so=none])
|
||||
if test -z "$hogweed_so"; then
|
||||
--
|
||||
2.25.4
|
||||
|
||||
|
|
@ -1,152 +0,0 @@
|
|||
From 6fbff7fc8aabeee2254405f254220bbe8c05c67d Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <ueno@gnu.org>
|
||||
Date: Fri, 5 Jun 2020 16:26:33 +0200
|
||||
Subject: [PATCH] crypto-api: always allocate memory when serializing iovec_t
|
||||
|
||||
The AEAD iov interface falls back to serializing the input buffers if
|
||||
the low-level cipher doesn't support scatter/gather encryption.
|
||||
However, there was a bug in the functions used for the serialization,
|
||||
which causes memory leaks under a certain condition (i.e. the number
|
||||
of input buffers is 1).
|
||||
|
||||
This patch makes the logic of the functions simpler, by removing a
|
||||
micro-optimization that tries to minimize the number of calls to
|
||||
malloc/free.
|
||||
|
||||
The original problem was reported by Marius Steffen in:
|
||||
https://bugzilla.samba.org/show_bug.cgi?id=14399
|
||||
and the cause was investigated by Alexander Haase in:
|
||||
https://gitlab.com/gnutls/gnutls/-/merge_requests/1277
|
||||
|
||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||
---
|
||||
lib/crypto-api.c | 36 +++++++++++-------------------------
|
||||
tests/aead-cipher-vec.c | 33 ++++++++++++++++++---------------
|
||||
2 files changed, 29 insertions(+), 40 deletions(-)
|
||||
|
||||
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
|
||||
index 45be64ed1..8524f5ed4 100644
|
||||
--- a/lib/crypto-api.c
|
||||
+++ b/lib/crypto-api.c
|
||||
@@ -891,32 +891,23 @@ gnutls_aead_cipher_encrypt(gnutls_aead_cipher_hd_t handle,
|
||||
struct iov_store_st {
|
||||
void *data;
|
||||
size_t size;
|
||||
- unsigned allocated;
|
||||
};
|
||||
|
||||
static void iov_store_free(struct iov_store_st *s)
|
||||
{
|
||||
- if (s->allocated) {
|
||||
- gnutls_free(s->data);
|
||||
- s->allocated = 0;
|
||||
- }
|
||||
+ gnutls_free(s->data);
|
||||
}
|
||||
|
||||
static int iov_store_grow(struct iov_store_st *s, size_t length)
|
||||
{
|
||||
- if (s->allocated || s->data == NULL) {
|
||||
- s->size += length;
|
||||
- s->data = gnutls_realloc(s->data, s->size);
|
||||
- if (s->data == NULL)
|
||||
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
|
||||
- s->allocated = 1;
|
||||
- } else {
|
||||
- void *data = s->data;
|
||||
- size_t size = s->size + length;
|
||||
- s->data = gnutls_malloc(size);
|
||||
- memcpy(s->data, data, s->size);
|
||||
- s->size += length;
|
||||
- }
|
||||
+ void *data;
|
||||
+
|
||||
+ s->size += length;
|
||||
+ data = gnutls_realloc(s->data, s->size);
|
||||
+ if (data == NULL)
|
||||
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
|
||||
+
|
||||
+ s->data = data;
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -926,11 +917,6 @@ copy_from_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt)
|
||||
memset(dst, 0, sizeof(*dst));
|
||||
if (iovcnt == 0) {
|
||||
return 0;
|
||||
- } else if (iovcnt == 1) {
|
||||
- dst->data = iov[0].iov_base;
|
||||
- dst->size = iov[0].iov_len;
|
||||
- /* implies: dst->allocated = 0; */
|
||||
- return 0;
|
||||
} else {
|
||||
int i;
|
||||
uint8_t *p;
|
||||
@@ -944,11 +930,11 @@ copy_from_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt)
|
||||
|
||||
p = dst->data;
|
||||
for (i=0;i<iovcnt;i++) {
|
||||
- memcpy(p, iov[i].iov_base, iov[i].iov_len);
|
||||
+ if (iov[i].iov_len > 0)
|
||||
+ memcpy(p, iov[i].iov_base, iov[i].iov_len);
|
||||
p += iov[i].iov_len;
|
||||
}
|
||||
|
||||
- dst->allocated = 1;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
diff --git a/tests/aead-cipher-vec.c b/tests/aead-cipher-vec.c
|
||||
index fba9010d9..6a30a35f7 100644
|
||||
--- a/tests/aead-cipher-vec.c
|
||||
+++ b/tests/aead-cipher-vec.c
|
||||
@@ -49,6 +49,7 @@ static void start(const char *name, int algo)
|
||||
giovec_t auth_iov[2];
|
||||
uint8_t tag[64];
|
||||
size_t tag_size = 0;
|
||||
+ size_t i;
|
||||
|
||||
key.data = key16;
|
||||
key.size = gnutls_cipher_get_key_size(algo);
|
||||
@@ -82,21 +83,23 @@ static void start(const char *name, int algo)
|
||||
if (ret < 0)
|
||||
fail("gnutls_cipher_init: %s\n", gnutls_strerror(ret));
|
||||
|
||||
- ret = gnutls_aead_cipher_encryptv2(ch,
|
||||
- iv.data, iv.size,
|
||||
- auth_iov, 2,
|
||||
- iov, 3,
|
||||
- tag, &tag_size);
|
||||
- if (ret < 0)
|
||||
- fail("could not encrypt data: %s\n", gnutls_strerror(ret));
|
||||
-
|
||||
- ret = gnutls_aead_cipher_decryptv2(ch,
|
||||
- iv.data, iv.size,
|
||||
- auth_iov, 2,
|
||||
- iov, 3,
|
||||
- tag, tag_size);
|
||||
- if (ret < 0)
|
||||
- fail("could not decrypt data: %s\n", gnutls_strerror(ret));
|
||||
+ for (i = 0; i < 2; i++) {
|
||||
+ ret = gnutls_aead_cipher_encryptv2(ch,
|
||||
+ iv.data, iv.size,
|
||||
+ auth_iov, 2,
|
||||
+ iov, i + 1,
|
||||
+ tag, &tag_size);
|
||||
+ if (ret < 0)
|
||||
+ fail("could not encrypt data: %s\n", gnutls_strerror(ret));
|
||||
+
|
||||
+ ret = gnutls_aead_cipher_decryptv2(ch,
|
||||
+ iv.data, iv.size,
|
||||
+ auth_iov, 2,
|
||||
+ iov, i + 1,
|
||||
+ tag, tag_size);
|
||||
+ if (ret < 0)
|
||||
+ fail("could not decrypt data: %s\n", gnutls_strerror(ret));
|
||||
+ }
|
||||
|
||||
gnutls_aead_cipher_deinit(ch);
|
||||
}
|
||||
--
|
||||
2.25.4
|
||||
|
||||
|
|
@ -1,50 +0,0 @@
|
|||
From f15c02b1fb9faf3e06db2c51196a27b0f9d72672 Mon Sep 17 00:00:00 2001
|
||||
From: James Bottomley <James.Bottomley@HansenPartnership.com>
|
||||
Date: Sun, 28 Jun 2020 21:33:09 +0200
|
||||
Subject: [PATCH] build: use $(LIBPTHREAD) rather than non-existent
|
||||
$(LTLIBPTHREAD)
|
||||
|
||||
On a very recent openSUSE build, libgnutls is getting built without
|
||||
libpthread. This caused a thread related error when trying to load a
|
||||
pkcs11 module that uses threading. The reason is rather convoluted:
|
||||
glibc actually controls all the pthread_ function calls, but it
|
||||
returns success without doing anything unless -lpthread is in the link
|
||||
list. What's happening is that gnutls_system_mutex_init() is being
|
||||
called on _gnutls_pkcs11_mutex before library pthreading is
|
||||
initialized, so the pthread_mutex_init ends up being a nop. Then, when
|
||||
the pkcs11 module is loaded, pthreads get initialized and the call to
|
||||
pthread_mutex_lock is real, but errors out on the uninitialized mutex.
|
||||
|
||||
The problem seems to be that nothing in the gnulib macros gnutls
|
||||
relies on for threading support detection actually sets LTLIBPTHREAD,
|
||||
they only set LIBPTHREAD. The fix is to use LIBPTHREAD in
|
||||
lib/Makefile.in
|
||||
|
||||
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
||||
---
|
||||
bootstrap.conf | 4 ++--
|
||||
lib/Makefile.am | 8 +++++++-
|
||||
2 files changed, 9 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/lib/Makefile.am b/lib/Makefile.am
|
||||
index fa47ac5e6..02504d8d1 100644
|
||||
--- a/lib/Makefile.am
|
||||
+++ b/lib/Makefile.am
|
||||
@@ -168,7 +168,13 @@ libgnutls_la_LIBADD += accelerated/libaccelerated.la
|
||||
endif
|
||||
|
||||
if !WINDOWS
|
||||
-thirdparty_libadd += $(LTLIBPTHREAD)
|
||||
+# p11-kit does not work without threading support:
|
||||
+# https://github.com/p11-glue/p11-kit/pull/183
|
||||
+if ENABLE_PKCS11
|
||||
+thirdparty_libadd += $(LIBPMULTITHREAD)
|
||||
+else
|
||||
+thirdparty_libadd += $(LIBPTHREAD)
|
||||
+endif
|
||||
endif
|
||||
|
||||
if NEEDS_LIBRT
|
||||
--
|
||||
2.26.2
|
||||
|
||||
46
gnutls-3.6.15-gnulib-perror-tests.patch
Normal file
46
gnutls-3.6.15-gnulib-perror-tests.patch
Normal file
|
|
@ -0,0 +1,46 @@
|
|||
From 175e0bc72808d564074c4adcc72aeadb74adfcc6 Mon Sep 17 00:00:00 2001
|
||||
From: Paul Eggert <eggert@cs.ucla.edu>
|
||||
Date: Thu, 27 Aug 2020 17:52:58 -0700
|
||||
Subject: [PATCH] perror, strerror_r: remove unportable tests
|
||||
|
||||
Problem reported by Florian Weimer in:
|
||||
https://lists.gnu.org/r/bug-gnulib/2020-08/msg00220.html
|
||||
* tests/test-perror2.c (main):
|
||||
* tests/test-strerror_r.c (main): Omit unportable tests.
|
||||
---
|
||||
ChangeLog | 8 ++++++++
|
||||
tests/test-perror2.c | 3 ---
|
||||
tests/test-strerror_r.c | 3 ---
|
||||
3 files changed, 8 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/gl/tests/test-perror2.c b/gl/tests/test-perror2.c
|
||||
index 1d14eda7b..c6214dd25 100644
|
||||
--- a/gl/tests/test-perror2.c
|
||||
+++ b/gl/tests/test-perror2.c
|
||||
@@ -79,9 +79,6 @@ main (void)
|
||||
errno = -5;
|
||||
perror ("");
|
||||
ASSERT (!ferror (stderr));
|
||||
- ASSERT (msg1 == msg2 || msg1 == msg4 || STREQ (msg1, str1));
|
||||
- ASSERT (msg2 == msg4 || STREQ (msg2, str2));
|
||||
- ASSERT (msg3 == msg4 || STREQ (msg3, str3));
|
||||
ASSERT (STREQ (msg4, str4));
|
||||
|
||||
free (str1);
|
||||
diff --git a/gl/tests/test-strerror_r.c b/gl/tests/test-strerror_r.c
|
||||
index b11d6fd9f..c1dbcf837 100644
|
||||
--- a/gl/tests/test-strerror_r.c
|
||||
+++ b/gl/tests/test-strerror_r.c
|
||||
@@ -165,9 +165,6 @@ main (void)
|
||||
|
||||
strerror_r (EACCES, buf, sizeof buf);
|
||||
strerror_r (-5, buf, sizeof buf);
|
||||
- ASSERT (msg1 == msg2 || msg1 == msg4 || STREQ (msg1, str1));
|
||||
- ASSERT (msg2 == msg4 || STREQ (msg2, str2));
|
||||
- ASSERT (msg3 == msg4 || STREQ (msg3, str3));
|
||||
ASSERT (STREQ (msg4, str4));
|
||||
|
||||
free (str1);
|
||||
--
|
||||
2.26.2
|
||||
|
||||
24
gnutls.spec
24
gnutls.spec
|
|
@ -1,11 +1,9 @@
|
|||
# This spec file has been automatically updated
|
||||
Version: 3.6.14
|
||||
Release: 6%{?dist}
|
||||
Version: 3.6.16
|
||||
Release: 1%{?dist}
|
||||
Patch1: gnutls-3.6.7-no-now-guile.patch
|
||||
Patch2: gnutls-3.2.7-rpath.patch
|
||||
Patch3: gnutls-3.6.14-fix-iovec-memory-leak.patch
|
||||
Patch4: gnutls-3.6.14-configure-fix-soname-detection.patch
|
||||
Patch5: gnutls-3.6.14-pthreads.patch
|
||||
Patch3: gnutls-3.6.15-gnulib-perror-tests.patch
|
||||
%bcond_without dane
|
||||
%if 0%{?rhel}
|
||||
%bcond_with guile
|
||||
|
|
@ -146,7 +144,7 @@ This package contains Guile bindings for the library.
|
|||
gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
|
||||
|
||||
%autosetup -p1
|
||||
autoreconf -fi
|
||||
#autoreconf -fi
|
||||
|
||||
sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure
|
||||
rm -f lib/minitasn1/*.c lib/minitasn1/*.h
|
||||
|
|
@ -158,6 +156,11 @@ echo "SYSTEM=NORMAL" >> tests/system.prio
|
|||
# via the crypto policies
|
||||
|
||||
%build
|
||||
# gnulib has bogus floating point tests which are compromised by
|
||||
# LTO affecting ppc64le builds
|
||||
%ifarch ppc64le
|
||||
%define _lto_cflags %{nil}
|
||||
%endif
|
||||
CCASFLAGS="$CCASFLAGS -Wa,--generate-missing-build-notes=yes"
|
||||
export CCASFLAGS
|
||||
|
||||
|
|
@ -282,6 +285,15 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon May 24 2021 Daiki Ueno <dueno@redhat.com> - 3.6.16-1
|
||||
- Update to upstream 3.6.16 release
|
||||
|
||||
* Fri Sep 4 2020 Daiki Ueno <dueno@redhat.com> - 3.6.15-1
|
||||
- Update to upstream 3.6.15 release
|
||||
|
||||
* Mon Aug 17 2020 Jeff Law <law@redhat.com> - 3.6.14-7
|
||||
- Disable LTO on ppc64le
|
||||
|
||||
* Tue Aug 4 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-6
|
||||
- Fix underlinking of libpthread
|
||||
|
||||
|
|
|
|||
Binary file not shown.
4
sources
4
sources
|
|
@ -1,3 +1,3 @@
|
|||
SHA512 (gnutls-3.6.14.tar.xz) = b2d427b5542a4679117c011dffa8efb0e0bffa3ce9cebc319f8998d03f80f4168d08f9fda35df18dbeaaada59e479d325a6c1c77d5ca7f8ce221b44e42bfe604
|
||||
SHA512 (gnutls-3.6.14.tar.xz.sig) = 88e31d484ab2e2e9a6a080d1bb0e2219aa0ec85af9ea4abe8292bc8ae2d6784273414227142a2ebe0142b907a5ac6aa4d407388357f13d96b96eca8f8c61103a
|
||||
SHA512 (gnutls-3.6.16.tar.xz) = 72c78d7fcb024393c1d15f2a1856608ae4460ba43cc5bbbb4c29b80508cae6cb822df4638029de2363437d110187e0a3cc19a7288c3b2f44b2f648399a028438
|
||||
SHA512 (gnutls-3.6.16.tar.xz.sig) = 1345c94efd8cbcc5df334ba685d0e5f9b87287888f392d14698c8eadbc07a57cc2f34f82e9298e9539636dde6f2cb25fca414972e5f5090e553808ba4d7c9c23
|
||||
SHA512 (gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg) = a74b92826fd0e5388c9f6d9231959e38b26aeef83138648fab66df951d8e1a4db5302b569d08515d4d6443e5e4f6c466f98319f330c820790260d22a9b9f7173
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue