Compare commits

...
Sign in to create a new pull request.

6 commits

Author SHA1 Message Date
Daiki Ueno
0cd2688fa7 Re-add gnulib test fixes 2021-05-24 11:50:53 +02:00
Daiki Ueno
f7d5531089 Update to upstream 3.6.16 release 2021-05-24 11:36:52 +02:00
Daiki Ueno
af4a165b69 Port Gnulib test fixes from upstream 2020-09-04 13:15:41 +02:00
Daiki Ueno
c5ca9b5530 Remove unnecessary patches and bootstrapping process 2020-09-04 13:15:23 +02:00
Daiki Ueno
bbd689875c Update to the upstream 3.6.15 release 2020-09-04 13:15:15 +02:00
Jeff Law
5fcda80cc3 Disable LTO on ppc64le 2020-08-17 22:15:49 -06:00
8 changed files with 70 additions and 270 deletions

4
.gitignore vendored
View file

@ -127,3 +127,7 @@ gnutls-2.10.1-nosrp.tar.bz2
/gnutls-3.6.14.tar.xz
/gnutls-3.6.14.tar.xz.sig
/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
/gnutls-3.6.15.tar.xz
/gnutls-3.6.15.tar.xz.sig
/gnutls-3.6.16.tar.xz
/gnutls-3.6.16.tar.xz.sig

View file

@ -1,60 +0,0 @@
From b57b820a3f0464e3151dd675af4f28ad109d683c Mon Sep 17 00:00:00 2001
From: Vitezslav Cizek <vcizek@suse.com>
Date: Tue, 9 Jun 2020 13:54:04 +0200
Subject: [PATCH] configure: improve nettle, gmp, and hogweed soname detection
Some linkers might optimize away the libraries passed on the
command line if they aren't actually needed, such as gnu ld with
--as-needed.
The ldd output then won't list the shared libraries and the
detection will fail.
Make sure nettle and others are really used.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
---
configure.ac | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
index e4ca66aec..ccbe4e563 100644
--- a/configure.ac
+++ b/configure.ac
@@ -741,7 +741,10 @@ LIBS=$save_LIBS
save_LIBS=$LIBS
LIBS="$LIBS $GMP_LIBS"
AC_MSG_CHECKING([gmp soname])
-AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
+AC_LINK_IFELSE([AC_LANG_PROGRAM([
+ #include <gmp.h>],[
+ mpz_t n;
+ mpz_init(n);])],
[gmp_so=`(eval "$LDDPROG conftest$EXEEXT $LDDPOSTPROC") | grep '^libgmp\.so'`],
[gmp_so=none])
if test -z "$gmp_so"; then
@@ -754,7 +757,10 @@ LIBS=$save_LIBS
save_LIBS=$LIBS
LIBS="$LIBS $NETTLE_LIBS"
AC_MSG_CHECKING([nettle soname])
-AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
+AC_LINK_IFELSE([AC_LANG_PROGRAM([
+ #include <nettle/sha2.h>],[
+ struct sha256_ctx ctx;
+ sha256_init(&ctx);])],
[nettle_so=`(eval "$LDDPROG conftest$EXEEXT $LDDPOSTPROC") | grep '^libnettle\.so'`],
[nettle_so=none])
if test -z "$nettle_so"; then
@@ -767,7 +773,10 @@ LIBS=$save_LIBS
save_LIBS=$LIBS
LIBS="$LIBS $HOGWEED_LIBS"
AC_MSG_CHECKING([hogweed soname])
-AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
+AC_LINK_IFELSE([AC_LANG_PROGRAM([
+ #include <nettle/rsa.h>],[
+ struct rsa_private_key priv;
+ nettle_rsa_private_key_init(&priv);])],
[hogweed_so=`(eval "$LDDPROG conftest$EXEEXT $LDDPOSTPROC") | grep '^libhogweed\.so'`],
[hogweed_so=none])
if test -z "$hogweed_so"; then
--
2.25.4

View file

@ -1,152 +0,0 @@
From 6fbff7fc8aabeee2254405f254220bbe8c05c67d Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Fri, 5 Jun 2020 16:26:33 +0200
Subject: [PATCH] crypto-api: always allocate memory when serializing iovec_t
The AEAD iov interface falls back to serializing the input buffers if
the low-level cipher doesn't support scatter/gather encryption.
However, there was a bug in the functions used for the serialization,
which causes memory leaks under a certain condition (i.e. the number
of input buffers is 1).
This patch makes the logic of the functions simpler, by removing a
micro-optimization that tries to minimize the number of calls to
malloc/free.
The original problem was reported by Marius Steffen in:
https://bugzilla.samba.org/show_bug.cgi?id=14399
and the cause was investigated by Alexander Haase in:
https://gitlab.com/gnutls/gnutls/-/merge_requests/1277
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/crypto-api.c | 36 +++++++++++-------------------------
tests/aead-cipher-vec.c | 33 ++++++++++++++++++---------------
2 files changed, 29 insertions(+), 40 deletions(-)
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
index 45be64ed1..8524f5ed4 100644
--- a/lib/crypto-api.c
+++ b/lib/crypto-api.c
@@ -891,32 +891,23 @@ gnutls_aead_cipher_encrypt(gnutls_aead_cipher_hd_t handle,
struct iov_store_st {
void *data;
size_t size;
- unsigned allocated;
};
static void iov_store_free(struct iov_store_st *s)
{
- if (s->allocated) {
- gnutls_free(s->data);
- s->allocated = 0;
- }
+ gnutls_free(s->data);
}
static int iov_store_grow(struct iov_store_st *s, size_t length)
{
- if (s->allocated || s->data == NULL) {
- s->size += length;
- s->data = gnutls_realloc(s->data, s->size);
- if (s->data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- s->allocated = 1;
- } else {
- void *data = s->data;
- size_t size = s->size + length;
- s->data = gnutls_malloc(size);
- memcpy(s->data, data, s->size);
- s->size += length;
- }
+ void *data;
+
+ s->size += length;
+ data = gnutls_realloc(s->data, s->size);
+ if (data == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ s->data = data;
return 0;
}
@@ -926,11 +917,6 @@ copy_from_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt)
memset(dst, 0, sizeof(*dst));
if (iovcnt == 0) {
return 0;
- } else if (iovcnt == 1) {
- dst->data = iov[0].iov_base;
- dst->size = iov[0].iov_len;
- /* implies: dst->allocated = 0; */
- return 0;
} else {
int i;
uint8_t *p;
@@ -944,11 +930,11 @@ copy_from_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt)
p = dst->data;
for (i=0;i<iovcnt;i++) {
- memcpy(p, iov[i].iov_base, iov[i].iov_len);
+ if (iov[i].iov_len > 0)
+ memcpy(p, iov[i].iov_base, iov[i].iov_len);
p += iov[i].iov_len;
}
- dst->allocated = 1;
return 0;
}
}
diff --git a/tests/aead-cipher-vec.c b/tests/aead-cipher-vec.c
index fba9010d9..6a30a35f7 100644
--- a/tests/aead-cipher-vec.c
+++ b/tests/aead-cipher-vec.c
@@ -49,6 +49,7 @@ static void start(const char *name, int algo)
giovec_t auth_iov[2];
uint8_t tag[64];
size_t tag_size = 0;
+ size_t i;
key.data = key16;
key.size = gnutls_cipher_get_key_size(algo);
@@ -82,21 +83,23 @@ static void start(const char *name, int algo)
if (ret < 0)
fail("gnutls_cipher_init: %s\n", gnutls_strerror(ret));
- ret = gnutls_aead_cipher_encryptv2(ch,
- iv.data, iv.size,
- auth_iov, 2,
- iov, 3,
- tag, &tag_size);
- if (ret < 0)
- fail("could not encrypt data: %s\n", gnutls_strerror(ret));
-
- ret = gnutls_aead_cipher_decryptv2(ch,
- iv.data, iv.size,
- auth_iov, 2,
- iov, 3,
- tag, tag_size);
- if (ret < 0)
- fail("could not decrypt data: %s\n", gnutls_strerror(ret));
+ for (i = 0; i < 2; i++) {
+ ret = gnutls_aead_cipher_encryptv2(ch,
+ iv.data, iv.size,
+ auth_iov, 2,
+ iov, i + 1,
+ tag, &tag_size);
+ if (ret < 0)
+ fail("could not encrypt data: %s\n", gnutls_strerror(ret));
+
+ ret = gnutls_aead_cipher_decryptv2(ch,
+ iv.data, iv.size,
+ auth_iov, 2,
+ iov, i + 1,
+ tag, tag_size);
+ if (ret < 0)
+ fail("could not decrypt data: %s\n", gnutls_strerror(ret));
+ }
gnutls_aead_cipher_deinit(ch);
}
--
2.25.4

View file

@ -1,50 +0,0 @@
From f15c02b1fb9faf3e06db2c51196a27b0f9d72672 Mon Sep 17 00:00:00 2001
From: James Bottomley <James.Bottomley@HansenPartnership.com>
Date: Sun, 28 Jun 2020 21:33:09 +0200
Subject: [PATCH] build: use $(LIBPTHREAD) rather than non-existent
$(LTLIBPTHREAD)
On a very recent openSUSE build, libgnutls is getting built without
libpthread. This caused a thread related error when trying to load a
pkcs11 module that uses threading. The reason is rather convoluted:
glibc actually controls all the pthread_ function calls, but it
returns success without doing anything unless -lpthread is in the link
list. What's happening is that gnutls_system_mutex_init() is being
called on _gnutls_pkcs11_mutex before library pthreading is
initialized, so the pthread_mutex_init ends up being a nop. Then, when
the pkcs11 module is loaded, pthreads get initialized and the call to
pthread_mutex_lock is real, but errors out on the uninitialized mutex.
The problem seems to be that nothing in the gnulib macros gnutls
relies on for threading support detection actually sets LTLIBPTHREAD,
they only set LIBPTHREAD. The fix is to use LIBPTHREAD in
lib/Makefile.in
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
bootstrap.conf | 4 ++--
lib/Makefile.am | 8 +++++++-
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/lib/Makefile.am b/lib/Makefile.am
index fa47ac5e6..02504d8d1 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -168,7 +168,13 @@ libgnutls_la_LIBADD += accelerated/libaccelerated.la
endif
if !WINDOWS
-thirdparty_libadd += $(LTLIBPTHREAD)
+# p11-kit does not work without threading support:
+# https://github.com/p11-glue/p11-kit/pull/183
+if ENABLE_PKCS11
+thirdparty_libadd += $(LIBPMULTITHREAD)
+else
+thirdparty_libadd += $(LIBPTHREAD)
+endif
endif
if NEEDS_LIBRT
--
2.26.2

View file

@ -0,0 +1,46 @@
From 175e0bc72808d564074c4adcc72aeadb74adfcc6 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Thu, 27 Aug 2020 17:52:58 -0700
Subject: [PATCH] perror, strerror_r: remove unportable tests
Problem reported by Florian Weimer in:
https://lists.gnu.org/r/bug-gnulib/2020-08/msg00220.html
* tests/test-perror2.c (main):
* tests/test-strerror_r.c (main): Omit unportable tests.
---
ChangeLog | 8 ++++++++
tests/test-perror2.c | 3 ---
tests/test-strerror_r.c | 3 ---
3 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/gl/tests/test-perror2.c b/gl/tests/test-perror2.c
index 1d14eda7b..c6214dd25 100644
--- a/gl/tests/test-perror2.c
+++ b/gl/tests/test-perror2.c
@@ -79,9 +79,6 @@ main (void)
errno = -5;
perror ("");
ASSERT (!ferror (stderr));
- ASSERT (msg1 == msg2 || msg1 == msg4 || STREQ (msg1, str1));
- ASSERT (msg2 == msg4 || STREQ (msg2, str2));
- ASSERT (msg3 == msg4 || STREQ (msg3, str3));
ASSERT (STREQ (msg4, str4));
free (str1);
diff --git a/gl/tests/test-strerror_r.c b/gl/tests/test-strerror_r.c
index b11d6fd9f..c1dbcf837 100644
--- a/gl/tests/test-strerror_r.c
+++ b/gl/tests/test-strerror_r.c
@@ -165,9 +165,6 @@ main (void)
strerror_r (EACCES, buf, sizeof buf);
strerror_r (-5, buf, sizeof buf);
- ASSERT (msg1 == msg2 || msg1 == msg4 || STREQ (msg1, str1));
- ASSERT (msg2 == msg4 || STREQ (msg2, str2));
- ASSERT (msg3 == msg4 || STREQ (msg3, str3));
ASSERT (STREQ (msg4, str4));
free (str1);
--
2.26.2

View file

@ -1,11 +1,9 @@
# This spec file has been automatically updated
Version: 3.6.14
Release: 6%{?dist}
Version: 3.6.16
Release: 1%{?dist}
Patch1: gnutls-3.6.7-no-now-guile.patch
Patch2: gnutls-3.2.7-rpath.patch
Patch3: gnutls-3.6.14-fix-iovec-memory-leak.patch
Patch4: gnutls-3.6.14-configure-fix-soname-detection.patch
Patch5: gnutls-3.6.14-pthreads.patch
Patch3: gnutls-3.6.15-gnulib-perror-tests.patch
%bcond_without dane
%if 0%{?rhel}
%bcond_with guile
@ -146,7 +144,7 @@ This package contains Guile bindings for the library.
gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
%autosetup -p1
autoreconf -fi
#autoreconf -fi
sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure
rm -f lib/minitasn1/*.c lib/minitasn1/*.h
@ -158,6 +156,11 @@ echo "SYSTEM=NORMAL" >> tests/system.prio
# via the crypto policies
%build
# gnulib has bogus floating point tests which are compromised by
# LTO affecting ppc64le builds
%ifarch ppc64le
%define _lto_cflags %{nil}
%endif
CCASFLAGS="$CCASFLAGS -Wa,--generate-missing-build-notes=yes"
export CCASFLAGS
@ -282,6 +285,15 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null
%endif
%changelog
* Mon May 24 2021 Daiki Ueno <dueno@redhat.com> - 3.6.16-1
- Update to upstream 3.6.16 release
* Fri Sep 4 2020 Daiki Ueno <dueno@redhat.com> - 3.6.15-1
- Update to upstream 3.6.15 release
* Mon Aug 17 2020 Jeff Law <law@redhat.com> - 3.6.14-7
- Disable LTO on ppc64le
* Tue Aug 4 2020 Daiki Ueno <dueno@redhat.com> - 3.6.14-6
- Fix underlinking of libpthread

View file

@ -1,3 +1,3 @@
SHA512 (gnutls-3.6.14.tar.xz) = b2d427b5542a4679117c011dffa8efb0e0bffa3ce9cebc319f8998d03f80f4168d08f9fda35df18dbeaaada59e479d325a6c1c77d5ca7f8ce221b44e42bfe604
SHA512 (gnutls-3.6.14.tar.xz.sig) = 88e31d484ab2e2e9a6a080d1bb0e2219aa0ec85af9ea4abe8292bc8ae2d6784273414227142a2ebe0142b907a5ac6aa4d407388357f13d96b96eca8f8c61103a
SHA512 (gnutls-3.6.16.tar.xz) = 72c78d7fcb024393c1d15f2a1856608ae4460ba43cc5bbbb4c29b80508cae6cb822df4638029de2363437d110187e0a3cc19a7288c3b2f44b2f648399a028438
SHA512 (gnutls-3.6.16.tar.xz.sig) = 1345c94efd8cbcc5df334ba685d0e5f9b87287888f392d14698c8eadbc07a57cc2f34f82e9298e9539636dde6f2cb25fca414972e5f5090e553808ba4d7c9c23
SHA512 (gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg) = a74b92826fd0e5388c9f6d9231959e38b26aeef83138648fab66df951d8e1a4db5302b569d08515d4d6443e5e4f6c466f98319f330c820790260d22a9b9f7173