From c5ca9b553068c0fb01ca70fc998de823a38210f3 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Sep 04 2020 11:15:23 +0000 Subject: Remove unnecessary patches and bootstrapping process --- diff --git a/gnutls-3.6.14-configure-fix-soname-detection.patch b/gnutls-3.6.14-configure-fix-soname-detection.patch deleted file mode 100644 index 28b33ad..0000000 --- a/gnutls-3.6.14-configure-fix-soname-detection.patch +++ /dev/null @@ -1,60 +0,0 @@ -From b57b820a3f0464e3151dd675af4f28ad109d683c Mon Sep 17 00:00:00 2001 -From: Vitezslav Cizek -Date: Tue, 9 Jun 2020 13:54:04 +0200 -Subject: [PATCH] configure: improve nettle, gmp, and hogweed soname detection - -Some linkers might optimize away the libraries passed on the -command line if they aren't actually needed, such as gnu ld with ---as-needed. -The ldd output then won't list the shared libraries and the -detection will fail. -Make sure nettle and others are really used. - -Signed-off-by: Vitezslav Cizek ---- - configure.ac | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - -diff --git a/configure.ac b/configure.ac -index e4ca66aec..ccbe4e563 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -741,7 +741,10 @@ LIBS=$save_LIBS - save_LIBS=$LIBS - LIBS="$LIBS $GMP_LIBS" - AC_MSG_CHECKING([gmp soname]) --AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], -+AC_LINK_IFELSE([AC_LANG_PROGRAM([ -+ #include ],[ -+ mpz_t n; -+ mpz_init(n);])], - [gmp_so=`(eval "$LDDPROG conftest$EXEEXT $LDDPOSTPROC") | grep '^libgmp\.so'`], - [gmp_so=none]) - if test -z "$gmp_so"; then -@@ -754,7 +757,10 @@ LIBS=$save_LIBS - save_LIBS=$LIBS - LIBS="$LIBS $NETTLE_LIBS" - AC_MSG_CHECKING([nettle soname]) --AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], -+AC_LINK_IFELSE([AC_LANG_PROGRAM([ -+ #include ],[ -+ struct sha256_ctx ctx; -+ sha256_init(&ctx);])], - [nettle_so=`(eval "$LDDPROG conftest$EXEEXT $LDDPOSTPROC") | grep '^libnettle\.so'`], - [nettle_so=none]) - if test -z "$nettle_so"; then -@@ -767,7 +773,10 @@ LIBS=$save_LIBS - save_LIBS=$LIBS - LIBS="$LIBS $HOGWEED_LIBS" - AC_MSG_CHECKING([hogweed soname]) --AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], -+AC_LINK_IFELSE([AC_LANG_PROGRAM([ -+ #include ],[ -+ struct rsa_private_key priv; -+ nettle_rsa_private_key_init(&priv);])], - [hogweed_so=`(eval "$LDDPROG conftest$EXEEXT $LDDPOSTPROC") | grep '^libhogweed\.so'`], - [hogweed_so=none]) - if test -z "$hogweed_so"; then --- -2.25.4 - diff --git a/gnutls-3.6.14-fix-iovec-memory-leak.patch b/gnutls-3.6.14-fix-iovec-memory-leak.patch deleted file mode 100644 index 15b2c51..0000000 --- a/gnutls-3.6.14-fix-iovec-memory-leak.patch +++ /dev/null @@ -1,152 +0,0 @@ -From 6fbff7fc8aabeee2254405f254220bbe8c05c67d Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Fri, 5 Jun 2020 16:26:33 +0200 -Subject: [PATCH] crypto-api: always allocate memory when serializing iovec_t - -The AEAD iov interface falls back to serializing the input buffers if -the low-level cipher doesn't support scatter/gather encryption. -However, there was a bug in the functions used for the serialization, -which causes memory leaks under a certain condition (i.e. the number -of input buffers is 1). - -This patch makes the logic of the functions simpler, by removing a -micro-optimization that tries to minimize the number of calls to -malloc/free. - -The original problem was reported by Marius Steffen in: -https://bugzilla.samba.org/show_bug.cgi?id=14399 -and the cause was investigated by Alexander Haase in: -https://gitlab.com/gnutls/gnutls/-/merge_requests/1277 - -Signed-off-by: Daiki Ueno ---- - lib/crypto-api.c | 36 +++++++++++------------------------- - tests/aead-cipher-vec.c | 33 ++++++++++++++++++--------------- - 2 files changed, 29 insertions(+), 40 deletions(-) - -diff --git a/lib/crypto-api.c b/lib/crypto-api.c -index 45be64ed1..8524f5ed4 100644 ---- a/lib/crypto-api.c -+++ b/lib/crypto-api.c -@@ -891,32 +891,23 @@ gnutls_aead_cipher_encrypt(gnutls_aead_cipher_hd_t handle, - struct iov_store_st { - void *data; - size_t size; -- unsigned allocated; - }; - - static void iov_store_free(struct iov_store_st *s) - { -- if (s->allocated) { -- gnutls_free(s->data); -- s->allocated = 0; -- } -+ gnutls_free(s->data); - } - - static int iov_store_grow(struct iov_store_st *s, size_t length) - { -- if (s->allocated || s->data == NULL) { -- s->size += length; -- s->data = gnutls_realloc(s->data, s->size); -- if (s->data == NULL) -- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); -- s->allocated = 1; -- } else { -- void *data = s->data; -- size_t size = s->size + length; -- s->data = gnutls_malloc(size); -- memcpy(s->data, data, s->size); -- s->size += length; -- } -+ void *data; -+ -+ s->size += length; -+ data = gnutls_realloc(s->data, s->size); -+ if (data == NULL) -+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); -+ -+ s->data = data; - return 0; - } - -@@ -926,11 +917,6 @@ copy_from_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt) - memset(dst, 0, sizeof(*dst)); - if (iovcnt == 0) { - return 0; -- } else if (iovcnt == 1) { -- dst->data = iov[0].iov_base; -- dst->size = iov[0].iov_len; -- /* implies: dst->allocated = 0; */ -- return 0; - } else { - int i; - uint8_t *p; -@@ -944,11 +930,11 @@ copy_from_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt) - - p = dst->data; - for (i=0;i 0) -+ memcpy(p, iov[i].iov_base, iov[i].iov_len); - p += iov[i].iov_len; - } - -- dst->allocated = 1; - return 0; - } - } -diff --git a/tests/aead-cipher-vec.c b/tests/aead-cipher-vec.c -index fba9010d9..6a30a35f7 100644 ---- a/tests/aead-cipher-vec.c -+++ b/tests/aead-cipher-vec.c -@@ -49,6 +49,7 @@ static void start(const char *name, int algo) - giovec_t auth_iov[2]; - uint8_t tag[64]; - size_t tag_size = 0; -+ size_t i; - - key.data = key16; - key.size = gnutls_cipher_get_key_size(algo); -@@ -82,21 +83,23 @@ static void start(const char *name, int algo) - if (ret < 0) - fail("gnutls_cipher_init: %s\n", gnutls_strerror(ret)); - -- ret = gnutls_aead_cipher_encryptv2(ch, -- iv.data, iv.size, -- auth_iov, 2, -- iov, 3, -- tag, &tag_size); -- if (ret < 0) -- fail("could not encrypt data: %s\n", gnutls_strerror(ret)); -- -- ret = gnutls_aead_cipher_decryptv2(ch, -- iv.data, iv.size, -- auth_iov, 2, -- iov, 3, -- tag, tag_size); -- if (ret < 0) -- fail("could not decrypt data: %s\n", gnutls_strerror(ret)); -+ for (i = 0; i < 2; i++) { -+ ret = gnutls_aead_cipher_encryptv2(ch, -+ iv.data, iv.size, -+ auth_iov, 2, -+ iov, i + 1, -+ tag, &tag_size); -+ if (ret < 0) -+ fail("could not encrypt data: %s\n", gnutls_strerror(ret)); -+ -+ ret = gnutls_aead_cipher_decryptv2(ch, -+ iv.data, iv.size, -+ auth_iov, 2, -+ iov, i + 1, -+ tag, tag_size); -+ if (ret < 0) -+ fail("could not decrypt data: %s\n", gnutls_strerror(ret)); -+ } - - gnutls_aead_cipher_deinit(ch); - } --- -2.25.4 - diff --git a/gnutls-3.6.14-pthreads.patch b/gnutls-3.6.14-pthreads.patch deleted file mode 100644 index c69d97d..0000000 --- a/gnutls-3.6.14-pthreads.patch +++ /dev/null @@ -1,50 +0,0 @@ -From f15c02b1fb9faf3e06db2c51196a27b0f9d72672 Mon Sep 17 00:00:00 2001 -From: James Bottomley -Date: Sun, 28 Jun 2020 21:33:09 +0200 -Subject: [PATCH] build: use $(LIBPTHREAD) rather than non-existent - $(LTLIBPTHREAD) - -On a very recent openSUSE build, libgnutls is getting built without -libpthread. This caused a thread related error when trying to load a -pkcs11 module that uses threading. The reason is rather convoluted: -glibc actually controls all the pthread_ function calls, but it -returns success without doing anything unless -lpthread is in the link -list. What's happening is that gnutls_system_mutex_init() is being -called on _gnutls_pkcs11_mutex before library pthreading is -initialized, so the pthread_mutex_init ends up being a nop. Then, when -the pkcs11 module is loaded, pthreads get initialized and the call to -pthread_mutex_lock is real, but errors out on the uninitialized mutex. - -The problem seems to be that nothing in the gnulib macros gnutls -relies on for threading support detection actually sets LTLIBPTHREAD, -they only set LIBPTHREAD. The fix is to use LIBPTHREAD in -lib/Makefile.in - -Signed-off-by: James Bottomley ---- - bootstrap.conf | 4 ++-- - lib/Makefile.am | 8 +++++++- - 2 files changed, 9 insertions(+), 3 deletions(-) - -diff --git a/lib/Makefile.am b/lib/Makefile.am -index fa47ac5e6..02504d8d1 100644 ---- a/lib/Makefile.am -+++ b/lib/Makefile.am -@@ -168,7 +168,13 @@ libgnutls_la_LIBADD += accelerated/libaccelerated.la - endif - - if !WINDOWS --thirdparty_libadd += $(LTLIBPTHREAD) -+# p11-kit does not work without threading support: -+# https://github.com/p11-glue/p11-kit/pull/183 -+if ENABLE_PKCS11 -+thirdparty_libadd += $(LIBPMULTITHREAD) -+else -+thirdparty_libadd += $(LIBPTHREAD) -+endif - endif - - if NEEDS_LIBRT --- -2.26.2 - diff --git a/gnutls.spec b/gnutls.spec index 7a0c210..1565bb7 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -3,9 +3,6 @@ Version: 3.6.15 Release: 1%{?dist} Patch1: gnutls-3.6.7-no-now-guile.patch Patch2: gnutls-3.2.7-rpath.patch -Patch3: gnutls-3.6.14-fix-iovec-memory-leak.patch -Patch4: gnutls-3.6.14-configure-fix-soname-detection.patch -Patch5: gnutls-3.6.14-pthreads.patch %bcond_without dane %if 0%{?rhel} %bcond_with guile @@ -146,7 +143,7 @@ This package contains Guile bindings for the library. gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} %autosetup -p1 -autoreconf -fi +#autoreconf -fi sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure rm -f lib/minitasn1/*.c lib/minitasn1/*.h