rpms/glib2
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Refresh gnutls-hmac patchset to fix leaks in error path

Browse Source 
Related: #1971823
This commit is contained in:
Michael Catanzaro 2021-07-01 15:49:06 -05:00
parent 52d9d08376
commit c7a3ee8328
2 changed files with 45 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
glib2.spec
View File

@ -1,6 +1,6 @@
Name: glib2 Name: glib2
Version: 2.68.3 Version: 2.68.3
Release: 1%{?dist} Release: 2%{?dist}
Summary: A library of handy utility functions Summary: A library of handy utility functions
License: LGPLv2+ License: LGPLv2+
@ -236,6 +236,10 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
%{_datadir}/installed-tests %{_datadir}/installed-tests
%changelog %changelog
* Thu Jul 01 2021 Michael Catanzaro <mcatanzaro@redhat.com> - 2.68.3-2
- Refresh gnutls-hmac patchset to fix leaks in error path
- Related: #1971823
* Mon Jun 28 2021 Michael Catanzaro <mcatanzaro@redhat.com> - 2.68.3-1 * Mon Jun 28 2021 Michael Catanzaro <mcatanzaro@redhat.com> - 2.68.3-1
- Update to 2.68.3 - Update to 2.68.3
- Resolves: #1976713 - Resolves: #1976713

78
gnutls-hmac.patch
View File

@ -1,4 +1,4 @@
From 86412ea2265ae018ba6146d525cafce78782c0fc Mon Sep 17 00:00:00 2001 From ff90bb8474b1e724727f4014b446e7c851e609bd Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org> From: Colin Walters <walters@verbum.org>
Date: Fri, 7 Jun 2019 18:44:43 +0000 Date: Fri, 7 Jun 2019 18:44:43 +0000
Subject: [PATCH 1/4] ghmac: Split off wrapper functions into ghmac-utils.c Subject: [PATCH 1/4] ghmac: Split off wrapper functions into ghmac-utils.c
@ -284,10 +284,10 @@ index 49fd272f0..4f181f21f 100644
- (const guchar *) str, length); - (const guchar *) str, length);
-} -}
diff --git a/glib/meson.build b/glib/meson.build diff --git a/glib/meson.build b/glib/meson.build
index 28bfae200..0a37d19ea 100644 index 8c18e6de4..329b8d197 100644
--- a/glib/meson.build --- a/glib/meson.build
+++ b/glib/meson.build +++ b/glib/meson.build
@@ -254,6 +254,7 @@ glib_sources = files( @@ -253,6 +253,7 @@ glib_sources = files(
'ggettext.c', 'ggettext.c',
'ghash.c', 'ghash.c',
'ghmac.c', 'ghmac.c',
@ -298,7 +298,7 @@ index 28bfae200..0a37d19ea 100644
-- --
2.31.1 2.31.1
From a5ee9970772e182de1c249ee514e87ef38e08360 Mon Sep 17 00:00:00 2001 From 5395d36e6685e0b7377794c59c5820970bb472ef Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org> From: Colin Walters <walters@verbum.org>
Date: Fri, 7 Jun 2019 19:36:54 +0000 Date: Fri, 7 Jun 2019 19:36:54 +0000
Subject: [PATCH 2/4] Add a gnutls backend for GHmac Subject: [PATCH 2/4] Add a gnutls backend for GHmac
@ -354,8 +354,8 @@ https://gitlab.gnome.org/GNOME/glib/-/merge_requests/903
glib/ghmac.c | 15 ++++ glib/ghmac.c | 15 ++++
glib/meson.build | 10 ++- glib/meson.build | 10 ++-
meson.build | 7 ++ meson.build | 7 ++
meson_options.txt | 5 ++ meson_options.txt | 7 +-
7 files changed, 259 insertions(+), 6 deletions(-) 7 files changed, 260 insertions(+), 7 deletions(-)
create mode 100644 glib/gchecksumprivate.h create mode 100644 glib/gchecksumprivate.h
create mode 100644 glib/ghmac-gnutls.c create mode 100644 glib/ghmac-gnutls.c
@ -434,10 +434,10 @@ index 000000000..86c7a3b61
\ No newline at end of file \ No newline at end of file
diff --git a/glib/ghmac-gnutls.c b/glib/ghmac-gnutls.c diff --git a/glib/ghmac-gnutls.c b/glib/ghmac-gnutls.c
new file mode 100644 new file mode 100644
index 000000000..a55375060 index 000000000..9fb775f89
--- /dev/null --- /dev/null
+++ b/glib/ghmac-gnutls.c +++ b/glib/ghmac-gnutls.c
@@ -0,0 +1,186 @@ @@ -0,0 +1,187 @@
+/* ghmac.h - data hashing functions +/* ghmac.h - data hashing functions
+ * + *
+ * Copyright (C) 2011 Collabora Ltd. + * Copyright (C) 2011 Collabora Ltd.
@ -516,6 +516,7 @@ index 000000000..a55375060
+ algo = GNUTLS_MAC_SHA512; + algo = GNUTLS_MAC_SHA512;
+ break; + break;
+ default: + default:
+ g_free (hmac);
+ g_return_val_if_reached (NULL); + g_return_val_if_reached (NULL);
+ } + }
+ +
@ -525,7 +526,7 @@ index 000000000..a55375060
+ /* There is no way to report an error here, but one possible cause of + /* There is no way to report an error here, but one possible cause of
+ * failure is that the requested digest may be disabled by FIPS mode. + * failure is that the requested digest may be disabled by FIPS mode.
+ */ + */
+ g_free (hmac->hmac); + g_free (hmac);
+ return NULL; + return NULL;
+ } + }
+ +
@ -658,10 +659,10 @@ index 4f181f21f..0e39ea40a 100644
* Use g_hmac_unref() to free the memory allocated by it. * Use g_hmac_unref() to free the memory allocated by it.
* *
diff --git a/glib/meson.build b/glib/meson.build diff --git a/glib/meson.build b/glib/meson.build
index 0a37d19ea..b17c89dd9 100644 index 329b8d197..2417de53d 100644
--- a/glib/meson.build --- a/glib/meson.build
+++ b/glib/meson.build +++ b/glib/meson.build
@@ -253,7 +253,6 @@ glib_sources = files( @@ -252,7 +252,6 @@ glib_sources = files(
'gfileutils.c', 'gfileutils.c',
'ggettext.c', 'ggettext.c',
'ghash.c', 'ghash.c',
@ -669,7 +670,7 @@ index 0a37d19ea..b17c89dd9 100644
'ghmac-utils.c', 'ghmac-utils.c',
'ghook.c', 'ghook.c',
'ghostutils.c', 'ghostutils.c',
@@ -309,6 +308,7 @@ glib_sources = files( @@ -308,6 +307,7 @@ glib_sources = files(
'guriprivate.h', 'guriprivate.h',
'gutils.c', 'gutils.c',
'gutilsprivate.h', 'gutilsprivate.h',
@ -677,7 +678,7 @@ index 0a37d19ea..b17c89dd9 100644
'guuid.c', 'guuid.c',
'gvariant.c', 'gvariant.c',
'gvariant-core.c', 'gvariant-core.c',
@@ -353,6 +353,12 @@ else @@ -352,6 +352,12 @@ else
glib_dtrace_hdr = [] glib_dtrace_hdr = []
endif endif
@ -690,20 +691,20 @@ index 0a37d19ea..b17c89dd9 100644
pcre_static_args = [] pcre_static_args = []
if use_pcre_static_flag if use_pcre_static_flag
@@ -379,7 +385,7 @@ libglib = library('glib-2.0', @@ -378,7 +384,7 @@ libglib = library('glib-2.0',
# intl.lib is not compatible with SAFESEH # intl.lib is not compatible with SAFESEH
link_args : [noseh_link_args, glib_link_flags, win32_ldflags], link_args : [noseh_link_args, glib_link_flags, win32_ldflags],
include_directories : configinc, include_directories : configinc,
- dependencies : pcre_deps + [thread_dep, librt] + libintl_deps + libiconv + platform_deps + [gnulib_libm_dependency, libm] + [libsysprof_capture_dep], - dependencies : pcre_deps + [thread_dep, librt] + libintl_deps + libiconv + platform_deps + [gnulib_libm_dependency, libm] + [libsysprof_capture_dep],
+ dependencies : pcre_deps + libgnutls_dep + [thread_dep, librt] + libintl_deps + libiconv + platform_deps + [gnulib_libm_dependency, libm] + [libsysprof_capture_dep], + dependencies : pcre_deps + [thread_dep, librt] + libgnutls_dep + libintl_deps + libiconv + platform_deps + [gnulib_libm_dependency, libm] + [libsysprof_capture_dep],
c_args : glib_c_args, c_args : glib_c_args,
objc_args : glib_c_args, objc_args : glib_c_args,
) )
diff --git a/meson.build b/meson.build diff --git a/meson.build b/meson.build
index a0ee8b774..064dba800 100644 index e2eba1871..cca15f653 100644
--- a/meson.build --- a/meson.build
+++ b/meson.build +++ b/meson.build
@@ -2104,6 +2104,13 @@ if host_system == 'linux' @@ -2090,6 +2090,13 @@ if host_system == 'linux'
glib_conf.set('HAVE_LIBMOUNT', libmount_dep.found()) glib_conf.set('HAVE_LIBMOUNT', libmount_dep.found())
endif endif
@ -718,25 +719,25 @@ index a0ee8b774..064dba800 100644
winsock2 = cc.find_library('ws2_32') winsock2 = cc.find_library('ws2_32')
endif endif
diff --git a/meson_options.txt b/meson_options.txt diff --git a/meson_options.txt b/meson_options.txt
index 072765361..d2370042f 100644 index 072765361..c8f26ac02 100644
--- a/meson_options.txt --- a/meson_options.txt
+++ b/meson_options.txt +++ b/meson_options.txt
@@ -34,6 +34,11 @@ option('libmount', @@ -39,6 +39,11 @@ option('internal_pcre',
value : 'auto', value : false,
description : 'build with libmount support') description : 'whether to use internal PCRE')
+option('gnutls', +option('gnutls',
+ type : 'boolean', + type : 'boolean',
+ value : false, + value : false,
+ description : 'build with gnutls support') + description : 'build with gnutls support')
+ +
option('internal_pcre', option('man',
type : 'boolean', type : 'boolean',
value : false, value : false,
-- --
2.31.1 2.31.1
From cde56a63aa12ae7c30f85af7d058fa5e666aa2e9 Mon Sep 17 00:00:00 2001 From a2429b6b2b12ebec5b51ec1bd287674c104877c1 Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@redhat.com> From: Michael Catanzaro <mcatanzaro@redhat.com>
Date: Wed, 16 Jun 2021 20:35:00 -0500 Date: Wed, 16 Jun 2021 20:35:00 -0500
Subject: [PATCH 3/4] dlopen GnuTLS instead of linking directly Subject: [PATCH 3/4] dlopen GnuTLS instead of linking directly
@ -764,7 +765,7 @@ for our purposes.
4 files changed, 102 insertions(+), 9 deletions(-) 4 files changed, 102 insertions(+), 9 deletions(-)
diff --git a/glib/ghmac-gnutls.c b/glib/ghmac-gnutls.c diff --git a/glib/ghmac-gnutls.c b/glib/ghmac-gnutls.c
index a55375060..0469d2bd0 100644 index 9fb775f89..1800fc2e0 100644
--- a/glib/ghmac-gnutls.c --- a/glib/ghmac-gnutls.c
+++ b/glib/ghmac-gnutls.c +++ b/glib/ghmac-gnutls.c
@@ -19,8 +19,8 @@ @@ -19,8 +19,8 @@
@ -918,23 +919,23 @@ index 0e39ea40a..2d9be91b8 100644
#endif #endif
diff --git a/glib/meson.build b/glib/meson.build diff --git a/glib/meson.build b/glib/meson.build
index b17c89dd9..a015f7755 100644 index 2417de53d..1b4a2477c 100644
--- a/glib/meson.build --- a/glib/meson.build
+++ b/glib/meson.build +++ b/glib/meson.build
@@ -385,7 +385,7 @@ libglib = library('glib-2.0', @@ -384,7 +384,7 @@ libglib = library('glib-2.0',
# intl.lib is not compatible with SAFESEH # intl.lib is not compatible with SAFESEH
link_args : [noseh_link_args, glib_link_flags, win32_ldflags], link_args : [noseh_link_args, glib_link_flags, win32_ldflags],
include_directories : configinc, include_directories : configinc,
- dependencies : pcre_deps + libgnutls_dep + [thread_dep, librt] + libintl_deps + libiconv + platform_deps + [gnulib_libm_dependency, libm] + [libsysprof_capture_dep], - dependencies : pcre_deps + [thread_dep, librt] + libgnutls_dep + libintl_deps + libiconv + platform_deps + [gnulib_libm_dependency, libm] + [libsysprof_capture_dep],
+ dependencies : pcre_deps + [thread_dep, librt] + libintl_deps + libiconv + platform_deps + [gnulib_libm_dependency, libm] + [libsysprof_capture_dep] + [libdl_dep], + dependencies : pcre_deps + [thread_dep, librt] + libintl_deps + libiconv + platform_deps + [gnulib_libm_dependency, libm] + [libsysprof_capture_dep],
c_args : glib_c_args, c_args : glib_c_args,
objc_args : glib_c_args, objc_args : glib_c_args,
) )
diff --git a/meson.build b/meson.build diff --git a/meson.build b/meson.build
index 064dba800..7aae7dfea 100644 index cca15f653..404ef1790 100644
--- a/meson.build --- a/meson.build
+++ b/meson.build +++ b/meson.build
@@ -2104,11 +2104,9 @@ if host_system == 'linux' @@ -2090,11 +2090,9 @@ if host_system == 'linux'
glib_conf.set('HAVE_LIBMOUNT', libmount_dep.found()) glib_conf.set('HAVE_LIBMOUNT', libmount_dep.found())
endif endif
@ -951,7 +952,7 @@ index 064dba800..7aae7dfea 100644
-- --
2.31.1 2.31.1
From b61ea19037287cae2e6152e9616767a691bf4af0 Mon Sep 17 00:00:00 2001 From 14b214e82d7f58739c180d3c777b0a000cf0590f Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@redhat.com> From: Michael Catanzaro <mcatanzaro@redhat.com>
Date: Wed, 16 Jun 2021 20:46:24 -0500 Date: Wed, 16 Jun 2021 20:46:24 -0500
Subject: [PATCH 4/4] Add test for GHmac in FIPS mode Subject: [PATCH 4/4] Add test for GHmac in FIPS mode
@ -967,11 +968,11 @@ Crash when passing -1 length to g_hmac_update() (discovered in #1971533)
We'll also test to ensure MD5 fails, and stop compiling the other MD5 We'll also test to ensure MD5 fails, and stop compiling the other MD5
tests. tests.
--- ---
glib/tests/hmac.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ glib/tests/hmac.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 45 insertions(+) 1 file changed, 46 insertions(+)
diff --git a/glib/tests/hmac.c b/glib/tests/hmac.c diff --git a/glib/tests/hmac.c b/glib/tests/hmac.c
index 3ac3206df..6698c4d19 100644 index 3ac3206df..2fa447984 100644
--- a/glib/tests/hmac.c --- a/glib/tests/hmac.c
+++ b/glib/tests/hmac.c +++ b/glib/tests/hmac.c
@@ -1,7 +1,10 @@ @@ -1,7 +1,10 @@
@ -1009,7 +1010,7 @@ index 3ac3206df..6698c4d19 100644
HmacCase hmac_sha1_tests[] = { HmacCase hmac_sha1_tests[] = {
{ G_CHECKSUM_SHA1, key_sha_test1, 20, "Hi There", 8, result_sha1_test1 }, { G_CHECKSUM_SHA1, key_sha_test1, 20, "Hi There", 8, result_sha1_test1 },
@@ -493,11 +499,44 @@ test_hmac_for_bytes (void) @@ -493,11 +499,45 @@ test_hmac_for_bytes (void)
g_bytes_unref (data); g_bytes_unref (data);
} }
@ -1048,13 +1049,14 @@ index 3ac3206df..6698c4d19 100644
int i; int i;
+ +
+#ifdef USE_GNUTLS +#ifdef USE_GNUTLS
+ /* This has to happen before GnuTLS is dlopened. */
+ g_setenv ("GNUTLS_FORCE_FIPS_MODE", "1", FALSE); + g_setenv ("GNUTLS_FORCE_FIPS_MODE", "1", FALSE);
+#endif +#endif
+ +
g_test_init (&argc, &argv, NULL); g_test_init (&argc, &argv, NULL);
for (i = 0 ; hmac_sha1_tests[i].key_len > 0 ; i++) for (i = 0 ; hmac_sha1_tests[i].key_len > 0 ; i++)
@@ -532,6 +571,7 @@ main (int argc, @@ -532,6 +572,7 @@ main (int argc,
g_free (name); g_free (name);
} }
@ -1062,7 +1064,7 @@ index 3ac3206df..6698c4d19 100644
for (i = 0 ; hmac_md5_tests[i].key_len > 0 ; i++) for (i = 0 ; hmac_md5_tests[i].key_len > 0 ; i++)
{ {
gchar *name = g_strdup_printf ("/hmac/md5-%d", i + 1); gchar *name = g_strdup_printf ("/hmac/md5-%d", i + 1);
@@ -539,6 +579,7 @@ main (int argc, @@ -539,6 +580,7 @@ main (int argc,
(void (*)(const void *)) test_hmac); (void (*)(const void *)) test_hmac);
g_free (name); g_free (name);
} }
@ -1070,7 +1072,7 @@ index 3ac3206df..6698c4d19 100644
g_test_add_func ("/hmac/ref-unref", test_hmac_ref_unref); g_test_add_func ("/hmac/ref-unref", test_hmac_ref_unref);
g_test_add_func ("/hmac/copy", test_hmac_copy); g_test_add_func ("/hmac/copy", test_hmac_copy);
@@ -546,5 +587,9 @@ main (int argc, @@ -546,5 +588,9 @@ main (int argc,
g_test_add_func ("/hmac/for-string", test_hmac_for_string); g_test_add_func ("/hmac/for-string", test_hmac_for_string);
g_test_add_func ("/hmac/for-bytes", test_hmac_for_bytes); g_test_add_func ("/hmac/for-bytes", test_hmac_for_bytes);