diff --git a/gnutls-global-deinit.patch b/gnutls-global-deinit.patch new file mode 100644 index 0000000..6783bdc --- /dev/null +++ b/gnutls-global-deinit.patch @@ -0,0 +1,99 @@ +diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c +index 9b7047a..8cd9fd3 100644 +--- a/lib/gnutls_global.c ++++ b/lib/gnutls_global.c +@@ -53,8 +53,8 @@ extern const ASN1_ARRAY_TYPE pkix_asn1_tab[]; + void *_gnutls_file_mutex; + void *_gnutls_pkcs11_mutex; + +-ASN1_TYPE _gnutls_pkix1_asn; +-ASN1_TYPE _gnutls_gnutls_asn; ++ASN1_TYPE _gnutls_pkix1_asn = ASN1_TYPE_EMPTY; ++ASN1_TYPE _gnutls_gnutls_asn = ASN1_TYPE_EMPTY; + + gnutls_log_func _gnutls_log_func = NULL; + gnutls_audit_log_func _gnutls_audit_log_func = NULL; +@@ -166,6 +166,9 @@ gnutls_global_set_mem_functions(gnutls_alloc_function alloc_func, + GNUTLS_STATIC_MUTEX(global_init_mutex); + static int _gnutls_init = 0; + ++/* cache the return code */ ++static int _gnutls_init_ret = 0; ++ + /** + * gnutls_global_init: + * +@@ -186,6 +189,9 @@ static int _gnutls_init = 0; + * do not support library constructors and static linking. This + * function also became thread safe. + * ++ * A subsequent call of this function if the initial has failed will ++ * return the same error code. ++ * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, + * otherwise a negative error code is returned. + **/ +@@ -199,7 +205,7 @@ int gnutls_global_init(void) + + _gnutls_init++; + if (_gnutls_init > 1) { +- ret = 0; ++ ret = _gnutls_init_ret; + goto out; + } + +@@ -235,14 +241,17 @@ int gnutls_global_init(void) + goto out; + } + ++ _gnutls_pkix1_asn = ASN1_TYPE_EMPTY; + res = asn1_array2tree(pkix_asn1_tab, &_gnutls_pkix1_asn, NULL); + if (res != ASN1_SUCCESS) { ++ gnutls_assert(); + ret = _gnutls_asn2err(res); + goto out; + } + + res = asn1_array2tree(gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL); + if (res != ASN1_SUCCESS) { ++ gnutls_assert(); + ret = _gnutls_asn2err(res); + goto out; + } +@@ -306,6 +315,7 @@ int gnutls_global_init(void) + ret = 0; + + out: ++ _gnutls_init_ret = ret; + GNUTLS_STATIC_MUTEX_UNLOCK(global_init_mutex); + return ret; + } +@@ -316,11 +326,19 @@ static void _gnutls_global_deinit(unsigned destructor) + + if (_gnutls_init == 1) { + _gnutls_init = 0; ++ if (_gnutls_init_ret < 0) { ++ /* only deinitialize if gnutls_global_init() has ++ * succeeded */ ++ gnutls_assert(); ++ goto fail; ++ } ++ + gnutls_crypto_deinit(); + _gnutls_rnd_deinit(); + _gnutls_ext_deinit(); + asn1_delete_structure(&_gnutls_gnutls_asn); + asn1_delete_structure(&_gnutls_pkix1_asn); ++ + _gnutls_crypto_deregister(); + gnutls_system_global_deinit(); + _gnutls_cryptodev_deinit(); +@@ -341,6 +359,8 @@ static void _gnutls_global_deinit(unsigned destructor) + if (_gnutls_init > 0) + _gnutls_init--; + } ++ ++ fail: + GNUTLS_STATIC_MUTEX_UNLOCK(global_init_mutex); + } + diff --git a/gnutls.spec b/gnutls.spec index b9b69dd..241ae73 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -3,7 +3,7 @@ Summary: A TLS protocol implementation Name: gnutls Version: 3.3.1 -Release: 1%{?dist} +Release: 2%{?dist} # The libraries are LGPLv2.1+, utilities are GPLv3+ License: GPLv3+ and LGPLv2+ Group: System Environment/Libraries @@ -32,6 +32,7 @@ Patch1: gnutls-3.2.7-rpath.patch Patch7: gnutls-2.12.21-fips-algorithms.patch Patch8: gnutls-3.1.11-nosrp.patch Patch9: gnutls-othername.patch +Patch10: gnutls-global-deinit.patch # Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174 Provides: bundled(gnulib) = 20130424 @@ -137,6 +138,7 @@ This package contains Guile bindings for the library. #%patch7 -p1 -b .fips %patch8 -p1 -b .nosrp %patch9 -p1 -b .othername +%patch10 -p1 -b .global-deinit sed 's/gnutls_srp.c//g' -i lib/Makefile.in sed 's/gnutls_srp.lo//g' -i lib/Makefile.in @@ -270,6 +272,10 @@ fi %endif %changelog +* Mon Apr 28 2014 Nikos Mavrogiannopoulos 3.3.1-2 +- gnutls_global_deinit() will not do anything if the previous + initialization has failed (#1091053) + * Mon Apr 28 2014 Nikos Mavrogiannopoulos 3.3.1-1 - new upstream release