rpms/gnutls
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to gnutls 3.7.3

Browse Source 
Resolves: #2033220
Signed-off-by: Daiki Ueno <dueno@redhat.com>
This commit is contained in:
Daiki Ueno 2022-01-18 09:30:15 +01:00
parent 7089af2e2d
commit 4030e24b19
9 changed files with 11 additions and 8960 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -135,3 +135,5 @@ gnutls-2.10.1-nosrp.tar.bz2
/gnutls-3.7.1.tar.xz.sig
/gnutls-3.7.2.tar.xz
/gnutls-3.7.2.tar.xz.sig
/gnutls-3.7.3.tar.xz
/gnutls-3.7.3.tar.xz.sig

84
gnutls-3.7.1-aggressive-realloc-fixes.patch
View File

@ -1,84 +0,0 @@
From e1cf5b8694b23cdc88f4a4a344f8262aa8ab0f8e Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Wed, 10 Mar 2021 16:11:29 +0100
Subject: [PATCH 1/2] _gnutls_buffer_resize: account for unused area if
AGGRESSIVE_REALLOC
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/str.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/str.c b/lib/str.c
index 506fe1721..bc20ebb04 100644
--- a/lib/str.c
+++ b/lib/str.c
@@ -155,12 +155,12 @@ int _gnutls_buffer_resize(gnutls_buffer_st * dest, size_t new_size)
unused = MEMSUB(dest->data, dest->allocd);
dest->allocd =
- gnutls_realloc_fast(dest->allocd, new_size);
+ gnutls_realloc_fast(dest->allocd, new_size + unused);
if (dest->allocd == NULL) {
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
- dest->max_length = new_size;
+ dest->max_length = new_size + unused;
dest->data = dest->allocd + unused;
return 0;
--
2.30.2
From 78691bfe4555c4d610b405173987ed7515515d20 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Wed, 10 Mar 2021 16:12:23 +0100
Subject: [PATCH 2/2] str: suppress -Wunused-function if AGGRESSIVE_REALLOC is
defined
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/str.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/lib/str.c b/lib/str.c
index bc20ebb04..8007340f1 100644
--- a/lib/str.c
+++ b/lib/str.c
@@ -87,15 +87,6 @@ void _gnutls_buffer_clear(gnutls_buffer_st * str)
#define MIN_CHUNK 1024
-static void align_allocd_with_data(gnutls_buffer_st * dest)
-{
- assert(dest->allocd != NULL);
- assert(dest->data != NULL);
- if (dest->length)
- memmove(dest->allocd, dest->data, dest->length);
- dest->data = dest->allocd;
-}
-
/**
* gnutls_buffer_append_data:
* @dest: the buffer to append to
@@ -168,6 +159,15 @@ int _gnutls_buffer_resize(gnutls_buffer_st * dest, size_t new_size)
#else
+static void align_allocd_with_data(gnutls_buffer_st * dest)
+{
+ assert(dest->allocd != NULL);
+ assert(dest->data != NULL);
+ if (dest->length)
+ memmove(dest->allocd, dest->data, dest->length);
+ dest->data = dest->allocd;
+}
+
int _gnutls_buffer_resize(gnutls_buffer_st * dest, size_t new_size)
{
if (unlikely(dest->data != NULL && dest->allocd == NULL))
--
2.30.2

254
gnutls-3.7.2-config-allowlisting-race.patch
View File

@ -1,254 +0,0 @@
From dbdcc29ee9e31acaa8286f633a4f0c23abd09d03 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Tue, 26 Oct 2021 12:56:52 +0200
Subject: [PATCH] priority: fix race condition when resolving SYSTEM in
allowlisting
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/priority.c | 65 +++++++++++++++++++++++++++++++-------------------
1 file changed, 41 insertions(+), 24 deletions(-)
diff --git a/lib/priority.c b/lib/priority.c
index 20230e46d1..606443f1f9 100644
--- a/lib/priority.c
+++ b/lib/priority.c
@@ -39,6 +39,7 @@
#include "profiles.h"
#include "c-strcase.h"
#include "inih/ini.h"
+#include "locks.h"
#include "profiles.h"
#include "name_val_array.h"
@@ -1001,6 +1002,7 @@ static void dummy_func(gnutls_priority_t c)
#include <priority_options.h>
static gnutls_certificate_verification_profiles_t system_wide_verification_profile = GNUTLS_PROFILE_UNKNOWN;
+GNUTLS_STATIC_MUTEX(system_wide_priority_strings_mutex);
static name_val_array_t system_wide_priority_strings = NULL;
static char *system_wide_priority_string = NULL;
static unsigned system_wide_priority_strings_init = 0;
@@ -1727,6 +1729,9 @@ static int cfg_ini_handler(void *ctx, const char *section, const char *name, con
return 1;
}
+static int
+resolve_priorities_from_system_wide_allowlisting(void);
+
static void _gnutls_update_system_priorities(void)
{
int ret;
@@ -1734,17 +1739,19 @@ static void _gnutls_update_system_priorities(void)
FILE *fp;
struct cfg cfg;
+ GNUTLS_STATIC_MUTEX_LOCK(system_wide_priority_strings_mutex);
+
if (stat(system_priority_file, &sb) < 0) {
_gnutls_debug_log("cfg: unable to access: %s: %d\n",
system_priority_file, errno);
- return;
+ goto out;
}
if (system_wide_priority_strings_init != 0 &&
sb.st_mtime == system_priority_last_mod) {
_gnutls_debug_log("cfg: system priority %s has not changed\n",
system_priority_file);
- return;
+ goto out;
}
if (system_wide_priority_strings_init != 0)
@@ -1757,7 +1764,7 @@ static void _gnutls_update_system_priorities(void)
if (fp == NULL) {
_gnutls_debug_log("cfg: unable to open: %s: %d\n",
system_priority_file, errno);
- return;
+ goto out;
}
/* Parsing the configuration file needs to be done in 2 phases: first
* parsing the [global] section and then the other sections, because the
@@ -1781,16 +1788,30 @@ static void _gnutls_update_system_priorities(void)
system_priority_file, ret);
if (fail_on_invalid_config)
exit(1);
- return;
+ goto out;
}
cfg_apply(&cfg);
cfg_deinit(&cfg);
+ if (system_wide_allowlisting) {
+ ret = resolve_priorities_from_system_wide_allowlisting();
+ if (ret < 0) {
+ _gnutls_debug_log("cfg: unable to resolve system priority string: %s\n",
+ gnutls_strerror(ret));
+ if (fail_on_invalid_config)
+ exit(1);
+ goto out;
+ }
+ }
+
_gnutls_debug_log("cfg: loaded system priority %s mtime %lld\n",
system_priority_file,
(unsigned long long)sb.st_mtime);
system_priority_last_mod = sb.st_mtime;
+
+ out:
+ GNUTLS_STATIC_MUTEX_UNLOCK(system_wide_priority_strings_mutex);
}
void _gnutls_load_system_priorities(void)
@@ -1835,17 +1856,13 @@ const char *gnutls_get_system_config_file(void)
return NULL;
}
-static const char *
+static int
resolve_priorities_from_system_wide_allowlisting(void)
{
gnutls_buffer_st buf;
int ret;
size_t i;
- if (system_wide_priority_string) {
- return system_wide_priority_string;
- }
-
assert(system_wide_allowlisting);
_gnutls_buffer_init(&buf);
@@ -1853,21 +1870,21 @@ resolve_priorities_from_system_wide_allowlisting(void)
ret = _gnutls_buffer_append_str(&buf, "NONE");
if (ret < 0) {
_gnutls_buffer_clear(&buf);
- return NULL;
+ return ret;
}
for (i = 0; system_wide_tls_kxs[i] != 0; i++) {
ret = _gnutls_buffer_append_str(&buf, ":+");
if (ret < 0) {
_gnutls_buffer_clear(&buf);
- return NULL;
+ return ret;
}
ret = _gnutls_buffer_append_str(&buf,
gnutls_kx_get_name(system_wide_tls_kxs[i]));
if (ret < 0) {
_gnutls_buffer_clear(&buf);
- return NULL;
+ return ret;
}
}
@@ -1875,14 +1892,14 @@ resolve_priorities_from_system_wide_allowlisting(void)
ret = _gnutls_buffer_append_str(&buf, ":+GROUP-");
if (ret < 0) {
_gnutls_buffer_clear(&buf);
- return NULL;
+ return ret;
}
ret = _gnutls_buffer_append_str(&buf,
gnutls_group_get_name(system_wide_tls_groups[i]));
if (ret < 0) {
_gnutls_buffer_clear(&buf);
- return NULL;
+ return ret;
}
}
@@ -1890,14 +1907,14 @@ resolve_priorities_from_system_wide_allowlisting(void)
ret = _gnutls_buffer_append_str(&buf, ":+");
if (ret < 0) {
_gnutls_buffer_clear(&buf);
- return NULL;
+ return ret;
}
ret = _gnutls_buffer_append_str(&buf,
gnutls_cipher_get_name(system_wide_tls_ciphers[i]));
if (ret < 0) {
_gnutls_buffer_clear(&buf);
- return NULL;
+ return ret;
}
}
@@ -1905,14 +1922,14 @@ resolve_priorities_from_system_wide_allowlisting(void)
ret = _gnutls_buffer_append_str(&buf, ":+");
if (ret < 0) {
_gnutls_buffer_clear(&buf);
- return NULL;
+ return ret;
}
ret = _gnutls_buffer_append_str(&buf,
gnutls_mac_get_name(system_wide_tls_macs[i]));
if (ret < 0) {
_gnutls_buffer_clear(&buf);
- return NULL;
+ return ret;
}
}
@@ -1920,14 +1937,14 @@ resolve_priorities_from_system_wide_allowlisting(void)
ret = _gnutls_buffer_append_str(&buf, ":+SIGN-");
if (ret < 0) {
_gnutls_buffer_clear(&buf);
- return NULL;
+ return ret;
}
ret = _gnutls_buffer_append_str(&buf,
gnutls_sign_get_name(system_wide_tls_sigs[i]));
if (ret < 0) {
_gnutls_buffer_clear(&buf);
- return NULL;
+ return ret;
}
}
@@ -1935,14 +1952,14 @@ resolve_priorities_from_system_wide_allowlisting(void)
ret = _gnutls_buffer_append_str(&buf, ":+VERS-");
if (ret < 0) {
_gnutls_buffer_clear(&buf);
- return NULL;
+ return ret;
}
ret = _gnutls_buffer_append_str(&buf,
gnutls_protocol_get_name(system_wide_tls_vers[i]));
if (ret < 0) {
_gnutls_buffer_clear(&buf);
- return NULL;
+ return ret;
}
}
@@ -1950,7 +1967,7 @@ resolve_priorities_from_system_wide_allowlisting(void)
system_wide_priority_string = gnutls_strdup((char *)buf.data);
_gnutls_buffer_clear(&buf);
- return system_wide_priority_string;
+ return ret;
}
#define S(str) ((str!=NULL)?str:"")
@@ -2010,7 +2027,7 @@ char *_gnutls_resolve_priorities(const char* priorities)
if (system_wide_allowlisting &&
ss_len == sizeof(LEVEL_SYSTEM) - 1 &&
strncmp(LEVEL_SYSTEM, ss, ss_len) == 0) {
- p = resolve_priorities_from_system_wide_allowlisting();
+ p = system_wide_priority_string;
} else {
p = _name_val_array_value(system_wide_priority_strings, ss, ss_len);
}
--
2.31.1

8352
gnutls-3.7.2-config-allowlisting.patch
View File

File diff suppressed because it is too large Load Diff

75
gnutls-3.7.2-doc-hash-copy.patch
View File

@ -1,75 +0,0 @@
From b64c8b2aa75e6668ee9115afda8e54d48b2143ac Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 22 Dec 2021 17:19:27 +0100
Subject: [PATCH 2/2] gnutls-3.7.2-doc-hash-copy.patch
---
doc/functions/gnutls_hash_copy | 4 +++-
doc/functions/gnutls_hmac_copy | 4 +++-
doc/manpages/gnutls_hash_copy.3 | 4 +++-
doc/manpages/gnutls_hmac_copy.3 | 4 +++-
4 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/doc/functions/gnutls_hash_copy b/doc/functions/gnutls_hash_copy
index 600c0e7..aac7d5d 100644
--- a/doc/functions/gnutls_hash_copy
+++ b/doc/functions/gnutls_hash_copy
@@ -8,7 +8,9 @@
This function will create a copy of Message Digest context, containing all
its current state. Copying contexts for Message Digests registered using
@code{gnutls_crypto_register_digest()} is not supported and will always result in
-an error.
+an error. In addition to that, some of the Message Digest implementations do
+not support this operation. Applications should check the return value and
+provide a proper fallback.
@strong{Returns:} new Message Digest context or NULL in case of an error.
diff --git a/doc/functions/gnutls_hmac_copy b/doc/functions/gnutls_hmac_copy
index a219b21..93b20d5 100644
--- a/doc/functions/gnutls_hmac_copy
+++ b/doc/functions/gnutls_hmac_copy
@@ -8,7 +8,9 @@
This function will create a copy of MAC context, containing all its current
state. Copying contexts for MACs registered using
@code{gnutls_crypto_register_mac()} is not supported and will always result in an
-error.
+error. In addition to that, some of the MAC implementations do not support
+this operation. Applications should check the return value and provide a
+proper fallback.
@strong{Returns:} new MAC context or NULL in case of an error.
diff --git a/doc/manpages/gnutls_hash_copy.3 b/doc/manpages/gnutls_hash_copy.3
index fcf0983..19bb8c4 100644
--- a/doc/manpages/gnutls_hash_copy.3
+++ b/doc/manpages/gnutls_hash_copy.3
@@ -13,7 +13,9 @@ is a \fBgnutls_hash_hd_t\fP type
This function will create a copy of Message Digest context, containing all
its current state. Copying contexts for Message Digests registered using
\fBgnutls_crypto_register_digest()\fP is not supported and will always result in
-an error.
+an error. In addition to that, some of the Message Digest implementations do
+not support this operation. Applications should check the return value and
+provide a proper fallback.
.SH "RETURNS"
new Message Digest context or NULL in case of an error.
.SH "SINCE"
diff --git a/doc/manpages/gnutls_hmac_copy.3 b/doc/manpages/gnutls_hmac_copy.3
index ba5a40d..32b0114 100644
--- a/doc/manpages/gnutls_hmac_copy.3
+++ b/doc/manpages/gnutls_hmac_copy.3
@@ -13,7 +13,9 @@ is a \fBgnutls_hmac_hd_t\fP type
This function will create a copy of MAC context, containing all its current
state. Copying contexts for MACs registered using
\fBgnutls_crypto_register_mac()\fP is not supported and will always result in an
-error.
+error. In addition to that, some of the MAC implementations do not support
+this operation. Applications should check the return value and provide a
+proper fallback.
.SH "RETURNS"
new MAC context or NULL in case of an error.
.SH "SINCE"
--
2.31.1

92
gnutls-3.7.2-key-share-ecdhx.patch
View File

@ -1,92 +0,0 @@
From c9e072236c4e1c290f38aee819ecaff8398e2a16 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Fri, 25 Jun 2021 08:39:12 +0200
Subject: [PATCH] key_share: treat X25519 and X448 as same PK type when
advertising
Previously, if both X25519 and X448 groups were enabled in the
priority string, the client sent both algorithms in a key_share
extension, while it was only capable of handling one algorithm from
the same (Edwards curve) category. This adds an extra check so the
client should send either X25519 or X448.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
lib/ext/key_share.c | 24 +++++++++++++++++++++---
tests/tls13/key_share.c | 3 +++
2 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/lib/ext/key_share.c b/lib/ext/key_share.c
index a8c4bb5cf..a4db3af95 100644
--- a/lib/ext/key_share.c
+++ b/lib/ext/key_share.c
@@ -656,6 +656,18 @@ key_share_recv_params(gnutls_session_t session,
return 0;
}
+static inline bool
+pk_type_is_ecdhx(gnutls_pk_algorithm_t pk)
+{
+ return pk == GNUTLS_PK_ECDH_X25519 || pk == GNUTLS_PK_ECDH_X448;
+}
+
+static inline bool
+pk_type_equal(gnutls_pk_algorithm_t a, gnutls_pk_algorithm_t b)
+{
+ return a == b || (pk_type_is_ecdhx(a) && pk_type_is_ecdhx(b));
+}
+
/* returns data_size or a negative number on failure
*/
static int
@@ -710,12 +722,18 @@ key_share_send_params(gnutls_session_t session,
/* generate key shares for out top-(max_groups) groups
* if they are of different PK type. */
for (i = 0; i < session->internals.priorities->groups.size; i++) {
+ unsigned int j;
+
group = session->internals.priorities->groups.entry[i];
- if (generated == 1 && group->pk == selected_groups[0])
- continue;
- else if (generated == 2 && (group->pk == selected_groups[1] || group->pk == selected_groups[0]))
+ for (j = 0; j < generated; j++) {
+ if (pk_type_equal(group->pk, selected_groups[j])) {
+ break;
+ }
+ }
+ if (j < generated) {
continue;
+ }
selected_groups[generated] = group->pk;
diff --git a/tests/tls13/key_share.c b/tests/tls13/key_share.c
index 7f8f6295c..816a7d9b5 100644
--- a/tests/tls13/key_share.c
+++ b/tests/tls13/key_share.c
@@ -124,6 +124,7 @@ unsigned int tls_id_to_group[] = {
[23] = GNUTLS_GROUP_SECP256R1,
[24] = GNUTLS_GROUP_SECP384R1,
[29] = GNUTLS_GROUP_X25519,
+ [30] = GNUTLS_GROUP_X448,
[0x100] = GNUTLS_GROUP_FFDHE2048,
[0x101] = GNUTLS_GROUP_FFDHE3072
};
@@ -315,11 +316,13 @@ void doit(void)
start("two groups: default secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_KEY_SHARE_TOP2, GNUTLS_GROUP_SECP256R1, 2);
start("two groups: secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP2, GNUTLS_GROUP_SECP256R1, 2);
start("two groups: x25519", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP2, GNUTLS_GROUP_X25519, 2);
+ start("two groups: x448", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X448:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP2, GNUTLS_GROUP_X448, 2);
start("two groups: ffdhe2048", "NORMAL:-KX-ALL:+DHE-RSA:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE3072", GNUTLS_KEY_SHARE_TOP2, GNUTLS_GROUP_FFDHE2048, 2);
start("three groups: default secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_KEY_SHARE_TOP3, GNUTLS_GROUP_SECP256R1, 3);
start("three groups: secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP3, GNUTLS_GROUP_SECP256R1, 3);
start("three groups: x25519", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP3, GNUTLS_GROUP_X25519, 3);
+ start("three groups: x448", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X448:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP3, GNUTLS_GROUP_X448, 3);
start("three groups: ffdhe2048", "NORMAL:-KX-ALL:+DHE-RSA:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE3072", GNUTLS_KEY_SHARE_TOP3, GNUTLS_GROUP_FFDHE2048, 3);
/* test default behavior */
--
2.31.1

72
gnutls-3.7.2-libopts-covscan.patch
View File

@ -1,72 +0,0 @@
From de11338de900f5c8840268264bceccbf76cca34f Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Thu, 21 Oct 2021 12:19:30 +0200
Subject: [PATCH 1/2] autoopts: makeshell: use ferror before fclose
Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
src/libopts/makeshell.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/libopts/makeshell.c b/src/libopts/makeshell.c
index b6cb441a..7eb17a1f 100644
--- a/src/libopts/makeshell.c
+++ b/src/libopts/makeshell.c
@@ -164,9 +164,8 @@ optionParseShell(tOptions * opts)
#ifdef HAVE_FCHMOD
fchmod(STDOUT_FILENO, 0755);
#endif
- fclose(stdout);
- if (ferror(stdout))
+ if (ferror(stdout) || fclose(stdout))
fserr_exit(opts->pzProgName, zwriting, zstdout_name);
AGFREE(script_text);
--
2.31.1
From 161097d36b608b615482e42e56a465c9fd740c26 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Thu, 21 Oct 2021 12:43:07 +0200
Subject: [PATCH 2/2] autoopts: load: fix resource leak in error path
Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
src/libopts/load.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/libopts/load.c b/src/libopts/load.c
index 3f1ce2e6..ad1c4584 100644
--- a/src/libopts/load.c
+++ b/src/libopts/load.c
@@ -219,8 +219,11 @@ add_prog_path(char * buf, int b_sz, char const * fname, char const * prg_path)
* IF we cannot find a directory name separator,
* THEN we do not have a path name to our executable file.
*/
- if (pz == NULL)
+ if (pz == NULL) {
+ if (path != prg_path)
+ AGFREE(path);
return false;
+ }
fname += skip;
fname_len = strlen(fname) + 1; // + NUL byte
@@ -230,8 +233,11 @@ add_prog_path(char * buf, int b_sz, char const * fname, char const * prg_path)
* Concatenate the file name to the end of the executable path.
* The result may be either a file or a directory.
*/
- if (dir_len + fname_len > (unsigned)b_sz)
+ if (dir_len + fname_len > (unsigned)b_sz) {
+ if (path != prg_path)
+ AGFREE(path);
return false;
+ }
memcpy(buf, path, dir_len);
memcpy(buf + dir_len, fname, fname_len);
--
2.31.1

36
gnutls.spec
View File

@ -1,15 +1,9 @@
# This spec file has been automatically updated
Version: 3.7.2
Release: 10%{?dist}
Version: 3.7.3
Release: 1%{?dist}
Patch1: gnutls-3.6.7-no-now-guile.patch
Patch2: gnutls-3.2.7-rpath.patch
Patch3: gnutls-3.7.2-config-allowlisting.patch
Patch4: gnutls-3.7.2-key-share-ecdhx.patch
Patch5: gnutls-3.7.2-enable-intel-cet.patch
Patch6: gnutls-3.7.2-libopts-covscan.patch
Patch7: gnutls-3.7.2-config-allowlisting-race.patch
Patch8: gnutls-3.7.2-no-explicit-init.patch
Patch9: gnutls-3.7.2-doc-hash-copy.patch
Patch3: gnutls-3.7.2-enable-intel-cet.patch
Patch4: gnutls-3.7.2-no-explicit-init.patch
%bcond_with bootstrap
%bcond_without dane
%if 0%{?rhel}
@ -30,7 +24,6 @@ BuildRequires: p11-kit-devel >= 0.21.3, gettext-devel
BuildRequires: zlib-devel, readline-devel, libtasn1-devel >= 4.3
%if %{with bootstrap}
BuildRequires: automake, autoconf, gperf, libtool, texinfo
BuildRequires: autogen-libopts-devel >= 5.18, autogen
%endif
BuildRequires: nettle-devel >= 3.5.1
%if %{with tpm12}
@ -170,24 +163,6 @@ rm -f lib/minitasn1/*.c lib/minitasn1/*.h
echo "SYSTEM=NORMAL" >> tests/system.prio
%if !%{with bootstrap}
# These are ordered by dependency:
touch doc/functions/* doc/enums/*
touch doc/enums.texi doc/gnutls-api.texi
touch doc/invoke-gnutls-cli.texi
touch doc/invoke-gnutls-cli-debug.texi
touch doc/invoke-gnutls-serv.texi
touch doc/invoke-certtool.texi
touch doc/invoke-ocsptool.texi
touch doc/invoke-danetool.texi
touch doc/invoke-srptool.texi
touch doc/invoke-psktool.texi
touch doc/invoke-p11tool.texi
touch doc/invoke-tpmtool.texi
touch doc/stamp_functions doc/stamp_enums
touch doc/gnutls.info doc/gnutls.html doc/manpages/stamp_mans
%endif
# Note that we explicitly enable SHA1, as SHA1 deprecation is handled
# via the crypto policies
@ -325,6 +300,9 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null
%endif
%changelog
* Tue Jan 18 2022 Daiki Ueno <dueno@redhat.com> - 3.7.3-1
- Update to gnutls 3.7.3 (#2033220)
* Wed Dec 22 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-10
- Update gnutls_{hash,hmac}_copy man-pages as well (#1999639)

4
sources
View File

@ -1,3 +1,3 @@
SHA512 (gnutls-3.7.2.tar.xz) = 5d01d561a05379da71e4847e30ba13c2abe09f7a5c4359fd539d8bd19abad0ce87120f82ee7b6264e787bd3edbc5ae16beffa892983cbc3d59f11a1811c10329
SHA512 (gnutls-3.7.2.tar.xz.sig) = fc3314c0ce5fb608352fcd8e19efd14435e4cfa5c0eb843d86febb6053fec7d46774b637037b96c5a621a7001f89d6c110f75bff96f94c2a77caf5d9c3aa9447
SHA512 (gnutls-3.7.3.tar.xz) = 3ace744affe23e284342658d6d2d2de49dd50065489cbc8be18fc7d38187253e5268ca54027ce5cd517056c249ac039a7481e4548cec04325de37ae85617d077
SHA512 (gnutls-3.7.3.tar.xz.sig) = 93e62730570a6f65ec98538e812ed9c0bd35c25f0906b22f2ae3e762981b0e01bfb7ffcb747c64b42c586d6f0d5c90a7c3abfdc39088cc05f9975b865c309d50
SHA512 (gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg) = a74b92826fd0e5388c9f6d9231959e38b26aeef83138648fab66df951d8e1a4db5302b569d08515d4d6443e5e4f6c466f98319f330c820790260d22a9b9f7173