rpms/gnutls
5
0
Fork 0
Code Issues Pull Requests Releases Activity

import gnutls-3.7.2-8.el9

Browse Source
This commit is contained in:
CentOS Sources 2021-12-07 14:22:27 -05:00 committed by Stepan Oksanichenko
parent f0f87c7ba9
commit 420cce95cb
3 changed files with 2669 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2565
SOURCES/gnutls-3.7.2-enable-intel-cet.patch Normal file
View File

File diff suppressed because it is too large Load Diff

72
SOURCES/gnutls-3.7.2-libopts-covscan.patch Normal file
View File

@ -0,0 +1,72 @@
From de11338de900f5c8840268264bceccbf76cca34f Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Thu, 21 Oct 2021 12:19:30 +0200
Subject: [PATCH 1/2] autoopts: makeshell: use ferror before fclose
Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
src/libopts/makeshell.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/libopts/makeshell.c b/src/libopts/makeshell.c
index b6cb441a..7eb17a1f 100644
--- a/src/libopts/makeshell.c
+++ b/src/libopts/makeshell.c
@@ -164,9 +164,8 @@ optionParseShell(tOptions * opts)
#ifdef HAVE_FCHMOD
fchmod(STDOUT_FILENO, 0755);
#endif
- fclose(stdout);
- if (ferror(stdout))
+ if (ferror(stdout) || fclose(stdout))
fserr_exit(opts->pzProgName, zwriting, zstdout_name);
AGFREE(script_text);
--
2.31.1
From 161097d36b608b615482e42e56a465c9fd740c26 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Thu, 21 Oct 2021 12:43:07 +0200
Subject: [PATCH 2/2] autoopts: load: fix resource leak in error path
Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
src/libopts/load.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/libopts/load.c b/src/libopts/load.c
index 3f1ce2e6..ad1c4584 100644
--- a/src/libopts/load.c
+++ b/src/libopts/load.c
@@ -219,8 +219,11 @@ add_prog_path(char * buf, int b_sz, char const * fname, char const * prg_path)
* IF we cannot find a directory name separator,
* THEN we do not have a path name to our executable file.
*/
- if (pz == NULL)
+ if (pz == NULL) {
+ if (path != prg_path)
+ AGFREE(path);
return false;
+ }
fname += skip;
fname_len = strlen(fname) + 1; // + NUL byte
@@ -230,8 +233,11 @@ add_prog_path(char * buf, int b_sz, char const * fname, char const * prg_path)
* Concatenate the file name to the end of the executable path.
* The result may be either a file or a directory.
*/
- if (dir_len + fname_len > (unsigned)b_sz)
+ if (dir_len + fname_len > (unsigned)b_sz) {
+ if (path != prg_path)
+ AGFREE(path);
return false;
+ }
memcpy(buf, path, dir_len);
memcpy(buf + dir_len, fname, fname_len);
--
2.31.1

36
SPECS/gnutls.spec
View File

@ -1,10 +1,12 @@
# This spec file has been automatically updated # This spec file has been automatically updated
Version: 3.7.2 Version: 3.7.2
Release: 4%{?dist} Release: 8%{?dist}
Patch1: gnutls-3.6.7-no-now-guile.patch Patch1: gnutls-3.6.7-no-now-guile.patch
Patch2: gnutls-3.2.7-rpath.patch Patch2: gnutls-3.2.7-rpath.patch
Patch3: gnutls-3.7.2-config-allowlisting.patch Patch3: gnutls-3.7.2-config-allowlisting.patch
Patch4: gnutls-3.7.2-key-share-ecdhx.patch Patch4: gnutls-3.7.2-key-share-ecdhx.patch
Patch5: gnutls-3.7.2-enable-intel-cet.patch
Patch6: gnutls-3.7.2-libopts-covscan.patch
%bcond_with bootstrap %bcond_with bootstrap
%bcond_without dane %bcond_without dane
%if 0%{?rhel} %if 0%{?rhel}
@ -168,7 +170,17 @@ echo "SYSTEM=NORMAL" >> tests/system.prio
%if !%{with bootstrap} %if !%{with bootstrap}
# These are ordered by dependency: # These are ordered by dependency:
touch doc/functions/* doc/enums/* touch doc/functions/* doc/enums/*
touch doc/enums.texi doc/invoke*.texi doc/gnutls-api.texi touch doc/enums.texi doc/gnutls-api.texi
touch doc/invoke-gnutls-cli.texi
touch doc/invoke-gnutls-cli-debug.texi
touch doc/invoke-gnutls-serv.texi
touch doc/invoke-certtool.texi
touch doc/invoke-ocsptool.texi
touch doc/invoke-danetool.texi
touch doc/invoke-srptool.texi
touch doc/invoke-psktool.texi
touch doc/invoke-p11tool.texi
touch doc/invoke-tpmtool.texi
touch doc/stamp_functions doc/stamp_enums touch doc/stamp_functions doc/stamp_enums
touch doc/gnutls.info doc/gnutls.html doc/manpages/stamp_mans touch doc/gnutls.info doc/gnutls.html doc/manpages/stamp_mans
%endif %endif
@ -177,8 +189,9 @@ touch doc/gnutls.info doc/gnutls.html doc/manpages/stamp_mans
# via the crypto policies # via the crypto policies
%build %build
CCASFLAGS="$CCASFLAGS -Wa,--generate-missing-build-notes=yes" %ifarch aarch64 ppc64le
export CCASFLAGS %define _lto_cflags %{nil}
%endif
%if %{with guile} %if %{with guile}
# These should be checked by m4/guile.m4 instead of configure.ac # These should be checked by m4/guile.m4 instead of configure.ac
@ -309,6 +322,21 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null
%endif %endif
%changelog %changelog
* Thu Oct 21 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-8
- Fix issues in bundled libopts, spotted by covscan (#1938730)
* Tue Oct 12 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-7
- Enable Intel CET
- Remove unnecessary CCASFLAGS setting for annocheck
* Thu Aug 19 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-6
- Reorder doc/invoke-*.texi generation (#1975482)
- Temporarily disable LTO for aarch64 and ppc64le
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.7.2-5
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Mon Aug 2 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-4 * Mon Aug 2 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-4
- Disable GOST cryptography by default (#1945292) - Disable GOST cryptography by default (#1945292)
- Tighten timestamp adjustment when not bootstrapping (#1975482) - Tighten timestamp adjustment when not bootstrapping (#1975482)