Remove unnecessary patches and bootstrapping process

2020-09-04 12:51:12 +02:00 · 2020-09-04 12:51:12 +02:00 · 655fab0edb
commit 655fab0edb
parent aa2ff1da12
4 changed files with 1 additions and 266 deletions
--- a/gnutls-3.6.14-configure-fix-soname-detection.patch
+++ b/gnutls-3.6.14-configure-fix-soname-detection.patch
@ -1,60 +0,0 @@
 From b57b820a3f0464e3151dd675af4f28ad109d683c Mon Sep 17 00:00:00 2001
 From: Vitezslav Cizek <vcizek@suse.com>
 Date: Tue, 9 Jun 2020 13:54:04 +0200
 Subject: [PATCH] configure: improve nettle, gmp, and hogweed soname detection
 Some linkers might optimize away the libraries passed on the
 command line if they aren't actually needed, such as gnu ld with
 --as-needed.
 The ldd output then won't list the shared libraries and the
 detection will fail.
 Make sure nettle and others are really used.
 Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
 ---
 configure.ac | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)
 diff --git a/configure.ac b/configure.ac
 index e4ca66aec..ccbe4e563 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -741,7 +741,10 @@ LIBS=$save_LIBS
 save_LIBS=$LIBS
 LIBS="$LIBS $GMP_LIBS"
 AC_MSG_CHECKING([gmp soname])
 -AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
 +AC_LINK_IFELSE([AC_LANG_PROGRAM([
 +               #include <gmp.h>],[
 +               mpz_t n;
 +               mpz_init(n);])],
 	[gmp_so=`(eval "$LDDPROG conftest$EXEEXT $LDDPOSTPROC") | grep '^libgmp\.so'`],
 	[gmp_so=none])
 if test -z "$gmp_so"; then
@@ -754,7 +757,10 @@ LIBS=$save_LIBS
 save_LIBS=$LIBS
 LIBS="$LIBS $NETTLE_LIBS"
 AC_MSG_CHECKING([nettle soname])
 -AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
 +AC_LINK_IFELSE([AC_LANG_PROGRAM([
 +               #include <nettle/sha2.h>],[
 +               struct sha256_ctx ctx;
 +               sha256_init(&ctx);])],
 	[nettle_so=`(eval "$LDDPROG conftest$EXEEXT $LDDPOSTPROC") | grep '^libnettle\.so'`],
 	[nettle_so=none])
 if test -z "$nettle_so"; then
@@ -767,7 +773,10 @@ LIBS=$save_LIBS
 save_LIBS=$LIBS
 LIBS="$LIBS $HOGWEED_LIBS"
 AC_MSG_CHECKING([hogweed soname])
 -AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
 +AC_LINK_IFELSE([AC_LANG_PROGRAM([
 +               #include <nettle/rsa.h>],[
 +               struct rsa_private_key priv;
 +               nettle_rsa_private_key_init(&priv);])],
 	[hogweed_so=`(eval "$LDDPROG conftest$EXEEXT $LDDPOSTPROC") | grep '^libhogweed\.so'`],
 	[hogweed_so=none])
 if test -z "$hogweed_so"; then
 -- 
 2.25.4
--- a/gnutls-3.6.14-fix-iovec-memory-leak.patch
+++ b/gnutls-3.6.14-fix-iovec-memory-leak.patch
@ -1,152 +0,0 @@
 From 6fbff7fc8aabeee2254405f254220bbe8c05c67d Mon Sep 17 00:00:00 2001
 From: Daiki Ueno <ueno@gnu.org>
 Date: Fri, 5 Jun 2020 16:26:33 +0200
 Subject: [PATCH] crypto-api: always allocate memory when serializing iovec_t
 The AEAD iov interface falls back to serializing the input buffers if
 the low-level cipher doesn't support scatter/gather encryption.
 However, there was a bug in the functions used for the serialization,
 which causes memory leaks under a certain condition (i.e. the number
 of input buffers is 1).
 This patch makes the logic of the functions simpler, by removing a
 micro-optimization that tries to minimize the number of calls to
 malloc/free.
 The original problem was reported by Marius Steffen in:
 https://bugzilla.samba.org/show_bug.cgi?id=14399
 and the cause was investigated by Alexander Haase in:
 https://gitlab.com/gnutls/gnutls/-/merge_requests/1277
 Signed-off-by: Daiki Ueno <ueno@gnu.org>
 ---
 lib/crypto-api.c        | 36 +++++++++++-------------------------
 tests/aead-cipher-vec.c | 33 ++++++++++++++++++---------------
 2 files changed, 29 insertions(+), 40 deletions(-)
 diff --git a/lib/crypto-api.c b/lib/crypto-api.c
 index 45be64ed1..8524f5ed4 100644
 --- a/lib/crypto-api.c
 +++ b/lib/crypto-api.c
@@ -891,32 +891,23 @@ gnutls_aead_cipher_encrypt(gnutls_aead_cipher_hd_t handle,
 struct iov_store_st {
 	void *data;
 	size_t size;
 -	unsigned allocated;
 };
 static void iov_store_free(struct iov_store_st *s)
 {
 -	if (s->allocated) {
 -		gnutls_free(s->data);
 -		s->allocated = 0;
 -	}
 +	gnutls_free(s->data);
 }
 static int iov_store_grow(struct iov_store_st *s, size_t length)
 {
 -	if (s->allocated || s->data == NULL) {
 -		s->size += length;
 -		s->data = gnutls_realloc(s->data, s->size);
 -		if (s->data == NULL)
 -			return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
 -		s->allocated = 1;
 -	} else {
 -		void *data = s->data;
 -		size_t size = s->size + length;
 -		s->data = gnutls_malloc(size);
 -		memcpy(s->data, data, s->size);
 -		s->size += length;
 -	}
 +	void *data;
 +
 +	s->size += length;
 +	data = gnutls_realloc(s->data, s->size);
 +	if (data == NULL)
 +		return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
 +
 +	s->data = data;
 	return 0;
 }
@@ -926,11 +917,6 @@ copy_from_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt)
 	memset(dst, 0, sizeof(*dst));
 	if (iovcnt == 0) {
 		return 0;
 -	} else if (iovcnt == 1) {
 -		dst->data = iov[0].iov_base;
 -		dst->size = iov[0].iov_len;
 -		/* implies: dst->allocated = 0; */
 -		return 0;
 	} else {
 		int i;
 		uint8_t *p;
@@ -944,11 +930,11 @@ copy_from_iov(struct iov_store_st *dst, const giovec_t *iov, int iovcnt)
 		p = dst->data;
 		for (i=0;i<iovcnt;i++) {
 -			memcpy(p, iov[i].iov_base, iov[i].iov_len);
 +			if (iov[i].iov_len > 0)
 +				memcpy(p, iov[i].iov_base, iov[i].iov_len);
 			p += iov[i].iov_len;
 		}
 -		dst->allocated = 1;
 		return 0;
 	}
 }
 diff --git a/tests/aead-cipher-vec.c b/tests/aead-cipher-vec.c
 index fba9010d9..6a30a35f7 100644
 --- a/tests/aead-cipher-vec.c
 +++ b/tests/aead-cipher-vec.c
@@ -49,6 +49,7 @@ static void start(const char *name, int algo)
 	giovec_t auth_iov[2];
 	uint8_t tag[64];
 	size_t tag_size = 0;
 +	size_t i;
 	key.data = key16;
 	key.size = gnutls_cipher_get_key_size(algo);
@@ -82,21 +83,23 @@ static void start(const char *name, int algo)
 	if (ret < 0)
 		fail("gnutls_cipher_init: %s\n", gnutls_strerror(ret));
 -	ret = gnutls_aead_cipher_encryptv2(ch,
 -					   iv.data, iv.size,
 -					   auth_iov, 2,
 -					   iov, 3,
 -					   tag, &tag_size);
 -	if (ret < 0)
 -		fail("could not encrypt data: %s\n", gnutls_strerror(ret));
 -
 -	ret = gnutls_aead_cipher_decryptv2(ch,
 -					   iv.data, iv.size,
 -					   auth_iov, 2,
 -					   iov, 3,
 -					   tag, tag_size);
 -	if (ret < 0)
 -		fail("could not decrypt data: %s\n", gnutls_strerror(ret));
 +	for (i = 0; i < 2; i++) {
 +		ret = gnutls_aead_cipher_encryptv2(ch,
 +						   iv.data, iv.size,
 +						   auth_iov, 2,
 +						   iov, i + 1,
 +						   tag, &tag_size);
 +		if (ret < 0)
 +			fail("could not encrypt data: %s\n", gnutls_strerror(ret));
 +
 +		ret = gnutls_aead_cipher_decryptv2(ch,
 +						   iv.data, iv.size,
 +						   auth_iov, 2,
 +						   iov, i + 1,
 +						   tag, tag_size);
 +		if (ret < 0)
 +			fail("could not decrypt data: %s\n", gnutls_strerror(ret));
 +	}
 	gnutls_aead_cipher_deinit(ch);
 }
 -- 
 2.25.4
--- a/gnutls-3.6.14-pthreads.patch
+++ b/gnutls-3.6.14-pthreads.patch
@ -1,50 +0,0 @@
 From f15c02b1fb9faf3e06db2c51196a27b0f9d72672 Mon Sep 17 00:00:00 2001
 From: James Bottomley <James.Bottomley@HansenPartnership.com>
 Date: Sun, 28 Jun 2020 21:33:09 +0200
 Subject: [PATCH] build: use $(LIBPTHREAD) rather than non-existent
 $(LTLIBPTHREAD)
 On a very recent openSUSE build, libgnutls is getting built without
 libpthread. This caused a thread related error when trying to load a
 pkcs11 module that uses threading. The reason is rather convoluted:
 glibc actually controls all the pthread_ function calls, but it
 returns success without doing anything unless -lpthread is in the link
 list. What's happening is that gnutls_system_mutex_init() is being
 called on _gnutls_pkcs11_mutex before library pthreading is
 initialized, so the pthread_mutex_init ends up being a nop. Then, when
 the pkcs11 module is loaded, pthreads get initialized and the call to
 pthread_mutex_lock is real, but errors out on the uninitialized mutex.
 The problem seems to be that nothing in the gnulib macros gnutls
 relies on for threading support detection actually sets LTLIBPTHREAD,
 they only set LIBPTHREAD. The fix is to use LIBPTHREAD in
 lib/Makefile.in
 Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
 ---
 bootstrap.conf  | 4 ++--
 lib/Makefile.am | 8 +++++++-
 2 files changed, 9 insertions(+), 3 deletions(-)
 diff --git a/lib/Makefile.am b/lib/Makefile.am
 index fa47ac5e6..02504d8d1 100644
 --- a/lib/Makefile.am
 +++ b/lib/Makefile.am
@@ -168,7 +168,13 @@ libgnutls_la_LIBADD += accelerated/libaccelerated.la
 endif
 if !WINDOWS
 -thirdparty_libadd += $(LTLIBPTHREAD)
 +# p11-kit does not work without threading support:
 +# https://github.com/p11-glue/p11-kit/pull/183
 +if ENABLE_PKCS11
 +thirdparty_libadd += $(LIBPMULTITHREAD)
 +else
 +thirdparty_libadd += $(LIBPTHREAD)
 +endif
 endif
 if NEEDS_LIBRT
 -- 
 2.26.2
--- a/gnutls.spec
+++ b/gnutls.spec
@ -3,9 +3,6 @@ Version:	3.6.15
 Release: 1%{?dist}
 Patch1:	gnutls-3.6.7-no-now-guile.patch
 Patch2:	gnutls-3.2.7-rpath.patch
 Patch3:	gnutls-3.6.14-fix-iovec-memory-leak.patch
 Patch4:	gnutls-3.6.14-configure-fix-soname-detection.patch
 Patch5: gnutls-3.6.14-pthreads.patch
 %bcond_without dane
 %if 0%{?rhel}
 %bcond_with guile
@ -146,7 +143,7 @@ This package contains Guile bindings for the library.
 gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
 %autosetup -p1
-autoreconf -fi
+#autoreconf -fi
 sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure
 rm -f lib/minitasn1/*.c lib/minitasn1/*.h