diff --git a/gnutls-3.7.2-doc-hash-copy.patch b/gnutls-3.7.2-doc-hash-copy.patch new file mode 100644 index 0000000..7935433 --- /dev/null +++ b/gnutls-3.7.2-doc-hash-copy.patch @@ -0,0 +1,44 @@ +From 7b68571f43b68085ba9f36afb1e3e97b3ba8d2d5 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 22 Dec 2021 08:16:27 +0100 +Subject: [PATCH 2/2] Update documentation of gnutls_{hash,hmac}_copy + +Signed-off-by: rpm-build +--- + doc/functions/gnutls_hash_copy | 4 +++- + doc/functions/gnutls_hmac_copy | 4 +++- + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/doc/functions/gnutls_hash_copy b/doc/functions/gnutls_hash_copy +index 600c0e7..aac7d5d 100644 +--- a/doc/functions/gnutls_hash_copy ++++ b/doc/functions/gnutls_hash_copy +@@ -8,7 +8,9 @@ + This function will create a copy of Message Digest context, containing all + its current state. Copying contexts for Message Digests registered using + @code{gnutls_crypto_register_digest()} is not supported and will always result in +-an error. ++an error. In addition to that, some of the Message Digest implementations do ++not support this operation. Applications should check the return value and ++provide a proper fallback. + + @strong{Returns:} new Message Digest context or NULL in case of an error. + +diff --git a/doc/functions/gnutls_hmac_copy b/doc/functions/gnutls_hmac_copy +index a219b21..93b20d5 100644 +--- a/doc/functions/gnutls_hmac_copy ++++ b/doc/functions/gnutls_hmac_copy +@@ -8,7 +8,9 @@ + This function will create a copy of MAC context, containing all its current + state. Copying contexts for MACs registered using + @code{gnutls_crypto_register_mac()} is not supported and will always result in an +-error. ++error. In addition to that, some of the MAC implementations do not support ++this operation. Applications should check the return value and provide a ++proper fallback. + + @strong{Returns:} new MAC context or NULL in case of an error. + +-- +2.31.1 + diff --git a/gnutls-3.7.2-no-explicit-init.patch b/gnutls-3.7.2-no-explicit-init.patch new file mode 100644 index 0000000..6424174 --- /dev/null +++ b/gnutls-3.7.2-no-explicit-init.patch @@ -0,0 +1,32 @@ +From 36a92d984020df16296784a7ad613c9693469d23 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Tue, 21 Dec 2021 16:28:09 +0100 +Subject: [PATCH 1/2] Remove GNUTLS_NO_EXPLICIT_INIT compatibility + +Signed-off-by: rpm-build +--- + lib/global.c | 8 -------- + 1 file changed, 8 deletions(-) + +diff --git a/lib/global.c b/lib/global.c +index 3731418..1384045 100644 +--- a/lib/global.c ++++ b/lib/global.c +@@ -500,14 +500,6 @@ static void _CONSTRUCTOR lib_init(void) + return; + } + +- e = secure_getenv("GNUTLS_NO_EXPLICIT_INIT"); +- if (e != NULL) { +- _gnutls_debug_log("GNUTLS_NO_EXPLICIT_INIT is deprecated; use GNUTLS_NO_IMPLICIT_INIT\n"); +- ret = atoi(e); +- if (ret == 1) +- return; +- } +- + ret = _gnutls_global_init(1); + if (ret < 0) { + fprintf(stderr, "Error in GnuTLS initialization: %s\n", gnutls_strerror(ret)); +-- +2.31.1 + diff --git a/gnutls.spec b/gnutls.spec index e5825fd..715aee2 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -8,6 +8,8 @@ Patch4: gnutls-3.7.2-key-share-ecdhx.patch Patch5: gnutls-3.7.2-enable-intel-cet.patch Patch6: gnutls-3.7.2-libopts-covscan.patch Patch7: gnutls-3.7.2-config-allowlisting-race.patch +Patch8: gnutls-3.7.2-no-explicit-init.patch +Patch9: gnutls-3.7.2-doc-hash-copy.patch %bcond_with bootstrap %bcond_without dane %if 0%{?rhel} @@ -323,6 +325,12 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null %endif %changelog +* Wed Dec 22 2021 Daiki Ueno - 3.7.2-9 +- Drop support for GNUTLS_NO_EXPLICIT_INIT envvar in favor of + GNUTLS_NO_IMPLICIT_INIT (#1999639) +- Expand documentation of gnutls_{hash,hmac}_copy, mentioning that + those do not always work (#1999639) + * Tue Dec 21 2021 Daiki Ueno - 3.7.2-9 - Fix race condition when resolving SYSTEM priority in allowlisting mode (#2012249)