diff --git a/.gitignore b/.gitignore index 690d3fe..fbacd72 100644 --- a/.gitignore +++ b/.gitignore @@ -144,3 +144,5 @@ gnutls-2.10.1-nosrp.tar.bz2 /gnutls-3.8.0.tar.xz /gnutls-3.8.0.tar.xz.sig /gnutls-release-keyring.gpg +/gnutls-3.8.1.tar.xz +/gnutls-3.8.1.tar.xz.sig diff --git a/README.packit b/README.packit index c83811d..7f24510 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.67.0. +The file was generated using packit 0.78.0. diff --git a/gnutls-3.8.0-ktls-Do-not-return-GNUTLS_E_INTERRUPTED-AGAIN-from-s.patch b/gnutls-3.8.0-ktls-Do-not-return-GNUTLS_E_INTERRUPTED-AGAIN-from-s.patch deleted file mode 100644 index 0390da3..0000000 --- a/gnutls-3.8.0-ktls-Do-not-return-GNUTLS_E_INTERRUPTED-AGAIN-from-s.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 21c386860f1973344872eec4e4dd68644b1b48aa Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Fri, 10 Mar 2023 11:15:19 +0000 -Subject: [PATCH] ktls: Do not return GNUTLS_E_INTERRUPTED/AGAIN from short - writes - -If sendmsg returns a short write, we end up going around the loop with -data_to_send being smaller. However if sendmsg then returns -EAGAIN -or -EINTR then we return an error. But we have "forgotten" that we -already sent some data. - -This causes the caller to retry gnutls_record_send with the full -buffer (ie. with a buffer that has already been partially sent), -causing desynchronization. - -Instead check if we sent some data in this case and return the number -of bytes sent. - -Fixes: https://gitlab.com/gnutls/gnutls/-/issues/1470 -Thanks: Dan Berrange for suggesting a fix -Signed-off-by: Richard W.M. Jones ---- - lib/system/ktls.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/lib/system/ktls.c b/lib/system/ktls.c -index fd57a9c30..bb59fab7c 100644 ---- a/lib/system/ktls.c -+++ b/lib/system/ktls.c -@@ -604,9 +604,17 @@ int _gnutls_ktls_send_control_msg(gnutls_session_t session, - if (ret == -1) { - switch (errno) { - case EINTR: -- return GNUTLS_E_INTERRUPTED; -+ if (data_to_send < data_size) { -+ return data_size - data_to_send; -+ } else { -+ return GNUTLS_E_INTERRUPTED; -+ } - case EAGAIN: -- return GNUTLS_E_AGAIN; -+ if (data_to_send < data_size) { -+ return data_size - data_to_send; -+ } else { -+ return GNUTLS_E_AGAIN; -+ } - default: - return GNUTLS_E_PUSH_ERROR; - } --- -2.39.2 - diff --git a/gnutls.spec b/gnutls.spec index 9c06080..2b20dac 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -12,7 +12,7 @@ sha256sum:close() print(string.sub(hash, 0, 16)) } -Version: 3.8.0 +Version: 3.8.1 Release: %{?autorelease}%{!?autorelease:1%{?dist}} Patch: gnutls-3.2.7-rpath.patch @@ -22,10 +22,6 @@ Patch: gnutls-3.7.8-ktls_disable_keyupdate_test.patch # follow https://gitlab.com/gnutls/gnutls/-/issues/1443 Patch: gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch -# Fix desychronisation with kTLS: -# https://gitlab.com/gnutls/gnutls/-/issues/1470 -Patch: gnutls-3.8.0-ktls-Do-not-return-GNUTLS_E_INTERRUPTED-AGAIN-from-s.patch - %bcond_without bootstrap %bcond_without dane %bcond_without fips @@ -69,7 +65,7 @@ BuildRequires: tpm2-tss-devel >= 3.0.3 %endif BuildRequires: libidn2-devel BuildRequires: libunistring-devel -BuildRequires: net-tools, datefudge, softhsm, gcc, gcc-c++ +BuildRequires: net-tools, softhsm, gcc, gcc-c++ BuildRequires: gnupg2 BuildRequires: git-core diff --git a/sources b/sources index f6b15ed..05f8aa7 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (gnutls-3.8.0.tar.xz) = 2507b3133423fdaf90fbd826ccb1142e9ff6fc90fcd5531720218f19ddf0e6bbb8267d23bad35c0954860e5a4179da74823e0c8357db56a14f252e6ec9d59629 -SHA512 (gnutls-3.8.0.tar.xz.sig) = 9db8db74aa0ebd871287b07b6a8a9f4ce90188633618e669fe07cb8bb314b624c14761f6fe1970e2fbffa87f7c0d6daa4b0fa838bd05f74b8b18cd1b5325c654 +SHA512 (gnutls-3.8.1.tar.xz) = 22e78db86b835843df897d14ad633d8a553c0f9b1389daa0c2f864869c6b9ca889028d434f9552237dc4f1b37c978fbe0cce166e3768e5d4e8850ff69a6fc872 +SHA512 (gnutls-3.8.1.tar.xz.sig) = f03fde611927c83f6b57af695d5610ba3cefbb88a261cf5485c94b3fb32c7480a77c68a353a6a28185337195e30011d6b5578c53ea4180a656cf7b175156f7f1 SHA512 (gnutls-release-keyring.gpg) = 5c14d83f4f37bd319c652db0d76fc5bb04752fb461bbe853e25b20ffe41d6d14faae6c0bdd0193ac6242975bf1205ce606a9d0082261cc4581fd680abfcdbd4d