diff --git a/backport-remove-init_fds-test.patch b/backport-remove-init_fds-test.patch new file mode 100644 index 0000000..7df8999 --- /dev/null +++ b/backport-remove-init_fds-test.patch @@ -0,0 +1,117 @@ +From 5589765593b8af88e4fc3acb3b06ded0122da006 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Sun, 24 Jan 2021 07:49:34 +0100 +Subject: [PATCH] tests: remove init_fds test + +This test does nothing to expose the original problem linked in the comment: +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760476 + +Signed-off-by: Daiki Ueno +--- + tests/Makefile.am | 2 +- + tests/init_fds.c | 80 ----------------------------------------------- + 2 files changed, 1 insertion(+), 81 deletions(-) + delete mode 100644 tests/init_fds.c + +diff --git a/tests/Makefile.am b/tests/Makefile.am +index b04cb08..e6e908c 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -164,7 +164,7 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei + cert-status fips-mode-pthread rsa-psk global-init sec-params sign-verify-data \ + fips-test fips-override-test mini-global-load name-constraints x509-extensions \ + long-session-id mini-x509-callbacks-intr mini-dtls-lowmtu set_x509_key_file-late \ +- crlverify mini-dtls-discard init_fds mini-record-failure openconnect-dtls12 \ ++ crlverify mini-dtls-discard mini-record-failure openconnect-dtls12 \ + tls12-rehandshake-cert-2 custom-urls set_x509_key_mem set_x509_key_file \ + tls12-rehandshake-cert-auto tls12-rehandshake-set-prio \ + mini-chain-unsorted x509-verify-with-crl mini-dtls-mtu privkey-verify-broken \ +diff --git a/tests/init_fds.c b/tests/init_fds.c +deleted file mode 100644 +index bf7a5de..0000000 +--- a/tests/init_fds.c ++++ /dev/null +@@ -1,80 +0,0 @@ +-/* +- * Copyright (C) 2014 Nikos Mavrogiannopoulos +- * +- * Author: Nikos Mavrogiannopoulos +- * +- * This file is part of GnuTLS. +- * +- * GnuTLS is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License as published by +- * the Free Software Foundation; either version 3 of the License, or +- * (at your option) any later version. +- * +- * GnuTLS is distributed in the hope that it will be useful, but +- * WITHOUT ANY WARRANTY; without even the implied warranty of +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +- * General Public License for more details. +- * +- * You should have received a copy of the GNU General Public License +- * along with GnuTLS; if not, write to the Free Software Foundation, +- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +- */ +- +-#ifdef HAVE_CONFIG_H +-#include +-#endif +- +-#include +-#include +-#include +-#include +- +-#include "utils.h" +- +-/* See . */ +- +-void doit(void) +-{ +-#ifndef _WIN32 +- int res; +- unsigned i; +- int serial = 0; +- char buf[128]; +- +- res = read(3, buf, 16); +- if (res == 16) +- serial = 1; +- +- /* close all descriptors */ +- for (i=3;i<1024;i++) +- close(i); +- +- res = gnutls_global_init(); +- if (res != 0) +- fail("global_init\n"); +- +- if (serial != 0) { +- res = read(3, buf, 16); +- if (res != 16) { +- fail("could not open fd, or OS doesn't assign fds in a serial way (%d)\n", res); +- } +- } +- +- res = gnutls_global_init(); +- if (res != 0) +- fail("global_init2\n"); +- +- gnutls_rnd_refresh(); +- +- res = gnutls_rnd(GNUTLS_RND_RANDOM, buf, sizeof(buf)); +- if (res != 0) +- fail("gnutls_rnd\n"); +- +- gnutls_global_deinit(); +- +- if (debug) +- success("init-close success\n"); +-#else +- return; +-#endif +-} +-- +2.27.0 + diff --git a/gnutls.spec b/gnutls.spec index b5606cd..eca9e9f 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -1,6 +1,6 @@ Name: gnutls Version: 3.6.15 -Release: 3 +Release: 4 Summary: The GNU Secure Communication Protocol Library License: LGPLv2.1+ and GPLv3+ @@ -13,6 +13,7 @@ Patch2: backport-tests-remove-launch_pkcs11_server.patch Patch3: backport-testpkcs11-use-datefudge-to-trick-certificate-expiry.patch Patch4: backport-CVE-2021-20231.patch Patch5: backport-CVE-2021-20232.patch +Patch6: backport-remove-init_fds-test.patch %bcond_without dane %bcond_with guile @@ -203,6 +204,9 @@ make check %{?_smp_mflags} %endif %changelog +* Fri Jul 30 2021 shangyibin - 3.6.15-4 +- remove init_fds test + * Mon Mar 22 2021 yixiangzhike - 3.6.15-3 - fix CVE-2021-20231 CVE-2021-20232