added bugfix

gnutls-3.3.8-mem-issue.patch

@@ -0,0 +1,95 @@
+diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
+index b102f4d..a4921f9 100644
+--- a/lib/gnutls_x509.c
++++ b/lib/gnutls_x509.c
+@@ -697,11 +697,11 @@ static int
+ read_cert_url(gnutls_certificate_credentials_t res, const char *url)
+ {
+ 	int ret;
+-	gnutls_x509_crt_t crt;
++	gnutls_x509_crt_t crt = NULL;
+ 	gnutls_pcert_st *ccert;
+ 	gnutls_str_array_t names;
+ 	gnutls_datum_t t = {NULL, 0};
+-	unsigned i;
++	unsigned i, count = 0;
+ 
+ 	_gnutls_str_array_init(&names);
+ 
+@@ -729,13 +729,13 @@ read_cert_url(gnutls_certificate_credentials_t res, const char *url)
+ 
+ 	if (ret < 0) {
+ 		gnutls_assert();
+-		goto cleanup1;
++		goto cleanup;
+ 	}
+ 
+ 	ret = get_x509_name(crt, &names);
+ 	if (ret < 0) {
+ 		gnutls_assert();
+-		goto cleanup1;
++		goto cleanup;
+ 	}
+ 
+ 	/* Try to load the whole certificate chain from the PKCS #11 token */
+@@ -747,17 +747,18 @@ read_cert_url(gnutls_certificate_credentials_t res, const char *url)
+                 }
+ 
+ 		ret = gnutls_pcert_import_x509(&ccert[i], crt, 0);
+-		gnutls_x509_crt_deinit(crt);
+-
+ 		if (ret < 0) {
+ 			gnutls_assert();
+ 			goto cleanup;
+ 		}
++		count++;
+ 
+ 		ret = gnutls_pkcs11_get_raw_issuer(url, crt, &t, GNUTLS_X509_FMT_DER, 0);
+ 		if (ret < 0)
+ 			break;
+-			
++
++		gnutls_x509_crt_deinit(crt);
++		crt = NULL;
+ 		ret = gnutls_x509_crt_init(&crt);
+ 		if (ret < 0) {
+ 			gnutls_assert();
+@@ -767,23 +768,25 @@ read_cert_url(gnutls_certificate_credentials_t res, const char *url)
+ 		ret = gnutls_x509_crt_import(crt, &t, GNUTLS_X509_FMT_DER);
+ 		if (ret < 0) {
+ 			gnutls_assert();
+-			goto cleanup1;
++			goto cleanup;
+ 		}
+ 		gnutls_free(t.data);
+ 		t.data = NULL;
+ 	}
+ 
+-	ret = certificate_credential_append_crt_list(res, names, ccert, i+1);
++	ret = certificate_credential_append_crt_list(res, names, ccert, count);
+ 	if (ret < 0) {
+ 		gnutls_assert();
+ 		goto cleanup;
+ 	}
+ 
+-	return 0;
+-cleanup1:
+-	gnutls_x509_crt_deinit(crt);
++	if (crt != NULL)
++		gnutls_x509_crt_deinit(crt);
+ 
++	return 0;
+ cleanup:
++	if (crt != NULL)
++		gnutls_x509_crt_deinit(crt);
+ 	gnutls_free(t.data);
+ 	_gnutls_str_array_clear(&names);
+ 	gnutls_free(ccert);
+@@ -959,7 +962,6 @@ static int check_if_sorted(gnutls_pcert_st * crt, int nr)
+ 			ret = gnutls_x509_crt_init(&x509);
+ 			if (ret < 0)
+ 				return gnutls_assert_val(ret);
+-
+ 			ret =
+ 			    gnutls_x509_crt_import(x509, &crt[i].cert,
+ 						   GNUTLS_X509_FMT_DER);

gnutls.spec

@@ -32,6 +32,7 @@ Source0: %{name}-%{version}-hobbled.tar.xz
 Source1: libgnutls-config
 Source2: hobble-gnutls
 Patch1: gnutls-3.2.7-rpath.patch
+Patch2: gnutls-3.3.8-mem-issue.patch
 Patch3: gnutls-3.1.11-nosrp.patch
 Patch4: gnutls-3.3.6-default-policy.patch
 
@@ -134,6 +135,7 @@ This package contains Guile bindings for the library.
 %setup -q
 
 %patch1 -p1 -b .rpath
+%patch2 -p1 -b .mem-issue
 %patch3 -p1 -b .nosrp
 %patch4 -p1 -b .default-policy
 sed 's/gnutls_srp.c//g' -i lib/Makefile.in