Fixes for gnutls 3.7.3 and glibc new syscalls
This commit is contained in:
Nikos Mavrogiannopoulos
parent
7bbf448378
commit
17e5b407a3
12
futex.patch
Normal file
12
futex.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff --git a/src/worker-privs.c b/src/worker-privs.c
|
||||
index ae0b375d..0b285113 100644
|
||||
--- a/src/worker-privs.c
|
||||
+++ b/src/worker-privs.c
|
||||
@@ -128,6 +128,7 @@ int disable_system_calls(struct worker_st *ws)
|
||||
ADD_SYSCALL(getrusage, 0);
|
||||
ADD_SYSCALL(alarm, 0);
|
||||
ADD_SYSCALL(getpid, 0);
|
||||
+ ADD_SYSCALL(futex, 0);
|
||||
|
||||
/* memory allocation - both are used by different platforms */
|
||||
ADD_SYSCALL(brk, 0);
|
||||
16
gnutls-3.7.3.patch
Normal file
16
gnutls-3.7.3.patch
Normal file
@ -0,0 +1,16 @@
|
||||
diff --git a/src/sec-mod.c b/src/sec-mod.c
|
||||
index 03f78276..6492b68a 100644
|
||||
--- a/src/sec-mod.c
|
||||
+++ b/src/sec-mod.c
|
||||
@@ -834,7 +834,10 @@ static int load_keys(sec_mod_st *sec, unsigned force)
|
||||
gnutls_privkey_import_x509_raw(p, &data,
|
||||
GNUTLS_X509_FMT_PEM,
|
||||
NULL, 0);
|
||||
- if (ret == GNUTLS_E_DECRYPTION_FAILED && vhost->pins.pin[0]) {
|
||||
+ /* GnuTLS 3.7.3 introduces a backwards incompatible change and
|
||||
+ * GNUTLS_E_PKCS11_PIN_ERROR is returned when an encrypted
|
||||
+ * file is loaded https://gitlab.com/gnutls/gnutls/-/issues/1321 */
|
||||
+ if ((ret == GNUTLS_E_DECRYPTION_FAILED || ret == GNUTLS_E_PKCS11_PIN_ERROR) && vhost->pins.pin[0]) {
|
||||
ret =
|
||||
gnutls_privkey_import_x509_raw(p, &data,
|
||||
GNUTLS_X509_FMT_PEM,
|
||||
@ -1,5 +1,5 @@
|
||||
Version: 1.1.4
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
%global _hardened_build 1
|
||||
|
||||
%if 0%{?fedora} || 0%{?rhel} >= 7
|
||||
@ -38,6 +38,8 @@ Source8: ocserv-genkey
|
||||
Source9: ocserv-script
|
||||
Source10: gpgkey-56EE7FA9E8173B19FE86268D763712747F343FA7.gpg
|
||||
Source11: ocserv.init
|
||||
Patch1: futex.patch
|
||||
Patch2: gnutls-3.7.3.patch
|
||||
|
||||
# Taken from upstream:
|
||||
# http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09
|
||||
@ -272,6 +274,10 @@ install -D -m 0755 %{SOURCE11} %{buildroot}/%{_initrddir}/%{name}
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Feb 10 2022 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 1.1.4-3
|
||||
- Update seccomp rules to allow the futex syscall
|
||||
- Workaround incompatible API change in GnuTLS 3.7.3.
|
||||
|
||||
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.4-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user