From 3c62873314ddabd4ce3c487fae1e37ea37a85444b7ac286970be931b16dfd357 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Mon, 7 Nov 2022 11:43:39 +0000 Subject: [PATCH] Accepting request 1032926 from home:pmonrealgonzalez:branches:GNOME:Factory - Fix build with gnutls 3.7.8: * tests: skip tls-exporter test for TLS 1.2 * https://gitlab.gnome.org/GNOME/glib-networking/-/issues/201 * Add glib-networking-gnutls-tls-exporter-tls12.patch OBS-URL: https://build.opensuse.org/request/show/1032926 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/glib-networking?expand=0&rev=173 --- ...networking-gnutls-tls-exporter-tls12.patch | 88 +++++++++++++++++++ glib-networking.changes | 8 ++ glib-networking.spec | 4 +- 3 files changed, 99 insertions(+), 1 deletion(-) create mode 100644 glib-networking-gnutls-tls-exporter-tls12.patch diff --git a/glib-networking-gnutls-tls-exporter-tls12.patch b/glib-networking-gnutls-tls-exporter-tls12.patch new file mode 100644 index 0000000..afced55 --- /dev/null +++ b/glib-networking-gnutls-tls-exporter-tls12.patch @@ -0,0 +1,88 @@ +From 205b578c6de0a6b42dd24d97f08ab47d0347431a Mon Sep 17 00:00:00 2001 +From: Natanael Copa +Date: Wed, 2 Nov 2022 13:26:53 +0100 +Subject: [PATCH] tests: skip tls-exporter test for TLS 1.2 + +TLS exporter does not exist before TLS 1.3 so skip the tls-exporter test +for TLS 1.2. + +Fixes https://gitlab.gnome.org/GNOME/glib-networking/-/issues/201 + +Part-of: +--- + tls/tests/connection.c | 49 ++++++++++++++++++++++++++---------------- + 1 file changed, 31 insertions(+), 18 deletions(-) + +Index: glib-networking-2.74.0/tls/tests/connection.c +=================================================================== +--- glib-networking-2.74.0.orig/tls/tests/connection.c ++++ glib-networking-2.74.0/tls/tests/connection.c +@@ -2723,6 +2723,8 @@ test_connection_binding_match_tls_export + GByteArray *client_cb, *server_cb; + gchar *client_b64, *server_b64; + GError *error = NULL; ++ gboolean client_supports_tls_exporter; ++ gboolean server_supports_tls_exporter; + + test->database = g_tls_file_database_new (tls_test_file_path ("ca-roots.pem"), &error); + g_assert_no_error (error); +@@ -2751,27 +2753,38 @@ test_connection_binding_match_tls_export + g_main_loop_run (test->loop); + + /* Smoke test: ensure both sides support tls-exporter */ +- g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->client_connection), +- G_TLS_CHANNEL_BINDING_TLS_EXPORTER, NULL, NULL)); +- g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->server_connection), +- G_TLS_CHANNEL_BINDING_TLS_EXPORTER, NULL, NULL)); +- +- /* Real test: retrieve bindings and compare */ +- client_cb = g_byte_array_new (); +- server_cb = g_byte_array_new (); +- g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->client_connection), +- G_TLS_CHANNEL_BINDING_TLS_EXPORTER, client_cb, NULL)); +- g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->server_connection), +- G_TLS_CHANNEL_BINDING_TLS_EXPORTER, server_cb, NULL)); +- +- client_b64 = g_base64_encode (client_cb->data, client_cb->len); +- server_b64 = g_base64_encode (server_cb->data, server_cb->len); +- g_assert_cmpstr (client_b64, ==, server_b64); +- +- g_free (client_b64); +- g_free (server_b64); +- g_byte_array_unref (client_cb); +- g_byte_array_unref (server_cb); ++ client_supports_tls_exporter = g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->client_connection), ++ G_TLS_CHANNEL_BINDING_TLS_EXPORTER, NULL, NULL); ++ server_supports_tls_exporter = g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->server_connection), ++ G_TLS_CHANNEL_BINDING_TLS_EXPORTER, NULL, NULL); ++ ++ g_assert_true (client_supports_tls_exporter == server_supports_tls_exporter); ++ ++ if (client_supports_tls_exporter) ++ { ++ /* Real test: retrieve bindings and compare */ ++ client_cb = g_byte_array_new (); ++ server_cb = g_byte_array_new (); ++ g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->client_connection), ++ G_TLS_CHANNEL_BINDING_TLS_EXPORTER, client_cb, NULL)); ++ g_assert_true (g_tls_connection_get_channel_binding_data (G_TLS_CONNECTION (test->server_connection), ++ G_TLS_CHANNEL_BINDING_TLS_EXPORTER, server_cb, NULL)); ++ ++ client_b64 = g_base64_encode (client_cb->data, client_cb->len); ++ server_b64 = g_base64_encode (server_cb->data, server_cb->len); ++ g_assert_cmpstr (client_b64, ==, server_b64); ++ ++ g_free (client_b64); ++ g_free (server_b64); ++ g_byte_array_unref (client_cb); ++ g_byte_array_unref (server_cb); ++ } ++ else ++ { ++ g_assert_true (g_tls_connection_get_protocol_version ( ++ G_TLS_CONNECTION (test->client_connection)) == G_TLS_PROTOCOL_VERSION_TLS_1_2); ++ g_test_skip ("tls-exporter is not supported before TLS 1.3"); ++ } + + /* drop the mic */ + close_server_connection (test); diff --git a/glib-networking.changes b/glib-networking.changes index d932679..9468395 100644 --- a/glib-networking.changes +++ b/glib-networking.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Wed Oct 26 10:22:12 UTC 2022 - Pedro Monreal + +- Fix build with gnutls 3.7.8: + * tests: skip tls-exporter test for TLS 1.2 + * https://gitlab.gnome.org/GNOME/glib-networking/-/issues/201 + * Add glib-networking-gnutls-tls-exporter-tls12.patch + ------------------------------------------------------------------- Thu Sep 15 16:18:01 UTC 2022 - Bjørn Lie diff --git a/glib-networking.spec b/glib-networking.spec index 75d2f2d..2fb9c9e 100644 --- a/glib-networking.spec +++ b/glib-networking.spec @@ -26,7 +26,9 @@ Group: Development/Libraries/C and C++ URL: https://www.gnome.org Source0: https://download.gnome.org/sources/glib-networking/2.74/%{name}-%{version}.tar.xz Source99: baselibs.conf - +#PATCH-FIX-UPSTREAM Fix build with gnutls 3.7.8 +# https://gitlab.gnome.org/GNOME/glib-networking/-/issues/201 +Patch0: glib-networking-gnutls-tls-exporter-tls12.patch BuildRequires: ca-certificates-mozilla # For directory ownership BuildRequires: dbus-1