diff --git a/.gitignore b/.gitignore index 65c05cb..1b56505 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/glib-networking-2.42.0.tar.xz +SOURCES/glib-networking-2.50.0.tar.xz diff --git a/.glib-networking.metadata b/.glib-networking.metadata index e06b775..6582870 100644 --- a/.glib-networking.metadata +++ b/.glib-networking.metadata @@ -1 +1 @@ -dc882d9c4a1dcb8e7bab9e01ab9e7a6e23efea44 SOURCES/glib-networking-2.42.0.tar.xz +d8f6a52fd977acc0ff32fe3152ad4cb3f699c053 SOURCES/glib-networking-2.50.0.tar.xz diff --git a/SOURCES/0001-rh1177964-fallback-semantics.patch b/SOURCES/0001-rh1177964-fallback-semantics.patch deleted file mode 100644 index bb25172..0000000 --- a/SOURCES/0001-rh1177964-fallback-semantics.patch +++ /dev/null @@ -1,220 +0,0 @@ -From 1b8db6c27f2f3909b55fc2902d2fd0431b066058 Mon Sep 17 00:00:00 2001 -From: Dan Winship -Date: Sun, 26 Oct 2014 12:25:15 -0400 -Subject: [PATCH 1/2] gnutls: loosen the semantics of "use-ssl3" - -If SSL 3.0 is disabled, then make "use-ssl3" mean "use the lowest -available TLS version" instead, so that, eg, TLS 1.2 -> TLS 1.0 -fallback is still possible. - -https://bugzilla.gnome.org/show_bug.cgi?id=738633 ---- - tls/gnutls/gtlsconnection-gnutls.c | 55 +++++++++++++++++------- - tls/tests/connection.c | 88 ++++++++++++++++++++++++++++++++++++++ - 2 files changed, 127 insertions(+), 16 deletions(-) - -diff --git a/tls/gnutls/gtlsconnection-gnutls.c b/tls/gnutls/gtlsconnection-gnutls.c -index 7e63412..444ca36 100644 ---- a/tls/gnutls/gtlsconnection-gnutls.c -+++ b/tls/gnutls/gtlsconnection-gnutls.c -@@ -194,15 +194,16 @@ g_tls_connection_gnutls_init (GTlsConnectionGnutls *gnutls) - g_mutex_init (&gnutls->priv->op_mutex); - } - --/* First field is "ssl3 only", second is "allow unsafe rehandshaking" */ -+/* First field is "fallback", second is "allow unsafe rehandshaking" */ - static gnutls_priority_t priorities[2][2]; - - static void - g_tls_connection_gnutls_init_priorities (void) - { - const gchar *base_priority; -- gchar *ssl3_priority, *unsafe_rehandshake_priority, *ssl3_unsafe_rehandshake_priority; -- int ret; -+ gchar *fallback_priority, *unsafe_rehandshake_priority, *fallback_unsafe_rehandshake_priority; -+ const guint *protos; -+ int ret, i, nprotos, fallback_proto; - - base_priority = g_getenv ("G_TLS_GNUTLS_PRIORITY"); - if (!base_priority) -@@ -215,31 +216,53 @@ g_tls_connection_gnutls_init_priorities (void) - gnutls_priority_init (&priorities[FALSE][FALSE], base_priority, NULL); - } - -- ssl3_priority = g_strdup_printf ("%s:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0", base_priority); - unsafe_rehandshake_priority = g_strdup_printf ("%s:%%UNSAFE_RENEGOTIATION", base_priority); -- ssl3_unsafe_rehandshake_priority = g_strdup_printf ("%s:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0:%%UNSAFE_RENEGOTIATION", base_priority); -- -- gnutls_priority_init (&priorities[TRUE][FALSE], ssl3_priority, NULL); -- gnutls_priority_init (&priorities[FALSE][TRUE], unsafe_rehandshake_priority, NULL); -- gnutls_priority_init (&priorities[TRUE][TRUE], ssl3_unsafe_rehandshake_priority, NULL); -- -- g_free (ssl3_priority); -+ ret = gnutls_priority_init (&priorities[FALSE][TRUE], unsafe_rehandshake_priority, NULL); -+ g_warn_if_fail (ret == 0); - g_free (unsafe_rehandshake_priority); -- g_free (ssl3_unsafe_rehandshake_priority); -+ -+ /* Figure out the lowest SSl/TLS version supported by base_priority */ -+ nprotos = gnutls_priority_protocol_list (priorities[FALSE][FALSE], &protos); -+ fallback_proto = G_MAXUINT; -+ for (i = 0; i < nprotos; i++) -+ { -+ if (protos[i] < fallback_proto) -+ fallback_proto = protos[i]; -+ } -+ if (fallback_proto == G_MAXUINT) -+ { -+ g_warning ("All GNUTLS protocol versions disabled?"); -+ fallback_priority = g_strdup (base_priority); -+ } -+ else -+ { -+ fallback_priority = g_strdup_printf ("%s:!VERS-TLS-ALL:+VERS-%s", -+ base_priority, -+ gnutls_protocol_get_name (fallback_proto)); -+ } -+ fallback_unsafe_rehandshake_priority = g_strdup_printf ("%s:%%UNSAFE_RENEGOTIATION", -+ fallback_priority); -+ -+ ret = gnutls_priority_init (&priorities[TRUE][FALSE], fallback_priority, NULL); -+ g_warn_if_fail (ret == 0); -+ ret = gnutls_priority_init (&priorities[TRUE][TRUE], fallback_unsafe_rehandshake_priority, NULL); -+ g_warn_if_fail (ret == 0); -+ g_free (fallback_priority); -+ g_free (fallback_unsafe_rehandshake_priority); - } - - static void - g_tls_connection_gnutls_set_handshake_priority (GTlsConnectionGnutls *gnutls) - { -- gboolean use_ssl3, unsafe_rehandshake; -+ gboolean fallback, unsafe_rehandshake; - - if (G_IS_TLS_CLIENT_CONNECTION (gnutls)) -- use_ssl3 = g_tls_client_connection_get_use_ssl3 (G_TLS_CLIENT_CONNECTION (gnutls)); -+ fallback = g_tls_client_connection_get_use_ssl3 (G_TLS_CLIENT_CONNECTION (gnutls)); - else -- use_ssl3 = FALSE; -+ fallback = FALSE; - unsafe_rehandshake = (gnutls->priv->rehandshake_mode == G_TLS_REHANDSHAKE_UNSAFELY); - gnutls_priority_set (gnutls->priv->session, -- priorities[use_ssl3][unsafe_rehandshake]); -+ priorities[fallback][unsafe_rehandshake]); - } - - static gboolean -diff --git a/tls/tests/connection.c b/tls/tests/connection.c -index 0df8bb1..0e7b706 100644 ---- a/tls/tests/connection.c -+++ b/tls/tests/connection.c -@@ -1377,11 +1377,90 @@ test_async_implicit_handshake (TestConnection *test, gconstpointer data) - test->client_connection = NULL; - } - -+static void -+quit_on_handshake_complete (GObject *object, -+ GAsyncResult *result, -+ gpointer user_data) -+{ -+ TestConnection *test = user_data; -+ GError *error = NULL; -+ -+ g_tls_connection_handshake_finish (G_TLS_CONNECTION (object), result, &error); -+ g_assert_no_error (error); -+ -+ g_main_loop_quit (test->loop); -+ return; -+} -+ -+#define PRIORITY_SSL_FALLBACK "NORMAL:+VERS-SSL3.0" -+#define PRIORITY_TLS_FALLBACK "NORMAL:+VERS-TLS-ALL:-VERS-SSL3.0" -+ -+static void -+test_fallback (gconstpointer data) -+{ -+ const char *priority_string = (const char *) data; -+ char *test_name; -+ -+ test_name = g_strdup_printf ("/tls/connection/fallback/subprocess/%s", priority_string); -+ g_test_trap_subprocess (test_name, 0, 0); -+ g_test_trap_assert_passed (); -+ g_free (test_name); -+} -+ -+static void -+test_fallback_subprocess (TestConnection *test, -+ gconstpointer data) -+{ -+ GIOStream *connection; -+ GTlsConnection *tlsconn; -+ GError *error = NULL; -+ -+ connection = start_echo_server_and_connect_to_it (test); -+ test->client_connection = g_tls_client_connection_new (connection, NULL, &error); -+ g_assert_no_error (error); -+ tlsconn = G_TLS_CONNECTION (test->client_connection); -+ g_object_unref (connection); -+ -+ g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (test->client_connection), -+ 0); -+ g_tls_client_connection_set_use_ssl3 (G_TLS_CLIENT_CONNECTION (test->client_connection), -+ TRUE); -+ g_tls_connection_handshake_async (tlsconn, G_PRIORITY_DEFAULT, NULL, -+ quit_on_handshake_complete, test); -+ g_main_loop_run (test->loop); -+ -+ /* In 2.42 we don't have the API to test that the correct version was negotiated, -+ * so we merely test that the connection succeeded at all. -+ */ -+ -+ g_io_stream_close (test->client_connection, NULL, &error); -+ g_assert_no_error (error); -+} -+ - int - main (int argc, - char *argv[]) - { - int ret; -+ int i; -+ -+ /* Check if this is a subprocess, and set G_TLS_GNUTLS_PRIORITY -+ * appropriately if so. -+ */ -+ for (i = 1; i < argc - 1; i++) -+ { -+ if (!strcmp (argv[i], "-p")) -+ { -+ const char *priority = argv[i + 1]; -+ -+ priority = strrchr (priority, '/'); -+ if (priority++ && -+ (g_str_has_prefix (priority, "NORMAL:") || -+ g_str_has_prefix (priority, "NONE:"))) -+ g_setenv ("G_TLS_GNUTLS_PRIORITY", priority, TRUE); -+ break; -+ } -+ } - - g_test_init (&argc, &argv, NULL); - g_test_bug_base ("http://bugzilla.gnome.org/"); -@@ -1431,6 +1510,15 @@ main (int argc, - g_test_add ("/tls/connection/async-implicit-handshake", TestConnection, NULL, - setup_connection, test_async_implicit_handshake, teardown_connection); - -+ g_test_add_data_func ("/tls/connection/fallback/SSL", PRIORITY_SSL_FALLBACK, test_fallback); -+ g_test_add ("/tls/connection/fallback/subprocess/" PRIORITY_SSL_FALLBACK, -+ TestConnection, NULL, -+ setup_connection, test_fallback_subprocess, teardown_connection); -+ g_test_add_data_func ("/tls/connection/fallback/TLS", PRIORITY_TLS_FALLBACK, test_fallback); -+ g_test_add ("/tls/connection/fallback/subprocess/" PRIORITY_TLS_FALLBACK, -+ TestConnection, NULL, -+ setup_connection, test_fallback_subprocess, teardown_connection); -+ - ret = g_test_run(); - - /* for valgrinding */ --- -2.1.0 - diff --git a/SOURCES/0002-rh1177964-priority-string.patch b/SOURCES/0002-rh1177964-priority-string.patch deleted file mode 100644 index b06f27a..0000000 --- a/SOURCES/0002-rh1177964-priority-string.patch +++ /dev/null @@ -1,78 +0,0 @@ -From f474ec2a887f2ef1dba536683f5a7c8b6dc7e283 Mon Sep 17 00:00:00 2001 -From: Dan Winship -Date: Thu, 13 Nov 2014 22:30:13 -0500 -Subject: [PATCH 2/2] gnutls: update default priority string and fallback rules - -Change the default "priority" string from "NORMAL:%COMPAT" to -"NORMAL:%COMPAT:%LATEST_RECORD_VERSION". (Correctly-implemented -servers won't care either way, but apparently some servers have been -incorrectly updated for POODLE-safeness by rejecting all handshakes -with SSL 3.0 in the version field [which had long been recommended for -compatibility reasons], even if the handshake offered to negotiate TLS -versions too.) - -Change the fallback/"ssl3" priority code so that it never includes -%LATEST_RECORD_VERSION, but does include %COMPAT even if the default -priority doesn't (eg, because it was overridden with -G_TLS_GNUTLS_PRIORITY). - -https://bugzilla.gnome.org/show_bug.cgi?id=740087 ---- - tls/gnutls/gtlsconnection-gnutls.c | 23 +++++++++++++++++++---- - 1 file changed, 19 insertions(+), 4 deletions(-) - -diff --git a/tls/gnutls/gtlsconnection-gnutls.c b/tls/gnutls/gtlsconnection-gnutls.c -index 444ca36..7436451 100644 ---- a/tls/gnutls/gtlsconnection-gnutls.c -+++ b/tls/gnutls/gtlsconnection-gnutls.c -@@ -197,6 +197,8 @@ g_tls_connection_gnutls_init (GTlsConnectionGnutls *gnutls) - /* First field is "fallback", second is "allow unsafe rehandshaking" */ - static gnutls_priority_t priorities[2][2]; - -+#define DEFAULT_BASE_PRIORITY "NORMAL:%COMPAT:%LATEST_RECORD_VERSION" -+ - static void - g_tls_connection_gnutls_init_priorities (void) - { -@@ -207,12 +209,12 @@ g_tls_connection_gnutls_init_priorities (void) - - base_priority = g_getenv ("G_TLS_GNUTLS_PRIORITY"); - if (!base_priority) -- base_priority = "NORMAL:%COMPAT"; -+ base_priority = DEFAULT_BASE_PRIORITY; - ret = gnutls_priority_init (&priorities[FALSE][FALSE], base_priority, NULL); - if (ret == GNUTLS_E_INVALID_REQUEST) - { - g_warning ("G_TLS_GNUTLS_PRIORITY is invalid; ignoring!"); -- base_priority = "NORMAL:%COMPAT"; -+ base_priority = DEFAULT_BASE_PRIORITY; - gnutls_priority_init (&priorities[FALSE][FALSE], base_priority, NULL); - } - -@@ -236,8 +238,21 @@ g_tls_connection_gnutls_init_priorities (void) - } - else - { -- fallback_priority = g_strdup_printf ("%s:!VERS-TLS-ALL:+VERS-%s", -- base_priority, -+ gchar *cleaned_base, *p, *rest; -+ -+ /* fallback_priority should be based on base_priority, except -+ * that we don't want %LATEST_RECORD_VERSION in it. -+ */ -+ cleaned_base = g_strdup (base_priority); -+ p = strstr (cleaned_base, ":%LATEST_RECORD_VERSION"); -+ if (p) -+ { -+ rest = p + strlen (":%LATEST_RECORD_VERSION"); -+ memmove (p, rest, strlen (rest) + 1); -+ } -+ -+ fallback_priority = g_strdup_printf ("%s:%%COMPAT:!VERS-TLS-ALL:+VERS-%s", -+ cleaned_base, - gnutls_protocol_get_name (fallback_proto)); - } - fallback_unsafe_rehandshake_priority = g_strdup_printf ("%s:%%UNSAFE_RENEGOTIATION", --- -2.1.0 - diff --git a/SPECS/glib-networking.spec b/SPECS/glib-networking.spec index c355e15..aa0a3ae 100644 --- a/SPECS/glib-networking.spec +++ b/SPECS/glib-networking.spec @@ -1,17 +1,13 @@ -%define glib2_version 2.42.0 +%define glib2_version 2.46.0 Name: glib-networking -Version: 2.42.0 +Version: 2.50.0 Release: 1%{?dist} Summary: Networking support for GLib -Group: Development/Libraries License: LGPLv2+ URL: http://www.gnome.org -Source: http://download.gnome.org/sources/glib-networking/2.42/%{name}-%{version}.tar.xz - -Patch1: 0001-rh1177964-fallback-semantics.patch -Patch2: 0002-rh1177964-priority-string.patch +Source0: http://download.gnome.org/sources/glib-networking/2.50/%{name}-%{version}.tar.xz BuildRequires: glib2-devel >= %{glib2_version} BuildRequires: libproxy-devel @@ -19,6 +15,7 @@ BuildRequires: gnutls-devel BuildRequires: intltool BuildRequires: ca-certificates BuildRequires: gsettings-desktop-schemas-devel +BuildRequires: systemd Requires: ca-certificates Requires: glib2%{?_isa} >= %{glib2_version} @@ -30,20 +27,24 @@ GIO. In particular, it contains libproxy- and GSettings-based GProxyResolver implementations and a gnutls-based GTlsConnection implementation. -%prep -%setup -q -%patch1 -p1 -b .0001-rh1177964-fallback-semantics.patch -%patch2 -p1 -b .0002-rh1177964-priority-string.patch +%package tests +Summary: Tests for the glib-networking package +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description tests +The glib-networking-tests package contains tests that can be used to verify +the functionality of the installed glib-networking package. +%prep +%autosetup -p1 %build -%configure --disable-static --with-libproxy +%configure --disable-static --with-libproxy --enable-installed-tests make %{?_smp_mflags} V=1 - %install -make install DESTDIR=$RPM_BUILD_ROOT +%make_install rm -f $RPM_BUILD_ROOT%{_libdir}/gio/modules/*.la @@ -56,15 +57,25 @@ gio-querymodules-%{__isa_bits} %{_libdir}/gio/modules gio-querymodules-%{__isa_bits} %{_libdir}/gio/modules %files -f %{name}.lang -%doc COPYING NEWS README +%license COPYING +%doc NEWS README %{_libdir}/gio/modules/libgiolibproxy.so %{_libdir}/gio/modules/libgiognomeproxy.so %{_libdir}/gio/modules/libgiognutls.so %{_libexecdir}/glib-pacrunner %{_datadir}/dbus-1/services/org.gtk.GLib.PACRunner.service +%{_userunitdir}/glib-pacrunner.service +%files tests +%{_libexecdir}/installed-tests/glib-networking +%{_datadir}/installed-tests %changelog +* Mon Sep 19 2016 Kalev Lember - 2.50.0-1 +- Update to 2.50.0 +- Resolves: #1386876 +- Resolves: #1367484 + * Mon Apr 27 2015 Dan Winship - 2.42.0-1 - Update to 2.42.0 - Resolves: #1174447