diff options
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | .gitlab-ci.yml | 18 | ||||
-rw-r--r-- | .mailmap | 21 | ||||
-rw-r--r-- | AUTHORS | 56 | ||||
-rw-r--r-- | Makefile.am | 10 | ||||
-rwxr-xr-x | devel/check_if_signed | 25 | ||||
-rw-r--r-- | lib/crypto-selftests.c | 6 | ||||
-rw-r--r-- | lib/str-idna.c | 8 | ||||
-rw-r--r-- | tests/x509dn.c | 2 |
9 files changed, 86 insertions, 61 deletions
diff --git a/.gitignore b/.gitignore index b17924c6b3..22b851ba89 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ *~ /ABOUT-NLS +AUTHORS ABOUT-NLS aclocal.m4 autom4te.cache/ diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6a7652ddeb..cc67461034 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -31,6 +31,7 @@ variables: DEBIAN_X86_CROSS_BUILD: buildenv-debian-x86-cross FEDORA28_BUILD: buildenv-f28 FEDORA_BUILD: buildenv-f29 + ALPINE_BASE_BUILD: buildenv-alpine-base CPPCHECK_OPTIONS: "--enable=warning --enable=style --enable=performance --enable=portability --std=c99 --suppressions-list=devel/cppcheck.suppressions --template='{id}:{file}:{line},{severity},{message}'" GET_SOURCES_ATTEMPTS: "3" @@ -38,6 +39,23 @@ variables: # Stage 1, documentation, and advanced checks ################################################## +commit-check: + stage: stage1-testing + image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$ALPINE_BASE_BUILD + before_script: + - /bin/true + after_script: + - /bin/true + cache: + # do not load cache files + key: none + policy: pull + script: + # we want $ALPINE_BASE_BUILD without git, so add it here + - apk add git + - devel/check_if_signed + retry: 0 + doc-dist.Fedora: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD diff --git a/.mailmap b/.mailmap new file mode 100644 index 0000000000..0a00a34071 --- /dev/null +++ b/.mailmap @@ -0,0 +1,21 @@ +Andreas Metzler <ametzler@debian.org> <ametzler@bebt.de> +Andreas Metzler <ametzler@debian.org> <ametzler@downhill.at.eu.org> +Daiki Ueno <ueno@gnu.org> <dueno@redhat.com> +Daiki Ueno <ueno@gnu.org> <ueno@redhat.com> +Daiki Ueno <ueno@gnu.org> <ueno@unixuser.org> +David Woodhouse <dwmw2@infradead.org> <david.woodhouse@intel.com> +Giuseppe Scrivano <gscrivano@gnu.org> <giuseppe@southpole.se> +Ludovic Courtès <ludo@gnu.org> +Ludovic Courtès <ludo@gnu.org> <ludo@chbouib.org> +Nikos Mavrogiannopoulos <nmav@gnutls.org> <nikos@esat.kuleuven.be> +Nikos Mavrogiannopoulos <nmav@gnutls.org> <nikos@thingfish.esat.kuleuven.be> +Nikos Mavrogiannopoulos <nmav@gnutls.org> <nmav@crystal.(none)> +Nikos Mavrogiannopoulos <nmav@gnutls.org> <nmav@redhat.com> +Nikos Mavrogiannopoulos <nmav@gnutls.org> <n.mavrogiannopoulos@gmail.com> +Nikos Mavrogiannopoulos <nmav@gnutls.org> <nmav@turtle.(none)> +Simon Josefsson <jas@josefsson.org> <jas@mocca.josefsson.org> +Simon Josefsson <jas@josefsson.org> <simon@josefsson.org> +Stefan Berger <stefanb@linux.ibm.com> <stefanb@linux.vnet.ibm.com> +Stef Walter <stefw@redhat.com> <stefw@collabora.co.uk> +Tim Rühsen <tim.ruehsen@gmx.de> Tim Ruehsen <tim.ruehsen@gmx.de> +Tom Vrancken <dev@tomvrancken.nl> <email@tomvrancken.nl> diff --git a/AUTHORS b/AUTHORS deleted file mode 100644 index e0e7809de1..0000000000 --- a/AUTHORS +++ /dev/null @@ -1,56 +0,0 @@ -GnuTLS AUTHORS -- Information about the authors. -Copyright (C) 2000-2012 Free Software Foundation, Inc. -See the end for copying conditions. - -The copyright holder for GnuTLS is Free Software Foundation, Inc., 51 -Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - -Simon Josefsson *simon [at] josefsson.org* -Previous maintainer; draft TLS 1.2 support. - -Nikos Mavrogiannopoulos *nmav [at] gnutls.org* -Original author and maintainer of GnuTLS. - -Fabio Fiorina *Fabio.Fiorina [at] alcatel.it* -ASN.1 structures parser library (libtasn1). - -Timo Schulz *twoaday [at] freakmail.de* -OpenPGP support (OpenCDK library). - -Andrew McDonald *andrew [at] mcdonald.org.uk* -OpenSSL compatible interface. - -Ludovic Courtes *ludo [at] gnu.org* -Guile bindings, OpenPGP bug fixes. - -Stefan Walter *stef [at] memberwebs.com* -PKCS8 fix, PKCS #11 backend move to p11-kit. - -Yoshisato YANAGISAWA *yanagisawa [at] csg.is.titech.ac.jp* -Initial Camellia-CBC support. - -Daiki Ueno *ueno [at] unixuser.org* -TLS Session Ticket (RFC 5077) support, -finished client-side TLS 1.2 support. - -Jonathan Bastien-Filiatrault *joe [at] x2a.org* -Fix TLS-version checks. -Redesign and implementation of the buffering layer. -Initial DTLS implementation. - -Andy Polyakov *appro [at] openssl.org* -AES-NI and Padlock assembler code (at lib/accelerated/intel/asm/) - -David Woodhouse *dwmw2 [at] infradead.org* -DTLS 0.9 implementation. - -Martin Storjo *martin [at] martin.st* -DTLS-SRTP support. - -Alessandro Ghedini *alessandro [at] ghedini.me* -TLS Fallback SCSV support (RFC7507). - ----------------------------------------------------------------------- -Copying and distribution of this file, with or without modification, -are permitted in any medium without royalty provided the copyright -notice and this notice are preserved. diff --git a/Makefile.am b/Makefile.am index 57e42359bf..f3944b9366 100644 --- a/Makefile.am +++ b/Makefile.am @@ -55,6 +55,14 @@ ACLOCAL_AMFLAGS = -I m4 -I src/libopts/m4 -I src/gl/m4 -I lib/unistring/m4 --ins EXTRA_DIST = cfg.mk maint.mk CONTRIBUTING.md README.md LICENSE AUTHORS NEWS \ ChangeLog THANKS INSTALL.md symbols.last +DISTCLEANFILES = AUTHORS + +AUTHORS: + @echo -e "The authors list is autogenerated from the git history; sorted by number of commits\n" >AUTHORS + @git shortlog -sen| cut -f 2 | sed 's/@/ at /g' >> AUTHORS + @echo -e "\n\nThe translators list is autogenerated from po file history\n" >>AUTHORS + @sed -n 's/.*Last-Translator: *\(.*\) *<.*/\1/p' po/*.po | sort -u >>AUTHORS + pic-check: @echo "Checking for position dependent code" readelf -d $(builddir)/lib/.libs/libgnutls.so|grep TEXTREL; if test $$? = 0;then \ @@ -169,4 +177,4 @@ dist-hook: libopts-check symbol-check mv ChangeLog $(distdir) touch $(distdir)/doc/*.html $(distdir)/doc/*.pdf $(distdir)/doc/*.info -.PHONY: abi-check abi-dump pic-check symbol-check local-code-coverage-output files-update libopts-check +.PHONY: abi-check abi-dump pic-check symbol-check local-code-coverage-output files-update libopts-check AUTHORS diff --git a/devel/check_if_signed b/devel/check_if_signed new file mode 100755 index 0000000000..a053bbc0c8 --- /dev/null +++ b/devel/check_if_signed @@ -0,0 +1,25 @@ +#!/usr/bin/env sh + +if test -z "$CI_MERGE_REQUEST_TARGET_BRANCH_NAME"; then + CI_MERGE_REQUEST_TARGET_BRANCH_NAME="master" +fi + +echo "target=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME" +echo "source=$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME" + +# create list of commits of the current branch +commits=$(git rev-list --no-merges $CI_MERGE_REQUEST_TARGET_BRANCH_NAME..$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME) + +# check if author's email matches email in 'Signed-off-by' +for hash in $commits; do + author=$(git log --format='%ae' ${hash}^\!) + signed=$(git log --format='%b' ${hash}^\! | grep -i "Signed-off-by:") + if test $? -ne 0; then + echo "Missing Signed-off-by" + exit 1 + fi + if ! echo $signed | grep -q "Signed-off-by:.*<${author}>"; then + echo "Author '${author}' doesn't match" + exit 1 + fi +done diff --git a/lib/crypto-selftests.c b/lib/crypto-selftests.c index 3d24c3aede..c2ad7d72fb 100644 --- a/lib/crypto-selftests.c +++ b/lib/crypto-selftests.c @@ -579,7 +579,7 @@ static int test_cipher(gnutls_cipher_algorithm_t cipher, ret = gnutls_cipher_decrypt2(hd, - vectors[i].ciphertext, + vectors[i].ciphertext, vectors[i].plaintext_size, tmp, sizeof(tmp)); if (ret < 0) { @@ -1293,7 +1293,7 @@ static int test_digest(gnutls_digest_algorithm_t dig, gnutls_hash_deinit(hd, data); data_size = gnutls_hash_get_len(dig); - if (ret < 0) + if (data_size <= 0) return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); if (data_size != vectors[i].output_size || @@ -1482,7 +1482,7 @@ static int test_mac(gnutls_mac_algorithm_t mac, gnutls_hmac_deinit(hd, data); data_size = gnutls_hmac_get_len(mac); - if (ret < 0) + if (data_size <= 0) return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); if (data_size != vectors[i].output_size || diff --git a/lib/str-idna.c b/lib/str-idna.c index 30a09407c0..4f275aebfb 100644 --- a/lib/str-idna.c +++ b/lib/str-idna.c @@ -81,6 +81,14 @@ int gnutls_idna_map(const char *input, unsigned ilen, gnutls_datum_t *out, unsig idn2_tflags |= IDN2_TRANSITIONAL; #endif + /* This avoids excessive CPU usage with libidn2 < 2.1.1 */ + if (ilen > 2048) { + gnutls_assert(); + _gnutls_debug_log("unable to convert name '%.*s' to IDNA format: %s\n", + (int) ilen, input, idn2_strerror(IDN2_TOO_BIG_DOMAIN)); + return GNUTLS_E_INVALID_UTF8_STRING; + } + if (ilen == 0) { out->data = (uint8_t*)gnutls_strdup(""); out->size = 0; diff --git a/tests/x509dn.c b/tests/x509dn.c index 820e414b53..056351c19d 100644 --- a/tests/x509dn.c +++ b/tests/x509dn.c @@ -136,7 +136,7 @@ cert_callback(gnutls_session_t session, static void client(int sd, const char *prio) { int ret, ii; - gnutls_session_t session; + gnutls_session_t session = NULL; char buffer[MAX_BUF + 1]; gnutls_certificate_credentials_t xcred; |