| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On a very recent openSUSE build, libgnutls is getting built without
libpthread. This caused a thread related error when trying to load a
pkcs11 module that uses threading. The reason is rather convoluted:
glibc actually controls all the pthread_ function calls, but it
returns success without doing anything unless -lpthread is in the link
list. What's happening is that gnutls_system_mutex_init() is being
called on _gnutls_pkcs11_mutex before library pthreading is
initialized, so the pthread_mutex_init ends up being a nop. Then, when
the pkcs11 module is loaded, pthreads get initialized and the call to
pthread_mutex_lock is real, but errors out on the uninitialized mutex.
The problem seems to be that nothing in the gnulib macros gnutls
relies on for threading support detection actually sets LTLIBPTHREAD,
they only set LIBPTHREAD. The fix is to use LIBPTHREAD in
lib/Makefile.in
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This makes use of the "e" flag of fopen, provided by the Gnulib's
fopen-gnu module.
Reported by Remi Denis-Courmont in:
https://gitlab.com/gnutls/gnutls/-/issues/985
and fix suggested by Tim Rühsen.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This brings in the new fopen-gnu module and the RF_SENSITIVE flag for
fread_file and read_file. This also adds the following changes to be
consistent with the latest changes in Gnulib:
- the callers of fread_file and read_file to be adjusted for the FLAGS
argument
- "attribute.h" needs to be used extensively
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
|
| |
Instead of keeping the minitasn1 source in Git, vendor in it during
bootstrap as we do with Nettle code. This also upgrades included
minitasn1 to latest version (4.16.0).
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|
|
|
|
|
| |
This script will handle other backports except ECC as well.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, we hard-coded the sonames of linked libraries for FIPS
integrity checking. That required downstream packagers to manually
adjust the relevant code in lib/fips.c, when a new interface version
of the dependent libraries (nettle, gmp) becomes available and linked
to libgnutls.
This patch automates that process with the configure script.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
|
| |
As the script now imports not just Curve448, but also gost code, rename
the script, target directory and symbols to follow that.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
| |
This enables to use bundled ChaCha20 implementation if the system
nettle doesn't have nettle_chacha_set_counter.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
|
| |
These tests are not being run, and they can cause issues as
in !1208.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We previously had checks of enum values with '#if', such as below:
#define GNUTLS_EXTENSION_MAX_VALUE 31
typedef enum extensions_t {
...
GNUTLS_EXTENSION_MAX /* not real extension - used for iterators */
} extensions_t;
/* we must provide at least 16 extensions for users to register */
#if GNUTLS_EXTENSION_MAX_VALUE - GNUTLS_EXTENSION_MAX < 16
# error not enough extension types
#endif
This doesn't work as expected; because GNUTLS_EXTENSION_MAX is not
defined as a preprocessor macro, it always expands to 0. To properly
do this check, we need to use static assert as provided as the
'verify' macro in gnulib.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
| |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
According to RFC5280 a certificate must not include more than
one instance of a particular extension. We were previously printing
warnings when such extensions were found, but that is insufficient
to flag such certificates. Instead, refuse to import them.
Resolves: #887
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| | |
Change HTTP:// references to HTTPs:// (generally)
See merge request gnutls/gnutls!910
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|/
|
|
|
|
|
|
|
| |
It's found in ws2tcpip.h which is already included in gnutls_int.h
arpa/inet.h doesn't exist on Windows, so add arpa_inet to the list of headers
replaced by gnulib if not found.
Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>
|
|
|
|
|
|
|
| |
This was not set in all of our CI platforms, and was causing
issues in MacOSX.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\
| |
| |
| |
| | |
Use inet_pton() from gnulib
See merge request gnutls/gnutls!913
|
| |
| |
| |
| | |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|/
|
|
|
|
|
|
|
|
| |
If gnulib's network stack is brought (due to a dependency) in the library
it will make the library unusable to non-gnulib using applications. This
prevents windows applications for example to use gnutls, and so on. Even
more it is quite hard to catch that issue because our testsuite uses
gnulib as well. Instead we try to catch the these modules at import time.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
|
|
|
|
|
| |
Although we have few submodules they are not all required for
building and testing. This patch modified bootstrap.conf not
to update all of them, but only the necessary for building and
testing.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
|
|
|
|
|
|
| |
strcasecmp() has side effects in some locales.
What we really need is c_strcasecmp() from Gnulib for comparing
ASCII strings.
Fixes #570
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
|
|
|
| |
Setting $SUBMODULE_NOFETCH to a non-empty value adds
--no-fetch to the git command (for CI speedup).
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
|
|
| |
Also included the gnulib inttype module for portability.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
| |
Some files in gl/tests won't build in environments without
strdup(), e.g. MinGW on Debian. The gnulib docs advise to
explicitly add the module.
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
|
|
|
|
|
|
| |
This makes manual updating of the translations obsolete.
From now on, builds and tarballs will always have the latest translations
included.
We should not forget to inform translationproject.org to update the
translations before a release. How to do that is described at
https://translationproject.org/html/maintainers.html (6. Announcing).
|
|
|
|
|
|
|
|
|
|
|
| |
'autoreconf' created a different configure script than ./bootstrap.
The result was a broken wchar.h that failed to compile.
The work-around was 'autoreconf -I gl/m4' which is not what a developer
expects. This patch moves gl/m4/* to m4/ which is the default include dir
for autoreconf.
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|