From nmav at gnutls.org Sat Jun 1 13:26:06 2013 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 01 Jun 2013 13:26:06 +0200 Subject: [gnutls-devel] gnutls 3.2.1 Message-ID: <51A9DA4E.9020004@gnutls.org> Hello, I've just released gnutls 3.2.1. This is a bug-fix release on the current stable branch. * Version 3.2.1 (released 2013-06-01) ** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain openssl versions. ** libgnutls: Fixes in interrupted function resumption. Report and patch by Tim Kosse. ** libgnutls: Corrected issue when receiving client hello verify requests in DTLS. ** libgnutls: Fixes in DTLS record overhead size calculations. ** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported by Mann Ern Kang. ** API and ABI modifications: gnutls_session_set_id: Added Getting the Software ==================== GnuTLS may be downloaded directly from . A list of GnuTLS mirrors can be found at . Here are the XZ and LZIP compressed sources: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.1.tar.xz ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.1.tar.lz Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.1.tar.xz.sig ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.1.tar.lz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos gnutls.org> uid Nikos Mavrogiannopoulos gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From nmav at gnutls.org Sat Jun 1 13:21:41 2013 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 01 Jun 2013 13:21:41 +0200 Subject: [gnutls-devel] gnutls 3.0.30 Message-ID: <51A9D945.70501@gnutls.org> Hello, I've just released gnutls 3.0.30. This is a bug-fix release on the previous stable branch. * Version 3.0.30 (released 2013-06-01) ** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain openssl versions. ** libgnutls: When in compatibility mode allow for a wrong version in the RSA PMS. ** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported by Mann Ern Kang. ** API and ABI modifications: No changes since last version. Getting the Software ==================== GnuTLS may be downloaded directly from . A list of GnuTLS mirrors can be found at . Here are the XZ and LZIP compressed sources: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.0/gnutls-3.0.30.tar.xz ftp://ftp.gnutls.org/gcrypt/gnutls/v3.0/gnutls-3.0.30.tar.lz Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.0/gnutls-3.0.30.tar.xz.sig ftp://ftp.gnutls.org/gcrypt/gnutls/v3.0/gnutls-3.0.30.tar.lz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos gnutls.org> uid Nikos Mavrogiannopoulos gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From nmav at gnutls.org Sat Jun 1 13:23:35 2013 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 01 Jun 2013 13:23:35 +0200 Subject: [gnutls-devel] gnutls 3.1.12 Message-ID: <51A9D9B7.7030809@gnutls.org> Hello, I've just released gnutls 3.1.12. This is a bug-fix release on the 3.1 stable branch. * Version 3.1.12 (released 2013-06-01) ** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain openssl versions. ** libgnutls: Fixes in interrupted function resumption. Report and patch by Tim Kosse. ** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported by Mann Ern Kang. ** API and ABI modifications: No changes since last version. Getting the Software ==================== GnuTLS may be downloaded directly from . A list of GnuTLS mirrors can be found at . Here are the XZ and LZIP compressed sources: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1/gnutls-3.1.12.tar.xz ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1/gnutls-3.1.12.tar.lz Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1/gnutls-3.1.12.tar.xz.sig ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1/gnutls-3.1.12.tar.lz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos gnutls.org> uid Nikos Mavrogiannopoulos gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From a.radke at arcor.de Sun Jun 2 11:40:59 2013 From: a.radke at arcor.de (Andreas Radke) Date: Sun, 2 Jun 2013 11:40:59 +0200 Subject: [gnutls-devel] gnutls 3.2.1 In-Reply-To: <51A9DA4E.9020004@gnutls.org> References: <51A9DA4E.9020004@gnutls.org> Message-ID: <20130602114059.74e01f1b@workstation64.home> New release built well on my x86_64 build system for x86_64 but fails in i686 chroot one test: make[3]: Leaving directory `/build/gnutls/src/gnutls-3.2.1/tests/userid' make[2]: Leaving directory `/build/gnutls/src/gnutls-3.2.1/tests/userid' Making check in cert-tests make[2]: Entering directory `/build/gnutls/src/gnutls-3.2.1/tests/cert-tests' make pathlen aki template-test pem-decoding dane make[3]: Entering directory `/build/gnutls/src/gnutls-3.2.1/tests/cert-tests' make[3]: Nothing to be done for `pathlen'. make[3]: Nothing to be done for `aki'. make[3]: Nothing to be done for `template-test'. make[3]: Nothing to be done for `pem-decoding'. make[3]: Nothing to be done for `dane'. make[3]: Leaving directory `/build/gnutls/src/gnutls-3.2.1/tests/cert-tests' make check-TESTS make[3]: Entering directory `/build/gnutls/src/gnutls-3.2.1/tests/cert-tests' PASS: pathlen PASS: aki PASS: template-test 7c7 < Not After: Tue Sep 11 19:04:49 UTC 2040 --- > Not After: Thu Dec 31 23:23:23 UTC 2037 Complex cert decoding failed 2 FAIL: pem-decoding =================================== 1 of 4 tests failed Please report to bug-gnutls at gnu.org =================================== make[3]: *** [check-TESTS] Error 1 make[3]: Leaving directory `/build/gnutls/src/gnutls-3.2.1/tests/cert-tests' make[2]: *** [check-am] Error 2 make[2]: Leaving directory `/build/gnutls/src/gnutls-3.2.1/tests/cert-tests' make[1]: *** [check-recursive] Error 1 make[1]: Leaving directory `/build/gnutls/src/gnutls-3.2.1/tests' make: *** [check-recursive] Error 1 ==> ERROR: A failure occurred in check(). -Andy ArchLinux From nmav at gnutls.org Sun Jun 2 12:11:36 2013 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sun, 02 Jun 2013 12:11:36 +0200 Subject: [gnutls-devel] gnutls 3.2.1 In-Reply-To: <20130602114059.74e01f1b@workstation64.home> References: <51A9DA4E.9020004@gnutls.org> <20130602114059.74e01f1b@workstation64.home> Message-ID: <51AB1A58.7070007@gnutls.org> On 06/02/2013 11:40 AM, Andreas Radke wrote: > New release built well on my x86_64 build system for x86_64 but fails > in i686 chroot one test: > > make[3]: Leaving directory `/build/gnutls/src/gnutls-3.2.1/tests/userid' > make[2]: Leaving directory `/build/gnutls/src/gnutls-3.2.1/tests/userid' > Making check in cert-tests > make[2]: Entering directory > `/build/gnutls/src/gnutls-3.2.1/tests/cert-tests' make pathlen aki > template-test pem-decoding dane make[3]: Entering directory > `/build/gnutls/src/gnutls-3.2.1/tests/cert-tests' make[3]: Nothing to > be done for `pathlen'. make[3]: Nothing to be done for `aki'. > make[3]: Nothing to be done for `template-test'. > make[3]: Nothing to be done for `pem-decoding'. > make[3]: Nothing to be done for `dane'. > make[3]: Leaving directory > `/build/gnutls/src/gnutls-3.2.1/tests/cert-tests' make check-TESTS > make[3]: Entering directory > `/build/gnutls/src/gnutls-3.2.1/tests/cert-tests' PASS: pathlen > PASS: aki > PASS: template-test > 7c7 > < Not After: Tue Sep 11 19:04:49 UTC 2040 > --- >> Not After: Thu Dec 31 23:23:23 UTC 2037 I think I figured it out. Is that the only error in that system? Does the patch below solve it? https://gitorious.org/gnutls/gnutls/commit/b12040aeab5fbaf02677571db1d8bf1995bd5ee0 regards, Nikos From alon.barlev at gmail.com Sun Jun 2 14:45:06 2013 From: alon.barlev at gmail.com (Alon Bar-Lev) Date: Sun, 2 Jun 2013 15:45:06 +0300 Subject: [gnutls-devel] [PATCH] build: explicit linkage with gmp library Message-ID: <1370177106-31801-1-git-send-email-alon.barlev@gmail.com> gnutls uses gmp library explicitly so it needs to explicit link against it so that all symbols may be resolved. Signed-off-by: Alon Bar-Lev --- lib/nettle/Makefile.am | 3 ++- m4/hooks.m4 | 12 +++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/lib/nettle/Makefile.am b/lib/nettle/Makefile.am index e2b704e..56d180a 100644 --- a/lib/nettle/Makefile.am +++ b/lib/nettle/Makefile.am @@ -18,7 +18,7 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see -AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) +AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) $(GMP_CFLAGS) AM_CPPFLAGS = \ -I$(srcdir)/../../gl \ -I$(builddir)/../../gl \ @@ -35,3 +35,4 @@ noinst_LTLIBRARIES = libcrypto.la libcrypto_la_SOURCES = pk.c mpi.c mac.c cipher.c rnd.c init.c egd.c egd.h \ gnettle.h +libcrypto_la_LIBADD = $(GMP_LIBS) diff --git a/m4/hooks.m4 b/m4/hooks.m4 index 3439edb..84a3afc 100644 --- a/m4/hooks.m4 +++ b/m4/hooks.m4 @@ -77,10 +77,20 @@ AC_MSG_ERROR([[ *** Libhogweed (nettle's companion library) was not found. Note that you must compile nettle with gmp support. ]]) ]) + AC_ARG_VAR(GMP_CFLAGS, [C compiler flags for gmp]) + AC_ARG_VAR(GMP_LIBS, [linker flags for gmp]) + if test x$GMP_LIBS = x; then + AC_CHECK_LIB(gmp, __gmpz_cmp, [GMP_LIBS="-lgmp"], [AC_MSG_ERROR([[ +*** +*** gmp was not found. while nettle was. +]])]) + fi + AC_SUBST(GMP_CFLAGS) + AC_SUBST(GMP_LIBS) AM_CONDITIONAL(ENABLE_NETTLE, test "$cryptolib" = "nettle") AC_DEFINE([HAVE_LIBNETTLE], 1, [nettle is enabled]) - GNUTLS_REQUIRES_PRIVATE="Requires.private: nettle, hogweed" + GNUTLS_REQUIRES_PRIVATE="Requires.private: nettle, hogweed, gmp" AC_ARG_WITH(included-libtasn1, AS_HELP_STRING([--with-included-libtasn1], [use the included libtasn1]), -- 1.8.1.5 From nmav at gnutls.org Sun Jun 2 19:37:44 2013 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sun, 02 Jun 2013 19:37:44 +0200 Subject: [gnutls-devel] [PATCH] build: explicit linkage with gmp library In-Reply-To: <1370177106-31801-1-git-send-email-alon.barlev@gmail.com> References: <1370177106-31801-1-git-send-email-alon.barlev@gmail.com> Message-ID: <51AB82E8.4060100@gnutls.org> On 06/02/2013 02:45 PM, Alon Bar-Lev wrote: > gnutls uses gmp library explicitly so it needs to explicit link against > it so that all symbols may be resolved. > > Signed-off-by: Alon Bar-Lev Thanks. A fix based on that was committed. https://gitorious.org/gnutls/gnutls/commit/02eb70d6d96f624ed6cc55dfa62734495dffbb44 regards, Nikos From alon.barlev at gmail.com Sun Jun 2 20:06:11 2013 From: alon.barlev at gmail.com (Alon Bar-Lev) Date: Sun, 2 Jun 2013 21:06:11 +0300 Subject: [gnutls-devel] [PATCH] build: explicit linkage with gmp library In-Reply-To: <51AB82E8.4060100@gnutls.org> References: <1370177106-31801-1-git-send-email-alon.barlev@gmail.com> <51AB82E8.4060100@gnutls.org> Message-ID: On Sun, Jun 2, 2013 at 8:37 PM, Nikos Mavrogiannopoulos wrote: > On 06/02/2013 02:45 PM, Alon Bar-Lev wrote: > >> gnutls uses gmp library explicitly so it needs to explicit link against >> it so that all symbols may be resolved. >> >> Signed-off-by: Alon Bar-Lev > > > Thanks. A fix based on that was committed. > > https://gitorious.org/gnutls/gnutls/commit/02eb70d6d96f624ed6cc55dfa62734495dffbb44 > > regards, > Nikos Thanks! However, if you use libtool, you don't need to add the dependency of the libcrypto to users of libcrypto... I refer to the change in lib/Makefile.am which is somewhat redundant, if you add the dependency where it belongs - to libcrypto. I also tend not to mix between CPPFLAGS and CFLAGS, pkg-config and XXX_CFLAGS can contain flags that are not accepted by the pre-processor. Regards, Alon From nmav at gnutls.org Mon Jun 3 21:22:26 2013 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Mon, 03 Jun 2013 21:22:26 +0200 Subject: [gnutls-devel] [PATCH] build: explicit linkage with gmp library In-Reply-To: References: <1370177106-31801-1-git-send-email-alon.barlev@gmail.com> <51AB82E8.4060100@gnutls.org> Message-ID: <51ACECF2.1080607@gnutls.org> On 06/02/2013 08:06 PM, Alon Bar-Lev wrote: > However, if you use libtool, you don't need to add the dependency of > the libcrypto to users of libcrypto... I refer to the change in > lib/Makefile.am which is somewhat redundant, if you add the dependency > where it belongs - to libcrypto. I've moved that. Should be better now. regards, Nikos From ametzler at downhill.at.eu.org Wed Jun 5 19:06:25 2013 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Wed, 5 Jun 2013 19:06:25 +0200 Subject: [gnutls-devel] [OT] gnutls.org DNS servers acting up again Message-ID: <20130605170625.GA12223@downhill.g.la> Hello, 2 out of 3 DNS servers for gnutls.org. are unresponsive on IPv4: ---------------------- ametzler at m26s25:~$ for i in dns1.easydns.com. dns2.easydns.net. dns3.easydns.ca. ; do echo -n "$i: "; host lists.gnutls.org. $i ; done dns1.easydns.com.: ;; connection timed out; no servers could be reached dns2.easydns.net.: Using domain server: Name: dns2.easydns.net. Address: 72.52.2.1#53 Aliases: lists.gnutls.org has address 217.69.76.57 lists.gnutls.org mail is handled by 0 mx.easymail.ca. dns3.easydns.ca.: ;; connection timed out; no servers could be reached One of the failing ones (dns3.easydns.ca.) is answering on IPv6. ---------------------- cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' From nmav at gnutls.org Wed Jun 5 21:33:21 2013 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 05 Jun 2013 21:33:21 +0200 Subject: [gnutls-devel] [OT] gnutls.org DNS servers acting up again In-Reply-To: <20130605170625.GA12223@downhill.g.la> References: <20130605170625.GA12223@downhill.g.la> Message-ID: <51AF9281.1000003@gnutls.org> On 06/05/2013 07:06 PM, Andreas Metzler wrote: > Hello, > > 2 out of 3 DNS servers for gnutls.org. are unresponsive on IPv4: > ---------------------- > ametzler at m26s25:~$ for i in dns1.easydns.com. dns2.easydns.net. dns3.easydns.ca. ; do echo -n "$i: "; host lists.gnutls.org. $i ; done > dns1.easydns.com.: ;; connection timed out; no servers could be reached Thanks. It seems easydns was under DDOS the past few days. http://blog.easydns.org/2013/06/04/post-mortem-of-the-june-3-4th-ddos/ I hope any issues would be fixed as soon. regards, Nikos From gajukbhat at gmail.com Tue Jun 4 22:22:55 2013 From: gajukbhat at gmail.com (Gaju Bhat) Date: Wed, 05 Jun 2013 01:52:55 +0530 Subject: [gnutls-devel] Problem with detecting dependencies Message-ID: <51AE4C9F.1060105@gmail.com> Hi, I was building the gnutls from the source when I encountered a missing dependency in the 'configure' step. It looks like gnutls needs autogen which my system didn't have. When running make I ran into an error. Is there a reason the 'configure' step doesn't check for the presence of autogen and alert the user early? Thanks, Gaju From nmav at gnutls.org Wed Jun 5 21:44:38 2013 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 05 Jun 2013 21:44:38 +0200 Subject: [gnutls-devel] Problem with detecting dependencies In-Reply-To: <51AE4C9F.1060105@gmail.com> References: <51AE4C9F.1060105@gmail.com> Message-ID: <51AF9526.5060304@gnutls.org> On 06/04/2013 10:22 PM, Gaju Bhat wrote: > Hi, > > I was building the gnutls from the source when I encountered a missing > dependency in the 'configure' step. It looks like gnutls needs autogen > which my system didn't have. When running make I ran into an error. Hello, Could you quote the error you see? gnutls shouldn't need autogen for normal compilation. regards, Nikos From martin at martin.st Thu Jun 6 14:26:52 2013 From: martin at martin.st (Martin Storsjo) Date: Thu, 6 Jun 2013 15:26:52 +0300 Subject: [gnutls-devel] [PATCH 1/2] crywrap: Use the libidn pkg-config include and lib paths Message-ID: <1370521613-57190-1-git-send-email-martin@martin.st> --- src/crywrap/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/crywrap/Makefile.am b/src/crywrap/Makefile.am index a20bcd6..9f42db3 100644 --- a/src/crywrap/Makefile.am +++ b/src/crywrap/Makefile.am @@ -15,7 +15,7 @@ # along with this file; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -AM_CFLAGS = $(WARN_CFLAGS) +AM_CFLAGS = $(WARN_CFLAGS) $(LIBIDN_CFLAGS) AM_CPPFLAGS = \ -I$(srcdir)/../../gl \ -I$(builddir)/../../lib/includes \ @@ -27,4 +27,4 @@ EXTRA_DIST = README bin_PROGRAMS = crywrap crywrap_SOURCES = crywrap.c primes.h crywrap.h -crywrap_LDADD = ../../lib/libgnutls.la ../../gl/libgnu.la -lidn +crywrap_LDADD = ../../lib/libgnutls.la ../../gl/libgnu.la $(LIBIDN_LIBS) -- 1.7.9.4 From martin at martin.st Thu Jun 6 14:26:53 2013 From: martin at martin.st (Martin Storsjo) Date: Thu, 6 Jun 2013 15:26:53 +0300 Subject: [gnutls-devel] [PATCH 2/2] Add NETTLE_CFLAGS in makefiles In-Reply-To: <1370521613-57190-1-git-send-email-martin@martin.st> References: <1370521613-57190-1-git-send-email-martin@martin.st> Message-ID: <1370521613-57190-2-git-send-email-martin@martin.st> This is required for using nettle/memxor.h, which now is included implicitly via gnutls_int.h, if the nettle include directories aren't in one of the compiler standard paths. --- These were the places where I had to include it for a build on OS X to succeed, there might be a few more subdirectory makefiles that my build didn't happen to use. --- extra/Makefile.am | 2 +- lib/Makefile.am | 2 +- lib/accelerated/Makefile.am | 2 +- lib/accelerated/x86/Makefile.am | 2 +- lib/algorithms/Makefile.am | 2 +- lib/auth/Makefile.am | 2 +- lib/ext/Makefile.am | 2 +- lib/extras/Makefile.am | 2 +- lib/opencdk/Makefile.am | 2 ++ lib/openpgp/Makefile.am | 2 +- lib/x509/Makefile.am | 2 +- 11 files changed, 12 insertions(+), 10 deletions(-) diff --git a/extra/Makefile.am b/extra/Makefile.am index 8cbb405..f9716e6 100644 --- a/extra/Makefile.am +++ b/extra/Makefile.am @@ -22,7 +22,7 @@ ACLOCAL_AMFLAGS = -I ../m4 -I ../gl/m4 -AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) +AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) $(NETTLE_CFLAGS) AM_CPPFLAGS = \ -I$(srcdir)/../gl \ -I$(builddir)/../gl \ diff --git a/lib/Makefile.am b/lib/Makefile.am index 006f695..790cdb1 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -27,7 +27,7 @@ endif localedir = $(datadir)/locale -AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) +AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) $(NETTLE_CFLAGS) AM_CPPFLAGS = \ -DLOCALEDIR=\"$(localedir)\" \ -I$(srcdir)/../gl \ diff --git a/lib/accelerated/Makefile.am b/lib/accelerated/Makefile.am index 7baa9bc..f1a1982 100644 --- a/lib/accelerated/Makefile.am +++ b/lib/accelerated/Makefile.am @@ -18,7 +18,7 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see -AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) +AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) $(NETTLE_CFLAGS) SUBDIRS = AM_CPPFLAGS = \ -I$(srcdir)/../../gl \ diff --git a/lib/accelerated/x86/Makefile.am b/lib/accelerated/x86/Makefile.am index 400f15d..8edcbbb 100644 --- a/lib/accelerated/x86/Makefile.am +++ b/lib/accelerated/x86/Makefile.am @@ -19,7 +19,7 @@ # along with this program. If not, see AM_LIBTOOLFLAGS=--tag=CC -AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) +AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) $(NETTLE_CFLAGS) AM_CPPFLAGS = -I$(srcdir)/../../../gl \ -I$(builddir)/../../../gl \ -I$(srcdir)/../../includes \ diff --git a/lib/algorithms/Makefile.am b/lib/algorithms/Makefile.am index 13b287a..328e46f 100644 --- a/lib/algorithms/Makefile.am +++ b/lib/algorithms/Makefile.am @@ -18,7 +18,7 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see -AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) +AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) $(NETTLE_CFLAGS) AM_CPPFLAGS = \ -I$(srcdir)/../../gl \ -I$(builddir)/../../gl \ diff --git a/lib/auth/Makefile.am b/lib/auth/Makefile.am index 966bd7a..e1abdc0 100644 --- a/lib/auth/Makefile.am +++ b/lib/auth/Makefile.am @@ -18,7 +18,7 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see -AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) +AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) $(NETTLE_CFLAGS) AM_CPPFLAGS = \ -I$(srcdir)/../../gl \ -I$(builddir)/../../gl \ diff --git a/lib/ext/Makefile.am b/lib/ext/Makefile.am index 5572430..47e4df9 100644 --- a/lib/ext/Makefile.am +++ b/lib/ext/Makefile.am @@ -18,7 +18,7 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see -AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) +AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) $(NETTLE_CFLAGS) AM_CPPFLAGS = \ -I$(srcdir)/../../gl \ -I$(builddir)/../../gl \ diff --git a/lib/extras/Makefile.am b/lib/extras/Makefile.am index c6afbe5..b621de9 100644 --- a/lib/extras/Makefile.am +++ b/lib/extras/Makefile.am @@ -18,7 +18,7 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see -AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) +AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) $(NETTLE_CFLAGS) AM_CPPFLAGS = \ -I$(srcdir)/../../gl \ -I$(builddir)/../../gl \ diff --git a/lib/opencdk/Makefile.am b/lib/opencdk/Makefile.am index 3ceadc3..5023795 100644 --- a/lib/opencdk/Makefile.am +++ b/lib/opencdk/Makefile.am @@ -18,6 +18,8 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see +AM_CFLAGS = $(NETTLE_CFLAGS) + AM_CPPFLAGS = \ -I$(srcdir)/../../gl \ -I$(builddir)/../../gl \ diff --git a/lib/openpgp/Makefile.am b/lib/openpgp/Makefile.am index 6c92723..893f596 100644 --- a/lib/openpgp/Makefile.am +++ b/lib/openpgp/Makefile.am @@ -18,7 +18,7 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see -AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) +AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) $(NETTLE_CFLAGS) AM_CPPFLAGS = \ -I$(srcdir)/../../gl \ -I$(builddir)/../../gl \ diff --git a/lib/x509/Makefile.am b/lib/x509/Makefile.am index 93fbd24..4fc6579 100644 --- a/lib/x509/Makefile.am +++ b/lib/x509/Makefile.am @@ -16,7 +16,7 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see -AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) +AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) $(NETTLE_CFLAGS) AM_CPPFLAGS = \ -I$(srcdir)/../../gl \ -I$(builddir)/../../gl \ -- 1.7.9.4 From gajukbhat at gmail.com Thu Jun 6 20:32:40 2013 From: gajukbhat at gmail.com (Gaju Bhat) Date: Fri, 07 Jun 2013 00:02:40 +0530 Subject: [gnutls-devel] Fwd: Re: Problem with detecting dependencies In-Reply-To: <51B00757.4030003@gmail.com> References: <51B00757.4030003@gmail.com> Message-ID: <51B0D5C8.7040503@gmail.com> Hi, I'm forwarding the communication with Nikos to the list for the sake of completeness. Thanks, Gaju ================ Thanks for the answer Nikos. When I do a 'make install', I get what appears to be a more serious error: http://pastebin.com/nGkRsStW Do you see anything that might cause this? -Gaju On 6/6/13, Nikos Mavrogiannopoulos wrote: > On 06/05/2013 10:15 PM, Gaju Bhat wrote: > >> Hi Nikos, >> >> Here's the error I get: >> >> http://pastebin.com/2XwmQ93Y >> >> Please let me know if I missed anything. > No need to worry for that. These files are generated prior to release > and this is why the error is ignored by the built system. As far as I > see your copy was correctly built. > > regards, > Nikos From nmav at gnutls.org Thu Jun 6 23:28:44 2013 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 06 Jun 2013 23:28:44 +0200 Subject: [gnutls-devel] [PATCH 2/2] Add NETTLE_CFLAGS in makefiles In-Reply-To: <1370521613-57190-2-git-send-email-martin@martin.st> References: <1370521613-57190-1-git-send-email-martin@martin.st> <1370521613-57190-2-git-send-email-martin@martin.st> Message-ID: <51B0FF0C.6070009@gnutls.org> On 06/06/2013 02:26 PM, Martin Storsjo wrote: > This is required for using nettle/memxor.h, which now is included > implicitly via gnutls_int.h, if the nettle include directories > aren't in one of the compiler standard paths. > --- > These were the places where I had to include it for a build on OS X > to succeed, there might be a few more subdirectory makefiles that > my build didn't happen to use. Both applied. Thanks. Nikos From nmav at gnutls.org Fri Jun 7 08:44:04 2013 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 07 Jun 2013 08:44:04 +0200 Subject: [gnutls-devel] Fwd: Re: Problem with detecting dependencies In-Reply-To: <51B0D5C8.7040503@gmail.com> References: <51B00757.4030003@gmail.com> <51B0D5C8.7040503@gmail.com> Message-ID: <51B18134.3000505@gnutls.org> On 06/06/2013 08:32 PM, Gaju Bhat wrote: > Thanks for the answer Nikos. When I do a 'make install', I get what > appears to be a more serious error: > http://pastebin.com/nGkRsStW > Do you see anything that might cause this? A file is missing from your extracted directory. Since this is distributed with gnutls, it seems it somehow got deleted. Could you check for the reason? regards, Nikos From qboosh at pld-linux.org Sat Jun 8 21:58:16 2013 From: qboosh at pld-linux.org (Jakub Bogusz) Date: Sat, 8 Jun 2013 21:58:16 +0200 Subject: [gnutls-devel] Polish translation update for gnutls 3.1.11 and 3.2.1 Message-ID: <20130608195816.GB5776@stranger.qboosh.pl> Hello, I updated Polish translations for gnutls 3.1.11 and 3.2.1. They are available at: http://qboosh.pl/pl.po/gnutls-3.1.11.pl.po http://qboosh.pl/pl.po/gnutls-3.2.1.pl.po Please apply. -- Jakub Bogusz http://qboosh.pl/ From daniele.athome at gmail.com Mon Jun 10 14:31:22 2013 From: daniele.athome at gmail.com (Daniele Ricci) Date: Mon, 10 Jun 2013 14:31:22 +0200 Subject: [gnutls-devel] ECC support for OpenPGP Message-ID: Hi, I can't find support for OpenPGP ECC keys. I'd like to contribute if possible, is someone already working on it? By the way, I found this: https://gitorious.org/baserock-morphs/gnutls/commit/a8e8ba0f5cea4f2356c539e48d17b1e662b49141/diffs Cheers -- Daniele From INVALID.NOREPLY at gnu.org Mon Jun 10 15:01:52 2013 From: INVALID.NOREPLY at gnu.org (anonymous) Date: Mon, 10 Jun 2013 13:01:52 +0000 Subject: [gnutls-devel] [sr #108321] crq_apis coredump on 32-bit build due to _gnutls_strdatum_to_buf NULL buf handling In-Reply-To: <20130610-124716.sv0.1003@savannah.gnu.org> References: <20130610-124716.sv0.1003@savannah.gnu.org> Message-ID: <20130610-130152.sv0.38725@savannah.gnu.org> Follow-up Comment #1, sr #108321 (project gnutls): Correction: it is obvious why it doesn't crash on x86-64: on that platform, it so happens that the stack frame is deep enough in the call within crq_apis that the size passed in is zero. This is obviously not something we can ever rely on! :) (Sorry I can't log in: my username and password are stored encrypted and only my Emacs knows how to decrypt them. My Emacs won't start due to a lack of GnuTLS! though I have a build underway to fix that...) _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From INVALID.NOREPLY at gnu.org Mon Jun 10 14:47:17 2013 From: INVALID.NOREPLY at gnu.org (anonymous) Date: Mon, 10 Jun 2013 12:47:17 +0000 Subject: [gnutls-devel] [sr #108321] crq_apis coredump on 32-bit build due to _gnutls_strdatum_to_buf NULL buf handling Message-ID: <20130610-124716.sv0.1003@savannah.gnu.org> URL: Summary: crq_apis coredump on 32-bit build due to _gnutls_strdatum_to_buf NULL buf handling Project: GnuTLS Submitted by: None Submitted on: Mon 10 Jun 2013 12:47:15 UTC Category: Core library Priority: 5 - Normal Severity: 4 - Important Status: None Privacy: Public Assigned to: None Originator Email: nick.alcock at oracle.com Open/Closed: Open Discussion Lock: Any Operating System: GNU/Linux _______________________________________________________ Details: [Set to important on the grounds that writing to null pointers in security-sensitive code is a bad thing. Feel free to change it back if I guessed wrong!] This is a 32-bit build on a 64-bit SSSE3-capable host. We see: Core was generated by `./crq_apis'. Program terminated with signal 11, Segmentation fault. #0 0xf75f697a in __memcpy_ssse3_rep () from /lib32/libc.so.6 (gdb) bt #0 0xf75f697a in __memcpy_ssse3_rep () from /lib32/libc.so.6 #1 0xf76fedf6 in _gnutls_strdatum_to_buf (d=d at entry=0xffd0d7c8, buf=buf at entry=0x0, sizeof_buf=sizeof_buf at entry=0xffd0d81c) at common.c:1774 #2 0xf7705152 in gnutls_x509_crq_get_challenge_password (crq=crq at entry=0x9aa99c0, buf=buf at entry=0x0, sizeof_buf=sizeof_buf at entry=0xffd0d81c) at crq.c:490 #3 0xf7713e0f in print_crq (format=GNUTLS_CRT_PRINT_FULL, cert=0x9aa99c0, str=0xffd0d820) at output.c:2344 #4 gnutls_x509_crq_print (crq=0x9aa99c0, format=format at entry=GNUTLS_CRT_PRINT_FULL, out=out at entry=0xffd0d91c) at output.c:2486 #5 0x080495b8 in doit () at crq_apis.c:190 #6 0x08048f84 in main (argc=, argv=0xffd0da34) at utils.c:155 The immediate cause, obviously, is that 'buf' is NULL. The ultimate cause is also obvious: print_crq() calls gnutls_x509_crq_get_challenge_password() with a NULL buf argument and an uninitialized size. How this works at all, ever, even on 64-bit platforms, is a mystery to me. A NULL buf is not documented as working, but since it is passed in by the API testsuite as well as by print_crq() it is clear that it's meant to work. The obvious fix is to test buf for nullity in _gnutls_strdatum_to_buf(), as well as checking the size for validity, and return GNUTLS_E_SHORT_MEMORY_BUFFER and update the sizeof_buf if it's NULL as well as if it's short. This means you can set the size by passing in any size at all and a NULL buf, rather than requiring a zero size. Fix attached. _______________________________________________________ File Attachments: ------------------------------------------------------- Date: Mon 10 Jun 2013 12:47:16 UTC Name: 0001-A-NULL-buf-argument-to-_gnutls_strdatum_to_buf-shoul.patch Size: 1kB By: None Fix _______________________________________________________ Reply to this item at: _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ From nmav at gnutls.org Mon Jun 10 20:36:33 2013 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Mon, 10 Jun 2013 20:36:33 +0200 Subject: [gnutls-devel] ECC support for OpenPGP In-Reply-To: References: Message-ID: <51B61CB1.30903@gnutls.org> On 06/10/2013 02:31 PM, Daniele Ricci wrote: > Hi, > I can't find support for OpenPGP ECC keys. I'd like to contribute if > possible, is someone already working on it? Not really. > By the way, I found this: > https://gitorious.org/baserock-morphs/gnutls/commit/a8e8ba0f5cea4f2356c539e48d17b1e662b49141/diffs I don't understand what this is supposed to be. gnutls supports elliptic curve X.509 certificates since some time, but this code was never extended for the openpgp certificates, so if you add that capability would be very nice. best regards, Nikos From nmav at gnutls.org Mon Jun 10 20:43:28 2013 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Mon, 10 Jun 2013 20:43:28 +0200 Subject: [gnutls-devel] [sr #108321] crq_apis coredump on 32-bit build due to _gnutls_strdatum_to_buf NULL buf handling In-Reply-To: <20130610-124716.sv0.1003@savannah.gnu.org> References: <20130610-124716.sv0.1003@savannah.gnu.org> Message-ID: <51B61E50.2000608@gnutls.org> On 06/10/2013 02:47 PM, anonymous wrote: [...] > > The immediate cause, obviously, is that 'buf' is NULL. The ultimate cause is > also obvious: print_crq() calls gnutls_x509_crq_get_challenge_password() with > a NULL buf argument and an uninitialized size. How this works at all, ever, > even on 64-bit platforms, is a mystery to me. A NULL buf is not documented as > working, but since it is passed in by the API testsuite as well as by > print_crq() it is clear that it's meant to work. > > The obvious fix is to test buf for nullity in _gnutls_strdatum_to_buf(), as > well as checking the size for validity, and return > GNUTLS_E_SHORT_MEMORY_BUFFER and update the sizeof_buf if it's NULL as well as > if it's short. This means you can set the size by passing in any size at all > and a NULL buf, rather than requiring a zero size. Hello Nick, Which version of gnutls does this affect? The latest releases seem to have a similar fix applied. regards, Nikos From nmav at gnutls.org Mon Jun 10 21:46:22 2013 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Mon, 10 Jun 2013 21:46:22 +0200 Subject: [gnutls-devel] [sr #108321] crq_apis coredump on 32-bit build due to _gnutls_strdatum_to_buf NULL buf handling In-Reply-To: <87wqq1sr3i.fsf@spindle.srvr.nix> References: <20130610-124716.sv0.1003@savannah.gnu.org> <51B61E50.2000608@gnutls.org> <87wqq1sr3i.fsf@spindle.srvr.nix> Message-ID: <51B62D0E.6050309@gnutls.org> On 06/10/2013 09:28 PM, Nick Alcock wrote: > On 10 Jun 2013, Nikos Mavrogiannopoulos outgrape: > >> Hello Nick, >> Which version of gnutls does this affect? The latest releases seem to >> have a similar fix applied. > > This is at the tip of the master branch. I didn't check the releases, > perhaps I should have (I assumed, perhaps foolishly, that any fixes on > the release branches would of course be on master as well). > > ... but then, no release to date *has* _gnutls_strdatum_to_buf(): you > wrote it in 435cd838a8a1e1a5af6c3e7ea82fe5f1bd0b0552, one commit after > the release of 3.1.5. It seems that you check the old site a gnu which is not being updated. You may want to check http://www.gnutls.org/ which has the most recent releases and links to the new repository. Out of curiosity how did you end-up in the old sites? I thought I have forwarded most of the old pages to the new ones. regards, Nikos From daniele.athome at gmail.com Tue Jun 11 00:08:59 2013 From: daniele.athome at gmail.com (Daniele Ricci) Date: Tue, 11 Jun 2013 00:08:59 +0200 Subject: [gnutls-devel] ECC support for OpenPGP In-Reply-To: <51B61CB1.30903@gnutls.org> References: <51B61CB1.30903@gnutls.org> Message-ID: I'm sorry that was actually an ECC implementation from some time ago. That was from you by the way :-) So the part missing is actually handling OpenPGP with ECC keys. I'll look into the necessary changes and get back to you in a few weeks - got to finish other things first. Cheers On Mon, Jun 10, 2013 at 8:36 PM, Nikos Mavrogiannopoulos wrote: > On 06/10/2013 02:31 PM, Daniele Ricci wrote: > >> Hi, >> I can't find support for OpenPGP ECC keys. I'd like to contribute if >> possible, is someone already working on it? > > > Not really. > >> By the way, I found this: >> https://gitorious.org/baserock-morphs/gnutls/commit/a8e8ba0f5cea4f2356c539e48d17b1e662b49141/diffs > > > I don't understand what this is supposed to be. gnutls supports elliptic > curve X.509 certificates since some time, but this code was never > extended for the openpgp certificates, so if you add that capability > would be very nice. > > best regards, > Nikos -- Daniele From nick.alcock at oracle.com Mon Jun 10 21:28:17 2013 From: nick.alcock at oracle.com (Nick Alcock) Date: Mon, 10 Jun 2013 20:28:17 +0100 Subject: [gnutls-devel] [sr #108321] crq_apis coredump on 32-bit build due to _gnutls_strdatum_to_buf NULL buf handling In-Reply-To: <51B61E50.2000608@gnutls.org> (Nikos Mavrogiannopoulos's message of "Mon, 10 Jun 2013 20:43:28 +0200") References: <20130610-124716.sv0.1003@savannah.gnu.org> <51B61E50.2000608@gnutls.org> Message-ID: <87wqq1sr3i.fsf@spindle.srvr.nix> On 10 Jun 2013, Nikos Mavrogiannopoulos outgrape: > Hello Nick, > Which version of gnutls does this affect? The latest releases seem to > have a similar fix applied. This is at the tip of the master branch. I didn't check the releases, perhaps I should have (I assumed, perhaps foolishly, that any fixes on the release branches would of course be on master as well). ... but then, no release to date *has* _gnutls_strdatum_to_buf(): you wrote it in 435cd838a8a1e1a5af6c3e7ea82fe5f1bd0b0552, one commit after the release of 3.1.5. So this is, thankfully, not a problem for anyone not a maniac running the latest master branch. But then, I've never claimed not to be a maniac. :) -- NULL && (void) From nick.alcock at oracle.com Mon Jun 10 22:35:19 2013 From: nick.alcock at oracle.com (Nick Alcock) Date: Mon, 10 Jun 2013 21:35:19 +0100 Subject: [gnutls-devel] [sr #108321] crq_apis coredump on 32-bit build due to _gnutls_strdatum_to_buf NULL buf handling In-Reply-To: <51B62D0E.6050309@gnutls.org> (Nikos Mavrogiannopoulos's message of "Mon, 10 Jun 2013 21:46:22 +0200") References: <20130610-124716.sv0.1003@savannah.gnu.org> <51B61E50.2000608@gnutls.org> <87wqq1sr3i.fsf@spindle.srvr.nix> <51B62D0E.6050309@gnutls.org> Message-ID: <87sj0psnzs.fsf@spindle.srvr.nix> On 10 Jun 2013, Nikos Mavrogiannopoulos told this: > It seems that you check the old site a gnu which is not being updated. > You may want to check http://www.gnutls.org/ > which has the most recent releases and links to the new repository. Oh, the repository changed, a thousand curses. I should have noticed the last modified date of December on the trunk code! (I'd have noticed if there'd been a release since the repository changed... just bad luck.) ... and four days after you introduced the bug (and perhaps a day after you switched repos), you fixed it :) so this is a *hugely* out of date bug report. My apologies. > Out of curiosity how did you end-up in the old sites? I thought I have > forwarded most of the old pages to the new ones. You probably did, but this clone is several years old: I've just been git pulling to update it and didn't consider that the repo might have changed, since *something* came down (the data from before the switchover). git really needs some way to report this case... Sorry for wasting your time. -- NULL && (void) From nmav at gnutls.org Thu Jun 13 16:16:18 2013 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 13 Jun 2013 16:16:18 +0200 Subject: [gnutls-devel] Polish translation update for gnutls 3.1.11 and 3.2.1 In-Reply-To: <20130608195816.GB5776@stranger.qboosh.pl> References: <20130608195816.GB5776@stranger.qboosh.pl> Message-ID: Thank you for the translation and sorry for the late reply. We use the translation project [0] for getting updates of the translations in gnutls, so may I suggest to submit your updated translations to the polish team (or the previous translator of gnutls [1]), so that it is not overwritten on a scheduled update? best regards, Nikos [0]. http://translationproject.org/html/translators.html [1]. http://translationproject.org/team/pl.html On Sat, Jun 8, 2013 at 9:58 PM, Jakub Bogusz wrote: > Hello, > > I updated Polish translations for gnutls 3.1.11 and 3.2.1. > They are available at: > http://qboosh.pl/pl.po/gnutls-3.1.11.pl.po > http://qboosh.pl/pl.po/gnutls-3.2.1.pl.po > > Please apply. > > -- > Jakub Bogusz http://qboosh.pl/ > > _______________________________________________ > Gnutls-devel mailing list > Gnutls-devel at lists.gnutls.org > http://lists.gnupg.org/mailman/listinfo/gnutls-devel From qboosh at pld-linux.org Thu Jun 13 16:37:02 2013 From: qboosh at pld-linux.org (Jakub Bogusz) Date: Thu, 13 Jun 2013 16:37:02 +0200 Subject: [gnutls-devel] Polish translation update for gnutls 3.1.11 and 3.2.1 In-Reply-To: References: <20130608195816.GB5776@stranger.qboosh.pl> Message-ID: <20130613143702.GA24917@mail> On Thu, Jun 13, 2013 at 04:16:18PM +0200, Nikos Mavrogiannopoulos wrote: > Thank you for the translation and sorry for the late reply. We use the > translation project [0] for getting updates of the translations in > gnutls, so may I suggest to submit your updated translations to the > polish team (or the previous translator of gnutls [1]), so that it is > not overwritten on a scheduled update? OK, I'm already member of Polish TP team and prefer using TP to handle translations. But please do send .pot files to the TP, so than it can accept new translation updates - the last .pot version sent to TP was 3.0.12: http://translationproject.org/domain/libgnutls.html Regards, -- Jakub Bogusz http://qboosh.pl/ From ludo at gnu.org Fri Jun 28 00:49:51 2013 From: ludo at gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Date: Fri, 28 Jun 2013 00:49:51 +0200 Subject: [gnutls-devel] Important Guile bug fix Message-ID: <87ehbn6ueo.fsf@gnu.org> Hello, Nikos privately reported failures in the test suite of the Guile bindings, which would manifest like this: --8<---------------cut here---------------start------------->8--- make check-TESTS make[1]: Entering directory `/home/ludo/src/gnutls-3.2.1/+build/guile/tests' /bin/sh: line 5: 5840 Floating point exception(core dumped) GUILE_AUTO_COMPILE=0 GUILE_WARN_DEPRECATED=detailed ../../guile/pre-inst-guile -L ../../../guile/tests ${dir}$tst FAIL: anonymous-auth.scm `set-session-certificate-type-priority!' is deprecated, use `set-session-priorities!' instead `set-session-kx-priority!' is deprecated, use `set-session-priorities!' instead `set-session-protocol-priority!' is deprecated, use `set-session-priorities!' instead `set-session-cipher-priority!' is deprecated, use `set-session-priorities!' instead `set-session-mac-priority!' is deprecated, use `set-session-priorities!' instead `uniform-vector-write' is deprecated. Use `put-bytevector' from `(rnrs io ports)' instead. `set-session-certificate-type-priority!' is deprecated, use `set-session-priorities!' instead `set-session-kx-priority!' is deprecated, use `set-session-priorities!' instead `set-session-protocol-priority!' is deprecated, use `set-session-priorities!' instead `set-session-cipher-priority!' is deprecated, use `set-session-priorities!' instead `set-session-mac-priority!' is deprecated, use `set-session-priorities!' instead `uniform-vector-read!' is deprecated. Use `get-bytevector-n!' from `(rnrs io ports)' instead. PASS: session-record-port.scm `uniform-vector-read!' is deprecated. Use `get-bytevector-n!' from `(rnrs io ports)' instead. PASS: pkcs-import-export.scm PASS: errors.scm `uniform-vector-read!' is deprecated. Use `get-bytevector-n!' from `(rnrs io ports)' instead. PASS: x509-certificates.scm /bin/sh: line 5: 5894 Segmentation fault (core dumped) GUILE_AUTO_COMPILE=0 GUILE_WARN_DEPRECATED=detailed ../../guile/pre-inst-guile -L ../../../guile/tests ${dir}$tst FAIL: x509-auth.scm PASS: priorities.scm `uniform-vector-read!' is deprecated. Use `get-bytevector-n!' from `(rnrs io ports)' instead. PASS: openpgp-keys.scm `uniform-vector-read!' is deprecated. Use `get-bytevector-n!' from `(rnrs io ports)' instead. PASS: openpgp-keyring.scm /bin/sh: line 5: 5938 Segmentation fault (core dumped) GUILE_AUTO_COMPILE=0 GUILE_WARN_DEPRECATED=detailed ../../guile/pre-inst-guile -L ../../../guile/tests ${dir}$tst FAIL: openpgp-auth.scm PASS: srp-base64.scm =================================== 3 of 11 tests failed Please report to bug-gnutls at gnu.org =================================== make[1]: *** [check-TESTS] Error 1 --8<---------------cut here---------------end--------------->8--- For some reason, the bugs would only show up when using Debian?s binary of Guile 2.0.5 on x86_64. However, in hindsight, this was an obvious mistake. Commit 55e8943 in ?master? fixes it AFAICS. Nikos, can you confirm? Also, could you backport the fix to the live branches? I haven?t tested it with the old Guile 1.8, but I guess it should work too. Thanks, Ludo?. From nmav at gnutls.org Fri Jun 28 09:18:29 2013 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 28 Jun 2013 09:18:29 +0200 Subject: [gnutls-devel] Important Guile bug fix In-Reply-To: <87ehbn6ueo.fsf@gnu.org> References: <87ehbn6ueo.fsf@gnu.org> Message-ID: On Fri, Jun 28, 2013 at 12:49 AM, Ludovic Court?s wrote: > Hello, > > Nikos privately reported failures in the test suite of the Guile > bindings, which would manifest like this: > [...] > For some reason, the bugs would only show up when using Debian?s binary > of Guile 2.0.5 on x86_64. However, in hindsight, this was an obvious > mistake. > Commit 55e8943 in ?master? fixes it AFAICS. Nikos, can you confirm? > Also, could you backport the fix to the live branches? Yes, that fixes the issue in my system. It is now backported to the old branches as well. Thank you, Nikos From ludo at gnu.org Fri Jun 28 14:16:37 2013 From: ludo at gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Date: Fri, 28 Jun 2013 14:16:37 +0200 Subject: [gnutls-devel] Important Guile bug fix In-Reply-To: (Nikos Mavrogiannopoulos's message of "Fri, 28 Jun 2013 09:18:29 +0200") References: <87ehbn6ueo.fsf@gnu.org> Message-ID: <87y59uo2fu.fsf@gnu.org> Nikos Mavrogiannopoulos skribis: > On Fri, Jun 28, 2013 at 12:49 AM, Ludovic Court?s wrote: >> Hello, >> >> Nikos privately reported failures in the test suite of the Guile >> bindings, which would manifest like this: >> > [...] >> For some reason, the bugs would only show up when using Debian?s binary >> of Guile 2.0.5 on x86_64. However, in hindsight, this was an obvious >> mistake. >> Commit 55e8943 in ?master? fixes it AFAICS. Nikos, can you confirm? >> Also, could you backport the fix to the live branches? > > Yes, that fixes the issue in my system. It is now backported to the > old branches as well. Great, thanks! What remains a mystery to me is that I?ve been maintaining the GnuTLS and Guile packages in Nixpkgs and now Guix for ~4 years, and yet never stumbled upon that bug. Ludo?. From peter.dettman at bouncycastle.org Sun Jun 30 04:52:06 2013 From: peter.dettman at bouncycastle.org (Peter Dettman) Date: Sun, 30 Jun 2013 09:52:06 +0700 Subject: [gnutls-devel] Server sends incorrect extensions for resumption handshake? Message-ID: <51CF9D56.2030201@bouncycastle.org> Hi All, I'm currently adding session resumption to the BouncyCastle (Java) TLS code, and I'm seeing what I think is incorrect behaviour from the gnutls-serv test server. I'm using GnuTLS 3.2.1 on Win7, with command line: gnutls-serv --http --x509cafile x509-ca.pem --x509keyfile x509-server-key.pem --x509certfile x509-server.pem My test client makes an initial connection to establish a session, successfully negotiating TLS 1.1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, secure_renegotiation = true. Note the ServerHello contains two extensions: renegotiation_info and ec_point_formats. This connection is closed once the handshake has completed. The client then tries to resume this session (with essentially the same ClientHello, excepting client_random, and with the resuming session_id). If it ignores the errors I am about to describe, it can happily resume the session, and make a GET request to the http server, getting the expected page and closing cleanly. However I think the ServerHello is wrong, specifically the server extensions. Firstly, the ec_point_formats extension is included in the session resumption ServerHello. This appears to violate RFC 3546 2.3. "If [...] the older session is resumed, then the server MUST ignore extensions appearing in the client hello, and send a server hello containing no extensions[.]" (later RFC updates contain similar clauses) . Please understand that the problem is probably broader than just the ec_point_formats extension; the server shouldn't be sending any. The only exception to that rule that I am aware of is from RFC 5746, renegotiation_info, which appears to say that this extension is per-connection, and can always be sent. This is the second issue I want to raise: while gnutls-serv sends renegotiation_info during the initial handshake, it does _not_ send it during a resumption handshake. I am posting to the list instead of raising a bug report directly, because it's at least true that 'openssl s_server' also sends superfluous server extensions during resumption (it sends the renegotiation_info correctly though) . I would appreciate if anyone can enlighten me as to whether there is an unofficial standard in play here, or whether this should be considered a bug. Please contact me if you'd like replicate the problem, either via the BouncyCastle test code itself, or in some other way. Regards, Pete Dettman