From gnutls-devel at lists.gnutls.org Mon Apr 1 15:21:56 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 01 Apr 2024 13:21:56 +0000 Subject: [gnutls-devel] GnuTLS | Building with nettle 3.9.1 does not work due to duplicated symbols (#1537) In-Reply-To: References: Message-ID: Ross Nicholson commented: https://gitlab.com/gnutls/gnutls/-/issues/1537#note_1839732424 Great, thanks. So the patch you supplied works! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1537#note_1839732424 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 2 09:52:38 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Apr 2024 07:52:38 +0000 Subject: [gnutls-devel] GnuTLS | Disable RSAES-PKCS1-v1.5 by default (!1828) In-Reply-To: References: Message-ID: All discussions on merge request !1828 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1828 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1828 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 2 15:02:57 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Apr 2024 13:02:57 +0000 Subject: [gnutls-devel] GnuTLS | Disable RSAES-PKCS1-v1.5 by default (!1828) In-Reply-To: References: Message-ID: Merge request !1828 was set to auto-merge by Zolt?n Fridrich Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1828 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1828 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 2 15:28:18 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Apr 2024 13:28:18 +0000 Subject: [gnutls-devel] GnuTLS | Disable RSAES-PKCS1-v1.5 by default (!1828) In-Reply-To: References: Message-ID: Merge request !1828 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1828 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1828 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 2 17:23:18 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Apr 2024 15:23:18 +0000 Subject: [gnutls-devel] GnuTLS | Building with nettle 3.9.1 does not work due to duplicated symbols (#1537) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/issues/1537#note_1841971993 Closing the issue as the fix has been merged https://gitlab.com/gnutls/gnutls/-/merge_requests/1826 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1537#note_1841971993 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 2 17:23:19 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 02 Apr 2024 15:23:19 +0000 Subject: [gnutls-devel] GnuTLS | Building with nettle 3.9.1 does not work due to duplicated symbols (#1537) In-Reply-To: References: Message-ID: Issue was closed by Zolt?n Fridrich Issue #1537: https://gitlab.com/gnutls/gnutls/-/issues/1537 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1537 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 3 03:00:53 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Apr 2024 01:00:53 +0000 Subject: [gnutls-devel] GnuTLS | How to build gnutls for android? (#1538) References: Message-ID: ??? created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1538 I downloaded the current version from https://gnutls.org/download.html. To use it in an Android project, I would like to create and add it as a `.so` library file. Is there a way to do this? I tried following `Read.me`. ``` $ git clone https://gitlab.com/gnutls/gnutls.git $ cd gnutls $ ./bootstrap ``` An error occurs. ``` ./bootstrap: line 484: automake: command not found ./bootstrap: Error: 'automake' not found ./bootstrap: line 269: gtkdocize: command not found ./bootstrap: Error: 'gtkdocize' not found ``` I use a mac, but `automake` is installed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1538 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 3 10:02:00 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Apr 2024 08:02:00 +0000 Subject: [gnutls-devel] GnuTLS | Add API to check whether session tickets are enabled (#1531) In-Reply-To: References: Message-ID: Ajit Singh commented: https://gitlab.com/gnutls/gnutls/-/issues/1531#note_1843286710 Hi @dueno, I was looking into this, I wonder if it would be nice to have function `unsigned gnutls_priority_get_flags(gnutls_session_t session)` that would simply return a similar flag as `gnutls_session_get_flags(...)` for `NO_TICKETS` and later could be extend with more options from priority strings. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1531#note_1843286710 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 3 11:14:18 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Apr 2024 09:14:18 +0000 Subject: [gnutls-devel] GnuTLS | Add API to check whether session tickets are enabled (#1531) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1531#note_1843443694 Yeah, it is generally good to be future-proof. Perhaps we could even reuse `gnutls_session_get_flags` with a new flag, say `GNUTLS_SFLAGS_SESSION_TICKET_ENABLED`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1531#note_1843443694 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 3 12:11:48 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Apr 2024 10:11:48 +0000 Subject: [gnutls-devel] GnuTLS | Add API to check whether session tickets are enabled (#1531) In-Reply-To: References: Message-ID: Ajit Singh commented: https://gitlab.com/gnutls/gnutls/-/issues/1531#note_1843551292 Yeah, reusing of `gnutls_session_get_flags` is quite reasonable. Just to confirm, It only require to check if `NO_TICKETS` priority string is enabled or not? if yes, then What about the idea adding a distinction from session flags? using something `GNUTLS_SCFLAGS_NO_TICKETS_ENABLED`, a session configuration flags(SCFLAGS) for priority strings related options? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1531#note_1843551292 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 3 14:00:38 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Apr 2024 12:00:38 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.5 (!1829) In-Reply-To: References: Message-ID: Daiki Ueno was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1829 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 3 14:00:42 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Apr 2024 12:00:42 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.5 (!1829) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1829 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno Signed-off-by: Zoltan Fridrich ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1829 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 3 14:00:38 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Apr 2024 12:00:38 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.5 (!1829) In-Reply-To: References: Message-ID: Reassigned merge request 1829 https://gitlab.com/gnutls/gnutls/-/merge_requests/1829 Zolt?n Fridrich was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1829 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 4 01:46:06 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Apr 2024 23:46:06 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.5 (!1829) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1829#note_1844720335 Sorry, I forgot to add NEWS entries of my previous couple of changes. Otherwise it looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1829#note_1844720335 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 4 01:46:06 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Apr 2024 23:46:06 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.5 (!1829) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1829 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on NEWS: https://gitlab.com/gnutls/gnutls/-/merge_requests/1829#note_1844720250 > + > ** API and ABI modifications: > No changes since last version. ```suggestion:-0+0 GNUTLS_PKCS_PBES1_DES_SHA1: New enum member of gnutls_pkcs_encrypt_flags_t ``` -- Daiki Ueno started a new discussion on NEWS: https://gitlab.com/gnutls/gnutls/-/merge_requests/1829#note_1844720305 > +** libgnutls: Added support for RIPEMD160 and PBES1-DES-SHA1 for > + backward compatibility with GCR. > + ```suggestion:-0+0 ** libgnutls: A couple of memory related issues have been fixed in RSA PKCS#1 v1.5 decryption error handling and deterministic ECDSA with earlier versions of GMP. These were a regression introduced in the 3.8.4 release. See #1535 and !1827. ``` -- Daiki Ueno started a new discussion on m4/hooks.m4: https://gitlab.com/gnutls/gnutls/-/merge_requests/1829#note_1844720325 > AC_SUBST(LT_CURRENT, 68) > - AC_SUBST(LT_REVISION, 0) > + AC_SUBST(LT_REVISION, 1) The library interface has slightly changed with a new enum; I would suggest bumping LT_CURRENT and LT_AGE instead as in the previous release. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1829 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 4 01:46:06 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 03 Apr 2024 23:46:06 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.5 (!1829) In-Reply-To: References: Message-ID: Merge request !1829 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1829 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1829 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 4 08:26:21 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Apr 2024 06:26:21 +0000 Subject: [gnutls-devel] GnuTLS | Add API to check whether session tickets are enabled (#1531) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1531#note_1845297476 In this particular case, you could check `session->internals.flags & GNUTLS_NO_TICKETS`. Adding distinction between the session state and configuration sounds like an interesting idea, though if we go that way we would probably want a new function. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1531#note_1845297476 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 4 09:23:22 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Apr 2024 07:23:22 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.5 (!1829) In-Reply-To: References: Message-ID: All discussions on merge request !1829 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1829 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1829 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 4 09:47:28 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Apr 2024 07:47:28 +0000 Subject: [gnutls-devel] abi-dump | Regenerate from 3.8.5 release (!10) In-Reply-To: References: Message-ID: Merge request !10 was merged Merge request URL: https://gitlab.com/gnutls/abi-dump/-/merge_requests/10 Project:Branches: ZoltanFridrich/gnutls-abi-dump:zfridric_devel to gnutls/abi-dump:main Author: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/10 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 4 09:47:21 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Apr 2024 07:47:21 +0000 Subject: [gnutls-devel] abi-dump | Regenerate from 3.8.5 release (!10) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/abi-dump/-/merge_requests/10 Project:Branches: ZoltanFridrich/gnutls-abi-dump:zfridric_devel to gnutls/abi-dump:main Author: Zolt?n Fridrich Signed-off-by: Zoltan Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/abi-dump/-/merge_requests/10 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 4 10:03:22 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Apr 2024 08:03:22 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.5 (!1829) In-Reply-To: References: Message-ID: Merge request !1829 was set to auto-merge by Zolt?n Fridrich Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1829 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1829 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 4 11:14:38 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Apr 2024 09:14:38 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.5 (!1829) In-Reply-To: References: Message-ID: Merge request !1829 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1829 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1829 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 4 11:40:53 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Apr 2024 09:40:53 +0000 Subject: [gnutls-devel] GnuTLS | Add API to check whether session tickets are enabled (#1531) In-Reply-To: References: Message-ID: Ajit Singh commented: https://gitlab.com/gnutls/gnutls/-/issues/1531#note_1845692160 @ueno any thoughts on this? I think we can go with same function as functionality doesn't differ much? ``` diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index afecfaa39..97eab2d34 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -1627,6 +1627,10 @@ unsigned gnutls_session_etm_status(gnutls_session_t session); * @GNUTLS_SFLAGS_CLI_REQUESTED_OCSP: Set when the client has requested OCSP staple during handshake. * @GNUTLS_SFLAGS_SERV_REQUESTED_OCSP: Set when the server has requested OCSP staple during handshake. * + * Session configuration flags: + * @GNUTLS_SCFLAGS_NO_TICKETS_ENABLED: Set when %NO_TICKET priority string is enabled. + * @GNUTLS_SCFLAGS_NO_TICKETS_TLS12_ENABLED: Set when %NO_TICKET_TLS12 priority string is enabled. + * * Enumeration of different session parameters. */ typedef enum { @@ -1642,7 +1646,11 @@ typedef enum { GNUTLS_SFLAGS_EARLY_START = 1 << 9, GNUTLS_SFLAGS_EARLY_DATA = 1 << 10, GNUTLS_SFLAGS_CLI_REQUESTED_OCSP = 1 << 11, - GNUTLS_SFLAGS_SERV_REQUESTED_OCSP = 1 << 12 + GNUTLS_SFLAGS_SERV_REQUESTED_OCSP = 1 << 12, + + /* Configuration flags */ + GNUTLS_SCFLAGS_NO_TICKETS_ENABLED = 1 << 13, + GNUTLS_SCFLAGS_NO_TICKETS_TLS12_ENABLED = 1 << 14 } gnutls_session_flags_t; unsigned gnutls_session_get_flags(gnutls_session_t session); diff --git a/lib/state.c b/lib/state.c index ec514c0cd..cfb3239bc 100644 --- a/lib/state.c +++ b/lib/state.c @@ -1858,5 +1858,10 @@ unsigned gnutls_session_get_flags(gnutls_session_t session) if (session->internals.hsk_flags & HSK_CLIENT_OCSP_REQUESTED) flags |= GNUTLS_SFLAGS_SERV_REQUESTED_OCSP; + if (session->internals.priorities->no_tickets) + flags |= GNUTLS_SCFLAGS_NO_TICKETS_ENABLED; + if (session->internals.priorities->no_tickets_tls12) + flags |= GNUTLS_SCFLAGS_NO_TICKETS_TLS12_ENABLED; + return flags; } ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1531#note_1845692160 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 4 13:27:36 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Apr 2024 11:27:36 +0000 Subject: [gnutls-devel] GnuTLS | Do not use HMAC-SHA1 for session ticket authentication algorithm (#1482) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.6 (Apr 5, 2024?Jun 15, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/44 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1482 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 4 13:27:40 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Apr 2024 11:27:40 +0000 Subject: [gnutls-devel] GnuTLS | aarch64/armv8 assembler files not supporting PAC/BTI (#1517) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.6 (Apr 5, 2024?Jun 15, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/44 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1517 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 4 13:29:51 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Apr 2024 11:29:51 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.8.5 release (!13) In-Reply-To: References: Message-ID: Reassigned merge request 13 https://gitlab.com/gnutls/web-pages/-/merge_requests/13 Zolt?n Fridrich was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/13 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 4 13:29:55 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Apr 2024 11:29:55 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.8.5 release (!13) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/web-pages/-/merge_requests/13 Project:Branches: ZoltanFridrich/gnutls-web-pages:zfridric_devel to gnutls/web-pages:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Signed-off-by: Zoltan Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/13 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 4 13:30:08 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 04 Apr 2024 11:30:08 +0000 Subject: [gnutls-devel] web-pages | add notes from 3.8.5 release (!13) In-Reply-To: References: Message-ID: Merge request !13 was merged Merge request URL: https://gitlab.com/gnutls/web-pages/-/merge_requests/13 Project:Branches: ZoltanFridrich/gnutls-web-pages:zfridric_devel to gnutls/web-pages:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/13 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 5 07:02:06 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 05 Apr 2024 05:02:06 +0000 Subject: [gnutls-devel] GnuTLS | How to build gnutls for android? (#1538) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1538#note_1847593668 I suspect `automake` is not in your path. For building GnuTLS from git on macOS, there is a GitHub [CI](https://github.com/gnutls/gnutls/actions/runs/8553600568/job/23437116020) set up on the mirror, from which you might get some inspiration. There is also #655 to extend our CI to cover Android, though I'm not familiar with that. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1538#note_1847593668 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 5 15:50:32 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 05 Apr 2024 13:50:32 +0000 Subject: [gnutls-devel] GnuTLS | Failing tests on macOS osx64 architecture (#1539) References: Message-ID: Sacha created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1539 Hi there, For the benefits of conda, we are testing the building of gnutls on a number of infrastructure. Our builds have started failing (I think starting 3.8.3 or 3.8.4) on osx64 only (all other pass, including osx_arm64). I think you can access the logs here : https://dev.azure.com/conda-forge/feedstock-builds/_build/results?buildId=909320&view=logs&jobId=58ac6aab-c4bc-5de2-2894-98e408cc8ec9&j=58ac6aab-c4bc-5de2-2894-98e408cc8ec9&t=933f325c-924e-533d-4d95-e93b5843ce8b I think that the two culprits are : ``` 2024-04-04T15:22:33.3336810Z FAIL: gnutls-cli-debug 2024-04-04T15:22:33.3337120Z ====================== 2024-04-04T15:22:33.3337330Z 2024-04-04T15:22:33.3337700Z Checking output of gnutls-cli-debug for TLS1.1 and TLS1.2 server 2024-04-04T15:22:33.3338040Z reserved port 31230 2024-04-04T15:22:33.3338350Z netstat: sysctl: net.systm.kevt.pcblist: Cannot allocate memory 2024-04-04T15:22:33.3338710Z netstat: sysctl: net.systm.kevt.pcblist: Cannot allocate memory 2024-04-04T15:22:33.3339150Z Failure: gnutls-cli-debug run should have succeeded! 2024-04-04T15:22:33.3339460Z unreserved port 31230 2024-04-04T15:22:33.3339800Z FAIL gnutls-cli-debug.sh (exit status: 1) ``` and ``` 2024-04-04T15:22:33.3228300Z FAIL: tls13/compress-cert-neg2 2024-04-04T15:22:33.3228640Z ============================== 2024-04-04T15:22:33.3228830Z 2024-04-04T15:22:33.3229140Z client:115: client: setting compression method failed (GnuTLS internal error.) 2024-04-04T15:22:33.3229400Z 2024-04-04T15:22:33.3229740Z server:169: server: setting compression method failed (GnuTLS internal error.) 2024-04-04T15:22:33.3229970Z 2024-04-04T15:22:33.3230320Z FAIL tls13/compress-cert-neg2 (exit status: 1) ``` thanks a lot for your help -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1539 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 8 14:33:41 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Apr 2024 12:33:41 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS 3.8.5 broke TLS connections to RSA cert using hosts (#1540) References: Message-ID: Andreas Metzler created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1540 With 3.8.5 e.g. ``` gnutls-cli --starttls-proto smtp --crlf --port 587 outgoing.mit.edu ``` fails with "Fatal error: The encryption algorithm is not supported." -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1540 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 8 15:03:23 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Apr 2024 13:03:23 +0000 Subject: [gnutls-devel] GnuTLS | How can I update the gnulib-related files used in gnutls-3.7.2? (#1541) References: Message-ID: xuraoqing created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1541 When using gnutls-3.7.2 and applying some of the latest patches, I encountered the following compilation errors. How can I resolve this? thanks. ![image](/uploads/fd7b398459af88450973144c75a662ff/image.png) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1541 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 8 18:38:21 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 08 Apr 2024 16:38:21 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS 3.8.5 broke TLS connections to RSA cert using hosts (#1540) In-Reply-To: References: Message-ID: Andreas Metzler commented: https://gitlab.com/gnutls/gnutls/-/issues/1540#note_1851461334 Git bisect found 10ebc37e41343cb5b18ee9f0b8e2c45c3d83e8c7 as the first bad commit. This is pretty sever, since it breaks on letsencrypt-issued RSA keys. (Which are still widely used since many SMTP-servers do not support EC keys.) It was originally reported as https://bugs.debian.org/1068644 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1540#note_1851461334 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 07:23:14 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Apr 2024 05:23:14 +0000 Subject: [gnutls-devel] GnuTLS | How can I update the gnulib-related files used in gnutls-3.7.2? (#1541) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1541#note_1852189288 In theory you could add `linkedhash-list` to `common_modules` in `bootstrap.conf`, and then run `./bootstrap`. However, I suspect you are trying to port the fix for CVE-2024-28835; in that case we might rather want to create a new release from the 3.7.x branch. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1541#note_1852189288 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 09:14:03 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Apr 2024 07:14:03 +0000 Subject: [gnutls-devel] GnuTLS | Build fails with p11-kit 0.24.0 (#1542) References: Message-ID: Paul Menzel created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1542 Building GnuTLS 3.8.5 with p11-kit 0.24.0 fails with: $ /dev/shm/bee-pmenzel/gnutls/gnutls-3.8.5-0/source/configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/usr/libexec --sysconfdir=/etc --sharedstatedir=/var --localstatedir=/var --libdir=/usr/lib --includedir=/usr/include --datarootdir=/usr/share --datadir=/usr/share --infodir=/usr/share/info --localedir=/usr/share/locale --mandir=/usr/share/man --docdir=/usr/share/doc/gnutls --exec-prefix=/usr --with-included-libtasn1 checking for p11-kit-1 >= 0.23.1... yes [?] In file included from /dev/shm/bee-pmenzel/gnutls/gnutls-3.8.5-0/source/lib/pkcs11.c:47: /usr/include/p11-kit-1/p11-kit/iter.h:57:62: error: unknown type name 'CK_BBOOL' 57 | CK_BBOOL *matches, | ^~~~~~~~ /usr/include/p11-kit-1/p11-kit/iter.h:66:62: error: unknown type name 'p11_kit_iter_callback'; did you mean 'p11_kit_pin_callback'? 66 | p11_kit_iter_callback callback, | ^~~~~~~~~~~~~~~~~~~~~ | p11_kit_pin_callback /usr/include/p11-kit-1/p11-kit/iter.h:71:62: error: unknown type name 'CK_ATTRIBUTE'; did you mean 'CK_ATTRIBUTE_PTR'? 71 | CK_ATTRIBUTE *matching, | ^~~~~~~~~~~~ | CK_ATTRIBUTE_PTR /usr/include/p11-kit-1/p11-kit/iter.h:82:62: error: unknown type name 'CK_SLOT_ID' 82 | CK_SLOT_ID slot, | ^~~~~~~~~~ /usr/include/p11-kit-1/p11-kit/iter.h:83:62: error: unknown type name 'CK_SESSION_HANDLE' 83 | CK_SESSION_HANDLE session); | ^~~~~~~~~~~~~~~~~ /usr/include/p11-kit-1/p11-kit/iter.h:89:1: error: unknown type name 'CK_SLOT_ID' 89 | CK_SLOT_ID p11_kit_iter_get_slot (P11KitIter *iter); | ^~~~~~~~~~ /usr/include/p11-kit-1/p11-kit/iter.h:91:1: error: unknown type name 'CK_TOKEN_INFO'; did you mean 'CK_TOKEN_INFO_PTR'? 91 | CK_TOKEN_INFO * p11_kit_iter_get_token (P11KitIter *iter); | ^~~~~~~~~~~~~ | CK_TOKEN_INFO_PTR /usr/include/p11-kit-1/p11-kit/iter.h:93:1: error: unknown type name 'CK_SESSION_HANDLE' 93 | CK_SESSION_HANDLE p11_kit_iter_get_session (P11KitIter *iter); | ^~~~~~~~~~~~~~~~~ /usr/include/p11-kit-1/p11-kit/iter.h:95:1: error: unknown type name 'CK_OBJECT_HANDLE'; did you mean 'CKA_OBJECT_ID'? 95 | CK_OBJECT_HANDLE p11_kit_iter_get_object (P11KitIter *iter); | ^~~~~~~~~~~~~~~~ | CKA_OBJECT_ID /usr/include/p11-kit-1/p11-kit/iter.h:98:62: error: unknown type name 'CK_ATTRIBUTE'; did you mean 'CK_ATTRIBUTE_PTR'? 98 | CK_ATTRIBUTE *template, | ^~~~~~~~~~~~ | CK_ATTRIBUTE_PTR /usr/include/p11-kit-1/p11-kit/iter.h:102:62: error: unknown type name 'CK_ATTRIBUTE'; did you mean 'CK_ATTRIBUTE_PTR'? 102 | CK_ATTRIBUTE *template, | ^~~~~~~~~~~~ | CK_ATTRIBUTE_PTR /usr/include/p11-kit-1/p11-kit/iter.h:105:1: error: unknown type name 'CK_SESSION_HANDLE' 105 | CK_SESSION_HANDLE p11_kit_iter_keep_session (P11KitIter *iter); | ^~~~~~~~~~~~~~~~~ /dev/shm/bee-pmenzel/gnutls/gnutls-3.8.5-0/source/lib/pkcs11.c: In function 'find_multi_objs_cb': /dev/shm/bee-pmenzel/gnutls/gnutls-3.8.5-0/source/lib/pkcs11.c:3247:9: warning: implicit declaration of function 'p11_kit_iter_add_filter' [-Wimplicit-function-declaration] 3247 | p11_kit_iter_add_filter(iter, a, tot_values); | ^~~~~~~~~~~~~~~~~~~~~~~ /dev/shm/bee-pmenzel/gnutls/gnutls-3.8.5-0/source/lib/pkcs11.c:3247:9: warning: nested extern declaration of 'p11_kit_iter_add_filter' [-Wnested-externs] /dev/shm/bee-pmenzel/gnutls/gnutls-3.8.5-0/source/lib/pkcs11.c:3248:9: warning: implicit declaration of function 'p11_kit_iter_begin_with'; did you mean 'p11_kit_iter_begin'? [-Wimplicit-function-declaration] 3248 | p11_kit_iter_begin_with(iter, sinfo->module, sinfo->sid, sinfo->pks); | ^~~~~~~~~~~~~~~~~~~~~~~ | p11_kit_iter_begin /dev/shm/bee-pmenzel/gnutls/gnutls-3.8.5-0/source/lib/pkcs11.c:3248:9: warning: nested extern declaration of 'p11_kit_iter_begin_with' [-Wnested-externs] /dev/shm/bee-pmenzel/gnutls/gnutls-3.8.5-0/source/lib/pkcs11.c:3275:22: warning: implicit declaration of function 'p11_kit_iter_get_attributes'; did you mean 'p11_kit_uri_get_attributes'? [-Wimplicit-function-declaration] 3275 | rv = p11_kit_iter_get_attributes(iter, a, 1); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ | p11_kit_uri_get_attributes /dev/shm/bee-pmenzel/gnutls/gnutls-3.8.5-0/source/lib/pkcs11.c:3275:22: warning: nested extern declaration of 'p11_kit_iter_get_attributes' [-Wnested-externs] make[4]: *** [Makefile:2874: pkcs11.lo] Error 1 make[4]: *** Waiting for unfinished jobs.... make[4]: Leaving directory '/dev/shm/bee-pmenzel/gnutls/gnutls-3.8.5-0/build/lib' make[3]: *** [Makefile:2970: all-recursive] Error 1 make[3]: Leaving directory '/dev/shm/bee-pmenzel/gnutls/gnutls-3.8.5-0/build/lib' make[2]: *** [Makefile:2573: all] Error 2 make[2]: Leaving directory '/dev/shm/bee-pmenzel/gnutls/gnutls-3.8.5-0/build/lib' make[1]: *** [Makefile:2327: all-recursive] Error 1 make[1]: Leaving directory '/dev/shm/bee-pmenzel/gnutls/gnutls-3.8.5-0/build' make: *** [Makefile:2252: all] Error 2 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1542 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 12:45:58 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Apr 2024 10:45:58 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS 3.8.5 broke TLS connections to RSA cert using hosts (#1540) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/issues/1540#note_1852841307 Interesting, in order to skip the `cfg->allow_rsa_pkcs1_encrypt = true;` line, one would need to sidestep `cfg_apply()` altogether. `-d9` output might shed some light on whether it is called. What is the configuration file to reproduce the issue with? Is it a regression for configuration files without `override-mode = allowlist`? No configuration file at all? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1540#note_1852841307 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 19:10:48 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Apr 2024 17:10:48 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS 3.8.5 broke TLS connections to RSA cert using hosts (#1540) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1540#note_1853740739 > -d9 output might shed some light on whether it is called. [...] > No configuration file at all? Yes exactly that. This happens on `./bootstrap && ./configure && make && src/gnutls-cli ....` Which is why I skipped adding any log file. On the off-chance that there is any value, doing so now. [gnutls.txt](/uploads/de1f2ec1a959ce46a8655b84b4b8ea5a/gnutls.txt) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1540#note_1853740739 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 19:28:20 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Apr 2024 17:28:20 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS 3.8.5 broke TLS connections to RSA cert using hosts (#1540) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1540#note_1853760757 Thank you for confirming. The beginning of the log when the config is parsed seems to be missing, but, I guess, we can do without one now. Here are the results of investigation into it (not mine): @ZoltanFridrich had the intention to have [`cfg->allow_rsa_pkcs1_encrypt = true;](https://gitlab.com/gnutls/gnutls/-/blob/49f4ae2109b7cc969539b90be92a5844bbe7b322/lib/priority.c?page=3#L1427) by default and thus cause no behaviour change in the existing configurations. Prompted by your report, @dueno has noticed that [`cfg_apply()` doing this](https://gitlab.com/gnutls/gnutls/-/blob/49f4ae2109b7cc969539b90be92a5844bbe7b322/lib/priority.c?page=3#L2298) is, unfortunately, only called if the configuration file is available and valid. He also proposed a plan to resolve this: moving the `= true;` line immediately after [the config structure gets zeroized](https://gitlab.com/gnutls/gnutls/-/blob/49f4ae2109b7cc969539b90be92a5844bbe7b322/lib/priority.c?page=3#L2280). Since there probably are many more distros not shipping a config at all, the issue might have a rather wide impact and warrant a follow-up release. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1540#note_1853760757 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 9 21:17:16 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 09 Apr 2024 19:17:16 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS 3.8.5 broke TLS connections to RSA cert using hosts (#1540) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1540#note_1853896822 @asosedkin wrote: > The beginning of the log when the config is parsed seems to be missing, [...] No, that is the complete logfile, there is nothing missing. > Prompted by your report, @dueno has noticed that [`cfg_apply()` doing this](https://gitlab.com/gnutls/gnutls/-/blob/49f4ae2109b7cc969539b90be92a5844bbe7b322/lib/priority.c?page=3#L2298) is, unfortunately, only called if the configuration file is available and valid. That seems to be right on spot, if I do ` mkdir /etc/gnutls && touch /etc/gnutls/config` then the connection succeeds. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1540#note_1853896822 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 03:38:58 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Apr 2024 01:38:58 +0000 Subject: [gnutls-devel] GnuTLS | How can I update the gnulib-related files used in gnutls-3.7.2? (#1541) In-Reply-To: References: Message-ID: xuraoqing commented: https://gitlab.com/gnutls/gnutls/-/issues/1541#note_1854141853 yes?it occurs while fix CVE-2024-28835?will the [gnutls-3.7.2.tar.xz](https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.2.tar.xz) package be updated? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1541#note_1854141853 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 04:31:27 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Apr 2024 02:31:27 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS 3.8.5 broke TLS connections to RSA cert using hosts (#1540) In-Reply-To: References: Message-ID: Diniz Bortolotto commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1540#note_1854163820 Hi @ametzler! I can confirm the same issue/behaviour here running slackware64-current with RDesktop 1.9.0 + GnuTLS 3.8.5. The mkdir/touch thing also worked here. ;-) **BEFORE mkdir/touch** ``` diniz at darkstar:~$ rdesktop -v -k pt-br -a 32 -r sound:local -d -u "\" 192.168.15.111 is_wm_active(): WM name: KWin Connecting to server using SSL... Core(warning): Certificate received from server is NOT trusted by this system, an exception has been added by the user to trust this specific certificate. Core(error): tcp_tls_connect(), TLS handshake failed. GnuTLS error: The encryption algorithm is not supported. Failed to connect using SSL, trying with plain RDP. Failed to connect, SSL required by server. ``` **AFTER mkdir/touch** ``` diniz at darkstar:~$ rdesktop -v -k pt-br -a 32 -r sound:local -d -u "\" 192.168.15.111 is_wm_active(): WM name: KWin Connecting to server using SSL... Core(warning): Certificate received from server is NOT trusted by this system, an exception has been added by the user to trust this specific certificate. TLS Session info: (TLS1.2)-(RSA)-(AES-256-GCM) Connection established using SSL. Connection successful Disconnecting... ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1540#note_1854163820 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 04:42:42 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Apr 2024 02:42:42 +0000 Subject: [gnutls-devel] GnuTLS | How can I update the gnulib-related files used in gnutls-3.7.2? (#1541) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1541#note_1854173067 We plan to release 3.7.11 with fixes for 5 CVE (CVE-2023-5981, CVE-2024-28834, CVE-2024-0567, CVE-2024-0553, and CVE-2024-28835; sorry, we were a bit lazy here). I can assist you if you need to backport any of them to 3.7.2. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1541#note_1854173067 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 08:19:40 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Apr 2024 06:19:40 +0000 Subject: [gnutls-devel] GnuTLS | How can I update the gnulib-related files used in gnutls-3.7.2? (#1541) In-Reply-To: References: Message-ID: xuraoqing commented: https://gitlab.com/gnutls/gnutls/-/issues/1541#note_1854415903 3.7.2 does not contain linkedhash-list. is there any solution to fix CVE-2024-28835 without using linkedhash-list? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1541#note_1854415903 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 08:56:08 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Apr 2024 06:56:08 +0000 Subject: [gnutls-devel] GnuTLS | How can I update the gnulib-related files used in gnutls-3.7.2? (#1541) In-Reply-To: References: Message-ID: xuraoqing commented: https://gitlab.com/gnutls/gnutls/-/issues/1541#note_1854486138 if i have to use linkedhash-list to fix CVE-2024-28835. any detailed suggestions to do this? appreciate. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1541#note_1854486138 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 14:48:59 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Apr 2024 12:48:59 +0000 Subject: [gnutls-devel] GnuTLS | Fix RSAES-PKCS1-v1_5 system-wide configuration (!1830) In-Reply-To: References: Message-ID: Daiki Ueno was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 14:49:01 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Apr 2024 12:49:01 +0000 Subject: [gnutls-devel] GnuTLS | Fix RSAES-PKCS1-v1_5 system-wide configuration (!1830) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno Makes the system-wide configuration for RSAES-PKCS1-v1_5 actually apply and makes it enabled by default when the config file is missing Signed-off-by: Zoltan Fridrich ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 14:48:59 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Apr 2024 12:48:59 +0000 Subject: [gnutls-devel] GnuTLS | Fix RSAES-PKCS1-v1_5 system-wide configuration (!1830) In-Reply-To: References: Message-ID: Reassigned merge request 1830 https://gitlab.com/gnutls/gnutls/-/merge_requests/1830 Zolt?n Fridrich was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 14:59:33 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Apr 2024 12:59:33 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS 3.8.5 broke TLS connections to RSA cert using hosts (#1540) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1540#note_1855240511 Could you please try whether this change fixes the issue for you? With this change it works as expected on my end. https://gitlab.com/gnutls/gnutls/-/merge_requests/1830 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1540#note_1855240511 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 15:29:31 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Apr 2024 13:29:31 +0000 Subject: [gnutls-devel] GnuTLS | How can I update the gnulib-related files used in gnutls-3.7.2? (#1541) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1541#note_1855296564 does this work? https://gitlab.com/gnutls/gnutls/-/commit/87bd87940a21419c6a3ef1da7d60ccf375471bcc -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1541#note_1855296564 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 16:23:49 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Apr 2024 14:23:49 +0000 Subject: [gnutls-devel] GnuTLS | Fix RSAES-PKCS1-v1_5 system-wide configuration (!1830) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830#note_1855409629 Looks good. Not sure whether it's worth testing "not openable" and "openable but not parseable" branches. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830#note_1855409629 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 17:30:54 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Apr 2024 15:30:54 +0000 Subject: [gnutls-devel] GnuTLS | backport CVE fixes to 3.7.x branch (!1831) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1831 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel3 to gnutls/gnutls:gnutls_3_7_x Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1831 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 17:30:49 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Apr 2024 15:30:49 +0000 Subject: [gnutls-devel] GnuTLS | backport CVE fixes to 3.7.x branch (!1831) In-Reply-To: References: Message-ID: Reassigned merge request 1831 https://gitlab.com/gnutls/gnutls/-/merge_requests/1831 Zolt?n Fridrich was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1831 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 18:45:26 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Apr 2024 16:45:26 +0000 Subject: [gnutls-devel] GnuTLS | Fix RSAES-PKCS1-v1_5 system-wide configuration (!1830) In-Reply-To: References: Message-ID: Andreas Metzler commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830#note_1855900549 I do not understand why it did not fail before, but of-tree-builds are broken: > tests/system-override-allow-rsa-pkcs1-encrypt.sh../../tests/system-override-allow-rsa-pkcs1-encrypt.sh: line 41: ../../tests/rsaes-pkcs1-v1_5: No such file or directory Looking at the file we find ``` TEST=${srcdir}/rsaes-pkcs1-v1_5 CONF=${srcdir}/config.$$.tmp ``` rsaes-pkcs1-v1_5 is a built file (i.e. cannot be found in srcdir) and CONF is tempfile that should not be written to srcdir. Suggested trivial patch attached. [0001-out-of-tree-build.patch](/uploads/44ac535b6575d5f4592d4ab23d859a55/0001-out-of-tree-build.patch) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830#note_1855900549 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 10 18:45:09 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Apr 2024 16:45:09 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS 3.8.5 broke TLS connections to RSA cert using hosts (#1540) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1540#note_1855900217 @ZoltanFridrich wrote > Could you please try whether this change fixes the issue for you? With this change it works as expected on my end. Yes it does. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1540#note_1855900217 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 11 01:49:35 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 10 Apr 2024 23:49:35 +0000 Subject: [gnutls-devel] GnuTLS | Fix RSAES-PKCS1-v1_5 system-wide configuration (!1830) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830#note_1856403498 > } > > if (stat(system_priority_file, &sb) < 0) { > + /* if there is no config enable RSA-PKCS1-V1_5 by default */ > + system_wide_config.allow_rsa_pkcs1_encrypt = true; Perhaps it might make sense to create a function, say `cfg_init`, to initialize `struct cfg` taking into account of the default value? That way we wouldn't need to scatter this assignment multiple places. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830#note_1856403498 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 11 04:17:30 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 Apr 2024 02:17:30 +0000 Subject: [gnutls-devel] GnuTLS | How can I update the gnulib-related files used in gnutls-3.7.2? (#1541) In-Reply-To: References: Message-ID: xuraoqing commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1541#note_1856528883 thanks?i will try to add extra patches related to linkedhash-list without changing gnutls-3.7.2.tar.xz -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1541#note_1856528883 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 11 04:17:14 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 Apr 2024 02:17:14 +0000 Subject: [gnutls-devel] GnuTLS | How can I update the gnulib-related files used in gnutls-3.7.2? (#1541) In-Reply-To: References: Message-ID: xuraoqing commented: https://gitlab.com/gnutls/gnutls/-/issues/1541#note_1856528326 thanks?i will try to add extra patches related to linkedhash-list without changing gnutls-3.7.2.tar.xz -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1541#note_1856528326 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 11 10:14:28 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 Apr 2024 08:14:28 +0000 Subject: [gnutls-devel] GnuTLS | How to build gnutls for android? (#1538) In-Reply-To: References: Message-ID: ??? commented: https://gitlab.com/gnutls/gnutls/-/issues/1538#note_1856914223 So, is there no way to build it as a `shared library (.so)` that can be officially used in `android`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1538#note_1856914223 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 11 11:48:48 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 Apr 2024 09:48:48 +0000 Subject: [gnutls-devel] GnuTLS | Fix RSAES-PKCS1-v1_5 system-wide configuration (!1830) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830#note_1857089223 > } > > if (stat(system_priority_file, &sb) < 0) { > + /* if there is no config enable RSA-PKCS1-V1_5 by default */ > + system_wide_config.allow_rsa_pkcs1_encrypt = true; Hopefully its correct now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830#note_1857089223 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 11 11:49:10 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 Apr 2024 09:49:10 +0000 Subject: [gnutls-devel] GnuTLS | Fix RSAES-PKCS1-v1_5 system-wide configuration (!1830) In-Reply-To: References: Message-ID: All discussions on merge request !1830 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1830 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 11 15:53:20 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 Apr 2024 13:53:20 +0000 Subject: [gnutls-devel] GnuTLS | Fix RSAES-PKCS1-v1_5 system-wide configuration (!1830) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1830 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830#note_1857531294 > +static inline void cfg_init(struct cfg *cfg) > +{ > + cfg_deinit(cfg); This assumes that `cfg` is previously initialized, right? I suggest removing this line. -- Daiki Ueno started a new discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830#note_1857531319 > + ret = gnutls_rwlock_wrlock(&system_wide_config_rwlock); > + if (ret < 0) > + return gnutls_assert_val(ret); Shouldn't this be `goto out;`? Otherwise the write lock is still held. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 11 16:04:19 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 Apr 2024 14:04:19 +0000 Subject: [gnutls-devel] GnuTLS | Fix RSAES-PKCS1-v1_5 system-wide configuration (!1830) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830#note_1857553890 > - struct ini_ctx ctx; > > ret = gnutls_rwlock_rdlock(&system_wide_config_rwlock); > - if (ret < 0) { > + if (ret < 0) > return gnutls_assert_val(ret); > - } > > if (stat(system_priority_file, &sb) < 0) { > _gnutls_debug_log("cfg: unable to access: %s: %d\n", > system_priority_file, errno); > + > + (void)gnutls_rwlock_unlock(&system_wide_config_rwlock); > + ret = gnutls_rwlock_wrlock(&system_wide_config_rwlock); > + if (ret < 0) > + return gnutls_assert_val(ret); yes, it should. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830#note_1857553890 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 11 16:04:28 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 Apr 2024 14:04:28 +0000 Subject: [gnutls-devel] GnuTLS | Fix RSAES-PKCS1-v1_5 system-wide configuration (!1830) In-Reply-To: References: Message-ID: All discussions on merge request !1830 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1830 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 11 17:36:46 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 Apr 2024 15:36:46 +0000 Subject: [gnutls-devel] GnuTLS | Building from git without gnulib-tool (#1543) References: Message-ID: bbhtt created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1543 Hello, is it possible to build GnuTLS from the git source without gnulib-tool? It seems to depend on a very obscure piece of library http://software.schmorp.de/pkg/libev.html that doesn't have https urls or public git sources and conflicts with libevent. This makes it harder to package libev sanely. Also the `bootstrap` config https://gitlab.com/gnutls/gnutls/-/blob/49f4ae2109b7cc969539b90be92a5844bbe7b322/bootstrap.conf#L95-96 seems to force use of nettle and libtasn1 as submodules. How can that be avoided? How is the release tarballs avoiding that? Removing bootstrap and running configure shows that the release tarball has a bunch of extra m4 files in `src/gl/m4` that are missing from git. What's the source of those? Thanks. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1543 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 11 18:08:31 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 Apr 2024 16:08:31 +0000 Subject: [gnutls-devel] GnuTLS | Build from git without nettle and libtasn1 submodule (#1544) References: Message-ID: bbhtt created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1544 Hello, building from git without these two as submodules seems to be not possible. How is the release tarball avoiding this? Bootstrap seems call these two scripts https://gitlab.com/gnutls/gnutls/-/blob/49f4ae2109b7cc969539b90be92a5844bbe7b322/bootstrap.conf#L95-96 that requires them as submodules but GnuTLS release tarballs doesn't have the devel directory.. If I patch those two lines and build against system provided libtasn1 and nettle it seems to fail at: ``` cc1: warning: ../../../lib/nettle/backport: No such file or directory [-Wmissing-include-dirs] depbase=`echo gost/cmac-kuznyechik.lo | sed 's|[^/]*$|.deps/&|;s|\.lo$||'`;\ /bin/sh ../../libtool --tag=CC --mode=compile x86_64-unknown-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../../../lib/nettle -I../.. -I../../../lib/nettle/int -I../../../lib/nettle/backport -I../../../lib/nettle/../../gl -I./../../gl -I../../../lib/nettle/../includes -I./../includes -I./../../gl -I../../../lib/nettle/.. -Wtype-limits -fanalyzer -fno-common -Wall -Wbad-function-cast -Wcast-align=strict -Wdate-time -Wdisabled-optimization -Wdouble-promotion -Wduplicated-branches -Wduplicated-cond -Wextra -Winit-self -Winvalid-pch -Wlogical-op -Wmissing-declarations -Wmissing-include-dirs -Wmissing-prototypes -Wnested-externs -Wnull-dereference -Wold-style-definition -Wopenmp-simd -Wpacked -Wpointer-arith -Wshadow -Wstrict-prototypes -Wsuggest-attribute=cold -Wsuggest-attribute=format -Wsuggest-attribute=malloc -Wsuggest-final-methods -Wsuggest-final-types -Wsync-nand -Wtrampolines -Wuninitialized -Wunknown-pragmas -Wunused-macros -Wvariadic-macros -Wvector-operation-performance -Wwrite-strings -Warray-bounds=2 -Wattribute-alias=2 -Wbidi-chars=any,ucn -Wformat-overflow=2 -Wformat=2 -Wformat-truncation=2 -Wimplicit-fallthrough=5 -Wshift-overflow=2 -Wuse-after-free=3 -Wunused-const-variable=2 -Wvla-larger-than=4031 -Wno-analyzer-malloc-leak -Wno-missing-field-initializers -Wno-unused-parameter -Wno-format-truncation -Wimplicit-fallthrough=2 -Wabi=11 -fdiagnostics-show-option -fno-builtin-strcmp -I/usr/include/p11-kit-1 -O2 -pipe -g -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -MT gost/cmac-kuznyechik.lo -MD -MP -MF $depbase.Tpo -c -o gost/cmac-kuznyechik.lo ../../../lib/nettle/gost/cmac-kuznyechik.c &&\ mv -f $depbase.Tpo $depbase.Plo make[4]: *** No rule to make target 'backport/gmp-glue.c', needed by 'backport/gmp-glue.lo'. Stop. make[4]: *** Waiting for unfinished jobs.... libtool: compile: x86_64-unknown-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../../../lib/nettle -I../.. -I../../../lib/nettle/int -I../../../lib/nettle/backport -I../../../lib/nettle/../../gl -I./../../gl -I../../../lib/nettle/../includes -I./../includes -I./../../gl -I../../../lib/nettle/.. -Wtype-limits -fanalyzer -fno-common -Wall -Wbad-function-cast -Wcast-align=strict -Wdate-time -Wdisabled-optimization -Wdouble-promotion -Wduplicated-branches -Wduplicated-cond -Wextra -Winit-self -Winvalid-pch -Wlogical-op -Wmissing-declarations -Wmissing-include-dirs -Wmissing-prototypes -Wnested-externs -Wnull-dereference -Wold-style-definition -Wopenmp-simd -Wpacked -Wpointer-arith -Wshadow -Wstrict-prototypes -Wsuggest-attribute=cold -Wsuggest-attribute=format -Wsuggest-attribute=malloc -Wsuggest-final-methods -Wsuggest-final-types -Wsync-nand -Wtrampolines -Wuninitialized -Wunknown-pragmas -Wunused-macros -Wvariadic-macros -Wvector-operation-performance -Wwrite-strings -Warray-bounds=2 -Wattribute-alias=2 -Wbidi-chars=any,ucn -Wformat-overflow=2 -Wformat=2 -Wformat-truncation=2 -Wimplicit-fallthrough=5 -Wshift-overflow=2 -Wuse-after-free=3 -Wunused-const-variable=2 -Wvla-larger-than=4031 -Wno-analyzer-malloc-leak -Wno-missing-field-initializers -Wno-unused-parameter -Wno-format-truncation -Wimplicit-fallthrough=2 -Wabi=11 -fdiagnostics-show-option -fno-builtin-strcmp -I/usr/include/p11-kit-1 -O2 -pipe -g -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -MT gost/cmac-kuznyechik.lo -MD -MP -MF gost/.deps/cmac-kuznyechik.Tpo -c ../../../lib/nettle/gost/cmac-kuznyechik.c -fPIC -DPIC -o gost/.libs/cmac-kuznyechik.o libtool: compile: x86_64-unknown-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../../../lib/nettle -I../.. -I../../../lib/nettle/int -I../../../lib/nettle/backport -I../../../lib/nettle/../../gl -I./../../gl -I../../../lib/nettle/../includes -I./../includes -I./../../gl -I../../../lib/nettle/.. -Wtype-limits -fanalyzer -fno-common -Wall -Wbad-function-cast -Wcast-align=strict -Wdate-time -Wdisabled-optimization -Wdouble-promotion -Wduplicated-branches -Wduplicated-cond -Wextra -Winit-self -Winvalid-pch -Wlogical-op -Wmissing-declarations -Wmissing-include-dirs -Wmissing-prototypes -Wnested-externs -Wnull-dereference -Wold-style-definition -Wopenmp-simd -Wpacked -Wpointer-arith -Wshadow -Wstrict-prototypes -Wsuggest-attribute=cold -Wsuggest-attribute=format -Wsuggest-attribute=malloc -Wsuggest-final-methods -Wsuggest-final-types -Wsync-nand -Wtrampolines -Wuninitialized -Wunknown-pragmas -Wunused-macros -Wvariadic-macros -Wvector-operation-performance -Wwrite-strings -Warray-bounds=2 -Wattribute-alias=2 -Wbidi-chars=any,ucn -Wformat-overflow=2 -Wformat=2 -Wformat-truncation=2 -Wimplicit-fallthrough=5 -Wshift-overflow=2 -Wuse-after-free=3 -Wunused-const-variable=2 -Wvla-larger-than=4031 -Wno-analyzer-malloc-leak -Wno-missing-field-initializers -Wno-unused-parameter -Wno-format-truncation -Wimplicit-fallthrough=2 -Wabi=11 -fdiagnostics-show-option -fno-builtin-strcmp -I/usr/include/p11-kit-1 -O2 -pipe -g -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -MT gost/cmac-magma.lo -MD -MP -MF gost/.deps/cmac-magma.Tpo -c ../../../lib/nettle/gost/cmac-magma.c -fPIC -DPIC -o gost/.libs/cmac-magma.o cc1: warning: ../../../lib/nettle/backport: No such file or directory [-Wmissing-include-dirs] cc1: warning: ../../../lib/nettle/backport: No such file or directory [-Wmissing-include-dirs] ``` Thanks -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1544 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 11 18:08:41 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 Apr 2024 16:08:41 +0000 Subject: [gnutls-devel] GnuTLS | Building from git without gnulib-tool (#1543) In-Reply-To: References: Message-ID: bbhtt commented: https://gitlab.com/gnutls/gnutls/-/issues/1543#note_1857829261 Figured this one out. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1543#note_1857829261 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 11 18:08:40 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 Apr 2024 16:08:40 +0000 Subject: [gnutls-devel] GnuTLS | Building from git without gnulib-tool (#1543) In-Reply-To: References: Message-ID: Issue was closed by bbhtt Issue #1543: https://gitlab.com/gnutls/gnutls/-/issues/1543 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1543 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 11 18:20:49 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 Apr 2024 16:20:49 +0000 Subject: [gnutls-devel] GnuTLS | Build from git without nettle and libtasn1 submodule (#1544) In-Reply-To: References: Message-ID: Andreas Metzler commented: https://gitlab.com/gnutls/gnutls/-/issues/1544#note_1857850838 @bbhtt wrote > Hello, building from git without these two as submodules seems to be not possible. How is the release tarball avoiding this? Building from GIT requires the submodules. The release tarball is probably generated from git with "make dist" which includes the necessary bits from the submodules if there are any. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1544#note_1857850838 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 11 18:39:46 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 11 Apr 2024 16:39:46 +0000 Subject: [gnutls-devel] GnuTLS | Build from git without nettle and libtasn1 submodule (#1544) In-Reply-To: References: Message-ID: bbhtt commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1544#note_1857882883 Is there a way to avoid that? I would like to link against libtasn1 and nettle provided by the system. The version in the submodules would cause a conflict and cannot be shipped as these are required by other things as dependencies too. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1544#note_1857882883 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 03:39:01 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Apr 2024 01:39:01 +0000 Subject: [gnutls-devel] GnuTLS | Build from git without nettle and libtasn1 submodule (#1544) In-Reply-To: References: Message-ID: bbhtt commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1544#note_1858580006 I got a git build working in https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/merge_requests/18977 but having a hard dependency on libtasn1 and libnettle submodules is a bit concerning. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1544#note_1858580006 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 08:20:30 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Apr 2024 06:20:30 +0000 Subject: [gnutls-devel] GnuTLS | Build from git without nettle and libtasn1 submodule (#1544) In-Reply-To: References: Message-ID: Andreas Metzler commented: https://gitlab.com/gnutls/gnutls/-/issues/1544#note_1858953453 @bbhtt wrote: > I would like to link against libtasn1 and nettle provided by the system. The version in the submodules would cause a conflict and cannot be shipped as these are required by other things as dependencies too. Avoiding the submodules and linking against the system-versions of libtasn1 and nettle are two separate things. There are configure switches to control linking against the submodul-ed copies (--with-included-libtasn1 / --with-nettle-mini). And afaict they default to **off**. So unless you explicitly request it gnutls will link against the system libs. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1544#note_1858953453 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 08:31:34 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Apr 2024 06:31:34 +0000 Subject: [gnutls-devel] GnuTLS | Fix RSAES-PKCS1-v1_5 system-wide configuration (!1830) In-Reply-To: References: Message-ID: Merge request !1830 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 08:32:04 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Apr 2024 06:32:04 +0000 Subject: [gnutls-devel] GnuTLS | Fix RSAES-PKCS1-v1_5 system-wide configuration (!1830) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830#note_1858967494 LGTM, also good catch on fixing the gcovr issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830#note_1858967494 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 08:56:52 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Apr 2024 06:56:52 +0000 Subject: [gnutls-devel] GnuTLS | Build from git without nettle and libtasn1 submodule (#1544) In-Reply-To: References: Message-ID: bbhtt commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1544#note_1858999808 Thank you for the confirmation, I found those. I thought it was using the submodules instead. I think this can be closed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1544#note_1858999808 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 08:57:00 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Apr 2024 06:57:00 +0000 Subject: [gnutls-devel] GnuTLS | Build from git without nettle and libtasn1 submodule (#1544) In-Reply-To: References: Message-ID: Issue was closed by bbhtt Issue #1544: https://gitlab.com/gnutls/gnutls/-/issues/1544 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1544 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 09:23:47 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Apr 2024 07:23:47 +0000 Subject: [gnutls-devel] GnuTLS | Fix RSAES-PKCS1-v1_5 system-wide configuration (!1830) In-Reply-To: References: Message-ID: Merge request !1830 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1830 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 09:23:47 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Apr 2024 07:23:47 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS 3.8.5 broke TLS connections to RSA cert using hosts (#1540) In-Reply-To: References: Message-ID: Issue was closed by Zolt?n Fridrich via merge request !1830 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1830) Issue #1540: https://gitlab.com/gnutls/gnutls/-/issues/1540 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1540 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 09:49:02 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Apr 2024 07:49:02 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS 3.8.5 broke TLS connections to RSA cert using hosts (#1540) In-Reply-To: References: Message-ID: Reassigned Issue 1540 https://gitlab.com/gnutls/gnutls/-/issues/1540 Zolt?n Fridrich was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1540 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 09:48:53 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Apr 2024 07:48:53 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS 3.8.5 broke TLS connections to RSA cert using hosts (#1540) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.6 (Apr 5, 2024?Jun 15, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/44 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1540 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 11:42:49 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Apr 2024 09:42:49 +0000 Subject: [gnutls-devel] GnuTLS | backport CVE fixes to 3.7.x branch (!1831) In-Reply-To: References: Message-ID: Daiki Ueno was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1831 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 11:58:09 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Apr 2024 09:58:09 +0000 Subject: [gnutls-devel] GnuTLS | How can I update the gnulib-related files used in gnutls-3.7.2? (#1541) In-Reply-To: References: Message-ID: Issue was closed by Zolt?n Fridrich Issue #1541: https://gitlab.com/gnutls/gnutls/-/issues/1541 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1541 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 11:58:06 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Apr 2024 09:58:06 +0000 Subject: [gnutls-devel] GnuTLS | How can I update the gnulib-related files used in gnutls-3.7.2? (#1541) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/issues/1541#note_1859287639 Applying https://gitlab.com/gnutls/gnutls/-/commit/87bd87940a21419c6a3ef1da7d60ccf375471bcc should do the trick. Closing this issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1541#note_1859287639 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 12:53:45 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Apr 2024 10:53:45 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.7.11 (!1831) In-Reply-To: References: Message-ID: Merge request !1831 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1831 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel3 to gnutls/gnutls:gnutls_3_7_x Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1831 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 12 12:54:29 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 12 Apr 2024 10:54:29 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.7.11 (!1831) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1831#note_1859377678 Looks good to me; thank you for handling the backports! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1831#note_1859377678 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 13 10:57:55 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 13 Apr 2024 08:57:55 +0000 Subject: [gnutls-devel] GnuTLS | Build fails with p11-kit 0.24.0 (#1542) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1542#note_1860654478 Is your p11-kit installation really 0.24.0? The line numbers indicate that the version found is at most 0.23.3. In any case, I would suggest using the latest p11-kit release if possible, which is 0.25.3. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1542#note_1860654478 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 15 23:48:27 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 15 Apr 2024 21:48:27 +0000 Subject: [gnutls-devel] GnuTLS | Build fails with p11-kit 0.23.2 (#1542) In-Reply-To: References: Message-ID: Paul Menzel commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1542#note_1863503755 Indeed, 0.23.2. Thank you for spotting this, and sorry about that mistake. I updated the issue title. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1542#note_1863503755 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 17 07:26:10 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Apr 2024 05:26:10 +0000 Subject: [gnutls-devel] GnuTLS | Make compression libraries dynamically loadable (!1800) In-Reply-To: References: Message-ID: Kai Pastor commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1800#note_1866607139 Question: How can I now statically link to zlib? Assume that there is not shared object. Context: vcpkg port. Default x64-linux library linkage is static, for libgnutls and all its deps. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1800#note_1866607139 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 17 07:34:56 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Apr 2024 05:34:56 +0000 Subject: [gnutls-devel] GnuTLS | Make compression libraries dynamically loadable (!1800) In-Reply-To: References: Message-ID: Kai Pastor commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1800#note_1866620573 In addition, this makes libdl a transitive usage requirement of libgnutls. This doesn't even reach the program in `src`, leading to "Undefined reference to dl...". -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1800#note_1866620573 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 17 07:42:11 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Apr 2024 05:42:11 +0000 Subject: [gnutls-devel] GnuTLS | Fix configuration with multi-word GMP_LIBS. (!1832) References: Message-ID: Kai Pastor created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1832 Project:Branches: dg0yt/gnutls:dg0yt-master-patch-98306 to gnutls/gnutls:master Author: Kai Pastor GMP_LIBS can be multi-word value, e.g. from `pkgconf --libs gmp`. This change fixed unquoted usage which caused configuration to fail. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- This project does not include diff previews in email notifications. Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1832 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 17 07:44:47 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 17 Apr 2024 05:44:47 +0000 Subject: [gnutls-devel] GnuTLS | Fix configuration with multi-word GMP_LIBS. (!1832) In-Reply-To: References: Message-ID: Kai Pastor commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1832#note_1866633768 PS: From the vcpkg port, which also uses ~~~ PKG_CHECK_MODULES(GMP, [gmp], [], [AC_MSG_ERROR([[gmp is required]])]) ~~~ https://github.com/microsoft/vcpkg/blob/501cb01e517ee5689577bb01ba8bd1b4c1041a53/ports/libgnutls/use-gmp-pkgconfig.patch -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1832#note_1866633768 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 18 03:51:33 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 18 Apr 2024 01:51:33 +0000 Subject: [gnutls-devel] GnuTLS | Compression broken in gnutls-3.8.4 on Darwin (at least) (#1546) References: Message-ID: David Bohman created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1546 ## Description of problem: The change in 7f45a942 does not work on Darwin, since `dlopen("libz.so.1", ...)` will not find the dynamic library. On Darwin, you need `dlopen("libz.dylib", ...)`, so you are going to need to pass the correct string to `dlopen` on different operating systems. I found this by inspecting the code in `gnutls-3.8.4` and writing a test program in order to demonstrate it. ## Version of gnutls used: 3.8.4 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Self compile. ## How reproducible: Here is the test program I used: ``` #include #include #include #include int main( int argc, char *argv[]) { void *dl; if (argc > 1) { dl = dlopen(argv[1], RTLD_NOW | RTLD_GLOBAL); if (dl != NULL) { fprintf(stderr, "Success!\n"); pause(); } } exit(1); } ``` ## Actual results: Failure when `libz.so.1` is passed as arg 1 to the test program. For success, I had to pass in `libz.dylib`. Here is the code fragment from `lib/compress.c`: ``` if ((_zlib_handle = dlopen("libz.so.1", RTLD_NOW | RTLD_GLOBAL)) == NULL) goto error; ``` ## Expected results: I expected the library to be loaded correctly. See #1539 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1546 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 19 03:03:10 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 19 Apr 2024 01:03:10 +0000 Subject: [gnutls-devel] GnuTLS | Compression broken in gnutls-3.8.4 on Darwin (at least) (#1546) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1546#note_1870533642 Thank you for spotting this. I think we should at least determine the SONAME at configure time, depending on the platform, something like: https://github.com/open-quantum-safe/liboqs/pull/1603/files#diff-1e7de1ae2d059d21e1dd75d5812d5a34b0222cef273b7c3a2af62eb747f9d20aR144 I'm not sure how this can be done on macOS, but it seems `otool -D ` produces some ID. Otherwise, we could fallback to just linking to the library at build time. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1546#note_1870533642 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 19 06:28:39 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 19 Apr 2024 04:28:39 +0000 Subject: [gnutls-devel] GnuTLS | Compression broken in gnutls-3.8.4 on Darwin (at least) (#1546) In-Reply-To: References: Message-ID: David Bohman commented: https://gitlab.com/gnutls/gnutls/-/issues/1546#note_1870722864 I think that you could hardwire the canonical library file name for the platform. It could be done at compile time. On Unix platforms, it is always `lib`STEM.ext. On Linux, the extension is always `.so` and on Darwin it is `.dylib`. Note that `dlopen` performs the appropriate library search for both platforms if you give it a name which does not contain a `/`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1546#note_1870722864 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 19 09:17:22 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 19 Apr 2024 07:17:22 +0000 Subject: [gnutls-devel] GnuTLS | Compression broken in gnutls-3.8.4 on Darwin (at least) (#1546) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1546#note_1870870519 > On Unix platforms, it is always `lib`STEM.ext. On Linux, the extension is always `.so` It's not that simple: on most distributions, `.so` file is usually a part of -devel package and thus not always present. On the other hand, the actual library file is suffixed with versions and even multiple versions of a shared library can be installed on the same system. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1546#note_1870870519 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 20 16:22:28 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 20 Apr 2024 14:22:28 +0000 Subject: [gnutls-devel] Guile-GnuTLS | testsuite-error: FAIL: tests/list-pk-algorithms.scm (#25) References: Message-ID: Andreas Metzler created an issue: https://gitlab.com/gnutls/guile/-/issues/25 guile-gnutls has started throwing in testsuite error: ~~~ FAIL: tests/list-pk-algorithms.scm ================================== throw to `wrong-type-arg' with args ("pk-algorithm->string" "Wrong type argument in position ~A: ~S" (1 #f) (#f)) [PID 149538] 16 (primitive-load "/dev/shm/GUILE-GNUTLS/guile-gnutls-4.0?") In ice-9/eval.scm: 155:9 15 (_ #(#(#) ?)) In ice-9/boot-9.scm: 1747:15 14 (with-exception-handler # ?) 1752:10 13 (with-exception-handler _ _ #:unwind? _ # _) In ice-9/eval.scm: 619:8 12 (_ #(#(#(#)) (# ?))) 259:9 11 (_ #(#(#(#)) (# ?))) 159:9 10 (_ #(#(#(#)) (# ?))) In ice-9/boot-9.scm: 222:29 9 (map1 (# # ?)) 222:29 8 (map1 (# #f # ?)) 222:17 7 (map1 (#f # # ?)) In unknown file: 6 (pk-algorithm->string #f) In ice-9/boot-9.scm: 1685:16 5 (raise-exception _ #:continuable? _) 1780:13 4 (_ #<&compound-exception components: (#<&assertion-fail?>) In ice-9/eval.scm: 619:8 3 (_ #(#(#) ?)) In ice-9/boot-9.scm: 142:2 2 (dynamic-wind # ?) In ice-9/eval.scm: 159:9 1 (_ #(#(# ?))) In unknown file: 0 (make-stack #t) FAIL tests/list-pk-algorithms.scm (exit status: 1) ~~~ I do not know when the breakage started but the obvious candidate is a gnutls change, it worked in September (against gnutls 3.8.1) and fails now with gnutls 3.8.5. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/25 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 20 16:50:00 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 20 Apr 2024 14:50:00 +0000 Subject: [gnutls-devel] Guile-GnuTLS | testsuite-error: FAIL: tests/list-pk-algorithms.scm (#25) In-Reply-To: References: Message-ID: Andreas Metzler commented: https://gitlab.com/gnutls/guile/-/issues/25#note_1872745511 I have tested against different gnutls versions, it worked up to and including 3.8.3 and started failing with 3.8.4. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/25#note_1872745511 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 22 10:51:14 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Apr 2024 08:51:14 +0000 Subject: [gnutls-devel] GnuTLS | support async operation e.g. io_uring (#1510) In-Reply-To: References: Message-ID: Yick commented: https://gitlab.com/gnutls/gnutls/-/issues/1510#note_1874571817 Could it be possible to create two new APIs `gnutls_record_sendto()` and `gnutls_record_recvfrom()`? So that gnutls just need to encrypt/decrypt with assigned memory. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1510#note_1874571817 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 22 12:37:14 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Apr 2024 10:37:14 +0000 Subject: [gnutls-devel] GnuTLS | Update from 3.7.10 to 3.8.5 results in `Core(error): tcp_tls_connect(), TLS handshake failed. GnuTLS error: The encryption algorithm is not supported.` (#1547) References: Message-ID: Paul Menzel created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1547 Updating the version from 3.7.10 to 3.8.5, `rdesktop` is now unable to establish a connection and aborts with: Core(error): tcp_tls_connect(), TLS handshake failed. GnuTLS error: The encryption algorithm is not supported. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1547 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 22 12:59:54 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Apr 2024 10:59:54 +0000 Subject: [gnutls-devel] GnuTLS | Update from 3.7.10 to 3.8.5 results in `Core(error): tcp_tls_connect(), TLS handshake failed. GnuTLS error: The encryption algorithm is not supported.` (#1547) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1547#note_1874815492 Isn't it a duplicate of #1540, which you could work around by creating an empty configuration file? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1547#note_1874815492 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 22 13:08:55 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Apr 2024 11:08:55 +0000 Subject: [gnutls-devel] GnuTLS | Update from 3.7.10 to 3.8.5 results in `Core(error): tcp_tls_connect(), TLS handshake failed. GnuTLS error: The encryption algorithm is not supported.` (#1547) In-Reply-To: References: Message-ID: Paul Menzel commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1547#note_1874830396 Yes, it is. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1547#note_1874830396 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 22 13:08:59 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Apr 2024 11:08:59 +0000 Subject: [gnutls-devel] GnuTLS | Update from 3.7.10 to 3.8.5 results in `Core(error): tcp_tls_connect(), TLS handshake failed. GnuTLS error: The encryption algorithm is not supported.` (#1547) In-Reply-To: References: Message-ID: Issue was closed by Paul Menzel Issue #1547: https://gitlab.com/gnutls/gnutls/-/issues/1547 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1547 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 22 13:44:07 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Apr 2024 11:44:07 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_x509_crt_check_hostname does not handle trailing dots (#1548) References: Message-ID: Daniel Stenberg created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1548 The documentation for this function says it takes "a DNS name" as input. A DNS name can have a trailing dot. An SNI name cannot have a trailing dot. TLS-wise, there is no difference between the two names but for DNS there is a difference. It seems GnuTLS wants the SNI name provided (without a trailing dot) as it seems to fail the verification if the trailing dot is provided in name passed in the hostname argument. Maybe you could clarify if the passed in name can keep trailing dots or not? It seems we should pass in the name without it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1548 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 22 13:57:27 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Apr 2024 11:57:27 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_x509_crt_check_hostname does not handle trailing dots (#1548) In-Reply-To: References: Message-ID: Simon Josefsson commented: https://gitlab.com/gnutls/gnutls/-/issues/1548#note_1874910331 Can anyone find guidance on this in RFC 6125? On a quick reading, I can't find any argument that it supports strings with trailing dot, and some argument that it should not support them (dot-separated non-empty strings implies no trailing dot). The comparison function is complex enough as it is, so it would be nice to be as consistent as possible to some standard document. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1548#note_1874910331 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 22 14:02:25 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Apr 2024 12:02:25 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_x509_crt_check_hostname does not handle trailing dots (#1548) In-Reply-To: References: Message-ID: Daniel Stenberg commented: https://gitlab.com/gnutls/gnutls/-/issues/1548#note_1874924520 RFC 2818 section 3.1 says: In general, HTTP/TLS requests are generated by dereferencing a URI. As a consequence, the hostname for the server is known to the client. If the hostname is available, the client MUST check it against the server's identity as presented in the server's Certificate message, in order to prevent man-in-the-middle attacks. The hostname here can have a trailing dot. The SNI name does not. RFC 9525 section 6.1 is less specific but says: The inputs used by the client to construct its list of reference identifiers might be a URI that a user has typed into an interface (e.g., an HTTPS URL for a website) Again, that is the hostname. Not the SNI name. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1548#note_1874924520 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 22 14:03:18 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Apr 2024 12:03:18 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_x509_crt_check_hostname does not handle trailing dots (#1548) In-Reply-To: References: Message-ID: Daniel Stenberg commented: https://gitlab.com/gnutls/gnutls/-/issues/1548#note_1874926511 Those are references on how to find the identifier to use when verifying the server name. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1548#note_1874926511 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 22 14:05:20 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 22 Apr 2024 12:05:20 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_x509_crt_check_hostname does not handle trailing dots (#1548) In-Reply-To: References: Message-ID: Daniel Stenberg commented: https://gitlab.com/gnutls/gnutls/-/issues/1548#note_1874931956 For reference, here is the curl bug that made me end up here: https://github.com/curl/curl/pull/13440 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1548#note_1874931956 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 23 13:41:18 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Apr 2024 11:41:18 +0000 Subject: [gnutls-devel] GnuTLS | Fix configuration with multi-word GMP_LIBS. (!1832) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1832#note_1876676218 The commit needs `Signed-off-by:` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1832#note_1876676218 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 23 17:24:28 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 23 Apr 2024 15:24:28 +0000 Subject: [gnutls-devel] GnuTLS | Compression broken in gnutls-3.8.4 on Darwin (at least) (#1546) In-Reply-To: References: Message-ID: David Bohman commented: https://gitlab.com/gnutls/gnutls/-/issues/1546#note_1877152266 Okay, I see your point. On Darwin, shared dylibs are typically not run time loaded during program execution. Perhaps the configuration script should only enable this new facility on Linux, and fall back to linking in the libraries at build time on other platforms. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1546#note_1877152266 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 29 07:23:01 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 29 Apr 2024 05:23:01 +0000 Subject: [gnutls-devel] Guile-GnuTLS | testsuite-error: FAIL: tests/list-pk-algorithms.scm (#25) In-Reply-To: References: Message-ID: Vagrant Cascadian commented: https://gitlab.com/gnutls/guile/-/issues/25#note_1884674854 FWIW, it appeared to start failing late march and april consistently in unstable, and more recently in trixie as well: https://tests.reproducible-builds.org/debian/history/guile-gnutls.html -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/25#note_1884674854 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 30 10:44:14 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 30 Apr 2024 08:44:14 +0000 Subject: [gnutls-devel] GnuTLS | Support PBMAC1 usage in PKCS#12 (!1833) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1833 Project:Branches: dueno/gnutls:wip/dueno/pkcs12-pbmac1 to gnutls/gnutls:master Author: Daiki Ueno * Support PBMAC1 usage in PKCS#12 This allows usage of PBMAC1 as the MAC to verify a PKCS#12 structure, following draft-ietf-lamps-pkcs12-pbmac1[1]. While the MAC verification is transparent, the generation requires a new API gnutls_pkcs12_generate_mac3 to be used with the GNUTLS_PKCS12_USE_PBMAC1 flag. certtool has also been extended with the --pbmac1 option, which can be used in combination with --to-p12. 1. https://datatracker.ietf.org/doc/draft-ietf-lamps-pkcs12-pbmac1/ Signed-off-by: Daiki Ueno ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [x] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1833 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 30 11:57:07 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 30 Apr 2024 09:57:07 +0000 Subject: [gnutls-devel] GnuTLS | Support PBMAC1 usage in PKCS#12 (!1833) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply), Alexander Sosedkin, and Zolt?n Fridrich were added as reviewers. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1833 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 30 11:56:37 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 30 Apr 2024 09:56:37 +0000 Subject: [gnutls-devel] GnuTLS | Support PBMAC1 usage in PKCS#12 (!1833) In-Reply-To: References: Message-ID: Reassigned merge request 1833 https://gitlab.com/gnutls/gnutls/-/merge_requests/1833 Daiki Ueno was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1833 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 30 13:08:57 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 30 Apr 2024 11:08:57 +0000 Subject: [gnutls-devel] GnuTLS | Support PBMAC1 usage in PKCS#12 (!1833) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) started a new discussion on lib/includes/gnutls/gnutls.h.in: https://gitlab.com/gnutls/gnutls/-/merge_requests/1833#note_1887152963 > GNUTLS_MAC_SHAKE_128 = 209, > GNUTLS_MAC_SHAKE_256 = 210, > GNUTLS_MAC_MAGMA_OMAC = 211, > - GNUTLS_MAC_KUZNYECHIK_OMAC = 212 > + GNUTLS_MAC_KUZNYECHIK_OMAC = 212, > + GNUTLS_MAC_PBMAC1 = > + 213 /* indicates that MAC is embedded the PKCS#12 structure */ nit: how about "indicates that PBMAC1 is embedded in the PKCS#12 structure"? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1833#note_1887152963 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 30 13:15:50 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 30 Apr 2024 11:15:50 +0000 Subject: [gnutls-devel] GnuTLS | Support PBMAC1 usage in PKCS#12 (!1833) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) started a new discussion on lib/includes/gnutls/pkcs12.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1833#note_1887163607 > gnutls_pkcs12_bag_t bag); > int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag); > > +typedef enum gnutls_pkcs12_flags_t { > + GNUTLS_PKCS12_USE_PBMAC1 = 1 > +} gnutls_pkcs12_flags_t; > + > int gnutls_pkcs12_generate_mac(gnutls_pkcs12_t pkcs12, const char *pass); > int gnutls_pkcs12_generate_mac2(gnutls_pkcs12_t pkcs12, > gnutls_mac_algorithm_t mac, const char *pass); > +int gnutls_pkcs12_generate_mac3(gnutls_pkcs12_t pkcs12, > + gnutls_mac_algorithm_t mac, const char *pass, > + unsigned int flags); does that mean that there's still no way to set separate hash for the KDF and for the whole file HMAC? also, what about setting the KDF in general? when we'll add support for scrypt or argon, that will be yet another API... (not to mention all the settings for the particular KDF used...) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1833#note_1887163607 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 30 13:48:51 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 30 Apr 2024 11:48:51 +0000 Subject: [gnutls-devel] GnuTLS | Support PBMAC1 usage in PKCS#12 (!1833) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/includes/gnutls/pkcs12.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1833#note_1887218368 > gnutls_pkcs12_bag_t bag); > int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag); > > +typedef enum gnutls_pkcs12_flags_t { > + GNUTLS_PKCS12_USE_PBMAC1 = 1 > +} gnutls_pkcs12_flags_t; > + > int gnutls_pkcs12_generate_mac(gnutls_pkcs12_t pkcs12, const char *pass); > int gnutls_pkcs12_generate_mac2(gnutls_pkcs12_t pkcs12, > gnutls_mac_algorithm_t mac, const char *pass); > +int gnutls_pkcs12_generate_mac3(gnutls_pkcs12_t pkcs12, > + gnutls_mac_algorithm_t mac, const char *pass, > + unsigned int flags); That is true. On the other hand, if we really want that control, maybe we could extend the `gnutls_pkcs12` API, e.g., adding a function like: ```c int gnutls_pkcs12_set_kdf(gnutls_pkcs12_t pkcs12, ...); ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1833#note_1887218368 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 30 13:49:44 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 30 Apr 2024 11:49:44 +0000 Subject: [gnutls-devel] GnuTLS | Support PBMAC1 usage in PKCS#12 (!1833) In-Reply-To: References: Message-ID: Hubert Kario (@mention me if you need reply) started a new discussion on tests/cert-tests/pkcs12-pbmac1.sh: https://gitlab.com/gnutls/gnutls/-/merge_requests/1833#note_1887219750 > +TMPFILE=$testdir/pkcs12 > +TMPFILE_PEM=$testdir/pkcs12.pem > + > +DEBUG="1" > + > +GOOD=" > +pbmac1_256_256.good.p12 > +pbmac1_256_256.no-len.p12 > +pbmac1_512_256.good.p12 > +pbmac1_512_512.good.p12 > +pbmac1-simple.p12 > +" > + > +BAD=" > +pbmac1_256_256.bad-iter.p12 > +pbmac1_256_256.bad-salt.p12 why no "missing key length"? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1833#note_1887219750 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 30 14:59:38 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 30 Apr 2024 12:59:38 +0000 Subject: [gnutls-devel] GnuTLS | Support PBMAC1 usage in PKCS#12 (!1833) In-Reply-To: References: Message-ID: All discussions on merge request !1833 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1833 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1833 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 30 14:59:38 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 30 Apr 2024 12:59:38 +0000 Subject: [gnutls-devel] GnuTLS | Support PBMAC1 usage in PKCS#12 (!1833) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1833 was reviewed by Daiki Ueno -- Daiki Ueno commented on a discussion on lib/includes/gnutls/pkcs12.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1833#note_1887349470 > +int gnutls_pkcs12_generate_mac3(gnutls_pkcs12_t pkcs12, > + gnutls_mac_algorithm_t mac, const char *pass, > + unsigned int flags); Let's do this kind of generalization in another round. -- Daiki Ueno commented on a discussion on tests/cert-tests/pkcs12-pbmac1.sh: https://gitlab.com/gnutls/gnutls/-/merge_requests/1833#note_1887349487 > +BAD=" > +pbmac1_256_256.bad-iter.p12 > +pbmac1_256_256.bad-salt.p12 OK, added a check. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1833 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: