From nmav at gnutls.org Sat Jun 1 13:26:06 2013
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sat, 01 Jun 2013 13:26:06 +0200
Subject: [gnutls-devel] gnutls 3.2.1
Message-ID: <51A9DA4E.9020004@gnutls.org>
Hello,
I've just released gnutls 3.2.1. This is a bug-fix release on the
current stable branch.
* Version 3.2.1 (released 2013-06-01)
** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain
openssl versions.
** libgnutls: Fixes in interrupted function resumption. Report
and patch by Tim Kosse.
** libgnutls: Corrected issue when receiving client hello verify
requests in DTLS.
** libgnutls: Fixes in DTLS record overhead size calculations.
** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported
by Mann Ern Kang.
** API and ABI modifications:
gnutls_session_set_id: Added
Getting the Software
====================
GnuTLS may be downloaded directly from
. A list of GnuTLS mirrors can be
found at .
Here are the XZ and LZIP compressed sources:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.1.tar.xz
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.1.tar.lz
Here are OpenPGP detached signatures signed using key 0x96865171:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.1.tar.xz.sig
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.1.tar.lz.sig
Note that it has been signed with my openpgp key:
pub 3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid Nikos Mavrogiannopoulos gnutls.org>
uid Nikos Mavrogiannopoulos
gmail.com>
sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02]
regards,
Nikos
From nmav at gnutls.org Sat Jun 1 13:21:41 2013
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sat, 01 Jun 2013 13:21:41 +0200
Subject: [gnutls-devel] gnutls 3.0.30
Message-ID: <51A9D945.70501@gnutls.org>
Hello,
I've just released gnutls 3.0.30. This is a bug-fix release on the
previous stable branch.
* Version 3.0.30 (released 2013-06-01)
** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain
openssl versions.
** libgnutls: When in compatibility mode allow for a wrong version in
the RSA PMS.
** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported
by Mann Ern Kang.
** API and ABI modifications:
No changes since last version.
Getting the Software
====================
GnuTLS may be downloaded directly from
. A list of GnuTLS mirrors can be
found at .
Here are the XZ and LZIP compressed sources:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.0/gnutls-3.0.30.tar.xz
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.0/gnutls-3.0.30.tar.lz
Here are OpenPGP detached signatures signed using key 0x96865171:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.0/gnutls-3.0.30.tar.xz.sig
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.0/gnutls-3.0.30.tar.lz.sig
Note that it has been signed with my openpgp key:
pub 3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid Nikos Mavrogiannopoulos gnutls.org>
uid Nikos Mavrogiannopoulos
gmail.com>
sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02]
regards,
Nikos
From nmav at gnutls.org Sat Jun 1 13:23:35 2013
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sat, 01 Jun 2013 13:23:35 +0200
Subject: [gnutls-devel] gnutls 3.1.12
Message-ID: <51A9D9B7.7030809@gnutls.org>
Hello,
I've just released gnutls 3.1.12. This is a bug-fix release on the 3.1
stable branch.
* Version 3.1.12 (released 2013-06-01)
** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain
openssl versions.
** libgnutls: Fixes in interrupted function resumption. Report
and patch by Tim Kosse.
** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported
by Mann Ern Kang.
** API and ABI modifications:
No changes since last version.
Getting the Software
====================
GnuTLS may be downloaded directly from
. A list of GnuTLS mirrors can be
found at .
Here are the XZ and LZIP compressed sources:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1/gnutls-3.1.12.tar.xz
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1/gnutls-3.1.12.tar.lz
Here are OpenPGP detached signatures signed using key 0x96865171:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1/gnutls-3.1.12.tar.xz.sig
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1/gnutls-3.1.12.tar.lz.sig
Note that it has been signed with my openpgp key:
pub 3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid Nikos Mavrogiannopoulos gnutls.org>
uid Nikos Mavrogiannopoulos
gmail.com>
sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02]
regards,
Nikos
From a.radke at arcor.de Sun Jun 2 11:40:59 2013
From: a.radke at arcor.de (Andreas Radke)
Date: Sun, 2 Jun 2013 11:40:59 +0200
Subject: [gnutls-devel] gnutls 3.2.1
In-Reply-To: <51A9DA4E.9020004@gnutls.org>
References: <51A9DA4E.9020004@gnutls.org>
Message-ID: <20130602114059.74e01f1b@workstation64.home>
New release built well on my x86_64 build system for x86_64 but fails
in i686 chroot one test:
make[3]: Leaving directory `/build/gnutls/src/gnutls-3.2.1/tests/userid'
make[2]: Leaving directory `/build/gnutls/src/gnutls-3.2.1/tests/userid'
Making check in cert-tests
make[2]: Entering directory
`/build/gnutls/src/gnutls-3.2.1/tests/cert-tests' make pathlen aki
template-test pem-decoding dane make[3]: Entering directory
`/build/gnutls/src/gnutls-3.2.1/tests/cert-tests' make[3]: Nothing to
be done for `pathlen'. make[3]: Nothing to be done for `aki'.
make[3]: Nothing to be done for `template-test'.
make[3]: Nothing to be done for `pem-decoding'.
make[3]: Nothing to be done for `dane'.
make[3]: Leaving directory
`/build/gnutls/src/gnutls-3.2.1/tests/cert-tests' make check-TESTS
make[3]: Entering directory
`/build/gnutls/src/gnutls-3.2.1/tests/cert-tests' PASS: pathlen
PASS: aki
PASS: template-test
7c7
< Not After: Tue Sep 11 19:04:49 UTC 2040
---
> Not After: Thu Dec 31 23:23:23 UTC 2037
Complex cert decoding failed 2
FAIL: pem-decoding
===================================
1 of 4 tests failed
Please report to bug-gnutls at gnu.org
===================================
make[3]: *** [check-TESTS] Error 1
make[3]: Leaving directory
`/build/gnutls/src/gnutls-3.2.1/tests/cert-tests' make[2]: ***
[check-am] Error 2 make[2]: Leaving directory
`/build/gnutls/src/gnutls-3.2.1/tests/cert-tests' make[1]: ***
[check-recursive] Error 1 make[1]: Leaving directory
`/build/gnutls/src/gnutls-3.2.1/tests' make: *** [check-recursive]
Error 1 ==> ERROR: A failure occurred in check().
-Andy
ArchLinux
From nmav at gnutls.org Sun Jun 2 12:11:36 2013
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sun, 02 Jun 2013 12:11:36 +0200
Subject: [gnutls-devel] gnutls 3.2.1
In-Reply-To: <20130602114059.74e01f1b@workstation64.home>
References: <51A9DA4E.9020004@gnutls.org>
<20130602114059.74e01f1b@workstation64.home>
Message-ID: <51AB1A58.7070007@gnutls.org>
On 06/02/2013 11:40 AM, Andreas Radke wrote:
> New release built well on my x86_64 build system for x86_64 but fails
> in i686 chroot one test:
>
> make[3]: Leaving directory `/build/gnutls/src/gnutls-3.2.1/tests/userid'
> make[2]: Leaving directory `/build/gnutls/src/gnutls-3.2.1/tests/userid'
> Making check in cert-tests
> make[2]: Entering directory
> `/build/gnutls/src/gnutls-3.2.1/tests/cert-tests' make pathlen aki
> template-test pem-decoding dane make[3]: Entering directory
> `/build/gnutls/src/gnutls-3.2.1/tests/cert-tests' make[3]: Nothing to
> be done for `pathlen'. make[3]: Nothing to be done for `aki'.
> make[3]: Nothing to be done for `template-test'.
> make[3]: Nothing to be done for `pem-decoding'.
> make[3]: Nothing to be done for `dane'.
> make[3]: Leaving directory
> `/build/gnutls/src/gnutls-3.2.1/tests/cert-tests' make check-TESTS
> make[3]: Entering directory
> `/build/gnutls/src/gnutls-3.2.1/tests/cert-tests' PASS: pathlen
> PASS: aki
> PASS: template-test
> 7c7
> < Not After: Tue Sep 11 19:04:49 UTC 2040
> ---
>> Not After: Thu Dec 31 23:23:23 UTC 2037
I think I figured it out. Is that the only error in that system? Does
the patch below solve it?
https://gitorious.org/gnutls/gnutls/commit/b12040aeab5fbaf02677571db1d8bf1995bd5ee0
regards,
Nikos
From alon.barlev at gmail.com Sun Jun 2 14:45:06 2013
From: alon.barlev at gmail.com (Alon Bar-Lev)
Date: Sun, 2 Jun 2013 15:45:06 +0300
Subject: [gnutls-devel] [PATCH] build: explicit linkage with gmp library
Message-ID: <1370177106-31801-1-git-send-email-alon.barlev@gmail.com>
gnutls uses gmp library explicitly so it needs to explicit link against
it so that all symbols may be resolved.
Signed-off-by: Alon Bar-Lev
---
lib/nettle/Makefile.am | 3 ++-
m4/hooks.m4 | 12 +++++++++++-
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/lib/nettle/Makefile.am b/lib/nettle/Makefile.am
index e2b704e..56d180a 100644
--- a/lib/nettle/Makefile.am
+++ b/lib/nettle/Makefile.am
@@ -18,7 +18,7 @@
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see
-AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS)
+AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) $(GMP_CFLAGS)
AM_CPPFLAGS = \
-I$(srcdir)/../../gl \
-I$(builddir)/../../gl \
@@ -35,3 +35,4 @@ noinst_LTLIBRARIES = libcrypto.la
libcrypto_la_SOURCES = pk.c mpi.c mac.c cipher.c rnd.c init.c egd.c egd.h \
gnettle.h
+libcrypto_la_LIBADD = $(GMP_LIBS)
diff --git a/m4/hooks.m4 b/m4/hooks.m4
index 3439edb..84a3afc 100644
--- a/m4/hooks.m4
+++ b/m4/hooks.m4
@@ -77,10 +77,20 @@ AC_MSG_ERROR([[
*** Libhogweed (nettle's companion library) was not found. Note that you must compile nettle with gmp support.
]])
])
+ AC_ARG_VAR(GMP_CFLAGS, [C compiler flags for gmp])
+ AC_ARG_VAR(GMP_LIBS, [linker flags for gmp])
+ if test x$GMP_LIBS = x; then
+ AC_CHECK_LIB(gmp, __gmpz_cmp, [GMP_LIBS="-lgmp"], [AC_MSG_ERROR([[
+***
+*** gmp was not found. while nettle was.
+]])])
+ fi
+ AC_SUBST(GMP_CFLAGS)
+ AC_SUBST(GMP_LIBS)
AM_CONDITIONAL(ENABLE_NETTLE, test "$cryptolib" = "nettle")
AC_DEFINE([HAVE_LIBNETTLE], 1, [nettle is enabled])
- GNUTLS_REQUIRES_PRIVATE="Requires.private: nettle, hogweed"
+ GNUTLS_REQUIRES_PRIVATE="Requires.private: nettle, hogweed, gmp"
AC_ARG_WITH(included-libtasn1,
AS_HELP_STRING([--with-included-libtasn1], [use the included libtasn1]),
--
1.8.1.5
From nmav at gnutls.org Sun Jun 2 19:37:44 2013
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Sun, 02 Jun 2013 19:37:44 +0200
Subject: [gnutls-devel] [PATCH] build: explicit linkage with gmp library
In-Reply-To: <1370177106-31801-1-git-send-email-alon.barlev@gmail.com>
References: <1370177106-31801-1-git-send-email-alon.barlev@gmail.com>
Message-ID: <51AB82E8.4060100@gnutls.org>
On 06/02/2013 02:45 PM, Alon Bar-Lev wrote:
> gnutls uses gmp library explicitly so it needs to explicit link against
> it so that all symbols may be resolved.
>
> Signed-off-by: Alon Bar-Lev
Thanks. A fix based on that was committed.
https://gitorious.org/gnutls/gnutls/commit/02eb70d6d96f624ed6cc55dfa62734495dffbb44
regards,
Nikos
From alon.barlev at gmail.com Sun Jun 2 20:06:11 2013
From: alon.barlev at gmail.com (Alon Bar-Lev)
Date: Sun, 2 Jun 2013 21:06:11 +0300
Subject: [gnutls-devel] [PATCH] build: explicit linkage with gmp library
In-Reply-To: <51AB82E8.4060100@gnutls.org>
References: <1370177106-31801-1-git-send-email-alon.barlev@gmail.com>
<51AB82E8.4060100@gnutls.org>
Message-ID:
On Sun, Jun 2, 2013 at 8:37 PM, Nikos Mavrogiannopoulos wrote:
> On 06/02/2013 02:45 PM, Alon Bar-Lev wrote:
>
>> gnutls uses gmp library explicitly so it needs to explicit link against
>> it so that all symbols may be resolved.
>>
>> Signed-off-by: Alon Bar-Lev
>
>
> Thanks. A fix based on that was committed.
>
> https://gitorious.org/gnutls/gnutls/commit/02eb70d6d96f624ed6cc55dfa62734495dffbb44
>
> regards,
> Nikos
Thanks!
However, if you use libtool, you don't need to add the dependency of
the libcrypto to users of libcrypto... I refer to the change in
lib/Makefile.am which is somewhat redundant, if you add the dependency
where it belongs - to libcrypto.
I also tend not to mix between CPPFLAGS and CFLAGS, pkg-config and
XXX_CFLAGS can contain flags that are not accepted by the
pre-processor.
Regards,
Alon
From nmav at gnutls.org Mon Jun 3 21:22:26 2013
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Mon, 03 Jun 2013 21:22:26 +0200
Subject: [gnutls-devel] [PATCH] build: explicit linkage with gmp library
In-Reply-To:
References: <1370177106-31801-1-git-send-email-alon.barlev@gmail.com>
<51AB82E8.4060100@gnutls.org>
Message-ID: <51ACECF2.1080607@gnutls.org>
On 06/02/2013 08:06 PM, Alon Bar-Lev wrote:
> However, if you use libtool, you don't need to add the dependency of
> the libcrypto to users of libcrypto... I refer to the change in
> lib/Makefile.am which is somewhat redundant, if you add the dependency
> where it belongs - to libcrypto.
I've moved that. Should be better now.
regards,
Nikos
From ametzler at downhill.at.eu.org Wed Jun 5 19:06:25 2013
From: ametzler at downhill.at.eu.org (Andreas Metzler)
Date: Wed, 5 Jun 2013 19:06:25 +0200
Subject: [gnutls-devel] [OT] gnutls.org DNS servers acting up again
Message-ID: <20130605170625.GA12223@downhill.g.la>
Hello,
2 out of 3 DNS servers for gnutls.org. are unresponsive on IPv4:
----------------------
ametzler at m26s25:~$ for i in dns1.easydns.com. dns2.easydns.net. dns3.easydns.ca. ; do echo -n "$i: "; host lists.gnutls.org. $i ; done
dns1.easydns.com.: ;; connection timed out; no servers could be reached
dns2.easydns.net.: Using domain server:
Name: dns2.easydns.net.
Address: 72.52.2.1#53
Aliases:
lists.gnutls.org has address 217.69.76.57
lists.gnutls.org mail is handled by 0 mx.easymail.ca.
dns3.easydns.ca.: ;; connection timed out; no servers could be reached
One of the failing ones (dns3.easydns.ca.) is answering on IPv6.
----------------------
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
From nmav at gnutls.org Wed Jun 5 21:33:21 2013
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Wed, 05 Jun 2013 21:33:21 +0200
Subject: [gnutls-devel] [OT] gnutls.org DNS servers acting up again
In-Reply-To: <20130605170625.GA12223@downhill.g.la>
References: <20130605170625.GA12223@downhill.g.la>
Message-ID: <51AF9281.1000003@gnutls.org>
On 06/05/2013 07:06 PM, Andreas Metzler wrote:
> Hello,
>
> 2 out of 3 DNS servers for gnutls.org. are unresponsive on IPv4:
> ----------------------
> ametzler at m26s25:~$ for i in dns1.easydns.com. dns2.easydns.net. dns3.easydns.ca. ; do echo -n "$i: "; host lists.gnutls.org. $i ; done
> dns1.easydns.com.: ;; connection timed out; no servers could be reached
Thanks. It seems easydns was under DDOS the past few days.
http://blog.easydns.org/2013/06/04/post-mortem-of-the-june-3-4th-ddos/
I hope any issues would be fixed as soon.
regards,
Nikos
From gajukbhat at gmail.com Tue Jun 4 22:22:55 2013
From: gajukbhat at gmail.com (Gaju Bhat)
Date: Wed, 05 Jun 2013 01:52:55 +0530
Subject: [gnutls-devel] Problem with detecting dependencies
Message-ID: <51AE4C9F.1060105@gmail.com>
Hi,
I was building the gnutls from the source when I encountered a missing
dependency in the 'configure' step. It looks like gnutls needs autogen
which my system didn't have. When running make I ran into an error.
Is there a reason the 'configure' step doesn't check for the presence of
autogen and alert the user early?
Thanks,
Gaju
From nmav at gnutls.org Wed Jun 5 21:44:38 2013
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Wed, 05 Jun 2013 21:44:38 +0200
Subject: [gnutls-devel] Problem with detecting dependencies
In-Reply-To: <51AE4C9F.1060105@gmail.com>
References: <51AE4C9F.1060105@gmail.com>
Message-ID: <51AF9526.5060304@gnutls.org>
On 06/04/2013 10:22 PM, Gaju Bhat wrote:
> Hi,
>
> I was building the gnutls from the source when I encountered a missing
> dependency in the 'configure' step. It looks like gnutls needs autogen
> which my system didn't have. When running make I ran into an error.
Hello,
Could you quote the error you see? gnutls shouldn't need autogen for
normal compilation.
regards,
Nikos
From martin at martin.st Thu Jun 6 14:26:52 2013
From: martin at martin.st (Martin Storsjo)
Date: Thu, 6 Jun 2013 15:26:52 +0300
Subject: [gnutls-devel] [PATCH 1/2] crywrap: Use the libidn pkg-config
include and lib paths
Message-ID: <1370521613-57190-1-git-send-email-martin@martin.st>
---
src/crywrap/Makefile.am | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/crywrap/Makefile.am b/src/crywrap/Makefile.am
index a20bcd6..9f42db3 100644
--- a/src/crywrap/Makefile.am
+++ b/src/crywrap/Makefile.am
@@ -15,7 +15,7 @@
# along with this file; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-AM_CFLAGS = $(WARN_CFLAGS)
+AM_CFLAGS = $(WARN_CFLAGS) $(LIBIDN_CFLAGS)
AM_CPPFLAGS = \
-I$(srcdir)/../../gl \
-I$(builddir)/../../lib/includes \
@@ -27,4 +27,4 @@ EXTRA_DIST = README
bin_PROGRAMS = crywrap
crywrap_SOURCES = crywrap.c primes.h crywrap.h
-crywrap_LDADD = ../../lib/libgnutls.la ../../gl/libgnu.la -lidn
+crywrap_LDADD = ../../lib/libgnutls.la ../../gl/libgnu.la $(LIBIDN_LIBS)
--
1.7.9.4
From martin at martin.st Thu Jun 6 14:26:53 2013
From: martin at martin.st (Martin Storsjo)
Date: Thu, 6 Jun 2013 15:26:53 +0300
Subject: [gnutls-devel] [PATCH 2/2] Add NETTLE_CFLAGS in makefiles
In-Reply-To: <1370521613-57190-1-git-send-email-martin@martin.st>
References: <1370521613-57190-1-git-send-email-martin@martin.st>
Message-ID: <1370521613-57190-2-git-send-email-martin@martin.st>
This is required for using nettle/memxor.h, which now is included
implicitly via gnutls_int.h, if the nettle include directories
aren't in one of the compiler standard paths.
---
These were the places where I had to include it for a build on OS X
to succeed, there might be a few more subdirectory makefiles that
my build didn't happen to use.
---
extra/Makefile.am | 2 +-
lib/Makefile.am | 2 +-
lib/accelerated/Makefile.am | 2 +-
lib/accelerated/x86/Makefile.am | 2 +-
lib/algorithms/Makefile.am | 2 +-
lib/auth/Makefile.am | 2 +-
lib/ext/Makefile.am | 2 +-
lib/extras/Makefile.am | 2 +-
lib/opencdk/Makefile.am | 2 ++
lib/openpgp/Makefile.am | 2 +-
lib/x509/Makefile.am | 2 +-
11 files changed, 12 insertions(+), 10 deletions(-)
diff --git a/extra/Makefile.am b/extra/Makefile.am
index 8cbb405..f9716e6 100644
--- a/extra/Makefile.am
+++ b/extra/Makefile.am
@@ -22,7 +22,7 @@
ACLOCAL_AMFLAGS = -I ../m4 -I ../gl/m4
-AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS)
+AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) $(NETTLE_CFLAGS)
AM_CPPFLAGS = \
-I$(srcdir)/../gl \
-I$(builddir)/../gl \
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 006f695..790cdb1 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -27,7 +27,7 @@ endif
localedir = $(datadir)/locale
-AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS)
+AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) $(NETTLE_CFLAGS)
AM_CPPFLAGS = \
-DLOCALEDIR=\"$(localedir)\" \
-I$(srcdir)/../gl \
diff --git a/lib/accelerated/Makefile.am b/lib/accelerated/Makefile.am
index 7baa9bc..f1a1982 100644
--- a/lib/accelerated/Makefile.am
+++ b/lib/accelerated/Makefile.am
@@ -18,7 +18,7 @@
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see
-AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS)
+AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) $(NETTLE_CFLAGS)
SUBDIRS =
AM_CPPFLAGS = \
-I$(srcdir)/../../gl \
diff --git a/lib/accelerated/x86/Makefile.am b/lib/accelerated/x86/Makefile.am
index 400f15d..8edcbbb 100644
--- a/lib/accelerated/x86/Makefile.am
+++ b/lib/accelerated/x86/Makefile.am
@@ -19,7 +19,7 @@
# along with this program. If not, see
AM_LIBTOOLFLAGS=--tag=CC
-AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS)
+AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) $(NETTLE_CFLAGS)
AM_CPPFLAGS = -I$(srcdir)/../../../gl \
-I$(builddir)/../../../gl \
-I$(srcdir)/../../includes \
diff --git a/lib/algorithms/Makefile.am b/lib/algorithms/Makefile.am
index 13b287a..328e46f 100644
--- a/lib/algorithms/Makefile.am
+++ b/lib/algorithms/Makefile.am
@@ -18,7 +18,7 @@
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see
-AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS)
+AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) $(NETTLE_CFLAGS)
AM_CPPFLAGS = \
-I$(srcdir)/../../gl \
-I$(builddir)/../../gl \
diff --git a/lib/auth/Makefile.am b/lib/auth/Makefile.am
index 966bd7a..e1abdc0 100644
--- a/lib/auth/Makefile.am
+++ b/lib/auth/Makefile.am
@@ -18,7 +18,7 @@
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see
-AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS)
+AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) $(NETTLE_CFLAGS)
AM_CPPFLAGS = \
-I$(srcdir)/../../gl \
-I$(builddir)/../../gl \
diff --git a/lib/ext/Makefile.am b/lib/ext/Makefile.am
index 5572430..47e4df9 100644
--- a/lib/ext/Makefile.am
+++ b/lib/ext/Makefile.am
@@ -18,7 +18,7 @@
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see
-AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS)
+AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) $(NETTLE_CFLAGS)
AM_CPPFLAGS = \
-I$(srcdir)/../../gl \
-I$(builddir)/../../gl \
diff --git a/lib/extras/Makefile.am b/lib/extras/Makefile.am
index c6afbe5..b621de9 100644
--- a/lib/extras/Makefile.am
+++ b/lib/extras/Makefile.am
@@ -18,7 +18,7 @@
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see
-AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS)
+AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) $(NETTLE_CFLAGS)
AM_CPPFLAGS = \
-I$(srcdir)/../../gl \
-I$(builddir)/../../gl \
diff --git a/lib/opencdk/Makefile.am b/lib/opencdk/Makefile.am
index 3ceadc3..5023795 100644
--- a/lib/opencdk/Makefile.am
+++ b/lib/opencdk/Makefile.am
@@ -18,6 +18,8 @@
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see
+AM_CFLAGS = $(NETTLE_CFLAGS)
+
AM_CPPFLAGS = \
-I$(srcdir)/../../gl \
-I$(builddir)/../../gl \
diff --git a/lib/openpgp/Makefile.am b/lib/openpgp/Makefile.am
index 6c92723..893f596 100644
--- a/lib/openpgp/Makefile.am
+++ b/lib/openpgp/Makefile.am
@@ -18,7 +18,7 @@
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see
-AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS)
+AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) $(NETTLE_CFLAGS)
AM_CPPFLAGS = \
-I$(srcdir)/../../gl \
-I$(builddir)/../../gl \
diff --git a/lib/x509/Makefile.am b/lib/x509/Makefile.am
index 93fbd24..4fc6579 100644
--- a/lib/x509/Makefile.am
+++ b/lib/x509/Makefile.am
@@ -16,7 +16,7 @@
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see
-AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS)
+AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) $(NETTLE_CFLAGS)
AM_CPPFLAGS = \
-I$(srcdir)/../../gl \
-I$(builddir)/../../gl \
--
1.7.9.4
From gajukbhat at gmail.com Thu Jun 6 20:32:40 2013
From: gajukbhat at gmail.com (Gaju Bhat)
Date: Fri, 07 Jun 2013 00:02:40 +0530
Subject: [gnutls-devel] Fwd: Re: Problem with detecting dependencies
In-Reply-To: <51B00757.4030003@gmail.com>
References: <51B00757.4030003@gmail.com>
Message-ID: <51B0D5C8.7040503@gmail.com>
Hi,
I'm forwarding the communication with Nikos to the list for the sake of
completeness.
Thanks,
Gaju
================
Thanks for the answer Nikos. When I do a 'make install', I get what
appears to be a more serious error:
http://pastebin.com/nGkRsStW
Do you see anything that might cause this?
-Gaju
On 6/6/13, Nikos Mavrogiannopoulos wrote:
> On 06/05/2013 10:15 PM, Gaju Bhat wrote:
>
>> Hi Nikos,
>>
>> Here's the error I get:
>>
>> http://pastebin.com/2XwmQ93Y
>>
>> Please let me know if I missed anything.
> No need to worry for that. These files are generated prior to release
> and this is why the error is ignored by the built system. As far as I
> see your copy was correctly built.
>
> regards,
> Nikos
From nmav at gnutls.org Thu Jun 6 23:28:44 2013
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Thu, 06 Jun 2013 23:28:44 +0200
Subject: [gnutls-devel] [PATCH 2/2] Add NETTLE_CFLAGS in makefiles
In-Reply-To: <1370521613-57190-2-git-send-email-martin@martin.st>
References: <1370521613-57190-1-git-send-email-martin@martin.st>
<1370521613-57190-2-git-send-email-martin@martin.st>
Message-ID: <51B0FF0C.6070009@gnutls.org>
On 06/06/2013 02:26 PM, Martin Storsjo wrote:
> This is required for using nettle/memxor.h, which now is included
> implicitly via gnutls_int.h, if the nettle include directories
> aren't in one of the compiler standard paths.
> ---
> These were the places where I had to include it for a build on OS X
> to succeed, there might be a few more subdirectory makefiles that
> my build didn't happen to use.
Both applied. Thanks.
Nikos
From nmav at gnutls.org Fri Jun 7 08:44:04 2013
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Fri, 07 Jun 2013 08:44:04 +0200
Subject: [gnutls-devel] Fwd: Re: Problem with detecting dependencies
In-Reply-To: <51B0D5C8.7040503@gmail.com>
References: <51B00757.4030003@gmail.com> <51B0D5C8.7040503@gmail.com>
Message-ID: <51B18134.3000505@gnutls.org>
On 06/06/2013 08:32 PM, Gaju Bhat wrote:
> Thanks for the answer Nikos. When I do a 'make install', I get what
> appears to be a more serious error:
> http://pastebin.com/nGkRsStW
> Do you see anything that might cause this?
A file is missing from your extracted directory. Since this is
distributed with gnutls, it seems it somehow got deleted. Could you
check for the reason?
regards,
Nikos
From qboosh at pld-linux.org Sat Jun 8 21:58:16 2013
From: qboosh at pld-linux.org (Jakub Bogusz)
Date: Sat, 8 Jun 2013 21:58:16 +0200
Subject: [gnutls-devel] Polish translation update for gnutls 3.1.11 and 3.2.1
Message-ID: <20130608195816.GB5776@stranger.qboosh.pl>
Hello,
I updated Polish translations for gnutls 3.1.11 and 3.2.1.
They are available at:
http://qboosh.pl/pl.po/gnutls-3.1.11.pl.po
http://qboosh.pl/pl.po/gnutls-3.2.1.pl.po
Please apply.
--
Jakub Bogusz http://qboosh.pl/
From daniele.athome at gmail.com Mon Jun 10 14:31:22 2013
From: daniele.athome at gmail.com (Daniele Ricci)
Date: Mon, 10 Jun 2013 14:31:22 +0200
Subject: [gnutls-devel] ECC support for OpenPGP
Message-ID:
Hi,
I can't find support for OpenPGP ECC keys. I'd like to contribute if
possible, is someone already working on it?
By the way, I found this:
https://gitorious.org/baserock-morphs/gnutls/commit/a8e8ba0f5cea4f2356c539e48d17b1e662b49141/diffs
Cheers
--
Daniele
From INVALID.NOREPLY at gnu.org Mon Jun 10 15:01:52 2013
From: INVALID.NOREPLY at gnu.org (anonymous)
Date: Mon, 10 Jun 2013 13:01:52 +0000
Subject: [gnutls-devel] [sr #108321] crq_apis coredump on 32-bit build due
to _gnutls_strdatum_to_buf NULL buf handling
In-Reply-To: <20130610-124716.sv0.1003@savannah.gnu.org>
References: <20130610-124716.sv0.1003@savannah.gnu.org>
Message-ID: <20130610-130152.sv0.38725@savannah.gnu.org>
Follow-up Comment #1, sr #108321 (project gnutls):
Correction: it is obvious why it doesn't crash on x86-64: on that platform, it
so happens that the stack frame is deep enough in the call within crq_apis
that the size passed in is zero. This is obviously not something we can ever
rely on! :)
(Sorry I can't log in: my username and password are stored encrypted and only
my Emacs knows how to decrypt them. My Emacs won't start due to a lack of
GnuTLS! though I have a build underway to fix that...)
_______________________________________________________
Reply to this item at:
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
From INVALID.NOREPLY at gnu.org Mon Jun 10 14:47:17 2013
From: INVALID.NOREPLY at gnu.org (anonymous)
Date: Mon, 10 Jun 2013 12:47:17 +0000
Subject: [gnutls-devel] [sr #108321] crq_apis coredump on 32-bit build due
to _gnutls_strdatum_to_buf NULL buf handling
Message-ID: <20130610-124716.sv0.1003@savannah.gnu.org>
URL:
Summary: crq_apis coredump on 32-bit build due to
_gnutls_strdatum_to_buf NULL buf handling
Project: GnuTLS
Submitted by: None
Submitted on: Mon 10 Jun 2013 12:47:15 UTC
Category: Core library
Priority: 5 - Normal
Severity: 4 - Important
Status: None
Privacy: Public
Assigned to: None
Originator Email: nick.alcock at oracle.com
Open/Closed: Open
Discussion Lock: Any
Operating System: GNU/Linux
_______________________________________________________
Details:
[Set to important on the grounds that writing to null pointers in
security-sensitive code is a bad thing. Feel free to change it back if I
guessed wrong!]
This is a 32-bit build on a 64-bit SSSE3-capable host. We see:
Core was generated by `./crq_apis'.
Program terminated with signal 11, Segmentation fault.
#0 0xf75f697a in __memcpy_ssse3_rep () from /lib32/libc.so.6
(gdb) bt
#0 0xf75f697a in __memcpy_ssse3_rep () from /lib32/libc.so.6
#1 0xf76fedf6 in _gnutls_strdatum_to_buf (d=d at entry=0xffd0d7c8,
buf=buf at entry=0x0, sizeof_buf=sizeof_buf at entry=0xffd0d81c) at common.c:1774
#2 0xf7705152 in gnutls_x509_crq_get_challenge_password
(crq=crq at entry=0x9aa99c0, buf=buf at entry=0x0,
sizeof_buf=sizeof_buf at entry=0xffd0d81c) at crq.c:490
#3 0xf7713e0f in print_crq (format=GNUTLS_CRT_PRINT_FULL, cert=0x9aa99c0,
str=0xffd0d820) at output.c:2344
#4 gnutls_x509_crq_print (crq=0x9aa99c0,
format=format at entry=GNUTLS_CRT_PRINT_FULL, out=out at entry=0xffd0d91c) at
output.c:2486
#5 0x080495b8 in doit () at crq_apis.c:190
#6 0x08048f84 in main (argc=, argv=0xffd0da34) at utils.c:155
The immediate cause, obviously, is that 'buf' is NULL. The ultimate cause is
also obvious: print_crq() calls gnutls_x509_crq_get_challenge_password() with
a NULL buf argument and an uninitialized size. How this works at all, ever,
even on 64-bit platforms, is a mystery to me. A NULL buf is not documented as
working, but since it is passed in by the API testsuite as well as by
print_crq() it is clear that it's meant to work.
The obvious fix is to test buf for nullity in _gnutls_strdatum_to_buf(), as
well as checking the size for validity, and return
GNUTLS_E_SHORT_MEMORY_BUFFER and update the sizeof_buf if it's NULL as well as
if it's short. This means you can set the size by passing in any size at all
and a NULL buf, rather than requiring a zero size.
Fix attached.
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Mon 10 Jun 2013 12:47:16 UTC Name:
0001-A-NULL-buf-argument-to-_gnutls_strdatum_to_buf-shoul.patch Size: 1kB
By: None
Fix
_______________________________________________________
Reply to this item at:
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
From nmav at gnutls.org Mon Jun 10 20:36:33 2013
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Mon, 10 Jun 2013 20:36:33 +0200
Subject: [gnutls-devel] ECC support for OpenPGP
In-Reply-To:
References:
Message-ID: <51B61CB1.30903@gnutls.org>
On 06/10/2013 02:31 PM, Daniele Ricci wrote:
> Hi,
> I can't find support for OpenPGP ECC keys. I'd like to contribute if
> possible, is someone already working on it?
Not really.
> By the way, I found this:
> https://gitorious.org/baserock-morphs/gnutls/commit/a8e8ba0f5cea4f2356c539e48d17b1e662b49141/diffs
I don't understand what this is supposed to be. gnutls supports elliptic
curve X.509 certificates since some time, but this code was never
extended for the openpgp certificates, so if you add that capability
would be very nice.
best regards,
Nikos
From nmav at gnutls.org Mon Jun 10 20:43:28 2013
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Mon, 10 Jun 2013 20:43:28 +0200
Subject: [gnutls-devel] [sr #108321] crq_apis coredump on 32-bit build
due to _gnutls_strdatum_to_buf NULL buf handling
In-Reply-To: <20130610-124716.sv0.1003@savannah.gnu.org>
References: <20130610-124716.sv0.1003@savannah.gnu.org>
Message-ID: <51B61E50.2000608@gnutls.org>
On 06/10/2013 02:47 PM, anonymous wrote:
[...]
>
> The immediate cause, obviously, is that 'buf' is NULL. The ultimate cause is
> also obvious: print_crq() calls gnutls_x509_crq_get_challenge_password() with
> a NULL buf argument and an uninitialized size. How this works at all, ever,
> even on 64-bit platforms, is a mystery to me. A NULL buf is not documented as
> working, but since it is passed in by the API testsuite as well as by
> print_crq() it is clear that it's meant to work.
>
> The obvious fix is to test buf for nullity in _gnutls_strdatum_to_buf(), as
> well as checking the size for validity, and return
> GNUTLS_E_SHORT_MEMORY_BUFFER and update the sizeof_buf if it's NULL as well as
> if it's short. This means you can set the size by passing in any size at all
> and a NULL buf, rather than requiring a zero size.
Hello Nick,
Which version of gnutls does this affect? The latest releases seem to
have a similar fix applied.
regards,
Nikos
From nmav at gnutls.org Mon Jun 10 21:46:22 2013
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Mon, 10 Jun 2013 21:46:22 +0200
Subject: [gnutls-devel] [sr #108321] crq_apis coredump on 32-bit build
due to _gnutls_strdatum_to_buf NULL buf handling
In-Reply-To: <87wqq1sr3i.fsf@spindle.srvr.nix>
References: <20130610-124716.sv0.1003@savannah.gnu.org>
<51B61E50.2000608@gnutls.org> <87wqq1sr3i.fsf@spindle.srvr.nix>
Message-ID: <51B62D0E.6050309@gnutls.org>
On 06/10/2013 09:28 PM, Nick Alcock wrote:
> On 10 Jun 2013, Nikos Mavrogiannopoulos outgrape:
>
>> Hello Nick,
>> Which version of gnutls does this affect? The latest releases seem to
>> have a similar fix applied.
>
> This is at the tip of the master branch. I didn't check the releases,
> perhaps I should have (I assumed, perhaps foolishly, that any fixes on
> the release branches would of course be on master as well).
>
> ... but then, no release to date *has* _gnutls_strdatum_to_buf(): you
> wrote it in 435cd838a8a1e1a5af6c3e7ea82fe5f1bd0b0552, one commit after
> the release of 3.1.5.
It seems that you check the old site a gnu which is not being updated.
You may want to check http://www.gnutls.org/
which has the most recent releases and links to the new repository.
Out of curiosity how did you end-up in the old sites? I thought I have
forwarded most of the old pages to the new ones.
regards,
Nikos
From daniele.athome at gmail.com Tue Jun 11 00:08:59 2013
From: daniele.athome at gmail.com (Daniele Ricci)
Date: Tue, 11 Jun 2013 00:08:59 +0200
Subject: [gnutls-devel] ECC support for OpenPGP
In-Reply-To: <51B61CB1.30903@gnutls.org>
References:
<51B61CB1.30903@gnutls.org>
Message-ID:
I'm sorry that was actually an ECC implementation from some time ago.
That was from you by the way :-)
So the part missing is actually handling OpenPGP with ECC keys.
I'll look into the necessary changes and get back to you in a few
weeks - got to finish other things first.
Cheers
On Mon, Jun 10, 2013 at 8:36 PM, Nikos Mavrogiannopoulos
wrote:
> On 06/10/2013 02:31 PM, Daniele Ricci wrote:
>
>> Hi,
>> I can't find support for OpenPGP ECC keys. I'd like to contribute if
>> possible, is someone already working on it?
>
>
> Not really.
>
>> By the way, I found this:
>> https://gitorious.org/baserock-morphs/gnutls/commit/a8e8ba0f5cea4f2356c539e48d17b1e662b49141/diffs
>
>
> I don't understand what this is supposed to be. gnutls supports elliptic
> curve X.509 certificates since some time, but this code was never
> extended for the openpgp certificates, so if you add that capability
> would be very nice.
>
> best regards,
> Nikos
--
Daniele
From nick.alcock at oracle.com Mon Jun 10 21:28:17 2013
From: nick.alcock at oracle.com (Nick Alcock)
Date: Mon, 10 Jun 2013 20:28:17 +0100
Subject: [gnutls-devel] [sr #108321] crq_apis coredump on 32-bit build
due to _gnutls_strdatum_to_buf NULL buf handling
In-Reply-To: <51B61E50.2000608@gnutls.org> (Nikos Mavrogiannopoulos's message
of "Mon, 10 Jun 2013 20:43:28 +0200")
References: <20130610-124716.sv0.1003@savannah.gnu.org>
<51B61E50.2000608@gnutls.org>
Message-ID: <87wqq1sr3i.fsf@spindle.srvr.nix>
On 10 Jun 2013, Nikos Mavrogiannopoulos outgrape:
> Hello Nick,
> Which version of gnutls does this affect? The latest releases seem to
> have a similar fix applied.
This is at the tip of the master branch. I didn't check the releases,
perhaps I should have (I assumed, perhaps foolishly, that any fixes on
the release branches would of course be on master as well).
... but then, no release to date *has* _gnutls_strdatum_to_buf(): you
wrote it in 435cd838a8a1e1a5af6c3e7ea82fe5f1bd0b0552, one commit after
the release of 3.1.5.
So this is, thankfully, not a problem for anyone not a maniac running
the latest master branch. But then, I've never claimed not to be a
maniac. :)
--
NULL && (void)
From nick.alcock at oracle.com Mon Jun 10 22:35:19 2013
From: nick.alcock at oracle.com (Nick Alcock)
Date: Mon, 10 Jun 2013 21:35:19 +0100
Subject: [gnutls-devel] [sr #108321] crq_apis coredump on 32-bit build
due to _gnutls_strdatum_to_buf NULL buf handling
In-Reply-To: <51B62D0E.6050309@gnutls.org> (Nikos Mavrogiannopoulos's message
of "Mon, 10 Jun 2013 21:46:22 +0200")
References: <20130610-124716.sv0.1003@savannah.gnu.org>
<51B61E50.2000608@gnutls.org> <87wqq1sr3i.fsf@spindle.srvr.nix>
<51B62D0E.6050309@gnutls.org>
Message-ID: <87sj0psnzs.fsf@spindle.srvr.nix>
On 10 Jun 2013, Nikos Mavrogiannopoulos told this:
> It seems that you check the old site a gnu which is not being updated.
> You may want to check http://www.gnutls.org/
> which has the most recent releases and links to the new repository.
Oh, the repository changed, a thousand curses. I should have noticed the
last modified date of December on the trunk code! (I'd have noticed if
there'd been a release since the repository changed... just bad luck.)
... and four days after you introduced the bug (and perhaps a day after
you switched repos), you fixed it :) so this is a *hugely* out of date
bug report. My apologies.
> Out of curiosity how did you end-up in the old sites? I thought I have
> forwarded most of the old pages to the new ones.
You probably did, but this clone is several years old: I've just been
git pulling to update it and didn't consider that the repo might have
changed, since *something* came down (the data from before the
switchover). git really needs some way to report this case...
Sorry for wasting your time.
--
NULL && (void)
From nmav at gnutls.org Thu Jun 13 16:16:18 2013
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Thu, 13 Jun 2013 16:16:18 +0200
Subject: [gnutls-devel] Polish translation update for gnutls 3.1.11 and
3.2.1
In-Reply-To: <20130608195816.GB5776@stranger.qboosh.pl>
References: <20130608195816.GB5776@stranger.qboosh.pl>
Message-ID:
Thank you for the translation and sorry for the late reply. We use the
translation project [0] for getting updates of the translations in
gnutls, so may I suggest to submit your updated translations to the
polish team (or the previous translator of gnutls [1]), so that it is
not overwritten on a scheduled update?
best regards,
Nikos
[0]. http://translationproject.org/html/translators.html
[1]. http://translationproject.org/team/pl.html
On Sat, Jun 8, 2013 at 9:58 PM, Jakub Bogusz wrote:
> Hello,
>
> I updated Polish translations for gnutls 3.1.11 and 3.2.1.
> They are available at:
> http://qboosh.pl/pl.po/gnutls-3.1.11.pl.po
> http://qboosh.pl/pl.po/gnutls-3.2.1.pl.po
>
> Please apply.
>
> --
> Jakub Bogusz http://qboosh.pl/
>
> _______________________________________________
> Gnutls-devel mailing list
> Gnutls-devel at lists.gnutls.org
> http://lists.gnupg.org/mailman/listinfo/gnutls-devel
From qboosh at pld-linux.org Thu Jun 13 16:37:02 2013
From: qboosh at pld-linux.org (Jakub Bogusz)
Date: Thu, 13 Jun 2013 16:37:02 +0200
Subject: [gnutls-devel] Polish translation update for gnutls 3.1.11 and
3.2.1
In-Reply-To:
References: <20130608195816.GB5776@stranger.qboosh.pl>
Message-ID: <20130613143702.GA24917@mail>
On Thu, Jun 13, 2013 at 04:16:18PM +0200, Nikos Mavrogiannopoulos wrote:
> Thank you for the translation and sorry for the late reply. We use the
> translation project [0] for getting updates of the translations in
> gnutls, so may I suggest to submit your updated translations to the
> polish team (or the previous translator of gnutls [1]), so that it is
> not overwritten on a scheduled update?
OK, I'm already member of Polish TP team and prefer using TP to handle
translations.
But please do send .pot files to the TP, so than it can accept new
translation updates - the last .pot version sent to TP was 3.0.12:
http://translationproject.org/domain/libgnutls.html
Regards,
--
Jakub Bogusz http://qboosh.pl/
From ludo at gnu.org Fri Jun 28 00:49:51 2013
From: ludo at gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Date: Fri, 28 Jun 2013 00:49:51 +0200
Subject: [gnutls-devel] Important Guile bug fix
Message-ID: <87ehbn6ueo.fsf@gnu.org>
Hello,
Nikos privately reported failures in the test suite of the Guile
bindings, which would manifest like this:
--8<---------------cut here---------------start------------->8---
make check-TESTS
make[1]: Entering directory `/home/ludo/src/gnutls-3.2.1/+build/guile/tests'
/bin/sh: line 5: 5840 Floating point exception(core dumped) GUILE_AUTO_COMPILE=0 GUILE_WARN_DEPRECATED=detailed ../../guile/pre-inst-guile -L ../../../guile/tests ${dir}$tst
FAIL: anonymous-auth.scm
`set-session-certificate-type-priority!' is deprecated, use `set-session-priorities!' instead
`set-session-kx-priority!' is deprecated, use `set-session-priorities!' instead
`set-session-protocol-priority!' is deprecated, use `set-session-priorities!' instead
`set-session-cipher-priority!' is deprecated, use `set-session-priorities!' instead
`set-session-mac-priority!' is deprecated, use `set-session-priorities!' instead
`uniform-vector-write' is deprecated. Use `put-bytevector' from
`(rnrs io ports)' instead.
`set-session-certificate-type-priority!' is deprecated, use `set-session-priorities!' instead
`set-session-kx-priority!' is deprecated, use `set-session-priorities!' instead
`set-session-protocol-priority!' is deprecated, use `set-session-priorities!' instead
`set-session-cipher-priority!' is deprecated, use `set-session-priorities!' instead
`set-session-mac-priority!' is deprecated, use `set-session-priorities!' instead
`uniform-vector-read!' is deprecated. Use `get-bytevector-n!' from
`(rnrs io ports)' instead.
PASS: session-record-port.scm
`uniform-vector-read!' is deprecated. Use `get-bytevector-n!' from
`(rnrs io ports)' instead.
PASS: pkcs-import-export.scm
PASS: errors.scm
`uniform-vector-read!' is deprecated. Use `get-bytevector-n!' from
`(rnrs io ports)' instead.
PASS: x509-certificates.scm
/bin/sh: line 5: 5894 Segmentation fault (core dumped) GUILE_AUTO_COMPILE=0 GUILE_WARN_DEPRECATED=detailed ../../guile/pre-inst-guile -L ../../../guile/tests ${dir}$tst
FAIL: x509-auth.scm
PASS: priorities.scm
`uniform-vector-read!' is deprecated. Use `get-bytevector-n!' from
`(rnrs io ports)' instead.
PASS: openpgp-keys.scm
`uniform-vector-read!' is deprecated. Use `get-bytevector-n!' from
`(rnrs io ports)' instead.
PASS: openpgp-keyring.scm
/bin/sh: line 5: 5938 Segmentation fault (core dumped) GUILE_AUTO_COMPILE=0 GUILE_WARN_DEPRECATED=detailed ../../guile/pre-inst-guile -L ../../../guile/tests ${dir}$tst
FAIL: openpgp-auth.scm
PASS: srp-base64.scm
===================================
3 of 11 tests failed
Please report to bug-gnutls at gnu.org
===================================
make[1]: *** [check-TESTS] Error 1
--8<---------------cut here---------------end--------------->8---
For some reason, the bugs would only show up when using Debian?s binary
of Guile 2.0.5 on x86_64. However, in hindsight, this was an obvious
mistake.
Commit 55e8943 in ?master? fixes it AFAICS. Nikos, can you confirm?
Also, could you backport the fix to the live branches?
I haven?t tested it with the old Guile 1.8, but I guess it should work too.
Thanks,
Ludo?.
From nmav at gnutls.org Fri Jun 28 09:18:29 2013
From: nmav at gnutls.org (Nikos Mavrogiannopoulos)
Date: Fri, 28 Jun 2013 09:18:29 +0200
Subject: [gnutls-devel] Important Guile bug fix
In-Reply-To: <87ehbn6ueo.fsf@gnu.org>
References: <87ehbn6ueo.fsf@gnu.org>
Message-ID:
On Fri, Jun 28, 2013 at 12:49 AM, Ludovic Court?s wrote:
> Hello,
>
> Nikos privately reported failures in the test suite of the Guile
> bindings, which would manifest like this:
>
[...]
> For some reason, the bugs would only show up when using Debian?s binary
> of Guile 2.0.5 on x86_64. However, in hindsight, this was an obvious
> mistake.
> Commit 55e8943 in ?master? fixes it AFAICS. Nikos, can you confirm?
> Also, could you backport the fix to the live branches?
Yes, that fixes the issue in my system. It is now backported to the
old branches as well.
Thank you,
Nikos
From ludo at gnu.org Fri Jun 28 14:16:37 2013
From: ludo at gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Date: Fri, 28 Jun 2013 14:16:37 +0200
Subject: [gnutls-devel] Important Guile bug fix
In-Reply-To:
(Nikos Mavrogiannopoulos's message of "Fri, 28 Jun 2013 09:18:29
+0200")
References: <87ehbn6ueo.fsf@gnu.org>
Message-ID: <87y59uo2fu.fsf@gnu.org>
Nikos Mavrogiannopoulos skribis:
> On Fri, Jun 28, 2013 at 12:49 AM, Ludovic Court?s wrote:
>> Hello,
>>
>> Nikos privately reported failures in the test suite of the Guile
>> bindings, which would manifest like this:
>>
> [...]
>> For some reason, the bugs would only show up when using Debian?s binary
>> of Guile 2.0.5 on x86_64. However, in hindsight, this was an obvious
>> mistake.
>> Commit 55e8943 in ?master? fixes it AFAICS. Nikos, can you confirm?
>> Also, could you backport the fix to the live branches?
>
> Yes, that fixes the issue in my system. It is now backported to the
> old branches as well.
Great, thanks!
What remains a mystery to me is that I?ve been maintaining the GnuTLS
and Guile packages in Nixpkgs and now Guix for ~4 years, and yet never
stumbled upon that bug.
Ludo?.
From peter.dettman at bouncycastle.org Sun Jun 30 04:52:06 2013
From: peter.dettman at bouncycastle.org (Peter Dettman)
Date: Sun, 30 Jun 2013 09:52:06 +0700
Subject: [gnutls-devel] Server sends incorrect extensions for resumption
handshake?
Message-ID: <51CF9D56.2030201@bouncycastle.org>
Hi All,
I'm currently adding session resumption to the BouncyCastle (Java) TLS
code, and I'm seeing what I think is incorrect behaviour from the
gnutls-serv test server. I'm using GnuTLS 3.2.1 on Win7, with command line:
gnutls-serv --http --x509cafile x509-ca.pem --x509keyfile
x509-server-key.pem --x509certfile x509-server.pem
My test client makes an initial connection to establish a session,
successfully negotiating TLS 1.1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
secure_renegotiation = true. Note the ServerHello contains two
extensions: renegotiation_info and ec_point_formats. This connection is
closed once the handshake has completed.
The client then tries to resume this session (with essentially the same
ClientHello, excepting client_random, and with the resuming session_id).
If it ignores the errors I am about to describe, it can happily resume
the session, and make a GET request to the http server, getting the
expected page and closing cleanly. However I think the ServerHello is
wrong, specifically the server extensions.
Firstly, the ec_point_formats extension is included in the session
resumption ServerHello. This appears to violate RFC 3546 2.3. "If [...]
the older session is resumed, then the server MUST ignore extensions
appearing in the client hello, and send a server hello containing no
extensions[.]" (later RFC updates contain similar clauses) . Please
understand that the problem is probably broader than just the
ec_point_formats extension; the server shouldn't be sending any. The
only exception to that rule that I am aware of is from RFC 5746,
renegotiation_info, which appears to say that this extension is
per-connection, and can always be sent. This is the second issue I want
to raise: while gnutls-serv sends renegotiation_info during the initial
handshake, it does _not_ send it during a resumption handshake.
I am posting to the list instead of raising a bug report directly,
because it's at least true that 'openssl s_server' also sends
superfluous server extensions during resumption (it sends the
renegotiation_info correctly though) . I would appreciate if anyone can
enlighten me as to whether there is an unofficial standard in play here,
or whether this should be considered a bug.
Please contact me if you'd like replicate the problem, either via the
BouncyCastle test code itself, or in some other way.
Regards,
Pete Dettman