From MAILER-DAEMON Mon Jun 01 01:36:36 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MB0CK-0001RP-Lw for mharc-gnutls-devel@gnu.org; Mon, 01 Jun 2009 01:36:36 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MB0CI-0001RK-Vy for gnutls-devel@gnu.org; Mon, 01 Jun 2009 01:36:35 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MB0CF-0001Qe-1V for gnutls-devel@gnu.org; Mon, 01 Jun 2009 01:36:34 -0400 Received: from [199.232.76.173] (port=38909 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MB0C1-0001Ou-Ie; Mon, 01 Jun 2009 01:36:17 -0400 Received: from sineb-mail-1.sun.com ([192.18.19.6]:36352) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MB0Bn-000110-KS; Mon, 01 Jun 2009 01:36:17 -0400 Received: from fe-apac-05.sun.com (fe-apac-05.sun.com [192.18.19.176] (may be forged)) by sineb-mail-1.sun.com (8.13.6+Sun/8.12.9) with ESMTP id n515ZlGh021517; Mon, 1 Jun 2009 05:36:01 GMT MIME-version: 1.0 Content-type: text/plain; charset=UTF-8 Received: from conversion-daemon.mail-apac.sun.com by mail-apac.sun.com (Sun Java(tm) System Messaging Server 7u2-7.02 64bit (built Apr 16 2009)) id <0KKJ00600OU5BW00@mail-apac.sun.com>; Mon, 01 Jun 2009 13:35:47 +0800 (SGT) Received: from [129.158.217.120] ([unknown] [129.158.217.120]) by mail-apac.sun.com (Sun Java(tm) System Messaging Server 7u2-7.02 64bit (built Apr 16 2009)) with ESMTPSA id <0KKJ002D4OVMKDI0@mail-apac.sun.com>; Mon, 01 Jun 2009 13:35:47 +0800 (SGT) Date: Mon, 01 Jun 2009 13:26:33 +0800 From: Jeff Cai In-reply-to: <878wkhabs7.fsf@mocca.josefsson.org> Sender: Jeff.Cai@Sun.COM To: Simon Josefsson Message-id: <1243833993.4273.1.camel@mvp> X-Mailer: Evolution 2.26.1 References: <878wkhabs7.fsf@mocca.josefsson.org> Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by sineb-mail-1.sun.com id n515ZlGh021517 X-detected-operating-system: by monty-python.gnu.org: Solaris 10 (beta) Cc: help-gnutls@gnu.org, info-gnu@gnu.org, gnutls-devel@gnu.org Subject: Re: GnuTLS 2.8.0 X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2009 05:36:35 -0000 I can not find the COPYING.LIB in the source tarball.=20 Jeff =E5=9C=A8 2009-05-28=E5=9B=9B=E7=9A=84 10:10 +0200=EF=BC=8CSimon Josefsso= n=E5=86=99=E9=81=93=EF=BC=9A > We are proud to announce a new stable GnuTLS release: Version 2.8.0. >=20 > GnuTLS is a modern C library that implements the standard network > security protocol Transport Layer Security (TLS), for use by network > applications. GnuTLS is developed for GNU/Linux, but works on many > Unix-like systems and comes with a binary installer for Windows. >=20 > The GnuTLS library is distributed under the terms of the GNU Lesser > General Public License version 2.1 (or later). The "extra" GnuTLS > library (which contains TLS/IA support, LZO compression and Libgcrypt > FIPS-mode handler), the OpenSSL compatibility library, the self tests > and the command line tools are all distributed under the GNU General > Public License version 3.0 (or later). The manual is distributed > under the GNU Free Documentation License version 1.3 (or later). >=20 > The project page of the library is available at: > http://www.gnu.org/software/gnutls/ >=20 > What's New > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 > Version 2.8.0 is the first stable release on the 2.8.x branch and is th= e > result of 7 months of work on the experimental 2.7.x branch. The GnuTL= S > 2.8.x branch replaces the GnuTLS 2.6.x branch as the supported stable > branch, although we will continue to support GnuTLS 2.6.x for some time. >=20 > ** lib: Linker version scripts reduces number of exported symbols. > The linker version script now lists all exported ABIs explicitly, to > avoid accidentally exporting unintended functions. Compared to > before, most symbols beginning with _gnutls* are no longer exported. > These functions have never been intended for use by applications, and > there were no prototypes for these function in the public header > files. Thus we believe it is possible to do this without incrementing > the library ABI version which normally has to be done when removing an > interface. >=20 > ** lib: Limit exported symbols on systems without LD linker scripts. > Before all symbols were exported. Now we limit the exported symbols > to (for libgnutls and libgnutls-extra) gnutls* and (for libgnutls) > _gnutls*. This is a superset of the actual supported ABI, but still > an improvement compared to before. This is implemented using Libtool > -export-symbols-regex. It is more portable than linker version > scripts. >=20 > ** libgnutls: Fix namespace issue with version symbols. > The symbols LIBGNUTLS_VERSION, LIBGNUTLS_VERSION_MAJOR, > LIBGNUTLS_VERSION_MINOR, LIBGNUTLS_VERSION_PATCH, and > LIBGNUTLS_VERSION_NUMBER were renamed to GNUTLS_VERSION_NUMBER, > GNUTLS_VERSION_MAJOR, GNUTLS_VERSION_MINOR, GNUTLS_VERSION_PATCH, and > GNUTLS_VERSION_NUMBER respectively. The old symbols will continue to > work but are deprecated. >=20 > ** libgnutls: Fix namespace issue with version symbol for libgnutls-ext= ra. > The symbol LIBGNUTLS_EXTRA_VERSION were renamed to > GNUTLS_EXTRA_VERSION. The old symbol will continue to work but is > deprecated. >=20 > ** libgnutls: Add functions to verify a hash against a certificate. > gnutls_x509_crt_verify_hash: ADDED > gnutls_x509_crt_get_verify_algorithm: ADDED >=20 > ** gnutls-serv: Listen on all interfaces, including both IPv4 and IPv6. >=20 > ** i18n: The GnuTLS gettext domain is now 'libgnutls' instead of 'gnutl= s'. > It is currently only used by the core library. This will enable a new > domain 'gnutls' for translations of the command line tools. >=20 > ** certtool: Query for multiple dnsName subjectAltName in interactive m= ode. > This applies both to generating certificates and certificate requests. >=20 > ** gnutls-cli: No longer accepts V1 CAs by default during X.509 chain v= erify. > Use --priority NORMAL:%VERIFY_ALLOW_X509_V1_CA_CRT to permit V1 CAs to > be used for chain verification. >=20 > ** gnutls-serv: No longer disable MAC padding by default. > Use --priority NORMAL:%COMPAT to disable MAC padding again. >=20 > ** gnutls-cli: Certificate information output format changed. > The tool now uses libgnutls' functions to print certificate > information. This avoids code duplication. >=20 > ** libgnutls: New priority strings %VERIFY_ALLOW_SIGN_RSA_MD5 > ** and %VERIFY_ALLOW_X509_V1_CA_CRT. > They can be used to override the default certificate chain validation > behaviour. >=20 > ** libgnutls: gnutls_x509_crt_print prints signature algorithm in oneli= ne mode. >=20 > ** libgnutls: gnutls_openpgp_crt_print supports oneline mode. >=20 > ** libgnutls: gnutls_handshake when sending client hello during a > rehandshake, will not offer a version number larger than the current. >=20 > ** libgnutls: New interface to get key id for certificate requests. > gnutls_x509_crq_get_key_id: ADDED. >=20 > ** libgnutls: gnutls_x509_crq_print will now also print public key id. >=20 > ** certtool: --verify-chain now prints results of using library verific= ation. > Earlier, certtool --verify-chain used its own validation algorithm > which wasn't guaranteed to give the same result as the libgnutls > internal validation algorithm. Now this command print a new final > line with header 'Chain verification output:' that contains the result > From using the internal verification algorithm on the same chain. >=20 > ** libgnutls: Libgcrypt initialization changed. > If libgcrypt has not already been initialized, GnuTLS will now > initialize libgcrypt with disabled secure memory. Initialize > libgcrypt explicitly in your application if you want to enable secure > memory. Before GnuTLS initialized libgcrypt to use GnuTLS's memory > allocation functions, which doesn't use secure memory, so there is no > real change in behaviour. >=20 > ** libgnutls: Small byte reads via gnutls_record_recv() optimized. >=20 > ** gnutls-cli: Return non-zero exit code on error conditions. >=20 > ** gnutls-cli: Corrected bug which caused a rehandshake request to be i= gnored. >=20 > ** certtool: allow setting arbitrary key purpose object identifiers. >=20 > ** libgnutls: Change detection of when to use a linker version script. > Use --enable-ld-version-script or --disable-ld-version-script to > override auto-detection logic. >=20 > ** Fix warnings and build GnuTLS with more warnings enabled. >=20 > ** New API to set X.509 credentials from PKCS#12 memory structure. > gnutls_certificate_set_x509_simple_pkcs12_mem: ADDED >=20 > ** Old libgnutls.m4 and libgnutls-config scripts removed. > Please use pkg-config instead. >=20 > ** libgnutls: Added functions to handle CRL extensions. > gnutls_x509_crl_get_authority_key_id: ADDED > gnutls_x509_crl_get_number: ADDED > gnutls_x509_crl_get_extension_oid: ADDED > gnutls_x509_crl_get_extension_info: ADDED > gnutls_x509_crl_get_extension_data: ADDED > gnutls_x509_crl_set_authority_key_id: ADDED > gnutls_x509_crl_set_number: ADDED >=20 > ** libgnutls: Added functions to handle X.509 extensions in Certificate > Requests. > gnutls_x509_crq_get_key_rsa_raw: ADDED > gnutls_x509_crq_get_attribute_info: ADDED > gnutls_x509_crq_get_attribute_data: ADDED > gnutls_x509_crq_get_extension_info: ADDED > gnutls_x509_crq_get_extension_data: ADDED > gnutls_x509_crq_get_key_usage: ADDED > gnutls_x509_crq_get_basic_constraints: ADDED > gnutls_x509_crq_get_subject_alt_name: ADDED > gnutls_x509_crq_get_subject_alt_othername_oid: ADDED > gnutls_x509_crq_get_extension_by_oid: ADDED > gnutls_x509_crq_set_subject_alt_name: ADDED > gnutls_x509_crq_set_basic_constraints: ADDED > gnutls_x509_crq_set_key_usage: ADDED > gnutls_x509_crq_get_key_purpose_oid: ADDED > gnutls_x509_crq_set_key_purpose_oid: ADDED > gnutls_x509_crq_print: ADDED > gnutls_x509_crt_set_crq_extensions: ADDED >=20 > ** certtool: Print and set CRL and CRQ extensions. >=20 > ** minitasn1: Internal copy updated to libtasn1 v2.1. > GnuTLS should work fine with libtasn1 v1.x and that is still > supported. >=20 > ** examples: Now released into the public domain. > This makes the license of the example code compatible with more > licenses, including the (L)GPL. >=20 > ** The Texinfo and GTK-DOC manuals were improved. >=20 > ** Several self-tests were added and others improved. >=20 > API/ABI changes in GnuTLS 2.8 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D >=20 > No offically supported interfaces have been modified or removed. The > library should be completely backwards compatible on both the source > and binary level. >=20 > The shared library no longer exports some symbols that have never been > officially supported, i.e., not mentioned in any of the header files. > The symbols are: >=20 > _gnutls* > gnutls_asn1_tab >=20 > Normally when symbols are removed, the shared library version has to > be incremented. This leads to a significant cost for everyone using > the library. Because none of the above symbols have ever been > intended for use by well-behaved applications, we decided that the it > would be better for those applications to pay the price rather than > incurring problems on the majority of applications. >=20 > If it turns out that applications have been using unofficial > interfaces, we will need to release a follow-on release on the v2.8 > branch to exports additional interfaces. However, initial testing > suggests that few if any applications have been using any of the > internal symbols. >=20 > Although not a new change compared to 2.6.x, we'd like to remind you > interfaces have been modified so that X.509 chain verification now > also checks activation/expiration times on certificates. The affected > functions are: >=20 > gnutls_x509_crt_list_verify: CHANGED, checks activation/expiration time= s. > gnutls_certificate_verify_peers: Likewise. > gnutls_certificate_verify_peers2: Likewise. > GNUTLS_CERT_NOT_ACTIVATED: ADDED. > GNUTLS_CERT_EXPIRED: ADDED. > GNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED. >=20 > This change in behaviour was made during the GnuTLS 2.6.x cycle, and > we gave our rationale for it in earlier release notes. >=20 > The following symbols have been added to the library: >=20 > gnutls_certificate_set_x509_simple_pkcs12_mem: ADDED > gnutls_x509_crl_get_authority_key_id: ADDED > gnutls_x509_crl_get_extension_data: ADDED > gnutls_x509_crl_get_extension_info: ADDED > gnutls_x509_crl_get_extension_oid: ADDED > gnutls_x509_crl_get_number: ADDED > gnutls_x509_crl_set_authority_key_id: ADDED > gnutls_x509_crl_set_number: ADDED > gnutls_x509_crq_get_attribute_data: ADDED > gnutls_x509_crq_get_attribute_info: ADDED > gnutls_x509_crq_get_basic_constraints: ADDED > gnutls_x509_crq_get_extension_by_oid: ADDED > gnutls_x509_crq_get_extension_data: ADDED > gnutls_x509_crq_get_extension_info: ADDED > gnutls_x509_crq_get_key_id: ADDED. > gnutls_x509_crq_get_key_purpose_oid: ADDED > gnutls_x509_crq_get_key_rsa_raw: ADDED > gnutls_x509_crq_get_key_usage: ADDED > gnutls_x509_crq_get_subject_alt_name: ADDED > gnutls_x509_crq_get_subject_alt_othername_oid: ADDED > gnutls_x509_crq_print: ADDED > gnutls_x509_crq_set_basic_constraints: ADDED > gnutls_x509_crq_set_key_purpose_oid: ADDED > gnutls_x509_crq_set_key_usage: ADDED > gnutls_x509_crq_set_subject_alt_name: ADDED > gnutls_x509_crt_get_verify_algorithm: ADDED > gnutls_x509_crt_set_crq_extensions: ADDED > gnutls_x509_crt_verify_hash: ADDED >=20 > The following interfaces have been added to the header files: >=20 > GNUTLS_VERSION: ADDED, replaces LIBGNUTLS_VERSION. > GNUTLS_VERSION_MAJOR: ADDED, replaces LIBGNUTLS_VERSION_MAJOR. > GNUTLS_VERSION_MINOR: ADDED, replaces LIBGNUTLS_VERSION_MINOR. > GNUTLS_VERSION_PATCH: ADDED, replaces LIBGNUTLS_VERSION_PATCH. > GNUTLS_VERSION_NUMBER: ADDED, replaces LIBGNUTLS_VERSION_NUMBER. > GNUTLS_EXTRA_VERSION: ADDED, replaces LIBGNUTLS_EXTRA_VERSION. >=20 > The following interfaces have been deprecated: >=20 > LIBGNUTLS_VERSION: DEPRECATED. > LIBGNUTLS_VERSION_MAJOR: DEPRECATED. > LIBGNUTLS_VERSION_MINOR: DEPRECATED. > LIBGNUTLS_VERSION_PATCH: DEPRECATED. > LIBGNUTLS_VERSION_NUMBER: DEPRECATED. > LIBGNUTLS_EXTRA_VERSION: DEPRECATED. >=20 > Getting the Software > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 > GnuTLS may be downloaded from one of the mirror sites or direct from > . The list of mirrors can be found at > . >=20 > Here are the BZIP2 compressed sources (6.0MB): >=20 > ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.8.0.tar.bz2 > http://ftp.gnu.org/gnu/gnutls/gnutls-2.8.0.tar.bz2 >=20 > Here are OpenPGP detached signatures signed using key 0xB565716F: >=20 > ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.8.0.tar.bz2.sig > http://ftp.gnu.org/gnu/gnutls/gnutls-2.8.0.tar.bz2.sig >=20 > Note, that we don't distribute gzip compressed tarballs. >=20 > In order to check that the version of GnuTLS which you are going to > install is an original and unmodified one, you should verify the OpenPG= P > signature. You can use the command >=20 > gpg --verify gnutls-2.8.0.tar.bz2.sig >=20 > This checks whether the signature file matches the source file. You > should see a message indicating that the signature is good and made by > that signing key. Make sure that you have the right key, either by > checking the fingerprint of that key with other sources or by checking > that the key has been signed by a trustworthy other key. The signing > key can be identified with the following information: >=20 > pub 1280R/B565716F 2002-05-05 [expires: 2010-04-21] > Key fingerprint =3D 0424 D4EE 81A0 E3D1 19C6 F835 EDA2 1E94 B565= 716F > uid Simon Josefsson > uid Simon Josefsson > sub 1280R/4D5D40AE 2002-05-05 [expires: 2010-04-21] >=20 > The key is available from: > http://josefsson.org/key.txt > dns:b565716f.josefsson.org?TYPE=3DCERT >=20 > Alternatively, after successfully verifying the OpenPGP signature of > this announcement, you could verify that the files match the following > checksum values. The values are for SHA-1 and SHA-224 respectively: >=20 > 7c102253bb4e817f393b9979a62c647010312eac gnutls-2.8.0.tar.bz2 >=20 > 57ee306f261ed331b8386baf854f737fbf24da7b3bcc32331d34176b gnutls-2.8.0.= tar.bz2 >=20 > Documentation > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 > The manual is available online at: >=20 > http://www.gnu.org/software/gnutls/documentation.html >=20 > In particular the following formats are available: >=20 > HTML: http://www.gnu.org/software/gnutls/manual/html_node/index.html > PDF: http://www.gnu.org/software/gnutls/manual/gnutls.pdf >=20 > For developers there is a GnuTLS API reference manual formatted using > the GTK-DOC tools: >=20 > http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html >=20 > Community > =3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 > If you need help to use GnuTLS, or want to help others, you are invited > to join our help-gnutls mailing list, see: >=20 > http://lists.gnu.org/mailman/listinfo/help-gnutls >=20 > If you wish to participate in the development of GnuTLS, you are invite= d > to join our gnutls-dev mailing list, see: >=20 > http://lists.gnu.org/mailman/listinfo/gnutls-devel >=20 > Windows installer > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 > GnuTLS has been ported to the Windows operating system, and a binary > installer is available. The installer contains DLLs for application > development, manuals, examples, and source code. The installer uses > libgpg-error v1.7, libgcrypt v1.4.4, libtasn1 v2.2, and GnuTLS v2.8.0. >=20 > For more information about GnuTLS for Windows: > http://josefsson.org/gnutls4win/ >=20 > The Windows binary installer and PGP signature: > http://josefsson.org/gnutls4win/gnutls-2.8.0.exe (15MB) > http://josefsson.org/gnutls4win/gnutls-2.8.0.exe.sig >=20 > The checksum values for SHA-1 and SHA-224 are: >=20 > 8a7965168c542edec3259469b6c0e87a9a2b4626 gnutls-2.8.0.exe >=20 > 5f76c907eac768b714dc7187a17f87c0393439cf1ef44ab145aab6e3 gnutls-2.8.0.= exe >=20 > A ZIP archive containing the Windows binaries: > http://josefsson.org/gnutls4win/gnutls-2.8.0.zip (5.3MB) > http://josefsson.org/gnutls4win/gnutls-2.8.0.zip.sig >=20 > A Debian mingw32 package is also available: > http://josefsson.org/gnutls4win/mingw32-gnutls_2.7.10-1_all.deb (4.8M= B) >=20 > The checksum values for SHA-1 and SHA-224 are: >=20 > aca9f9f1adba09b952e095039595d4c5d9e67d46 mingw32-gnutls_2.8.0-1_all.de= b >=20 > 269020738a9f36135e3f231a94cdb2cabc0edd3658092d76b87c27dc mingw32-gnutl= s_2.8.0-1_all.deb >=20 > Internationalization > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 > The GnuTLS library messages have been translated into Czech, Dutch, > French, German, Malay, Polish, Swedish, and Vietnamese. We welcome the > addition of more translations. >=20 > Support > =3D=3D=3D=3D=3D=3D=3D >=20 > Improving GnuTLS is costly, but you can help! We are looking for > organizations that find GnuTLS useful and wish to contribute back. You > can contribute by reporting bugs, improve the software, or donate money > or equipment. >=20 > Commercial support contracts for GnuTLS are available, and they help > finance continued maintenance. Simon Josefsson Datakonsult AB, a > Stockholm based privately held company, is currently funding GnuTLS > maintenance. We are always looking for interesting development > projects. See http://josefsson.org/ for more details. >=20 > The GnuTLS service directory is available at: >=20 > http://www.gnu.org/software/gnutls/commercial.html >=20 > Happy Hacking, > Simon > _______________________________________________ > Gnutls-devel mailing list > Gnutls-devel@gnu.org > http://lists.gnu.org/mailman/listinfo/gnutls-devel --=20 Jeff Cai From MAILER-DAEMON Mon Jun 01 05:09:58 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MB3Wo-00020V-3y for mharc-gnutls-devel@gnu.org; Mon, 01 Jun 2009 05:09:58 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MB3Wl-0001zP-Uu for gnutls-devel@gnu.org; Mon, 01 Jun 2009 05:09:56 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MB3Wg-0001xB-M7 for gnutls-devel@gnu.org; Mon, 01 Jun 2009 05:09:55 -0400 Received: from [199.232.76.173] (port=37709 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MB3Wg-0001x1-8j for gnutls-devel@gnu.org; Mon, 01 Jun 2009 05:09:50 -0400 Received: from fencepost.gnu.org ([140.186.70.10]:45553) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MB3Wf-0004qj-Vo for gnutls-devel@gnu.org; Mon, 01 Jun 2009 05:09:50 -0400 Received: from mail.gnu.org ([199.232.76.166]:47274 helo=mx10.gnu.org) by fencepost.gnu.org with esmtp (Exim 4.67) (envelope-from ) id 1MB3Wf-0004pn-S2 for bug-gnutls@gnu.org; Mon, 01 Jun 2009 05:09:49 -0400 Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim 4.60) (envelope-from ) id 1MB3We-0004qN-Cf for bug-gnutls@gnu.org; Mon, 01 Jun 2009 05:09:49 -0400 Received: from yxa-v.extundo.com ([83.241.177.39]:33414) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MB3Wd-0004pX-82 for bug-gnutls@gnu.org; Mon, 01 Jun 2009 05:09:48 -0400 Received: from mocca.josefsson.org (c80-216-29-127.bredband.comhem.se [80.216.29.127]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n5199huA020208 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 1 Jun 2009 11:09:44 +0200 From: Simon Josefsson To: =?iso-8859-2?Q?Mat=ECj_=A9vr=E8ek?= References: <200905302141.25676.matej@svrcek.org> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090601:bug-gnutls@gnu.org::lO7B2hkt2gau1zJO:HOLC X-Hashcash: 1:22:090601:matej@svrcek.org::XqPu1ZC32LC1cjJb:01J6u Date: Mon, 01 Jun 2009 11:09:42 +0200 In-Reply-To: <200905302141.25676.matej@svrcek.org> (=?iso-8859-2?Q?=22Mat?= =?iso-8859-2?Q?=ECj_=A9vr=E8ek=22's?= message of "Sat, 30 May 2009 21:41:25 +0200") Message-ID: <8763fgs4kp.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 1) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) Cc: bug-gnutls@gnu.org Subject: Re: Libtasn1 X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2009 09:09:56 -0000 Mat=ECj =A9vr=E8ek writes: > Hallo, > > I would like to report a broken link on your site=20 > http://www.gnu.org/software/gnutls/download.html > > I tried several links to download libtasn1, but none of the links worked = for=20 > me, it seems as libtasn1 is no longer part of GNU project. Actually, libtasn1 just became a GNU project a few days ago. ;) What URL is broken on the above page? The new official home for libtasn1 is: http://www.gnu.org/software/libtasn1/ I'll upload old releases to ftp.gnu.org now. /Simon From MAILER-DAEMON Sat Jun 06 13:47:58 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MCzzq-000589-KO for mharc-gnutls-devel@gnu.org; Sat, 06 Jun 2009 13:47:58 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MCzzo-00057w-VO for gnutls-devel@gnu.org; Sat, 06 Jun 2009 13:47:57 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MCzzk-000569-GK for gnutls-devel@gnu.org; Sat, 06 Jun 2009 13:47:56 -0400 Received: from [199.232.76.173] (port=45759 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MCzzk-000566-DZ for gnutls-devel@gnu.org; Sat, 06 Jun 2009 13:47:52 -0400 Received: from mail.gmx.net ([213.165.64.20]:60451) by monty-python.gnu.org with smtp (Exim 4.60) (envelope-from ) id 1MCzzj-000868-S1 for gnutls-devel@gnu.org; Sat, 06 Jun 2009 13:47:52 -0400 Received: (qmail invoked by alias); 06 Jun 2009 17:47:49 -0000 Received: from p54BC0149.dip0.t-ipconnect.de (EHLO [192.168.71.20]) [84.188.1.73] by mail.gmx.net (mp069) with SMTP; 06 Jun 2009 19:47:49 +0200 X-Authenticated: #858129 X-Provags-ID: V01U2FsdGVkX1+FbP09KEaFzFIb93U0U73CH6f/CgAUQUHWV8JRpN DbtCv3FuCEb93l Message-ID: <4A2AABB9.9080309@gmx.net> Date: Sat, 06 Jun 2009 19:47:37 +0200 From: Martin von Gagern User-Agent: Thunderbird 2.0.0.21 (X11/20090501) MIME-Version: 1.0 To: GnuTLS development list X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigDBE926E6A2180E84616C4CC8" X-Y-GMX-Trusted: 0 X-FuHaFi: 0.6 X-detected-operating-system: by monty-python.gnu.org: Genre and OS details not recognized. Subject: gnutls_ext_register causing memory corruption X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jun 2009 17:47:57 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigDBE926E6A2180E84616C4CC8 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi folks! There seems to be some evidence that the latest gnutls might be involved in instabilities of the adobe flash plugin for mozilla firefox on gentoo linux. I myself got this error message and back trace at one point: *** glibc detected *** /usr/lib/mozilla-firefox/firefox: realloc(): invalid next size: 0x1026c8f0 *** =3D=3D=3D=3D=3D=3D=3D Backtrace: =3D=3D=3D=3D=3D=3D=3D=3D=3D /lib/libc.so.6[0x4c59d7c4] /lib/libc.so.6[0x4c5a2c24] /lib/libc.so.6(realloc+0xdd)[0x4c5a2fbd] /usr/lib/libgnutls.so.26(gnutls_ext_register+0x38)[0xb7b0185e] /usr/lib/libgnutls.so.26[0xb7b01920] /usr/lib/libgnutls.so.26(gnutls_global_init+0x1a0)[0xb7b08513] /usr/lib/libcurl.so.4(Curl_gtls_init+0x2c)[0xb2d33037] /usr/lib/libcurl.so.4(Curl_ssl_init+0x33)[0xb2d348fa] /usr/lib/libcurl.so.4(curl_global_init+0x88)[0xb2d28d9d] /opt/netscape/plugins/libflashplayer.so[0xb213de16] http://bugs.gentoo.org/272388#c7 lists a similar back trace, with "double free or corruption (!prev)" instead of "invalid next size". http://bugs.gentoo.org/260630 might be dealing with the same bug. In all these cases, the latest (and rather recently released) closed source flash player was involved as well, so I cannot rule out a problem with that code. You might wish to investigate the issue on the gnutls side nevertheless, and maybe subscribe to those bugs to stay tuned. Greetings, Martin von Gagern --------------enigDBE926E6A2180E84616C4CC8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoqq74ACgkQRhp6o4m9dFuuCQCdENa+3awOBzgLUDlrAeXUpAiY 9WoAn127tyAVvmnfhE3kqQUV/ukF/pfQ =mxqI -----END PGP SIGNATURE----- --------------enigDBE926E6A2180E84616C4CC8-- From MAILER-DAEMON Mon Jun 08 10:58:14 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MDgIf-0000iW-Jg for mharc-gnutls-devel@gnu.org; Mon, 08 Jun 2009 10:58:13 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MDgId-0000hU-JJ for gnutls-devel@gnu.org; Mon, 08 Jun 2009 10:58:11 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MDgIc-0000hI-60 for gnutls-devel@gnu.org; Mon, 08 Jun 2009 10:58:10 -0400 Received: from [199.232.76.173] (port=43049 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MDgIb-0000hF-KR for gnutls-devel@gnu.org; Mon, 08 Jun 2009 10:58:09 -0400 Received: from yxa-v.extundo.com ([83.241.177.39]:36406) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MDgIa-0003D5-T0 for gnutls-devel@gnu.org; Mon, 08 Jun 2009 10:58:09 -0400 Received: from mocca.josefsson.org (c80-216-29-127.bredband.comhem.se [80.216.29.127]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n58Ew0qC007811 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 8 Jun 2009 16:58:03 +0200 From: Simon Josefsson To: Martin von Gagern References: <4A2AABB9.9080309@gmx.net> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090608:martin.vgagern@gmx.net::EHdUCOdxWIvSbgde:0HZT X-Hashcash: 1:22:090608:gnutls-devel@gnu.org::gcQUUWoFnAqxQm1M:Uv92 Date: Mon, 08 Jun 2009 16:58:00 +0200 In-Reply-To: <4A2AABB9.9080309@gmx.net> (Martin von Gagern's message of "Sat, 06 Jun 2009 19:47:37 +0200") Message-ID: <87zlcin56v.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 1) Cc: GnuTLS development list Subject: Re: gnutls_ext_register causing memory corruption X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2009 14:58:12 -0000 Martin von Gagern writes: > Hi folks! > > There seems to be some evidence that the latest gnutls might be involved > in instabilities of the adobe flash plugin for mozilla firefox on gentoo > linux. Hi. Interesting but difficult to debug. The back traces looks weird, the crash is in the global initialization function. That function isn't thread safe, so maybe it is a thread related problem? Maybe set a breakpoint on gnutls_ext_register to see if it is called multiple times by the same process, that would suggest a problem. However this code is the same in 2.6.x and 2.8.0, so there must be something else too. I'll look into this code in gnutls, but to really help on this I need a simple-to-follow recipe to reproduce the problem. Alternatively, if you can pin-point what change 2.6.6...2.8.0 introduce the problem, that would also help -- try installing 2.7.0, 2.7.1, etc and see when the problem starts to happen. The final 2.7.9-2.7.14 contain mostly build fixes, so the early 2.7.x's are the interesting ones. Thanks, /Simon From MAILER-DAEMON Mon Jun 08 11:07:22 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MDgRW-0004Ic-3K for mharc-gnutls-devel@gnu.org; Mon, 08 Jun 2009 11:07:22 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MDgRV-0004I5-4P for gnutls-devel@gnu.org; Mon, 08 Jun 2009 11:07:21 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MDgRU-0004HO-6R for gnutls-devel@gnu.org; Mon, 08 Jun 2009 11:07:20 -0400 Received: from [199.232.76.173] (port=51226 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MDgRU-0004HI-2s for gnutls-devel@gnu.org; Mon, 08 Jun 2009 11:07:20 -0400 Received: from yxa-v.extundo.com ([83.241.177.39]:53586) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MDgRS-0005ar-80 for gnutls-devel@gnu.org; Mon, 08 Jun 2009 11:07:19 -0400 Received: from mocca.josefsson.org (c80-216-29-127.bredband.comhem.se [80.216.29.127]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n58F7BJB008025 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 8 Jun 2009 17:07:13 +0200 From: Simon Josefsson To: Martin von Gagern References: <4A2AABB9.9080309@gmx.net> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090608:gnutls-devel@gnu.org::GH+nt3StM61HPg9U:knx X-Hashcash: 1:22:090608:martin.vgagern@gmx.net::rSRuUtjbRWTbJHI+:FoWM Date: Mon, 08 Jun 2009 17:07:12 +0200 In-Reply-To: <4A2AABB9.9080309@gmx.net> (Martin von Gagern's message of "Sat, 06 Jun 2009 19:47:37 +0200") Message-ID: <87vdn6n4rj.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 1) Cc: GnuTLS development list Subject: Re: gnutls_ext_register causing memory corruption X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2009 15:07:21 -0000 Btw, I installed latest firefox with latest flash 10 plugin, and it worked fine on my x86 debian box. OTOH, my flash plugin doesn't seem to link to gnutls at all: jas@mocca:~/firefox/plugins$ ldd libflashplayer.so |grep -i gnutls jas@mocca:~/firefox/plugins$ sha1sum libflashplayer.so 2b310b362d12c599865c767197a8077d3123b706 libflashplayer.so jas@mocca:~/firefox/plugins$ I hope you can prepare some instructions how to reproduce this. /Simon From MAILER-DAEMON Mon Jun 08 11:38:55 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MDgw2-0001g9-UM for mharc-gnutls-devel@gnu.org; Mon, 08 Jun 2009 11:38:54 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MDgw1-0001aN-7s for gnutls-devel@gnu.org; Mon, 08 Jun 2009 11:38:53 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MDgvu-0001Hi-Sq for gnutls-devel@gnu.org; Mon, 08 Jun 2009 11:38:51 -0400 Received: from [199.232.76.173] (port=36597 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MDgvu-0001HD-L5 for gnutls-devel@gnu.org; Mon, 08 Jun 2009 11:38:46 -0400 Received: from mail-ew0-f210.google.com ([209.85.219.210]:52409) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MDgvu-0004mZ-A0 for gnutls-devel@gnu.org; Mon, 08 Jun 2009 11:38:46 -0400 Received: by ewy6 with SMTP id 6so6481788ewy.42 for ; Mon, 08 Jun 2009 08:38:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; bh=uIoH+1NerzlQUoKyt8r3teZSRLCdkecixbY+tH2Ct8M=; b=Mb9kEQ4Sb5cS1xUcqCkHPRw7VZNdtl48bO4TbkWX4DvyxTtOQiOX3+Kyx1+QR0wxwm giz0W76y+iQ0lMq2We6M6hkxzflBaYhtFlaj/IAH7I9NsSW288bsX9SZKEXWs3pqe+tk KK+HxmPjKMUGyhLkuGPZJvh3ub5pnDReZ55K8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:references:in-reply-to:mime-version :content-type:content-transfer-encoding:message-id; b=BUOBFAfmWMcEriL+1vyliKpqpE9S5MpOuC64kcEehekyhxHOufrSokCDr8y1i8MUjZ nAxbVLgrvm3qbNXx/73wv89YdoMVBAFpp9OvH5T0Jsy1m0WJYC+VZv4qaxD+pwQ+Vuc+ 7b0Fv4KwR3B8Um33sMuZ1vchacNLLSTLvj0Oc= Received: by 10.210.11.13 with SMTP id 13mr1003955ebk.27.1244475520788; Mon, 08 Jun 2009 08:38:40 -0700 (PDT) Received: from afta-gentoo.localnet (ip-85-198-225-146.broker.com.pl [85.198.225.146]) by mx.google.com with ESMTPS id 28sm236994eye.26.2009.06.08.08.38.39 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 08 Jun 2009 08:38:40 -0700 (PDT) From: Arfrever Frehtes Taifersar Arahesis To: GnuTLS Development Date: Mon, 8 Jun 2009 17:39:45 +0200 User-Agent: KMail/1.11.4 (Linux/2.6.29-tuxonice-r3-AFTA; KDE/4.2.4; x86_64; ; ) References: <4A2AABB9.9080309@gmx.net> <87vdn6n4rj.fsf@mocca.josefsson.org> In-Reply-To: <87vdn6n4rj.fsf@mocca.josefsson.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1280346.SueicA8Kan"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200906081739.54433.Arfrever.FTA@gmail.com> X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) Subject: Re: gnutls_ext_register causing memory corruption X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2009 15:38:53 -0000 --nextPart1280346.SueicA8Kan Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline 2009-06-08 17:07:12 Simon Josefsson napisa=C5=82(a): > Btw, I installed latest firefox with latest flash 10 plugin, and it > worked fine on my x86 debian box. OTOH, my flash plugin doesn't seem to > link to gnutls at all: >=20 > jas@mocca:~/firefox/plugins$ ldd libflashplayer.so |grep -i gnutls > jas@mocca:~/firefox/plugins$ sha1sum libflashplayer.so=20 > 2b310b362d12c599865c767197a8077d3123b706 libflashplayer.so > jas@mocca:~/firefox/plugins$ libflashplayer.so uses dlopen() to open dependent libraries... =2D-=20 Arfrever Frehtes Taifersar Arahesis --nextPart1280346.SueicA8Kan Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) iEYEABECAAYFAkotMMoACgkQIEGVSeBq/j7xCgCfXZnYIcAlQsa01GJc6iPrJSl0 WlcAn0Vc8kIJoZpWE+w/IZek0fYdgdXe =Un3H -----END PGP SIGNATURE----- --nextPart1280346.SueicA8Kan-- From MAILER-DAEMON Mon Jun 08 11:51:03 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MDh7n-0002or-DC for mharc-gnutls-devel@gnu.org; Mon, 08 Jun 2009 11:51:03 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MDh7m-0002ok-3c for gnutls-devel@gnu.org; Mon, 08 Jun 2009 11:51:02 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MDh7h-0002no-F4 for gnutls-devel@gnu.org; Mon, 08 Jun 2009 11:51:01 -0400 Received: from [199.232.76.173] (port=57180 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MDh7h-0002nl-BY for gnutls-devel@gnu.org; Mon, 08 Jun 2009 11:50:57 -0400 Received: from mail.gmx.net ([213.165.64.20]:42749) by monty-python.gnu.org with smtp (Exim 4.60) (envelope-from ) id 1MDh7g-0007Cf-NF for gnutls-devel@gnu.org; Mon, 08 Jun 2009 11:50:57 -0400 Received: (qmail invoked by alias); 08 Jun 2009 15:50:54 -0000 Received: from p54BC20E6.dip0.t-ipconnect.de (EHLO [192.168.71.20]) [84.188.32.230] by mail.gmx.net (mp043) with SMTP; 08 Jun 2009 17:50:54 +0200 X-Authenticated: #858129 X-Provags-ID: V01U2FsdGVkX1+YI5s5VYGYX5mD2Kv4q53AgbTP1ukShO80oHTPE+ GyygdMkto3mTKL Message-ID: <4A2D3352.8040409@gmx.net> Date: Mon, 08 Jun 2009 17:50:42 +0200 From: Martin von Gagern User-Agent: Thunderbird 2.0.0.21 (X11/20090501) MIME-Version: 1.0 To: Simon Josefsson References: <4A2AABB9.9080309@gmx.net> <87vdn6n4rj.fsf@mocca.josefsson.org> In-Reply-To: <87vdn6n4rj.fsf@mocca.josefsson.org> X-Enigmail-Version: 0.95.7 x-hashcash: 1:21:090608:simon@josefsson.org::7927c2b7d78c5eab16ad4317d6e44d96:5c043715dbfc2954 x-hashcash: 1:21:090608:gnutls-devel@gnu.org::8587ee31ed0f39e6de9530803268f5f:d3fcd7fb36f6ffea x-stampprotocols: hashcash:1:17;mbound:0:10:3000:5000 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig232C9AF635772B612E16CDEF" X-Y-GMX-Trusted: 0 X-FuHaFi: 0.64 X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) Cc: GnuTLS development list Subject: Re: gnutls_ext_register causing memory corruption X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2009 15:51:02 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig232C9AF635772B612E16CDEF Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Simon Josefsson wrote: > Btw, I installed latest firefox with latest flash 10 plugin, and it > worked fine on my x86 debian box. OTOH, my flash plugin doesn't seem t= o > link to gnutls at all: There is strong evidence that flash only depends on gnutls indirectly via libcurl. If you haven't built libcurl against gnutls, this doesn't show up. And libcurl is dynloaded, so ldd won't list it. Please follow the bug reports I mentioned; a lot of people are quite busy there, gathering evidence, discussing possibilities, stuff like that. I ruled out concurrent initialization in a comment there. In the meantime, I'm trying to get a proper git bisect running. I'm not sure if I can do this, as the problem is difficult to trace. But when running FF through valgrind and accessing the flash on http://data.ndr.de/mv2009/index.html I just had a 100% rate to reproduce at least some kind of error, mostly a segfault at application shutdown, with gnutls 2.8.0, whereas 2.6.6 worked all right. I'll try to reproduce this with gnutls built from git, and bisect the changes in between. Greetings, Martin --------------enig232C9AF635772B612E16CDEF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkotM1sACgkQRhp6o4m9dFsNYQCfcuUnAgQ2hElMDJLLucMjUbwM RGUAn0DE83TfNc4+lQI6C2ky7yqJ4oED =BbVT -----END PGP SIGNATURE----- --------------enig232C9AF635772B612E16CDEF-- From MAILER-DAEMON Mon Jun 08 12:11:45 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MDhRp-0001i5-1u for mharc-gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:11:45 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MDhRm-0001fh-Qx for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:11:42 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MDhRi-0001aR-3U for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:11:42 -0400 Received: from [199.232.76.173] (port=43463 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MDhRh-0001aC-S3 for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:11:37 -0400 Received: from mail.gmx.net ([213.165.64.20]:45229) by monty-python.gnu.org with smtp (Exim 4.60) (envelope-from ) id 1MDhRh-0002V6-A4 for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:11:37 -0400 Received: (qmail invoked by alias); 08 Jun 2009 16:11:35 -0000 Received: from p54BC20E6.dip0.t-ipconnect.de (EHLO [192.168.71.20]) [84.188.32.230] by mail.gmx.net (mp032) with SMTP; 08 Jun 2009 18:11:35 +0200 X-Authenticated: #858129 X-Provags-ID: V01U2FsdGVkX18gHbRewkogQQ2RkOJY8v0kNzGo8j+edtqdOxA44K h34S0gVKYgF8pq Message-ID: <4A2D3831.4090501@gmx.net> Date: Mon, 08 Jun 2009 18:11:29 +0200 From: Martin von Gagern User-Agent: Thunderbird 2.0.0.21 (X11/20090501) MIME-Version: 1.0 To: Simon Josefsson References: <4A2AABB9.9080309@gmx.net> <87vdn6n4rj.fsf@mocca.josefsson.org> <4A2D3352.8040409@gmx.net> In-Reply-To: <4A2D3352.8040409@gmx.net> X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig056ECCB8A736F39A7F2E71A2" X-Y-GMX-Trusted: 0 X-FuHaFi: 0.57 X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) Cc: GnuTLS development list Subject: Re: gnutls_ext_register causing memory corruption X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2009 16:11:43 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig056ECCB8A736F39A7F2E71A2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Martin von Gagern wrote: > In the meantime, I'm trying to get a proper git bisect running. And failing miserably at it, because I'm still not comfortable with autotools. At first I tried varous sequences of autoheader, automake, autoconf and libtoolize, but configure failed every time for the lib subdir. At some point I got annoyed enough, and simply copied over the files from a 2.8.0 tarball which weren't present in the git already. 2.8.0 built successfully with that, but moving to 2.6.6 still causes me trouble: $ make CDPATH=3D"${ZSH_VERSION+.}:" && cd . && /bin/sh /home/mvg/src/up/gnutls/gnutls/build-aux/missing --run aclocal-1.11 -I m4 -I gl/m4 -I lib/gl/m4 -I libextra/gl/m4 -I lib/m4 -I libextra/m4 aclocal-1.11: couldn't open directory `lib/gl/m4': No such file or direct= ory So I assume that you added some gnulib macro files somewhere along the way. But while I could simply copy build files from 2.6.6 as well, this is no option for the intermediate revisions. Is there a simple command to turn a git working tree into something where I can do "./configure && make"? Preferrably without having to recompile more than absolutely necessary, and without having to actually run configure if its input wasn't modified? Greetings, Martin --------------enig056ECCB8A736F39A7F2E71A2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkotODUACgkQRhp6o4m9dFuNzACfTVfxncXoMCfN8/xMHmGTuCzS 2loAn2hE6PECVqK/QXL8VxFB90eE6L6m =5QOY -----END PGP SIGNATURE----- --------------enig056ECCB8A736F39A7F2E71A2-- From MAILER-DAEMON Mon Jun 08 12:19:58 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MDhZm-0001VS-QX for mharc-gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:19:58 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MDhZl-0001TR-AQ for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:19:57 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MDhZk-0001S9-LT for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:19:56 -0400 Received: from [199.232.76.173] (port=46309 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MDhZk-0001Rr-BL for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:19:56 -0400 Received: from yxa-v.extundo.com ([83.241.177.39]:54451) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MDhZj-00044W-Pq for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:19:56 -0400 Received: from mocca.josefsson.org (c80-216-29-127.bredband.comhem.se [80.216.29.127]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n58GJnkq009164 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 8 Jun 2009 18:19:51 +0200 From: Simon Josefsson To: Martin von Gagern References: <4A2AABB9.9080309@gmx.net> <87vdn6n4rj.fsf@mocca.josefsson.org> <4A2D3352.8040409@gmx.net> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090608:martin.vgagern@gmx.net::gFOkVNH2MEDLWFBB:00m0 X-Hashcash: 1:22:090608:gnutls-devel@gnu.org::+Xz8kKm3vEvtFrf4:GOD5 Date: Mon, 08 Jun 2009 18:19:50 +0200 In-Reply-To: <4A2D3352.8040409@gmx.net> (Martin von Gagern's message of "Mon, 08 Jun 2009 17:50:42 +0200") Message-ID: <87bpoyn1eh.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 1) Cc: GnuTLS development list Subject: Re: gnutls_ext_register causing memory corruption X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2009 16:19:57 -0000 Martin von Gagern writes: > Simon Josefsson wrote: >> Btw, I installed latest firefox with latest flash 10 plugin, and it >> worked fine on my x86 debian box. OTOH, my flash plugin doesn't seem to >> link to gnutls at all: > > There is strong evidence that flash only depends on gnutls indirectly > via libcurl. If you haven't built libcurl against gnutls, this doesn't > show up. And libcurl is dynloaded, so ldd won't list it. Ok, still can't reproduce but looking into it: jas@mocca:~$ lsof -p 1907|grep gnut firefox-b 1907 jas mem REG 8,3 233992 15982492 /usr/lib/libcurl-gnutls.so.4.1.0 firefox-b 1907 jas mem REG 8,3 2186701 8421702 /home/jas/lib/libgnutls.so.26.14.7 jas@mocca:~$ This is while accessing the URL below. > Please follow the bug reports I mentioned; a lot of people are quite > busy there, gathering evidence, discussing possibilities, stuff like > that. I ruled out concurrent initialization in a comment there. > > In the meantime, I'm trying to get a proper git bisect running. I'm not > sure if I can do this, as the problem is difficult to trace. But when > running FF through valgrind and accessing the flash on > http://data.ndr.de/mv2009/index.html I just had a 100% rate to reproduce > at least some kind of error, mostly a segfault at application shutdown, > with gnutls 2.8.0, whereas 2.6.6 worked all right. I'll try to reproduce > this with gnutls built from git, and bisect the changes in between. Thanks, Simon From MAILER-DAEMON Mon Jun 08 12:28:40 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MDhiC-000614-IJ for mharc-gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:28:40 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MDhiA-0005y7-EQ for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:28:38 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MDhi9-0005wT-CD for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:28:37 -0400 Received: from [199.232.76.173] (port=44830 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MDhi9-0005wB-6H for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:28:37 -0400 Received: from yxa-v.extundo.com ([83.241.177.39]:50045) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MDhi8-0005h1-HY for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:28:36 -0400 Received: from mocca.josefsson.org (c80-216-29-127.bredband.comhem.se [80.216.29.127]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n58GSK0e009333 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 8 Jun 2009 18:28:23 +0200 From: Simon Josefsson To: Martin von Gagern References: <4A2AABB9.9080309@gmx.net> <87vdn6n4rj.fsf@mocca.josefsson.org> <4A2D3352.8040409@gmx.net> <4A2D3831.4090501@gmx.net> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090608:gnutls-devel@gnu.org::Wbv6XqicuQ97I+kT:g7B0 X-Hashcash: 1:22:090608:martin.vgagern@gmx.net::eadcgnNHdwvxhUCk:gldq Date: Mon, 08 Jun 2009 18:28:21 +0200 In-Reply-To: <4A2D3831.4090501@gmx.net> (Martin von Gagern's message of "Mon, 08 Jun 2009 18:11:29 +0200") Message-ID: <871vpun10a.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 1) Cc: GnuTLS development list Subject: Re: gnutls_ext_register causing memory corruption X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2009 16:28:38 -0000 Martin von Gagern writes: > Martin von Gagern wrote: >> In the meantime, I'm trying to get a proper git bisect running. > > And failing miserably at it, because I'm still not comfortable with > autotools. > > At first I tried varous sequences of autoheader, automake, autoconf and > libtoolize, but configure failed every time for the lib subdir. At some > point I got annoyed enough, and simply copied over the files from a > 2.8.0 tarball which weren't present in the git already. 2.8.0 built > successfully with that, but moving to 2.6.6 still causes me trouble: > > $ make > CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/sh > /home/mvg/src/up/gnutls/gnutls/build-aux/missing --run aclocal-1.11 -I > m4 -I gl/m4 -I lib/gl/m4 -I libextra/gl/m4 -I lib/m4 -I libextra/m4 > aclocal-1.11: couldn't open directory `lib/gl/m4': No such file or directory > > So I assume that you added some gnulib macro files somewhere along the > way. But while I could simply copy build files from 2.6.6 as well, this > is no option for the intermediate revisions. > > Is there a simple command to turn a git working tree into something > where I can do "./configure && make"? Try 'make autoreconf'. During the v2.7.x branch the build system was modified heavily, so it might not always work for these experimental releases. The released v2.7.x tar archives should work fine though, so it may be easier to start with those and then switch over to git when you have pinpointed the release that breaks things. > Preferrably without having to recompile more than absolutely > necessary, and without having to actually run configure if its input > wasn't modified? Between releases that is not likely to be the case, M4 files change in practically every release. /Simon From MAILER-DAEMON Mon Jun 08 12:34:23 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MDhnj-0000j7-Je for mharc-gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:34:23 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MDhnh-0000ik-2Y for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:34:21 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MDhng-0000iY-6K for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:34:20 -0400 Received: from [199.232.76.173] (port=59845 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MDhng-0000iV-1N for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:34:20 -0400 Received: from yxa-v.extundo.com ([83.241.177.39]:60227) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MDhnf-0006lI-Dw for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:34:19 -0400 Received: from mocca.josefsson.org (c80-216-29-127.bredband.comhem.se [80.216.29.127]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n58GY8P6009471 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 8 Jun 2009 18:34:10 +0200 From: Simon Josefsson To: Martin von Gagern References: <4A2AABB9.9080309@gmx.net> <87vdn6n4rj.fsf@mocca.josefsson.org> <4A2D3352.8040409@gmx.net> <4A2D3831.4090501@gmx.net> <871vpun10a.fsf@mocca.josefsson.org> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090608:martin.vgagern@gmx.net::3lELg1kR84unmPyH:p1r X-Hashcash: 1:22:090608:gnutls-devel@gnu.org::Nizoin38EscEo66S:D7nD Date: Mon, 08 Jun 2009 18:34:08 +0200 In-Reply-To: <871vpun10a.fsf@mocca.josefsson.org> (Simon Josefsson's message of "Mon, 08 Jun 2009 18:28:21 +0200") Message-ID: <87ws7mlm67.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 1) Cc: GnuTLS development list Subject: Re: gnutls_ext_register causing memory corruption X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2009 16:34:21 -0000 Does this patch work? I haven't tested it, but it seems gnutls_global_init -> gnutls_global_deinit -> gnutls_global_init would crash like the crash in the bug report. GnuTLS 2.6.x had a memory leak and didn't release this memory, so you wouldn't notice. /Simon diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index e4e536f..accb204 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -331,6 +331,7 @@ void _gnutls_ext_deinit (void) { gnutls_free (extfunc); + extfunc = NULL; } /** From MAILER-DAEMON Mon Jun 08 12:35:20 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MDhoe-00017s-Ql for mharc-gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:35:20 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MDhod-00016P-0g for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:35:19 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MDhoY-00010r-EK for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:35:18 -0400 Received: from [199.232.76.173] (port=59874 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MDhoY-00010m-CK for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:35:14 -0400 Received: from mail-ew0-f210.google.com ([209.85.219.210]:48963) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MDhoY-0006xI-1p for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:35:14 -0400 Received: by ewy6 with SMTP id 6so6541524ewy.42 for ; Mon, 08 Jun 2009 09:35:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:cc:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; bh=+1fqGirtSBGy/n+REfiUfywS73O3aGHU9dHE/EnBGiA=; b=fAspp8xgLNajWxG0hnX7dRnUpSPZuVqUyMjvMEkTDnxjRlwcimLFI12yqay52YanrT 9Wm12LdqFR/cpRF2lv1mDTrKP4LcXHhn2ELtQcKygbAZ0OkVnKdDYW2U5U3mM2GlGjIW oUhp/0ea07erlukI16nuDV1H9b8xDj5C/ePSg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; b=IrsInFYdczsKhhznJ87jzKKOkRaDnstrBaflfKsPsUt5dfipbTrGQN2B1LF7eX1rZi AlL3NuEm9xbSAQb9ObTlVXL+3dHwk4vDCK0G6inUnm6nYWXOXrYd4Q3Qk0I3CluhgxOM 9a9cYLy1MlEf9vfcY7HFA6Zlx95T3xi1eaSCk= Received: by 10.210.62.3 with SMTP id k3mr1144973eba.49.1244478912307; Mon, 08 Jun 2009 09:35:12 -0700 (PDT) Received: from afta-gentoo.localnet (ip-85-198-225-146.broker.com.pl [85.198.225.146]) by mx.google.com with ESMTPS id 7sm251515eyg.37.2009.06.08.09.35.11 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 08 Jun 2009 09:35:11 -0700 (PDT) From: Arfrever Frehtes Taifersar Arahesis To: GnuTLS Development Date: Mon, 8 Jun 2009 18:36:26 +0200 User-Agent: KMail/1.11.4 (Linux/2.6.29-tuxonice-r3-AFTA; KDE/4.2.4; x86_64; ; ) References: <4A2AABB9.9080309@gmx.net> <4A2D3352.8040409@gmx.net> <4A2D3831.4090501@gmx.net> In-Reply-To: <4A2D3831.4090501@gmx.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2163383.oU0qHf7QSn"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200906081836.28275.Arfrever.FTA@gmail.com> X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) Cc: Subject: Re: gnutls_ext_register causing memory corruption X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2009 16:35:19 -0000 --nextPart2163383.oU0qHf7QSn Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline 2009-06-08 18:11:29 Martin von Gagern napisa=C5=82(a): > Martin von Gagern wrote: > > In the meantime, I'm trying to get a proper git bisect running. >=20 > And failing miserably at it, because I'm still not comfortable with > autotools. >=20 > At first I tried varous sequences of autoheader, automake, autoconf and > libtoolize, but configure failed every time for the lib subdir. See src_prepare() in gnutls-2.8.0.ebuild: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-libs/gnutls/gnutls-2.8.= 0.ebuild?view=3Dmarkup =2D-=20 Arfrever Frehtes Taifersar Arahesis --nextPart2163383.oU0qHf7QSn Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) iEYEABECAAYFAkotPgwACgkQIEGVSeBq/j6z+wCeLjZycstMJV01o5wr66OMBjzm 9voAniXNL193591UNZbF1PRtQjEJtHlt =kuPH -----END PGP SIGNATURE----- --nextPart2163383.oU0qHf7QSn-- From MAILER-DAEMON Mon Jun 08 12:43:32 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MDhwa-0006UC-7Q for mharc-gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:43:32 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MDhwX-0006Sn-U5 for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:43:30 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MDhwX-0006S0-6J for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:43:29 -0400 Received: from [199.232.76.173] (port=34266 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MDhwW-0006Re-Vv for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:43:29 -0400 Received: from yxa-v.extundo.com ([83.241.177.39]:54510) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MDhwW-0000IM-D2 for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:43:28 -0400 Received: from mocca.josefsson.org (c80-216-29-127.bredband.comhem.se [80.216.29.127]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n58GhN2O009725 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 8 Jun 2009 18:43:25 +0200 From: Simon Josefsson To: Martin von Gagern References: <4A2AABB9.9080309@gmx.net> <87vdn6n4rj.fsf@mocca.josefsson.org> <4A2D3352.8040409@gmx.net> <4A2D3831.4090501@gmx.net> <871vpun10a.fsf@mocca.josefsson.org> <87ws7mlm67.fsf@mocca.josefsson.org> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090608:gnutls-devel@gnu.org::1vzh/zVeT2IG4g5R:7yF0 X-Hashcash: 1:22:090608:martin.vgagern@gmx.net::n70hdMJk82fua8fI:4DCo Date: Mon, 08 Jun 2009 18:43:23 +0200 In-Reply-To: <87ws7mlm67.fsf@mocca.josefsson.org> (Simon Josefsson's message of "Mon, 08 Jun 2009 18:34:08 +0200") Message-ID: <87skiallqs.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 1) Cc: GnuTLS development list Subject: Re: gnutls_ext_register causing memory corruption X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2009 16:43:30 -0000 Of course, the patch should be as below. I have confirmed this bug, and written a self-test for it: http://git.savannah.gnu.org/cgit/gnutls.git/tree/tests/init_roundtrip.c It crashes with GnuTLS 2.8.x. diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index e4e536f..8fe2edd 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -331,6 +331,8 @@ void _gnutls_ext_deinit (void) { gnutls_free (extfunc); + extfunc = NULL; + extfunc_size = 0; } /** /Simon From MAILER-DAEMON Mon Jun 08 12:53:26 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MDi69-0005MD-Rl for mharc-gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:53:25 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MDi67-0005Hz-7j for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:53:23 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MDi63-00058X-5E for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:53:22 -0400 Received: from [199.232.76.173] (port=48334 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MDi62-00057v-HQ for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:53:18 -0400 Received: from mail.gmx.net ([213.165.64.20]:42370) by monty-python.gnu.org with smtp (Exim 4.60) (envelope-from ) id 1MDi61-0002f5-Vf for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:53:18 -0400 Received: (qmail invoked by alias); 08 Jun 2009 16:53:16 -0000 Received: from p54BC20E6.dip0.t-ipconnect.de (EHLO [192.168.71.20]) [84.188.32.230] by mail.gmx.net (mp060) with SMTP; 08 Jun 2009 18:53:16 +0200 X-Authenticated: #858129 X-Provags-ID: V01U2FsdGVkX1+EVY5EC9+EjUai+m4G+LYz8ddwQ34BNGY6qxSlEB /I5OsUfxw2UpCI Message-ID: <4A2D41F1.6040207@gmx.net> Date: Mon, 08 Jun 2009 18:53:05 +0200 From: Martin von Gagern User-Agent: Thunderbird 2.0.0.21 (X11/20090501) MIME-Version: 1.0 To: Simon Josefsson References: <4A2AABB9.9080309@gmx.net> <87vdn6n4rj.fsf@mocca.josefsson.org> <4A2D3352.8040409@gmx.net> <4A2D3831.4090501@gmx.net> <871vpun10a.fsf@mocca.josefsson.org> <87ws7mlm67.fsf@mocca.josefsson.org> <87skiallqs.fsf@mocca.josefsson.org> In-Reply-To: <87skiallqs.fsf@mocca.josefsson.org> X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigF1B0DBBF9FCE0AA419B1E8D4" X-Y-GMX-Trusted: 0 X-FuHaFi: 0.61 X-detected-operating-system: by monty-python.gnu.org: Genre and OS details not recognized. Cc: GnuTLS development list Subject: Re: gnutls_ext_register causing memory corruption X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2009 16:53:24 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigF1B0DBBF9FCE0AA419B1E8D4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Simon Josefsson wrote: > diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c > index e4e536f..8fe2edd 100644 > --- a/lib/gnutls_extensions.c > +++ b/lib/gnutls_extensions.c > @@ -331,6 +331,8 @@ void > _gnutls_ext_deinit (void) > { > gnutls_free (extfunc); > + extfunc =3D NULL; > + extfunc_size =3D 0; > } > =20 > /** >=20 Looks good to me; no more segfaults at shutdown. I'll point the Gentoo folks at this, should give the issue quite a broad testing, based on the high number of subscribers on the cc lists of the involved bug reports. Will you release a 2.8.1 to address the issue? Given that it's a regression, and could cause major data loss, I wouldn't want to wait too long for this to get released officially, especially as the patch obviously won't make things any worse. Greetings, and thanks for the fix, Martin --------------enigF1B0DBBF9FCE0AA419B1E8D4 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkotQfoACgkQRhp6o4m9dFtfHgCdEMReWzc2H5cVQymnewWT7dgV whcAn2Ulf/v7EXq4uaCaNNKLnc+UiEJQ =+ocB -----END PGP SIGNATURE----- --------------enigF1B0DBBF9FCE0AA419B1E8D4-- From MAILER-DAEMON Mon Jun 08 12:57:13 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MDi9p-0001QM-OD for mharc-gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:57:13 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MDi9m-0001Pl-NK for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:57:10 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MDi9g-0001Li-Va for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:57:09 -0400 Received: from [199.232.76.173] (port=40916 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MDi9g-0001LL-OR for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:57:04 -0400 Received: from mail-ew0-f210.google.com ([209.85.219.210]:56402) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MDi9g-0003Ou-Ad for gnutls-devel@gnu.org; Mon, 08 Jun 2009 12:57:04 -0400 Received: by ewy6 with SMTP id 6so6561107ewy.42 for ; Mon, 08 Jun 2009 09:57:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:cc:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; bh=VD1VZIpkZWD35/hoSiS0zRzvLELlWnLWXGt4EaQQfGA=; b=CXJ2RBnkEQRAZ5F63pMLrPA5otnO79QMqEWs+yr0xsydimslmyEe2cRU0yPmCb6+6i WZeM1xXzifCefXWc6wx3vCEOoYk+OwRU5fKnIZt9Egf12n77MZPbFMFjeK+IpotfcCZ7 19VWtW0qOjxgeFpf1ffHl1zgTUobJj0PaJ9Vw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; b=Hm3EIs8nrHF8lr5/7CQhGIDW1TOyaaSkodY9DQ/T+ZkyuMd/PtkZvgdi5vSO8V+GQd Ogrpb80Oay2AFIlztksnJKRU7M2t7AJJfJNq1qEiSiRZjy4GIrWsugvh/aytCo/IuEcY EaQ+X0kY6Pq+MRGO0x5dAOPu9Jkf6e6Y4qg7Y= Received: by 10.210.134.5 with SMTP id h5mr1530157ebd.16.1244480223524; Mon, 08 Jun 2009 09:57:03 -0700 (PDT) Received: from afta-gentoo.localnet (ip-85-198-225-146.broker.com.pl [85.198.225.146]) by mx.google.com with ESMTPS id 28sm255519eye.36.2009.06.08.09.57.02 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 08 Jun 2009 09:57:03 -0700 (PDT) From: Arfrever Frehtes Taifersar Arahesis To: GnuTLS Development Date: Mon, 8 Jun 2009 18:57:26 +0200 User-Agent: KMail/1.11.4 (Linux/2.6.29-tuxonice-r3-AFTA; KDE/4.2.4; x86_64; ; ) References: <4A2AABB9.9080309@gmx.net> <87skiallqs.fsf@mocca.josefsson.org> <4A2D41F1.6040207@gmx.net> In-Reply-To: <4A2D41F1.6040207@gmx.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart14148394.8xK8Z5mMSB"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200906081857.27212.Arfrever.FTA@gmail.com> X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) Cc: Subject: Re: gnutls_ext_register causing memory corruption X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2009 16:57:11 -0000 --nextPart14148394.8xK8Z5mMSB Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline 2009-06-08 18:53:05 Martin von Gagern napisa=C5=82(a): > Simon Josefsson wrote: > > diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c > > index e4e536f..8fe2edd 100644 > > --- a/lib/gnutls_extensions.c > > +++ b/lib/gnutls_extensions.c > > @@ -331,6 +331,8 @@ void > > _gnutls_ext_deinit (void) > > { > > gnutls_free (extfunc); > > + extfunc =3D NULL; > > + extfunc_size =3D 0; > > } > > =20 > > /** > >=20 >=20 > Looks good to me; no more segfaults at shutdown. I'll point the Gentoo > folks at this They surely know about it... =2D-=20 Arfrever Frehtes Taifersar Arahesis --nextPart14148394.8xK8Z5mMSB Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) iEYEABECAAYFAkotQvcACgkQIEGVSeBq/j59EwCgkTlqVZk/MBiEE+FbujwLL7ra mNQAnRHa6EyMhVXsyBJSw2uOUdnOp59T =09yJ -----END PGP SIGNATURE----- --nextPart14148394.8xK8Z5mMSB-- From MAILER-DAEMON Mon Jun 08 13:02:04 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MDiEV-00073d-Vm for mharc-gnutls-devel@gnu.org; Mon, 08 Jun 2009 13:02:04 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MDiET-00070d-Gv for gnutls-devel@gnu.org; Mon, 08 Jun 2009 13:02:01 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MDiEQ-00070F-2L for gnutls-devel@gnu.org; Mon, 08 Jun 2009 13:02:01 -0400 Received: from [199.232.76.173] (port=47719 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MDiEP-00070C-S5 for gnutls-devel@gnu.org; Mon, 08 Jun 2009 13:01:57 -0400 Received: from yxa-v.extundo.com ([83.241.177.39]:38786) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MDiEP-0004GL-3n for gnutls-devel@gnu.org; Mon, 08 Jun 2009 13:01:57 -0400 Received: from mocca.josefsson.org (c80-216-29-127.bredband.comhem.se [80.216.29.127]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n58H1pw4010377 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 8 Jun 2009 19:01:53 +0200 From: Simon Josefsson To: Martin von Gagern References: <4A2AABB9.9080309@gmx.net> <87vdn6n4rj.fsf@mocca.josefsson.org> <4A2D3352.8040409@gmx.net> <4A2D3831.4090501@gmx.net> <871vpun10a.fsf@mocca.josefsson.org> <87ws7mlm67.fsf@mocca.josefsson.org> <87skiallqs.fsf@mocca.josefsson.org> <4A2D41F1.6040207@gmx.net> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090608:martin.vgagern@gmx.net::h9ex+lt/JaPlzEoe:0d5j X-Hashcash: 1:22:090608:gnutls-devel@gnu.org::++Rb9GjnC2sO0sFV:qT+3 Date: Mon, 08 Jun 2009 19:01:51 +0200 In-Reply-To: <4A2D41F1.6040207@gmx.net> (Martin von Gagern's message of "Mon, 08 Jun 2009 18:53:05 +0200") Message-ID: <87hbyqlkw0.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 1) Cc: GnuTLS development list Subject: Re: gnutls_ext_register causing memory corruption X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2009 17:02:02 -0000 Martin von Gagern writes: > Simon Josefsson wrote: >> diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c >> index e4e536f..8fe2edd 100644 >> --- a/lib/gnutls_extensions.c >> +++ b/lib/gnutls_extensions.c >> @@ -331,6 +331,8 @@ void >> _gnutls_ext_deinit (void) >> { >> gnutls_free (extfunc); >> + extfunc = NULL; >> + extfunc_size = 0; >> } >> >> /** >> > > Looks good to me; no more segfaults at shutdown. I'll point the Gentoo > folks at this, should give the issue quite a broad testing, based on the > high number of subscribers on the cc lists of the involved bug reports. I would appreciate testing. I've prepared a v2.8.x daily snapshot with the patch, please test it: http://daily.josefsson.org/gnutls-2.8/gnutls-2.8-20090608.tar.gz > Will you release a 2.8.1 to address the issue? Given that it's a > regression, and could cause major data loss, I wouldn't want to wait too > long for this to get released officially, especially as the patch > obviously won't make things any worse. Right. If testing is successful, I can make the release quickly. The above *.tar.gz is RC1 of 2.8.1. /Simon From MAILER-DAEMON Tue Jun 09 00:57:39 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MDtP1-0002Hh-0A for mharc-gnutls-devel@gnu.org; Tue, 09 Jun 2009 00:57:39 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MDtOz-0002Gk-Of for gnutls-devel@gnu.org; Tue, 09 Jun 2009 00:57:37 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MDtOy-0002Fe-P8 for gnutls-devel@gnu.org; Tue, 09 Jun 2009 00:57:37 -0400 Received: from [199.232.76.173] (port=50637 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MDtOy-0002Fb-KH for gnutls-devel@gnu.org; Tue, 09 Jun 2009 00:57:36 -0400 Received: from yxa-v.extundo.com ([83.241.177.39]:58011) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MDtOx-0003oC-Qi for gnutls-devel@gnu.org; Tue, 09 Jun 2009 00:57:36 -0400 Received: from mocca.josefsson.org (c80-216-29-127.bredband.comhem.se [80.216.29.127]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n594vUn3025089 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for ; Tue, 9 Jun 2009 06:57:32 +0200 X-Hashcash: 1:22:090609:gnutls-devel@gnu.org::we8eWUvOiOEj/htq:gfbJ From: Simon Josefsson To: gnutls-devel@gnu.org OpenPGP: id=B565716F; url=http://josefsson.org/key.txt Date: Tue, 09 Jun 2009 06:57:28 +0200 Message-ID: <87d49eknrb.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 1) Subject: GnuTLS 2.9.1 X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jun 2009 04:57:37 -0000 --=-=-= The GnuTLS 2.9.x branch is NOT what you want for your stable system. It is intended for developers and experienced users. Here are the compressed sources: http://alpha.gnu.org/gnu/gnutls/gnutls-2.9.1.tar.bz2 (5.9MB) ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.9.1.tar.bz2 Here is the OpenPGP signature: http://alpha.gnu.org/gnu/gnutls/gnutls-2.9.1.tar.bz2.sig ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.9.1.tar.bz2.sig Improving GnuTLS is costly, but you can help! We are looking for organizations that find GnuTLS useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or donate money or equipment. Commercial support contracts for GnuTLS are available, and they help finance continued maintenance. Simon Josefsson Datakonsult AB, a Stockholm based privately held company, is currently funding GnuTLS maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. /Simon * Version 2.9.1 (released 2009-06-08) ** libgnutls: Fix crash in gnutls_global_init after earlier init/deinit cycle. See . ** tests: Added new self-tests init_roundtrip.c to detect previous problem. ** Reduce stack usage for some CRQ functions. ** Doc fixes for CRQ functions. ** API and ABI modifications: No changes since last version. --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iOoEAQECADQFAkot67gtFIAAAAAAFQAPcGthLWFkZHJlc3NAZ251cGcub3JnamFz QGV4dHVuZG8uY29tAAoJEO2iHpS1ZXFvB2oE/A30Qdny4wqFP15faZ61ABHG5Wuu /2HHxetXDX7nmbXvAs9REDyUfykx4zWVrdi8tzeq/zIRkkHxIxwhurSfqCso1zPJ VCJWn/o7GPtZAwQ3CeouWl6dwx8VFG16nZSGOLiyZKsLgLegoQn02vzjYJ8mTG3a Ryka9iZNdFgD/db3DMwZBAsnd+rk8pIMzDMrBnPcRrtgqfmv5DKxNU4jJBY= =UWu2 -----END PGP SIGNATURE----- --=-=-=-- From MAILER-DAEMON Wed Jun 10 12:52:20 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MER2C-0006n1-N6 for mharc-gnutls-devel@gnu.org; Wed, 10 Jun 2009 12:52:20 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MER2A-0006lM-QK for gnutls-devel@gnu.org; Wed, 10 Jun 2009 12:52:18 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MER29-0006kF-9i for gnutls-devel@gnu.org; Wed, 10 Jun 2009 12:52:18 -0400 Received: from [199.232.76.173] (port=41560 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MER27-0006iX-5O; Wed, 10 Jun 2009 12:52:15 -0400 Received: from yxa-v.extundo.com ([83.241.177.39]:42452) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MER26-0003Xu-2A; Wed, 10 Jun 2009 12:52:14 -0400 Received: from mocca.josefsson.org (c80-216-24-60.bredband.comhem.se [80.216.24.60]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n5AGq8U7011380 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 10 Jun 2009 18:52:10 +0200 X-Hashcash: 1:22:090610:help-gnutls@gnu.org::5+MF6psTVAeB0+Rv:2S0x X-Hashcash: 1:22:090610:gnutls-devel@gnu.org::pdN7J1ERVu5kA1ff:6kWE X-Hashcash: 1:22:090610:info-gnu@gnu.org::cbfWzEOeqh42xQc0:Qi3b From: Simon Josefsson To: help-gnutls@gnu.org, gnutls-devel@gnu.org, info-gnu@gnu.org OpenPGP: id=B565716F; url=http://josefsson.org/key.txt Date: Wed, 10 Jun 2009 18:52:05 +0200 Message-ID: <87ocsw9glm.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 1) Cc: Subject: GnuTLS 2.8.1 X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jun 2009 16:52:19 -0000 --=-=-= We are proud to announce a new stable GnuTLS release: Version 2.8.1. GnuTLS is a modern C library that implements the standard network security protocol Transport Layer Security (TLS), for use by network applications. GnuTLS is developed for GNU/Linux, but works on many Unix-like systems and comes with a binary installer for Windows. The GnuTLS library is distributed under the terms of the GNU Lesser General Public License version 2.1 (or later). The "extra" GnuTLS library (which contains TLS/IA support, LZO compression and Libgcrypt FIPS-mode handler), the OpenSSL compatibility library, the self tests and the command line tools are all distributed under the GNU General Public License version 3.0 (or later). The manual is distributed under the GNU Free Documentation License version 1.3 (or later). The project page of the library is available at: http://www.gnu.org/software/gnutls/ What's New ========== ** libgnutls: Fix crash in gnutls_global_init after earlier init/deinit cycle. Forwarded by Martin von Gagern from . ** libgnutls: Fix PKCS#12 decryption from password. The encryption key derived from the password was incorrect for (on average) 1 in every 128 input for random inputs. Reported by "Kukosa, Tomas" in . Getting the Software ==================== GnuTLS may be downloaded from one of the mirror sites or direct from . The list of mirrors can be found at . Here are the BZIP2 compressed sources (6.0MB): ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.8.1.tar.bz2 http://ftp.gnu.org/gnu/gnutls/gnutls-2.8.1.tar.bz2 Here are OpenPGP detached signatures signed using key 0xB565716F: ftp://ftp.gnu.org/gnu/gnutls/gnutls-2.8.1.tar.bz2.sig http://ftp.gnu.org/gnu/gnutls/gnutls-2.8.1.tar.bz2.sig Note, that we don't distribute gzip compressed tarballs. In order to check that the version of GnuTLS which you are going to install is an original and unmodified one, you should verify the OpenPGP signature. You can use the command gpg --verify gnutls-2.8.1.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. The signing key can be identified with the following information: pub 1280R/B565716F 2002-05-05 [expires: 2010-04-21] Key fingerprint = 0424 D4EE 81A0 E3D1 19C6 F835 EDA2 1E94 B565 716F uid Simon Josefsson uid Simon Josefsson sub 1280R/4D5D40AE 2002-05-05 [expires: 2010-04-21] The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Alternatively, after successfully verifying the OpenPGP signature of this announcement, you could verify that the files match the following checksum values. The values are for SHA-1 and SHA-224 respectively: b5fd364848709393d05def7e926caddd27169525 gnutls-2.8.1.tar.bz2 8d94ffd6d37d0251778718933a63848521ab64c4700588455bcaa372 gnutls-2.8.1.tar.bz2 Documentation ============= The manual is available online at: http://www.gnu.org/software/gnutls/documentation.html In particular the following formats are available: HTML: http://www.gnu.org/software/gnutls/manual/html_node/index.html PDF: http://www.gnu.org/software/gnutls/manual/gnutls.pdf For developers there is a GnuTLS API reference manual formatted using the GTK-DOC tools: http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html Community ========= If you need help to use GnuTLS, or want to help others, you are invited to join our help-gnutls mailing list, see: http://lists.gnu.org/mailman/listinfo/help-gnutls If you wish to participate in the development of GnuTLS, you are invited to join our gnutls-dev mailing list, see: http://lists.gnu.org/mailman/listinfo/gnutls-devel Windows installer ================= GnuTLS has been ported to the Windows operating system, and a binary installer is available. The installer contains DLLs for application development, manuals, examples, and source code. The installer uses libgpg-error v1.7, libgcrypt v1.4.4, libtasn1 v2.2, and GnuTLS v2.8.1. For more information about GnuTLS for Windows: http://josefsson.org/gnutls4win/ The Windows binary installer and PGP signature: http://josefsson.org/gnutls4win/gnutls-2.8.1.exe (15MB) http://josefsson.org/gnutls4win/gnutls-2.8.1.exe.sig The checksum values for SHA-1 and SHA-224 are: 3ac9beb22da8b0301c432861a74717d319f28020 gnutls-2.8.1.exe b40ec214c8f251c9384ddbb3fb2c4d8ea9e746140414aa76b2793791 gnutls-2.8.1.exe A ZIP archive containing the Windows binaries: http://josefsson.org/gnutls4win/gnutls-2.8.1.zip (5.3MB) http://josefsson.org/gnutls4win/gnutls-2.8.1.zip.sig A Debian mingw32 package is also available: http://josefsson.org/gnutls4win/mingw32-gnutls_2.8.1-1_all.deb (4.8MB) The checksum values for SHA-1 and SHA-224 are: e34a20b91fc8e35c3a04ae8089d73fa45bb62fa4 mingw32-gnutls_2.8.1-1_all.deb fc15cf1c37e7711d718e4b84739807d3498e3c0045c2cf9ce4bbdc23 mingw32-gnutls_2.8.1-1_all.deb Internationalization ==================== The GnuTLS library messages have been translated into Czech, Dutch, French, German, Malay, Polish, Swedish, and Vietnamese. We welcome the addition of more translations. Support ======= Improving GnuTLS is costly, but you can help! We are looking for organizations that find GnuTLS useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or donate money or equipment. Commercial support contracts for GnuTLS are available, and they help finance continued maintenance. Simon Josefsson Datakonsult AB, a Stockholm based privately held company, is currently funding GnuTLS maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. The GnuTLS service directory is available at: http://www.gnu.org/software/gnutls/commercial.html Happy Hacking, Simon --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iOoEAQECADQFAkov5LUtFIAAAAAAFQAPcGthLWFkZHJlc3NAZ251cGcub3JnamFz QGV4dHVuZG8uY29tAAoJEO2iHpS1ZXFvpLAE/R3mndu/37WhcmQqTQxBXDfR3phX yCraz3uLwDvflH79UAqW3FRapJK/f45tNGt0ettNSYuR6TIvvehbnWK12W+FTWQy wxT71YnZPX7PLHRWuE8XYPFjpBMAEdkXDOP7jd/eDm3XoIFrtiCBKMkCD/JQAh5+ KLVyLKJDyeB5ShPjsn6Nd+pQd6b+uwnRsRBuNJmvGh/vhfbrGEw9w8x2BDE= =Rvs6 -----END PGP SIGNATURE----- --=-=-=-- From MAILER-DAEMON Thu Jun 11 05:50:41 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MEgvh-0006NM-3i for mharc-gnutls-devel@gnu.org; Thu, 11 Jun 2009 05:50:41 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MEH9j-00027J-Sh for gnutls-devel@gnu.org; Wed, 10 Jun 2009 02:19:27 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MEH9e-000277-Ih for gnutls-devel@gnu.org; Wed, 10 Jun 2009 02:19:26 -0400 Received: from [199.232.76.173] (port=53590 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MEH9e-000274-El for gnutls-devel@gnu.org; Wed, 10 Jun 2009 02:19:22 -0400 Received: from www.postnewspapers.com.au ([202.61.230.242]:36366) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MEH9d-0007vo-6X for gnutls-devel@gnu.org; Wed, 10 Jun 2009 02:19:22 -0400 Received: from mail.postnewspapers.com.au (202-89-185-120.static.dsl.amnet.net.au [202.89.185.120]) by www.postnewspapers.com.au (Postfix) with ESMTP id A21795C12B for ; Wed, 10 Jun 2009 14:17:44 +0800 (WST) Received: from localhost (access [127.0.0.1]) by mail.postnewspapers.com.au (Postfix) with ESMTP id 788A81E0437 for ; Wed, 10 Jun 2009 14:17:44 +0800 (WST) X-Virus-Scanned: Debian amavisd-new at postnewspapers.com.au Received: from mail.postnewspapers.com.au ([127.0.0.1]) by localhost (access.postnewspapers.com.au [127.0.0.1]) (amavisd-new, port 10024) with LMTP id hEsebMp1a8ox for ; Wed, 10 Jun 2009 14:17:42 +0800 (WST) Received: from [10.0.0.53] (wallace.localnet [10.0.0.53]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "Craig Ringer", Issuer "POST Certificate Authority" (verified OK)) by mail.postnewspapers.com.au (Postfix) with ESMTPSA id 247A41E0436 for ; Wed, 10 Jun 2009 14:17:42 +0800 (WST) From: Craig Ringer To: gnutls-devel@gnu.org Content-Type: text/plain Date: Wed, 10 Jun 2009 14:17:41 +0800 Message-Id: <1244614661.11069.6.camel@wallace.localnet> Mime-Version: 1.0 X-Mailer: Evolution 2.26.1 Content-Transfer-Encoding: 7bit X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.4-2.6 X-Mailman-Approved-At: Thu, 11 Jun 2009 05:50:38 -0400 Subject: PKCS#11 support and proxy providers X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jun 2009 06:19:28 -0000 Hi I've been doing some research into PKCS#11 support in GnuTLS and into PKCS#11 proxy providers. There was some discussion on both some time ago on the GnuTLS devel list, but I've been unable to find much more recent than 2007. Current GnuTLS sources do not appear to support loading and using a PKCS#11 provider module. Is there PKCS#11 support in GnuTLS that I'm missing? Or did the PKCS#11 work done in 2007 not come to anything? The reason I'm interested is that some apps I use, including Evolution Data Server's Camel mail client module, use GnuTLS for their crypto needs. This not only prevents them from talking to smart cards and other hardware keys, but it prevents them from using centralized PKCS#11-based certificate stores like the GNOME Keyring Daemon. Users must instead configure each GnuTLS-using app to load their certificate from a PKCS#12 file. I'm looking into ways to get a centralized key store, including PKCS#11 proxying for smart cards and the like, into wider use on Linux desktops. As part of that I'd be really interested in any progress on PKCS#11 support in GnuTLS. For my purposes I'd only need single-provider support, since GnuTLS would talk to the proxy provider over a UNIX socket and that'd manage the keystore as well as any smart cards and the like. I've been unable to find any suitable existing proxy provider implementations, so I was thinking of writing a thin PKCS#11 provider module and a daemon that uses libnss to handle the keystore, card proxying, and the like. Is anyone here aware of a suitable existing PKCS#11 proxy daemon and provider that might do the job? Thanks for listening. -- Craig Ringer From MAILER-DAEMON Thu Jun 11 05:51:00 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MEgw0-0006WB-B7 for mharc-gnutls-devel@gnu.org; Thu, 11 Jun 2009 05:51:00 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MEW6c-0004be-TR for gnutls-devel@gnu.org; Wed, 10 Jun 2009 18:17:14 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MEW6X-0004aj-6q for gnutls-devel@gnu.org; Wed, 10 Jun 2009 18:17:14 -0400 Received: from [199.232.76.173] (port=52253 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MEW6W-0004ag-VT for gnutls-devel@gnu.org; Wed, 10 Jun 2009 18:17:08 -0400 Received: from smtp-relay.tamu.edu ([165.91.22.120]:25382 helo=sr-7-int.cis.tamu.edu) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MEW6W-000142-0d for gnutls-devel@gnu.org; Wed, 10 Jun 2009 18:17:08 -0400 Received: from localhost (localhost.tamu.edu [127.0.0.1]) by sr-7-int.cis.tamu.edu (Postfix) with ESMTP id 7CE905F805; Wed, 10 Jun 2009 17:17:04 -0500 (CDT) X-Virus-Scanned: amavisd-new at tamu.edu Received: from tamu.edu (nat-165-91-10-146.tamulink.tamu.edu [165.91.10.146]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by sr-7-int.cis.tamu.edu (Postfix) with ESMTPSA id 9444B5F808; Wed, 10 Jun 2009 17:17:03 -0500 (CDT) Date: Wed, 10 Jun 2009 17:17:35 -0500 From: Sunil P Khatri To: gnutls-devel@gnu.org Message-ID: <20090610171735.43941a5e@tamu.edu> Organization: Dept of ECE, Texas A&M University X-Mailer: Claws Mail 3.7.1 (GTK+ 2.12.9; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) X-Mailman-Approved-At: Thu, 11 Jun 2009 05:50:58 -0400 Subject: gnutls-cgi (version 2.8.1) on ubuntu 8.04 crashes X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: sunilkhatri@tamu.edu List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jun 2009 22:17:15 -0000 Folks, I am running Ubuntu 8.04 on a i386. While setting up the claws-mail client to use IMAP, I systematically got stream errors and a failure to connect to the IMAP server. The fine folks at the claws-mail support team diagnosed this as a gnutls bug. I am using 2.8.1, compiled out of the source tarball. Below is a trace to illustrate the problem. The problem does not occur if I use SSL. Best regards, Sunil (PS If you need to contact me to follow up, please email me directly. I am not subscribed to the gnutls-devel list) --------------------------------------------------------------------------------------- ~> gnutls-cli neo.tamu.edu --port 993 Resolving 'neo.tamu.edu'... Connecting to '165.91.23.114:993'... - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: - subject `C=US,ST=Texas,L=College Station,O=Texas A and M University,OU=Computing and Information Services,CN=neo.tamu.edu', issuer `C=ZA,ST=Western Cape,L=Cape Town,O=Thawte Consulting cc,OU=Certification Services Division,CN=Thawte Premium Server CA,EMAIL=premium-server@thawte.com', RSA key 1024 bits, signed using RSA-SHA, activated `2009-05-29 19:33:18 UTC', expires `2012-06-13 14:51:27 UTC', SHA-1 fingerprint `fe4b9e6c138e3c9b6f236bbcca3cccd04918d9c8' - The hostname in the certificate matches 'neo.tamu.edu'. - Peer's certificate issuer is unknown - Peer's certificate is NOT trusted - Version: TLS1.0 - Key Exchange: RSA - Cipher: 3DES-CBC - MAC: SHA1 - Compression: NULL - Handshake was completed - Simple Client Mode: * OK IMAP4 ready 1 CAPABILITY *** Fatal error: A TLS packet with unexpected length was received. *** Server has terminated the connection abnormally. ------------------------------------------------------------------------------------------- Thanks! Sunil From MAILER-DAEMON Thu Jun 11 06:14:30 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MEhIk-0000Gc-B2 for mharc-gnutls-devel@gnu.org; Thu, 11 Jun 2009 06:14:30 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MEhIi-0000G8-Gl for gnutls-devel@gnu.org; Thu, 11 Jun 2009 06:14:28 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MEhIh-0000Fc-QU for gnutls-devel@gnu.org; Thu, 11 Jun 2009 06:14:28 -0400 Received: from [199.232.76.173] (port=33643 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MEhIh-0000FU-HA for gnutls-devel@gnu.org; Thu, 11 Jun 2009 06:14:27 -0400 Received: from yxa-v.extundo.com ([83.241.177.39]:37823) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MEhIg-0005mn-Tx for gnutls-devel@gnu.org; Thu, 11 Jun 2009 06:14:27 -0400 Received: from mocca.josefsson.org (c80-216-24-60.bredband.comhem.se [80.216.24.60]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n5BAELRu002726 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 11 Jun 2009 12:14:23 +0200 From: Simon Josefsson To: sunilkhatri@tamu.edu References: <20090610171735.43941a5e@tamu.edu> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090611:sunilkhatri@tamu.edu::+0I4nMqSd4jeFD07:AGSp X-Hashcash: 1:22:090611:gnutls-devel@gnu.org::AE8B7TK1cfrkw64H:JVee Date: Thu, 11 Jun 2009 12:14:20 +0200 In-Reply-To: <20090610171735.43941a5e@tamu.edu> (Sunil P. Khatri's message of "Wed, 10 Jun 2009 17:17:35 -0500") Message-ID: <87vdn33wn7.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 1) Cc: gnutls-devel@gnu.org Subject: Re: gnutls-cgi (version 2.8.1) on ubuntu 8.04 crashes X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jun 2009 10:14:28 -0000 Sunil P Khatri writes: > Folks, > > I am running Ubuntu 8.04 on a i386. While setting up the > claws-mail client to use IMAP, I systematically got stream > errors and a failure to connect to the IMAP server. > > The fine folks at the claws-mail support team diagnosed > this as a gnutls bug. I am using 2.8.1, compiled out of the > source tarball. > > Below is a trace to illustrate the problem. The problem > does not occur if I use SSL. Hi! Thanks for the report. > * OK IMAP4 ready > 1 CAPABILITY > *** Fatal error: A TLS packet with unexpected length was received. > *** Server has terminated the connection abnormally. The server does not appear to support record padding, which is a known problem with some servers, see: http://www.gnu.org/software/gnutls/manual/html_node/On-Record-Padding.html You can work around the problem by using the %COMPAT priority string: gnutls-cli neo.tamu.edu --port 993 -d 4711 --priority NORMAL:%COMPAT Claws mail should have a configuration knob that allows users to supply a GnuTLS priority string. The configuration string should be preferably be per-server. Would you bounce back that suggestion to them? The graphical interface could also use a knob to disable record padding directly, without having the user understand GnuTLS priority strings. Then claws mail needs to convert the knob settings to a priority string internally. Thanks, Simon From MAILER-DAEMON Thu Jun 11 06:20:16 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MEhOK-0004er-9D for mharc-gnutls-devel@gnu.org; Thu, 11 Jun 2009 06:20:16 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MEhOI-0004b6-18 for gnutls-devel@gnu.org; Thu, 11 Jun 2009 06:20:14 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MEhOG-0004Yk-Uq for gnutls-devel@gnu.org; Thu, 11 Jun 2009 06:20:13 -0400 Received: from [199.232.76.173] (port=60564 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MEhOG-0004YT-Iy for gnutls-devel@gnu.org; Thu, 11 Jun 2009 06:20:12 -0400 Received: from yxa-v.extundo.com ([83.241.177.39]:34667) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MEhOF-00071B-8q for gnutls-devel@gnu.org; Thu, 11 Jun 2009 06:20:12 -0400 Received: from mocca.josefsson.org (c80-216-24-60.bredband.comhem.se [80.216.24.60]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n5BAK5Ip002948 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 11 Jun 2009 12:20:07 +0200 From: Simon Josefsson To: Craig Ringer References: <1244614661.11069.6.camel@wallace.localnet> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090611:gnutls-devel@gnu.org::jfubiVXJs+VTAtuO:Tb9p X-Hashcash: 1:22:090611:craig@postnewspapers.com.au::b5PcJS3PVy92qJbt:05wC0 Date: Thu, 11 Jun 2009 12:20:04 +0200 In-Reply-To: <1244614661.11069.6.camel@wallace.localnet> (Craig Ringer's message of "Wed, 10 Jun 2009 14:17:41 +0800") Message-ID: <87r5xr3wdn.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 1) Cc: gnutls-devel@gnu.org Subject: Re: PKCS#11 support and proxy providers X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jun 2009 10:20:14 -0000 Craig Ringer writes: > Hi > > I've been doing some research into PKCS#11 support in GnuTLS and into > PKCS#11 proxy providers. There was some discussion on both some time ago > on the GnuTLS devel list, but I've been unable to find much more recent > than 2007. Current GnuTLS sources do not appear to support loading and > using a PKCS#11 provider module. > > Is there PKCS#11 support in GnuTLS that I'm missing? Or did the PKCS#11 > work done in 2007 not come to anything? > > The reason I'm interested is that some apps I use, including Evolution > Data Server's Camel mail client module, use GnuTLS for their crypto > needs. This not only prevents them from talking to smart cards and other > hardware keys, but it prevents them from using centralized PKCS#11-based > certificate stores like the GNOME Keyring Daemon. Users must instead > configure each GnuTLS-using app to load their certificate from a PKCS#12 > file. > > I'm looking into ways to get a centralized key store, including PKCS#11 > proxying for smart cards and the like, into wider use on Linux desktops. > As part of that I'd be really interested in any progress on PKCS#11 > support in GnuTLS. For my purposes I'd only need single-provider > support, since GnuTLS would talk to the proxy provider over a UNIX > socket and that'd manage the keystore as well as any smart cards and the > like. > > I've been unable to find any suitable existing proxy provider > implementations, so I was thinking of writing a thin PKCS#11 provider > module and a daemon that uses libnss to handle the keystore, card > proxying, and the like. Is anyone here aware of a suitable existing > PKCS#11 proxy daemon and provider that might do the job? Hi. You should be able to implement what you need using the sign callback in GnuTLS: http://www.gnu.org/software/gnutls/manual/html_node/Core-functions.html#index-gnutls_005fsign_005fcallback_005fset-268 This lets you send back the sign request to where the private keys is, which can include a PKCS#11 provider. However, I would agree with you that something more would be useful. We have been thinking about a 'gnutlsd' daemon that can sit in the background and hold private keys, or tunnel them to PKCS#11 providers. See some ideas on: http://redmine.josefsson.org/projects/gnutls/wiki/GnuTLSExternalValidation Seahorse could implement the same protocol, and would then be able to hold private keys and serve GnuTLS clients. I think it makes more sense for these daemons to do the PKCS#11 integration than including that code in the TLS client library. It makes things simpler and easier to debug. I wish I had more time to work on this, it would be quite interesting. If you want to help, now is a good time to do it, since we have just opened the 2.9.x branch. /Simon From MAILER-DAEMON Mon Jun 15 11:10:35 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MGDpT-0008NP-Bq for mharc-gnutls-devel@gnu.org; Mon, 15 Jun 2009 11:10:35 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MGBJf-0005dz-MP for gnutls-devel@gnu.org; Mon, 15 Jun 2009 08:29:35 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MGBJd-0005dG-4A for gnutls-devel@gnu.org; Mon, 15 Jun 2009 08:29:33 -0400 Received: from [199.232.76.173] (port=38202 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MGBJc-0005d9-UR for gnutls-devel@gnu.org; Mon, 15 Jun 2009 08:29:33 -0400 Received: from v1068.ncsrv.de ([89.110.148.62]:46326 helo=monkeycode.org) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MGBJc-0002XL-EL for gnutls-devel@gnu.org; Mon, 15 Jun 2009 08:29:32 -0400 Received: from [134.106.13.42] (arbi-dyn-13-11.Informatik.Uni-Oldenburg.DE [134.106.13.42]) (using SSLv3 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by monkeycode.org (Postfix) with ESMTP id DE36A18E4964 for ; Mon, 15 Jun 2009 12:29:29 +0000 (UTC) From: =?ISO-8859-1?Q?J=FCrgen?= Geuter To: gnutls-devel@gnu.org Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-RLRR9YR5zdigR9QAWNph" Date: Mon, 15 Jun 2009 14:25:44 +0200 Message-Id: <1245068744.6936.30.camel@yatahaze> Mime-Version: 1.0 X-Mailer: Evolution 2.26.2 X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) X-Mailman-Approved-At: Mon, 15 Jun 2009 11:10:32 -0400 Subject: Bug in gnutls breaking Pidgin Jabber support X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2009 12:29:36 -0000 --=-RLRR9YR5zdigR9QAWNph Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hello. As described in http://bugs.gentoo.org/show_bug.cgi?id=3D273756 gnutls-2.8.0 and gnutls-2.8.1 break Jabber support in the instant messenger Pidgin. The Jabber support always tries connecting securely in Jabber services which works flawlessly with gnutls-2.6.6. With 2.8.0 or 2.8.1 the client connects but the connection breaks down almost instantly. The error messages look like this: (21:19:23) jabber: Found bytestream proxy server: proxy.eu.jabber.org (21:19:23) jabber: Sending (ssl): (21:19:23) jabber: xmlParseChunk returned warning 100 (21:19:23) util: Writing file accounts.xml to directory /home/tante/.purple (21:19:23) util: Writing file /home/tante/.purple/accounts.xml (21:19:24) gnutls: receive failed: A TLS fatal alert has been received. (21:19:24) jabber: Disconnected: Input/output error Recompiling pidgin does not help, just downgrading gnutls. I'm posting this here since the Gentoo developer in charge of the package (= Arfrever Frehtes Taifersar Arahesis) asked me to, if you need any extra inf= ormation please ask and I'll try to supply the required information. Regards, J=C3=BCrgen Geuter --=20 ICQ #81510866 - http://the-gay-bar.com - jabber tante@jabber.org Occam's Razor:=20 -"Entia non sunt multiplicanda praeter necessitatem."- --=-RLRR9YR5zdigR9QAWNph Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) iEYEABECAAYFAko2PcgACgkQrAehKXTNZavpbACfR70df9gpMKpr2+2iSnMFmNaZ dl0AoJE0+PRE2jY0EE+5W6Ds2T0qYWOd =Yv8Z -----END PGP SIGNATURE----- --=-RLRR9YR5zdigR9QAWNph-- From MAILER-DAEMON Tue Jun 16 04:03:40 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MGTds-0004RL-Np for mharc-gnutls-devel@gnu.org; Tue, 16 Jun 2009 04:03:40 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MGTdq-0004RB-Iy for gnutls-devel@gnu.org; Tue, 16 Jun 2009 04:03:38 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MGTdo-0004Qt-O2 for gnutls-devel@gnu.org; Tue, 16 Jun 2009 04:03:36 -0400 Received: from [199.232.76.173] (port=56297 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MGTdo-0004Qq-Kj for gnutls-devel@gnu.org; Tue, 16 Jun 2009 04:03:36 -0400 Received: from yxa-v.extundo.com ([83.241.177.39]:59274) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MGTdn-0001qJ-NX for gnutls-devel@gnu.org; Tue, 16 Jun 2009 04:03:36 -0400 Received: from mocca.josefsson.org (c80-216-24-60.bredband.comhem.se [80.216.24.60]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n5G83Umt029664 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 16 Jun 2009 10:03:32 +0200 From: Simon Josefsson To: =?iso-8859-1?Q?J=FCrgen?= Geuter References: <1245068744.6936.30.camel@yatahaze> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090616:tante@monkeycode.org::r7Mrq7lZYgMFsr3P:92yi X-Hashcash: 1:22:090616:gnutls-devel@gnu.org::WQBQEkc6THqNZdhZ:mkMu Date: Tue, 16 Jun 2009 10:03:30 +0200 In-Reply-To: <1245068744.6936.30.camel@yatahaze> (=?iso-8859-1?Q?=22J=FCrg?= =?iso-8859-1?Q?en?= Geuter"'s message of "Mon, 15 Jun 2009 14:25:44 +0200") Message-ID: <87ski0ip0t.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by yxa-v.extundo.com id n5G83Umt029664 X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 1) Cc: gnutls-devel@gnu.org Subject: Re: Bug in gnutls breaking Pidgin Jabber support X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jun 2009 08:03:39 -0000 J=FCrgen Geuter writes: > Hello. > > As described in http://bugs.gentoo.org/show_bug.cgi?id=3D273756 > gnutls-2.8.0 and gnutls-2.8.1 break Jabber support in the instant > messenger Pidgin. > > The Jabber support always tries connecting securely in Jabber services > which works flawlessly with gnutls-2.6.6. With 2.8.0 or 2.8.1 the clien= t > connects but the connection breaks down almost instantly. The error > messages look like this: > > (21:19:23) jabber: Found bytestream proxy server: proxy.eu.jabber.org > (21:19:23) jabber: Sending (ssl): to=3D'proxy.eu.jabber.org'> xmlns=3D'http://jabber.org/protocol/bytestreams'/> > (21:19:23) jabber: xmlParseChunk returned warning 100 > (21:19:23) util: Writing file accounts.xml to directory /home/tante/.pu= rple > (21:19:23) util: Writing file /home/tante/.purple/accounts.xml > (21:19:24) gnutls: receive failed: A TLS fatal alert has been received. > (21:19:24) jabber: Disconnected: Input/output error > > Recompiling pidgin does not help, just downgrading gnutls. > > I'm posting this here since the Gentoo developer in charge of the > package (Arfrever Frehtes Taifersar Arahesis) asked me to, if you need > any extra information please ask and I'll try to supply the required > information. Hello and thanks for the report! The BTS seems to be down now, so I can't check for more details. A complete gnutls debug log is needed. A patch to pidgin could be added to do this, what is needed is a call to gnutls_global_set_log_level (level); to set a debug level and a call to gnutls_global_set_log_function (tls_log_func); to set a debug logger, which has to have this prototype: static void tls_log_func (int level, const char *str) { fprintf (stderr, "|<%d>| %s", level, str); } Perhaps better to print the messages to the pidgin error log. /Simon From MAILER-DAEMON Wed Jun 17 03:29:43 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MGpaY-0002EZ-S5 for mharc-gnutls-devel@gnu.org; Wed, 17 Jun 2009 03:29:42 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MGpaX-0002EN-9K for gnutls-devel@gnu.org; Wed, 17 Jun 2009 03:29:41 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MGpaV-0002E2-Js for gnutls-devel@gnu.org; Wed, 17 Jun 2009 03:29:40 -0400 Received: from [199.232.76.173] (port=58588 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MGpaV-0002Dx-Bm for gnutls-devel@gnu.org; Wed, 17 Jun 2009 03:29:39 -0400 Received: from mx20.gnu.org ([199.232.41.8]:17812) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MGpaU-0001Ot-Ql for gnutls-devel@gnu.org; Wed, 17 Jun 2009 03:29:39 -0400 Received: from yxa-v.extundo.com ([83.241.177.39]) by mx20.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MGpaT-0002ym-VY for gnutls-devel@gnu.org; Wed, 17 Jun 2009 03:29:38 -0400 Received: from mocca.josefsson.org (c80-216-24-60.bredband.comhem.se [80.216.24.60]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n5H7NVsk027723 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 17 Jun 2009 09:23:33 +0200 From: Simon Josefsson To: Peter Hendrickson References: <20090528182531.1883.qmail@wiredyne.com> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090617:pdh@wiredyne.com::9coaN/N/jSaphmfU:0FCm X-Hashcash: 1:22:090617:gnutls-devel@gnu.org::GJttqdaxZw04yadq:8VYl Date: Wed, 17 Jun 2009 09:23:31 +0200 In-Reply-To: <20090528182531.1883.qmail@wiredyne.com> (Peter Hendrickson's message of "28 May 2009 18:25:31 -0000") Message-ID: <87ljnrb9xo.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Detected-Operating-System: by mx20.gnu.org: GNU/Linux 2.6 (newer, 1) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) Cc: gnutls-devel@gnu.org Subject: Re: gnutls_dh_get_prime_bits() returns wrong values X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jun 2009 07:29:41 -0000 Peter Hendrickson writes: > When I run gnutls_dh_get_prime_bits() it returns a value 8 bits larger > than the actual length of the prime. For example, if I load a > Diffie-Hellman parameter with 4096 bits, I am told after the > negotiation that the prime was 4104 bits long. > > It looks like it's getting something from dh->prime.size and > multiplying it by 8 and that prime.size is one larger than is correct. Yes, that seems wrong. Fixed like this: http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=10a9cd097b97066983b248ff87910f3d772e8408 Thanks, /Simon From MAILER-DAEMON Wed Jun 17 14:14:02 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MGze6-0003vs-8k for mharc-gnutls-devel@gnu.org; Wed, 17 Jun 2009 14:14:02 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MGze3-0003te-J7 for gnutls-devel@gnu.org; Wed, 17 Jun 2009 14:13:59 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MGzdw-0003pY-M9 for gnutls-devel@gnu.org; Wed, 17 Jun 2009 14:13:58 -0400 Received: from [199.232.76.173] (port=49753 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MGzdw-0003pG-BW for gnutls-devel@gnu.org; Wed, 17 Jun 2009 14:13:52 -0400 Received: from wiredyne.com ([166.84.7.163]:64278) by monty-python.gnu.org with smtp (Exim 4.60) (envelope-from ) id 1MGzdv-0002Tw-LJ for gnutls-devel@gnu.org; Wed, 17 Jun 2009 14:13:52 -0400 Received: (qmail 4475 invoked by uid 1000); 17 Jun 2009 18:13:22 -0000 Date: 17 Jun 2009 18:13:22 -0000 Message-ID: <20090617181322.7640.qmail@wiredyne.com> From: Peter Hendrickson To: Simon Josefsson In-reply-to: <87ljnrb9xo.fsf@mocca.josefsson.org> (message from Simon Josefsson on Wed, 17 Jun 2009 09:23:31 +0200) References: <20090528182531.1883.qmail@wiredyne.com> <87ljnrb9xo.fsf@mocca.josefsson.org> X-detected-operating-system: by monty-python.gnu.org: Genre and OS details not recognized. Cc: gnutls-devel@gnu.org Subject: Re: gnutls_dh_get_prime_bits() returns wrong values X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jun 2009 18:14:00 -0000 Simon wrote: > Yes, that seems wrong. Fixed like this: > > http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=10a9cd097b97066983b248ff87910f3d772e8408 I tested gnutls_dh_get_prime_bits() and it looks good. Thanks! Peter From MAILER-DAEMON Thu Jun 18 13:15:23 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MHLCt-0002YB-2Q for mharc-gnutls-devel@gnu.org; Thu, 18 Jun 2009 13:15:23 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MGzqn-0002xe-7s for gnutls-devel@gnu.org; Wed, 17 Jun 2009 14:27:09 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MGzqi-0002nI-6N for gnutls-devel@gnu.org; Wed, 17 Jun 2009 14:27:08 -0400 Received: from [199.232.76.173] (port=57357 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MGzqh-0002n5-OA for gnutls-devel@gnu.org; Wed, 17 Jun 2009 14:27:03 -0400 Received: from edge-k01.its.kfa-juelich.de ([134.94.4.20]:32581) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MGzqh-0006NR-8N for gnutls-devel@gnu.org; Wed, 17 Jun 2009 14:27:03 -0400 Received: from hub-e01.ad.fz-juelich.de (134.94.4.34) by edge-k01.its.kfa-juelich.de (134.94.4.20) with Microsoft SMTP Server (TLS) id 8.1.375.2; Wed, 17 Jun 2009 20:06:46 +0200 Received: from zel459.zel.kfa-juelich.de (134.94.234.157) by hub-e01.ad.fz-juelich.de (134.94.4.38) with Microsoft SMTP Server id 8.1.375.2; Wed, 17 Jun 2009 20:06:46 +0200 Received: from localhost by zel459.zel.kfa-juelich.de (8.9.3/1.1.29.3/29Apr03-0712PM) id UAA0000025732; Wed, 17 Jun 2009 20:06:44 +0200 (MEST) Message-ID: <200906171806.UAA0000025732@zel459.zel.kfa-juelich.de> X-Mailer: exmh version 2.5 07/13/2001 with version: MH 6.7 #1[UCI] From: Matthias Drochner To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 17 Jun 2009 20:06:44 +0200 Sender: X-Mts: smtp Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by monty-python.gnu.org: Windows 2000 SP2+, XP SP1+ (seldom 98) X-Mailman-Approved-At: Thu, 18 Jun 2009 13:15:21 -0400 Subject: missing variable in gnutls-2.8 Makefile X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: M.Drochner@fz-juelich.de List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jun 2009 18:27:09 -0000 Hi - "LINK_WARNING_H" is not defined in gl/tests/Makefile.am. This causes breakage on systems where sys/ioctl.h is missing (Solaris 10), due to an invalid "sed" command line argument. best regards Matthias ---------------------------------------------------------------------------= --------------------- ---------------------------------------------------------------------------= --------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender), Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ---------------------------------------------------------------------------= --------------------- ---------------------------------------------------------------------------= --------------------- From MAILER-DAEMON Thu Jun 18 13:15:27 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MHLCx-0002ZT-8q for mharc-gnutls-devel@gnu.org; Thu, 18 Jun 2009 13:15:27 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MH0Wn-0001oV-O6 for gnutls-devel@gnu.org; Wed, 17 Jun 2009 15:10:33 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MH0Wi-0001eB-6s for gnutls-devel@gnu.org; Wed, 17 Jun 2009 15:10:32 -0400 Received: from [199.232.76.173] (port=38997 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MH0Wi-0001dn-1D for gnutls-devel@gnu.org; Wed, 17 Jun 2009 15:10:28 -0400 Received: from edge-k01.its.kfa-juelich.de ([134.94.4.20]:35433) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MH0Wg-00024G-FZ for gnutls-devel@gnu.org; Wed, 17 Jun 2009 15:10:27 -0400 Received: from hub-e01.ad.fz-juelich.de (134.94.4.34) by edge-k01.its.kfa-juelich.de (134.94.4.20) with Microsoft SMTP Server (TLS) id 8.1.375.2; Wed, 17 Jun 2009 21:08:54 +0200 Received: from zel459.zel.kfa-juelich.de (134.94.234.157) by hub-e01.ad.fz-juelich.de (134.94.4.38) with Microsoft SMTP Server id 8.1.375.2; Wed, 17 Jun 2009 21:08:54 +0200 Received: from localhost by zel459.zel.kfa-juelich.de (8.9.3/1.1.29.3/29Apr03-0712PM) id VAA0000025965; Wed, 17 Jun 2009 21:08:53 +0200 (MEST) Message-ID: <200906171908.VAA0000025965@zel459.zel.kfa-juelich.de> X-Mailer: exmh version 2.5 07/13/2001 with version: MH 6.7 #1[UCI] From: Matthias Drochner To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 17 Jun 2009 21:08:52 +0200 Sender: X-Mts: smtp Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by monty-python.gnu.org: Windows 2000 SP2+, XP SP1+ (seldom 98) X-Greylist: delayed 3728 seconds by postgrey-1.27 at monty-python; Wed, 17 Jun 2009 15:08:56 EDT X-Mailman-Approved-At: Thu, 18 Jun 2009 13:15:26 -0400 Subject: gnutls "configure" inconsistency wrt openssl compatibility X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: M.Drochner@fz-juelich.de List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jun 2009 19:10:34 -0000 Hi - another one: the --disable-openssl-compatibility option doesn't work, due to an inconsistency: The "enable_openssl=3D$withval" in libextra/m4/hooks.m4 should be "enable_openssl=3D$enableval". Besides this, the logics is somewhat backwards: It prints "whether to disable OpenSSL compatibility layer" but the result is whether it is enabled -- the exact opposite. best regards Matthias ---------------------------------------------------------------------------= --------------------- ---------------------------------------------------------------------------= --------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender), Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ---------------------------------------------------------------------------= --------------------- ---------------------------------------------------------------------------= --------------------- From MAILER-DAEMON Thu Jun 18 16:22:56 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MHO8O-00019W-Jm for mharc-gnutls-devel@gnu.org; Thu, 18 Jun 2009 16:22:56 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MHO8M-00019L-N5 for gnutls-devel@gnu.org; Thu, 18 Jun 2009 16:22:54 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MHO8M-000198-8W for gnutls-devel@gnu.org; Thu, 18 Jun 2009 16:22:54 -0400 Received: from [199.232.76.173] (port=52904 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MHO8M-000194-5M for gnutls-devel@gnu.org; Thu, 18 Jun 2009 16:22:54 -0400 Received: from yxa-v.extundo.com ([83.241.177.39]:58110) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MHO8L-0001Ox-Kd for gnutls-devel@gnu.org; Thu, 18 Jun 2009 16:22:54 -0400 Received: from mocca.josefsson.org (m83-178-7-170.cust.tele2.se [83.178.7.170]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n5IKM5sQ011982 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 18 Jun 2009 22:22:11 +0200 From: Simon Josefsson To: M.Drochner@fz-juelich.de References: <200906171806.UAA0000025732@zel459.zel.kfa-juelich.de> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090618:m.drochner@fz-juelich.de::WJqVEMmRcwe2aN4o:8VNa X-Hashcash: 1:22:090618:gnutls-devel@gnu.org::uCa8fm0lSlG0CV4y:Kl5r Date: Thu, 18 Jun 2009 22:22:04 +0200 In-Reply-To: <200906171806.UAA0000025732@zel459.zel.kfa-juelich.de> (Matthias Drochner's message of "Wed, 17 Jun 2009 20:06:44 +0200") Message-ID: <87k539thqr.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 1) Cc: gnutls-devel@gnu.org Subject: Re: missing variable in gnutls-2.8 Makefile X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2009 20:22:55 -0000 Matthias Drochner writes: > Hi - > > "LINK_WARNING_H" is not defined in gl/tests/Makefile.am. > This causes breakage on systems where sys/ioctl.h is > missing (Solaris 10), due to an invalid "sed" command > line argument. Hi. Thanks for the report. What error message do you get? As far as I can tell, the relevant sed command is: sed -e 's|@''HAVE_SYS_IOCTL_H''@|$(HAVE_SYS_IOCTL_H)|g' \ -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \ -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \ -e 's|@''NEXT_SYS_IOCTL_H''@|$(NEXT_SYS_IOCTL_H)|g' \ -e 's|@''GNULIB_IOCTL''@|$(GNULIB_IOCTL)|g' \ -e 's|@''SYS_IOCTL_H_HAVE_WINSOCK2_H''@|$(SYS_IOCTL_H_HAVE_WINSOCK2_H)|g' \ -e '/definition of GL_LINK_WARNING/r $(LINK_WARNING_H)' \ < $(srcdir)/sys_ioctl.in.h; \ Maybe it is really a make error you get? Anyway, seeing the error message would help. I have built GnuTLS on Solaris 2.8 and didn't see any errors like this. Btw, which make implementation do you use? /Simon From MAILER-DAEMON Thu Jun 18 16:28:31 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MHODn-0007uo-JV for mharc-gnutls-devel@gnu.org; Thu, 18 Jun 2009 16:28:31 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MHODm-0007tc-5G for gnutls-devel@gnu.org; Thu, 18 Jun 2009 16:28:30 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MHODl-0007tB-Ra for gnutls-devel@gnu.org; Thu, 18 Jun 2009 16:28:29 -0400 Received: from [199.232.76.173] (port=52494 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MHODl-0007sz-Ln for gnutls-devel@gnu.org; Thu, 18 Jun 2009 16:28:29 -0400 Received: from yxa-v.extundo.com ([83.241.177.39]:40405) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MHODl-0002ka-3N for gnutls-devel@gnu.org; Thu, 18 Jun 2009 16:28:29 -0400 Received: from mocca.josefsson.org (m83-178-7-170.cust.tele2.se [83.178.7.170]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n5IKRaaH012139 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 18 Jun 2009 22:27:46 +0200 From: Simon Josefsson To: M.Drochner@fz-juelich.de References: <200906171908.VAA0000025965@zel459.zel.kfa-juelich.de> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090618:gnutls-devel@gnu.org::6gej3YiU+/VVuyti:7s3T X-Hashcash: 1:22:090618:m.drochner@fz-juelich.de::x7G3gzv4omLLWeSv:A4yv Date: Thu, 18 Jun 2009 22:27:35 +0200 In-Reply-To: <200906171908.VAA0000025965@zel459.zel.kfa-juelich.de> (Matthias Drochner's message of "Wed, 17 Jun 2009 21:08:52 +0200") Message-ID: <87fxdxthhk.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 1) Cc: gnutls-devel@gnu.org Subject: Re: gnutls "configure" inconsistency wrt openssl compatibility X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2009 20:28:30 -0000 Matthias Drochner writes: > Hi - > another one: the --disable-openssl-compatibility option doesn't > work, due to an inconsistency: > The "enable_openssl=$withval" in libextra/m4/hooks.m4 should be > "enable_openssl=$enableval". > Besides this, the logics is somewhat backwards: It prints > "whether to disable OpenSSL compatibility layer" but the result > is whether it is enabled -- the exact opposite. Hi. Thanks, fixed in: http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=1fd7d3a1ce4a9dee7e38d732e88a8105b494d607 /Simon From MAILER-DAEMON Thu Jun 18 19:28:59 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MHR2R-0003wF-7R for mharc-gnutls-devel@gnu.org; Thu, 18 Jun 2009 19:28:59 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MHOVB-0001MV-5g for gnutls-devel@gnu.org; Thu, 18 Jun 2009 16:46:29 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MHOV6-0001Kc-EJ for gnutls-devel@gnu.org; Thu, 18 Jun 2009 16:46:28 -0400 Received: from [199.232.76.173] (port=43584 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MHOV5-0001KR-NI for gnutls-devel@gnu.org; Thu, 18 Jun 2009 16:46:23 -0400 Received: from edge-e01.its.kfa-juelich.de ([134.94.4.18]:26377) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MHOV5-0005tm-5v for gnutls-devel@gnu.org; Thu, 18 Jun 2009 16:46:23 -0400 Received: from hub-e01.ad.fz-juelich.de (134.94.4.34) by edge-e01.its.kfa-juelich.de (134.94.4.18) with Microsoft SMTP Server (TLS) id 8.1.375.2; Thu, 18 Jun 2009 22:44:56 +0200 Received: from zel459.zel.kfa-juelich.de (134.94.234.157) by hub-e01.ad.fz-juelich.de (134.94.4.38) with Microsoft SMTP Server id 8.1.375.2; Thu, 18 Jun 2009 22:44:49 +0200 Received: from localhost by zel459.zel.kfa-juelich.de (8.9.3/1.1.29.3/29Apr03-0712PM) id WAA0000030933; Thu, 18 Jun 2009 22:44:47 +0200 (MEST) Message-ID: <200906182044.WAA0000030933@zel459.zel.kfa-juelich.de> X-Mailer: exmh version 2.5 07/13/2001 with version: MH 6.7 #1[UCI] From: Matthias Drochner To: Simon Josefsson In-Reply-To: <87k539thqr.fsf@mocca.josefsson.org> References: <200906171806.UAA0000025732@zel459.zel.kfa-juelich.de> <87k539thqr.fsf@mocca.josefsson.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Thu, 18 Jun 2009 22:44:47 +0200 Sender: X-Mts: smtp Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by monty-python.gnu.org: Windows 2000 SP2+, XP SP1+ (seldom 98) X-Mailman-Approved-At: Thu, 18 Jun 2009 19:28:57 -0400 Cc: gnutls-devel@gnu.org Subject: Re: missing variable in gnutls-2.8 Makefile X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: M.Drochner@fz-juelich.de List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2009 20:46:29 -0000 simon@josefsson.org said: > What error message do you get? The original report is here: http://mail-index.NetBSD.org/pkgsrc-bugs/2009/06/17/msg032744.html "sed" complains with "filename expected". I don't have a Solaris system, but I could reproduce it on NetBSD by pre-setting a "configure" variable, "ac_cv_header_sys_ioctl_h" iirc. It seems that gnu sed silently ignores the case if the file is not specified or does not exist: On NetBSD: $ sed '/xxx/r' I have built GnuTLS on Solaris 2.8 So perhaps you used gnu sed? > which make implementation do you use? For that package, gnu make is used. Makefiles generated by autoconf/automake usually use some gnu specific extensions. best regards Matthias ---------------------------------------------------------------------------= --------------------- ---------------------------------------------------------------------------= --------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender), Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ---------------------------------------------------------------------------= --------------------- ---------------------------------------------------------------------------= --------------------- From MAILER-DAEMON Fri Jun 19 16:25:04 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MHke0-0002r3-6A for mharc-gnutls-devel@gnu.org; Fri, 19 Jun 2009 16:25:04 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MHkdy-0002oB-Jh for gnutls-devel@gnu.org; Fri, 19 Jun 2009 16:25:02 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MHkdt-0002eC-JE for gnutls-devel@gnu.org; Fri, 19 Jun 2009 16:25:01 -0400 Received: from [199.232.76.173] (port=39804 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MHkdt-0002e6-B2 for gnutls-devel@gnu.org; Fri, 19 Jun 2009 16:24:57 -0400 Received: from kerckhoffs.g10code.com ([217.69.77.222]:36455) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MHkdt-0004XC-0N for gnutls-devel@gnu.org; Fri, 19 Jun 2009 16:24:57 -0400 Received: from filezilla-project.org ([213.239.222.5]) by kerckhoffs.g10code.com with esmtp (Exim 4.63 #1 (Debian)) id 1MHkdq-0000Ev-47 for ; Fri, 19 Jun 2009 22:24:54 +0200 Received: from kong.kawo1.rwth-aachen.de ([134.130.113.59]) by filezilla-project.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from ) id 1MHjxM-000689-MA for gnutls-dev@gnupg.org; Fri, 19 Jun 2009 21:41:05 +0200 Message-ID: <4A3BE9C8.7060109@filezilla-project.org> Date: Fri, 19 Jun 2009 21:40:56 +0200 From: Tim Kosse User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: gnutls-dev@gnupg.org X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig2AFF8749A2AD78C38C27A2BD" X-Spam-Score: -4.6 (----) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) Cc: Subject: Size of time_t in gnutls4win X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Jun 2009 20:25:03 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig2AFF8749A2AD78C38C27A2BD Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable The Windows GnuTLS binaries from http://josefsson.org/gnutls4win/ seem to be compiled in an environment with a 32bit time_t at least in 2.6.4 and 2.8.1, the versions I have tried. I'm using Visual Studio 2008 and on that platform time_t is 64bit in size= =2E The GnuTLS functions that have a time_t either as argument or as return type thus have undefined behavior. For example gnutls_x509_crt_get_expiration_time from the DLL returns a 32bit number, whereas the calling program expects a 64bit number. The result is that the leading 32 bits of the value after the call are whatever else was on the stack at the time of the call. The behavior of functions expecting a time_t as argument will probably be even more problematic. I think instead of time_t a type should be used that's been chosen at compile time of GnUTLS to match the size of time_t of the build environme= nt. Regards, Tim Kosse --------------enig2AFF8749A2AD78C38C27A2BD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAko76cwACgkQ8N9+lcqiUkWLrQCglRF5+5heiqHRrwY9dMeUox5v ylQAoL8EgULl23AjdEiNZjPTkpWqqIV4 =Fwk+ -----END PGP SIGNATURE----- --------------enig2AFF8749A2AD78C38C27A2BD-- From MAILER-DAEMON Fri Jun 19 18:13:52 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MHmLI-0003Ka-74 for mharc-gnutls-devel@gnu.org; Fri, 19 Jun 2009 18:13:52 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MHmLG-0003Hj-P8 for gnutls-devel@gnu.org; Fri, 19 Jun 2009 18:13:50 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MHmLC-00038K-1P for gnutls-devel@gnu.org; Fri, 19 Jun 2009 18:13:50 -0400 Received: from [199.232.76.173] (port=58395 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MHmLB-000383-TL for gnutls-devel@gnu.org; Fri, 19 Jun 2009 18:13:45 -0400 Received: from kerckhoffs.g10code.com ([217.69.77.222]:33317) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MHmLB-00041i-D1 for gnutls-devel@gnu.org; Fri, 19 Jun 2009 18:13:45 -0400 Received: from filezilla-project.org ([213.239.222.5]) by kerckhoffs.g10code.com with esmtp (Exim 4.63 #1 (Debian)) id 1MHmL9-0001oJ-EQ for ; Sat, 20 Jun 2009 00:13:43 +0200 Received: from kong.kawo1.rwth-aachen.de ([134.130.113.59]) by filezilla-project.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from ) id 1MHmKU-00075j-NT for gnutls-dev@gnupg.org; Sat, 20 Jun 2009 00:13:08 +0200 Message-ID: <4A3C0D6F.6070408@filezilla-project.org> Date: Sat, 20 Jun 2009 00:13:03 +0200 From: Tim Kosse User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: gnutls-dev@gnupg.org X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigBF757D5A926C8C92FB4020E7" X-Spam-Score: -4.6 (----) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) Cc: Subject: Patch for off-by-one in _gnutls_x509_parse_dn in lib/x509/dn.c X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Jun 2009 22:13:51 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigBF757D5A926C8C92FB4020E7 Content-Type: multipart/mixed; boundary="------------090904090505000107080904" This is a multi-part message in MIME format. --------------090904090505000107080904 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable The size of the sizeof_escaped string in _gnutls_x509_parse_dn is one byte too short. The length passed to str_escape includes the terminating null, yet the size calculation for sizeof_escaped does not. The attached patch corrects this problem. To reproduce: Using GnuTLS 2.8.1 Run gnutls-cli www.gmx.de -p 443 It prints the following value for the 2.5.4.17 OID in the subject of certificate 0: #1405383038303 It's missing one character at the end, it should have printed: #14053830383037 Regards, Tim Kosse --------------090904090505000107080904 Content-Type: text/plain; name="gnutls_dn.patch" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="gnutls_dn.patch" LS0tIGxpYi94NTA5L2RuLmNfb2xkCTIwMDktMDYtMjAgMDA6MDM6NTcuMjY1NjI1MDAwICsw MjAwCisrKyBsaWIveDUwOS9kbi5jCTIwMDktMDYtMjAgMDA6MDM6NDAuMTcxODc1MDAwICsw MjAwCkBAIC0yNDAsNyArMjQwLDcgQEAKIAkgIGxkYXBfZGVzYyA9IG9pZDJsZGFwX3N0cmlu ZyAob2lkKTsKIAkgIHByaW50YWJsZSA9IF9nbnV0bHNfeDUwOV9vaWRfZGF0YV9wcmludGFi bGUgKG9pZCk7CiAKLQkgIHNpemVvZl9lc2NhcGVkID0gMiAqIGxlbiArIDE7CisJICBzaXpl b2ZfZXNjYXBlZCA9IDIgKiBsZW4gKyAyOyAvKiBsZWFkaW5nICMsIGhleCBlbmNvZGVkIHZh bHVlIGFuZCB0ZXJtaW5hdGluZyBOVUxMICovCiAKIAkgIGVzY2FwZWQgPSBnbnV0bHNfbWFs bG9jIChzaXplb2ZfZXNjYXBlZCk7CiAJICBpZiAoZXNjYXBlZCA9PSBOVUxMKQo= --------------090904090505000107080904-- --------------enigBF757D5A926C8C92FB4020E7 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAko8DW8ACgkQ8N9+lcqiUkWh4QCgrZl+0yZqqWLhSUFOrzVyjrSk Ka0Anix7gYb3FEiFee5egA3ieCL0WGlH =x2oj -----END PGP SIGNATURE----- --------------enigBF757D5A926C8C92FB4020E7-- From MAILER-DAEMON Mon Jun 22 05:45:50 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MIg62-00013Q-86 for mharc-gnutls-devel@gnu.org; Mon, 22 Jun 2009 05:45:50 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MIg60-00011l-PH for gnutls-devel@gnu.org; Mon, 22 Jun 2009 05:45:48 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MIg5u-0000zQ-Hb for gnutls-devel@gnu.org; Mon, 22 Jun 2009 05:45:47 -0400 Received: from [199.232.76.173] (port=50474 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MIg5u-0000z2-2z for gnutls-devel@gnu.org; Mon, 22 Jun 2009 05:45:42 -0400 Received: from kerckhoffs.g10code.com ([217.69.77.222]:51443) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MIg5t-0001C0-Dv for gnutls-devel@gnu.org; Mon, 22 Jun 2009 05:45:41 -0400 Received: from yxa-v.extundo.com ([83.241.177.39]) by kerckhoffs.g10code.com with esmtp (Exim 4.63 #1 (Debian)) id 1MIg5n-0004ud-7Q for ; Mon, 22 Jun 2009 11:45:35 +0200 Received: from mocca.josefsson.org (c80-216-24-60.bredband.comhem.se [80.216.24.60]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n5M9ilUa006696 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 22 Jun 2009 11:44:49 +0200 From: Simon Josefsson To: Tim Kosse References: <4A3C0D6F.6070408@filezilla-project.org> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090622:gnutls-dev@gnupg.org::glFS6WyAF4aT3Sqt:Dxsc X-Hashcash: 1:22:090622:tim.kosse@filezilla-project.org::vll2fn3owOtXDs/x:Fjaf Date: Mon, 22 Jun 2009 11:44:47 +0200 In-Reply-To: <4A3C0D6F.6070408@filezilla-project.org> (Tim Kosse's message of "Sat, 20 Jun 2009 00:13:03 +0200") Message-ID: <87ljnkmwkw.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) Cc: gnutls-dev@gnupg.org Subject: Re: Patch for off-by-one in _gnutls_x509_parse_dn in lib/x509/dn.c X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jun 2009 09:45:49 -0000 Tim Kosse writes: > The size of the sizeof_escaped string in _gnutls_x509_parse_dn is one > byte too short. > > The length passed to str_escape includes the terminating null, yet the > size calculation for sizeof_escaped does not. > > The attached patch corrects this problem. > > To reproduce: > > Using GnuTLS 2.8.1 > Run gnutls-cli www.gmx.de -p 443 > It prints the following value for the 2.5.4.17 OID in the subject of > certificate 0: > #1405383038303 > > It's missing one character at the end, it should have printed: > #14053830383037 Fixed in http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=2773e82dd323c2699f6846a7691bf4fba697703f I also added a regression check to catch future problems in this area: http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=08d35c08e7186119076c118ed35ade0e32e89b58 Thanks, /Simon From MAILER-DAEMON Mon Jun 22 09:23:17 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MIjUS-0000sd-GA for mharc-gnutls-devel@gnu.org; Mon, 22 Jun 2009 09:23:16 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MIjUO-0000rL-TJ for gnutls-devel@gnu.org; Mon, 22 Jun 2009 09:23:13 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MIjUI-0000pz-DO for gnutls-devel@gnu.org; Mon, 22 Jun 2009 09:23:10 -0400 Received: from [199.232.76.173] (port=42077 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MIjUH-0000pm-SO for gnutls-devel@gnu.org; Mon, 22 Jun 2009 09:23:05 -0400 Received: from kerckhoffs.g10code.com ([217.69.77.222]:36906) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MIjUH-0003Ui-9K for gnutls-devel@gnu.org; Mon, 22 Jun 2009 09:23:05 -0400 Received: from yxa-v.extundo.com ([83.241.177.39]) by kerckhoffs.g10code.com with esmtp (Exim 4.63 #1 (Debian)) id 1MIjUF-0006BY-LA for ; Mon, 22 Jun 2009 15:23:03 +0200 Received: from mocca.josefsson.org (c80-216-24-60.bredband.comhem.se [80.216.24.60]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n5MDMIx0012023 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 22 Jun 2009 15:22:20 +0200 From: Simon Josefsson To: Tim Kosse References: <4A3BE9C8.7060109@filezilla-project.org> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090622:gnutls-dev@gnupg.org::Uv0y3Q60/srixUcu:1oyU X-Hashcash: 1:22:090622:tim.kosse@filezilla-project.org::57yB7r09DT5uvjdv:4j4B Date: Mon, 22 Jun 2009 15:22:18 +0200 In-Reply-To: <4A3BE9C8.7060109@filezilla-project.org> (Tim Kosse's message of "Fri, 19 Jun 2009 21:40:56 +0200") Message-ID: <87ws74l7xx.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) Cc: gnutls-dev@gnupg.org Subject: Re: Size of time_t in gnutls4win X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jun 2009 13:23:13 -0000 Tim Kosse writes: > The Windows GnuTLS binaries from http://josefsson.org/gnutls4win/ seem > to be compiled in an environment with a 32bit time_t at least in 2.6.4 > and 2.8.1, the versions I have tried. Yes, both were built using the same mingw32 Debian package. > I'm using Visual Studio 2008 and on that platform time_t is 64bit in > size. And ming32 appears to use a 32 bit time_t: jas@mocca:~$ cat foo.c #include #include int main() { printf ("time_t %d\n", sizeof (time_t)); return 0; } jas@mocca:~$ i586-mingw32msvc-gcc -o foo.exe foo.c jas@mocca:~$ ./foo.exe time_t 4 jas@mocca:~$ > The GnuTLS functions that have a time_t either as argument or as return > type thus have undefined behavior. > > For example gnutls_x509_crt_get_expiration_time from the DLL returns a > 32bit number, whereas the calling program expects a 64bit number. The > result is that the leading 32 bits of the value after the call are > whatever else was on the stack at the time of the call. > > The behavior of functions expecting a time_t as argument will probably > be even more problematic. Yes, this sounds bad. > I think instead of time_t a type should be used that's been chosen at > compile time of GnUTLS to match the size of time_t of the build environment. Yes, one needs to be sure to use the same ABI when linking different components. Some options: 1) Configure Visual Studio 2008 to use a 32-bit time_t. Does defining _USE_32BIT_TIME_T works? It seems this is required for Visual Studio 2005/2008 to get a 32-bit time_t. Reference: http://www.mail-archive.com/libtool-patches@gnu.org/msg04555.html This should solve your problem directly. 2) Change GnuTLS binary packages to use a 64-bit time_t. This will break with older Visual Studio. I'm not sure it is a good idea. 3) Provide GnuTLS packages for both 32-bit and 64-bit time_t. This would seems to double the time to build Windows binaries, and building Windows binaries already is a pain for me. 4) Provide two ABIs for these functions under Windows, and use header file #if's to map the API to the right ABI. This may be the best solution long term, but requires that someone implements this. /Simon From MAILER-DAEMON Tue Jun 23 10:22:59 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MJ6tn-0003gd-Dt for mharc-gnutls-devel@gnu.org; Tue, 23 Jun 2009 10:22:59 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MInDi-0003Nu-EK for gnutls-devel@gnu.org; Mon, 22 Jun 2009 13:22:14 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MInDh-0003Ni-S9 for gnutls-devel@gnu.org; Mon, 22 Jun 2009 13:22:14 -0400 Received: from [199.232.76.173] (port=38626 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MInDh-0003Nf-Mu for gnutls-devel@gnu.org; Mon, 22 Jun 2009 13:22:13 -0400 Received: from o-chul.darkrain42.org ([74.207.241.14]:52036 helo=mail.darkrain42.org) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MInDh-0003sr-AR for gnutls-devel@gnu.org; Mon, 22 Jun 2009 13:22:13 -0400 Received: from [10.0.42.230] (unknown [75.20.205.191]) by mail.darkrain42.org (mail.darkrain42.org) with ESMTPSA id 950908003; Mon, 22 Jun 2009 17:22:10 +0000 (UTC) Message-ID: <4A3FBDC1.8070102@darkrain42.org> Date: Mon, 22 Jun 2009 10:22:09 -0700 From: Paul Aurich User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.19) Gecko/20090105 Lightning/0.9 Thunderbird/2.0.0.19 Mnenhy/0.7.6.0 MIME-Version: 1.0 To: gnutls-devel@gnu.org References: 87ski0ip0t.fsf@mocca.josefsson.org X-Enigmail-Version: 0.95.7 OpenPGP: id=4B1B4625 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 1) X-Mailman-Approved-At: Tue, 23 Jun 2009 10:22:58 -0400 Cc: simon@josefsson.org, tante@monkeycode.org Subject: Re: Bug in gnutls breaking Pidgin Jabber support X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jun 2009 17:22:14 -0000 J=C3=BCrgen Geuter applied a patch [1] that logs gnutls' debug output at = level 7. The resultant log is [2]. Pidgin's BTS should be a little more reliable now. If you can't access th= e log, J=C3=BCrgen or I can post it someplace else. Thanks, ~Paul P.S. Please CC me, I'm not on the list. [1] http://developer.pidgin.im/attachment/ticket/9338/gnutls-logging.patc= h [2] http://developer.pidgin.im/raw-attachment/ticket/9338/pidgin-gnutls-debug= -patch-output.txt From MAILER-DAEMON Tue Jun 23 13:39:14 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MJ9xi-0001xg-N3 for mharc-gnutls-devel@gnu.org; Tue, 23 Jun 2009 13:39:14 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MJ9xg-0001vw-Qz for gnutls-devel@gnu.org; Tue, 23 Jun 2009 13:39:13 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MJ9xd-0001sd-PK for gnutls-devel@gnu.org; Tue, 23 Jun 2009 13:39:11 -0400 Received: from [199.232.76.173] (port=59916 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MJ9xd-0001sR-JV for gnutls-devel@gnu.org; Tue, 23 Jun 2009 13:39:09 -0400 Received: from yxa-v.extundo.com ([83.241.177.39]:48129) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MJ9xc-0000fi-RS for gnutls-devel@gnu.org; Tue, 23 Jun 2009 13:39:09 -0400 Received: from mocca.josefsson.org (c80-216-24-60.bredband.comhem.se [80.216.24.60]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n5NHcxxc019962 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 23 Jun 2009 19:39:00 +0200 From: Simon Josefsson To: Paul Aurich References: <4A3FBDC1.8070102@darkrain42.org> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090623:gnutls-devel@gnu.org::izbH8bd6dPtFCi2e:1efc X-Hashcash: 1:22:090623:tante@monkeycode.org::3zyKuX05aOUYLJXM:7SaO X-Hashcash: 1:22:090623:paul@darkrain42.org::/8VXeiU4zhSZZFyY:TCD1 Date: Tue, 23 Jun 2009 19:38:58 +0200 In-Reply-To: <4A3FBDC1.8070102@darkrain42.org> (Paul Aurich's message of "Mon, 22 Jun 2009 10:22:09 -0700") Message-ID: <873a9qu9xp.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by yxa-v.extundo.com id n5NHcxxc019962 X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 1) Cc: gnutls-devel@gnu.org, tante@monkeycode.org Subject: Re: Bug in gnutls breaking Pidgin Jabber support X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jun 2009 17:39:13 -0000 Paul Aurich writes: > J=FCrgen Geuter applied a patch [1] that logs gnutls' debug output at l= evel > 7. The resultant log is [2]. > > Pidgin's BTS should be a little more reliable now. If you can't access = the > log, J=FCrgen or I can post it someplace else. I can now access it. I happened to have an account in the pidgin's BTS, so I replied there instead of here. /Simon From MAILER-DAEMON Wed Jun 24 14:49:41 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MJXXR-0008EN-Ds for mharc-gnutls-devel@gnu.org; Wed, 24 Jun 2009 14:49:41 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MJSxA-00028r-FX for gnutls-devel@gnu.org; Wed, 24 Jun 2009 09:55:56 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MJSx4-000267-5x for gnutls-devel@gnu.org; Wed, 24 Jun 2009 09:55:55 -0400 Received: from [199.232.76.173] (port=44308 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MJSx3-00025j-Ko for gnutls-devel@gnu.org; Wed, 24 Jun 2009 09:55:49 -0400 Received: from fencepost.gnu.org ([140.186.70.10]:46712) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MJSx1-0004d1-LM for gnutls-devel@gnu.org; Wed, 24 Jun 2009 09:55:49 -0400 Received: from mx10.gnu.org ([199.232.76.166]:54993) by fencepost.gnu.org with esmtp (Exim 4.67) (envelope-from ) id 1MJSuo-0001sU-VY for bug-gnutls@gnu.org; Wed, 24 Jun 2009 09:55:46 -0400 Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim 4.60) (envelope-from ) id 1MJSuk-0004Dk-0b for bug-gnutls@gnu.org; Wed, 24 Jun 2009 09:53:28 -0400 Received: from mailhub-lb3.unibe.ch ([130.92.0.84]:49677) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MJSuj-0004AT-7r for bug-gnutls@gnu.org; Wed, 24 Jun 2009 09:53:25 -0400 Received: from localhost (scanhub-lb2.unibe.ch [130.92.5.66]) by mailhub-lb3.unibe.ch (Postfix) with ESMTP id ED26DC4397 for ; Wed, 24 Jun 2009 15:53:14 +0200 (CEST) X-Virus-Scanned: by University of Bern - Mailgateway Received: from mailhub-lb3.unibe.ch ([130.92.0.84]) by localhost (scanhub-lb1.unibe.ch [130.92.5.66]) (amavisd-new, port 10024) with LMTP id Ol2M8hhznGYT for ; Wed, 24 Jun 2009 15:53:14 +0200 (CEST) Received: from twoface.unibe.ch (twoface-eth0.unibe.ch [130.92.4.118]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailhub-lb3.unibe.ch (Postfix) with ESMTP id 4CD36C43A9 for ; Wed, 24 Jun 2009 15:53:14 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by twoface.unibe.ch (Postfix) with ESMTP id 1CE7A10062 for ; Wed, 24 Jun 2009 15:53:14 +0200 (CEST) X-Virus-checked: by University of Bern - smtp out Received: from twoface.unibe.ch ([127.0.0.1]) by localhost (twoface.unibe.ch [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 3zPDRe59A2yb for ; Wed, 24 Jun 2009 15:53:14 +0200 (CEST) Received: from [130.92.72.39] (laurana.iapmw.unibe.ch [130.92.72.39]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by twoface.unibe.ch (Postfix) with ESMTPSA id E8A911005B for ; Wed, 24 Jun 2009 15:53:13 +0200 (CEST) Message-ID: <4A422FC9.4090808@iap.unibe.ch> Date: Wed, 24 Jun 2009 15:53:13 +0200 From: Rene Bleisch User-Agent: Icedove 1.5.0.14eol (X11/20090105) MIME-Version: 1.0 To: bug-gnutls@gnu.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) X-Mailman-Approved-At: Wed, 24 Jun 2009 14:49:39 -0400 Cc: Subject: gnutls13 1.4.4-3+etch4. X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jun 2009 13:55:57 -0000 Dear Sir or madam, I'm system administrator at the Univ. of Berne. We have Servers with Debian-Linux (etch) on it. Yesterday I upgraded libgnutls13 from 1.4.4-3+etch1 to 1.4.4-3+etch4. Afterwards ssh to our servers was only possible with keylogin. Useing=20 ssh username@server, there was always an authentification failure. After a downgrade to 1.4.4-3+etch1 everything works as fine as before=20 the upgrade, so it seems, that something is wrong with libgnutls13 1.4.4-3+etch4. Kind regards Ren=E9 Bleisch --=20 Ren=E9 Bleisch Institute of Applied Physics University of Bern Sidlerstr.5 3012 Bern Switzerland Phone: +41 31 631 89 59 Mail: rene.bleisch@iap.unibe.ch From MAILER-DAEMON Wed Jun 24 15:08:30 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MJXpd-0003UZ-NH for mharc-gnutls-devel@gnu.org; Wed, 24 Jun 2009 15:08:29 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MJXpb-0003SD-DD for gnutls-devel@gnu.org; Wed, 24 Jun 2009 15:08:27 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MJXpW-0003Mg-6a for gnutls-devel@gnu.org; Wed, 24 Jun 2009 15:08:26 -0400 Received: from [199.232.76.173] (port=47552 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MJXpW-0003MZ-29 for gnutls-devel@gnu.org; Wed, 24 Jun 2009 15:08:22 -0400 Received: from fencepost.gnu.org ([140.186.70.10]:46982) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MJXpV-0004as-6D for gnutls-devel@gnu.org; Wed, 24 Jun 2009 15:08:21 -0400 Received: from mail.gnu.org ([199.232.76.166]:48420 helo=mx10.gnu.org) by fencepost.gnu.org with esmtp (Exim 4.67) (envelope-from ) id 1MJXn6-0005cP-7k for bug-gnutls@gnu.org; Wed, 24 Jun 2009 15:05:52 -0400 Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim 4.60) (envelope-from ) id 1MJXn5-0003fi-CL for bug-gnutls@gnu.org; Wed, 24 Jun 2009 15:05:51 -0400 Received: from mx20.gnu.org ([199.232.41.8]:26396) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MJXn4-0003eT-Sa for bug-gnutls@gnu.org; Wed, 24 Jun 2009 15:05:51 -0400 Received: from yxa-v.extundo.com ([83.241.177.39]) by mx20.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MJXn1-0005Zd-JW for bug-gnutls@gnu.org; Wed, 24 Jun 2009 15:05:48 -0400 Received: from mocca.josefsson.org (c80-216-24-60.bredband.comhem.se [80.216.24.60]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n5OJ5XtB024733 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 24 Jun 2009 21:05:37 +0200 From: Simon Josefsson To: Rene Bleisch References: <4A422FC9.4090808@iap.unibe.ch> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090624:bug-gnutls@gnu.org::8hfR6rceqG70XX1h:6vZZ X-Hashcash: 1:22:090624:rene.bleisch@iap.unibe.ch::mRMdhxt3YZ5A4I6p:C6h6 Date: Wed, 24 Jun 2009 21:05:32 +0200 In-Reply-To: <4A422FC9.4090808@iap.unibe.ch> (Rene Bleisch's message of "Wed, 24 Jun 2009 15:53:13 +0200") Message-ID: <871vp9laf7.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Detected-Operating-System: by mx20.gnu.org: GNU/Linux 2.6 (newer, 1) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) Cc: bug-gnutls@gnu.org Subject: Re: gnutls13 1.4.4-3+etch4. X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jun 2009 19:08:28 -0000 Rene Bleisch writes: > Dear Sir or madam, > I'm system administrator at the Univ. of Berne. > We have Servers with Debian-Linux (etch) on it. > Yesterday I upgraded libgnutls13 from 1.4.4-3+etch1 to 1.4.4-3+etch4. > Afterwards ssh to our servers was only possible with keylogin. Useing > ssh username@server, > there was always an authentification failure. > After a downgrade to 1.4.4-3+etch1 everything works as fine as before > the upgrade, > so it seems, that something is wrong with libgnutls13 1.4.4-3+etch4. Please report this to Debian, since you are using debian packages of GnuTLS. /Simon From MAILER-DAEMON Thu Jun 25 00:54:12 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MJgyS-0005D2-Mz for mharc-gnutls-devel@gnu.org; Thu, 25 Jun 2009 00:54:12 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MJblv-0003TN-GJ for gnutls-devel@gnu.org; Wed, 24 Jun 2009 19:20:55 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MJblp-0003HA-4J for gnutls-devel@gnu.org; Wed, 24 Jun 2009 19:20:53 -0400 Received: from [199.232.76.173] (port=51039 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MJblo-0003GZ-Ub for gnutls-devel@gnu.org; Wed, 24 Jun 2009 19:20:48 -0400 Received: from fencepost.gnu.org ([140.186.70.10]:39332) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MJblo-00050A-OL for gnutls-devel@gnu.org; Wed, 24 Jun 2009 19:20:48 -0400 Received: from mail.gnu.org ([199.232.76.166]:35049 helo=mx10.gnu.org) by fencepost.gnu.org with esmtp (Exim 4.67) (envelope-from ) id 1MJblo-00066P-KD for bug-gnutls@gnu.org; Wed, 24 Jun 2009 19:20:48 -0400 Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim 4.60) (envelope-from ) id 1MJblk-0004zi-PP for bug-gnutls@gnu.org; Wed, 24 Jun 2009 19:20:46 -0400 Received: from qmta08.emeryville.ca.mail.comcast.net ([76.96.30.80]:60419) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MJblj-0004yr-Nk for bug-gnutls@gnu.org; Wed, 24 Jun 2009 19:20:44 -0400 Received: from OMTA04.emeryville.ca.mail.comcast.net ([76.96.30.35]) by QMTA08.emeryville.ca.mail.comcast.net with comcast id 7yd51c0070lTkoCA8zLhHn; Wed, 24 Jun 2009 23:20:41 +0000 Received: from [192.168.4.4] ([98.228.35.25]) by OMTA04.emeryville.ca.mail.comcast.net with comcast id 7zLf1c00H0YYhqS8QzLgLb; Wed, 24 Jun 2009 23:20:41 +0000 Message-ID: <4A42B4C5.2080800@technoplaza.net> Date: Wed, 24 Jun 2009 19:20:37 -0400 From: John Ratliff User-Agent: Thunderbird 2.0.0.21 (X11/20090530) MIME-Version: 1.0 To: bug-gnutls@gnu.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-detected-operating-system: by monty-python.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) X-Mailman-Approved-At: Thu, 25 Jun 2009 00:54:11 -0400 Cc: Subject: gnutls website broken link X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jun 2009 23:20:55 -0000 http://www.gnu.org/software/gnutls/devel.html Daily snapshots link goes 404. http://josefsson.org/daily/gnutls/ Can these be found elsewhere? Thanks, --John Ratliff From MAILER-DAEMON Thu Jun 25 00:54:13 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MJgyS-0005DJ-T1 for mharc-gnutls-devel@gnu.org; Thu, 25 Jun 2009 00:54:12 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MJbmy-0006Ff-Oz for gnutls-devel@gnu.org; Wed, 24 Jun 2009 19:22:00 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MJbmv-00064z-3j for gnutls-devel@gnu.org; Wed, 24 Jun 2009 19:22:00 -0400 Received: from [199.232.76.173] (port=51062 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MJbmu-00064H-MQ for gnutls-devel@gnu.org; Wed, 24 Jun 2009 19:21:56 -0400 Received: from fencepost.gnu.org ([140.186.70.10]:39345) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MJbmu-00059h-Ex for gnutls-devel@gnu.org; Wed, 24 Jun 2009 19:21:56 -0400 Received: from mail.gnu.org ([199.232.76.166]:35080 helo=mx10.gnu.org) by fencepost.gnu.org with esmtp (Exim 4.67) (envelope-from ) id 1MJbmu-00067i-Ab for bug-gnutls@gnu.org; Wed, 24 Jun 2009 19:21:56 -0400 Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim 4.60) (envelope-from ) id 1MJbmt-00059L-1E for bug-gnutls@gnu.org; Wed, 24 Jun 2009 19:21:56 -0400 Received: from qmta01.emeryville.ca.mail.comcast.net ([76.96.30.16]:35814) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MJbms-00059D-KV for bug-gnutls@gnu.org; Wed, 24 Jun 2009 19:21:54 -0400 Received: from OMTA02.emeryville.ca.mail.comcast.net ([76.96.30.19]) by QMTA01.emeryville.ca.mail.comcast.net with comcast id 7rvA1c0040QkzPwA1zMu6h; Wed, 24 Jun 2009 23:21:54 +0000 Received: from [192.168.4.4] ([98.228.35.25]) by OMTA02.emeryville.ca.mail.comcast.net with comcast id 7zMt1c00L0YYhqS8NzMugY; Wed, 24 Jun 2009 23:21:54 +0000 Message-ID: <4A42B50F.8030204@technoplaza.net> Date: Wed, 24 Jun 2009 19:21:51 -0400 From: John Ratliff User-Agent: Thunderbird 2.0.0.21 (X11/20090530) MIME-Version: 1.0 To: bug-gnutls@gnu.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-detected-operating-system: by monty-python.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) X-Mailman-Approved-At: Thu, 25 Jun 2009 00:54:11 -0400 Cc: Subject: programs that use gnutls X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jun 2009 23:22:01 -0000 On your programs page: http://www.gnu.org/software/gnutls/programs.html You don't list FileZilla (http://filezilla-project.org), a free FTP/SFTP program for Windows, Mac, and Unix. --John Ratliff From MAILER-DAEMON Thu Jun 25 05:28:46 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MJlGA-0003Qf-BT for mharc-gnutls-devel@gnu.org; Thu, 25 Jun 2009 05:28:46 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MJlG7-0003Ph-Ua for gnutls-devel@gnu.org; Thu, 25 Jun 2009 05:28:44 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MJlG2-0003PS-Cp for gnutls-devel@gnu.org; Thu, 25 Jun 2009 05:28:42 -0400 Received: from [199.232.76.173] (port=57725 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MJlG2-0003PP-27 for gnutls-devel@gnu.org; Thu, 25 Jun 2009 05:28:38 -0400 Received: from fencepost.gnu.org ([140.186.70.10]:49243) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MJlG1-0004x1-Kb for gnutls-devel@gnu.org; Thu, 25 Jun 2009 05:28:37 -0400 Received: from mx10.gnu.org ([199.232.76.166]:51882) by fencepost.gnu.org with esmtp (Exim 4.67) (envelope-from ) id 1MJlG1-0003M9-Ed for bug-gnutls@gnu.org; Thu, 25 Jun 2009 05:28:37 -0400 Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim 4.60) (envelope-from ) id 1MJlG0-0004wl-3T for bug-gnutls@gnu.org; Thu, 25 Jun 2009 05:28:37 -0400 Received: from yxa-v.extundo.com ([83.241.177.39]:42782) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MJlFz-0004wP-IM for bug-gnutls@gnu.org; Thu, 25 Jun 2009 05:28:35 -0400 Received: from mocca.josefsson.org (m90-130-246-231.cust.tele2.se [90.130.246.231]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n5P9SQT7011271 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 25 Jun 2009 11:28:30 +0200 From: Simon Josefsson To: John Ratliff References: <4A42B4C5.2080800@technoplaza.net> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090625:bug-gnutls@gnu.org::a0iD/E7K+o+b7+DG:DUEp X-Hashcash: 1:22:090625:webmaster@technoplaza.net::hMhxIAZsj6nhmkny:KsBX Date: Thu, 25 Jun 2009 11:28:25 +0200 In-Reply-To: <4A42B4C5.2080800@technoplaza.net> (John Ratliff's message of "Wed, 24 Jun 2009 19:20:37 -0400") Message-ID: <87tz24irwm.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 1) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) Cc: bug-gnutls@gnu.org Subject: Re: gnutls website broken link X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jun 2009 09:28:44 -0000 John Ratliff writes: > http://www.gnu.org/software/gnutls/devel.html > > Daily snapshots link goes 404. > http://josefsson.org/daily/gnutls/ > > Can these be found elsewhere? The link should be http://daily.josefsson.org/gnutls/ I have fixed the first page now, thanks. /Simon From MAILER-DAEMON Thu Jun 25 05:30:22 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MJlHi-0004nc-PC for mharc-gnutls-devel@gnu.org; Thu, 25 Jun 2009 05:30:22 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MJlHh-0004m0-DU for gnutls-devel@gnu.org; Thu, 25 Jun 2009 05:30:21 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MJlHc-0004dz-TE for gnutls-devel@gnu.org; Thu, 25 Jun 2009 05:30:21 -0400 Received: from [199.232.76.173] (port=57740 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MJlHc-0004dk-FE for gnutls-devel@gnu.org; Thu, 25 Jun 2009 05:30:16 -0400 Received: from fencepost.gnu.org ([140.186.70.10]:49276) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MJlHc-0005Bx-2B for gnutls-devel@gnu.org; Thu, 25 Jun 2009 05:30:16 -0400 Received: from mail.gnu.org ([199.232.76.166]:51915 helo=mx10.gnu.org) by fencepost.gnu.org with esmtp (Exim 4.67) (envelope-from ) id 1MJlHb-0005Zg-TZ for bug-gnutls@gnu.org; Thu, 25 Jun 2009 05:30:15 -0400 Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim 4.60) (envelope-from ) id 1MJlHa-0005Bc-NM for bug-gnutls@gnu.org; Thu, 25 Jun 2009 05:30:15 -0400 Received: from yxa-v.extundo.com ([83.241.177.39]:42814) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MJlHY-0005Az-V0 for bug-gnutls@gnu.org; Thu, 25 Jun 2009 05:30:13 -0400 Received: from mocca.josefsson.org (m90-130-246-231.cust.tele2.se [90.130.246.231]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n5P9U5G5011310 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 25 Jun 2009 11:30:09 +0200 From: Simon Josefsson To: John Ratliff References: <4A42B50F.8030204@technoplaza.net> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:090625:webmaster@technoplaza.net::jobO2Svr/Lqf34GR:6olu X-Hashcash: 1:22:090625:bug-gnutls@gnu.org::5WGsujEnM/q4CNIS:Jtc/ Date: Thu, 25 Jun 2009 11:30:05 +0200 In-Reply-To: <4A42B50F.8030204@technoplaza.net> (John Ratliff's message of "Wed, 24 Jun 2009 19:21:51 -0400") Message-ID: <87prcsirtu.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 1) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) Cc: bug-gnutls@gnu.org Subject: Re: programs that use gnutls X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jun 2009 09:30:21 -0000 John Ratliff writes: > On your programs page: http://www.gnu.org/software/gnutls/programs.html > > You don't list FileZilla (http://filezilla-project.org), a free > FTP/SFTP program for Windows, Mac, and Unix. Added now, thanks. /Simon From MAILER-DAEMON Sun Jun 28 11:36:18 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MKwQU-00023E-Gn for mharc-gnutls-devel@gnu.org; Sun, 28 Jun 2009 11:36:18 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MKwQT-000237-2F for gnutls-devel@gnu.org; Sun, 28 Jun 2009 11:36:17 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MKwQO-00022u-ME for gnutls-devel@gnu.org; Sun, 28 Jun 2009 11:36:16 -0400 Received: from [199.232.76.173] (port=54834 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MKwQO-00022r-GM for gnutls-devel@gnu.org; Sun, 28 Jun 2009 11:36:12 -0400 Received: from kerckhoffs.g10code.com ([217.69.77.222]:49509) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MKwQO-0008UE-A4 for gnutls-devel@gnu.org; Sun, 28 Jun 2009 11:36:12 -0400 Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.63 #1 (Debian)) id 1MKwPm-0008Di-Lx for ; Sun, 28 Jun 2009 17:35:34 +0200 Received: from wk by localhost with local (Exim 4.62 #1 (Debian)) id 1MKvls-0000uu-Cs; Sun, 28 Jun 2009 16:54:20 +0200 From: Werner Koch To: Simon Josefsson References: <4A3BE9C8.7060109@filezilla-project.org> <87ws74l7xx.fsf@mocca.josefsson.org> Organisation: g10 Code GmbH OpenPGP: id=5B0358A2; url=finger:wk@g10code.com Mail-Followup-To: Simon Josefsson , Tim Kosse , gnutls-dev@gnupg.org Date: Sun, 28 Jun 2009 16:54:20 +0200 In-Reply-To: <87ws74l7xx.fsf@mocca.josefsson.org> (Simon Josefsson's message of "Mon, 22 Jun 2009 15:22:18 +0200") Message-ID: <87my7stnmr.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.110011 (No Gnus v0.11) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) Cc: gnutls-dev@gnupg.org Subject: Re: Size of time_t in gnutls4win X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Jun 2009 15:36:17 -0000 On Mon, 22 Jun 2009 15:22, simon@josefsson.org said: > 4) Provide two ABIs for these functions under Windows, and use header > file #if's to map the API to the right ABI. 5) Add a new API to GNUTLS which uses a 15 byte string (yyyyddmmThhmmss) to express a timestamp. This helps for the year 2038 problem and with some silly certificates which have an expire date set to more than 30 years in the future. We do this in GnuPG because there is no other way to express calendar dates in a portable way. Yes, a 64 bit time_t would help but as long as Ulrich Drepper rejects such a change in glibc, we can't help ourself and have to resort to this solution. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From MAILER-DAEMON Sun Jun 28 19:58:13 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1ML4GD-0006LY-M7 for mharc-gnutls-devel@gnu.org; Sun, 28 Jun 2009 19:58:13 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1ML4GB-0006L2-RQ for gnutls-devel@gnu.org; Sun, 28 Jun 2009 19:58:11 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1ML4G9-0006Is-1X for gnutls-devel@gnu.org; Sun, 28 Jun 2009 19:58:11 -0400 Received: from [199.232.76.173] (port=57320 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1ML4G8-0006Ip-T3 for gnutls-devel@gnu.org; Sun, 28 Jun 2009 19:58:08 -0400 Received: from qmta03.westchester.pa.mail.comcast.net ([76.96.62.32]:51500) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1ML4G8-0005an-Dh for gnutls-devel@gnu.org; Sun, 28 Jun 2009 19:58:08 -0400 Received: from OMTA14.westchester.pa.mail.comcast.net ([76.96.62.60]) by QMTA03.westchester.pa.mail.comcast.net with comcast id 9bQw1c0061HzFnQ53by6Dr; Sun, 28 Jun 2009 23:58:06 +0000 Received: from [192.168.4.4] ([98.228.35.25]) by OMTA14.westchester.pa.mail.comcast.net with comcast id 9by51c0020YYhqS3aby5Wj; Sun, 28 Jun 2009 23:58:05 +0000 Message-ID: <4A48038C.80308@technoplaza.net> Date: Sun, 28 Jun 2009 19:58:04 -0400 From: John Ratliff User-Agent: Thunderbird 2.0.0.21 (X11/20090530) MIME-Version: 1.0 To: gnutls-devel@gnu.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-detected-operating-system: by monty-python.gnu.org: Genre and OS details not recognized. Subject: compilation difficulties on Mac X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Jun 2009 23:58:12 -0000 For some reason, Mac cannot build the doc folder on gnutls. Because of this, make install will not proceed. I have been editing the Makefile to prevent the doc folder from being built, but I wonder if there is a better solution to this. I am using the 2009-06-28 daily source release, but this problem affects all versions (2.8.1, 2.6.x, 2.4.2, and 2.2.5 tested). It manifests on both Tiger and Leopard. My configure line ./configure --disable-shared --with-libgcrypt-prefix=$HOME/unix/libgcrypt --prefix $HOME/unix/gnutls-20090628 My configure output: http://code.technoplaza.net/temp/gnutls/configure.log The output of make http://code.technoplaza.net/temp/gnutls/make.log The library builds fine, and if I edit the Makefile to tell it to ignore the doc directory, I can use make install and the library works perfectly. I am presently using this patch http://code.technoplaza.net/filezilla/gnutls-2.8.patch to adjust the Makefile. Any better suggestions? I mentioned this problem last year on the help-gnutls list but received no response. http://lists.gnu.org/archive/html/help-gnutls/2008-12/msg00016.html I also asked this question on the FileZilla forum where they suggested not to build the docs: http://forum.filezilla-project.org/viewtopic.php?f=3&t=9417 Thanks, --John Ratliff From MAILER-DAEMON Mon Jun 29 03:13:06 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MLB34-0004E7-RX for mharc-gnutls-devel@gnu.org; Mon, 29 Jun 2009 03:13:06 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MLB31-0004Db-MS for gnutls-devel@gnu.org; Mon, 29 Jun 2009 03:13:03 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MLB2x-0004DP-1K for gnutls-devel@gnu.org; Mon, 29 Jun 2009 03:13:03 -0400 Received: from [199.232.76.173] (port=35131 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MLB2w-0004DM-Sm for gnutls-devel@gnu.org; Mon, 29 Jun 2009 03:12:58 -0400 Received: from mx20.gnu.org ([199.232.41.8]:14482) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MLB2w-0002Cx-8j for gnutls-devel@gnu.org; Mon, 29 Jun 2009 03:12:58 -0400 Received: from filezilla-project.org ([213.239.222.5]) by mx20.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MLB2t-0003qj-OG for gnutls-devel@gnu.org; Mon, 29 Jun 2009 03:12:55 -0400 Received: from kong.kawo1.rwth-aachen.de ([134.130.113.59]) by filezilla-project.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from ) id 1MLB2g-0008Ha-Hc for gnutls-devel@gnu.org; Mon, 29 Jun 2009 09:12:47 +0200 Message-ID: <4A486960.6010405@filezilla-project.org> Date: Mon, 29 Jun 2009 09:12:32 +0200 From: Tim Kosse User-Agent: Thunderbird 2.0.0.22 (Windows/20090605) MIME-Version: 1.0 To: gnutls-devel@gnu.org References: <4A3FBDC1.8070102@darkrain42.org> <873a9qu9xp.fsf@mocca.josefsson.org> In-Reply-To: <873a9qu9xp.fsf@mocca.josefsson.org> X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig46F01E7F4EFDCC3919F13184" X-Spam-Score: -4.6 (----) X-Detected-Operating-System: by mx20.gnu.org: GNU/Linux 2.6 (newer, 3) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) Subject: Re: Bug in gnutls breaking Pidgin Jabber support X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jun 2009 07:13:04 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig46F01E7F4EFDCC3919F13184 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi, > Simon Josefsson wrote: > I can now access it. I happened to have an account in the pidgin's BTS= , > so I replied there instead of here. replying here since I have no account in Pidgin' trac. FileZilla seems to suffer from this problem as well if linked against GnuTLS 2.8.1, it's now too getting the "Bad record MAC" alert. It happens on almost all file uploads, especially if enabling a speed limit in FileZilla's settings. > The reason why you see this and nobody else may be that pidgin's pull f= unction seems to return EAGAIN quite often. That's OK but rather untypica= l.=20 FileZilla's pull/push too return EAGAIN quite often, especially with speed limits enabled. I'll try building a version of GnuTLS with http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=3D745436e29f339da4= 1249db1b715e28081373b190 reverted. Regards, Tim Kosse --------------enig46F01E7F4EFDCC3919F13184 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpIaWUACgkQ8N9+lcqiUkVVUwCeMt8H4tUmCaZo1AGZlNtoaHl3 IvwAn32cN5FXTy6o2K5ZktVkUumLWbJF =aPJP -----END PGP SIGNATURE----- --------------enig46F01E7F4EFDCC3919F13184-- From MAILER-DAEMON Mon Jun 29 04:01:23 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MLBnn-0002Kq-MK for mharc-gnutls-devel@gnu.org; Mon, 29 Jun 2009 04:01:23 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MLBnm-0002Jn-94 for gnutls-devel@gnu.org; Mon, 29 Jun 2009 04:01:22 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MLBng-0002CD-GN for gnutls-devel@gnu.org; Mon, 29 Jun 2009 04:01:21 -0400 Received: from [199.232.76.173] (port=36834 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MLBng-0002Bv-53 for gnutls-devel@gnu.org; Mon, 29 Jun 2009 04:01:16 -0400 Received: from filezilla-project.org ([213.239.222.5]:46673) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MLBnf-0004Z9-0b for gnutls-devel@gnu.org; Mon, 29 Jun 2009 04:01:15 -0400 Received: from kong.kawo1.rwth-aachen.de ([134.130.113.59]) by filezilla-project.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from ) id 1MLBnc-000086-19 for gnutls-devel@gnu.org; Mon, 29 Jun 2009 10:01:12 +0200 Message-ID: <4A4874C3.4010709@filezilla-project.org> Date: Mon, 29 Jun 2009 10:01:07 +0200 From: Tim Kosse User-Agent: Thunderbird 2.0.0.22 (Windows/20090605) MIME-Version: 1.0 To: gnutls-devel@gnu.org References: <4A3FBDC1.8070102@darkrain42.org> <873a9qu9xp.fsf@mocca.josefsson.org> <4A486960.6010405@filezilla-project.org> In-Reply-To: <4A486960.6010405@filezilla-project.org> X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig6E72A9AC5B18B3D936A3FE7C" X-Spam-Score: -4.6 (----) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) Subject: Re: Bug in gnutls breaking Pidgin Jabber support X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jun 2009 08:01:22 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig6E72A9AC5B18B3D936A3FE7C Content-Type: multipart/mixed; boundary="------------030402080909080403040606" This is a multi-part message in MIME format. --------------030402080909080403040606 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi, found the problem. Happens if _gnutls_io_write_buffered gets called with iptr =3D=3D NULL and n < session->internals.record_send_buffer.length It then gets up to n bytes from the send buffer into ptr. At that point session->internals.record_send_buffer still contains additional outstanding data. If sending fails, it pushes the remaining data from ptr to the end of the send buffer, causing the buffer contents to become reordered. Instead it should have put it to the beginning. A gnutls_buffer_prepend function would be needed. A workaround is to always request the complete buffer, see attached patch. That's identical to the behavior of older GnuTLS versions. Tim --------------030402080909080403040606 Content-Type: text/plain; name="gnutls_buffers.patch" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="gnutls_buffers.patch" LS0tIGdudXRsc19idWZmZXJzLmNfb2xkCTIwMDktMDYtMjkgMDk6NTc6NDYuMDAwMDAwMDAw ICswMjAwDQorKysgZ251dGxzX2J1ZmZlcnMuYwkyMDA5LTA2LTI5IDA5OjU4OjAxLjAwMDAw MDAwMCArMDIwMA0KQEAgLTY1Nyw3ICs2NTcsNyBAQA0KICAgICB7DQogICAgICAgZ251dGxz X2RhdHVtIGJkYXRhOw0KICAgICAgIC8qIGNoZWNraW5nIGlzIGhhbmRsZWQgYWJvdmUgKi8N Ci0gICAgICBfZ251dGxzX2J1ZmZlcl9nZXRfZGF0dW0gKCZzZXNzaW9uLT5pbnRlcm5hbHMu cmVjb3JkX3NlbmRfYnVmZmVyLCAmYmRhdGEsIG4pOw0KKyAgICAgIF9nbnV0bHNfYnVmZmVy X2dldF9kYXR1bSAoJnNlc3Npb24tPmludGVybmFscy5yZWNvcmRfc2VuZF9idWZmZXIsICZi ZGF0YSwgc2Vzc2lvbi0+aW50ZXJuYWxzLnJlY29yZF9zZW5kX2J1ZmZlci5sZW5ndGgpOw0K IA0KICAgICAgIHB0ciA9IGJkYXRhLmRhdGE7DQogICAgICAgbiA9IGJkYXRhLnNpemU7DQo= --------------030402080909080403040606-- --------------enig6E72A9AC5B18B3D936A3FE7C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpIdMMACgkQ8N9+lcqiUkXRGgCggIHgxoDVg4emn7XaD8h0RZVD yt0AnjWI+9oibsFOpjwCJsUavz+O8jdm =5NV9 -----END PGP SIGNATURE----- --------------enig6E72A9AC5B18B3D936A3FE7C-- From MAILER-DAEMON Tue Jun 30 14:44:40 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MLiJs-0003nT-IF for mharc-gnutls-devel@gnu.org; Tue, 30 Jun 2009 14:44:40 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MLiJq-0003nD-Ex for gnutls-devel@gnu.org; Tue, 30 Jun 2009 14:44:38 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MLiJm-0003n1-Nw for gnutls-devel@gnu.org; Tue, 30 Jun 2009 14:44:38 -0400 Received: from [199.232.76.173] (port=49623 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MLiJm-0003my-I7 for gnutls-devel@gnu.org; Tue, 30 Jun 2009 14:44:34 -0400 Received: from mail-bw0-f225.google.com ([209.85.218.225]:41245) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MLiJl-0007vg-VX for gnutls-devel@gnu.org; Tue, 30 Jun 2009 14:44:34 -0400 Received: by bwz25 with SMTP id 25so375704bwz.42 for ; Tue, 30 Jun 2009 11:44:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:openpgp:content-type; bh=4vd3XtW3gDqlgM6eAzMTpDtxS66dmwknDhOdutGW8pU=; b=kV8vfAqDBH9BklcO0H2OcuqU5bs+sPn6+n5Azs0SZwOFyA7MZ5njVA1cP/34b6uzjr Cuj0J+BH4xvvWqEPvH7O9h013umAqX1ostcmV/Fo1RvjWSv26wev9YJ54Z1AwO043jmX 83CNSAN0j1b8VRyS5KqrMzOFuhrExMhpyiY3k= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:openpgp:content-type; b=KyjEwbXS7gcYl/NWRPrrHwQBLVAMf5yJ8F37osKzI1JWg5/7IagPMcKTuUZUIiwBY+ pjWk+0zFSKAAU8qgBwCW95K3+wTP07idAcMegia1IZ7iuyvdPHFd2BPYaYFtGQaW4t+n TAAQcn1msjDm9o5nEkW+MiBQDmy9bWUWE1eaY= Received: by 10.204.103.145 with SMTP id k17mr4774962bko.79.1246387472141; Tue, 30 Jun 2009 11:44:32 -0700 (PDT) Received: from ?10.100.1.196? ([194.219.240.147]) by mx.google.com with ESMTPS id 18sm527529fks.10.2009.06.30.11.44.30 (version=SSLv3 cipher=RC4-MD5); Tue, 30 Jun 2009 11:44:31 -0700 (PDT) Sender: Nikos Mavrogiannopoulos Message-ID: <4A4A5D0D.40701@gnutls.org> Date: Tue, 30 Jun 2009 21:44:29 +0300 From: Nikos Mavrogiannopoulos User-Agent: Thunderbird 2.0.0.22 (X11/20090608) MIME-Version: 1.0 To: Tim Kosse References: <4A3FBDC1.8070102@darkrain42.org> <873a9qu9xp.fsf@mocca.josefsson.org> <4A486960.6010405@filezilla-project.org> <4A4874C3.4010709@filezilla-project.org> In-Reply-To: <4A4874C3.4010709@filezilla-project.org> X-Enigmail-Version: 0.95.7 OpenPGP: id=96865171 Content-Type: multipart/mixed; boundary="------------090309040600070807070909" X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) Cc: gnutls-devel@gnu.org Subject: Re: Bug in gnutls breaking Pidgin Jabber support X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jun 2009 18:44:38 -0000 This is a multi-part message in MIME format. --------------090309040600070807070909 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Tim Kosse wrote: > Hi, > > found the problem. Happens if _gnutls_io_write_buffered gets called with > iptr == NULL and n < session->internals.record_send_buffer.length > > It then gets up to n bytes from the send buffer into ptr. At that point > session->internals.record_send_buffer still contains additional > outstanding data. > > If sending fails, it pushes the remaining data from ptr to the end of > the send buffer, causing the buffer contents to become reordered. > Instead it should have put it to the beginning. A gnutls_buffer_prepend > function would be needed. > > A workaround is to always request the complete buffer, see attached > patch. That's identical to the behavior of older GnuTLS versions. I did a quick hack to make a prepend function. Does this solve the issue? --------------090309040600070807070909 Content-Type: text/x-patch; name="test.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="test.patch" diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c index 0b94f6f..e313018 100644 --- a/lib/gnutls_buffers.c +++ b/lib/gnutls_buffers.c @@ -713,7 +713,7 @@ _gnutls_io_write_buffered (gnutls_session_t session, session->internals.record_send_buffer_prev_size += n - left; retval = - _gnutls_buffer_append (&session->internals.record_send_buffer, + _gnutls_buffer_prepend (&session->internals.record_send_buffer, &ptr[n - left], left); if (retval < 0) { diff --git a/lib/gnutls_str.c b/lib/gnutls_str.c index f1bc46e..ab04218 100644 --- a/lib/gnutls_str.c +++ b/lib/gnutls_str.c @@ -169,6 +169,47 @@ _gnutls_string_append_data (gnutls_string * dest, const void *data, } int +_gnutls_string_prepend_data (gnutls_string * dest, const void *data, + size_t data_size) +{ + size_t tot_len = data_size + dest->length; + + if (dest->max_length >= tot_len) + { + if (dest->length && dest->data) + memmove(&dest->allocd[data_size], dest->data, dest->length); + + memcpy (dest->allocd, data, data_size); + dest->length = tot_len; + dest->data = dest->allocd; + + return tot_len; + } + else + { + size_t new_len = + MAX (data_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK); + opaque * tmp; + + tmp = dest->alloc_func (new_len); + if (tmp == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + memcpy(tmp, data, data_size); + memcpy(&tmp[data_size], dest->data, dest->length); + dest->max_length = new_len; + + dest->free_func(dest->allocd); + dest->allocd = dest->data = tmp; + dest->length = tot_len; + + return tot_len; + } +} + +int _gnutls_string_resize (gnutls_string * dest, size_t new_size) { if (dest->max_length >= new_size) diff --git a/lib/gnutls_str.h b/lib/gnutls_str.h index 1a5dec6..e8bea1e 100644 --- a/lib/gnutls_str.h +++ b/lib/gnutls_str.h @@ -51,6 +51,8 @@ int _gnutls_string_resize (gnutls_string *, size_t new_size); int _gnutls_string_append_str (gnutls_string *, const char *str); int _gnutls_string_append_data (gnutls_string *, const void *data, size_t data_size); +int _gnutls_string_prepend_data (gnutls_string *, const void *data, + size_t data_size); void _gnutls_string_get_data( gnutls_string *, void*, size_t *size); void _gnutls_string_get_datum( gnutls_string *, gnutls_datum*, size_t max_size); @@ -70,6 +72,7 @@ typedef gnutls_string gnutls_buffer; #define _gnutls_buffer_init(buf) _gnutls_string_init(buf, gnutls_malloc, gnutls_realloc, gnutls_free); #define _gnutls_buffer_clear _gnutls_string_clear #define _gnutls_buffer_append _gnutls_string_append_data +#define _gnutls_buffer_prepend _gnutls_string_prepend_data #define _gnutls_buffer_get_datum _gnutls_string_get_datum #define _gnutls_buffer_get_data _gnutls_string_get_data #define _gnutls_buffer_resize _gnutls_string_resize --------------090309040600070807070909-- From MAILER-DAEMON Tue Jun 30 15:25:54 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MLixm-0007t7-IE for mharc-gnutls-devel@gnu.org; Tue, 30 Jun 2009 15:25:54 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MLixl-0007rp-6S for gnutls-devel@gnu.org; Tue, 30 Jun 2009 15:25:53 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MLixf-0007ol-IB for gnutls-devel@gnu.org; Tue, 30 Jun 2009 15:25:51 -0400 Received: from [199.232.76.173] (port=43925 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MLixf-0007oi-D6 for gnutls-devel@gnu.org; Tue, 30 Jun 2009 15:25:47 -0400 Received: from filezilla-project.org ([213.239.222.5]:41121) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MLixf-0005xA-0P for gnutls-devel@gnu.org; Tue, 30 Jun 2009 15:25:47 -0400 Received: from kong.kawo1.rwth-aachen.de ([134.130.113.59]) by filezilla-project.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from ) id 1MLixZ-0000cX-0Z; Tue, 30 Jun 2009 21:25:42 +0200 Message-ID: <4A4A66AF.6010002@filezilla-project.org> Date: Tue, 30 Jun 2009 21:25:35 +0200 From: Tim Kosse User-Agent: Thunderbird 2.0.0.22 (Windows/20090605) MIME-Version: 1.0 To: Nikos Mavrogiannopoulos References: <4A3FBDC1.8070102@darkrain42.org> <873a9qu9xp.fsf@mocca.josefsson.org> <4A486960.6010405@filezilla-project.org> <4A4874C3.4010709@filezilla-project.org> <4A4A5D0D.40701@gnutls.org> In-Reply-To: <4A4A5D0D.40701@gnutls.org> X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigB7C367D85E6EC6D55112A41C" X-Spam-Score: -4.6 (----) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) Cc: gnutls-devel@gnu.org Subject: Re: Bug in gnutls breaking Pidgin Jabber support X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jun 2009 19:25:53 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigB7C367D85E6EC6D55112A41C Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi, > I did a quick hack to make a prepend function. Does this solve the issu= e? sadly this patch does not work. In _gnutls_io_write_buffered, if n is less than session->internals.record_send_buffer.length and the sending succeeds, the remaining buffer is silently discarded at the end of the function. Tim --------------enigB7C367D85E6EC6D55112A41C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpKZq8ACgkQ8N9+lcqiUkUP7gCePDGoN0h9Iz1qflBuGma0zebX gxkAoJ9xt0LDqT93+jRkPNpqdNfSNiIQ =1qOP -----END PGP SIGNATURE----- --------------enigB7C367D85E6EC6D55112A41C-- From MAILER-DAEMON Tue Jun 30 16:14:28 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MLjil-0004lQ-RF for mharc-gnutls-devel@gnu.org; Tue, 30 Jun 2009 16:14:27 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MLjij-0004jp-49 for gnutls-devel@gnu.org; Tue, 30 Jun 2009 16:14:25 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MLjic-0004fW-Vy for gnutls-devel@gnu.org; Tue, 30 Jun 2009 16:14:23 -0400 Received: from [199.232.76.173] (port=35104 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MLjic-0004f8-Gq for gnutls-devel@gnu.org; Tue, 30 Jun 2009 16:14:18 -0400 Received: from mail-bw0-f225.google.com ([209.85.218.225]:50536) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MLjic-0005FU-9P for gnutls-devel@gnu.org; Tue, 30 Jun 2009 16:14:18 -0400 Received: by bwz25 with SMTP id 25so432755bwz.42 for ; Tue, 30 Jun 2009 13:14:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:openpgp:content-type:content-transfer-encoding; bh=PuSFY/NdkX2MST/xZSj1pSRr39LWCovfkE4Bj6CDFvk=; b=Qml9soBoZWLGCs0GbQh6YoDyNHyYhZiroQwdo1vAjHeVgyUBOdsiVx2vCwYevT+gbh lu1ekR/BJ964+8Mn2Mgr1Nu+UleBMqE8RDqVCoXpBwXL0boFxq2a7jh8v12B+MDna6x+ 4KCnrjcNBv6Cd0NpaYXPiyT7Dc+a4az3eeTg8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; b=cClftoG5HxIMhWiJ9njeMLTcuoxoBmRnbj+AyTtRqFLZ8r40x9CaH834d8UHB1IDRe CIzeGpyM+BtACoduTBEjaT0Qgbs5EHE9qP6xrON+FbUAhJ2dPw2kK1yn4fd+5/MbZFkn GADRG7fp/FYmxhrNUbUvvrHqB4sOxMOG7PNqU= Received: by 10.204.60.72 with SMTP id o8mr8681698bkh.184.1246392856427; Tue, 30 Jun 2009 13:14:16 -0700 (PDT) Received: from ?10.100.1.196? ([194.219.240.147]) by mx.google.com with ESMTPS id z15sm650240fkz.4.2009.06.30.13.14.14 (version=SSLv3 cipher=RC4-MD5); Tue, 30 Jun 2009 13:14:15 -0700 (PDT) Sender: Nikos Mavrogiannopoulos Message-ID: <4A4A7215.6010402@gnutls.org> Date: Tue, 30 Jun 2009 23:14:13 +0300 From: Nikos Mavrogiannopoulos User-Agent: Thunderbird 2.0.0.22 (X11/20090608) MIME-Version: 1.0 To: Tim Kosse References: <4A3FBDC1.8070102@darkrain42.org> <873a9qu9xp.fsf@mocca.josefsson.org> <4A486960.6010405@filezilla-project.org> <4A4874C3.4010709@filezilla-project.org> <4A4A5D0D.40701@gnutls.org> <4A4A66AF.6010002@filezilla-project.org> In-Reply-To: <4A4A66AF.6010002@filezilla-project.org> X-Enigmail-Version: 0.95.7 OpenPGP: id=96865171 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) Cc: gnutls-devel@gnu.org Subject: Re: Bug in gnutls breaking Pidgin Jabber support X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jun 2009 20:14:25 -0000 Tim Kosse wrote: > Hi, > >> I did a quick hack to make a prepend function. Does this solve the issue? > > sadly this patch does not work. > > In _gnutls_io_write_buffered, if n is less than > session->internals.record_send_buffer.length and the sending succeeds, > the remaining buffer is silently discarded at the end of the function. By n < session->internals.record_send_buffer.length you mean that it can be any value less or zero? From MAILER-DAEMON Tue Jun 30 16:25:26 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MLjtN-0000z5-Ta for mharc-gnutls-devel@gnu.org; Tue, 30 Jun 2009 16:25:25 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MLjtM-0000yh-VM for gnutls-devel@gnu.org; Tue, 30 Jun 2009 16:25:24 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MLjtI-0000xX-GM for gnutls-devel@gnu.org; Tue, 30 Jun 2009 16:25:24 -0400 Received: from [199.232.76.173] (port=57570 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MLjtH-0000wz-My for gnutls-devel@gnu.org; Tue, 30 Jun 2009 16:25:20 -0400 Received: from wiredyne.com ([166.84.7.163]:64739) by monty-python.gnu.org with smtp (Exim 4.60) (envelope-from ) id 1MLjtE-0007Ty-3L for gnutls-devel@gnu.org; Tue, 30 Jun 2009 16:25:16 -0400 Received: (qmail 18281 invoked by uid 1000); 30 Jun 2009 20:24:48 -0000 Date: 30 Jun 2009 20:24:48 -0000 Message-ID: <20090630202448.19789.qmail@wiredyne.com> From: Peter Hendrickson To: gnutls-devel@gnu.org X-detected-operating-system: by monty-python.gnu.org: Genre and OS details not recognized. Subject: Certificate Request State X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jun 2009 20:25:25 -0000 Running GnuTLS 2.8.1 under Ubuntu 9.04, I find that gnutls_certificate_client_get_request_status() falsely reports that no client certificate was requested, even when there was a request. (The server code is supposed to be asking for a certificate, it successfully verifies the client certificate, and I can see the certificate request packet to the client and the client sending its certificate.) Watching in the debugger, it appears that when the "Certificate Request" handshake packet arrives at the client from the server, the client sets session->key->certificate_requested to 1 in auth_cert.c:_gnutls_proc_cert_cert_req(). The problem seems to lie in gnutls_certificate_client_get_request_status() itself. It calls _gnutls_get_auth_info() to get a pointer called "info" which is really just session->key->auth_info. Then _get_request_status() returns the value of info->certificate_requested; that is, effectively session->key->auth_info->certificate_requested. It should probably just return session->key->certificate_requested. Without having figured out every detail, it looks to me as if the code that sets the status and the code that reads the status are using two different locations. There seems to be no relationship between the two. _get_request_status() seems to be the only place in the code that does anything with session->key->auth_info->certificate_requested. Peter From MAILER-DAEMON Tue Jun 30 16:33:40 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MLk1M-0005m9-CX for mharc-gnutls-devel@gnu.org; Tue, 30 Jun 2009 16:33:40 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MLk1L-0005jl-6S for gnutls-devel@gnu.org; Tue, 30 Jun 2009 16:33:39 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MLk1G-0005Zj-AS for gnutls-devel@gnu.org; Tue, 30 Jun 2009 16:33:38 -0400 Received: from [199.232.76.173] (port=48099 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MLk1G-0005ZR-7V for gnutls-devel@gnu.org; Tue, 30 Jun 2009 16:33:34 -0400 Received: from filezilla-project.org ([213.239.222.5]:44886) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MLk1F-0000Zx-UT for gnutls-devel@gnu.org; Tue, 30 Jun 2009 16:33:34 -0400 Received: from kong.kawo1.rwth-aachen.de ([134.130.113.59]) by filezilla-project.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from ) id 1MLk1A-000784-Mm; Tue, 30 Jun 2009 22:33:30 +0200 Message-ID: <4A4A7693.9000806@filezilla-project.org> Date: Tue, 30 Jun 2009 22:33:23 +0200 From: Tim Kosse User-Agent: Thunderbird 2.0.0.22 (Windows/20090605) MIME-Version: 1.0 To: Nikos Mavrogiannopoulos References: <4A3FBDC1.8070102@darkrain42.org> <873a9qu9xp.fsf@mocca.josefsson.org> <4A486960.6010405@filezilla-project.org> <4A4874C3.4010709@filezilla-project.org> <4A4A5D0D.40701@gnutls.org> <4A4A66AF.6010002@filezilla-project.org> <4A4A7215.6010402@gnutls.org> In-Reply-To: <4A4A7215.6010402@gnutls.org> X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig28613BCEA2AF58A2E8DA297E" X-Spam-Score: -4.6 (----) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) Cc: gnutls-devel@gnu.org Subject: Re: Bug in gnutls breaking Pidgin Jabber support X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jun 2009 20:33:39 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig28613BCEA2AF58A2E8DA297E Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi, > By n < session->internals.record_send_buffer.length you mean that it ca= n > be any value less or zero? on a closer look n can only be 0 if iptr =3D=3D NULL. So strictly speakin= g n < session->internals.record_send_buffer.length holds. I need to revise my earlier observation, there is no buffer reordering, 0 bytes taken from the beginning are added to the end. However sending nothing always succeeds and the remaining buffer is simply discarded at the end of the function. So actually your prepend function does nothing, no functional change. BTW, I am currently also tracking down a related problem in the handshake code that I can observe in 2.6.4 even. By artificially forcing the push function to return EAGAIN most of the times I managed to trigger this other. I'll send more information once I figure out what's going wrong in that case. Tim --------------enig28613BCEA2AF58A2E8DA297E Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpKdpMACgkQ8N9+lcqiUkUJhgCfYZKvmYj/y9BV5H9B9aPM/Zip QfsAoIKcYy04a/QgNdf6o18sdxtEZN+m =pnsN -----END PGP SIGNATURE----- --------------enig28613BCEA2AF58A2E8DA297E-- From MAILER-DAEMON Tue Jun 30 17:23:41 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MLknk-0000sg-UB for mharc-gnutls-devel@gnu.org; Tue, 30 Jun 2009 17:23:40 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MLknj-0000sb-J4 for gnutls-devel@gnu.org; Tue, 30 Jun 2009 17:23:39 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MLknd-0000s5-R5 for gnutls-devel@gnu.org; Tue, 30 Jun 2009 17:23:38 -0400 Received: from [199.232.76.173] (port=52452 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MLknd-0000s2-O6 for gnutls-devel@gnu.org; Tue, 30 Jun 2009 17:23:33 -0400 Received: from filezilla-project.org ([213.239.222.5]:35069) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MLknd-00089U-3U for gnutls-devel@gnu.org; Tue, 30 Jun 2009 17:23:33 -0400 Received: from kong.kawo1.rwth-aachen.de ([134.130.113.59]) by filezilla-project.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from ) id 1MLknY-0003SH-IU for gnutls-devel@gnu.org; Tue, 30 Jun 2009 23:23:29 +0200 Message-ID: <4A4A824B.1040905@filezilla-project.org> Date: Tue, 30 Jun 2009 23:23:23 +0200 From: Tim Kosse User-Agent: Thunderbird 2.0.0.22 (Windows/20090605) MIME-Version: 1.0 To: gnutls-devel@gnu.org X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig1E0F405026C3FEC7EF23F1F3" X-Spam-Score: -4.6 (----) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) Subject: Patch for _gnutls_send_finished in gnutls_handshake.c X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jun 2009 21:23:39 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig1E0F405026C3FEC7EF23F1F3 Content-Type: multipart/mixed; boundary="------------060003020603080200030909" This is a multi-part message in MIME format. --------------060003020603080200030909 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable This is the handshake issue I've mentioned earlier. This problem exists in 2.6.4 as well as 2.8. If _gnutls_send_finished fails with GNUTLS_E_AGAIN or GNUTLS_E_AGAIN it eventually gets called a second time. It however does not call _gnutls_send_handshake with a NULL pointer on repeated calls, ultimately leading to an internal error in _gnutls_handshake_io_send_int. The attached patch simply makes sure to also pass a NULL pointer to _gnutls_send_handshake if data_size is 0. Regards, Tim Kosse --------------060003020603080200030909 Content-Type: text/x-patch; name="handshake.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline; filename="handshake.patch" --- lib/gnutls_handshake.c_old 2009-06-30 23:14:48.000000000 +0200 +++ lib/gnutls_handshake.c 2009-06-30 23:14:52.000000000 +0200 @@ -573,7 +573,7 @@ } =20 ret =3D - _gnutls_send_handshake (session, data, data_size, + _gnutls_send_handshake (session, data_size ? data : 0, data_size, GNUTLS_HANDSHAKE_FINISHED); =20 return ret; --------------060003020603080200030909-- --------------enig1E0F405026C3FEC7EF23F1F3 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpKgksACgkQ8N9+lcqiUkUUigCgwp2FVZWhlUWmVJxdeSPQ4zlA rWEAoMB/MyNYXpRqrGYbJxsmulG4fGJ2 =szka -----END PGP SIGNATURE----- --------------enig1E0F405026C3FEC7EF23F1F3-- From MAILER-DAEMON Tue Jun 30 17:54:38 2009 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MLlHi-0002ot-8m for mharc-gnutls-devel@gnu.org; Tue, 30 Jun 2009 17:54:38 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MLlHg-0002n2-Qx for gnutls-devel@gnu.org; Tue, 30 Jun 2009 17:54:36 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MLlHc-0002ef-6W for gnutls-devel@gnu.org; Tue, 30 Jun 2009 17:54:36 -0400 Received: from [199.232.76.173] (port=50876 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MLlHc-0002eY-2x for gnutls-devel@gnu.org; Tue, 30 Jun 2009 17:54:32 -0400 Received: from filezilla-project.org ([213.239.222.5]:39813) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MLlHb-00044J-BW for gnutls-devel@gnu.org; Tue, 30 Jun 2009 17:54:31 -0400 Received: from kong.kawo1.rwth-aachen.de ([134.130.113.59]) by filezilla-project.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from ) id 1MLlHW-0003f9-O1; Tue, 30 Jun 2009 23:54:28 +0200 Message-ID: <4A4A898D.4000700@filezilla-project.org> Date: Tue, 30 Jun 2009 23:54:21 +0200 From: Tim Kosse User-Agent: Thunderbird 2.0.0.22 (Windows/20090605) MIME-Version: 1.0 To: Nikos Mavrogiannopoulos References: <4A3FBDC1.8070102@darkrain42.org> <873a9qu9xp.fsf@mocca.josefsson.org> <4A486960.6010405@filezilla-project.org> <4A4874C3.4010709@filezilla-project.org> <4A4A5D0D.40701@gnutls.org> <4A4A66AF.6010002@filezilla-project.org> <4A4A7215.6010402@gnutls.org> <4A4A7693.9000806@filezilla-project.org> In-Reply-To: <4A4A7693.9000806@filezilla-project.org> X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigC106B8D3E3BE7A0EEFA4ED8A" X-Spam-Score: -4.6 (----) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) Cc: gnutls-devel@gnu.org Subject: Re: Bug in gnutls breaking Pidgin Jabber support X-BeenThere: gnutls-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GnuTLS development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jun 2009 21:54:37 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigC106B8D3E3BE7A0EEFA4ED8A Content-Type: multipart/mixed; boundary="------------080106040508020400010107" This is a multi-part message in MIME format. --------------080106040508020400010107 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi, since my initial assumptions got invalidated, I no longer consider my earlier patch as a merely an ugly workaround but instead as a viable solution. I've attached an updated version of the patch. In addition to _gnutls_io_write_buffered, _gnutls_handshake_io_send_int is fixed as well= =2E Combined with the handshake patch I've previously mailed, I've been unable to reproduce any problems with GnuTLS in FileZilla. Tim --------------080106040508020400010107 Content-Type: text/x-patch; name="gnutls_buffers.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline; filename="gnutls_buffers.patch" --- lib/gnutls_buffers.c_old 2009-06-29 09:57:46.934517539 +0200 +++ lib/gnutls_buffers.c 2009-06-30 23:43:22.000000000 +0200 @@ -657,7 +657,7 @@ { gnutls_datum bdata; /* checking is handled above */ - _gnutls_buffer_get_datum (&session->internals.record_send_buffer, = &bdata, n); + _gnutls_buffer_get_datum (&session->internals.record_send_buffer, = &bdata, session->internals.record_send_buffer.length); =20 ptr =3D bdata.data; n =3D bdata.size; @@ -854,7 +854,7 @@ gnutls_assert (); =20 /* checking is handled above */ - _gnutls_buffer_get_datum (&session->internals.handshake_send_buffe= r, &bdata, n); + _gnutls_buffer_get_datum (&session->internals.handshake_send_buffe= r, &bdata, session->internals.handshake_send_buffer.length); =20 ptr =3D bdata.data; n =3D bdata.size; --------------080106040508020400010107-- --------------enigC106B8D3E3BE7A0EEFA4ED8A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpKiY0ACgkQ8N9+lcqiUkUhxACg5+cmbAI/87pok5D4BdD/yWYy n6gAniMaVZ8M0eX7eSV0jG4/LeqHvjNG =m3/4 -----END PGP SIGNATURE----- --------------enigC106B8D3E3BE7A0EEFA4ED8A--