Attachment 10871 Details for Bug 11135 – 4.2 patch cherry-picked from master

[patch] 4.2 patch cherry-picked from master

gnutls-build.4.2.patch (text/plain), 6.68 KB, created by Andrew Bartlett on 2015-03-13 00:20:38 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Andrew Bartlett

Created: 2015-03-13 00:20:38 UTC

Size: 6.68 KB

patch

obsolete

>From 86861a4a1e996a337b700e0267d838d6f791620a Mon Sep 17 00:00:00 2001
>From: Andrew Bartlett <abartlet@samba.org>
>Date: Thu, 12 Mar 2015 17:01:05 +1300
>Subject: [PATCH 1/3] lib/tls: Fix behaviour of --disable-gnutls and remove
> link to gcrypt
>
>We no longer link against gcrypt if gnutls > 3.0.0 is found, as these
>versions use libnettle.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135
>
>Signed-off-by: Andrew Bartlett <abartlet@samba.org>
>Reviewed-by: Andreas Schneider <asn@samba.org>
>(cherry picked from commit 61d962bdfdb9ca13e5f31e726ae84823c6f68fc6)
>---
> source4/lib/tls/tlscert.c                       |  4 ++--
> source4/lib/tls/wscript                         | 22 +++++++++++++++++-----
> source4/rpc_server/backupkey/dcesrv_backupkey.c |  4 ++--
> 3 files changed, 21 insertions(+), 9 deletions(-)
>
>diff --git a/source4/lib/tls/tlscert.c b/source4/lib/tls/tlscert.c
>index 8a19e0a..b44d46b 100644
>--- a/source4/lib/tls/tlscert.c
>+++ b/source4/lib/tls/tlscert.c
>@@ -24,7 +24,7 @@
> #if ENABLE_GNUTLS
> #include <gnutls/gnutls.h>
> #include <gnutls/x509.h>
>-#if HAVE_GCRYPT_H
>+#if defined(HAVE_GCRYPT_H) && !defined(HAVE_GNUTLS3)
> #include <gcrypt.h>
> #endif
> 
>@@ -69,7 +69,7 @@ void tls_cert_generate(TALLOC_CTX *mem_ctx,
> 	DEBUG(0,("Attempting to autogenerate TLS self-signed keys for https for hostname '%s'\n", 
> 		 hostname));
> 	
>-#ifdef HAVE_GCRYPT_H
>+#if defined(HAVE_GCRYPT_H) && !defined(HAVE_GNUTLS3)
> 	DEBUG(3,("Enabling QUICK mode in gcrypt\n"));
> 	gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
> #endif
>diff --git a/source4/lib/tls/wscript b/source4/lib/tls/wscript
>index ae96395..cbba87d 100644
>--- a/source4/lib/tls/wscript
>+++ b/source4/lib/tls/wscript
>@@ -17,11 +17,18 @@ def configure(conf):
>         conf.SET_TARGET_TYPE('gnutls', 'DISABLED')
>         conf.SET_TARGET_TYPE('gcrypt', 'DISABLED')
>         conf.SET_TARGET_TYPE('gpg-error', 'DISABLED')
>+        if 'AD_DC_BUILD_IS_ENABLED' in conf.env:
>+            conf.fatal("--disable-gnutls given: Building the AD DC requires GnuTLS (eg libgnutls-dev, gnutls-devel) for ldaps:// support and for the BackupKey protocol")
>         return
> 
>-    conf.check_cfg(package='gnutls',
>-                   args='"gnutls >= 1.4.0 gnutls != 2.2.4 gnutls != 2.8.0 gnutls != 2.8.1" --cflags --libs',
>-                   msg='Checking for gnutls >= 1.4.0 and broken versions', mandatory=False)
>+    if conf.check_cfg(package='gnutls',
>+                      args='"gnutls >= 3.0.0" --cflags --libs',
>+                      msg='Checking for gnutls >= 3.0.0s', mandatory=False):
>+        conf.DEFINE('HAVE_GNUTLS3', 1)
>+    else:
>+        conf.check_cfg(package='gnutls',
>+                       args='"gnutls >= 1.4.0 gnutls != 2.2.4 gnutls != 2.8.0 gnutls != 2.8.1" --cflags --libs',
>+                       msg='Checking for gnutls >= 1.4.0 and broken versions', mandatory=False)
> 
>     if 'HAVE_GNUTLS' in conf.env:
>         conf.DEFINE('ENABLE_GNUTLS', 1)
>@@ -45,8 +52,13 @@ def configure(conf):
>     conf.CHECK_TYPES('gnutls_datum gnutls_datum_t',
>                      headers='gnutls/gnutls.h', lib='gnutls')
> 
>-    conf.CHECK_FUNCS_IN('gcry_control', 'gcrypt', headers='gcrypt.h')
>-    conf.CHECK_FUNCS_IN('gpg_err_code_from_errno', 'gpg-error')
>+    # GnuTLS3 moved to libnettle, so only do this in the < 3.0 case
>+    if not 'HAVE_GNUTLS3' in conf.env:
>+        conf.CHECK_FUNCS_IN('gcry_control', 'gcrypt', headers='gcrypt.h')
>+        conf.CHECK_FUNCS_IN('gpg_err_code_from_errno', 'gpg-error')
>+    else:
>+        conf.SET_TARGET_TYPE('gcrypt', 'DISABLED')
>+        conf.SET_TARGET_TYPE('gpg-error', 'DISABLED')
> 
> 
> def build(bld):
>diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
>index bef4c93..5270360 100644
>--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
>+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
>@@ -43,7 +43,7 @@
> #include "lib/crypto/arcfour.h"
> #include <gnutls/gnutls.h>
> #include <gnutls/x509.h>
>-#if HAVE_GCRYPT_H
>+#if defined(HAVE_GCRYPT_H) && !defined(HAVE_GNUTLS3)
> #include <gcrypt.h>
> #endif
> 
>@@ -806,7 +806,7 @@ static WERROR create_heimdal_rsa_key(TALLOC_CTX *ctx, hx509_context *hctx,
> 	*rsa = NULL;
> 
> 	gnutls_global_init();
>-#ifdef HAVE_GCRYPT_H
>+#if defined(HAVE_GCRYPT_H) && !defined(HAVE_GNUTLS3)
> 	DEBUG(3,("Enabling QUICK mode in gcrypt\n"));
> 	gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
> #endif
>-- 
>2.1.4
>
>
>From e9f73e2168372ad43930df85bd89dedbd1ec26cf Mon Sep 17 00:00:00 2001
>From: Andrew Bartlett <abartlet@samba.org>
>Date: Thu, 12 Mar 2015 17:05:50 +1300
>Subject: [PATCH 2/3] backupkey: Explicitly link to gnutls and gcrypt
>
>The gcrypt link will be disabled if gnutls is > 3.0.0
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135
>
>Signed-off-by: Andrew Bartlett <abartlet@samba.org>
>Reviewed-by: Andreas Schneider <asn@samba.org>
>(cherry picked from commit 733435f8582adf7925ea0c93e2cdf411fb89624b)
>---
> source4/rpc_server/wscript_build | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build
>index 2866257..1a581b1 100755
>--- a/source4/rpc_server/wscript_build
>+++ b/source4/rpc_server/wscript_build
>@@ -116,7 +116,7 @@ bld.SAMBA_MODULE('dcerpc_backupkey',
> 	autoproto='backupkey/proto.h',
> 	subsystem='dcerpc_server',
> 	init_function='dcerpc_server_backupkey_init',
>-	deps='samdb DCERPC_COMMON NDR_BACKUPKEY RPC_NDR_BACKUPKEY krb5 hx509 hcrypto'
>+	deps='samdb DCERPC_COMMON NDR_BACKUPKEY RPC_NDR_BACKUPKEY krb5 hx509 hcrypto gnutls gcrypt'
> 	)
> 
> 
>-- 
>2.1.4
>
>
>From b74e2c8fc3b86c3b94e4ad5be92488f178012878 Mon Sep 17 00:00:00 2001
>From: Andreas Schneider <asn@samba.org>
>Date: Thu, 12 Mar 2015 22:12:43 +0100
>Subject: [PATCH 3/3] replace: Remove superfluous check for gcrypt header.
>
>We only need to check for the header if we need gnutls with gcrypt
>support.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135
>
>Signed-off-by: Andrew Bartlett <abartlet@samba.org>
>Reviewed-by: Andreas Schneider <asn@samba.org>
>
>Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
>Autobuild-Date(master): Fri Mar 13 01:00:27 CET 2015 on sn-devel-104
>
>(cherry picked from commit 07330d248bd3feb3c9748174dac407fca592638e)
>---
> lib/replace/wscript | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/lib/replace/wscript b/lib/replace/wscript
>index f8a0179..1949448 100644
>--- a/lib/replace/wscript
>+++ b/lib/replace/wscript
>@@ -53,7 +53,7 @@ def configure(conf):
>     conf.CHECK_HEADERS('sys/uio.h ifaddrs.h direct.h dirent.h')
>     conf.CHECK_HEADERS('windows.h winsock2.h ws2tcpip.h')
>     conf.CHECK_HEADERS('errno.h')
>-    conf.CHECK_HEADERS('gcrypt.h getopt.h iconv.h')
>+    conf.CHECK_HEADERS('getopt.h iconv.h')
>     conf.CHECK_HEADERS('memory.h nss.h sasl/sasl.h')
> 
>     conf.CHECK_FUNCS_IN('inotify_init', 'inotify', checklibc=True,
>-- 
>2.1.4
>

Flags:

asn: review+

Actions: View

Attachments on bug 11135: 10820 | 10832 | 10833 | 10865 | 10866 | 10867 | 10871