Re: [Mingw-cross-env-list] gnutls update with new supporting packages p1

mingw-cross-env-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Mingw-cross-env-list] gnutls update with new supporting packages p1

From:	Mark Brand
Subject:	Re: [Mingw-cross-env-list] gnutls update with new supporting packages p11-kit and dlfcn-win32
Date:	Sat, 20 Aug 2011 09:24:36 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20110812 Thunderbird/6.0

p11-kit
http://hg.savannah.gnu.org/hgweb/mingw-cross-env/rev/2c718573fadb
Fixups were needed for the .pc file. Also had to #ifdef away some
code not suitable for Windows.

If I understand your patch correctly, it makes some function
return nothing in case the HOME environment variable is not
set. I wonder why the compiler doesn't show a big warning about
that. Also, the patch will ensure that reinitialize_after_fork()
will never be called. Are you sure this is a safe thing to do?

My reasoning was that since Windows does not have fork, this situationin which this is needed would not arise. The potentially dangerous gapis not knowing if a fork would be simulated and what that would mean.

In general, I think it is very dangerous to patch security-related
packages on our own. This requires special care and should be
brought up on the respective upstream project's mailing list.


You're absolutely right. My "quick fix" was foolhardy.

In addition, the p11-kit library obviously hasn't been written
with Windows or MinGW in mind. So I wonder if it makes sense
at all to port it to MinGW.


Agreed.

I also wonder how the official Windows package of GnuTLS has
been built. How did they build it? Did they touch p11-kit, too?
Or did they GnuTLS without p11-kit?

Those questions need to be answered, either by intensive research
on the net, or (preferably) by discussion on the GnuTLS or p11-kit
mailing list.

I recommend to undo those 3 changesets until those questions are
answered. Otherwise I'm pretty sure we'll risk a disaster comparable
to the Debian/OpenSSL disaster 3 years ago. [1]

Agreed. Let's wait for the respective projects to address Windowscompatibility.

I've removed p11-kit and dlfcn-win32 since it's not needed otherwise.This means that gnutls 2.12.8 must be configured:

    "--without-p11-kit       Build without p11-kit and PKCS#11 support"

http://hg.savannah.gnu.org/hgweb/mingw-cross-env/rev/e5969b622179

I had similar misgivings about p11-kit and I'm grateful that youconfirmed and amplified them.


regards,

Mark

[Prev in Thread]

Current Thread

[Next in Thread]

[Mingw-cross-env-list] gnutls update with new supporting packages p11-kit and dlfcn-win32, Mark Brand, 2011/08/19
- Re: [Mingw-cross-env-list] gnutls update with new supporting packages p11-kit and dlfcn-win32, Volker Grabsch, 2011/08/19
  - Re: [Mingw-cross-env-list] gnutls update with new supporting packages p11-kit and dlfcn-win32, Mark Brand <=
    - Re: [Mingw-cross-env-list] gnutls update with new supporting packages p11-kit and dlfcn-win32, Volker Grabsch, 2011/08/20

Prev by Date: Re: [Mingw-cross-env-list] gnutls update with new supporting packages p11-kit and dlfcn-win32
Next by Date: Re: [Mingw-cross-env-list] gnutls update with new supporting packages p11-kit and dlfcn-win32
Previous by thread: Re: [Mingw-cross-env-list] gnutls update with new supporting packages p11-kit and dlfcn-win32
Next by thread: Re: [Mingw-cross-env-list] gnutls update with new supporting packages p11-kit and dlfcn-win32
Index(es):
- Date
- Thread