* [Cocci] [PATCH 2/9] Use gnutls_priority_set_direct() to deprecate gnutls_*_set() [not found] <1447975341-32070-1-git-send-email-mcgrof@do-not-panic.com> @ 2015-11-19 23:22 ` Luis R. Rodriguez 0 siblings, 0 replies; 2+ messages in thread From: Luis R. Rodriguez @ 2015-11-19 23:22 UTC (permalink / raw) To: cocci From: "Luis R. Rodriguez" <mcgrof@suse.com> Using deprecate gnutls_*_set() triggers a failure to compile with gnutls30-3.4.4, used on OpenSUSE factory: ../libqemu_common.a(vnc.o): In function `vnc_start_tls': ~/devel/xen/tools/qemu-xen-traditional-dir/vnc.c:2164: undefined reference to `gnutls_kx_set_priority' ~/devel/xen/tools/qemu-xen-traditional-dir/vnc.c:2171: undefined reference to `gnutls_certificate_type_set_priority' ~/devel/xen/tools/qemu-xen-traditional-dir/vnc.c:2178: undefined reference to `gnutls_protocol_set_priority' This compilation issue can be fixed by using the new routine gnutls_priority_set_direct() which replaces the deprecated calls which also simplifies the code considerably. The following Coccinelle rule expresses the change in a general grammar form, this could be used should the code be rebased, or to do the transformation in other projects using the same gnutls library. @ vars @ identifier kx_x509, kx_anon, cert_type_priority, protocol_priority; declarer name NEED_X509_AUTH; @@ -int cert_type_priority[] = { GNUTLS_CRT_X509, 0 }; -int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 }; -int kx_anon[] = { GNUTLS_KX_ANON_DH, 0}; -int kx_x509[] = { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0}; @ calls_kx_set_priority @ identifier vars.kx_x509, vars.kx_anon; expression need_x509; struct VncState *vs; @@ -if (gnutls_kx_set_priority(vs->tls_session, need_x509 ? kx_x509 : kx_anon) < 0) { - gnutls_deinit(vs->tls_session); - vs->tls_session = NULL; - vnc_client_error(vs); - return -1; -} @ calls_certificate_type_set_priority depends on calls_kx_set_priority @ identifier vars.cert_type_priority; struct VncState *calls_kx_set_priority.vs; @@ -if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) { - gnutls_deinit(vs->tls_session); - vs->tls_session = NULL; - vnc_client_error(vs); - return -1; -} @ calls_protocol_set_priority depends on calls_certificate_type_set_priority @ identifier vars.protocol_priority; struct VncState *calls_kx_set_priority.vs; expression calls_kx_set_priority.need_x509; @@ -if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) { - gnutls_deinit(vs->tls_session); - vs->tls_session = NULL; - vnc_client_error(vs); - return -1; -} +if (gnutls_priority_set_direct(vs->tls_session, need_x509 ? "NORMAL" : "NORMAL:+ANON-DH", NULL) < 0) { + gnutls_deinit(vs->tls_session); + vs->tls_session = NULL; + vnc_client_error(vs); + return -1; +} Generated-by: Coccinelle SmPL Cc: cocci at systeme.lip6.fr Signed-off-by: Luis R. Rodriguez <mcgrof@suse.com> --- vnc.c | 21 +-------------------- 1 file changed, 1 insertion(+), 20 deletions(-) diff --git a/vnc.c b/vnc.c index 7629dfa18645..32c604084a5b 100644 --- a/vnc.c +++ b/vnc.c @@ -2137,11 +2137,6 @@ static void vnc_handshake_io(void *opaque) { static int vnc_start_tls(struct VncState *vs) { - static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 }; - static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 }; - static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0}; - static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0}; - VNC_DEBUG("Do TLS setup\n"); if (vnc_tls_initialize() < 0) { VNC_DEBUG("Failed to init TLS\n"); @@ -2161,21 +2156,7 @@ static int vnc_start_tls(struct VncState *vs) { return -1; } - if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) { - gnutls_deinit(vs->tls_session); - vs->tls_session = NULL; - vnc_client_error(vs); - return -1; - } - - if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) { - gnutls_deinit(vs->tls_session); - vs->tls_session = NULL; - vnc_client_error(vs); - return -1; - } - - if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) { + if (gnutls_priority_set_direct(vs->tls_session, NEED_X509_AUTH(vs) ? "NORMAL" : "NORMAL:+ANON-DH", NULL) < 0) { gnutls_deinit(vs->tls_session); vs->tls_session = NULL; vnc_client_error(vs); -- 2.6.2 ^ permalink raw reply related [flat|nested] 2+ messages in thread
* [PATCH 0/9] xen: build fixes with gcc5 and binutils 2.25.0 @ 2015-11-20 17:47 Luis R. Rodriguez 2015-11-20 17:47 ` [Cocci] [PATCH 2/9] Use gnutls_priority_set_direct() to deprecate gnutls_*_set() Luis R. Rodriguez 0 siblings, 1 reply; 2+ messages in thread From: Luis R. Rodriguez @ 2015-11-20 17:47 UTC (permalink / raw) To: xen-devel, ian.campbell, JBeulich Cc: samuel.thibault, Luis R. Rodriguez, pryorm09, cfergeau From: "Luis R. Rodriguez" <mcgrof@suse.com> Here's a slew of build fixes as well as build warning fixes required when using the latest build tools, at least gcc 5 and binutils 2.25.0. I ran into this while doing development on OpenSUSE factory. Other rolling distros seem to be having similar issues based on inspection of recent patches. After fixing the issue I looked into the respective upstream projects where are appropriate and provided annotations for respective upstream fixes. The patches that have a respective upstream project but do not have upstream annotations lack the annotations are upstream code has already changed considerably and the patches do not apply or the code has already been fixed but the respective upstream atomic fix does not apply to our code branch. That said then, there is no need to send anything to our usptream. My changes actually do have a bit better annotations for some fixes than upstream, specifically where I see a change fixed an issue I explain the actual issue that should have been caused without the patch. That should make it easier to evaluate integration of the patches into a stable branch or not. Since some patches are part of upstream you could just consider bumping upstream, or pulling the respective patch from upstream, some of my annotations however have a bit better explanation for why we wnat the changes. For stable branches these could be considere as backport fixes. Up to you to decide how you want to manage these fixes. I've build tested this on both the xen master branch and the xen stable-4.6 branch, so feel free to consider some of these into stable-4.6 if its desirable to build Xen with the latest and greatest gcc and binutils. I've only run time tested the master branch of Xen on dom0 with these changes. Changes are required on a slew of different trees. The order of the patches match the order in which I found the issues and fixed them, the summary of the changes for each different tree is below. These following patches just fix warnings and as such are not required to complete proper building, but they seem worthy enough at least for consideration on unstable: hw/usb-net.c: fix state check qemu-xen-dir: virtio-rng: fix check for period_ms validity mini-os: fix linker warning with app.lds vtpm: fix vtpmblk.c compilation warning vtpm: guard against redefining TPM_VENDOR_COMMAND The rest are definitely needed for proper building. The gnutls fix goes with a Coccinelle rule file which should enable proper transformation of the needed changes in other projects, so long as the code matches in form. The Coccinelle rule file changes can also enable the same patch to be easily rebased should the code change in between the patch being considered for merging which would otherwise cause a legacy patch conflict. ------------------------------------------------------------------------------ tools/firmware/seabios-dir-remote/ Luis R. Rodriguez (1): Revert "Use the extra stack for 16bit USB and PS2 keyboard/mouse commands." src/kbd.c | 6 +++--- src/mouse.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) ------------------------------------------------------------------------------ tools/qemu-xen-traditional-dir-remote/ Luis R. Rodriguez (2): Use gnutls_priority_set_direct() to deprecate gnutls_*_set() hw/usb-net.c: fix state check hw/usb-net.c | 4 ++-- vnc.c | 21 +-------------------- 2 files changed, 3 insertions(+), 22 deletions(-) ------------------------------------------------------------------------------ tools/qemu-xen-dir-remote/ Luis R. Rodriguez (2): qemu-xen-dir: avoid using spice-experimental.h qemu-xen-dir: virtio-rng: fix check for period_ms validity hw/virtio/virtio-rng.c | 2 +- spice-qemu-char.c | 1 - ui/spice-core.c | 1 - 3 files changed, 1 insertion(+), 3 deletions(-) ------------------------------------------------------------------------------ extras/mini-os-remote/ Luis R. Rodriguez (1): mini-os: fix linker warning with app.lds Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ------------------------------------------------------------------------------ Top level xen git tree on stubdom/ Luis R. Rodriguez (3): stubdom: fix unfound libgmp library issues vtpm: fix vtpmblk.c compilation warning vtpm: guard against redefining TPM_VENDOR_COMMAND stubdom/Makefile | 5 +++++ stubdom/vtpm/vtpmblk.c | 1 + stubdom/vtpmmgr/vtpm_manager.h | 3 +++ 3 files changed, 9 insertions(+) -- 2.6.2 ^ permalink raw reply [flat|nested] 2+ messages in thread
* [Cocci] [PATCH 2/9] Use gnutls_priority_set_direct() to deprecate gnutls_*_set() 2015-11-20 17:47 [PATCH 0/9] xen: build fixes with gcc5 and binutils 2.25.0 Luis R. Rodriguez @ 2015-11-20 17:47 ` Luis R. Rodriguez 0 siblings, 0 replies; 2+ messages in thread From: Luis R. Rodriguez @ 2015-11-20 17:47 UTC (permalink / raw) To: cocci From: "Luis R. Rodriguez" <mcgrof@suse.com> Using deprecate gnutls_*_set() triggers a failure to compile with gnutls30-3.4.4, used on OpenSUSE factory: ../libqemu_common.a(vnc.o): In function `vnc_start_tls': ~/devel/xen/tools/qemu-xen-traditional-dir/vnc.c:2164: undefined reference to `gnutls_kx_set_priority' ~/devel/xen/tools/qemu-xen-traditional-dir/vnc.c:2171: undefined reference to `gnutls_certificate_type_set_priority' ~/devel/xen/tools/qemu-xen-traditional-dir/vnc.c:2178: undefined reference to `gnutls_protocol_set_priority' This compilation issue can be fixed by using the new routine gnutls_priority_set_direct() which replaces the deprecated calls which also simplifies the code considerably. The following Coccinelle rule expresses the change in a general grammar form, this could be used should the code be rebased, or to do the transformation in other projects using the same gnutls library. @ vars @ identifier kx_x509, kx_anon, cert_type_priority, protocol_priority; declarer name NEED_X509_AUTH; @@ -int cert_type_priority[] = { GNUTLS_CRT_X509, 0 }; -int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 }; -int kx_anon[] = { GNUTLS_KX_ANON_DH, 0}; -int kx_x509[] = { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0}; @ calls_kx_set_priority @ identifier vars.kx_x509, vars.kx_anon; expression need_x509; struct VncState *vs; @@ -if (gnutls_kx_set_priority(vs->tls_session, need_x509 ? kx_x509 : kx_anon) < 0) { - gnutls_deinit(vs->tls_session); - vs->tls_session = NULL; - vnc_client_error(vs); - return -1; -} @ calls_certificate_type_set_priority depends on calls_kx_set_priority @ identifier vars.cert_type_priority; struct VncState *calls_kx_set_priority.vs; @@ -if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) { - gnutls_deinit(vs->tls_session); - vs->tls_session = NULL; - vnc_client_error(vs); - return -1; -} @ calls_protocol_set_priority depends on calls_certificate_type_set_priority @ identifier vars.protocol_priority; struct VncState *calls_kx_set_priority.vs; expression calls_kx_set_priority.need_x509; @@ -if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) { - gnutls_deinit(vs->tls_session); - vs->tls_session = NULL; - vnc_client_error(vs); - return -1; -} +if (gnutls_priority_set_direct(vs->tls_session, need_x509 ? "NORMAL" : "NORMAL:+ANON-DH", NULL) < 0) { + gnutls_deinit(vs->tls_session); + vs->tls_session = NULL; + vnc_client_error(vs); + return -1; +} Generated-by: Coccinelle SmPL Cc: cocci at systeme.lip6.fr Signed-off-by: Luis R. Rodriguez <mcgrof@suse.com> --- vnc.c | 21 +-------------------- 1 file changed, 1 insertion(+), 20 deletions(-) diff --git a/vnc.c b/vnc.c index 7629dfa18645..32c604084a5b 100644 --- a/vnc.c +++ b/vnc.c @@ -2137,11 +2137,6 @@ static void vnc_handshake_io(void *opaque) { static int vnc_start_tls(struct VncState *vs) { - static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 }; - static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 }; - static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0}; - static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0}; - VNC_DEBUG("Do TLS setup\n"); if (vnc_tls_initialize() < 0) { VNC_DEBUG("Failed to init TLS\n"); @@ -2161,21 +2156,7 @@ static int vnc_start_tls(struct VncState *vs) { return -1; } - if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) { - gnutls_deinit(vs->tls_session); - vs->tls_session = NULL; - vnc_client_error(vs); - return -1; - } - - if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) { - gnutls_deinit(vs->tls_session); - vs->tls_session = NULL; - vnc_client_error(vs); - return -1; - } - - if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) { + if (gnutls_priority_set_direct(vs->tls_session, NEED_X509_AUTH(vs) ? "NORMAL" : "NORMAL:+ANON-DH", NULL) < 0) { gnutls_deinit(vs->tls_session); vs->tls_session = NULL; vnc_client_error(vs); -- 2.6.2 ^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-11-20 17:47 UTC | newest] Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <1447975341-32070-1-git-send-email-mcgrof@do-not-panic.com> 2015-11-19 23:22 ` [Cocci] [PATCH 2/9] Use gnutls_priority_set_direct() to deprecate gnutls_*_set() Luis R. Rodriguez 2015-11-20 17:47 [PATCH 0/9] xen: build fixes with gcc5 and binutils 2.25.0 Luis R. Rodriguez 2015-11-20 17:47 ` [Cocci] [PATCH 2/9] Use gnutls_priority_set_direct() to deprecate gnutls_*_set() Luis R. Rodriguez
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.