Tue Aug 7 13:58:00 BST 2007 Richard W.M. Jones <rjones@redhat.com>

        * acinclude.m4, configure.in: ./configure option
          --disable-stack-protector.
        * src/gnutls_1_0_compat.h: Compatibility with GnuTLS 1.0.
        * src/bridge.c: If no bridge ioctls, give an error at runtime.

diff --git a/ChangeLog b/ChangeLog
index bde4bb874ccc0e6ba19cb6d16d00946d30da02a0..6e02786ddaae1d6c6fb84c0e44de6e8f2bddc0b5 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Tue Aug  7 13:58:00 BST 2007 Richard W.M. Jones <rjones@redhat.com>
+
+       * acinclude.m4, configure.in: ./configure option
+         --disable-stack-protector.
+       * src/gnutls_1_0_compat.h: Compatibility with GnuTLS 1.0.
+       * src/bridge.c: If no bridge ioctls, give an error at runtime.
+
 Thu Aug  2 12:49:08 CEST 2007 Daniel Veillard <veillard@redhat.com>
 
        * src/xml.c: changes from Masayuki Sunou to improve error reporting

diff --git a/acinclude.m4 b/acinclude.m4
index b96267c1d8c45aa2c4c3c51ac32010938d480b47..6543f056edb1ff480aedc0ff2063a67c4449ba0f 100644 (file)
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -19,7 +19,7 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
 
     warnCFLAGS=
 
-    try_compiler_flags="-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -fasynchronous-unwind-tables"
+    try_compiler_flags="-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fasynchronous-unwind-tables"
 
     case "$enable_compile_warnings" in
     no)

diff --git a/configure.in b/configure.in
index 9b454b59fa64af0a31d5b0f0e0c10768390211ce..c2313f695a3e880890e37820b0924162aa6ad936 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -100,6 +100,17 @@ if test x"$enable_debug" = x"yes"; then
    AC_DEFINE(ENABLE_DEBUG, [], [whether debugging is enabled])
 fi
 
+dnl --disable-stack-protector
+AC_ARG_ENABLE(stack-protector,
+             AC_HELP_STRING([--disable-stack-protector],
+                            [disable stack protector]),
+                            [],
+                            [enable_stack_protector=yes])
+if test x"$enable_stack_protector" = x"yes"; then
+    CFLAGS="$CFLAGS -fstack-protector --param=ssp-buffer-size=4"
+fi
+
+
 AC_MSG_CHECKING([where to write libvirtd PID file])
 AC_ARG_WITH(remote-pid-file, AC_HELP_STRING([--with-remote-pid-file=[pidfile|none]], [PID file for libvirtd]))
 if test "x$with_remote_pid_file" == "x" ; then
@@ -302,6 +313,14 @@ AC_CHECK_LIB(gnutls, gnutls_handshake,
        [],
        [AC_MSG_ERROR([You must install the GnuTLS library in order to compile and run libvirt])])
 
+dnl Old versions of GnuTLS uses types like 'gnutls_session' instead
+dnl of 'gnutls_session_t'.  Try to detect this type if defined so
+dnl that we can offer backwards compatibility.
+AC_CHECK_TYPE(gnutls_session,
+       AC_DEFINE(GNUTLS_1_0_COMPAT,[],
+               [enable GnuTLS 1.0 compatibility macros]),,
+       [#include <gnutls/gnutls.h>])
+
 dnl virsh libraries
 AC_CHECK_LIB(curses, initscr, 
        [VIRSH_LIBS="$VIRSH_LIBS -lcurses"],

diff --git a/qemud/internal.h b/qemud/internal.h
index f4fbe70522265b6a20f35c5500fe0d6bb0846a8b..95704622d0fb962573b5e66addbac881bc2c195e 100644 (file)
--- a/qemud/internal.h
+++ b/qemud/internal.h
@@ -27,6 +27,7 @@
 
 #include <gnutls/gnutls.h>
 #include <gnutls/x509.h>
+#include "../src/gnutls_1_0_compat.h"
 
 #include "protocol.h"
 #include "remote_protocol.h"

diff --git a/qemud/qemud.c b/qemud/qemud.c
index d38a47e5228e597097fa0bbbaf4b8786af7dade1..3520f3016d8a3b7ba200c3786383d545008a8c34 100644 (file)
--- a/qemud/qemud.c
+++ b/qemud/qemud.c
@@ -48,8 +48,6 @@
 #include <getopt.h>
 #include <assert.h>
 #include <fnmatch.h>
-#include <gnutls/gnutls.h>
-#include <gnutls/x509.h>
 
 #include <libvirt/virterror.h>
 
@@ -110,7 +108,7 @@ static void qemudDispatchClientEvent(int fd, int events, void *opaque);
 static void qemudDispatchServerEvent(int fd, int events, void *opaque);
 static int qemudRegisterClientEvent(struct qemud_server *server,
                                     struct qemud_client *client,
-                                    int remove);
+                                    int removeFirst);
 
 static int
 remoteCheckCertFile(const char *type, const char *file)
@@ -818,8 +816,10 @@ remoteCheckCertificate (gnutls_session_t session)
         if (status & GNUTLS_CERT_REVOKED)
             qemudLog (QEMUD_ERR, "remoteCheckCertificate: the client certificate has been revoked.");
 
+#ifndef GNUTLS_1_0_COMPAT
         if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
             qemudLog (QEMUD_ERR, "remoteCheckCertificate: the client certificate uses an insecure algorithm.");
+#endif
 
         return -1;
     }

diff --git a/src/bridge.c b/src/bridge.c
index 0bcbd76da3f93b4b8c6851b1c50c93fd7e71c40b..d728c2684c07234fd8fd6868bf03c2781145ac67 100644 (file)
--- a/src/bridge.c
+++ b/src/bridge.c
@@ -124,6 +124,7 @@ brShutdown(brControl *ctl)
  *
  * Returns 0 in case of success or an errno code in case of failure.
  */
+#ifdef SIOCBRADDBR
 int
 brAddBridge(brControl *ctl,
             const char *nameOrFmt,
@@ -170,6 +171,15 @@ brAddBridge(brControl *ctl,
 
     return errno;
 }
+#else
+int brAddBridge (brControl *ctl ATTRIBUTE_UNUSED,
+                 const char *nameOrFmt ATTRIBUTE_UNUSED,
+                 char *name ATTRIBUTE_UNUSED,
+                 int maxlen ATTRIBUTE_UNUSED)
+{
+    return EINVAL;
+}
+#endif
 
 /**
  * brDeleteBridge:
@@ -180,6 +190,7 @@ brAddBridge(brControl *ctl,
  *
  * Returns 0 in case of success or an errno code in case of failure.
  */
+#ifdef SIOCBRDELBR
 int
 brDeleteBridge(brControl *ctl,
                const char *name)
@@ -189,7 +200,16 @@ brDeleteBridge(brControl *ctl,
 
     return ioctl(ctl->fd, SIOCBRDELBR, name) == 0 ? 0 : errno;
 }
+#else
+int
+brDeleteBridge(brControl *ctl ATTRIBUTE_UNUSED,
+               const char *name ATTRIBUTE_UNUSED)
+{
+    return EINVAL;
+}
+#endif
 
+#if defined(SIOCBRADDIF) && defined(SIOCBRDELIF)
 static int
 brAddDelInterface(brControl *ctl,
                   int cmd,
@@ -215,6 +235,7 @@ brAddDelInterface(brControl *ctl,
 
     return ioctl(ctl->fd, cmd, &ifr) == 0 ? 0 : errno;
 }
+#endif
 
 /**
  * brAddInterface:
@@ -226,6 +247,7 @@ brAddDelInterface(brControl *ctl,
  *
  * Returns 0 in case of success or an errno code in case of failure.
  */
+#ifdef SIOCBRADDIF
 int
 brAddInterface(brControl *ctl,
                const char *bridge,
@@ -233,6 +255,15 @@ brAddInterface(brControl *ctl,
 {
     return brAddDelInterface(ctl, SIOCBRADDIF, bridge, iface);
 }
+#else
+int
+brAddInterface(brControl *ctl ATTRIBUTE_UNUSED,
+               const char *bridge ATTRIBUTE_UNUSED,
+               const char *iface ATTRIBUTE_UNUSED)
+{
+    return EINVAL;
+}
+#endif
 
 /**
  * brDeleteInterface:
@@ -244,6 +275,7 @@ brAddInterface(brControl *ctl,
  *
  * Returns 0 in case of success or an errno code in case of failure.
  */
+#ifdef SIOCBRDELIF
 int
 brDeleteInterface(brControl *ctl,
                   const char *bridge,
@@ -251,7 +283,15 @@ brDeleteInterface(brControl *ctl,
 {
     return brAddDelInterface(ctl, SIOCBRDELIF, bridge, iface);
 }
-
+#else
+int
+brDeleteInterface(brControl *ctl ATTRIBUTE_UNUSED,
+                  const char *bridge ATTRIBUTE_UNUSED,
+                  const char *iface ATTRIBUTE_UNUSED)
+{
+    return EINVAL;
+}
+#endif
 
 /**
  * brAddTap:

diff --git a/src/gnutls_1_0_compat.h b/src/gnutls_1_0_compat.h
new file mode 100644 (file)
index 0000000..2b3111f
--- /dev/null
+++ b/src/gnutls_1_0_compat.h
@@ -0,0 +1,36 @@
+/*
+ * gnutls_1_0_compat.h: GnuTLS 1.0 compatibility
+ *
+ * Copyright (C) 2007 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+ *
+ * Author: Richard W.M. Jones <rjones@redhat.com>
+ */
+
+#ifndef LIBVIRT_GNUTLS_1_0_COMPAT_H__
+
+#include "config.h"
+
+#ifdef GNUTLS_1_0_COMPAT
+#define gnutls_session_t                 gnutls_session
+#define gnutls_x509_crt_t                gnutls_x509_crt
+#define gnutls_dh_params_t               gnutls_dh_params
+#define gnutls_transport_ptr_t           gnutls_transport_ptr
+#define gnutls_datum_t                   gnutls_datum
+#define gnutls_certificate_credentials_t gnutls_certificate_credentials
+#endif
+
+#endif /* LIBVIRT_GNUTLS_1_0_COMPAT_H__ */

diff --git a/src/qemu_conf.c b/src/qemu_conf.c
index 7219cf5b2efb1915232c3e97346dc5e337731421..926b1d8179a87c771f414898c0604b12a6f1de32 100644 (file)
--- a/src/qemu_conf.c
+++ b/src/qemu_conf.c
@@ -768,7 +768,7 @@ static struct qemud_vm_net_def *qemudParseInterfaceXML(virConnectPtr conn,
     } else if (net->type == QEMUD_NET_CLIENT ||
                net->type == QEMUD_NET_SERVER ||
                net->type == QEMUD_NET_MCAST) {
-        int len;
+        int len = 0;
         char *ret;
 
         if (port == NULL) {

diff --git a/src/remote_internal.c b/src/remote_internal.c
index 24ee5e705295d9ffd1284779433b3a8971235cae..171a74a116af2d947fc4bf392955cd9a1750cf0c 100644 (file)
--- a/src/remote_internal.c
+++ b/src/remote_internal.c
@@ -43,6 +43,7 @@
 #include <rpc/xdr.h>
 #include <gnutls/gnutls.h>
 #include <gnutls/x509.h>
+#include "gnutls_1_0_compat.h"
 #include <libxml/uri.h>
 
 #include "internal.h"
@@ -1085,9 +1086,11 @@ verify_certificate (virConnectPtr conn ATTRIBUTE_UNUSED,
     
         if (status & GNUTLS_CERT_REVOKED)
             reason = "The certificate has been revoked.";
-    
+
+#ifndef GNUTLS_1_0_COMPAT
         if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
             reason = "The certificate uses an insecure algorithm";
+#endif
     
         error (NULL, VIR_ERR_RPC, reason);
         return -1;