Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Try solve upstream conflict #2

Open
wants to merge 1,365 commits into
base: master
Choose a base branch
from

Conversation

highland0971
Copy link
Owner

No description provided.

tobiasbrunner and others added 30 commits April 4, 2024 09:25
Since the script and action have issues with the directory structure, we
upload the lcov results instead.
We explicitly pass the final .info file prepared with lcov, so there is
no need to search for other files (that then won't work anyway).  The
search also finds the uncleaned .info file, which includes the test code.

The latter should have gotten ignored anyway, but the patterns are
apparently not correct anymore. So fixing that as well just to be sure.
If a base address is configured, we don't expect the pool to be empty,
so reject the creation (e.g. with the broadcast address as base).

References #2205
If somebody copies our .gitignore and tries to import the source code,
the proposal_keywords.c file will not be added as it's ignored by the
`*keywords.c` pattern we use to ignore gperf-generated source files.

Closes #2014
These allow, for instance, a vici client on a host to communicate with
an IKE daemon running in a VM.

Signed-off-by: Thomas Egerer <[email protected]>
Can be useful if the CID inside the VM is not known.

The \htmlonly\endhtmlonly hack is used to avoid compiler warnings due
to /* inside a block comment.
As recommended by RFC 2985, section 5.4.1:

  ChallengePassword attribute values generated in accordance with this
  version of this document SHOULD use the PrintableString encoding
  whenever possible.  If internationalization issues make this
  impossible, the UTF8String alternative SHOULD be used.

Even though the RFC continues with

  PKCS #9-attribute processing systems MUST be able to recognize and
  process all string types in DirectoryString values.

there might be older SCEP server implementations that don't accept
UTF8String-encoded passwords.  In particular because previous versions of
PKCS#9 defined this attribute's type as a CHOICE between PrintableString
and T61String.

References #1831
The libraries were previously shipped with the -dev package.
If the regular daemon is running, it creates an unconditional routing
rule for the routing table.  The rule that charon-nm tries to create,
which excludes marked IKE/ESP traffic to avoid a routing loop, then
can't be installed and we'd end up with said loop.

Closes #2230
Instead of just adding the offset internally, this way the reported
base address is always the first assignable address (e.g. for
192.168.0.0/24 vs. 192.168.0.1/24).

Closes #2264
OpenSSH defaults have changed and scp stopped to work with newer versions.
There are 2 options to fix it, either use -O (legacy scp protocol)
with scp, or enable the sftp subsystem in the SSH server config.
This fix uses the second variant.

Closes #2310

Signed-off-by: Maxim Uvarov <[email protected]>
Errors in load-testconfig are hidden due to not checking scp
return code and mute all errors. Add -e to trap script on
any errors in this script.

References #2310

Signed-off-by: Maxim Uvarov <[email protected]>
Fixes: 2b11764 ("mem-pool: Adjust the base address if it's the network ID")
…ignatures

Looks like a cipher suite without DHE was selected previously.

Could be a side-effect of dc10857 ("testing: Remove unnecessary
FreeRADIUS dh_file option as recommended in the log").
This change avoids a "variable 'got' might be clobbered by 'longjmp' or
'vfork'" warning with -Wextra.
The number of elements is the first argument, their size the second.
The previous code triggered the following warning:

  'calloc' sizes specified with 'sizeof' in the earlier argument and not in the later argument
The empty array of rules for `assert_message_empty()` and the resulting
size 0 triggers warnings like these:

  allocation of insufficient size '0' for type 'listener_message_rule_t' with size '12'

Using calloc() with `nmemb` set to 0 triggers the same warning.
Not sure what changed, but without this setting, ND packets would not
get through to other hosts connected to the same bridge.
The IKE_SA might be busy with a different task while a request to
terminate it is getting queued, we don't want to use such an IKE_SA to
initiate new CHILD_SAs as these tasks will get lost once the IKE_SA is
terminated.
strongX509 and others added 30 commits December 6, 2024 14:39
The previous approach had two drawbacks:

First, it caused duplicate public keys because when the `certificate_t`
object was created and added to the credential set it had no subject
assigned yet.  So it defaulted to the key ID.  However, all previously
loaded keys had their subject already changed to an identity, so there
never was a match and new objects were always added whenever a config
with raw public keys was loaded.

Second, the subject was replaced in a way that's not thread-safe on an
object that's already shared in the public credential set.  So other
threads could potentially access the `identification_t` object that's
destroyed during that process.

References #853
Closes #2561
If not properly used (i.e. before sharing the object), this was not
thread-safe.  So better remove it and force users to create immutable
objects.
Directly calling setup.py is deprecated (apparently has been for a while,
but now we get large warnings).  Direct installation is also discouraged.
So this removes that option.  The built wheel (the old egg format is not
used/built anymore) can be installed manually in a venv or the like.
Some scenarios disable route installation and if they are executed before
any scenarios that don't, there won't be a rule for table 220 and we get
"FIB table does not exist" errors.
…y validation

Self-signed trust anchors are not part of the certificate path validation
according to RFC 8280, section 6.1:

  When the trust anchor is provided in the form of a self-signed
  certificate, this self-signed certificate is not included as part of
  the prospective certification path.

But policies in them could still be used, as stated in section 6.2:

  Where a CA distributes self-signed certificates to specify trust
  anchor information, certificate extensions can be used to specify
  recommended inputs to path validation.  For example, a policy
  constraints extension could be included in the self-signed
  certificate to indicate that paths beginning with this trust anchor
  should be trusted only for the specified policies.  [...]
  Implementations that use self-signed certificates to specify trust
  anchor information are free to process or ignore such information.

So unconditionally enforcing that self-signed root certificates contain
the policies is probably too strict.  Often they won't contain the
extension at all.  With this change, we allow that but still enforce the
policies in case such a certificate contains them.  The other
policy-related constraints are also enforced still should they be
contained.

Closes #2601
On Ubuntu 24.04, llvm-symbolizer-18, which is used to resolve symbols
in backtraces, links libcurl.so.4 for some reason.  And that in turn
requires SRP.  If our custom build doesn't provide it, we get stuff
like this

  /usr/bin/llvm-symbolizer-18: symbol lookup error: /lib/x86_64-linux-gnu/libcurl.so.4: undefined symbol: SSL_CTX_set_srp_password, version OPENSSL_3.0.0

and the symbols are not resolved and can't be whitelisted.

This also makes sure ASan is actually disabled if our own leak-detective
is used.
On the Ubuntu 24.04 image, this causes the /home/runner/.config/.android
directory to be owned by root, which lets the build fail later.
Newer versions of AddressSanitizer (e.g. in Ubuntu 24.04) will report
this now as stack-use-after-return.
The lines in the gperf-generated proposal_keywords_static.c are now
mapped to the (much shorter) .txt source file, which causes mismatches
like these:

  genhtml: ERROR: no data for line:190, TLA:GNC, file:/home/runner/work/strongswan/strongswan/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt

We could ignore "unmapped" errors in genhtml, but since the file is
generated anyway, we can also exclude it from the results and still
get such errors in case this happens for other files.  Another alternative
would be to remove the `#line` macros in the generated file.  Then the
coverage of the actual C file would get reported (but again, it's
generated, so there isn't much value in it).

Also updated the branch coverage option as the one with `lcov_` prefix
is deprecated.
Useless and causes a compiler warning/error:

  error: a function declaration without a prototype is deprecated in all versions of C and is treated as a zero-parameter prototype in C23, conflicting with a subsequent declaration [-Werror,-Wdeprecated-non-prototype]
This avoids the following warning/error:

tnc_imv_manager.c:244:39: error: passing arguments to 'tnc_imv_recommendations_create' without a prototype is deprecated in all versions of C and is not supported in C23 [-Werror,-Wdeprecated-non-prototype]
  244 |         return tnc_imv_recommendations_create(this->imvs);
      |                                              ^
Newer versions of clang complain here.
…etc.

This only works if plugins are built monolithically and linked statically.

Closes #2615
…oups and nonces

Also enables the `kdf` plugin automatically if building against an older
version of OpenSSL.

Closes #2602

Co-authored-by: Tobias Brunner <[email protected]>
Also add the official description for the other ignored rules.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants