From a49b482957ace45d4c2b707c7bd52d39927e19b7 Mon Sep 17 00:00:00 2001 From: Milan Bouchet-Valat Date: Aug 26 2019 22:50:33 +0000 Subject: New upstream release 1.2.0 --- diff --git a/.gitignore b/.gitignore index ccef211..4627963 100644 --- a/.gitignore +++ b/.gitignore @@ -49,3 +49,11 @@ /libuv-2348256acf5759a544e5ca7935f638d2bc091d60.tar.gz /llvm-6.0.1.src.tar.xz /Pkg-853b3f1fd9895db32b402d89e9dee153b66b2316.tar.gz +/julia-1.2.0.tar.gz +/libunwind-1.3.1.tar.gz +/Pkg-394e7c5d55d3722f5b2ab660ca0a694ea0041974.tar.gz +/pcre2-10.33.zip +/mpfr-4.0.2.tar.bz2 +/SuiteSparse-5.4.0.tar.gz +/pcre2-10.31.zip +/pcre2-10.31.tar.bz2 diff --git a/julia-Bump-libgit2-to-0.28.2-32806.patch b/julia-Bump-libgit2-to-0.28.2-32806.patch new file mode 100644 index 0000000..f7cfcc3 --- /dev/null +++ b/julia-Bump-libgit2-to-0.28.2-32806.patch @@ -0,0 +1,1101 @@ +From d0b5d9850fb7b51c7831d3897ad46e4d3478d322 Mon Sep 17 00:00:00 2001 +From: Milan Bouchet-Valat +Date: Thu, 22 Aug 2019 11:55:11 +0200 +Subject: [PATCH] Bump libgit2 to 0.28.2 (#32806) + +This allows dropping MbedTLS patches which have been upstreamed. +The order in which configuration options are returned has changed, making a test fail: +make the code more robust by giving priority to more specific options over global ones. +--- + deps/Versions.make | 4 +- + deps/libgit2.mk | 16 +- + deps/libgit2.version | 4 +- + deps/patches/libgit2-mbedtls.patch | 952 ---------------------------- + deps/patches/libgit2-mbedtls2.patch | 28 - + stdlib/LibGit2/src/gitcredential.jl | 8 +- + 6 files changed, 12 insertions(+), 1000 deletions(-) + delete mode 100644 deps/patches/libgit2-mbedtls.patch + delete mode 100644 deps/patches/libgit2-mbedtls2.patch + +diff --git a/deps/Versions.make b/deps/Versions.make +index ff103cbbe1..0fac074998 100644 +--- a/deps/Versions.make ++++ b/deps/Versions.make +@@ -25,7 +25,7 @@ LIBSSH2_VER = 1.8.2 + LIBSSH2_BB_REL = 0 + CURL_VER = 7.61.0 + CURL_BB_REL = 1 +-LIBGIT2_VER = 0.27.7 ++LIBGIT2_VER = 0.28.2 + LIBGIT2_BB_REL = 1 + LIBUV_VER = 1.24.0 + LIBUV_BB_REL = 1 +diff --git a/deps/libgit2.mk b/deps/libgit2.mk +index 845cfba273..ae634542b0 100644 +--- a/deps/libgit2.mk ++++ b/deps/libgit2.mk +@@ -44,24 +44,12 @@ endif + + LIBGIT2_SRC_PATH := $(SRCCACHE)/$(LIBGIT2_SRC_DIR) + +-$(LIBGIT2_SRC_PATH)/libgit2-mbedtls.patch-applied: $(SRCCACHE)/$(LIBGIT2_SRC_DIR)/source-extracted +- cd $(LIBGIT2_SRC_PATH) && \ +- patch -p1 -f < $(SRCDIR)/patches/libgit2-mbedtls.patch +- echo 1 > $@ +- +-$(LIBGIT2_SRC_PATH)/libgit2-mbedtls2.patch-applied: $(SRCCACHE)/$(LIBGIT2_SRC_DIR)/source-extracted | $(LIBGIT2_SRC_PATH)/libgit2-mbedtls.patch-applied +- cd $(LIBGIT2_SRC_PATH) && \ +- patch -p1 -f < $(SRCDIR)/patches/libgit2-mbedtls2.patch +- echo 1 > $@ +- +-$(LIBGIT2_SRC_PATH)/libgit2-agent-nonfatal.patch-applied: $(LIBGIT2_SRC_PATH)/source-extracted | $(LIBGIT2_SRC_PATH)/libgit2-mbedtls.patch-applied ++$(LIBGIT2_SRC_PATH)/libgit2-agent-nonfatal.patch-applied: $(LIBGIT2_SRC_PATH)/source-extracted + cd $(LIBGIT2_SRC_PATH) && \ + patch -p1 -f < $(SRCDIR)/patches/libgit2-agent-nonfatal.patch + echo 1 > $@ + + $(BUILDDIR)/$(LIBGIT2_SRC_DIR)/build-configured: \ +- $(LIBGIT2_SRC_PATH)/libgit2-mbedtls.patch-applied \ +- $(LIBGIT2_SRC_PATH)/libgit2-mbedtls2.patch-applied \ + $(LIBGIT2_SRC_PATH)/libgit2-agent-nonfatal.patch-applied \ + + $(BUILDDIR)/$(LIBGIT2_SRC_DIR)/build-configured: $(LIBGIT2_SRC_PATH)/source-extracted +@@ -109,7 +97,7 @@ $(build_prefix)/manifest/libgit2: $(build_datarootdir)/julia/cert.pem # use libg + + else # USE_BINARYBUILDER_LIBGIT2 + +-LIBGIT2_BB_URL_BASE := https://github.com/JuliaPackaging/Yggdrasil/releases/download/LibGit2-v$(LIBGIT2_VER)-$(LIBGIT2_BB_REL) ++LIBGIT2_BB_URL_BASE := https://github.com/JuliaPackaging/Yggdrasil/releases/download/LibGit2-v$(LIBGIT2_VER)+$(LIBGIT2_BB_REL) + LIBGIT2_BB_NAME := LibGit2.v$(LIBGIT2_VER) + $(eval $(call bb-install,libgit2,LIBGIT2,false)) + +diff --git a/deps/libgit2.version b/deps/libgit2.version +index d35b024233..f67bedc414 100644 +--- a/deps/libgit2.version ++++ b/deps/libgit2.version +@@ -1,2 +1,2 @@ +-LIBGIT2_BRANCH=v0.27.7 +-LIBGIT2_SHA1=f23dc5b29f1394928a940d7ec447f4bfd53dad1f ++LIBGIT2_BRANCH=v0.28.2 ++LIBGIT2_SHA1=b3e1a56ebb2b9291e82dc027ba9cbcfc3ead54d3 +diff --git a/deps/patches/libgit2-mbedtls.patch b/deps/patches/libgit2-mbedtls.patch +deleted file mode 100644 +index c54a7e78c1..0000000000 +--- a/deps/patches/libgit2-mbedtls.patch ++++ /dev/null +@@ -1,952 +0,0 @@ +-Enables MbedTLS support +- +-Upstream: https://github.com/libgit2/libgit2/pull/4173 +- +-NOTE: libgit2 has switched its CI to Azure Pipelines. The aforementioned PR makes modifications +-to the Travis YAML file, which has since been removed, causing patch conflicts. That part of +-the diff has thus been removed here. +- +-git diff ca3b2234dc7f1bd0d0f81488d3e29980b47a85b4^..cb2da47e56159faaaf143943c74ffb8f60a988b1 > libgit2-mbedtls.patch +- +-mbedtls: initial support +-mbedtls: proper certificate verification +-mbedtls: use libmbedcrypto for hashing +-mbedtls: add global initialization +-mbedtls: default cipher list support +-mbedtls: fix libgit2 hanging due to incomplete writes +-mbedtls: enable Travis CI tests +-mbedtls: use our own certificate validation +-mbedtls: use mbedTLS certificate verification +-mbedtls: load default CA certificates +-mbedtls: display error codes as hex for consistency with mbedTLS docs +-tests: clarify comment +-cmake: make our preferred backend ordering consistent +-travis: just grab what we need from mbedtls +-travis: pass -fPIC when configuring mbedtls +- +-diff --git a/CMakeLists.txt b/CMakeLists.txt +-index 2ca5354a7..9176eee04 100644 +---- a/CMakeLists.txt +-+++ b/CMakeLists.txt +-@@ -48,7 +48,7 @@ OPTION( PROFILE "Generate profiling information" OFF ) +- OPTION( ENABLE_TRACE "Enables tracing support" OFF ) +- OPTION( LIBGIT2_FILENAME "Name of the produced binary" OFF ) +- +--SET(SHA1_BACKEND "CollisionDetection" CACHE STRING "Backend to use for SHA1. One of Generic, OpenSSL, Win32, CommonCrypto, CollisionDetection. ") +-+SET(SHA1_BACKEND "CollisionDetection" CACHE STRING "Backend to use for SHA1. One of Generic, OpenSSL, Win32, CommonCrypto, mbedTLS, CollisionDetection. ") +- OPTION( USE_SSH "Link with libssh to enable SSH support" ON ) +- OPTION( USE_HTTPS "Enable HTTPS support. Can be set to a specific backend" ON ) +- OPTION( USE_GSSAPI "Link with libgssapi for SPNEGO auth" OFF ) +-diff --git a/cmake/Modules/FindmbedTLS.cmake b/cmake/Modules/FindmbedTLS.cmake +-new file mode 100644 +-index 000000000..93297555e +---- /dev/null +-+++ b/cmake/Modules/FindmbedTLS.cmake +-@@ -0,0 +1,93 @@ +-+# - Try to find mbedTLS +-+# Once done this will define +-+# +-+# Read-Only variables +-+# MBEDTLS_FOUND - system has mbedTLS +-+# MBEDTLS_INCLUDE_DIR - the mbedTLS include directory +-+# MBEDTLS_LIBRARY_DIR - the mbedTLS library directory +-+# MBEDTLS_LIBRARIES - Link these to use mbedTLS +-+# MBEDTLS_LIBRARY - path to mbedTLS library +-+# MBEDX509_LIBRARY - path to mbedTLS X.509 library +-+# MBEDCRYPTO_LIBRARY - path to mbedTLS Crypto library +-+# +-+# Hint +-+# MBEDTLS_ROOT_DIR can be pointed to a local mbedTLS installation. +-+ +-+SET(_MBEDTLS_ROOT_HINTS +-+ ${MBEDTLS_ROOT_DIR} +-+ ENV MBEDTLS_ROOT_DIR +-+) +-+ +-+SET(_MBEDTLS_ROOT_HINTS_AND_PATHS +-+ HINTS ${_MBEDTLS_ROOT_HINTS} +-+ PATHS ${_MBEDTLS_ROOT_PATHS} +-+) +-+ +-+FIND_PATH(MBEDTLS_INCLUDE_DIR +-+ NAMES mbedtls/version.h +-+ ${_MBEDTLS_ROOT_HINTS_AND_PATHS} +-+ PATH_SUFFIXES include +-+) +-+ +-+IF(MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARIES) +-+ # Already in cache, be silent +-+ SET(MBEDTLS_FIND_QUIETLY TRUE) +-+ENDIF() +-+ +-+FIND_LIBRARY(MBEDTLS_LIBRARY +-+ NAMES mbedtls libmbedtls +-+ ${_MBEDTLS_ROOT_HINTS_AND_PATHS} +-+ PATH_SUFFIXES library +-+) +-+FIND_LIBRARY(MBEDX509_LIBRARY +-+ NAMES mbedx509 libmbedx509 +-+ ${_MBEDTLS_ROOT_HINTS_AND_PATHS} +-+ PATH_SUFFIXES library +-+) +-+FIND_LIBRARY(MBEDCRYPTO_LIBRARY +-+ NAMES mbedcrypto libmbedcrypto +-+ ${_MBEDTLS_ROOT_HINTS_AND_PATHS} +-+ PATH_SUFFIXES library +-+) +-+ +-+IF(MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARY AND MBEDX509_LIBRARY AND MBEDCRYPTO_LIBRARY) +-+ SET(MBEDTLS_FOUND TRUE) +-+ENDIF() +-+ +-+IF(MBEDTLS_FOUND) +-+ # split mbedTLS into -L and -l linker options, so we can set them for pkg-config +-+ GET_FILENAME_COMPONENT(MBEDTLS_LIBRARY_DIR ${MBEDTLS_LIBRARY} PATH) +-+ GET_FILENAME_COMPONENT(MBEDTLS_LIBRARY_FILE ${MBEDTLS_LIBRARY} NAME_WE) +-+ GET_FILENAME_COMPONENT(MBEDX509_LIBRARY_FILE ${MBEDX509_LIBRARY} NAME_WE) +-+ GET_FILENAME_COMPONENT(MBEDCRYPTO_LIBRARY_FILE ${MBEDCRYPTO_LIBRARY} NAME_WE) +-+ STRING(REGEX REPLACE "^lib" "" MBEDTLS_LIBRARY_FILE ${MBEDTLS_LIBRARY_FILE}) +-+ STRING(REGEX REPLACE "^lib" "" MBEDX509_LIBRARY_FILE ${MBEDX509_LIBRARY_FILE}) +-+ STRING(REGEX REPLACE "^lib" "" MBEDCRYPTO_LIBRARY_FILE ${MBEDCRYPTO_LIBRARY_FILE}) +-+ SET(MBEDTLS_LIBRARIES "-L${MBEDTLS_LIBRARY_DIR} -l${MBEDTLS_LIBRARY_FILE} -l${MBEDX509_LIBRARY_FILE} -l${MBEDCRYPTO_LIBRARY_FILE}") +-+ +-+ IF(NOT MBEDTLS_FIND_QUIETLY) +-+ MESSAGE(STATUS "Found mbedTLS:") +-+ FILE(READ ${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h MBEDTLSCONTENT) +-+ STRING(REGEX MATCH "MBEDTLS_VERSION_STRING +\"[0-9|.]+\"" MBEDTLSMATCH ${MBEDTLSCONTENT}) +-+ IF (MBEDTLSMATCH) +-+ STRING(REGEX REPLACE "MBEDTLS_VERSION_STRING +\"([0-9|.]+)\"" "\\1" MBEDTLS_VERSION ${MBEDTLSMATCH}) +-+ MESSAGE(STATUS " version ${MBEDTLS_VERSION}") +-+ ENDIF(MBEDTLSMATCH) +-+ MESSAGE(STATUS " TLS: ${MBEDTLS_LIBRARY}") +-+ MESSAGE(STATUS " X509: ${MBEDX509_LIBRARY}") +-+ MESSAGE(STATUS " Crypto: ${MBEDCRYPTO_LIBRARY}") +-+ ENDIF(NOT MBEDTLS_FIND_QUIETLY) +-+ELSE(MBEDTLS_FOUND) +-+ IF(MBEDTLS_FIND_REQUIRED) +-+ MESSAGE(FATAL_ERROR "Could not find mbedTLS") +-+ ENDIF(MBEDTLS_FIND_REQUIRED) +-+ENDIF(MBEDTLS_FOUND) +-+ +-+MARK_AS_ADVANCED( +-+ MBEDTLS_INCLUDE_DIR +-+ MBEDTLS_LIBRARY_DIR +-+ MBEDTLS_LIBRARIES +-+ MBEDTLS_LIBRARY +-+ MBEDX509_LIBRARY +-+ MBEDCRYPTO_LIBRARY +-+) +-diff --git a/script/install-deps-linux.sh b/script/install-deps-linux.sh +-new file mode 100755 +-index 000000000..99cbde4e0 +---- /dev/null +-+++ b/script/install-deps-linux.sh +-@@ -0,0 +1,13 @@ +-+#!/bin/sh +-+ +-+set -x +-+ +-+if [ "$MBEDTLS" ]; then +-+ git clone --depth 10 --single-branch --branch mbedtls-2.6.1 https://github.com/ARMmbed/mbedtls.git ./deps/mbedtls +-+ cd ./deps/mbedtls +-+ # We pass -fPIC explicitely because we'll include it in libgit2.so +-+ CFLAGS=-fPIC cmake -DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF -DUSE_SHARED_MBEDTLS_LIBRARY=OFF -DUSE_STATIC_MBEDTLS_LIBRARY=ON . +-+ cmake --build . +-+ +-+ echo "mbedTLS built in `pwd`" +-+fi +-diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt +-index b03b96af9..0f5d78547 100644 +---- a/src/CMakeLists.txt +-+++ b/src/CMakeLists.txt +-@@ -133,6 +133,9 @@ ELSE () +- ENDIF() +- +- IF (USE_HTTPS) +-+ # We try to find any packages our backends might use +-+ FIND_PACKAGE(OpenSSL) +-+ FIND_PACKAGE(mbedTLS) +- IF (CMAKE_SYSTEM_NAME MATCHES "Darwin") +- FIND_PACKAGE(Security) +- FIND_PACKAGE(CoreFoundation) +-@@ -149,8 +152,13 @@ IF (USE_HTTPS) +- ENDIF() +- ELSEIF (WINHTTP) +- SET(HTTPS_BACKEND "WinHTTP") +-- ELSE() +-+ ELSEIF(OPENSSL_FOUND) +- SET(HTTPS_BACKEND "OpenSSL") +-+ ELSEIF(MBEDTLS_FOUND) +-+ SET(HTTPS_BACKEND "mbedTLS") +-+ ELSE() +-+ MESSAGE(FATAL_ERROR "Unable to autodetect a usable HTTPS backend." +-+ "Please pass the backend name explicitly (-DUSE_HTTPS=backend)") +- ENDIF() +- ELSE() +- # Backend was explicitly set +-@@ -174,8 +182,6 @@ IF (USE_HTTPS) +- LIST(APPEND LIBGIT2_LIBS ${COREFOUNDATION_LIBRARIES} ${SECURITY_LIBRARIES}) +- LIST(APPEND LIBGIT2_PC_LIBS ${COREFOUNDATION_LDFLAGS} ${SECURITY_LDFLAGS}) +- ELSEIF (HTTPS_BACKEND STREQUAL "OpenSSL") +-- FIND_PACKAGE(OpenSSL) +-- +- IF (NOT OPENSSL_FOUND) +- MESSAGE(FATAL_ERROR "Asked for OpenSSL TLS backend, but it wasn't found") +- ENDIF() +-@@ -185,6 +191,53 @@ IF (USE_HTTPS) +- LIST(APPEND LIBGIT2_LIBS ${OPENSSL_LIBRARIES}) +- LIST(APPEND LIBGIT2_PC_LIBS ${OPENSSL_LDFLAGS}) +- LIST(APPEND LIBGIT2_PC_REQUIRES "openssl") +-+ ELSEIF(HTTPS_BACKEND STREQUAL "mbedTLS") +-+ IF (NOT MBEDTLS_FOUND) +-+ MESSAGE(FATAL_ERROR "Asked for mbedTLS backend, but it wasn't found") +-+ ENDIF() +-+ +-+ IF(NOT CERT_LOCATION) +-+ MESSAGE("Auto-detecting default certificates location") +-+ IF(CMAKE_SYSTEM_NAME MATCHES Darwin) +-+ # Check for an Homebrew installation +-+ SET(OPENSSL_CMD "/usr/local/opt/openssl/bin/openssl") +-+ ELSE() +-+ SET(OPENSSL_CMD "openssl") +-+ ENDIF() +-+ EXECUTE_PROCESS(COMMAND ${OPENSSL_CMD} version -d OUTPUT_VARIABLE OPENSSL_DIR OUTPUT_STRIP_TRAILING_WHITESPACE) +-+ IF(OPENSSL_DIR) +-+ STRING(REGEX REPLACE "^OPENSSLDIR: \"(.*)\"$" "\\1/" OPENSSL_DIR ${OPENSSL_DIR}) +-+ +-+ SET(OPENSSL_CA_LOCATIONS +-+ "ca-bundle.pem" # OpenSUSE Leap 42.1 +-+ "cert.pem" # Ubuntu 14.04, FreeBSD +-+ "certs/ca-certificates.crt" # Ubuntu 16.04 +-+ "certs/ca.pem" # Debian 7 +-+ ) +-+ FOREACH(SUFFIX IN LISTS OPENSSL_CA_LOCATIONS) +-+ SET(LOC "${OPENSSL_DIR}${SUFFIX}") +-+ IF(NOT CERT_LOCATION AND EXISTS "${OPENSSL_DIR}${SUFFIX}") +-+ SET(CERT_LOCATION ${LOC}) +-+ ENDIF() +-+ ENDFOREACH() +-+ ELSE() +-+ MESSAGE("Unable to find OpenSSL executable. Please provide default certificate location via CERT_LOCATION") +-+ ENDIF() +-+ ENDIF() +-+ +-+ IF(CERT_LOCATION) +-+ IF(NOT EXISTS ${CERT_LOCATION}) +-+ MESSAGE(FATAL_ERROR "Cannot use CERT_LOCATION=${CERT_LOCATION} as it doesn't exist") +-+ ENDIF() +-+ ADD_FEATURE_INFO(CERT_LOCATION ON "using certificates from ${CERT_LOCATION}") +-+ ADD_DEFINITIONS(-DGIT_DEFAULT_CERT_LOCATION="${CERT_LOCATION}") +-+ ENDIF() +-+ +-+ SET(GIT_MBEDTLS 1) +-+ LIST(APPEND LIBGIT2_INCLUDES ${MBEDTLS_INCLUDE_DIR}) +-+ LIST(APPEND LIBGIT2_LIBS ${MBEDTLS_LIBRARIES}) +-+ LIST(APPEND LIBGIT2_PC_LIBS ${MBEDTLS_LDFLAGS}) +-+ LIST(APPEND LIBGIT2_PC_REQUIRES "mbedtls") +- ELSEIF (HTTPS_BACKEND STREQUAL "WinHTTP") +- # WinHTTP setup was handled in the WinHTTP-specific block above +- ELSE() +-@@ -230,6 +283,11 @@ ELSEIF(SHA1_BACKEND STREQUAL "Win32") +- ELSEIF(SHA1_BACKEND STREQUAL "CommonCrypto") +- ADD_FEATURE_INFO(SHA ON "using CommonCrypto") +- SET(GIT_SHA1_COMMON_CRYPTO 1) +-+ELSEIF (SHA1_BACKEND STREQUAL "mbedTLS") +-+ ADD_FEATURE_INFO(SHA ON "using mbedTLS") +-+ SET(GIT_SHA1_MBEDTLS 1) +-+ FILE(GLOB SRC_SHA1 src/hash/hash_mbedtls.c) +-+ LIST(APPEND LIBGIT2_PC_REQUIRES "mbedtls") +- ELSE() +- MESSAGE(FATAL_ERROR "Asked for unknown SHA1 backend ${SHA1_BACKEND}") +- ENDIF() +-diff --git a/src/features.h.in b/src/features.h.in +-index e03b7a251..f414c5843 100644 +---- a/src/features.h.in +-+++ b/src/features.h.in +-@@ -27,10 +27,12 @@ +- #cmakedefine GIT_HTTPS 1 +- #cmakedefine GIT_OPENSSL 1 +- #cmakedefine GIT_SECURE_TRANSPORT 1 +-+#cmakedefine GIT_MBEDTLS 1 +- +- #cmakedefine GIT_SHA1_COLLISIONDETECT 1 +- #cmakedefine GIT_SHA1_WIN32 1 +- #cmakedefine GIT_SHA1_COMMON_CRYPTO 1 +- #cmakedefine GIT_SHA1_OPENSSL 1 +-+#cmakedefine GIT_SHA1_MBEDTLS 1 +- +- #endif +-diff --git a/src/global.c b/src/global.c +-index 2f9b45bcd..02aedf57d 100644 +---- a/src/global.c +-+++ b/src/global.c +-@@ -12,6 +12,7 @@ +- #include "filter.h" +- #include "merge_driver.h" +- #include "streams/curl.h" +-+#include "streams/mbedtls.h" +- #include "streams/openssl.h" +- #include "thread-utils.h" +- #include "git2/global.h" +-@@ -65,7 +66,8 @@ static int init_common(void) +- (ret = git_merge_driver_global_init()) == 0 && +- (ret = git_transport_ssh_global_init()) == 0 && +- (ret = git_openssl_stream_global_init()) == 0 && +-- (ret = git_curl_stream_global_init()) == 0) +-+ (ret = git_curl_stream_global_init()) == 0 && +-+ (ret = git_mbedtls_stream_global_init()) == 0) +- ret = git_mwindow_global_init(); +- +- GIT_MEMORY_BARRIER; +-diff --git a/src/hash.h b/src/hash.h +-index 31eaf8889..93765adf3 100644 +---- a/src/hash.h +-+++ b/src/hash.h +-@@ -26,6 +26,8 @@ void git_hash_ctx_cleanup(git_hash_ctx *ctx); +- # include "hash/hash_openssl.h" +- #elif defined(GIT_SHA1_WIN32) +- # include "hash/hash_win32.h" +-+#elif defined(GIT_SHA1_MBEDTLS) +-+# include "hash/hash_mbedtls.h" +- #else +- # include "hash/hash_generic.h" +- #endif +-diff --git a/src/hash/hash_mbedtls.c b/src/hash/hash_mbedtls.c +-new file mode 100644 +-index 000000000..a19d76308 +---- /dev/null +-+++ b/src/hash/hash_mbedtls.c +-@@ -0,0 +1,38 @@ +-+/* +-+ * Copyright (C) the libgit2 contributors. All rights reserved. +-+ * +-+ * This file is part of libgit2, distributed under the GNU GPL v2 with +-+ * a Linking Exception. For full terms see the included COPYING file. +-+ */ +-+ +-+#include "common.h" +-+#include "hash.h" +-+#include "hash/hash_mbedtls.h" +-+ +-+void git_hash_ctx_cleanup(git_hash_ctx *ctx) +-+{ +-+ assert(ctx); +-+ mbedtls_sha1_free(&ctx->c); +-+} +-+ +-+int git_hash_init(git_hash_ctx *ctx) +-+{ +-+ assert(ctx); +-+ mbedtls_sha1_init(&ctx->c); +-+ mbedtls_sha1_starts(&ctx->c); +-+ return 0; +-+} +-+ +-+int git_hash_update(git_hash_ctx *ctx, const void *data, size_t len) +-+{ +-+ assert(ctx); +-+ mbedtls_sha1_update(&ctx->c, data, len); +-+ return 0; +-+} +-+ +-+int git_hash_final(git_oid *out, git_hash_ctx *ctx) +-+{ +-+ assert(ctx); +-+ mbedtls_sha1_finish(&ctx->c, out->id); +-+ return 0; +-+} +-diff --git a/src/hash/hash_mbedtls.h b/src/hash/hash_mbedtls.h +-new file mode 100644 +-index 000000000..24196c5bf +---- /dev/null +-+++ b/src/hash/hash_mbedtls.h +-@@ -0,0 +1,20 @@ +-+/* +-+ * Copyright (C) the libgit2 contributors. All rights reserved. +-+ * +-+ * This file is part of libgit2, distributed under the GNU GPL v2 with +-+ * a Linking Exception. For full terms see the included COPYING file. +-+ */ +-+ +-+#ifndef INCLUDE_hash_mbedtld_h__ +-+#define INCLUDE_hash_mbedtld_h__ +-+ +-+#include +-+ +-+struct git_hash_ctx { +-+ mbedtls_sha1_context c; +-+}; +-+ +-+#define git_hash_global_init() 0 +-+#define git_hash_ctx_init(ctx) git_hash_init(ctx) +-+ +-+#endif /* INCLUDE_hash_mbedtld_h__ */ +-diff --git a/src/settings.c b/src/settings.c +-index 2a52ffbf6..f6bc5b270 100644 +---- a/src/settings.c +-+++ b/src/settings.c +-@@ -11,6 +11,10 @@ +- # include +- #endif +- +-+#ifdef GIT_MBEDTLS +-+# include +-+#endif +-+ +- #include +- #include "sysdir.h" +- #include "cache.h" +-@@ -20,6 +24,7 @@ +- #include "refs.h" +- #include "transports/smart.h" +- #include "streams/openssl.h" +-+#include "streams/mbedtls.h" +- +- void git_libgit2_version(int *major, int *minor, int *rev) +- { +-@@ -175,6 +180,15 @@ int git_libgit2_opts(int key, ...) +- const char *path = va_arg(ap, const char *); +- error = git_openssl__set_cert_location(file, path); +- } +-+#elif defined(GIT_MBEDTLS) +-+ { +-+ const char *file = va_arg(ap, const char *); +-+ const char *path = va_arg(ap, const char *); +-+ if (file) +-+ error = git_mbedtls__set_cert_location(file, 0); +-+ if (error && path) +-+ error = git_mbedtls__set_cert_location(path, 1); +-+ } +- #else +- giterr_set(GITERR_SSL, "TLS backend doesn't support certificate locations"); +- error = -1; +-@@ -199,7 +213,7 @@ int git_libgit2_opts(int key, ...) +- break; +- +- case GIT_OPT_SET_SSL_CIPHERS: +--#ifdef GIT_OPENSSL +-+#if (GIT_OPENSSL || GIT_MBEDTLS) +- { +- git__free(git__ssl_ciphers); +- git__ssl_ciphers = git__strdup(va_arg(ap, const char *)); +-diff --git a/src/streams/mbedtls.c b/src/streams/mbedtls.c +-new file mode 100644 +-index 000000000..0a49a36a6 +---- /dev/null +-+++ b/src/streams/mbedtls.c +-@@ -0,0 +1,452 @@ +-+/* +-+ * Copyright (C) the libgit2 contributors. All rights reserved. +-+ * +-+ * This file is part of libgit2, distributed under the GNU GPL v2 with +-+ * a Linking Exception. For full terms see the included COPYING file. +-+ */ +-+ +-+#include "streams/mbedtls.h" +-+ +-+#ifdef GIT_MBEDTLS +-+ +-+#include +-+ +-+#include "global.h" +-+#include "stream.h" +-+#include "streams/socket.h" +-+#include "netops.h" +-+#include "git2/transport.h" +-+#include "util.h" +-+ +-+#ifdef GIT_CURL +-+# include "streams/curl.h" +-+#endif +-+ +-+#ifndef GIT_DEFAULT_CERT_LOCATION +-+#define GIT_DEFAULT_CERT_LOCATION NULL +-+#endif +-+ +-+#include +-+#include +-+#include +-+#include +-+#include +-+ +-+mbedtls_ssl_config *git__ssl_conf; +-+mbedtls_entropy_context *mbedtls_entropy; +-+ +-+#define GIT_SSL_DEFAULT_CIPHERS "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-DSS-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-DSS-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256:TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA:TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA:TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-128-CBC-SHA256:TLS-DHE-DSS-WITH-AES-256-CBC-SHA256:TLS-DHE-DSS-WITH-AES-128-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-128-GCM-SHA256:TLS-RSA-WITH-AES-256-GCM-SHA384:TLS-RSA-WITH-AES-128-CBC-SHA256:TLS-RSA-WITH-AES-256-CBC-SHA256:TLS-RSA-WITH-AES-128-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA" +-+#define GIT_SSL_DEFAULT_CIPHERS_COUNT 30 +-+ +-+/** +-+ * This function aims to clean-up the SSL context which +-+ * we allocated. +-+ */ +-+static void shutdown_ssl(void) +-+{ +-+ if (git__ssl_conf) { +-+ mbedtls_x509_crt_free(git__ssl_conf->ca_chain); +-+ git__free(git__ssl_conf->ca_chain); +-+ mbedtls_ctr_drbg_free(git__ssl_conf->p_rng); +-+ git__free(git__ssl_conf->p_rng); +-+ mbedtls_ssl_config_free(git__ssl_conf); +-+ git__free(git__ssl_conf); +-+ git__ssl_conf = NULL; +-+ } +-+ if (mbedtls_entropy) { +-+ mbedtls_entropy_free(mbedtls_entropy); +-+ git__free(mbedtls_entropy); +-+ mbedtls_entropy = NULL; +-+ } +-+} +-+ +-+int git_mbedtls__set_cert_location(const char *path, int is_dir); +-+ +-+int git_mbedtls_stream_global_init(void) +-+{ +-+ int loaded = 0; +-+ char *crtpath = GIT_DEFAULT_CERT_LOCATION; +-+ struct stat statbuf; +-+ mbedtls_ctr_drbg_context *ctr_drbg = NULL; +-+ +-+ int *ciphers_list = NULL; +-+ int ciphers_known = 0; +-+ char *cipher_name = NULL; +-+ char *cipher_string = NULL; +-+ char *cipher_string_tmp = NULL; +-+ +-+ mbedtls_x509_crt *cacert = NULL; +-+ +-+ git__ssl_conf = git__malloc(sizeof(mbedtls_ssl_config)); +-+ mbedtls_ssl_config_init(git__ssl_conf); +-+ if (mbedtls_ssl_config_defaults(git__ssl_conf, +-+ MBEDTLS_SSL_IS_CLIENT, +-+ MBEDTLS_SSL_TRANSPORT_STREAM, +-+ MBEDTLS_SSL_PRESET_DEFAULT) != 0) { +-+ giterr_set(GITERR_SSL, "failed to initialize mbedTLS"); +-+ goto cleanup; +-+ } +-+ +-+ /* configure TLSv1 */ +-+ mbedtls_ssl_conf_min_version(git__ssl_conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0); +-+ +-+ /* verify_server_cert is responsible for making the check. +-+ * OPTIONAL because REQUIRED drops the certificate as soon as the check +-+ * is made, so we can never see the certificate and override it. */ +-+ mbedtls_ssl_conf_authmode(git__ssl_conf, MBEDTLS_SSL_VERIFY_OPTIONAL); +-+ +-+ /* set the list of allowed ciphersuites */ +-+ ciphers_list = calloc(GIT_SSL_DEFAULT_CIPHERS_COUNT, sizeof(int)); +-+ ciphers_known = 0; +-+ cipher_string = cipher_string_tmp = git__strdup(GIT_SSL_DEFAULT_CIPHERS); +-+ while ((cipher_name = git__strtok(&cipher_string_tmp, ":")) != NULL) { +-+ int cipherid = mbedtls_ssl_get_ciphersuite_id(cipher_name); +-+ if (cipherid == 0) continue; +-+ +-+ ciphers_list[ciphers_known++] = cipherid; +-+ } +-+ git__free(cipher_string); +-+ +-+ if (!ciphers_known) { +-+ giterr_set(GITERR_SSL, "no cipher could be enabled"); +-+ goto cleanup; +-+ } +-+ mbedtls_ssl_conf_ciphersuites(git__ssl_conf, ciphers_list); +-+ +-+ /* Seeding the random number generator */ +-+ mbedtls_entropy = git__malloc(sizeof(mbedtls_entropy_context)); +-+ mbedtls_entropy_init(mbedtls_entropy); +-+ +-+ ctr_drbg = git__malloc(sizeof(mbedtls_ctr_drbg_context)); +-+ mbedtls_ctr_drbg_init(ctr_drbg); +-+ if (mbedtls_ctr_drbg_seed(ctr_drbg, +-+ mbedtls_entropy_func, +-+ mbedtls_entropy, NULL, 0) != 0) { +-+ giterr_set(GITERR_SSL, "failed to initialize mbedTLS entropy pool"); +-+ goto cleanup; +-+ } +-+ +-+ mbedtls_ssl_conf_rng(git__ssl_conf, mbedtls_ctr_drbg_random, ctr_drbg); +-+ +-+ /* load default certificates */ +-+ if (crtpath != NULL && stat(crtpath, &statbuf) == 0 && S_ISREG(statbuf.st_mode)) +-+ loaded = (git_mbedtls__set_cert_location(crtpath, 0) == 0); +-+ if (!loaded && crtpath != NULL && stat(crtpath, &statbuf) == 0 && S_ISDIR(statbuf.st_mode)) +-+ loaded = (git_mbedtls__set_cert_location(crtpath, 1) == 0); +-+ +-+ git__on_shutdown(shutdown_ssl); +-+ +-+ return 0; +-+ +-+cleanup: +-+ mbedtls_x509_crt_free(cacert); +-+ git__free(cacert); +-+ mbedtls_ctr_drbg_free(ctr_drbg); +-+ git__free(ctr_drbg); +-+ mbedtls_ssl_config_free(git__ssl_conf); +-+ git__free(git__ssl_conf); +-+ git__ssl_conf = NULL; +-+ +-+ return -1; +-+} +-+ +-+mbedtls_ssl_config *git__ssl_conf; +-+ +-+static int bio_read(void *b, unsigned char *buf, size_t len) +-+{ +-+ git_stream *io = (git_stream *) b; +-+ return (int) git_stream_read(io, buf, len); +-+} +-+ +-+static int bio_write(void *b, const unsigned char *buf, size_t len) +-+{ +-+ git_stream *io = (git_stream *) b; +-+ return (int) git_stream_write(io, (const char *)buf, len, 0); +-+} +-+ +-+static int ssl_set_error(mbedtls_ssl_context *ssl, int error) +-+{ +-+ char errbuf[512]; +-+ int ret = -1; +-+ +-+ assert(error != MBEDTLS_ERR_SSL_WANT_READ); +-+ assert(error != MBEDTLS_ERR_SSL_WANT_WRITE); +-+ +-+ if (error != 0) +-+ mbedtls_strerror( error, errbuf, 512 ); +-+ +-+ switch(error) { +-+ case 0: +-+ giterr_set(GITERR_SSL, "SSL error: unknown error"); +-+ break; +-+ +-+ case MBEDTLS_ERR_X509_CERT_VERIFY_FAILED: +-+ giterr_set(GITERR_SSL, "SSL error: %#04x [%x] - %s", error, ssl->session_negotiate->verify_result, errbuf); +-+ ret = GIT_ECERTIFICATE; +-+ break; +-+ +-+ default: +-+ giterr_set(GITERR_SSL, "SSL error: %#04x - %s", error, errbuf); +-+ } +-+ +-+ return ret; +-+} +-+ +-+static int ssl_teardown(mbedtls_ssl_context *ssl) +-+{ +-+ int ret = 0; +-+ +-+ ret = mbedtls_ssl_close_notify(ssl); +-+ if (ret < 0) +-+ ret = ssl_set_error(ssl, ret); +-+ +-+ mbedtls_ssl_free(ssl); +-+ return ret; +-+} +-+ +-+static int verify_server_cert(mbedtls_ssl_context *ssl) +-+{ +-+ int ret = -1; +-+ +-+ if ((ret = mbedtls_ssl_get_verify_result(ssl)) != 0) { +-+ char vrfy_buf[512]; +-+ int len = mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), "", ret); +-+ if (len >= 1) vrfy_buf[len - 1] = '\0'; /* Remove trailing \n */ +-+ giterr_set(GITERR_SSL, "the SSL certificate is invalid: %#04x - %s", ret, vrfy_buf); +-+ return GIT_ECERTIFICATE; +-+ } +-+ +-+ return 0; +-+} +-+ +-+typedef struct { +-+ git_stream parent; +-+ git_stream *io; +-+ bool connected; +-+ char *host; +-+ mbedtls_ssl_context *ssl; +-+ git_cert_x509 cert_info; +-+} mbedtls_stream; +-+ +-+ +-+int mbedtls_connect(git_stream *stream) +-+{ +-+ int ret; +-+ mbedtls_stream *st = (mbedtls_stream *) stream; +-+ +-+ if ((ret = git_stream_connect(st->io)) < 0) +-+ return ret; +-+ +-+ st->connected = true; +-+ +-+ mbedtls_ssl_set_hostname(st->ssl, st->host); +-+ +-+ mbedtls_ssl_set_bio(st->ssl, st->io, bio_write, bio_read, NULL); +-+ +-+ if ((ret = mbedtls_ssl_handshake(st->ssl)) != 0) +-+ return ssl_set_error(st->ssl, ret); +-+ +-+ return verify_server_cert(st->ssl); +-+} +-+ +-+int mbedtls_certificate(git_cert **out, git_stream *stream) +-+{ +-+ unsigned char *encoded_cert; +-+ mbedtls_stream *st = (mbedtls_stream *) stream; +-+ +-+ const mbedtls_x509_crt *cert = mbedtls_ssl_get_peer_cert(st->ssl); +-+ if (!cert) { +-+ giterr_set(GITERR_SSL, "the server did not provide a certificate"); +-+ return -1; +-+ } +-+ +-+ /* Retrieve the length of the certificate first */ +-+ if (cert->raw.len == 0) { +-+ giterr_set(GITERR_NET, "failed to retrieve certificate information"); +-+ return -1; +-+ } +-+ +-+ encoded_cert = git__malloc(cert->raw.len); +-+ GITERR_CHECK_ALLOC(encoded_cert); +-+ memcpy(encoded_cert, cert->raw.p, cert->raw.len); +-+ +-+ st->cert_info.parent.cert_type = GIT_CERT_X509; +-+ st->cert_info.data = encoded_cert; +-+ st->cert_info.len = cert->raw.len; +-+ +-+ *out = &st->cert_info.parent; +-+ +-+ return 0; +-+} +-+ +-+static int mbedtls_set_proxy(git_stream *stream, const git_proxy_options *proxy_options) +-+{ +-+ mbedtls_stream *st = (mbedtls_stream *) stream; +-+ +-+ return git_stream_set_proxy(st->io, proxy_options); +-+} +-+ +-+ssize_t mbedtls_stream_write(git_stream *stream, const char *data, size_t len, int flags) +-+{ +-+ size_t read = 0; +-+ mbedtls_stream *st = (mbedtls_stream *) stream; +-+ +-+ GIT_UNUSED(flags); +-+ +-+ do { +-+ int error = mbedtls_ssl_write(st->ssl, (const unsigned char *)data + read, len - read); +-+ if (error <= 0) { +-+ return ssl_set_error(st->ssl, error); +-+ } +-+ read += error; +-+ } while (read < len); +-+ +-+ return read; +-+} +-+ +-+ssize_t mbedtls_stream_read(git_stream *stream, void *data, size_t len) +-+{ +-+ mbedtls_stream *st = (mbedtls_stream *) stream; +-+ int ret; +-+ +-+ if ((ret = mbedtls_ssl_read(st->ssl, (unsigned char *)data, len)) <= 0) +-+ ssl_set_error(st->ssl, ret); +-+ +-+ return ret; +-+} +-+ +-+int mbedtls_stream_close(git_stream *stream) +-+{ +-+ mbedtls_stream *st = (mbedtls_stream *) stream; +-+ int ret = 0; +-+ +-+ if (st->connected && (ret = ssl_teardown(st->ssl)) != 0) +-+ return -1; +-+ +-+ st->connected = false; +-+ +-+ return git_stream_close(st->io); +-+} +-+ +-+void mbedtls_stream_free(git_stream *stream) +-+{ +-+ mbedtls_stream *st = (mbedtls_stream *) stream; +-+ +-+ git__free(st->host); +-+ git__free(st->cert_info.data); +-+ git_stream_free(st->io); +-+ git__free(st->ssl); +-+ git__free(st); +-+} +-+ +-+int git_mbedtls_stream_new(git_stream **out, const char *host, const char *port) +-+{ +-+ int error; +-+ mbedtls_stream *st; +-+ +-+ st = git__calloc(1, sizeof(mbedtls_stream)); +-+ GITERR_CHECK_ALLOC(st); +-+ +-+#ifdef GIT_CURL +-+ error = git_curl_stream_new(&st->io, host, port); +-+#else +-+ error = git_socket_stream_new(&st->io, host, port); +-+#endif +-+ +-+ if (error < 0) +-+ goto out_err; +-+ +-+ st->ssl = git__malloc(sizeof(mbedtls_ssl_context)); +-+ GITERR_CHECK_ALLOC(st->ssl); +-+ mbedtls_ssl_init(st->ssl); +-+ if (mbedtls_ssl_setup(st->ssl, git__ssl_conf)) { +-+ giterr_set(GITERR_SSL, "failed to create ssl object"); +-+ error = -1; +-+ goto out_err; +-+ } +-+ +-+ st->host = git__strdup(host); +-+ GITERR_CHECK_ALLOC(st->host); +-+ +-+ st->parent.version = GIT_STREAM_VERSION; +-+ st->parent.encrypted = 1; +-+ st->parent.proxy_support = git_stream_supports_proxy(st->io); +-+ st->parent.connect = mbedtls_connect; +-+ st->parent.certificate = mbedtls_certificate; +-+ st->parent.set_proxy = mbedtls_set_proxy; +-+ st->parent.read = mbedtls_stream_read; +-+ st->parent.write = mbedtls_stream_write; +-+ st->parent.close = mbedtls_stream_close; +-+ st->parent.free = mbedtls_stream_free; +-+ +-+ *out = (git_stream *) st; +-+ return 0; +-+ +-+out_err: +-+ mbedtls_ssl_free(st->ssl); +-+ git_stream_free(st->io); +-+ git__free(st); +-+ +-+ return error; +-+} +-+ +-+int git_mbedtls__set_cert_location(const char *path, int is_dir) +-+{ +-+ int ret = 0; +-+ char errbuf[512]; +-+ mbedtls_x509_crt *cacert; +-+ +-+ assert(path != NULL); +-+ +-+ cacert = git__malloc(sizeof(mbedtls_x509_crt)); +-+ mbedtls_x509_crt_init(cacert); +-+ if (is_dir) { +-+ ret = mbedtls_x509_crt_parse_path(cacert, path); +-+ } else { +-+ ret = mbedtls_x509_crt_parse_file(cacert, path); +-+ } +-+ /* mbedtls_x509_crt_parse_path returns the number of invalid certs on success */ +-+ if (ret < 0) { +-+ mbedtls_x509_crt_free(cacert); +-+ git__free(cacert); +-+ mbedtls_strerror( ret, errbuf, 512 ); +-+ giterr_set(GITERR_SSL, "failed to load CA certificates: %#04x - %s", ret, errbuf); +-+ return -1; +-+ } +-+ +-+ mbedtls_x509_crt_free(git__ssl_conf->ca_chain); +-+ git__free(git__ssl_conf->ca_chain); +-+ mbedtls_ssl_conf_ca_chain(git__ssl_conf, cacert, NULL); +-+ +-+ return 0; +-+} +-+ +-+#else +-+ +-+#include "stream.h" +-+ +-+int git_mbedtls_stream_global_init(void) +-+{ +-+ return 0; +-+} +-+ +-+int git_mbedtls_stream_new(git_stream **out, const char *host, const char *port) +-+{ +-+ GIT_UNUSED(out); +-+ GIT_UNUSED(host); +-+ GIT_UNUSED(port); +-+ +-+ giterr_set(GITERR_SSL, "mbedTLS is not supported in this version"); +-+ return -1; +-+} +-+ +-+int git_mbedtls__set_cert_location(const char *path, int is_dir) +-+{ +-+ GIT_UNUSED(path); +-+ GIT_UNUSED(is_dir); +-+ +-+ giterr_set(GITERR_SSL, "mbedTLS is not supported in this version"); +-+ return -1; +-+} +-+ +-+#endif +-diff --git a/src/streams/mbedtls.h b/src/streams/mbedtls.h +-new file mode 100644 +-index 000000000..7283698ff +---- /dev/null +-+++ b/src/streams/mbedtls.h +-@@ -0,0 +1,20 @@ +-+/* +-+ * Copyright (C) the libgit2 contributors. All rights reserved. +-+ * +-+ * This file is part of libgit2, distributed under the GNU GPL v2 with +-+ * a Linking Exception. For full terms see the included COPYING file. +-+ */ +-+#ifndef INCLUDE_steams_mbedtls_h__ +-+#define INCLUDE_steams_mbedtls_h__ +-+ +-+#include "common.h" +-+ +-+#include "git2/sys/stream.h" +-+ +-+extern int git_mbedtls_stream_global_init(void); +-+ +-+extern int git_mbedtls_stream_new(git_stream **out, const char *host, const char *port); +-+ +-+extern int git_mbedtls__set_cert_location(const char *path, int is_dir); +-+ +-+#endif +-diff --git a/src/streams/tls.c b/src/streams/tls.c +-index d6ca7d40d..1bcb0d984 100644 +---- a/src/streams/tls.c +-+++ b/src/streams/tls.c +-@@ -9,6 +9,7 @@ +- +- #include "git2/errors.h" +- +-+#include "streams/mbedtls.h" +- #include "streams/openssl.h" +- #include "streams/stransport.h" +- +-@@ -31,6 +32,8 @@ int git_tls_stream_new(git_stream **out, const char *host, const char *port) +- return git_stransport_stream_new(out, host, port); +- #elif defined(GIT_OPENSSL) +- return git_openssl_stream_new(out, host, port); +-+#elif defined(GIT_MBEDTLS) +-+ return git_mbedtls_stream_new(out, host, port); +- #else +- GIT_UNUSED(out); +- GIT_UNUSED(host); +-diff --git a/tests/core/stream.c b/tests/core/stream.c +-index 9bed4ae27..262888b10 100644 +---- a/tests/core/stream.c +-+++ b/tests/core/stream.c +-@@ -33,9 +33,8 @@ void test_core_stream__register_tls(void) +- cl_git_pass(git_stream_register_tls(NULL)); +- error = git_tls_stream_new(&stream, "localhost", "443"); +- +-- /* We don't have arbitrary TLS stream support on Windows +-- * or when openssl support is disabled (except on OSX +-- * with Security framework). +-+ /* We don't have TLS support enabled, or we're on Windows, +-+ * which has no arbitrary TLS stream support. +- */ +- #if defined(GIT_WIN32) || !defined(GIT_HTTPS) +- cl_git_fail_with(-1, error); +diff --git a/deps/patches/libgit2-mbedtls2.patch b/deps/patches/libgit2-mbedtls2.patch +deleted file mode 100644 +index 2bc02a3725..0000000000 +--- a/deps/patches/libgit2-mbedtls2.patch ++++ /dev/null +@@ -1,28 +0,0 @@ +-Fixes mbedTLS support to link properly and not include libssl.so +- +-Tracked in upstream PR https://github.com/libgit2/libgit2/pull/4678 +- +-NOTE: libgit2 has switched its CI to Azure Pipelines. The aforementioned PR makes modifications +-to the Travis YAML file, which has since been removed, causing patch conflicts. That part of +-the diff has thus been removed here. +- +-diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt +-index 2b82bb325..2deed5f87 100644 +---- a/src/CMakeLists.txt +-+++ b/src/CMakeLists.txt +-@@ -284,8 +284,13 @@ ELSEIF(SHA1_BACKEND STREQUAL "CommonCrypto") +- ELSEIF (SHA1_BACKEND STREQUAL "mbedTLS") +- ADD_FEATURE_INFO(SHA ON "using mbedTLS") +- SET(GIT_SHA1_MBEDTLS 1) +-- FILE(GLOB SRC_SHA1 src/hash/hash_mbedtls.c) +-- LIST(APPEND LIBGIT2_PC_REQUIRES "mbedtls") +-+ FILE(GLOB SRC_SHA1 hash/hash_mbedtls.c) +-+ LIST(APPEND LIBGIT2_INCLUDES ${MBEDTLS_INCLUDE_DIR}) +-+ LIST(APPEND LIBGIT2_LIBS ${MBEDTLS_LIBRARIES}) +-+ # mbedTLS has no pkgconfig file, hence we can't require it +-+ # https://github.com/ARMmbed/mbedtls/issues/228 +-+ # For now, pass its link flags as our own +-+ LIST(APPEND LIBGIT2_PC_LIBS ${MBEDTLS_LIBRARIES}) +- ELSE() +- MESSAGE(FATAL_ERROR "Asked for unknown SHA1 backend ${SHA1_BACKEND}") +- ENDIF() +diff --git a/stdlib/LibGit2/src/gitcredential.jl b/stdlib/LibGit2/src/gitcredential.jl +index 09c70d7d73..a0504b1c3d 100644 +--- a/stdlib/LibGit2/src/gitcredential.jl ++++ b/stdlib/LibGit2/src/gitcredential.jl +@@ -263,6 +263,7 @@ function default_username(cfg::GitConfig, cred::GitCredential) + end + + function use_http_path(cfg::GitConfig, cred::GitCredential) ++ seen_specific = false + use_path = false # Default is to ignore the path + + # https://git-scm.com/docs/gitcredentials#gitcredentials-useHttpPath +@@ -272,8 +273,11 @@ function use_http_path(cfg::GitConfig, cred::GitCredential) + for entry in GitConfigIter(cfg, r"credential.*\.usehttppath") + section, url, name, value = split_cfg_entry(entry) + +- ismatch(url, cred) || continue +- use_path = value == "true" ++ # Ignore global configuration if we have already encountered more specific entry ++ if ismatch(url, cred) && (!isempty(url) || !seen_specific) ++ seen_specific = !isempty(url) ++ use_path = value == "true" ++ end + end + + return use_path +-- +2.20.1 + diff --git a/julia.spec b/julia.spec index 693622c..1215a48 100644 --- a/julia.spec +++ b/julia.spec @@ -3,26 +3,30 @@ %global llvmversion 6.0.1 -%global mpfrversion 4.0.1 +%global mpfrversion 4.0.2 -%global unwindversion 1.1-julia2 +%global unwindversion 1.3.1 # Bundled until https://src.fedoraproject.org/rpms/suitesparse/pull-request/2 is merged -%global suitesparseversion 4.4.5 +%global suitesparseversion 5.4.0 + +# Bundled until https://bugzilla.redhat.com/show_bug.cgi?id=1743863 is fixed +%global pcreversion 10.31 %global libwhichcommit 81e9723c0273d78493dc8c8ed570f68d9ce7e89e -%global pkgcommit 853b3f1fd9895db32b402d89e9dee153b66b2316 +%global pkgcommit 394e7c5d55d3722f5b2ab660ca0a694ea0041974 %global __provides_exclude_from ^%{_libdir}/%{name}/.*\\.so$ # List all bundled libraries here -%global _privatelibs lib(suitesparse_wrapper|mpfr|ccalltest|LLVM-.*|uv|unwind|spqr|umfpack|colamd|cholmod|ccolamd|camd|amd|suitesparseconfig)\\.so.* +# OpenBLAS is excluded because we set a symlink to libopenblasp +%global _privatelibs lib(openblas_|openblas64_|suitesparse_wrapper|mpfr|ccalltest|LLVM-.*|uv|unwind|spqr|umfpack|colamd|cholmod|ccolamd|camd|amd|suitesparseconfig|pcre)\\.so.* %global __provides_exclude ^(%{_privatelibs})$ %global __requires_exclude ^(%{_privatelibs})$ Name: julia -Version: 1.1.0 -Release: 4%{?dist} +Version: 1.2.0 +Release: 1%{?dist} Summary: High-level, high-performance dynamic language for technical computing # Julia itself is MIT, with a few LGPLv2+ and GPLv2+ files # libuv is MIT @@ -34,16 +38,19 @@ Source1: https://api.github.com/repos/JuliaLang/libuv/tarball/%{uvcommit} Source2: http://releases.llvm.org/%{llvmversion}/llvm-%{llvmversion}.src.tar.xz Source3: https://www.mpfr.org/mpfr-current/mpfr-%{mpfrversion}.tar.bz2 Source4: https://api.github.com/repos/vtjnash/libwhich/tarball/%{libwhichcommit}#/libwhich-%{libwhichcommit}.tar.gz -Source5: https://s3.amazonaws.com/julialang/src/libunwind-%{unwindversion}.tar.gz +Source5: http://download.savannah.gnu.org/releases/libunwind/libunwind-%{unwindversion}.tar.gz Source6: http://faculty.cse.tamu.edu/davis/SuiteSparse/SuiteSparse-%{suitesparseversion}.tar.gz Source7: https://api.github.com/repos/JuliaLang/Pkg.jl/tarball/%{pkgcommit}#/Pkg-%{pkgcommit}.tar.gz +Source8: https://ftp.pcre.org/pub/pcre/pcre2-%{pcreversion}.tar.bz2 Patch0: julia_unwind_version.patch Patch1: llvm-julia-installdirs-64.patch +Patch2: julia-Bump-libgit2-to-0.28.2-32806.patch Provides: bundled(libuv) = %{uvversion} Provides: bundled(llvm) = %{llvmversion} Provides: bundled(mpfr) = %{mpfrversion} Provides: bundled(libunwind) = %{unwindversion} Provides: bundled(suitesparse) = %{suitesparseversion} +Provides: bundled(pcre2) = %{pcreversion} BuildRequires: desktop-file-utils BuildRequires: dSFMT-devel BuildRequires: gcc @@ -74,7 +81,7 @@ BuildRequires: zlib-devel Requires: julia-common = %{version}-%{release} # https://bugzilla.redhat.com/show_bug.cgi?id=1158026 # https://github.com/JuliaLang/julia/issues/30087 -ExcludeArch: s390x ppc64le +ExcludeArch: s390x ppc64le %{arm} aarch64 %description Julia is a high-level, high-performance dynamic programming language @@ -126,6 +133,8 @@ Julia into external programs or debugging Julia itself. patch -p1 < %PATCH1 %endif +%patch2 -p1 + mkdir -p deps/srccache stdlib/srccache pushd deps/srccache @@ -138,6 +147,7 @@ pushd deps/srccache cp -p %SOURCE4 . cp -p %SOURCE5 . cp -p %SOURCE6 . + cp -p %SOURCE8 . popd pushd stdlib/srccache @@ -175,15 +185,24 @@ popd %global cpu_target JULIA_CPU_TARGET="pwr8" %endif +# Use the non-threaded OpenBLAS library name internally to match what Julia uses so that +# libraries built using BinaryBuilder (like Arpack.jl) work +# We symlink it to libopenblasp below so that threads are used in the end %if 0%{?__isa_bits} == 64 -%global blas USE_BLAS64=1 OPENBLAS_SYMBOLSUFFIX=64_ LIBBLAS=-lopenblasp64_ LIBBLASNAME=libopenblasp64_ LIBLAPACK=-lopenblasp64_ LIBLAPACKNAME=libopenblasp64_ +%global blas USE_BLAS64=1 OPENBLAS_SYMBOLSUFFIX=64_ LIBBLAS=-lopenblas64_ LIBBLASNAME=libopenblas64_ LIBLAPACK=-lopenblas64_ LIBLAPACKNAME=libopenblas64_ +%else +%global blas LIBBLAS=-lopenblas LIBBLASNAME=libopenblas LIBLAPACK=-lopenblas LIBLAPACKNAME=libopenblas +%endif + +%if 0%{?el7} +%global cmake CMAKE=cmake3 %else -%global blas LIBBLAS=-lopenblasp LIBBLASNAME=libopenblasp LIBLAPACK=-lopenblasp LIBLAPACKNAME=libopenblasp +%global cmake CMAKE=cmake %endif # About build, build_libdir and build_bindir, see https://github.com/JuliaLang/julia/issues/5063#issuecomment-32628111 %global julia_builddir %{_builddir}/%{name}/build -%global commonopts USE_SYSTEM_LLVM=0 USE_SYSTEM_LIBUNWIND=0 USE_SYSTEM_PCRE=1 USE_SYSTEM_BLAS=1 USE_SYSTEM_LAPACK=1 USE_SYSTEM_GMP=1 USE_SYSTEM_MPFR=0 USE_SYSTEM_SUITESPARSE=0 USE_SYSTEM_DSFMT=1 USE_SYSTEM_LIBUV=0 USE_SYSTEM_UTF8PROC=1 USE_SYSTEM_LIBGIT2=1 USE_SYSTEM_LIBSSH2=1 USE_SYSTEM_MBEDTLS=1 USE_SYSTEM_CURL=1 USE_SYSTEM_PATCHELF=1 USE_SYSTEM_LIBM=0 USE_SYSTEM_OPENLIBM=1 BUNDLE_DEBUG_LIBS=1 JULIA_SPLITDEBUG=1 TAGGED_RELEASE_BANNER="Fedora %{fedora} build" VERBOSE=1 %{march} %{cpu_target} %{blas} prefix=%{_prefix} bindir=%{_bindir} libdir=%{_libdir} libexecdir=%{_libexecdir} datarootdir=%{_datarootdir} includedir=%{_includedir} sysconfdir=%{_sysconfdir} build_prefix=%{julia_builddir}%{_prefix} build_bindir=%{julia_builddir}%{_bindir} build_libdir=%{julia_builddir}%{_libdir} build_private_libdir=%{julia_builddir}%{_libdir}/julia build_libexecdir=%{julia_builddir}%{_libexecdir} build_datarootdir=%{julia_builddir}%{_datarootdir} build_includedir=%{julia_builddir}%{_includedir} build_sysconfdir=%{julia_builddir}%{_sysconfdir} JULIA_CPU_THREADS=$(echo %{?_smp_mflags} | sed s/-j//) +%global commonopts USE_SYSTEM_LLVM=0 USE_SYSTEM_LIBUNWIND=0 USE_SYSTEM_PCRE=0 USE_SYSTEM_BLAS=1 USE_SYSTEM_LAPACK=1 USE_SYSTEM_GMP=1 USE_SYSTEM_MPFR=0 USE_SYSTEM_SUITESPARSE=0 USE_SYSTEM_DSFMT=1 USE_SYSTEM_LIBUV=0 USE_SYSTEM_UTF8PROC=1 USE_SYSTEM_LIBGIT2=1 USE_SYSTEM_LIBSSH2=1 USE_SYSTEM_MBEDTLS=1 USE_SYSTEM_CURL=1 USE_SYSTEM_PATCHELF=1 USE_SYSTEM_LIBM=0 USE_SYSTEM_OPENLIBM=1 BUNDLE_DEBUG_LIBS=1 JULIA_SPLITDEBUG=1 TAGGED_RELEASE_BANNER="Fedora %{fedora} build" VERBOSE=1 %{march} %{cpu_target} %{blas} prefix=%{_prefix} bindir=%{_bindir} libdir=%{_libdir} libexecdir=%{_libexecdir} datarootdir=%{_datarootdir} includedir=%{_includedir} sysconfdir=%{_sysconfdir} build_prefix=%{julia_builddir}%{_prefix} build_bindir=%{julia_builddir}%{_bindir} build_libdir=%{julia_builddir}%{_libdir} build_private_libdir=%{julia_builddir}%{_libdir}/julia build_libexecdir=%{julia_builddir}%{_libexecdir} build_datarootdir=%{julia_builddir}%{_datarootdir} build_includedir=%{julia_builddir}%{_includedir} build_sysconfdir=%{julia_builddir}%{_sysconfdir} JULIA_CPU_THREADS=$(echo %{?_smp_mflags} | sed s/-j//) %build # Temporary workaround for https://github.com/JuliaLang/julia/issues/27118 @@ -216,11 +235,11 @@ sed -i 's/\"threads\",//' test/choosetests.jl %endif %ifarch %{arm} # https://github.com/JuliaLang/julia/issues/29447 -sed -i 's/readdir(STDLIB_DIR)/setdiff(readdir(STDLIB_DIR), ["Distributed", "Logging"])/g' test/choosetests.jl +sed -i 's/readdir(STDLIB_DIR)/setdiff(readdir(STDLIB_DIR), ["Distributed"])/g' test/choosetests.jl %endif %ifarch ppc64le # LinearAlgebra/lapack is the problematic test -sed -i 's/readdir(STDLIB_DIR)/setdiff(readdir(STDLIB_DIR), ["LibGit2", "LinearAlgebra", "Logging"])/g' test/choosetests.jl +sed -i 's/readdir(STDLIB_DIR)/setdiff(readdir(STDLIB_DIR), ["LibGit2", "LinearAlgebra"])/g' test/choosetests.jl sed -i 's/\"cmdlineargs\", //' test/choosetests.jl %endif @@ -229,6 +248,20 @@ make %{commonopts} test %install make %{commonopts} DESTDIR=%{buildroot} install +pushd %{buildroot}%{_libdir}/julia + %if 0%{?__isa_bits} == 64 + rm libopenblas64_.so + ln -s %{_libdir}/libopenblasp64_.so.0 libopenblas64_.so + # Raise an error in case of failure + realpath -e libopenblas64_.so + %else + rm libopenblas.so + ln -s %{_libdir}/libopenblasp.so.0 libopenblas.so + # Raise an error in case of failure + realpath -e libopenblas.so + %endif +popd + cp -p CONTRIBUTING.md LICENSE.md NEWS.md README.md %{buildroot}%{_docdir}/julia/ pushd %{buildroot}%{_prefix}/share/man/man1/ @@ -292,14 +325,25 @@ desktop-file-validate %{buildroot}%{_datarootdir}/applications/%{name}.desktop %{_bindir}/julia-debug %{_libdir}/libjulia.so %{_libdir}/libjulia-debug.so* -%{_libdir}/julia/*debug* +%{_libdir}/julia/libccalltest.so.debug +%{_libdir}/julia/sys-debug.so %{_includedir}/julia/ %{_datarootdir}/julia/test/ %{_mandir}/man1/julia-debug.1* -%ldconfig_scriptlets +%post +/sbin/ldconfig +/bin/touch --no-create %{_datarootdir}/icons/hicolor &>/dev/null || : +exit 0 %changelog +* Sun Aug 25 2019 Milan Bouchet-Valat - 1.2.0-1 +- New upstream release. +- Use openblas(64_).so as internal library name to fix packages like Arpack.jl. +- Bundle PCRE to work around rhbz#1743863. +- Move libccalltest.so.debug and sys-debug.so to julia-devel. +- Disable ARM architectures for now due to test failures. + * Thu Jul 25 2019 Fedora Release Engineering - 1.1.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild diff --git a/sources b/sources index dbe0b7d..e12d679 100644 --- a/sources +++ b/sources @@ -1,8 +1,8 @@ -SHA512 (libuv-2348256acf5759a544e5ca7935f638d2bc091d60.tar.gz) = c8bf3c736a60feb0c6994aa7cd1b80e1a45bd6096aa66db320ddfc27b59a0797d303338ea75978619173e4f0a680254f3db29c9f6d1b84361030cc11c7729c98 SHA512 (llvm-6.0.1.src.tar.xz) = cbbb00eb99cfeb4aff623ee1a5ba075e7b5a76fc00c5f9f539ff28c108598f5708a0369d5bd92683def5a20c2fe60cab7827b42d628dbfcc79b57e0e91b84dd9 -SHA512 (mpfr-4.0.1.tar.bz2) = c1674fc0a5edcde188bdf7d6d14063cfb4f1259b9eaf39d0081f7176e9921ca0af1b12b7aba1a9560d9f2d5f37329d22bc7b82f13421d91d83114b439bc60dcc +SHA512 (julia-1.2.0.tar.gz) = c99b0b744508b43df4ee334f588dbb57a633969d7cb164d41b76d552c1d14f5ff6f06a8d0da7f7a48fd1e3a3b3c2379998c5af1bfdff4b0c17045132b82a40b8 +SHA512 (libunwind-1.3.1.tar.gz) = 3110d0aed4f5c781ef1ff72c9337e59793c02c42066209a4ac44f50eff1c0b0e02a5ff9f66891e62016de14af065a47975763970b839b700c0ff2e9f415c8def +SHA512 (Pkg-394e7c5d55d3722f5b2ab660ca0a694ea0041974.tar.gz) = 6b5324ee3efad2bf1af6ed4503509c6297e710040ccd7d5c67263625f24eab9a88f28ad56cb77ca04ccc976c051f2fbf2bb2019df442ab4823e5a7aff977b825 +SHA512 (pcre2-10.31.tar.bz2) = 44d7db2513d9415dcdf6541366fea585e016f572f3e4379f6e959a38114b2337851092049ab4a1576ae8f19b9de413edbcfa62f434c77fc8470747ee5413e967 +SHA512 (SuiteSparse-5.4.0.tar.gz) = 8328bcc2ef5eb03febf91b9c71159f091ff405c1ba7522e53714120fcf857ceab2d2ecf8bf9a2e1fc45e1a934665a341e3a47f954f87b59934f4fce6164775d6 SHA512 (libwhich-81e9723c0273d78493dc8c8ed570f68d9ce7e89e.tar.gz) = 6fb77b715d70d9bc95a8546c3bf97bd3677c7ea344b88bb5bc3bbfac9dceabe8a8cde7a0f64dec884cde802e4a3000e30837d3f824b5a9242348c4fe061526a3 -SHA512 (libunwind-1.1-julia2.tar.gz) = 5047890e727069c6ed74ca84bbe999ba6bc5c41d8d3914d6fbce19d18ff8a5944a7276d805ef5f67a857598852ae996a671c264d34a19123bb04d4daf6316f9a -SHA512 (SuiteSparse-4.4.5.tar.gz) = 7f9c19c3c58f61e7d82cd2de25eeeec910ad3d6a5c7c79c62a23cbb7dc880cddeca6efa9860a87b3b3c05e74385c8c67bf61d44149b700ac094898237915a6d9 -SHA512 (Pkg-853b3f1fd9895db32b402d89e9dee153b66b2316.tar.gz) = f81ef6ec68b190d18a28562c4d2507b393b5f9d09d900fa682ab876564908c7700c282343e568fed66703ddc9a12ab0a425f70e5fe705002b2da6397274b30f8 -SHA512 (julia-1.1.0.tar.gz) = da546430df5a9207926faa3fe7b1d2c193a1223a379ce1ff25219c6f4f2d650497d1b0e9091f1cd542fa19bfcf7bf1ee74a52f7d45a06fd8ab4441a5ac4d4a46 +SHA512 (libuv-ed3700c849289ed01fe04273a7bf865340b2bd7e.tar.gz) = 1305035b1372bdf234e3c5e673ee4c8ab5bda83ff06bc27704786def52667c3143fe587fca8f6e0855ba0c8b6d4dd90b2faefd33736224173f459d751885683e