diff options
-rw-r--r-- | .gitlab-ci.yml | 4 | ||||
-rwxr-xr-x | devel/check_if_signed | 25 | ||||
-rw-r--r-- | lib/nettle/backport/cfb8.c | 4 | ||||
-rw-r--r-- | lib/nettle/backport/cmac.c | 4 | ||||
-rw-r--r-- | lib/safe-memfuncs.c | 1 | ||||
-rw-r--r-- | lib/x509/ocsp.c | 3 |
6 files changed, 30 insertions, 11 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ba7978cff4..242b3587d3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -46,6 +46,8 @@ commit-check: - /bin/true after_script: - /bin/true + except: + - master@gnutls/gnutls cache: # do not load cache files key: none @@ -279,7 +281,7 @@ static-analyzers.Fedora.x86_64: - scan-build --status-bugs -o scan-build-lib make -j$(nproc) -C lib - scan-build --status-bugs -o scan-build-lib make -j$(nproc) -C libdane - make -j$(nproc) -C src/gl && scan-build --status-bugs -o scan-build-lib make -j$(nproc) -C src - - cppcheck --force -q -Ilib/include -Igl/ -Ilib/ -I. --error-exitcode=1 lib/ -i lib/unistring -i lib/minitasn1 -j$(nproc) $CPPCHECK_OPTIONS + - cppcheck --force -q -Ilib/include -Igl/ -Ilib/ -I. --error-exitcode=1 lib/ -i lib/unistring -i lib/minitasn1 -i lib/nettle/backport -j$(nproc) $CPPCHECK_OPTIONS - cppcheck --force -q -Ilib/include -Igl/ -Ilibdane/ -I. --error-exitcode=1 libdane/ -j$(nproc) $CPPCHECK_OPTIONS after_script: - /bin/true diff --git a/devel/check_if_signed b/devel/check_if_signed index 3d05d4fcbb..e7e5c504b2 100755 --- a/devel/check_if_signed +++ b/devel/check_if_signed @@ -1,27 +1,32 @@ #!/usr/bin/env bash -set -e +# MRs have the contributor git tree as the only remote +# Add GnuTLS Gitlab upstream tree as remote so we can compare against +# the right master tree -if test -z "$CI_MERGE_REQUEST_TARGET_BRANCH_NAME"; then - CI_MERGE_REQUEST_TARGET_BRANCH_NAME="origin/master" +git remote add gitlab-gnutls-upstream-git-tree https://gitlab.com/gnutls/gnutls.git +git fetch -q gitlab-gnutls-upstream-git-tree master + +if [ -z "$CI_MERGE_REQUEST_TARGET_BRANCH_NAME"]; then + CI_MERGE_REQUEST_TARGET_BRANCH_NAME="gitlab-gnutls-upstream-git-tree/master" fi echo "target=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME" echo "source=$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME" -if test -z "$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME"; then - CI_MERGE_REQUEST_SOURCE_BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD) - echo "branch=$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME" -fi - # create list of commits of the current branch -commits=$(git rev-list --no-merges $CI_MERGE_REQUEST_TARGET_BRANCH_NAME..$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME) +commits=$(git rev-list --no-merges $CI_MERGE_REQUEST_TARGET_BRANCH_NAME..) +if [ -z "$commits" ]; then + echo "Couldn't find any commits to check" + exit 1 +fi # check if author's email matches email in 'Signed-off-by' for hash in $commits; do author=$(git log --format='%ae' ${hash}^\!) signed=$(git log --format='%b' ${hash}^\! | grep -i "Signed-off-by:") - if test $? -ne 0; then + echo "Checking commit $hash from Author $author and Signed-off-by: $signed" + if [ $? -ne 0 ]; then echo "Missing Signed-off-by" exit 1 fi diff --git a/lib/nettle/backport/cfb8.c b/lib/nettle/backport/cfb8.c index 0febf647fd..e9816feb78 100644 --- a/lib/nettle/backport/cfb8.c +++ b/lib/nettle/backport/cfb8.c @@ -37,6 +37,10 @@ * ############################################# */ +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + #ifndef HAVE_NETTLE_CFB8_ENCRYPT #include "cfb8.h" diff --git a/lib/nettle/backport/cmac.c b/lib/nettle/backport/cmac.c index 0791775cfd..a665f0ea6b 100644 --- a/lib/nettle/backport/cmac.c +++ b/lib/nettle/backport/cmac.c @@ -38,6 +38,10 @@ * ############################################# */ +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + #ifndef HAVE_NETTLE_CMAC128_UPDATE #include <nettle/aes.h> diff --git a/lib/safe-memfuncs.c b/lib/safe-memfuncs.c index a9db39d2a7..b957b432cd 100644 --- a/lib/safe-memfuncs.c +++ b/lib/safe-memfuncs.c @@ -39,6 +39,7 @@ void gnutls_memset(void *data, int c, size_t size) #ifdef HAVE_EXPLICIT_BZERO if (c == 0) { explicit_bzero(data, size); + return; } #endif volatile_zero = 0; diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c index 735959765c..7ac7f65c1d 100644 --- a/lib/x509/ocsp.c +++ b/lib/x509/ocsp.c @@ -1392,6 +1392,9 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp, gnutls_datum_t dn = { NULL, 0 }; uint8_t cdn_hash[MAX_HASH_SIZE]; size_t t, hash_len; + + if (resp == NULL) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); ret = gnutls_ocsp_resp_get_single(resp, indx, &digest, &rdn_hash, |