diff options
-rw-r--r-- | doc/doc-txt/ChangeLog | 3 | ||||
-rwxr-xr-x | src/scripts/Configure-Makefile | 16 | ||||
-rw-r--r-- | src/src/EDITME | 4 | ||||
-rw-r--r-- | src/src/sha_ver.h | 7 |
4 files changed, 30 insertions, 0 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index c68e45ce8..1267d75dc 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -117,6 +117,9 @@ JH/30 Bug 1897: fix callouts connection fallback from TLS to cleartext. PP/01 Changed default Diffie-Hellman parameters to be Exim-specific, created by me. Added RFC7919 DH primes as an alternative. +PP/02 Unbreak build via pkg-config with new hash support when crypto headers + are not in the system include path. + Exim version 4.87 ----------------- diff --git a/src/scripts/Configure-Makefile b/src/scripts/Configure-Makefile index 4aa7d76cd..3e486a6bb 100755 --- a/src/scripts/Configure-Makefile +++ b/src/scripts/Configure-Makefile @@ -136,13 +136,16 @@ then USE_*_PC) eval "pc_value=\"\$$var\"" need_this='' + need_core='' if [ ".$SUPPORT_TLS" = "." ]; then # no TLS, not referencing true elif [ ".$var" = ".USE_GNUTLS_PC" ] && [ ".$USE_GNUTLS" != "." ]; then need_this=t + need_core="gnutls-special" elif [ ".$var" = ".USE_OPENSSL_PC" ] && [ ".$USE_GNUTLS" = "." ]; then need_this=t + need_core=t fi if [ ".$need_this" != "." ]; then tls_include=`pkg-config --cflags $pc_value` @@ -153,6 +156,19 @@ then tls_libs=`pkg-config --libs $pc_value` echo "TLS_INCLUDE=$tls_include" echo "TLS_LIBS=$tls_libs" + # With hash.h pulling crypto into the core, we need to also handle that + if [ ".$need_this" = ".t" ]; then + echo "CFLAGS += $tls_include" + echo "LDFLAGS += $tls_libs" + elif [ ".$need_this" = ".gnutls-special" ]; then + if pkg-config --atleast-version=2.10 gnutls ; then + echo "CFLAGS += $tls_include" + echo "LDFLAGS += $tls_libs" + else + echo "CFLAGS += $(libgcrypt-config --cflags)" + echo "LDFLAGS += $(libgcrypt-config --libs)" + fi + fi fi ;; diff --git a/src/src/EDITME b/src/src/EDITME index e2d8cf921..69293467e 100644 --- a/src/src/EDITME +++ b/src/src/EDITME @@ -746,6 +746,10 @@ HEADERS_CHARSET="ISO-8859-1" # USE_GNUTLS_PC=gnutls # TLS_LIBS=-lgnutls -ltasn1 -lgcrypt +# If using GnuTLS older than 2.10 and using pkg-config then note that Exim's +# build process will require libgcrypt-config to exist in your $PATH. A +# version that old is likely to become unsupported by Exim in 2017. + # The security fix we provide with the gnutls_allow_auto_pkcs11 option # (4.82 PP/09) introduces a compatibility regression. The symbol is # not available if GnuTLS is build without p11-kit (--without-p11-kit diff --git a/src/src/sha_ver.h b/src/src/sha_ver.h index fd1a4d083..387ac52c1 100644 --- a/src/src/sha_ver.h +++ b/src/src/sha_ver.h @@ -9,6 +9,13 @@ #include "exim.h" +/* Please be aware that pulling in extra headers which are not in the system + * includes may require careful juggling of CFLAGS in + * scripts/Configure-Makefile -- that logic should be kept in sync with this. + * In particular, building with just something like USE_OPENSSL_PC=openssl + * and not massaging CFLAGS in Local/Makefile is fully supported. + */ + #ifdef SUPPORT_TLS # define EXIM_HAVE_SHA2 |