summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/doc-txt/ChangeLog3
-rwxr-xr-xsrc/scripts/Configure-Makefile16
-rw-r--r--src/src/EDITME4
-rw-r--r--src/src/sha_ver.h7
4 files changed, 30 insertions, 0 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index c68e45ce8..1267d75dc 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -117,6 +117,9 @@ JH/30 Bug 1897: fix callouts connection fallback from TLS to cleartext.
PP/01 Changed default Diffie-Hellman parameters to be Exim-specific, created
by me. Added RFC7919 DH primes as an alternative.
+PP/02 Unbreak build via pkg-config with new hash support when crypto headers
+ are not in the system include path.
+
Exim version 4.87
-----------------
diff --git a/src/scripts/Configure-Makefile b/src/scripts/Configure-Makefile
index 4aa7d76cd..3e486a6bb 100755
--- a/src/scripts/Configure-Makefile
+++ b/src/scripts/Configure-Makefile
@@ -136,13 +136,16 @@ then
USE_*_PC)
eval "pc_value=\"\$$var\""
need_this=''
+ need_core=''
if [ ".$SUPPORT_TLS" = "." ]; then
# no TLS, not referencing
true
elif [ ".$var" = ".USE_GNUTLS_PC" ] && [ ".$USE_GNUTLS" != "." ]; then
need_this=t
+ need_core="gnutls-special"
elif [ ".$var" = ".USE_OPENSSL_PC" ] && [ ".$USE_GNUTLS" = "." ]; then
need_this=t
+ need_core=t
fi
if [ ".$need_this" != "." ]; then
tls_include=`pkg-config --cflags $pc_value`
@@ -153,6 +156,19 @@ then
tls_libs=`pkg-config --libs $pc_value`
echo "TLS_INCLUDE=$tls_include"
echo "TLS_LIBS=$tls_libs"
+ # With hash.h pulling crypto into the core, we need to also handle that
+ if [ ".$need_this" = ".t" ]; then
+ echo "CFLAGS += $tls_include"
+ echo "LDFLAGS += $tls_libs"
+ elif [ ".$need_this" = ".gnutls-special" ]; then
+ if pkg-config --atleast-version=2.10 gnutls ; then
+ echo "CFLAGS += $tls_include"
+ echo "LDFLAGS += $tls_libs"
+ else
+ echo "CFLAGS += $(libgcrypt-config --cflags)"
+ echo "LDFLAGS += $(libgcrypt-config --libs)"
+ fi
+ fi
fi
;;
diff --git a/src/src/EDITME b/src/src/EDITME
index e2d8cf921..69293467e 100644
--- a/src/src/EDITME
+++ b/src/src/EDITME
@@ -746,6 +746,10 @@ HEADERS_CHARSET="ISO-8859-1"
# USE_GNUTLS_PC=gnutls
# TLS_LIBS=-lgnutls -ltasn1 -lgcrypt
+# If using GnuTLS older than 2.10 and using pkg-config then note that Exim's
+# build process will require libgcrypt-config to exist in your $PATH. A
+# version that old is likely to become unsupported by Exim in 2017.
+
# The security fix we provide with the gnutls_allow_auto_pkcs11 option
# (4.82 PP/09) introduces a compatibility regression. The symbol is
# not available if GnuTLS is build without p11-kit (--without-p11-kit
diff --git a/src/src/sha_ver.h b/src/src/sha_ver.h
index fd1a4d083..387ac52c1 100644
--- a/src/src/sha_ver.h
+++ b/src/src/sha_ver.h
@@ -9,6 +9,13 @@
#include "exim.h"
+/* Please be aware that pulling in extra headers which are not in the system
+ * includes may require careful juggling of CFLAGS in
+ * scripts/Configure-Makefile -- that logic should be kept in sync with this.
+ * In particular, building with just something like USE_OPENSSL_PC=openssl
+ * and not massaging CFLAGS in Local/Makefile is fully supported.
+ */
+
#ifdef SUPPORT_TLS
# define EXIM_HAVE_SHA2