From owner-svn-src-vendor@FreeBSD.ORG Sun Aug 10 15:21:27 2014 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2CEA219A for ; Sun, 10 Aug 2014 15:21:27 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EFD722E43 for ; Sun, 10 Aug 2014 15:21:26 +0000 (UTC) Received: from ume (uid 812) (envelope-from ume@FreeBSD.org) id 2184 by svn.freebsd.org (DragonFly Mail Agent v0.9+); Sun, 10 Aug 2014 15:21:26 +0000 From: Hajimu UMEMOTO Date: Sun, 10 Aug 2014 15:21:26 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r269781 - in vendor/resolver: 9.5.0/lib/libc/include 9.5.0/lib/libc/include/isc 9.5.0/lib/libc/isc 9.5.0/lib/libc/resolv dist/lib/libc/include dist/lib/libc/include/isc dist/lib/libc/is... X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <53e78df6.2184.7b56813@svn.freebsd.org> X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Aug 2014 15:21:27 -0000 Author: ume Date: Sun Aug 10 15:21:26 2014 New Revision: 269781 URL: http://svnweb.freebsd.org/changeset/base/269781 Log: We don't use these files. Deleted: vendor/resolver/9.5.0/lib/libc/include/fd_setsize.h vendor/resolver/9.5.0/lib/libc/include/isc/assertions.h vendor/resolver/9.5.0/lib/libc/include/isc/dst.h vendor/resolver/9.5.0/lib/libc/include/isc/heap.h vendor/resolver/9.5.0/lib/libc/include/isc/memcluster.h vendor/resolver/9.5.0/lib/libc/isc/assertions.c vendor/resolver/9.5.0/lib/libc/isc/assertions.mdoc vendor/resolver/9.5.0/lib/libc/resolv/res_mkupdate.h vendor/resolver/9.5.0/lib/libc/resolv/res_sendsigned.c vendor/resolver/dist/lib/libc/include/fd_setsize.h vendor/resolver/dist/lib/libc/include/isc/assertions.h vendor/resolver/dist/lib/libc/include/isc/dst.h vendor/resolver/dist/lib/libc/include/isc/heap.h vendor/resolver/dist/lib/libc/include/isc/memcluster.h vendor/resolver/dist/lib/libc/isc/assertions.c vendor/resolver/dist/lib/libc/isc/assertions.mdoc vendor/resolver/dist/lib/libc/resolv/res_mkupdate.h vendor/resolver/dist/lib/libc/resolv/res_sendsigned.c From owner-svn-src-vendor@FreeBSD.ORG Mon Aug 11 19:19:49 2014 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EC10C13B for ; Mon, 11 Aug 2014 19:19:49 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BC66026CA for ; Mon, 11 Aug 2014 19:19:49 +0000 (UTC) Received: from peter (uid 633) (envelope-from peter@FreeBSD.org) id 2518 by svn.freebsd.org (DragonFly Mail Agent v0.9+); Mon, 11 Aug 2014 19:19:49 +0000 From: Peter Wemm Date: Mon, 11 Aug 2014 19:19:49 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r269830 - vendor/subversion/subversion-1.8.10 X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <53e91755.2518.738d1c5e@svn.freebsd.org> X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Aug 2014 19:19:50 -0000 Author: peter Date: Mon Aug 11 19:19:49 2014 New Revision: 269830 URL: http://svnweb.freebsd.org/changeset/base/269830 Log: Tag svn-1.8.10 import Added: vendor/subversion/subversion-1.8.10/ - copied from r269829, vendor/subversion/dist/ From owner-svn-src-vendor@FreeBSD.ORG Mon Aug 11 19:20:31 2014 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B258F271 for ; Mon, 11 Aug 2014 19:20:31 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8232226D2 for ; Mon, 11 Aug 2014 19:20:31 +0000 (UTC) Received: from peter (uid 633) (envelope-from peter@FreeBSD.org) id 2a81 by svn.freebsd.org (DragonFly Mail Agent v0.9+); Mon, 11 Aug 2014 19:20:31 +0000 From: Peter Wemm Date: Mon, 11 Aug 2014 19:20:31 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r269831 - in vendor/serf/dist: . buckets X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <53e9177f.2a81.443a3053@svn.freebsd.org> X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Aug 2014 19:20:31 -0000 Author: peter Date: Mon Aug 11 19:20:30 2014 New Revision: 269831 URL: http://svnweb.freebsd.org/changeset/base/269831 Log: Import serf-1.3.7 Modified: vendor/serf/dist/CHANGES vendor/serf/dist/buckets/ssl_buckets.c vendor/serf/dist/serf.h Modified: vendor/serf/dist/CHANGES ============================================================================== --- vendor/serf/dist/CHANGES Mon Aug 11 19:19:49 2014 (r269830) +++ vendor/serf/dist/CHANGES Mon Aug 11 19:20:30 2014 (r269831) @@ -1,8 +1,11 @@ -Serf 1.3.6 [2014-06-09, from /tags/1.3.6, rxxxx] +Serf 1.3.7 [2014-08-11, from /tags/1.3.7, r2411] + Handle NUL bytes in fields of an X.509 certificate. (r2393, r2399) + +Serf 1.3.6 [2014-06-09, from /tags/1.3.6, r2372] Revert r2319 from serf 1.3.5: this change was making serf call handle_response multiple times in case of an error response, leading to unexpected behavior. -Serf 1.3.5 [2014-04-27, from /tags/1.3.5, rxxxx] +Serf 1.3.5 [2014-04-27, from /tags/1.3.5, r2355] Fix issue #125: no reverse lookup during Negotiate authentication for proxies. Fix a crash caused by incorrect reuse of the ssltunnel CONNECT request (r2316) Cancel request if response parsing failed + authn callback set (r2319) Modified: vendor/serf/dist/buckets/ssl_buckets.c ============================================================================== --- vendor/serf/dist/buckets/ssl_buckets.c Mon Aug 11 19:19:49 2014 (r269830) +++ vendor/serf/dist/buckets/ssl_buckets.c Mon Aug 11 19:20:30 2014 (r269831) @@ -202,6 +202,8 @@ struct serf_ssl_certificate_t { }; static void disable_compression(serf_ssl_context_t *ssl_ctx); +static char * + pstrdup_escape_nul_bytes(const char *buf, int len, apr_pool_t *pool); #if SSL_VERBOSE /* Log all ssl alerts that we receive from the server. */ @@ -427,6 +429,85 @@ static BIO_METHOD bio_file_method = { #endif }; +typedef enum san_copy_t { + EscapeNulAndCopy = 0, + ErrorOnNul = 1, +} san_copy_t; + + +static apr_status_t +get_subject_alt_names(apr_array_header_t **san_arr, X509 *ssl_cert, + san_copy_t copy_action, apr_pool_t *pool) +{ + STACK_OF(GENERAL_NAME) *names; + + /* assert: copy_action == ErrorOnNul || (san_arr && pool) */ + + if (san_arr) { + *san_arr = NULL; + } + + /* Get subjectAltNames */ + names = X509_get_ext_d2i(ssl_cert, NID_subject_alt_name, NULL, NULL); + if (names) { + int names_count = sk_GENERAL_NAME_num(names); + int name_idx; + + if (san_arr) + *san_arr = apr_array_make(pool, names_count, sizeof(char*)); + for (name_idx = 0; name_idx < names_count; name_idx++) { + char *p = NULL; + GENERAL_NAME *nm = sk_GENERAL_NAME_value(names, name_idx); + + switch (nm->type) { + case GEN_DNS: + if (copy_action == ErrorOnNul && + strlen(nm->d.ia5->data) != nm->d.ia5->length) + return SERF_ERROR_SSL_CERT_FAILED; + if (san_arr && *san_arr) + p = pstrdup_escape_nul_bytes((const char *)nm->d.ia5->data, + nm->d.ia5->length, + pool); + break; + default: + /* Don't know what to do - skip. */ + break; + } + + if (p) { + APR_ARRAY_PUSH(*san_arr, char*) = p; + } + } + sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); + } + + return APR_SUCCESS; +} + +static apr_status_t validate_cert_hostname(X509 *server_cert, apr_pool_t *pool) +{ + char buf[1024]; + int length; + apr_status_t ret; + + ret = get_subject_alt_names(NULL, server_cert, ErrorOnNul, NULL); + if (ret) { + return ret; + } else { + /* Fail if the subject's CN field contains \0 characters. */ + X509_NAME *subject = X509_get_subject_name(server_cert); + if (!subject) + return SERF_ERROR_SSL_CERT_FAILED; + + length = X509_NAME_get_text_by_NID(subject, NID_commonName, buf, 1024); + if (length != -1) + if (strlen(buf) != length) + return SERF_ERROR_SSL_CERT_FAILED; + } + + return APR_SUCCESS; +} + static int validate_server_certificate(int cert_valid, X509_STORE_CTX *store_ctx) { @@ -435,6 +516,7 @@ validate_server_certificate(int cert_val X509 *server_cert; int err, depth; int failures = 0; + apr_status_t status; ssl = X509_STORE_CTX_get_ex_data(store_ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); @@ -475,6 +557,11 @@ validate_server_certificate(int cert_val } } + /* Validate hostname */ + status = validate_cert_hostname(server_cert, ctx->pool); + if (status) + failures |= SERF_SSL_CERT_UNKNOWN_FAILURE; + /* Check certificate expiry dates. */ if (X509_cmp_current_time(X509_get_notBefore(server_cert)) >= 0) { failures |= SERF_SSL_CERT_NOTYETVALID; @@ -485,7 +572,6 @@ validate_server_certificate(int cert_val if (ctx->server_cert_callback && (depth == 0 || failures)) { - apr_status_t status; serf_ssl_certificate_t *cert; apr_pool_t *subpool; @@ -512,7 +598,6 @@ validate_server_certificate(int cert_val if (ctx->server_cert_chain_callback && (depth == 0 || failures)) { - apr_status_t status; STACK_OF(X509) *chain; const serf_ssl_certificate_t **certs; int certs_len; @@ -1461,7 +1546,50 @@ serf_ssl_context_t *serf_bucket_ssl_encr /* Functions to read a serf_ssl_certificate structure. */ -/* Creates a hash_table with keys (E, CN, OU, O, L, ST and C). */ +/* Takes a counted length string and escapes any NUL bytes so that + * it can be used as a C string. NUL bytes are escaped as 3 characters + * "\00" (that's a literal backslash). + * The returned string is allocated in POOL. + */ +static char * +pstrdup_escape_nul_bytes(const char *buf, int len, apr_pool_t *pool) +{ + int i, nul_count = 0; + char *ret; + + /* First determine if there are any nul bytes in the string. */ + for (i = 0; i < len; i++) { + if (buf[i] == '\0') + nul_count++; + } + + if (nul_count == 0) { + /* There aren't so easy case to just copy the string */ + ret = apr_pstrdup(pool, buf); + } else { + /* There are so we have to replace nul bytes with escape codes + * Proper length is the length of the original string, plus + * 2 times the number of nulls (for two digit hex code for + * the value) + the trailing null. */ + char *pos; + ret = pos = apr_palloc(pool, len + 2 * nul_count + 1); + for (i = 0; i < len; i++) { + if (buf[i] != '\0') { + *(pos++) = buf[i]; + } else { + *(pos++) = '\\'; + *(pos++) = '0'; + *(pos++) = '0'; + } + } + *pos = '\0'; + } + + return ret; +} + +/* Creates a hash_table with keys (E, CN, OU, O, L, ST and C). Any NUL bytes in + these fields in the certificate will be escaped as \00. */ static apr_hash_t * convert_X509_NAME_to_table(X509_NAME *org, apr_pool_t *pool) { @@ -1474,37 +1602,44 @@ convert_X509_NAME_to_table(X509_NAME *or NID_commonName, buf, 1024); if (ret != -1) - apr_hash_set(tgt, "CN", APR_HASH_KEY_STRING, apr_pstrdup(pool, buf)); + apr_hash_set(tgt, "CN", APR_HASH_KEY_STRING, + pstrdup_escape_nul_bytes(buf, ret, pool)); ret = X509_NAME_get_text_by_NID(org, NID_pkcs9_emailAddress, buf, 1024); if (ret != -1) - apr_hash_set(tgt, "E", APR_HASH_KEY_STRING, apr_pstrdup(pool, buf)); + apr_hash_set(tgt, "E", APR_HASH_KEY_STRING, + pstrdup_escape_nul_bytes(buf, ret, pool)); ret = X509_NAME_get_text_by_NID(org, NID_organizationalUnitName, buf, 1024); if (ret != -1) - apr_hash_set(tgt, "OU", APR_HASH_KEY_STRING, apr_pstrdup(pool, buf)); + apr_hash_set(tgt, "OU", APR_HASH_KEY_STRING, + pstrdup_escape_nul_bytes(buf, ret, pool)); ret = X509_NAME_get_text_by_NID(org, NID_organizationName, buf, 1024); if (ret != -1) - apr_hash_set(tgt, "O", APR_HASH_KEY_STRING, apr_pstrdup(pool, buf)); + apr_hash_set(tgt, "O", APR_HASH_KEY_STRING, + pstrdup_escape_nul_bytes(buf, ret, pool)); ret = X509_NAME_get_text_by_NID(org, NID_localityName, buf, 1024); if (ret != -1) - apr_hash_set(tgt, "L", APR_HASH_KEY_STRING, apr_pstrdup(pool, buf)); + apr_hash_set(tgt, "L", APR_HASH_KEY_STRING, + pstrdup_escape_nul_bytes(buf, ret, pool)); ret = X509_NAME_get_text_by_NID(org, NID_stateOrProvinceName, buf, 1024); if (ret != -1) - apr_hash_set(tgt, "ST", APR_HASH_KEY_STRING, apr_pstrdup(pool, buf)); + apr_hash_set(tgt, "ST", APR_HASH_KEY_STRING, + pstrdup_escape_nul_bytes(buf, ret, pool)); ret = X509_NAME_get_text_by_NID(org, NID_countryName, buf, 1024); if (ret != -1) - apr_hash_set(tgt, "C", APR_HASH_KEY_STRING, apr_pstrdup(pool, buf)); + apr_hash_set(tgt, "C", APR_HASH_KEY_STRING, + pstrdup_escape_nul_bytes(buf, ret, pool)); return tgt; } @@ -1550,7 +1685,7 @@ apr_hash_t *serf_ssl_cert_certificate( unsigned int md_size, i; unsigned char md[EVP_MAX_MD_SIZE]; BIO *bio; - STACK_OF(GENERAL_NAME) *names; + apr_array_header_t *san_arr; /* sha1 fingerprint */ if (X509_digest(cert->ssl_cert, EVP_sha1(), md, &md_size)) { @@ -1595,32 +1730,8 @@ apr_hash_t *serf_ssl_cert_certificate( BIO_free(bio); /* Get subjectAltNames */ - names = X509_get_ext_d2i(cert->ssl_cert, NID_subject_alt_name, NULL, NULL); - if (names) { - int names_count = sk_GENERAL_NAME_num(names); - - apr_array_header_t *san_arr = apr_array_make(pool, names_count, - sizeof(char*)); + if (!get_subject_alt_names(&san_arr, cert->ssl_cert, EscapeNulAndCopy, pool)) apr_hash_set(tgt, "subjectAltName", APR_HASH_KEY_STRING, san_arr); - for (i = 0; i < names_count; i++) { - char *p = NULL; - GENERAL_NAME *nm = sk_GENERAL_NAME_value(names, i); - - switch (nm->type) { - case GEN_DNS: - p = apr_pstrmemdup(pool, (const char *)nm->d.ia5->data, - nm->d.ia5->length); - break; - default: - /* Don't know what to do - skip. */ - break; - } - if (p) { - APR_ARRAY_PUSH(san_arr, char*) = p; - } - } - sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); - } return tgt; } Modified: vendor/serf/dist/serf.h ============================================================================== --- vendor/serf/dist/serf.h Mon Aug 11 19:19:49 2014 (r269830) +++ vendor/serf/dist/serf.h Mon Aug 11 19:20:30 2014 (r269831) @@ -1062,7 +1062,7 @@ void serf_debug__bucket_alloc_check( /* Version info */ #define SERF_MAJOR_VERSION 1 #define SERF_MINOR_VERSION 3 -#define SERF_PATCH_VERSION 6 +#define SERF_PATCH_VERSION 7 /* Version number string */ #define SERF_VERSION_STRING APR_STRINGIFY(SERF_MAJOR_VERSION) "." \ From owner-svn-src-vendor@FreeBSD.ORG Mon Aug 11 19:20:57 2014 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 01F123B1 for ; Mon, 11 Aug 2014 19:20:57 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E045226E3 for ; Mon, 11 Aug 2014 19:20:56 +0000 (UTC) Received: from peter (uid 633) (envelope-from peter@FreeBSD.org) id 2aac by svn.freebsd.org (DragonFly Mail Agent v0.9+); Mon, 11 Aug 2014 19:20:56 +0000 From: Peter Wemm Date: Mon, 11 Aug 2014 19:20:56 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r269832 - in vendor/serf/serf-1.3.7: . buckets X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <53e91798.2aac.617d7d2c@svn.freebsd.org> X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Aug 2014 19:20:57 -0000 Author: peter Date: Mon Aug 11 19:20:56 2014 New Revision: 269832 URL: http://svnweb.freebsd.org/changeset/base/269832 Log: Tag serf-1.3.7 import Added: vendor/serf/serf-1.3.7/ - copied from r268959, vendor/serf/dist/ Replaced: vendor/serf/serf-1.3.7/CHANGES - copied unchanged from r269831, vendor/serf/dist/CHANGES vendor/serf/serf-1.3.7/buckets/ssl_buckets.c - copied unchanged from r269831, vendor/serf/dist/buckets/ssl_buckets.c vendor/serf/serf-1.3.7/serf.h - copied unchanged from r269831, vendor/serf/dist/serf.h Copied: vendor/serf/serf-1.3.7/CHANGES (from r269831, vendor/serf/dist/CHANGES) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/serf/serf-1.3.7/CHANGES Mon Aug 11 19:20:56 2014 (r269832, copy of r269831, vendor/serf/dist/CHANGES) @@ -0,0 +1,283 @@ +Serf 1.3.7 [2014-08-11, from /tags/1.3.7, r2411] + Handle NUL bytes in fields of an X.509 certificate. (r2393, r2399) + +Serf 1.3.6 [2014-06-09, from /tags/1.3.6, r2372] + Revert r2319 from serf 1.3.5: this change was making serf call handle_response + multiple times in case of an error response, leading to unexpected behavior. + +Serf 1.3.5 [2014-04-27, from /tags/1.3.5, r2355] + Fix issue #125: no reverse lookup during Negotiate authentication for proxies. + Fix a crash caused by incorrect reuse of the ssltunnel CONNECT request (r2316) + Cancel request if response parsing failed + authn callback set (r2319) + Update the expired certificates in the test suite. + + +Serf 1.3.4 [2014-02-08, from /tags/1.3.4, r2310] + Fix issue #119: Endless loop during ssl tunnel setup with Negotiate authn + Fix issue #123: Can't setup ssl tunnel which sends Connection close header + Fix a race condition when initializing OpenSSL from multiple threads (r2263) + Fix issue #138: Incorrect pkg-config file when GSSAPI isn't configured + + +Serf 1.3.3 [2013-12-09, from /tags/1.3.3, r2242] + Fix issue 129: Try more addresses of multihomed servers + Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE correctly (r2225) + Return APR_TIMEUP from poll() to enable detecting connection timeouts (r2183) + + +Serf 1.3.2 [2013-10-04, from /tags/1.3.2, r2195] + Fix issue 130: HTTP headers should be treated case-insensitively + Fix issue 126: Compilation breaks with Codewarrior compiler + Fix crash during cleanup of SSL buckets in apr_terminate() (r2145) + Fix Windows build: Also export functions with capital letters in .def file + Fix host header when url contains a username or password (r2170) + Ensure less TCP package fragmentation on Windows (r2145) + Handle authentication for responses to HEAD requests (r2178,-9) + Improve serf_get: add option to add request headers, allow url with query, + allow HEAD requests (r2143,r2175,-6) + Improve RFC conformance: don't expect body for certain responses (r2011,-2) + Do not invoke progress callback when no data was received (r2144) + And more test suite fixes and build warning cleanups + SCons-related fixes: + Fix build when GSSAPI not in default include path (2155) + Fix OpenBSD build: always map all LIBPATH entries into RPATH (r2156) + Checksum generation in Windows shared libraries for release builds (2162) + Mac OS X: Use MAJOR version only in dylib install name (r2161) + Use both MAJOR and MINOR version for the shared library name (2163) + Fix the .pc file when installing serf in a non-default LIBDIR (r2191) + + +Serf 1.3.1 [2013-08-15, from /tags/1.3.1, r2138] + Fix issue 77: Endless loop if server doesn't accept Negotiate authentication. + Fix issue 114: ssl/tls renegotiation fails + Fix issue 120: error with ssl tunnel over proxy with KeepAlive off and + Basic authentication. + Fixed bugs with authentication (r2057,2115,2118) + SCons-related fixes: + Fix issue 111: add flag to set custom library path + Fix issue 112: add soname + Fix issue 113: add gssapi libs in the serf pc file + Fix issue 115: Setting RPATH on Solaris broken in SConstruct + Fix issue 116: scons check should return non-zero exit staths + Fix issue 121: make CFLAGS, LIBS, LINKFLAGS and CPPFLAGS take a space- + separated list of flags. + Fix issue 122: make scons PREFIX create the folder if it doesn't exist + Mac OS X: Fix scons --install-sandbox + Solaris: Fix build with cc, don't use unsupported compiler flags + Require SCons version 2.3.0 or higher now (for the soname support). + + +Serf 1.3.0 [2013-07-23, from /tags/1.3.0, r2074] + Fix issue 83: use PATH rather than URI within an ssltunnel (r1952) + Fix issue 108: improved error reporting from the underlying socket (r1951) + NEW: Switch to the SCons build system; retire serfmake, serf.mak, autotools + Improved Basic and Digest authentication: + - remember credentials on a per-server basis + - properly manage authentication realms + - continue functioning when a server sets KeepAlive: off + Windows: add support for NTLM authentication + Improved 2617 compliance: always use strongest authentication (r1968,1971) + Fixed bugs with proxy authentication and SSL tunneling through a proxy + Fixed bugs the response parser (r2032,r2036) + SSL connection performance improvements + Huge expansion of the test suite + + +Serf 1.2.1 [2013-06-03, from /tags/1.2.1, r1906] + Fix issue 95: add gssapi switches to configure (r1864, r1900) + Fix issue 97: skip mmap bucket if APR_HAS_MMAP is undefined (r1877) + Fix issue 100: building against an old Windows Platform SDK (r1881) + Fix issue 102: digest authentication failures (r1885) + Improve error return values in SSPI authentication (r1804) + Ensure serf-1.pc is constructed by serfmake (r1865) + Optimize SPNego authentication processing (r1868) + Reject certs that application does not like (r1794) + Fix possible endless loop in serf_linebuf_fetch() (r1816) + Windows build: dereference INTDIR in serf.mak (r1882) + + +Serf 1.2.0 [2013-02-22, from /tags/1.2.0, r1726] + Fixed issue 94: Serf can enter an infinite loop when server aborts conn. + Fixed issue 91: Serf doesn't handle an incoming 408 Timeout Request + Fixed issue 80: Serf is not handling Negotiate authentication correctly + Fixed issue 77: Endless loop if server doesn't accept Negotiate authn + Fixed issue 93: cleanup-after-fork interferes with parent (r1714) + Fixed most of issue 89: Support REAL SPNEGO authentication + Enable Negotiate/Kerberos support for proxy servers. + Return error when C-L, chunked, gzip encoded response bodies were + truncated (due to aborted connection) (r1688) + Add a logging mechanism that can be enabled at compile-time. + Don't lookup server address if a proxy was configured. (r1706) + Fix an off-by-one in buffer sizing (r1695) + Disable SSL compression by default + API to enable it (r1692) + New serf_connection_get_latency() for estimated network latency (r1689) + New error code and RFC compliance for the HTTPS tunnel (r1701, r1644) + Handle EINTR when a user suspends and then backgrounds the app (r1708) + Minor fixes and test suite improvements. + + +Serf 1.1.1 [2012-10-04, from /tags/1.1.1, r1657] + Fixed issue 86: ensure requeued requests are correctly handled. + This fixes: + - infinite loop with multiple connection resets or SIGPIPE errors + - "connection" hang where we would not re-queue requests that are + held after we re-connect + Fixed issue 74: test_all goes in an endless loop + Fix memleak when conn. is closed explicitly/due to pool cleanups (r1623) + Windows: Fix https connection aborts (r1628..-30,-33,-34,-37) + Add new error codes for the SSL bucket + + +Serf 1.1.0 [2012-06-07, from /tags/1.1.0, r1617] + New: serf_bucket_request_set_CL() for C-L based, non-chunked requests + New: serf_ssl_server_cert_chain_callback_set() for full-chain validation + + +Serf 1.0.3 [2012-03-20, from /tags/1.0.3, r1586] + Map more OpenSSL errors into SERF_SSL_CERT_UNKNOWNCA (r1573) + + +Serf 1.0.2 + Not released. + + +Serf 1.0.1 [2012-02-15, from /tags/1.0.1, r1569] + FreeBSD fixes in the test suite (r1560, r1565) + Minor build fixes + + +Serf 1.0.0 [2011-07-15, from /tags/1.0.0, r1540] + Fixed issue 38: enable builds using non-GNU make + Fixed issue 49: support SSL tunnels for HTTPS via a proxy + Fixed issue 56: allow Subject Alternative Name, and enable SNI + Fixed issue 61: include order dependencies + Fixed issue 66: improved error reporting when creating install dirs + Fixed issue 71: handle ECONNREFUSED on Windows + Fixed issue 79: destroy the APR allocator, if we create one + Fixed issue 81: build failed on APR 0.9.x + Major performance improvements and bug fixes for SSL buckets/handling (r1462) + Add a new "iovec" bucket type (r1434) + Minimize network packet writes based on ra_serf analysis (r1467, r1471) + Fix out of order issue with multiple priority requests (r1469) + Work around broken WSAPoll() impl on Windows introduced in APR 1.4.0 (r1506) + Fix 100% CPU usage with many pipelined requests (r1456) + Corrected contents of build/serf.def; it now includes bucket types (r1512) + Removed "snapshot" feature from buckets (r1503) + Various improvements to the test system + Various memory leak fixes + + +Serf 0.7.2 [2011-03-12, from /tags/0.7.2, r1452] + Actually disable Nagle when creating a connection (r1441) + Return error when app asks for HTTPS over proxy connection (r1433) + + +Serf 0.7.1 [2011-01-25, from /tags/0.7.1, r1432] + Fix memory leak when using SSL (r1408, r1416) + Fix build for blank apr-util directory (r1421) + + +Serf 0.7.0 [2010-08-25, from /tags/0.7.0, r1407] + Fix double free abort when destroying request buckets + Fix test server in unit test framework to avoid random test failures + Allow older Serf programs which don't use the new authn framework to still + handle authn without forcing them to switch to the new framework. (r1401) + Remove the SERF_DECLARE macros, preferring a .DEF file for Windows + Barrier buckets now pass read_iovec to their wrapped bucket + Fix HTTP header parsing to allow for empty header values + + +Serf 0.6.1 [2010-05-14, from /tags/0.6.1, r1370] + Generally: this release fixes problems with the 0.4.0 packaging + Small compilation fix in outgoing.c for Windows builds + + +Serf 0.6.0 + Not released. + + +Serf 0.5.0 + Not released. + + +Serf 0.4.0 + WITHDRAWN: this release misstated itself as 0.5.0; use a later release + + Provide authn framework, supporting Basic, Digest, Kerberos (SSPI, GSS), + along with proxy authn using Basic or Digest + Added experimental listener framework, along with test_server.c + Improvements and fixes to SSL support, including connection setup changes + Experimental support for unrequested, arriving ("async") responses + Experimental BWTP support using the async arrival feature + Headers are combined on read (not write), to ease certian classes of parsing + Experimental feature on aggregate buckets for a callback-on-empty + Fix the bucket allocator for when APR is using its pool debugging features + Proxy support in the serf_get testing utility + Fix to include the port number in the Host header + serf_get propagates errors from the response, instead of aborting (Issue 52) + Added serf_lib_version() for runtime version tests + + +Serf 0.3.1 [2010-02-14, from /tags/0.3.1, r1322] + Fix loss of error on request->setup() callback. (Issue 47) + Support APR 2.x. (Issue 48) + Fixed slowdown in aggregate bucket with millions of child buckets + Avoid hang in apr_pollset_poll() by unclosed connections after fork() + + +Serf 0.3.0 [2009-01-26, from /tags/0.3.0, r1217] + Support LTFLAGS override as a config-time env. variable (Issue 44) + Fix CUTest test harness compilation on Solaris (Issue 43) + Fix small race condition in OpenSSL initialization (Issue 39) + Handle content streams larger than 4GB on 32-bit OSes (Issue 41) + Fix test_ssl.c compilation with mingw+msys + Fix conn close segfault by explicitly closing conn when pool is destroyed + Expose the depth of the SSL certificate so the validator can use that info + Fix socket address family issue when opening a connection to a proxy + Provide new API to take snapshots of buckets + Implement snapshot API for simple and aggregate buckets + Build with bundled apr and apr-util VPATH builds + Build with bundled OpenSSL builds + + +Serf 0.2.0 [2008-06-06, from /tags/0.2.0, r1189] + Enable use of external event loop: serf_create_context_ex + Enable adding new requests at the beginning of the request queue + Handle 'Connection:close' headers + Enable limiting the number of outstanding requests + Add readline function to simple buckets + Concatenate repeated headers using comma as separator, as per RFC 2616, + section 4.2. (Issue 29) + Add proxy server support + Add progress feedback support. (Issue 11) + Provide new API to simplify use of proxy and progress feedback support + Add callback to validate SSL server certificates. (Issue 31) + Add new test framework + Send current version string in the test programs (Issue 21) + Bugfixes: + Fix segfault with epoll when removing a NULL socket + Reset OpenSSL thread-safety callbacks when apr_terminate() called + Do not remove the socket from the pollset on pool cleanup + Do not issue double close on skt w/second one being close(-1) (Issue 33) + + +Serf 0.1.2 [2007-06-18, from /tags/0.1.2, r1115] + Enable thread-safety with OpenSSL (Issue 19) + Teach serfmake to install headers into include/serf-0 + Be more tolerant when servers close the connection without telling us + Do not open the connection until we have requests to deliver + Fix serfmake to produce the library that corresponds to the minor version + Fix a memory leak with the socket bucket (Issue 14) + Fix uninitialized branch in serf_spider (Issue 15) + + +Serf 0.1.1 [2007-05-12, from /tags/0.1.1, r1105] + Add SSL client certificate support + Implement optimized iovec reads for header buckets + Fix up 'make clean' and 'make distclean' (Issues 9, 10) + Add SERF_VERSION_AT_LEAST macro + Remove abort() calls (Issue 13) + + +Serf 0.1.0 [2006-12-14, from /tags/0.1.0, r1087] + Initial packaged release Copied: vendor/serf/serf-1.3.7/buckets/ssl_buckets.c (from r269831, vendor/serf/dist/buckets/ssl_buckets.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/serf/serf-1.3.7/buckets/ssl_buckets.c Mon Aug 11 19:20:56 2014 (r269832, copy of r269831, vendor/serf/dist/buckets/ssl_buckets.c) @@ -0,0 +1,1898 @@ +/* Copyright 2002-2004 Justin Erenkrantz and Greg Stein + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ---- + * + * For the OpenSSL thread-safety locking code: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Originally developed by Aaron Bannert and Justin Erenkrantz, eBuilt. + */ + +#include +#include +#include +#include +#include +#include +#include + +#include "serf.h" +#include "serf_private.h" +#include "serf_bucket_util.h" + +#include +#include +#include +#include +#include + +#ifndef APR_VERSION_AT_LEAST /* Introduced in APR 1.3.0 */ +#define APR_VERSION_AT_LEAST(major,minor,patch) \ + (((major) < APR_MAJOR_VERSION) \ + || ((major) == APR_MAJOR_VERSION && (minor) < APR_MINOR_VERSION) \ + || ((major) == APR_MAJOR_VERSION && (minor) == APR_MINOR_VERSION && \ + (patch) <= APR_PATCH_VERSION)) +#endif /* APR_VERSION_AT_LEAST */ + +#ifndef APR_ARRAY_PUSH +#define APR_ARRAY_PUSH(ary,type) (*((type *)apr_array_push(ary))) +#endif + + +/* + * Here's an overview of the SSL bucket's relationship to OpenSSL and serf. + * + * HTTP request: SSLENCRYPT(REQUEST) + * [context.c reads from SSLENCRYPT and writes out to the socket] + * HTTP response: RESPONSE(SSLDECRYPT(SOCKET)) + * [handler function reads from RESPONSE which in turn reads from SSLDECRYPT] + * + * HTTP request read call path: + * + * write_to_connection + * |- serf_bucket_read on SSLENCRYPT + * |- serf_ssl_read + * |- serf_databuf_read + * |- common_databuf_prep + * |- ssl_encrypt + * |- 1. Try to read pending encrypted data; If available, return. + * |- 2. Try to read from ctx->stream [REQUEST bucket] + * |- 3. Call SSL_write with read data + * |- ... + * |- bio_bucket_read can be called + * |- bio_bucket_write with encrypted data + * |- store in sink + * |- 4. If successful, read pending encrypted data and return. + * |- 5. If fails, place read data back in ctx->stream + * + * HTTP response read call path: + * + * read_from_connection + * |- acceptor + * |- handler + * |- ... + * |- serf_bucket_read(SSLDECRYPT) + * |- serf_ssl_read + * |- serf_databuf_read + * |- ssl_decrypt + * |- 1. SSL_read() for pending decrypted data; if any, return. + * |- 2. Try to read from ctx->stream [SOCKET bucket] + * |- 3. Append data to ssl_ctx->source + * |- 4. Call SSL_read() + * |- ... + * |- bio_bucket_write can be called + * |- bio_bucket_read + * |- read data from ssl_ctx->source + * |- If data read, return it. + * |- If an error, set the STATUS value and return. + * + */ + +typedef struct bucket_list { + serf_bucket_t *bucket; + struct bucket_list *next; +} bucket_list_t; + +typedef struct { + /* Helper to read data. Wraps stream. */ + serf_databuf_t databuf; + + /* Our source for more data. */ + serf_bucket_t *stream; + + /* The next set of buckets */ + bucket_list_t *stream_next; + + /* The status of the last thing we read. */ + apr_status_t status; + apr_status_t exhausted; + int exhausted_reset; + + /* Data we've read but not processed. */ + serf_bucket_t *pending; +} serf_ssl_stream_t; + +struct serf_ssl_context_t { + /* How many open buckets refer to this context. */ + int refcount; + + /* The pool that this context uses. */ + apr_pool_t *pool; + + /* The allocator associated with the above pool. */ + serf_bucket_alloc_t *allocator; + + /* Internal OpenSSL parameters */ + SSL_CTX *ctx; + SSL *ssl; + BIO *bio; + + serf_ssl_stream_t encrypt; + serf_ssl_stream_t decrypt; + + /* Client cert callbacks */ + serf_ssl_need_client_cert_t cert_callback; + void *cert_userdata; + apr_pool_t *cert_cache_pool; + const char *cert_file_success; + + /* Client cert PW callbacks */ + serf_ssl_need_cert_password_t cert_pw_callback; + void *cert_pw_userdata; + apr_pool_t *cert_pw_cache_pool; + const char *cert_pw_success; + + /* Server cert callbacks */ + serf_ssl_need_server_cert_t server_cert_callback; + serf_ssl_server_cert_chain_cb_t server_cert_chain_callback; + void *server_cert_userdata; + + const char *cert_path; + + X509 *cached_cert; + EVP_PKEY *cached_cert_pw; + + apr_status_t pending_err; + + /* Status of a fatal error, returned on subsequent encrypt or decrypt + requests. */ + apr_status_t fatal_err; +}; + +typedef struct { + /* The bucket-independent ssl context that this bucket is associated with */ + serf_ssl_context_t *ssl_ctx; + + /* Pointer to the 'right' databuf. */ + serf_databuf_t *databuf; + + /* Pointer to our stream, so we can find it later. */ + serf_bucket_t **our_stream; +} ssl_context_t; + +struct serf_ssl_certificate_t { + X509 *ssl_cert; + int depth; +}; + +static void disable_compression(serf_ssl_context_t *ssl_ctx); +static char * + pstrdup_escape_nul_bytes(const char *buf, int len, apr_pool_t *pool); + +#if SSL_VERBOSE +/* Log all ssl alerts that we receive from the server. */ +static void +apps_ssl_info_callback(const SSL *s, int where, int ret) +{ + const char *str; + int w; + w = where & ~SSL_ST_MASK; + + if (w & SSL_ST_CONNECT) + str = "SSL_connect"; + else if (w & SSL_ST_ACCEPT) + str = "SSL_accept"; + else + str = "undefined"; + + if (where & SSL_CB_LOOP) { + serf__log(SSL_VERBOSE, __FILE__, "%s:%s\n", str, + SSL_state_string_long(s)); + } + else if (where & SSL_CB_ALERT) { + str = (where & SSL_CB_READ) ? "read" : "write"; + serf__log(SSL_VERBOSE, __FILE__, "SSL3 alert %s:%s:%s\n", + str, + SSL_alert_type_string_long(ret), + SSL_alert_desc_string_long(ret)); + } + else if (where & SSL_CB_EXIT) { + if (ret == 0) + serf__log(SSL_VERBOSE, __FILE__, "%s:failed in %s\n", str, + SSL_state_string_long(s)); + else if (ret < 0) { + serf__log(SSL_VERBOSE, __FILE__, "%s:error in %s\n", str, + SSL_state_string_long(s)); + } + } +} +#endif + +/* Returns the amount read. */ +static int bio_bucket_read(BIO *bio, char *in, int inlen) +{ + serf_ssl_context_t *ctx = bio->ptr; + const char *data; + apr_status_t status; + apr_size_t len; + + serf__log(SSL_VERBOSE, __FILE__, "bio_bucket_read called for %d bytes\n", + inlen); + + if (ctx->encrypt.status == SERF_ERROR_WAIT_CONN + && BIO_should_read(ctx->bio)) { + serf__log(SSL_VERBOSE, __FILE__, + "bio_bucket_read waiting: (%d %d %d)\n", + BIO_should_retry(ctx->bio), BIO_should_read(ctx->bio), + BIO_get_retry_flags(ctx->bio)); + /* Falling back... */ + ctx->encrypt.exhausted_reset = 1; + BIO_clear_retry_flags(bio); + } + + status = serf_bucket_read(ctx->decrypt.pending, inlen, &data, &len); + + ctx->decrypt.status = status; + + serf__log(SSL_VERBOSE, __FILE__, "bio_bucket_read received %d bytes (%d)\n", + len, status); + + if (!SERF_BUCKET_READ_ERROR(status)) { + /* Oh suck. */ + if (len) { + memcpy(in, data, len); + return len; + } + if (APR_STATUS_IS_EOF(status)) { + BIO_set_retry_read(bio); + return -1; + } + } + + return -1; +} + +/* Returns the amount written. */ +static int bio_bucket_write(BIO *bio, const char *in, int inl) +{ + serf_ssl_context_t *ctx = bio->ptr; + serf_bucket_t *tmp; + + serf__log(SSL_VERBOSE, __FILE__, "bio_bucket_write called for %d bytes\n", + inl); + + if (ctx->encrypt.status == SERF_ERROR_WAIT_CONN + && !BIO_should_read(ctx->bio)) { + serf__log(SSL_VERBOSE, __FILE__, + "bio_bucket_write waiting: (%d %d %d)\n", + BIO_should_retry(ctx->bio), BIO_should_read(ctx->bio), + BIO_get_retry_flags(ctx->bio)); + /* Falling back... */ + ctx->encrypt.exhausted_reset = 1; + BIO_clear_retry_flags(bio); + } + + tmp = serf_bucket_simple_copy_create(in, inl, + ctx->encrypt.pending->allocator); + + serf_bucket_aggregate_append(ctx->encrypt.pending, tmp); + + return inl; +} + +/* Returns the amount read. */ +static int bio_file_read(BIO *bio, char *in, int inlen) +{ + apr_file_t *file = bio->ptr; + apr_status_t status; + apr_size_t len; + + BIO_clear_retry_flags(bio); + + len = inlen; + status = apr_file_read(file, in, &len); + + if (!SERF_BUCKET_READ_ERROR(status)) { + /* Oh suck. */ + if (APR_STATUS_IS_EOF(status)) { + BIO_set_retry_read(bio); + return -1; + } else { + return len; + } + } + + return -1; +} + +/* Returns the amount written. */ +static int bio_file_write(BIO *bio, const char *in, int inl) +{ + apr_file_t *file = bio->ptr; + apr_size_t nbytes; + + BIO_clear_retry_flags(bio); + + nbytes = inl; + apr_file_write(file, in, &nbytes); + + return nbytes; +} + +static int bio_file_gets(BIO *bio, char *in, int inlen) +{ + return bio_file_read(bio, in, inlen); +} + +static int bio_bucket_create(BIO *bio) +{ + bio->shutdown = 1; + bio->init = 1; + bio->num = -1; + bio->ptr = NULL; + + return 1; +} + +static int bio_bucket_destroy(BIO *bio) +{ + /* Did we already free this? */ + if (bio == NULL) { + return 0; + } + + return 1; +} + +static long bio_bucket_ctrl(BIO *bio, int cmd, long num, void *ptr) +{ + long ret = 1; + + switch (cmd) { + default: + /* abort(); */ + break; + case BIO_CTRL_FLUSH: + /* At this point we can't force a flush. */ + break; + case BIO_CTRL_PUSH: + case BIO_CTRL_POP: + ret = 0; + break; + } + return ret; +} + +static BIO_METHOD bio_bucket_method = { + BIO_TYPE_MEM, + "Serf SSL encryption and decryption buckets", + bio_bucket_write, + bio_bucket_read, + NULL, /* Is this called? */ + NULL, /* Is this called? */ + bio_bucket_ctrl, + bio_bucket_create, + bio_bucket_destroy, +#ifdef OPENSSL_VERSION_NUMBER + NULL /* sslc does not have the callback_ctrl field */ +#endif +}; + +static BIO_METHOD bio_file_method = { + BIO_TYPE_FILE, + "Wrapper around APR file structures", + bio_file_write, + bio_file_read, + NULL, /* Is this called? */ + bio_file_gets, /* Is this called? */ + bio_bucket_ctrl, + bio_bucket_create, + bio_bucket_destroy, +#ifdef OPENSSL_VERSION_NUMBER + NULL /* sslc does not have the callback_ctrl field */ +#endif +}; + +typedef enum san_copy_t { + EscapeNulAndCopy = 0, + ErrorOnNul = 1, +} san_copy_t; + + +static apr_status_t +get_subject_alt_names(apr_array_header_t **san_arr, X509 *ssl_cert, + san_copy_t copy_action, apr_pool_t *pool) +{ + STACK_OF(GENERAL_NAME) *names; + + /* assert: copy_action == ErrorOnNul || (san_arr && pool) */ + + if (san_arr) { + *san_arr = NULL; + } + + /* Get subjectAltNames */ + names = X509_get_ext_d2i(ssl_cert, NID_subject_alt_name, NULL, NULL); + if (names) { + int names_count = sk_GENERAL_NAME_num(names); + int name_idx; + + if (san_arr) + *san_arr = apr_array_make(pool, names_count, sizeof(char*)); + for (name_idx = 0; name_idx < names_count; name_idx++) { + char *p = NULL; + GENERAL_NAME *nm = sk_GENERAL_NAME_value(names, name_idx); + + switch (nm->type) { + case GEN_DNS: + if (copy_action == ErrorOnNul && + strlen(nm->d.ia5->data) != nm->d.ia5->length) + return SERF_ERROR_SSL_CERT_FAILED; + if (san_arr && *san_arr) + p = pstrdup_escape_nul_bytes((const char *)nm->d.ia5->data, + nm->d.ia5->length, + pool); + break; + default: + /* Don't know what to do - skip. */ + break; + } + + if (p) { + APR_ARRAY_PUSH(*san_arr, char*) = p; + } + } + sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); + } + + return APR_SUCCESS; +} + +static apr_status_t validate_cert_hostname(X509 *server_cert, apr_pool_t *pool) +{ + char buf[1024]; + int length; + apr_status_t ret; + + ret = get_subject_alt_names(NULL, server_cert, ErrorOnNul, NULL); + if (ret) { + return ret; + } else { + /* Fail if the subject's CN field contains \0 characters. */ + X509_NAME *subject = X509_get_subject_name(server_cert); + if (!subject) + return SERF_ERROR_SSL_CERT_FAILED; + + length = X509_NAME_get_text_by_NID(subject, NID_commonName, buf, 1024); + if (length != -1) + if (strlen(buf) != length) + return SERF_ERROR_SSL_CERT_FAILED; + } + + return APR_SUCCESS; +} + +static int +validate_server_certificate(int cert_valid, X509_STORE_CTX *store_ctx) +{ + SSL *ssl; + serf_ssl_context_t *ctx; + X509 *server_cert; + int err, depth; + int failures = 0; + apr_status_t status; + + ssl = X509_STORE_CTX_get_ex_data(store_ctx, + SSL_get_ex_data_X509_STORE_CTX_idx()); + ctx = SSL_get_app_data(ssl); + + server_cert = X509_STORE_CTX_get_current_cert(store_ctx); + depth = X509_STORE_CTX_get_error_depth(store_ctx); + + /* If the certification was found invalid, get the error and convert it to + something our caller will understand. */ + if (! cert_valid) { + err = X509_STORE_CTX_get_error(store_ctx); + + switch(err) { + case X509_V_ERR_CERT_NOT_YET_VALID: + failures |= SERF_SSL_CERT_NOTYETVALID; + break; + case X509_V_ERR_CERT_HAS_EXPIRED: + failures |= SERF_SSL_CERT_EXPIRED; + break; + case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: + case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: + failures |= SERF_SSL_CERT_SELF_SIGNED; + break; + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: + case X509_V_ERR_CERT_UNTRUSTED: + case X509_V_ERR_INVALID_CA: + case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: + failures |= SERF_SSL_CERT_UNKNOWNCA; + break; + case X509_V_ERR_CERT_REVOKED: + failures |= SERF_SSL_CERT_REVOKED; + break; + default: + failures |= SERF_SSL_CERT_UNKNOWN_FAILURE; + break; + } + } + + /* Validate hostname */ + status = validate_cert_hostname(server_cert, ctx->pool); + if (status) + failures |= SERF_SSL_CERT_UNKNOWN_FAILURE; + + /* Check certificate expiry dates. */ + if (X509_cmp_current_time(X509_get_notBefore(server_cert)) >= 0) { + failures |= SERF_SSL_CERT_NOTYETVALID; + } + else if (X509_cmp_current_time(X509_get_notAfter(server_cert)) <= 0) { + failures |= SERF_SSL_CERT_EXPIRED; + } + + if (ctx->server_cert_callback && + (depth == 0 || failures)) { + serf_ssl_certificate_t *cert; + apr_pool_t *subpool; + + apr_pool_create(&subpool, ctx->pool); + + cert = apr_palloc(subpool, sizeof(serf_ssl_certificate_t)); + cert->ssl_cert = server_cert; + cert->depth = depth; + + /* Callback for further verification. */ + status = ctx->server_cert_callback(ctx->server_cert_userdata, + failures, cert); + if (status == APR_SUCCESS) + cert_valid = 1; + else { + /* Even if openssl found the certificate valid, the application + told us to reject it. */ + cert_valid = 0; + /* Pass the error back to the caller through the context-run. */ + ctx->pending_err = status; + } + apr_pool_destroy(subpool); + } + + if (ctx->server_cert_chain_callback + && (depth == 0 || failures)) { + STACK_OF(X509) *chain; + const serf_ssl_certificate_t **certs; + int certs_len; + apr_pool_t *subpool; + + apr_pool_create(&subpool, ctx->pool); + + /* Borrow the chain to pass to the callback. */ + chain = X509_STORE_CTX_get_chain(store_ctx); + + /* If the chain can't be retrieved, just pass the current + certificate. */ + /* ### can this actually happen with _get_chain() ? */ + if (!chain) { + serf_ssl_certificate_t *cert = apr_palloc(subpool, sizeof(*cert)); + + cert->ssl_cert = server_cert; + cert->depth = depth; + + /* Room for the server_cert and a trailing NULL. */ + certs = apr_palloc(subpool, sizeof(*certs) * 2); + certs[0] = cert; + + certs_len = 1; + } else { + int i; + + certs_len = sk_X509_num(chain); + + /* Room for all the certs and a trailing NULL. */ + certs = apr_palloc(subpool, sizeof(*certs) * (certs_len + 1)); + for (i = 0; i < certs_len; ++i) { + serf_ssl_certificate_t *cert; + + cert = apr_palloc(subpool, sizeof(*cert)); + cert->ssl_cert = sk_X509_value(chain, i); + cert->depth = i; + + certs[i] = cert; + } + } + certs[certs_len] = NULL; + + /* Callback for further verification. */ + status = ctx->server_cert_chain_callback(ctx->server_cert_userdata, + failures, depth, + certs, certs_len); + if (status == APR_SUCCESS) { + cert_valid = 1; + } else { + /* Even if openssl found the certificate valid, the application + told us to reject it. */ + cert_valid = 0; + /* Pass the error back to the caller through the context-run. */ + ctx->pending_err = status; + } + + apr_pool_destroy(subpool); + } + + /* Return a specific error if the server certificate is not accepted by + OpenSSL and the application has not set callbacks to override this. */ + if (!cert_valid && + !ctx->server_cert_chain_callback && + !ctx->server_cert_callback) + { + ctx->pending_err = SERF_ERROR_SSL_CERT_FAILED; + } + + return cert_valid; +} + +/* This function reads an encrypted stream and returns the decrypted stream. */ +static apr_status_t ssl_decrypt(void *baton, apr_size_t bufsize, + char *buf, apr_size_t *len) +{ + serf_ssl_context_t *ctx = baton; + apr_size_t priv_len; + apr_status_t status; + const char *data; + int ssl_len; + + if (ctx->fatal_err) + return ctx->fatal_err; + + serf__log(SSL_VERBOSE, __FILE__, "ssl_decrypt: begin %d\n", bufsize); + + /* Is there some data waiting to be read? */ + ssl_len = SSL_read(ctx->ssl, buf, bufsize); + if (ssl_len > 0) { + serf__log(SSL_VERBOSE, __FILE__, + "ssl_decrypt: %d bytes (%d); status: %d; flags: %d\n", + ssl_len, bufsize, ctx->decrypt.status, + BIO_get_retry_flags(ctx->bio)); + *len = ssl_len; + return APR_SUCCESS; + } + + status = serf_bucket_read(ctx->decrypt.stream, bufsize, &data, &priv_len); + + if (!SERF_BUCKET_READ_ERROR(status) && priv_len) { + serf_bucket_t *tmp; + + serf__log(SSL_VERBOSE, __FILE__, + "ssl_decrypt: read %d bytes (%d); status: %d\n", + priv_len, bufsize, status); + + tmp = serf_bucket_simple_copy_create(data, priv_len, + ctx->decrypt.pending->allocator); + + serf_bucket_aggregate_append(ctx->decrypt.pending, tmp); *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-vendor@FreeBSD.ORG Tue Aug 12 02:03:24 2014 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C9A03784 for ; Tue, 12 Aug 2014 02:03:24 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B54EA23EA for ; Tue, 12 Aug 2014 02:03:24 +0000 (UTC) Received: from peter (uid 633) (envelope-from peter@FreeBSD.org) id 2ac8 by svn.freebsd.org (DragonFly Mail Agent v0.9+); Tue, 12 Aug 2014 02:03:24 +0000 From: Peter Wemm Date: Tue, 12 Aug 2014 02:03:24 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r269849 - vendor/sqlite3/dist X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <53e975ec.2ac8.7baaf8ff@svn.freebsd.org> X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Aug 2014 02:03:25 -0000 Author: peter Date: Tue Aug 12 02:03:24 2014 New Revision: 269849 URL: http://svnweb.freebsd.org/changeset/base/269849 Log: Vendor import sqlite-3.8.5 (sqlite-autoconf-3080500), minus tea/* Modified: vendor/sqlite3/dist/INSTALL vendor/sqlite3/dist/Makefile.in vendor/sqlite3/dist/aclocal.m4 vendor/sqlite3/dist/config.guess vendor/sqlite3/dist/config.sub vendor/sqlite3/dist/configure vendor/sqlite3/dist/configure.ac vendor/sqlite3/dist/depcomp vendor/sqlite3/dist/install-sh vendor/sqlite3/dist/ltmain.sh vendor/sqlite3/dist/missing vendor/sqlite3/dist/shell.c vendor/sqlite3/dist/sqlite3.1 vendor/sqlite3/dist/sqlite3.c vendor/sqlite3/dist/sqlite3.h vendor/sqlite3/dist/sqlite3ext.h Modified: vendor/sqlite3/dist/INSTALL ============================================================================== --- vendor/sqlite3/dist/INSTALL Tue Aug 12 02:02:52 2014 (r269848) +++ vendor/sqlite3/dist/INSTALL Tue Aug 12 02:03:24 2014 (r269849) @@ -1,16 +1,25 @@ Installation Instructions ************************* -Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005 Free -Software Foundation, Inc. +Copyright (C) 1994-1996, 1999-2002, 2004-2011 Free Software Foundation, +Inc. -This file is free documentation; the Free Software Foundation gives -unlimited permission to copy, distribute and modify it. + Copying and distribution of this file, with or without modification, +are permitted in any medium without royalty provided the copyright +notice and this notice are preserved. This file is offered as-is, +without warranty of any kind. Basic Installation ================== -These are generic installation instructions. + Briefly, the shell commands `./configure; make; make install' should +configure, build, and install this package. The following +more-detailed instructions are generic; see the `README' file for +instructions specific to this package. Some packages provide this +`INSTALL' file but do not implement all of the features documented +below. The lack of an optional feature in a given package is not +necessarily a bug. More recommendations for GNU packages can be found +in *note Makefile Conventions: (standards)Makefile Conventions. The `configure' shell script attempts to guess correct values for various system-dependent variables used during compilation. It uses @@ -23,9 +32,9 @@ debugging `configure'). It can also use an optional file (typically called `config.cache' and enabled with `--cache-file=config.cache' or simply `-C') that saves -the results of its tests to speed up reconfiguring. (Caching is +the results of its tests to speed up reconfiguring. Caching is disabled by default to prevent problems with accidental use of stale -cache files.) +cache files. If you need to do unusual things to compile the package, please try to figure out how `configure' could check whether to do them, and mail @@ -35,30 +44,37 @@ some point `config.cache' contains resul may remove or edit it. The file `configure.ac' (or `configure.in') is used to create -`configure' by a program called `autoconf'. You only need -`configure.ac' if you want to change it or regenerate `configure' using -a newer version of `autoconf'. +`configure' by a program called `autoconf'. You need `configure.ac' if +you want to change it or regenerate `configure' using a newer version +of `autoconf'. -The simplest way to compile this package is: + The simplest way to compile this package is: 1. `cd' to the directory containing the package's source code and type - `./configure' to configure the package for your system. If you're - using `csh' on an old version of System V, you might need to type - `sh ./configure' instead to prevent `csh' from trying to execute - `configure' itself. + `./configure' to configure the package for your system. - Running `configure' takes awhile. While running, it prints some - messages telling which features it is checking for. + Running `configure' might take a while. While running, it prints + some messages telling which features it is checking for. 2. Type `make' to compile the package. 3. Optionally, type `make check' to run any self-tests that come with - the package. + the package, generally using the just-built uninstalled binaries. 4. Type `make install' to install the programs and any data files and - documentation. + documentation. When installing into a prefix owned by root, it is + recommended that the package be configured and built as a regular + user, and only the `make install' phase executed with root + privileges. + + 5. Optionally, type `make installcheck' to repeat any self-tests, but + this time using the binaries in their final installed location. + This target does not install anything. Running this target as a + regular user, particularly if the prior `make install' required + root privileges, verifies that the installation completed + correctly. - 5. You can remove the program binaries and object files from the + 6. You can remove the program binaries and object files from the source code directory by typing `make clean'. To also remove the files that `configure' created (so you can compile the package for a different kind of computer), type `make distclean'. There is @@ -67,45 +83,69 @@ The simplest way to compile this package all sorts of other programs in order to regenerate files that came with the distribution. + 7. Often, you can also type `make uninstall' to remove the installed + files again. In practice, not all packages have tested that + uninstallation works correctly, even though it is required by the + GNU Coding Standards. + + 8. Some packages, particularly those that use Automake, provide `make + distcheck', which can by used by developers to test that all other + targets like `make install' and `make uninstall' work correctly. + This target is generally not run by end users. + Compilers and Options ===================== -Some systems require unusual options for compilation or linking that the -`configure' script does not know about. Run `./configure --help' for -details on some of the pertinent environment variables. + Some systems require unusual options for compilation or linking that +the `configure' script does not know about. Run `./configure --help' +for details on some of the pertinent environment variables. You can give `configure' initial values for configuration parameters by setting variables in the command line or in the environment. Here is an example: - ./configure CC=c89 CFLAGS=-O2 LIBS=-lposix + ./configure CC=c99 CFLAGS=-g LIBS=-lposix *Note Defining Variables::, for more details. Compiling For Multiple Architectures ==================================== -You can compile the package for more than one kind of computer at the + You can compile the package for more than one kind of computer at the same time, by placing the object files for each architecture in their -own directory. To do this, you must use a version of `make' that -supports the `VPATH' variable, such as GNU `make'. `cd' to the +own directory. To do this, you can use GNU `make'. `cd' to the directory where you want the object files and executables to go and run the `configure' script. `configure' automatically checks for the -source code in the directory that `configure' is in and in `..'. +source code in the directory that `configure' is in and in `..'. This +is known as a "VPATH" build. - If you have to use a `make' that does not support the `VPATH' -variable, you have to compile the package for one architecture at a -time in the source code directory. After you have installed the -package for one architecture, use `make distclean' before reconfiguring -for another architecture. + With a non-GNU `make', it is safer to compile the package for one +architecture at a time in the source code directory. After you have +installed the package for one architecture, use `make distclean' before +reconfiguring for another architecture. + + On MacOS X 10.5 and later systems, you can create libraries and +executables that work on multiple system types--known as "fat" or +"universal" binaries--by specifying multiple `-arch' options to the +compiler but only a single `-arch' option to the preprocessor. Like +this: + + ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ + CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ + CPP="gcc -E" CXXCPP="g++ -E" + + This is not guaranteed to produce working output in all cases, you +may have to build one architecture at a time and combine the results +using the `lipo' tool if you have problems. Installation Names ================== -By default, `make install' installs the package's commands under + By default, `make install' installs the package's commands under `/usr/local/bin', include files under `/usr/local/include', etc. You can specify an installation prefix other than `/usr/local' by giving -`configure' the option `--prefix=PREFIX'. +`configure' the option `--prefix=PREFIX', where PREFIX must be an +absolute file name. You can specify separate installation prefixes for architecture-specific files and architecture-independent files. If you @@ -116,16 +156,47 @@ Documentation and other data files still In addition, if you use an unusual directory layout you can give options like `--bindir=DIR' to specify different values for particular kinds of files. Run `configure --help' for a list of the directories -you can set and what kinds of files go in them. +you can set and what kinds of files go in them. In general, the +default for these options is expressed in terms of `${prefix}', so that +specifying just `--prefix' will affect all of the other directory +specifications that were not explicitly provided. + + The most portable way to affect installation locations is to pass the +correct locations to `configure'; however, many packages provide one or +both of the following shortcuts of passing variable assignments to the +`make install' command line to change installation locations without +having to reconfigure or recompile. + + The first method involves providing an override variable for each +affected directory. For example, `make install +prefix=/alternate/directory' will choose an alternate location for all +directory configuration variables that were expressed in terms of +`${prefix}'. Any directories that were specified during `configure', +but not in terms of `${prefix}', must each be overridden at install +time for the entire installation to be relocated. The approach of +makefile variable overrides for each directory variable is required by +the GNU Coding Standards, and ideally causes no recompilation. +However, some platforms have known limitations with the semantics of +shared libraries that end up requiring recompilation when using this +method, particularly noticeable in packages that use GNU Libtool. + + The second method involves providing the `DESTDIR' variable. For +example, `make install DESTDIR=/alternate/directory' will prepend +`/alternate/directory' before all installation names. The approach of +`DESTDIR' overrides is not required by the GNU Coding Standards, and +does not work on platforms that have drive letters. On the other hand, +it does better at avoiding recompilation issues, and works well even +when some directory options were not specified in terms of `${prefix}' +at `configure' time. + +Optional Features +================= If the package supports it, you can cause programs to be installed with an extra prefix or suffix on their names by giving `configure' the option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. -Optional Features -================= - -Some packages pay attention to `--enable-FEATURE' options to + Some packages pay attention to `--enable-FEATURE' options to `configure', where FEATURE indicates an optional part of the package. They may also pay attention to `--with-PACKAGE' options, where PACKAGE is something like `gnu-as' or `x' (for the X Window System). The @@ -137,14 +208,58 @@ find the X include and library files aut you can use the `configure' options `--x-includes=DIR' and `--x-libraries=DIR' to specify their locations. + Some packages offer the ability to configure how verbose the +execution of `make' will be. For these packages, running `./configure +--enable-silent-rules' sets the default to minimal output, which can be +overridden with `make V=1'; while running `./configure +--disable-silent-rules' sets the default to verbose, which can be +overridden with `make V=0'. + +Particular systems +================== + + On HP-UX, the default C compiler is not ANSI C compatible. If GNU +CC is not installed, it is recommended to use the following options in +order to use an ANSI C compiler: + + ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" + +and if that doesn't work, install pre-built binaries of GCC for HP-UX. + + HP-UX `make' updates targets which have the same time stamps as +their prerequisites, which makes it generally unusable when shipped +generated files such as `configure' are involved. Use GNU `make' +instead. + + On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot +parse its `' header file. The option `-nodtk' can be used as +a workaround. If GNU CC is not installed, it is therefore recommended +to try + + ./configure CC="cc" + +and if that doesn't work, try + + ./configure CC="cc -nodtk" + + On Solaris, don't put `/usr/ucb' early in your `PATH'. This +directory contains several dysfunctional programs; working variants of +these programs are available in `/usr/bin'. So, if you need `/usr/ucb' +in your `PATH', put it _after_ `/usr/bin'. + + On Haiku, software installed for all users goes in `/boot/common', +not `/usr/local'. It is recommended to use the following options: + + ./configure --prefix=/boot/common + Specifying the System Type ========================== -There may be some features `configure' cannot figure out automatically, -but needs to determine by the type of machine the package will run on. -Usually, assuming the package is built to be run on the _same_ -architectures, `configure' can figure that out, but if it prints a -message saying it cannot guess the machine type, give it the + There may be some features `configure' cannot figure out +automatically, but needs to determine by the type of machine the package +will run on. Usually, assuming the package is built to be run on the +_same_ architectures, `configure' can figure that out, but if it prints +a message saying it cannot guess the machine type, give it the `--build=TYPE' option. TYPE can either be a short name for the system type, such as `sun4', or a canonical name which has the form: @@ -152,7 +267,8 @@ type, such as `sun4', or a canonical nam where SYSTEM can have one of these forms: - OS KERNEL-OS + OS + KERNEL-OS See the file `config.sub' for the possible values of each field. If `config.sub' isn't included in this package, then this package doesn't @@ -170,9 +286,9 @@ eventually be run) with `--host=TYPE'. Sharing Defaults ================ -If you want to set default values for `configure' scripts to share, you -can create a site shell script called `config.site' that gives default -values for variables like `CC', `cache_file', and `prefix'. + If you want to set default values for `configure' scripts to share, +you can create a site shell script called `config.site' that gives +default values for variables like `CC', `cache_file', and `prefix'. `configure' looks for `PREFIX/share/config.site' if it exists, then `PREFIX/etc/config.site' if it exists. Or, you can set the `CONFIG_SITE' environment variable to the location of the site script. @@ -181,7 +297,7 @@ A warning: not all `configure' scripts l Defining Variables ================== -Variables not defined in a site shell script can be set in the + Variables not defined in a site shell script can be set in the environment passed to `configure'. However, some packages may run configure again during the build, and the customized values of these variables may be lost. In order to avoid this problem, you should set @@ -190,21 +306,29 @@ them in the `configure' command line, us ./configure CC=/usr/local2/bin/gcc causes the specified `gcc' to be used as the C compiler (unless it is -overridden in the site shell script). Here is a another example: +overridden in the site shell script). - /bin/bash ./configure CONFIG_SHELL=/bin/bash +Unfortunately, this technique does not work for `CONFIG_SHELL' due to +an Autoconf bug. Until the bug is fixed you can use this workaround: -Here the `CONFIG_SHELL=/bin/bash' operand causes subsequent -configuration-related scripts to be executed by `/bin/bash'. + CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash `configure' Invocation ====================== -`configure' recognizes the following options to control how it operates. + `configure' recognizes the following options to control how it +operates. `--help' `-h' - Print a summary of the options to `configure', and exit. + Print a summary of all of the options to `configure', and exit. + +`--help=short' +`--help=recursive' + Print a summary of the options unique to this package's + `configure', and exit. The `short' variant lists options used + only in the top level, while the `recursive' variant lists options + also present in any nested packages. `--version' `-V' @@ -231,6 +355,16 @@ configuration-related scripts to be exec Look for the package's source code in directory DIR. Usually `configure' can determine that directory automatically. +`--prefix=DIR' + Use DIR as the installation prefix. *note Installation Names:: + for more details, including other options available for fine-tuning + the installation locations. + +`--no-create' +`-n' + Run the configure checks, but stop before creating any output + files. + `configure' also accepts some other, not widely useful, options. Run `configure --help' for more details. Modified: vendor/sqlite3/dist/Makefile.in ============================================================================== --- vendor/sqlite3/dist/Makefile.in Tue Aug 12 02:02:52 2014 (r269848) +++ vendor/sqlite3/dist/Makefile.in Tue Aug 12 02:03:24 2014 (r269849) @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.9.6 from Makefile.am. +# Makefile.in generated by automake 1.11.5 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -17,15 +18,29 @@ -srcdir = @srcdir@ -top_srcdir = @top_srcdir@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ -top_builddir = . +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -INSTALL = @INSTALL@ install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c @@ -40,56 +55,84 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ bin_PROGRAMS = sqlite3$(EXEEXT) +subdir = . DIST_COMMON = README $(am__configure_deps) $(include_HEADERS) \ $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ $(srcdir)/sqlite3.pc.in $(top_srcdir)/configure INSTALL \ config.guess config.sub depcomp install-sh ltmain.sh missing -subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ - configure.lineno configure.status.lineno + configure.lineno config.status.lineno mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = sqlite3.pc +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \ "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(pkgconfigdir)" \ "$(DESTDIR)$(includedir)" -libLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(lib_LTLIBRARIES) libsqlite3_la_LIBADD = am_libsqlite3_la_OBJECTS = sqlite3.lo libsqlite3_la_OBJECTS = $(am_libsqlite3_la_OBJECTS) -binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) +libsqlite3_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(libsqlite3_la_LDFLAGS) $(LDFLAGS) -o $@ PROGRAMS = $(bin_PROGRAMS) am_sqlite3_OBJECTS = shell.$(OBJEXT) sqlite3_OBJECTS = $(am_sqlite3_OBJECTS) -DEFAULT_INCLUDES = -I. -I$(srcdir) +DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) -LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ SOURCES = $(libsqlite3_la_SOURCES) $(sqlite3_SOURCES) DIST_SOURCES = $(libsqlite3_la_SOURCES) $(sqlite3_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac man1dir = $(mandir)/man1 NROFF = nroff MANS = $(man_MANS) -pkgconfigDATA_INSTALL = $(INSTALL_DATA) DATA = $(pkgconfig_DATA) -includeHEADERS_INSTALL = $(INSTALL_HEADER) HEADERS = $(include_HEADERS) ETAGS = etags CTAGS = ctags @@ -97,16 +140,18 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCE distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) am__remove_distdir = \ - { test ! -d $(distdir) \ - || { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \ - && rm -fr $(distdir); }; } + if test -d "$(distdir)"; then \ + find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ + && rm -rf "$(distdir)" \ + || { sleep 5 && rm -rf "$(distdir)"; }; \ + else :; fi DIST_ARCHIVES = $(distdir).tar.gz GZIP_ENV = --best distuninstallcheck_listfiles = find . -type f -print +am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ + | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' distcleancheck_listfiles = find . -type f -print ACLOCAL = @ACLOCAL@ -AMDEP_FALSE = @AMDEP_FALSE@ -AMDEP_TRUE = @AMDEP_TRUE@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ @@ -119,57 +164,65 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXDEPMODE = @CXXDEPMODE@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ DYNAMIC_EXTENSION_FLAGS = @DYNAMIC_EXTENSION_FLAGS@ -ECHO = @ECHO@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ +INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ RANLIB = @RANLIB@ READLINE_LIBS = @READLINE_LIBS@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ THREADSAFE_FLAGS = @THREADSAFE_FLAGS@ VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ -am__fastdepCC_FALSE = @am__fastdepCC_FALSE@ -am__fastdepCC_TRUE = @am__fastdepCC_TRUE@ -am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@ -am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ @@ -181,6 +234,7 @@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ +builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ @@ -208,8 +262,12 @@ program_transform_name = @program_transf psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ AM_CFLAGS = @THREADSAFE_FLAGS@ @DYNAMIC_EXTENSION_FLAGS@ -DSQLITE_ENABLE_FTS3 -DSQLITE_ENABLE_RTREE lib_LTLIBRARIES = libsqlite3.la libsqlite3_la_SOURCES = sqlite3.c @@ -226,21 +284,21 @@ all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj -am--refresh: +am--refresh: Makefile @: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - echo ' cd $(srcdir) && $(AUTOMAKE) --foreign '; \ - cd $(srcdir) && $(AUTOMAKE) --foreign \ + echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \ + $(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \ && exit 0; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -256,28 +314,34 @@ $(top_builddir)/config.status: $(top_src $(SHELL) ./config.status --recheck $(top_srcdir)/configure: $(am__configure_deps) - cd $(srcdir) && $(AUTOCONF) + $(am__cd) $(srcdir) && $(AUTOCONF) $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) + $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) +$(am__aclocal_m4_deps): sqlite3.pc: $(top_builddir)/config.status $(srcdir)/sqlite3.pc.in cd $(top_builddir) && $(SHELL) ./config.status $@ install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(libdir)" || $(mkdir_p) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) - @set -x; list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: @@ -288,39 +352,57 @@ clean-libLTLIBRARIES: echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done -libsqlite3.la: $(libsqlite3_la_OBJECTS) $(libsqlite3_la_DEPENDENCIES) - $(LINK) -rpath $(libdir) $(libsqlite3_la_LDFLAGS) $(libsqlite3_la_OBJECTS) $(libsqlite3_la_LIBADD) $(LIBS) +libsqlite3.la: $(libsqlite3_la_OBJECTS) $(libsqlite3_la_DEPENDENCIES) $(EXTRA_libsqlite3_la_DEPENDENCIES) + $(libsqlite3_la_LINK) -rpath $(libdir) $(libsqlite3_la_OBJECTS) $(libsqlite3_la_LIBADD) $(LIBS) install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) - test -z "$(bindir)" || $(mkdir_p) "$(DESTDIR)$(bindir)" - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \ + fi; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \ - rm -f "$(DESTDIR)$(bindir)/$$f"; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done -sqlite3$(EXEEXT): $(sqlite3_OBJECTS) $(sqlite3_DEPENDENCIES) + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +sqlite3$(EXEEXT): $(sqlite3_OBJECTS) $(sqlite3_DEPENDENCIES) $(EXTRA_sqlite3_DEPENDENCIES) @rm -f sqlite3$(EXEEXT) - $(LINK) $(sqlite3_LDFLAGS) $(sqlite3_OBJECTS) $(sqlite3_LDADD) $(LIBS) + $(LINK) $(sqlite3_OBJECTS) $(sqlite3_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -332,22 +414,22 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sqlite3.Plo@am__quote@ .c.o: -@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: -@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: -@am__fastdepCC_TRUE@ if $(LTCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \ -@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -359,177 +441,215 @@ clean-libtool: -rm -rf .libs _libs distclean-libtool: - -rm -f libtool -uninstall-info-am: -install-man1: $(man1_MANS) $(man_MANS) + -rm -f libtool config.lt +install-man1: $(man_MANS) @$(NORMAL_INSTALL) - test -z "$(man1dir)" || $(mkdir_p) "$(DESTDIR)$(man1dir)" - @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.1*) list="$$list $$i" ;; \ - esac; \ + @list1=''; \ + list2='$(man_MANS)'; \ + test -n "$(man1dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.1[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 1*) ;; \ - *) ext='1' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + uninstall-man1: @$(NORMAL_UNINSTALL) - @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.1*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 1*) ;; \ - *) ext='1' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man1dir)/$$inst"; \ - done + @list=''; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir) install-pkgconfigDATA: $(pkgconfig_DATA) @$(NORMAL_INSTALL) - test -z "$(pkgconfigdir)" || $(mkdir_p) "$(DESTDIR)$(pkgconfigdir)" - @list='$(pkgconfig_DATA)'; for p in $$list; do \ + @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(pkgconfigdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(pkgconfigdir)" || exit 1; \ + fi; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(pkgconfigDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(pkgconfigdir)/$$f'"; \ - $(pkgconfigDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(pkgconfigdir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgconfigdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgconfigdir)" || exit $$?; \ done uninstall-pkgconfigDATA: @$(NORMAL_UNINSTALL) - @list='$(pkgconfig_DATA)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(pkgconfigdir)/$$f'"; \ - rm -f "$(DESTDIR)$(pkgconfigdir)/$$f"; \ - done + @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(pkgconfigdir)'; $(am__uninstall_files_from_dir) install-includeHEADERS: $(include_HEADERS) @$(NORMAL_INSTALL) - test -z "$(includedir)" || $(mkdir_p) "$(DESTDIR)$(includedir)" - @list='$(include_HEADERS)'; for p in $$list; do \ + @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(includedir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(includedir)" || exit 1; \ + fi; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ - $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-includeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(includedir)/$$f"; \ - done + @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(includedir)'; $(am__uninstall_files_from_dir) ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-vendor@FreeBSD.ORG Tue Aug 12 02:04:48 2014 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D43AF8C0 for ; Tue, 12 Aug 2014 02:04:48 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AAF9C23F7 for ; Tue, 12 Aug 2014 02:04:48 +0000 (UTC) Received: from peter (uid 633) (envelope-from peter@FreeBSD.org) id 2ad8 by svn.freebsd.org (DragonFly Mail Agent v0.9+); Tue, 12 Aug 2014 02:04:48 +0000 From: Peter Wemm Date: Tue, 12 Aug 2014 02:04:48 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r269850 - vendor/sqlite3/sqlite-3080500 X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <53e97640.2ad8.67451558@svn.freebsd.org> X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Aug 2014 02:04:48 -0000 Author: peter Date: Tue Aug 12 02:04:48 2014 New Revision: 269850 URL: http://svnweb.freebsd.org/changeset/base/269850 Log: Tag sqlite-3.8.5 import Added: vendor/sqlite3/sqlite-3080500/ - copied from r269849, vendor/sqlite3/dist/