Created attachment 221432 [details]
Not sure that this is a libtasn1 error or clang.
I am update my desktop to current and claws-mail show me certs errors, I dig inside and found that gnutls_x509_crt_get_fingerprint() fails.
At next step I found that if I rebuild libtasn1 with debug then it fixes errors.
I wrote test app to reproduce error and check on other systems.
On my home server (12.2) gnutls+libtasn1 was already installed and no errors happen. But after I rebuild libtasn1 - test app show error.
Now I can not fix because even with -O0 it produces error.
Build test tool:
cc gnutls_test.c -O0 -DDEBUG -I/usr/local/include -L/usr/local/lib -lm -lgnutls -o gnutls_test
clang version 11.0.1 (email@example.com:llvm/llvm-project.git llvmorg-11.0.1-rc2-0-g43ff75f2c3f)
13.0-CURRENT FreeBSD 13.0-CURRENT
even -O2 gives code that does not work.
-O1, -O0 - work.
clang version 10.0.1 (firstname.lastname@example.org:llvm/llvm-project.git llvmorg-10.0.1-0-gef32c611aa2)
does not work with any -O values.
Created attachment 221433 [details]
I make small mistake: on 12.2 with clang 10.0.1 -O1 and -O0 work.
gcc9 -O3 - work.
This also breaks gnutls certtool, thank you for reporting. Finally explains the bizarre behaviour we've seen here.
Created attachment 221457 [details]
Thanks for the report.
Does the attached patch look good to you?
tested with rdesktop on 12.2.
Before: rdesktop dumps core
Steps: rebuild libtasn1 and pkg add -f on the target system
After that: rdesktop works.
(In reply to Roman Bogorodskiy from comment #6)
Yes, but I do not test it.
A commit references this bug:
Date: Mon Jan 11 15:19:10 UTC 2021
New revision: 561219
security/libtasn1: add a workaround for clang 10+
When compiled with clang 10+ and -O[2-9], the resulting package
fails to parse certificates.
As a workaround, downgrade optimization to -O1.
Upstream issue: https://gitlab.com/gnutls/libtasn1/-/issues/30
Reported by: email@example.com
Closing per commit ports r561219 and feedback in the bug #251153.
Created attachment 224985 [details]
remove clang workaround
Upstream reports that it should be fixed in 4.17.0. I've checked with gnutls_test.c and looks like the workaround is no longer necessary.
Would appreciate if somebody could double check.
(In reply to Roman Bogorodskiy from comment #11)
I tested it on CURRENT and 13.0, both amd64, looks ok.