Created attachment 221432 [details] test tool Not sure that this is a libtasn1 error or clang. I am update my desktop to current and claws-mail show me certs errors, I dig inside and found that gnutls_x509_crt_get_fingerprint() fails. At next step I found that if I rebuild libtasn1 with debug then it fixes errors. I wrote test app to reproduce error and check on other systems. On my home server (12.2) gnutls+libtasn1 was already installed and no errors happen. But after I rebuild libtasn1 - test app show error. Now I can not fix because even with -O0 it produces error. Build test tool: cc gnutls_test.c -O0 -DDEBUG -I/usr/local/include -L/usr/local/lib -lm -lgnutls -o gnutls_test Run test: ./gnutls_test ./pop.mail.ru.995.cert With: clang version 11.0.1 (git@github.com:llvm/llvm-project.git llvmorg-11.0.1-rc2-0-g43ff75f2c3f) 13.0-CURRENT FreeBSD 13.0-CURRENT even -O2 gives code that does not work. -O1, -O0 - work. With: clang version 10.0.1 (git@github.com:llvm/llvm-project.git llvmorg-10.0.1-0-gef32c611aa2) 12.2-STABLE 5586a4e13931(stable/12) does not work with any -O values.
Created attachment 221433 [details] test data
I make small mistake: on 12.2 with clang 10.0.1 -O1 and -O0 work. gcc9 -O3 - work.
https://gitlab.com/gnutls/libtasn1/-/issues/30
Workaround: CFLAGS+=-O1
This also breaks gnutls certtool, thank you for reporting. Finally explains the bizarre behaviour we've seen here.
Created attachment 221457 [details] port fix Thanks for the report. Does the attached patch look good to you?
tested with rdesktop on 12.2. Before: rdesktop dumps core Steps: rebuild libtasn1 and pkg add -f on the target system After that: rdesktop works.
(In reply to Roman Bogorodskiy from comment #6) Yes, but I do not test it.
A commit references this bug: Author: novel Date: Mon Jan 11 15:19:10 UTC 2021 New revision: 561219 URL: https://svnweb.freebsd.org/changeset/ports/561219 Log: security/libtasn1: add a workaround for clang 10+ When compiled with clang 10+ and -O[2-9], the resulting package fails to parse certificates. As a workaround, downgrade optimization to -O1. Upstream issue: https://gitlab.com/gnutls/libtasn1/-/issues/30 PR: 252548 Reported by: rozhuk.im@gmail.com Changes: head/security/libtasn1/Makefile
Closing per commit ports r561219 and feedback in the bug #251153.
Created attachment 224985 [details] remove clang workaround Upstream reports that it should be fixed in 4.17.0. I've checked with gnutls_test.c and looks like the workaround is no longer necessary. Would appreciate if somebody could double check.
(In reply to Roman Bogorodskiy from comment #11) I tested it on CURRENT and 13.0, both amd64, looks ok.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=9724b5e9e0b31a29080565f3bbbd7f3f4fcf3499 commit 9724b5e9e0b31a29080565f3bbbd7f3f4fcf3499 Author: Roman Bogorodskiy <novel@FreeBSD.org> AuthorDate: 2021-12-30 09:54:00 +0000 Commit: Roman Bogorodskiy <novel@FreeBSD.org> CommitDate: 2021-12-30 10:54:55 +0000 security/libtasn1: remove clang workaround The previously applied clang 10+ workaround which lowered -O optimization to -O1 appears to be no longer needed according to the upstream issue https://gitlab.com/gnutls/libtasn1/-/issues/30. PR: 252548 Reported by: Brad Smith security/libtasn1/Makefile | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-)