There is no such thing as `+=` unless you happen to be using the Bash
programming language, i.e. your script shebang is /bin/bash.
However, configure scripts are run via /bin/sh instead, which may or may
not be be bash, usually depending on whether the system in question
preferred to have one less package installed (in which case it is bash)
vs. have a faster /bin/sh installed (in which case it is probably the
dash shell).
On its own, -std=c11 hides POSIX and other extensions from C headers
such as <stdlib.h> when building against glibc. This causes the
posix_memalign probe to fail incorrectly with compilers that do not
accept implicit function declarations. _DEFAULT_SOURCE is ignored by
most non-GNU/Linux systems or not relevant in this context, so there
is no separate check for adding it.
* migrate from the old, unmaintained "asciidoc-py" tool to the new "asciidoctor" generator
* migrate from asciidoc-py syntax to the modern Asciidoc syntax (especially page titles and section titles)
* remove the need of "xmlto" utility to create the manpage output; use asciidoctor for that
* add HTML output support to the doc/Makefile by using asciidoctor
* change API documentation files extension from .txt to .adoc to make it more explicit that they are Asciidoc-encoded (as a bonus several IDE plugins will autodetect the .adoc format as Asciidoc)
* remove asciidoc.conf: asciidoctor does not support that; this also required replacing the macro linkzmq into all documentation pages
* add a new Github action CI do deploy to Github Pages the static HTMLs produced by Asciidoctors
* removed references to the "xmlto" and "a2x" tools from the build and packaging systems: Asciidoctor can convert the documentation directly to e.g. pdf (via extended converters) and anyway there was no code/target for using "xmlto" and "a2x" tools anyway
Solution: remove implementation. Frank Hartmann <soundart@gmx.net>,
the author, rejected our request to relicense under MPL2, so we
have to remove his copyrighted work.
Tweetnacl is not security-supported and could not be used in
production environments anyway, the supported backend is libsodium.
Solution: When compiling with gcc 7 and newer, the program produced by
AC_CHECK_FUNCS(fork) produces a warning, which results in configure
incorrectly disabling fork support. Fix the issue by using an
AC_COMPILE_IFELSE which correctly detects fork availability.
Tested by running configure and make check on a system with gcc 7
installed, and verifying that HAVE_FORK was defined correctly.
See issue #3313.
Solution: add a preprocessor variable ZMQ_NO_EXPORT that, when set, bypasses the automatic ZMQ_EXPORT determination block and just sets ZMQ_EXPORT to empty.
By combining this solution at configuration time with manually passing -fvisibility=hidden to CXXFLAGS, I solved my visibility problem. Just passing -fvisibility=hidden is not enough, because __attribute__ ((visibility ("default"))) has higher priority.
zmq_ppoll mostly mimics zmq_poll behavior, except for the added feature of being able to specify a signal mask. Signals in this mask will be blocked during execution of zmq_ppoll. Switching of the process' active signal mask happens atomically with the actual poll call, so that no race conditions can occur. This behavior is useful when one wants to gracefully handle POSIX signals without race conditions. See e.g. the discussion below https://250bpm.com/blog:12/ for an explanation.
Also includes two new tests:
1. test_zmq_ppoll_fd does the same thing as test_zmq_poll_fd, demonstrating backwards compatibility with zmq_poll when used with a default signal mask.
2. test_zmq_ppoll_signals demonstrates the use of zmq_ppoll with a signal mask, blocking out SIGTERM everywhere except in zmq_ppoll, allowing to handle the signal in one place without having to worry about race conditions.
* add opt-out for randombytes_close
Problem: randombytes_close is either a no-op or unsafe when a Context is running.
Unfortunately, there does not appear to be a single always correct choice,
so let builders pick between two not-great options.
Opting out can leak an FD on /dev/urandom which may need to be closed explicitly.
However, with the default behavior,
using multiple contexts with CURVE can crash with no application-level workaround available.
randombytes_close is not threadsafe and calling it while still in use by a Context can cause a crash.
For implementations using /dev/[u]random, this can leave up to one leftover FD per process.
The libsodium docs suggest that this function rarely needs to be called explicitly.
Retain GNU extensions for C99 and C++98 since testing old compilers
is especially difficult and these compilation modes exist to maintain
compatability.
* Problem: No direct support for setting socket priority
Solution: Add ZMQ_PRIORITY socket option, which sets the
SO_PRIORITY socket option on the underlying socket. This
socket option is not supported under Windows. Check option
and set socket option on creation of underlying socket.
Don't include bsd/string.h if strlcpy is also defined in string.h to
avoid the following build failure on uclibc:
In file included from src/compat.hpp:41:0,
from src/ipc_address.cpp:31:
/tmp/instance-0/output-1/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/bsd/string.h:44:54: error: declaration of 'size_t strlcpy(char*, const char*, size_t)' has a different exception specifier
size_t strlcpy(char *dst, const char *src, size_t siz);
^
In file included from src/compat.hpp:34:0,
from src/ipc_address.cpp:31:
/tmp/instance-0/output-1/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/string.h:424:15: error: from previous declaration 'size_t strlcpy(char*, const char*, size_t) throw ()'
extern size_t strlcpy(char *__restrict dst, const char *__restrict src,
^
Fixes:
- http://autobuild.buildroot.org/results/51220b1b82774e8f6f6ed8593c58d2e3c31a1531
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Using -Werror has been disabled for Darwin since very early on in the
codebase. However at this point, I can't see an obvious reason why it
should still be disabled compared to when building for the other
operating systems.
I've tested compiling on macOS using Apple Clang 11.0.3, LLVM Clang
10.0.0 and GCC 10.1.
Master doesn't currently compile when crossing compiling using
autotools and mingw-w64. i.e:
```bash
x86_64-w64-mingw32-g++ (GCC) 9.3.0
./autogen.sh
./configure --host=x86_64-w64-mingw32
make src/libzmq.la
....
CXX src/libzmq_la-curve_server.lo
In file included from src/address.cpp:37:
src/ipc_address.hpp:40:10: fatal error: sys/socket.h: No such file or directory
40 | #include <sys/socket.h>
| ^~~~~~~~~~~~~~
compilation terminated.
```
I assume this hasn't been caught because appveyor is using CMake.
Mingw also does not have an afunix.h header. There is a thread upstream,
but there doesn't seem to have been any discussion:
https://sourceforge.net/p/mingw-w64/discussion/723797/thread/4c8ecdbe0d/.
Some compilers, like GCC, will only warn about unknown -Wno-* options
when other warnings are being thrown, i.e:
```bash
CXX src/libzmq_la-address.lo
src/address.cpp: In function 'zmq::zmq_socklen_t zmq::get_socket_address(zmq::fd_t, zmq::socket_end_t, sockaddr_storage*)':
src/address.cpp:137:9: warning: unused variable 'unused' [-Wunused-variable]
137 | int unused;
| ^~~~~~~
At global scope:
cc1plus: note: unrecognized command-line option '-Wno-tautological-constant-compare' may have been intended to silence earlier diagnostics
cc1plus: note: unrecognized command-line option '-Wno-atomic-alignment' may have been intended to silence earlier diagnostics
CXX src/libzmq_la-channel.lo
```
They will also seem to accept the -Wno-* variant when it's tested for
using AX_CHECK_COMPILE_FLAG. So, rather than test for -Wno-* variants
that the compiler may pretend to understand, test for the actual option,
and only enable the -Wno-* case when it is available.
This flag has been enabled for Darwin targets since the initial commit
in 4ed70a930202b103e7e80b8dc925e0aaa4622595. However, aside from the
fact that we likely no longer want to suppress uninitialized warnings,
this flag wont suppress them anyways, as it's included in the
CXX flags before -Wall (which enables -Wuninitialized). i.e:
```bash
g++ -std=gnu++11 ... -Wno-uninitialized ... -Wall <rest of flags>
```
Solution: port the 2 new tests from oss-fuzz, and wire them up to
be ran manually with a static input in normal builds.
Add a specific configure option to use the external fuzzing engine
from oss-fuzz.
Solution: use libbsd by default when available, and the internal implementation
only as a fallback, to take advantage of Linux distros maintenance of the
string libraries.
Allow "configure --disable-maintainer-mode" to disable timestamp checking.
This is useful for one-off builds, in particular on e.g. clusters, where slightly skew clocks force aclocal and friends to kick in for no good reason.
Solution: detect cacheline size for aligment purposes at build time
instead of hard-coding it, so that PPC and S390 can align to a value
greater than the 64 bytes default.
Uses libc getconf program, and falls back to the previous value of 64
if not found.
Solution: use requires.private, which pkg-config expands recursively
so that dependencies of dependencies can be linked against when
using pkg-config --static
Solution: go back to using -Wl,--version-script.
Use ax_check_vscript.m4 from the autoconf-archive to detect support on
multiple platforms (eg Solaris ld(1) -M).
libtool -export-symbols-regexp used ld(1) --retain-symbols-file under
the hood, the latter lets some C++ weak symbols make their way into the
dynamic symbols table, along with the zmq_* interface. The reason for
such behavior is unknown to me.
Solution: if the compiler supports it, pass C++98-compat flags.
Currently Clang supports this flag but GCC does not.
Add a new flag to enable it, as building with C++98-compat but also
with -std=gnu++11 will cause a lot of warnings due to the backward
compat ifdefs.
Add a CI job to run it and ensure we don't break compatibility.
Solution: ignore tautological-constant-compare warnings, as they
might be useless on 64 bit but they are not on 32 bit where sizeof
size_t != sizeof uint64_t
The original configure.ac tries to check for dladdr, but it actually needs
it only in case we have libunwind (which has a another section and checks for it
too).
This can fail the build on systems without dynamic linking support.
Therefore, the dladdr check has to be preformed only when checking libunwind.
Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
Solution: revert the revert!
Revert "Problem: regression in 4.2.3 went unnoticed, want to release 4.2.5"
This reverts commit 5f17e26fa4c60c3de0282d1b6ad1e8b7037ed57a.
Solution: revert DRAFT -> STABLE API transition so that we can do a
bugfix-only 4.2.5 release.
Will be re-reverted once tagged.
Revert "Problem: ZMQ_BINDTODEVICE has met STABLE conditions"
This reverts commit 3cb79f5042cf32cdb7b1b58d4acf17eba85ec9f7.
Revert "Problem: ZMQ_MSG_GSSAPI_* have met STABLE conditions"
This reverts commit 374da4207b8034b0fcd67a2cc2165d50e09b9387.
Revert "Problem: ZMQ_MSG_T_SIZE has met STABLE conditions"
This reverts commit 6411c4a247c08ead50919d16b30eb030eaf44a7e.
Revert "Problem: docs say STABLE API still in DRAFT"
This reverts commit 9f2f30b7ffa09acc51d3b87251a47e83b435d5d4.
Solution: move it from DRAFT to STABLE since it's been in a public
release, committed for 6+ months and has not changed.
Given a new STABLE symbol has been added, bump minor version number.
* Problem: TIPC availability check is too strict
Solution: at build time only check if the API is available. In the tests
do a first check and a skip if the functionality is not available.
TIPC needs an in-tree but not loaded by default kernel module, tipc.ko
to be loaded, which requires root, so it is unlikely to be available on
any build system by default.
This will allow most distributions to ship with TIPC support built in,
and to avoid tests failure if the module is not there.
* Problem: no Travis tests for TIPC
Solution: mark one job with sudo: required and load the kernel module
* Problem: CMake fails when test returns 77 (skip)
Solution: set property to let it mark the test as skipped as intended
* Background thread scheduling
- add ZMQ_THREAD_AFFINITY ctx option; set all thread scheduling options
from the context of the secondary thread instead of using the main
process thread context!
- change ZMQ_THREAD_PRIORITY to support setting NICE of the background
thread when using SCHED_OTHER
* Extracted connect_vanilla_socket function
* Problem: no tests for ZMTP-CURVE protocol errors
Solution: added two test cases with erroneous HELLO commands
* Problem: insufficient tests for ZMTP-CURVE protocol errors
Solution: added two test cases with erroneous HELLO command version
* Problem: test HELLO message is invalid apart from deliberate errors
Solution: create cryptographically correct HELLO message
add tweetnacl.c to test_security_curve
* Problem: nonce is incorrect, build fails with GCC
Solution: use correct non prefix
* Problem: make builds are failing
Solution: transfer CMake changes to (auto)make files
* Problem: nonce is incorrect, build fails with GCC
Solution: use correct non prefix
* Problem: make builds are failing
Solution: transfer CMake changes to (auto)make files
* Problem: no test with INITIATE command with invalid length
Solution: added test case
* Problem: code duplication between test_security_curve.cpp and curve_client.cpp
Solution: extracted parts of zmq::curve_client_t::produce_hello into reusable function
* Problem: code duplication between test_security_curve.cpp and curve_client.cpp
Solution: extracted further parts of zmq::curve_client_t into reusable functions
added missing file
* Problem: mechanism_t::add_property can be declared static
Solution: declare mechanism_t::add_property static
* Problem: intermediate crypto data needs to be passed between static function calls to curve_client_tools_t
Solution: add non-static member functions
* Problem: msg_t instance may be closed twice
Solution: remove offending close
* Problem: prepare_hello uses static curve_client_tools_t::produce_hello
Solution: Use non-static curve_client_tools_t::produce_hello
* Problem: no test with invalid command name where INITIATE command is expected
Solution: added test case
* Problem: make builds are failing due to curve_client_tools.hpp not being found
Solution: add curve_client_tools.hpp to list of source files
* Problem: wrong initializer order in zmq::curve_client_t
Solution: reorder
* Problem: under non-Windows systems, test fails because random_open was not called
Solution: call random_open/random_close within test
* Problem: conflict between custom function htonll and macro definition on Darwin
Solution: define htonll function only if not defined as a macro
* Problem: nullptr not defined on all platforms
Solution: replace nullptr by NULL
* Problem: libsodium builds not working
Solution: adapt compile and link file sets for libsodium builds
* Problem: Makefile.am broken
Solution: Fix syntax
* Problem: no tests for garbage encrypted cookie or content in INITIATE
Solution: added test cases
* Problem: test cases accidentally excluded from build
Solution: remove #if/#endif
* Solution: some error cases are unreachable
Problem: for the time being, added some comments without changing the code
* Added comments on hard-to-test cases
Linux now supports Virtual Routing and Forwarding (VRF) as per:
https://www.kernel.org/doc/Documentation/networking/vrf.txt
In order for an application to bind or connect to a socket with an
address in a VRF, they need to first bind the socket to the VRF device:
setsockopt(sd, SOL_SOCKET, SO_BINDTODEVICE, dev, strlen(dev)+1);
Note "dev" is the VRF device, eg. VRF "blue", rather than an interface
enslaved to the VRF.
Add a new socket option, ZMQ_BINDTODEVICE, to bind a socket to a device.
In general, if a socket is bound to a device, eg. an interface, only
packets received from that particular device are processed by the socket.
If device is a VRF device, then subsequent binds/connects to that socket
use addresses in the VRF routing table.
on ia64 architecture libunwind comes with gcc. Unfortunately
libunwind is not directly usable as-is and fails at link time:
```
ia64-unknown-linux-gnu-g++ -o perf/.libs/local_lat perf/local_lat.o src/.libs/libzmq.so -lsodium -lrt -lpthread -ldl
src/.libs/libzmq.so: undefined reference to `_ULia64_step'
```
The change adds --{enable,disable}-libunwind flag to control
automatic dependency. The default is unchanged: use if available.
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Problem: there is no test coverage for GSSAPI.
Solution: add a test structured like the CURVE test.
The test is not built if libzmq is not configured with
--with-libgssapi_krb5. It will report SKIPPED status
if the required environment is missing (see below).
Environment: KRB5_KTNAME and KRB5_CLIENT_KTNAME
environment variables must point to a keytab file
containing creds for a host-based test principal
(see comment at top of source for details).
Kerberos must be configured and a KDC containing the
test principal must be running, otherwise the test
will fail/hang.
N.B. For now, the test must use the same principal for
both client and server roles because it seems impossible
to set them to different principals when they are
threads in the same process. Once one principal is
cached in credential cache, attempts to acquire creds
for a different "desired name" seem to be ignored and
the cached principal is used instead.
Problem: configure.ac is not setting HAVE_LIBGSSAPI_KRB5
in src/platform.hpp when --with-libgssapi_krb5 is specified
Commit 09e868b74379f9c4b0e3a487b246a41d44606d96
switched the libgssapi_krb5 check from AC_CHECK_LIB
to AC_SEARCH_LIBS, but neglected to add an AC_DEFINE
for HAVE_LIBGSSAPI_KRB5, thus the GSSAPI code is
never compiled.
Solution: Add missing AC_DEFINE of HAVE_LIBGSSAPI_KRB5.
(msys building is buggy, please be aware, it fails to compile on my
machine) also I modified the buildall.bat/buildbase.bat to use correct
MSVC versions instead of "visual studio 2017"
Solution: use pthread API to set the name. For now call every thread
"ZMQ b/g thread". Would be nice to number the I/O threads and name
explicitly the reaper thread, but in reality a bit of internal API
churn would be necessary, so perhaps it's not worth it.
This is useful when debugging a process with many threads.
