Open
Conversation
If the mainloop is paused and then resumed, DTLS will attempt to reconnect at the same time as CSTP. When DTLS-PSK is in use, gnutls_prf() will be called on a NULL vpninfo->https_sess pointer. Avoid this by deferring DTLS resumption until CSTP has reconnected, if DTLS-PSK is in use. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
SHA1 is weak, so let's switch each package to use SHA256 when updated. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
MIPS will be removed in NDK r17: https://developer.android.com/ndk/guides/abis.html Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
This is not used by default, and even the latest release (1.1.0g) has trouble building under clang. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
liboath requires minor hacks to build with the latest NDK releases: 1) __freading() cannot be implemented, because older versions of Bionic[0] do not keep track of the last operation on the stream. 2) Some of the autoconf checks need to be overridden from "cross" to "yes". 3) Most of the stdio replacement code in gnulib doesn't compile, because it requires access to internal libc structs. The internals are no longer exposed through NDK headers, and they vary from one Android version to the next. Fortunately, while these hacks would not pass muster upstream, they are good enough for the special case of compiling liboath. [0] https://android.googlesource.com/platform/bionic/+/android-8.1.0_r9/libc/stdio/stdio_ext.cpp#42 Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
This requires minor tweaks to some flags. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
Update gmp, nettle, gnutls to the latest stable releases. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
Update libxml2, libstoken, liblz4 to the latest stable releases. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
Recent Android OS releases have become stricter about TEXTRELs in
native code. When built without -DPIC, a few of the libgmp assembly
files generate problematic code sequences:
$ scanelf -qT arm-linux-androideabi/openconnect/.libs/libopenconnect.so
libopenconnect.so: (memory/data?) [0x23F320] in (optimized out: previous $a.0) [0x23F2B8]
[...]
0023f2b8 <__gmpn_modexact_1c_odd>:
23f2b8: e92d0030 push {r4, r5}
23f2bc: e59f405c ldr r4, [pc, #92] ; 23f320 <__gmpn_modexact_1c_odd+0x68>
[...]
23f320: 003171b8 .word 0x003171b8
In this case, adjusting the address at 23f320 would require making .text
writable, which Android does not want to do.
The solution is to specify --with-pic which causes the LEA macro
($GMP/mpn/arm/arm-defs.m4) to embed a PC-relative address into the code,
avoiding the issue.
Tested on ARM + x86.
Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
Remove/replace dead mirrors. Passes `make mirror-test`. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
This fixes the following warnings:
[javac] warning: [options] bootstrap class path not set in conjunction with -source 1.5
[javac] warning: [options] source value 1.5 is obsolete and will be removed in a future release
[javac] warning: [options] target value 1.5 is obsolete and will be removed in a future release
Java 8 was released in 2014 so it should be widely available now.
Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
The introduction of $(EXTRA_CFLAGS) in commit 00f0b80 ("android: Build ARM with -march=armv7-a") inadvertently overrode the default "-O2 -g" CFLAGS. Fixing this + enabling Thumb reduces the ARM libopenconnect.so from ~3.5MB to ~1.9MB. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
Use the oldest API level supported by each architecture, to maximize compatibility with existing devices. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
If the mainloop is paused and then resumed, DTLS will attempt to reconnect at the same time as CSTP. When DTLS-PSK is in use, gnutls_prf() will be called on a NULL vpninfo->https_sess pointer. Avoid this by deferring DTLS resumption until CSTP has reconnected, if DTLS-PSK is in use. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
…connect into fix_android_10_crash
|
Compilation error! @DenysFrasinich did you encounter any issue like this? |
If this is still relevant, you could fix it by upgrading gnutls to 3.6.12 @noman720. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Workarround for cernekee/ics-openconnect#51 from comment cernekee/ics-openconnect#51 (comment)