1 files changed, 189 insertions, 100 deletions

diff --git a/configure.ac b/configure.ac
index f507ebc3..46eef3a7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 #
 #  This file is part of TALER
-#  Copyright (C) 2014-2023 Taler Systems SA
+#  Copyright (C) 2014-2024 Taler Systems SA
 #
 #  TALER is free software; you can redistribute it and/or modify it under the
 #  terms of the GNU General Public License as published by the Free Software
@@ -18,7 +18,7 @@
 # This configure file is in the public domain
 
 AC_PREREQ([2.69])
-AC_INIT([taler-merchant],[0.9.1],[taler-bug@gnunet.org])
+AC_INIT([taler-merchant],[0.10.2],[taler-bug@gnunet.org])
 AC_CONFIG_SRCDIR([src/backend/taler-merchant-httpd.c])
 AC_CONFIG_HEADERS([taler_merchant_config.h])
 # support for non-recursive builds
@@ -61,76 +61,36 @@ AS_IF([test "x$doc_only" != xyes],[
 # Checks for programs.
 AC_PROG_CC
 
-CFLAGS="-Wall -Wno-address-of-packed-member $CFLAGS"
 
-# Checks for header files.
-AC_CHECK_HEADERS([stdint.h stdlib.h string.h unistd.h])
 
-# Check for GNUnet's libgnunetutil.
-libgnunetutil=0
-AC_MSG_CHECKING([for libgnunetutil])
-AC_ARG_WITH(gnunet,
-            [AS_HELP_STRING([--with-gnunet=PFX], [base of GNUnet installation])],
-            [AC_MSG_RESULT([given as $with_gnunet])],
-            [AC_MSG_RESULT(not given)
-             with_gnunet=yes])
-AS_CASE([$with_gnunet],
-        [yes], [],
-        [no], [AC_MSG_ERROR([--with-gnunet is required])],
-        [LDFLAGS="-L$with_gnunet/lib $LDFLAGS"
-         CPPFLAGS="-I$with_gnunet/include $CPPFLAGS"])
-AC_CHECK_HEADERS([gnunet/gnunet_util_lib.h],
- [AC_CHECK_LIB([gnunetutil], [GNUNET_SCHEDULER_run], libgnunetutil=1)])
-AS_IF([test $libgnunetutil != 1],
-  [AC_MSG_ERROR([[
-***
-*** You need libgnunetutil to build this program.
-*** This library is part of GNUnet, available at
-***   https://gnunet.org
-*** ]])])
+CFLAGS="-Wall -Wno-address-of-packed-member $CFLAGS"
 
+# Adam shostack suggests the following for Windows:
+# -D_FORTIFY_SOURCE=2 -fstack-protector-all
+AC_ARG_ENABLE(gcc-hardening,
+   AS_HELP_STRING(--enable-gcc-hardening, enable compiler security checks),
+[AS_IF([test x$enableval = xyes],[
+    CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-all"
+    CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector"
+    CFLAGS="$CFLAGS --param ssp-buffer-size=1"
+    LDFLAGS="$LDFLAGS -pie"])])
 
-# test for postgres
-AX_LIB_POSTGRESQL([13.0])
-AS_IF([test "x$found_postgresql" = "xyes"],
-  [SAVE_CPPFLAGS="$CPPFLAGS"
-   CPPFLAGS="$POSTGRES_CPPFLAGS $CPPFLAGS"
-   AC_CHECK_HEADERS([libpq-fe.h], [postgres=1], [postgres=0])])
-AS_IF([test "x$postgres" != "x1"],
-  [AC_MSG_ERROR([[
-***
-*** You need libpq(-dev) >= 13.0 to build this program.
-*** ]])])
-AM_CONDITIONAL([HAVE_POSTGRESQL], [test "x$postgres" = "x1"])
-AC_DEFINE_UNQUOTED([HAVE_POSTGRESQL], [$postgres],
-                   [Define to 1 if Postgres is available])
 
-TALER_LIB_LDFLAGS="-export-dynamic -no-undefined"
-TALER_PLUGIN_LDFLAGS="-export-dynamic -avoid-version -module -no-undefined"
+# Linker hardening options
+# Currently these options are ELF specific - you can't use this with MacOSX
+AC_ARG_ENABLE(linker-hardening,
+  AS_HELP_STRING(--enable-linker-hardening, enable linker security fixups),
+  [AS_IF([test x$enableval = xyes],[LDFLAGS="$LDFLAGS -z relro -z now"])])
 
-AC_SUBST(TALER_LIB_LDFLAGS)
-AC_SUBST(TALER_PLUGIN_LDFLAGS)
 
+AC_ARG_ENABLE(sanitizer,
+  AS_HELP_STRING(--enable-sanitizer, enable Address Sanitizer and Undefined Behavior Sanitizer),
+[AS_IF([test x$enableval = xyes],[
+   LDFLAGS="$CFLAGS -fsanitize=address,undefined -fno-omit-frame-pointer"
+ ])])
 
-# Check for Taler's libtalerpq
-libtalerpq=0
-AC_MSG_CHECKING([for libtalerpq])
-AC_ARG_WITH(exchange,
-            [AS_HELP_STRING([--with-exchange=PFX], [base of Taler EXCHANGE installation])],
-            [AC_MSG_RESULT([given as $with_exchange])],
-            [AC_MSG_RESULT(not given)
-             with_exchange=yes])
-AS_CASE([$with_exchange],
-        [yes], [],
-        [no], [AC_MSG_ERROR([--with-exchange is required])],
-        [LDFLAGS="-L$with_exchange/lib $LDFLAGS"
-         CPPFLAGS="-I$with_exchange/include $CPPFLAGS"])
-
-CPPFLAGS="$CPPFLAGS $POSTGRESQL_CPPFLAGS"
-
-AC_CHECK_HEADERS([gnunet/gnunet_pq_lib.h],
- [AC_CHECK_LIB([gnunetpq], [GNUNET_PQ_connect_with_cfg], libgnunetpq=1)])
-AM_CONDITIONAL(HAVE_GNUNETPQ, test x$libgnunetpq = x1)
+# Checks for header files.
+AC_CHECK_HEADERS([stdint.h stdlib.h string.h unistd.h])
 
 # check for libmicrohttpd
 AC_MSG_CHECKING([for microhttpd])
@@ -146,6 +106,7 @@ AS_CASE([$with_microhttpd],
          CPPFLAGS="-I$with_microhttpd/include $CPPFLAGS"])
 MHD_VERSION_AT_LEAST([0.9.71])
 
+
 jansson=0
 PKG_CHECK_MODULES([JANSSON], [jansson >= 2.3],
                   [LDFLAGS="$JANSSON_LIBS $LDFLAGS"
@@ -156,6 +117,33 @@ PKG_CHECK_MODULES([JANSSON], [jansson >= 2.3],
 ***]])])
 
 
+# Require minimum libgcrypt version
+need_libgcrypt_version=1.6.1
+AC_DEFINE_UNQUOTED([NEED_LIBGCRYPT_VERSION], ["$need_libgcrypt_version"],
+                                             [minimum version of libgcrypt required])
+AM_PATH_LIBGCRYPT([$need_libgcrypt_version])
+
+
+# NOTE: If we find libcurl here we set LIBCURL to -lcurl
+# This affects the LIBCURL_CHECK_CONFIG call below as it takes LIBCURL into
+# account when checking for curl.
+AC_CHECK_LIB([curl],
+             [curl_easy_getinfo],
+             [LIBCURL="-lcurl"
+              curl_gnutls=1],
+             [curl_gnutls=0])
+
+LIBCURL_CHECK_CONFIG([], [7.34.0], [],
+                     [AC_MSG_ERROR([cURL must have a version >= 7.34.0])])
+
+# Even if curl is found, we check for this constant in order to determine
+# if we can use this feature.
+AC_CHECK_HEADER([curl/curl.h],
+                [AC_CHECK_DECLS([CURLINFO_TLS_SSL_PTR],
+                                [],
+                                [AC_MSG_ERROR([cURL must support CURLINFO_TLS_SSL_PTR])],
+                                [[#include <curl/curl.h>]])])
+
 # test for libqrencode
 qrencode=0
 QR_LIBS="-lqrencode"
@@ -184,33 +172,75 @@ AS_IF([test "$qrencode" != 1],
 *** You need libqrencode to build this program.
 *** ]])])
 
-
 AC_SUBST(QR_CFLAGS)
 AC_SUBST(QR_LIBS)
 
-# NOTE: If we find libcurl here we set LIBCURL to -lcurl
-# This affects the LIBCURL_CHECK_CONFIG call below as it takes LIBCURL into
-# account when checking for curl.
-AC_CHECK_LIB([curl],
-             [curl_easy_getinfo],
-             [LIBCURL="-lcurl"
-              curl_gnutls=1],
-             [curl_gnutls=0])
 
-LIBCURL_CHECK_CONFIG([], [7.34.0], [],
-                     [AC_MSG_ERROR([cURL must have a version >= 7.34.0])])
+# test for postgres
+AX_LIB_POSTGRESQL([15.0])
+AS_IF([test "x$found_postgresql" = "xyes"],
+  [SAVE_CPPFLAGS="$CPPFLAGS"
+   CPPFLAGS="$POSTGRES_CPPFLAGS $CPPFLAGS"
+   AC_CHECK_HEADERS([libpq-fe.h], [postgres=1], [postgres=0])])
+AS_IF([test "x$postgres" != "x1"],
+  [AC_MSG_ERROR([[
+***
+*** You need libpq(-dev) >= 15.0 to build this program.
+*** ]])])
+AM_CONDITIONAL([HAVE_POSTGRESQL], [test "x$postgres" = "x1"])
+AC_DEFINE_UNQUOTED([HAVE_POSTGRESQL], [$postgres],
+                   [Define to 1 if Postgres is available])
 
-# Even if curl is found, we check for this constant in order to determine
-# if we can use this feature.
-AC_CHECK_HEADER([curl/curl.h],
-                [AC_CHECK_DECLS([CURLINFO_TLS_SSL_PTR],
-                                [],
-                                [AC_MSG_ERROR([cURL must support CURLINFO_TLS_SSL_PTR])],
-                                [[#include <curl/curl.h>]])])
 
-# Check for Taler's libtalerfakebank
-libtalerfakebank=0
-AC_MSG_CHECKING([for libtalerfakebank])
+CPPFLAGS="$CPPFLAGS $POSTGRESQL_CPPFLAGS"
+
+# Check for GNUnet's libgnunetutil.
+libgnunetutil=0
+AC_MSG_CHECKING([for libgnunetutil])
+AC_ARG_WITH(gnunet,
+            [AS_HELP_STRING([--with-gnunet=PFX], [base of GNUnet installation])],
+            [AC_MSG_RESULT([given as $with_gnunet])],
+            [AC_MSG_RESULT(not given)
+             with_gnunet=yes])
+AS_CASE([$with_gnunet],
+        [yes], [],
+        [no], [AC_MSG_ERROR([--with-gnunet is required])],
+        [LDFLAGS="-L$with_gnunet/lib $LDFLAGS"
+         CPPFLAGS="-I$with_gnunet/include $CPPFLAGS"])
+AC_CHECK_HEADERS([gnunet/gnunet_util_lib.h],
+ [AC_CHECK_LIB([gnunetutil], [GNUNET_SCHEDULER_run], libgnunetutil=1)])
+AS_IF([test $libgnunetutil != 1],
+  [AC_MSG_ERROR([[
+***
+*** You need libgnunetutil >= 0.21.0 to build this program.
+*** This library is part of GNUnet, available at
+***   https://gnunet.org
+*** ]])])
+
+libgnunetpq=0
+AC_CHECK_HEADERS([gnunet/gnunet_pq_lib.h],
+ [AC_CHECK_LIB([gnunetpq], [GNUNET_PQ_query_param_blind_sign_priv], libgnunetpq=1)])
+
+AS_IF([test $libgnunetpq != 1],
+  [AC_MSG_ERROR([[
+***
+*** You need libgnunetpq >= 0.21.2 (API v7) to build this program.
+*** This library is part of GNUnet, available at
+***   https://gnunet.org
+*** ]])])
+
+AM_CONDITIONAL(HAVE_GNUNETPQ, test x$libgnunetpq = x1)
+
+TALER_LIB_LDFLAGS="-export-dynamic -no-undefined"
+TALER_PLUGIN_LDFLAGS="-export-dynamic -avoid-version -module -no-undefined"
+
+
+AC_SUBST(TALER_LIB_LDFLAGS)
+AC_SUBST(TALER_PLUGIN_LDFLAGS)
+
+
+libtalerutil=0
+AC_MSG_CHECKING([for libtalerutil])
 AC_ARG_WITH(exchange,
             [AS_HELP_STRING([--with-exchange=PFX], [base of Taler EXCHANGE installation])],
             [AC_MSG_RESULT([given as $with_exchange])],
@@ -222,13 +252,80 @@ AS_CASE([$with_exchange],
         [LDFLAGS="-L$with_exchange/lib $LDFLAGS"
          CPPFLAGS="-I$with_exchange/include $CPPFLAGS $POSTGRESQL_CPPFLAGS"])
 
-CPPFLAGS="$CPPFLAGS $POSTGRESQL_CPPFLAGS"
+AC_CHECK_HEADERS([taler/taler_util.h],
+ [AC_CHECK_LIB([talerutil], [TALER_payto_normalize], libtalerutil=1)])
+AM_CONDITIONAL(HAVE_TALERUTIL, test x$libtalerutil = x1)
+AS_IF([test $libtalerutil != 1],
+  [AC_MSG_ERROR([[
+***
+*** You need libtalerutil >= 0.9.4 to build this program.
+*** This library is part of the GNU Taler exchange, available at
+***   https://taler.net
+*** ]])])
+
+
+libtalermhd=0
+AC_MSG_CHECKING([for libtalermhd])
+AC_ARG_WITH(exchange,
+            [AS_HELP_STRING([--with-exchange=PFX], [base of Taler EXCHANGE installation])],
+            [AC_MSG_RESULT([given as $with_exchange])],
+            [AC_MSG_RESULT(not given)
+             with_exchange=yes])
+AS_CASE([$with_exchange],
+        [yes], [],
+        [no], [AC_MSG_ERROR([--with-exchange is required])],
+        [LDFLAGS="-L$with_exchange/lib $LDFLAGS"
+         CPPFLAGS="-I$with_exchange/include $CPPFLAGS $POSTGRESQL_CPPFLAGS"])
+
+AC_CHECK_HEADERS([taler/taler_mhd_lib.h],
+ [AC_CHECK_LIB([talermhd], [TALER_MHD_parse_request_arg_snumber], libtalermhd=1)])
+AM_CONDITIONAL(HAVE_TALERMHD, test x$libtalermhd = x1)
+AS_IF([test $libtalermhd != 1],
+  [AC_MSG_ERROR([[
+***
+*** You need libtalermhd >= 0.10.1 (API v2) to build this program.
+*** This library is part of the GNU Taler exchange, available at
+***   https://taler.net
+*** ]])])
+
+libtalerjson=0
+AC_CHECK_HEADERS([taler/taler_json_lib.h],
+ [AC_CHECK_LIB([talerjson], [TALER_JSON_spec_otp_type], libtalerjson=1)])
+AM_CONDITIONAL(HAVE_TALERJSON, test x$libtalerjson = x1)
+AS_IF([test $libtalerjson != 1],
+  [AC_MSG_ERROR([[
+***
+*** You need libtalerjson >= 0.9.4 to build this program.
+*** This library is part of the GNU Taler exchange, available at
+***   https://taler.net
+*** ]])])
+
+
+# Check for Taler's libtalerpq
+
+libtalerpq=0
+AC_MSG_CHECKING([for libtalerpq])
+AC_CHECK_HEADERS([taler/taler_pq_lib.h],
+ [AC_CHECK_LIB([talerpq], [TALER_PQ_query_param_array_blinded_denom_sig], libtalerpq=1)])
+AM_CONDITIONAL(HAVE_TALERPQ, test x$libtalerpq = x1)
+AS_IF([test $libtalerpq != 1],
+  [AC_MSG_ERROR([[
+***
+*** You need libtalerpq >= 0.9.4 to build this program.
+*** This library is part of the GNU Taler exchange, available at
+***   https://taler.net
+*** ]])])
+
 
+# Check for Taler's libtalerfakebank
+libtalerfakebank=0
+AC_MSG_CHECKING([for libtalerfakebank])
 AC_CHECK_HEADERS([taler/taler_fakebank_lib.h],
  [AC_CHECK_LIB([talerfakebank], [TALER_FAKEBANK_start], libtalerfakebank=1)])
 AM_CONDITIONAL(HAVE_TALERFAKEBANK, test x$libtalerfakebank = x1)
 
 
+
 # check for libtalertwister
 twistertesting=0
 AC_MSG_CHECKING([for talerwtistertesting])
@@ -257,11 +354,6 @@ AC_ARG_ENABLE([coverage],
 AC_MSG_RESULT($use_gcov)
 AM_CONDITIONAL([USE_COVERAGE], [test "x$use_gcov" = "xyes"])
 
-# Require minimum libgcrypt version
-need_libgcrypt_version=1.6.1
-AC_DEFINE_UNQUOTED([NEED_LIBGCRYPT_VERSION], ["$need_libgcrypt_version"],
-                                             [minimum version of libgcrypt required])
-AM_PATH_LIBGCRYPT([$need_libgcrypt_version])
 
 # logging
 extra_logging=0
@@ -280,7 +372,7 @@ AC_MSG_CHECKING(for source being under a VCS)
 git_version=
 AS_IF([test ! "X$gitcommand" = "X"],
 [
-  git_version=$(cd $srcdir ; git rev-list --full-history --all --abbrev-commit | head -n 1 2>/dev/null)
+  git_version=$(cd $srcdir ; git rev-list -n 1 --abbrev-commit HEAD 2>/dev/null)
 ])
 AS_IF([test "X$git_version" = "X"],
   [
@@ -310,13 +402,6 @@ AC_TYPE_UINTMAX_T
 AC_CHECK_FUNCS([strdup])
 
 
-#
-# Check for tsc
-#
-AC_CHECK_PROG([tsc],[tsc],[yes],[no])
-AM_CONDITIONAL([HAVE_TSC], [test "x$tsc" = xyes])
-
-
 AC_ARG_ENABLE([[doc]],
   [AS_HELP_STRING([[--disable-doc]], [do not build any documentation])], ,
     [enable_doc=yes])
@@ -329,8 +414,11 @@ AM_CONDITIONAL([ENABLE_DOC], [test "x$enable_doc" = "xyes"])
 # logic if doc_only is set, make sure conditionals are still defined
 AM_CONDITIONAL([HAVE_GNUNETPQ], [false])
 AM_CONDITIONAL([HAVE_POSTGRESQL], [false])
+AM_CONDITIONAL([HAVE_TALERUTIL], [false])
+AM_CONDITIONAL([HAVE_TALERPQ], [false])
+AM_CONDITIONAL([HAVE_TALERMHD], [false])
+AM_CONDITIONAL([HAVE_TALERJSON], [false])
 AM_CONDITIONAL([HAVE_TALERFAKEBANK], [false])
-AM_CONDITIONAL([HAVE_TSC], [false])
 AM_CONDITIONAL([USE_COVERAGE], [false])
 AM_CONDITIONAL([ENABLE_DOC], [true])
 AM_CONDITIONAL([HAVE_TWISTER], [true])
@@ -355,6 +443,7 @@ contrib/Makefile
 doc/Makefile
 doc/doxygen/Makefile
 src/Makefile
+src/bank/Makefile
 src/backend/Makefile
 src/backenddb/Makefile
 src/include/Makefile