[Pkg-e-devel] Bug#782469: efl: FTBFS against gnutls 3.4.0

peter green plugwash at p10link.net
Sun Jan 31 17:54:36 UTC 2016

tags 782469 +patch

I took a look at the code in conjunction with the migration instructions 
that were linked in the bug report (thanks for linking to those).

The results of the call to gnutls_pubkey_get_verify_algorithm are 
discarded, the code only checks if it succeeds or not. I guess it was 
intended as some sort of sanity check. I replaced it with a call to 

I replaced the call to gnutls_pubkey_verify_hash with a call to 
gnutls_pubkey_verify_hash2 filling in the new "algo" parameter with the 
result of gnutls_x509_crt_get_signature_algorithm

The code now compiles and I don't think it's any more broken than it was 
before but I have concerns about the code in general. It seems to have 
been written on the assumption that the certificate signature algorithm 
would always be sha1. I also have no idea how to test the package.

I have uploaded my changes to raspbian stretch-staging, debdiff attached 
no intent to NMU in Debian.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: efl.debdiff
URL: <http://lists.alioth.debian.org/pipermail/pkg-e-devel/attachments/20160131/26cd6a17/attachment.ksh>

More information about the Pkg-e-devel mailing list