[Pkg-giraffe-discuss] [Pkg-giraffe-maintainers] Bug#812969: libvmime: FTBFS: net_tls_TLSSession.cpp:120:38: error: 'gnutls_certificate_type_set_priority' was not declared in this scope
Carsten Schoenert
c.schoenert at t-online.de
Fri Jan 29 14:55:42 UTC 2016
Hello,
as maybe someone has noted the libvime package is currently failing to
build from source. See the bug opened mail by Chris Lamb at the end of
this email.
The upstream GnuTLS team has now switched of some of the already
deprecated marked functions with version 3.4.0 (and above) which has now
entered sid/unstable with version 3.4.8. Because of this the latest
builds of libvime are now failing.
I looked at the issue and figured out that some functions in
src/net/tls/TLSSession.cpp are not available any longer and replaced by
a function named gnutls_priority_set_direct() as proposed at [1].
These old functions are:
gnutls_certificate_type_set_priority()
gnutls_protocol_set_priority()
gnutls_cipher_set_priority()
gnutls_mac_set_priority()
gnutls_compression_set_priority()
I reworked the code in src/net/tls/TLSSession.cpp based on the upgrading
description on [2] and created the patch that's appended to this email.
The libvime package is building again after this changes.
As I'm not a security expert I would like to ask the Zarafa guys if you
agree with these changes from the security point of view? Have you
already seen this issue?
[1] http://www.gnutls.org/manual/html_node/Core-TLS-API.html
[2]
http://www.gnutls.org/manual/html_node/Upgrading-from-previous-versions.html#Upgrading-from-previous-versions
Am 28.01.2016 um 08:36 schrieb Chris Lamb:
> Source: libvmime
> Version: 0.9.1-4
> Severity: serious
> Justification: fails to build from source
> User: reproducible-builds at lists.alioth.debian.org
> Usertags: ftbfs
> X-Debbugs-Cc: reproducible-builds at lists.alioth.debian.org
>
> Dear Maintainer,
>
> libvmime fails to build from source in unstable/amd64:
>
> [..]
>
>
> net_tls_TLSSession.cpp: In constructor 'vmime::net::tls::TLSSession::TLSSession(vmime::utility::ref<vmime::security::cert::certificateVerifier>)':
> net_tls_TLSSession.cpp:105:24: warning: 'gnutls_session' is deprecated [-Wdeprecated-declarations]
> m_gnutlsSession = new gnutls_session;
> ^
> In file included from /usr/include/gnutls/gnutls.h:2594:0,
> from net_tls_TLSSession.cpp:24:
> /usr/include/gnutls/compat.h:78:26: note: declared here
> typedef gnutls_session_t gnutls_session _GNUTLS_GCC_ATTR_DEPRECATED;
> ^
> net_tls_TLSSession.cpp:120:38: error: 'gnutls_certificate_type_set_priority' was not declared in this scope
> (*m_gnutlsSession, certTypePriority);
> ^
> net_tls_TLSSession.cpp:131:68: error: 'gnutls_protocol_set_priority' was not declared in this scope
> res = gnutls_protocol_set_priority(*m_gnutlsSession, protoPriority);
> ^
> net_tls_TLSSession.cpp:152:61: error: 'gnutls_cipher_set_priority' was not declared in this scope
> gnutls_cipher_set_priority(*m_gnutlsSession, cipherPriority);
> ^
> net_tls_TLSSession.cpp:157:55: error: 'gnutls_mac_set_priority' was not declared in this scope
> gnutls_mac_set_priority(*m_gnutlsSession, macPriority);
> ^
> net_tls_TLSSession.cpp:173:53: error: 'gnutls_kx_set_priority' was not declared in this scope
> gnutls_kx_set_priority(*m_gnutlsSession, kxPriority);
> ^
> net_tls_TLSSession.cpp:184:71: error: 'gnutls_compression_set_priority' was not declared in this scope
> gnutls_compression_set_priority(*m_gnutlsSession, compressionPriority);
> ^
> Makefile:657: recipe for target 'net_tls_TLSSession.lo' failed
> make[3]: *** [net_tls_TLSSession.lo] Error 1
> make[3]: *** Waiting for unfinished jobs....
> libtool: compile: x86_64-linux-gnu-g++ -DHAVE_CONFIG_H -I. -I.. -I/usr/include -I.. -D_REENTRANT=1 -D_THREAD_SAFE=1 -I/usr/include/p11-kit-1 -fPIC -DPIC -ansi -pedantic -W -Wall -Wpointer-arith -Wold-style-cast -Wconversion -Wdate-time -D_FORTIFY_SOURCE=2 -O2 -c security_sasl_builtinSASLMechanism.cpp -o security_sasl_builtinSASLMechanism.o >/dev/null 2>&1
> libtool: compile: x86_64-linux-gnu-g++ -DHAVE_CONFIG_H -I. -I.. -I/usr/include -I.. -D_REENTRANT=1 -D_THREAD_SAFE=1 -I/usr/include/p11-kit-1 -fPIC -DPIC -ansi -pedantic -W -Wall -Wpointer-arith -Wold-style-cast -Wconversion -Wdate-time -D_FORTIFY_SOURCE=2 -O2 -c security_sasl_defaultSASLAuthenticator.cpp -o security_sasl_defaultSASLAuthenticator.o >/dev/null 2>&1
> In file included from net_tls_TLSSocket.cpp:27:0:
> ../vmime/net/tls/TLSSocket.hpp:99:88: warning: 'gnutls_transport_ptr' is deprecated [-Wdeprecated-declarations]
> static ssize_t gnutlsPushFunc(gnutls_transport_ptr trspt, const void* data, size_t len);
> ^
> ../vmime/net/tls/TLSSocket.hpp:100:82: warning: 'gnutls_transport_ptr' is deprecated [-Wdeprecated-declarations]
> static ssize_t gnutlsPullFunc(gnutls_transport_ptr trspt, void* data, size_t len);
> ^
> In file included from net_tls_TLSSocket.cpp:28:0:
> ../vmime/net/tls/TLSSession.hpp:80:18: warning: 'gnutls_session' is deprecated [-Wdeprecated-declarations]
> gnutls_session* m_gnutlsSession;
> ^
> In file included from /usr/include/gnutls/gnutls.h:2594:0,
> from net_tls_TLSSocket.cpp:24:
> /usr/include/gnutls/compat.h:78:26: note: declared here
> typedef gnutls_session_t gnutls_session _GNUTLS_GCC_ATTR_DEPRECATED;
> ^
> net_tls_TLSSocket.cpp: In member function 'virtual void vmime::net::tls::TLSSocket::send(const string&)':
> net_tls_TLSSocket.cpp:108:40: warning: conversion to 'vmime::net::socket::size_type {aka int}' from 'std::__cxx11::basic_string<char>::size_type {aka long unsigned int}' may alter its value [-Wconversion]
> sendRaw(buffer.data(), buffer.length());
> ^
> net_tls_TLSSocket.cpp: In member function 'virtual vmime::net::socket::size_type vmime::net::tls::TLSSocket::receiveRaw(char*, vmime::net::socket::size_type)':
> net_tls_TLSSocket.cpp:126:58: warning: conversion to 'int' from 'ssize_t {aka long int}' may alter its value [-Wconversion]
> TLSSession::throwTLSException("gnutls_record_recv", ret);
> ^
> net_tls_TLSSocket.cpp: At global scope:
> net_tls_TLSSocket.cpp:206:59: warning: 'gnutls_transport_ptr' is deprecated [-Wdeprecated-declarations]
> (gnutls_transport_ptr trspt, const void* data, size_t len)
> ^
> net_tls_TLSSocket.cpp:228:53: warning: 'gnutls_transport_ptr' is deprecated [-Wdeprecated-declarations]
> (gnutls_transport_ptr trspt, void* data, size_t len)
> ^
> net_tls_TLSSocket.cpp: In member function 'vmime::utility::ref<vmime::security::cert::certificateChain> vmime::net::tls::TLSSocket::getPeerCertificates() const':
> net_tls_TLSSocket.cpp:292:22: warning: 'gnutls_datum' is deprecated [-Wdeprecated-declarations]
> const gnutls_datum* rawData = gnutls_certificate_get_peers
> ^
> In file included from /usr/include/gnutls/gnutls.h:2594:0,
> from net_tls_TLSSocket.cpp:24:
> /usr/include/gnutls/compat.h:112:24: note: declared here
> typedef gnutls_datum_t gnutls_datum _GNUTLS_GCC_ATTR_DEPRECATED;
> ^
> net_tls_TLSSocket.cpp:299:19: warning: 'gnutls_x509_crt' is deprecated [-Wdeprecated-declarations]
> gnutls_x509_crt* x509Certs = new gnutls_x509_crt[certCount];
> ^
> In file included from /usr/include/gnutls/gnutls.h:2594:0,
> from net_tls_TLSSocket.cpp:24:
> /usr/include/gnutls/compat.h:89:27: note: declared here
> typedef gnutls_x509_crt_t gnutls_x509_crt _GNUTLS_GCC_ATTR_DEPRECATED;
> ^
> net_tls_TLSSocket.cpp:299:60: warning: 'gnutls_x509_crt' is deprecated [-Wdeprecated-declarations]
> gnutls_x509_crt* x509Certs = new gnutls_x509_crt[certCount];
> ^
> In file included from /usr/include/gnutls/gnutls.h:2594:0,
> from net_tls_TLSSocket.cpp:24:
> /usr/include/gnutls/compat.h:89:27: note: declared here
> typedef gnutls_x509_crt_t gnutls_x509_crt _GNUTLS_GCC_ATTR_DEPRECATED;
> ^
> net_tls_TLSSocket.cpp:333:63: warning: conversion to 'unsigned int' from 'size_t {aka long unsigned int}' may alter its value [-Wconversion]
> security::cert::X509Certificate::import(&data[0], dataSize);
> ^
> libtool: compile: x86_64-linux-gnu-g++ -DHAVE_CONFIG_H -I. -I.. -I/usr/include -I.. -D_REENTRANT=1 -D_THREAD_SAFE=1 -I/usr/include/p11-kit-1 -fPIC -DPIC -ansi -pedantic -W -Wall -Wpointer-arith -Wold-style-cast -Wconversion -Wdate-time -D_FORTIFY_SOURCE=2 -O2 -c net_tls_TLSSocket.cpp -o net_tls_TLSSocket.o >/dev/null 2>&1
> make[3]: Leaving directory '/home/lamby/temp/cdt.20160128083412.bSSdKcTq8D/libvmime-0.9.1/src'
> Makefile:474: recipe for target 'all-recursive' failed
> make[2]: *** [all-recursive] Error 1
> make[2]: Leaving directory '/home/lamby/temp/cdt.20160128083412.bSSdKcTq8D/libvmime-0.9.1'
> Makefile:362: recipe for target 'all' failed
> make[1]: *** [all] Error 2
> make[1]: Leaving directory '/home/lamby/temp/cdt.20160128083412.bSSdKcTq8D/libvmime-0.9.1'
> dh_auto_build: make -j9 returned exit code 2
> debian/rules:29: recipe for target 'build' failed
> make: *** [build] Error 2
>
> [..]
>
> The full build log is attached.
>
>
> Regards,
>
>
>
> _______________________________________________
> Pkg-giraffe-maintainers mailing list
> Pkg-giraffe-maintainers at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-giraffe-maintainers
>
--
Regards
Carsten Schoenert
-------------- next part --------------
From: Carsten Schoenert <c.schoenert at t-online.de>
Date: Thu, 28 Jan 2016 17:21:08 +0100
Subject: replace deprecated gnutls function after v3.4.0
Replacing various longer marked deprecated function with
gnutls_priority_set_direct().
In detail replacing the functions:
gnutls_certificate_type_set_priority()
gnutls_cipher_set_priority()
gnutls_mac_set_priority()
gnutls_kx_set_priority()
gnutls_compression_set_priority()
---
src/net/tls/TLSSession.cpp | 30 +++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/src/net/tls/TLSSession.cpp b/src/net/tls/TLSSession.cpp
index 18fc622..e61d7d7 100644
--- a/src/net/tls/TLSSession.cpp
+++ b/src/net/tls/TLSSession.cpp
@@ -114,30 +114,30 @@ TLSSession::TLSSession(ref <security::cert::certificateVerifier> cv)
// Sets the priority on the certificate types supported by gnutls.
// Priority is higher for types specified before others. After
// specifying the types you want, you must append a 0.
- const int certTypePriority[] = { GNUTLS_CRT_X509, 0 };
+ const char certTypePriority[] = { GNUTLS_CRT_X509, 0 };
- res = gnutls_certificate_type_set_priority
- (*m_gnutlsSession, certTypePriority);
+ res = gnutls_priority_set_direct
+ (*m_gnutlsSession, certTypePriority, NULL);
if (res < 0)
{
throwTLSException
- ("gnutls_certificate_type_set_priority", res);
+ ("gnutls_priority_set_direct", res);
}
// Sets the priority on the protocol types
- const int protoPriority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
+ const char protoPriority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
- res = gnutls_protocol_set_priority(*m_gnutlsSession, protoPriority);
+ res = gnutls_priority_set_direct(*m_gnutlsSession, protoPriority, NULL);
if (res < 0)
{
throwTLSException
- ("gnutls_certificate_type_set_priority", res);
+ ("gnutls_priority_set_direct", res);
}
// Priority on the ciphers
- const int cipherPriority[] =
+ const char cipherPriority[] =
{
GNUTLS_CIPHER_ARCFOUR_128,
GNUTLS_CIPHER_3DES_CBC,
@@ -149,15 +149,15 @@ TLSSession::TLSSession(ref <security::cert::certificateVerifier> cv)
0
};
- gnutls_cipher_set_priority(*m_gnutlsSession, cipherPriority);
+ gnutls_priority_set_direct(*m_gnutlsSession, cipherPriority, NULL);
// Priority on MACs
- const int macPriority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0};
+ const char macPriority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0};
- gnutls_mac_set_priority(*m_gnutlsSession, macPriority);
+ gnutls_priority_set_direct(*m_gnutlsSession, macPriority, NULL);
// Priority on key exchange methods
- const int kxPriority[] =
+ const char kxPriority[] =
{
GNUTLS_KX_RSA,
GNUTLS_KX_DHE_DSS,
@@ -170,10 +170,10 @@ TLSSession::TLSSession(ref <security::cert::certificateVerifier> cv)
0
};
- gnutls_kx_set_priority(*m_gnutlsSession, kxPriority);
+ gnutls_priority_set_direct(*m_gnutlsSession, kxPriority, NULL);
// Priority on compression methods
- const int compressionPriority[] =
+ const char compressionPriority[] =
{
GNUTLS_COMP_ZLIB,
//GNUTLS_COMP_LZO,
@@ -181,7 +181,7 @@ TLSSession::TLSSession(ref <security::cert::certificateVerifier> cv)
0
};
- gnutls_compression_set_priority(*m_gnutlsSession, compressionPriority);
+ gnutls_priority_set_direct(*m_gnutlsSession, compressionPriority, NULL);
// Initialize credentials
gnutls_credentials_set(*m_gnutlsSession,
More information about the Pkg-giraffe-discuss
mailing list