[Pkg-giraffe-discuss] [Pkg-giraffe-maintainers] Bug#812969: libvmime: FTBFS: net_tls_TLSSession.cpp:120:38: error: 'gnutls_certificate_type_set_priority' was not declared in this scope

Folkert van Heusden f.vanheusden at zarafa.com
Fri Jan 29 15:21:31 UTC 2016


Hmmm, that would be pushing an e-mail to e.g. postfix right?
I might be mistaking but I thought we don't use tls for that, just plain text. Because it is supposed to be localhost.

@kromer agreed?





-----Original message-----
From: Carsten Schoenert <c.schoenert at t-online.de>
Sent: Friday 29th January 2016 15:55
To: pkg-giraffe-discuss at lists.alioth.debian.org
Subject: Re: [Pkg-giraffe-discuss] [Pkg-giraffe-maintainers] Bug#812969: libvmime: FTBFS: net_tls_TLSSession.cpp:120:38: error: 'gnutls_certificate_type_set_priority' was not declared in this scope


Hello,

as maybe someone has noted the libvime package is currently failing to
build from source. See the bug opened mail by Chris Lamb at the end of
this email.

The upstream GnuTLS team has now switched of some of the already
deprecated marked functions with version 3.4.0 (and above) which has now
entered sid/unstable with version 3.4.8. Because of this the latest
builds of libvime are now failing.

I looked at the issue and figured out that some functions in
src/net/tls/TLSSession.cpp are not available any longer and replaced by
a function named gnutls_priority_set_direct() as proposed at [1].

These old functions are:

  gnutls_certificate_type_set_priority()
  gnutls_protocol_set_priority()
  gnutls_cipher_set_priority()
  gnutls_mac_set_priority()
  gnutls_compression_set_priority()

I reworked the code in src/net/tls/TLSSession.cpp based on the upgrading
description on [2] and created the patch that's appended to this email.
The libvime package is building again after this changes.

As I'm not a security expert I would like to ask the Zarafa guys if you
agree with these changes from the security point of view? Have you
already seen this issue?

[1] http://www.gnutls.org/manual/html_node/Core-TLS-API.html
[2]
http://www.gnutls.org/manual/html_node/Upgrading-from-previous-versions.html#Upgrading-from-previous-versions

Am 28.01.2016 um 08:36 schrieb Chris Lamb:
> Source: libvmime
> Version: 0.9.1-4
> Severity: serious
> Justification: fails to build from source
> User: reproducible-builds at lists.alioth.debian.org
> Usertags: ftbfs
> X-Debbugs-Cc: reproducible-builds at lists.alioth.debian.org
> 
> Dear Maintainer,
> 
> libvmime fails to build from source in unstable/amd64:
> 
>   [..]
> 
> 
>   net_tls_TLSSession.cpp: In constructor 'vmime::net::tls::TLSSession::TLSSession(vmime::utility::ref<vmime::security::cert::certificateVerifier>)':
>   net_tls_TLSSession.cpp:105:24: warning: 'gnutls_session' is deprecated [-Wdeprecated-declarations]
>     m_gnutlsSession = new gnutls_session;
>                           ˆ
>   In file included from /usr/include/gnutls/gnutls.h:2594:0,
>                    from net_tls_TLSSession.cpp:24:
>   /usr/include/gnutls/compat.h:78:26: note: declared here
>    typedef gnutls_session_t gnutls_session _GNUTLS_GCC_ATTR_DEPRECATED;
>                             ˆ
>   net_tls_TLSSession.cpp:120:38: error: 'gnutls_certificate_type_set_priority' was not declared in this scope
>      (*m_gnutlsSession, certTypePriority);
>                                         ˆ
>   net_tls_TLSSession.cpp:131:68: error: 'gnutls_protocol_set_priority' was not declared in this scope
>     res = gnutls_protocol_set_priority(*m_gnutlsSession, protoPriority);
>                                                                       ˆ
>   net_tls_TLSSession.cpp:152:61: error: 'gnutls_cipher_set_priority' was not declared in this scope
>     gnutls_cipher_set_priority(*m_gnutlsSession, cipherPriority);
>                                                                ˆ
>   net_tls_TLSSession.cpp:157:55: error: 'gnutls_mac_set_priority' was not declared in this scope
>     gnutls_mac_set_priority(*m_gnutlsSession, macPriority);
>                                                          ˆ
>   net_tls_TLSSession.cpp:173:53: error: 'gnutls_kx_set_priority' was not declared in this scope
>     gnutls_kx_set_priority(*m_gnutlsSession, kxPriority);
>                                                        ˆ
>   net_tls_TLSSession.cpp:184:71: error: 'gnutls_compression_set_priority' was not declared in this scope
>     gnutls_compression_set_priority(*m_gnutlsSession, compressionPriority);
>                                                                          ˆ
>   Makefile:657: recipe for target 'net_tls_TLSSession.lo' failed
>   make[3]: *** [net_tls_TLSSession.lo] Error 1
>   make[3]: *** Waiting for unfinished jobs....
>   libtool: compile:  x86_64-linux-gnu-g++ -DHAVE_CONFIG_H -I. -I.. -I/usr/include -I.. -D_REENTRANT=1 -D_THREAD_SAFE=1 -I/usr/include/p11-kit-1 -fPIC -DPIC -ansi -pedantic -W -Wall -Wpointer-arith -Wold-style-cast -Wconversion -Wdate-time -D_FORTIFY_SOURCE=2 -O2 -c security_sasl_builtinSASLMechanism.cpp -o security_sasl_builtinSASLMechanism.o >/dev/null 2>&1
>   libtool: compile:  x86_64-linux-gnu-g++ -DHAVE_CONFIG_H -I. -I.. -I/usr/include -I.. -D_REENTRANT=1 -D_THREAD_SAFE=1 -I/usr/include/p11-kit-1 -fPIC -DPIC -ansi -pedantic -W -Wall -Wpointer-arith -Wold-style-cast -Wconversion -Wdate-time -D_FORTIFY_SOURCE=2 -O2 -c security_sasl_defaultSASLAuthenticator.cpp -o security_sasl_defaultSASLAuthenticator.o >/dev/null 2>&1
>   In file included from net_tls_TLSSocket.cpp:27:0:
>   ../vmime/net/tls/TLSSocket.hpp:99:88: warning: 'gnutls_transport_ptr' is deprecated [-Wdeprecated-declarations]
>     static ssize_t gnutlsPushFunc(gnutls_transport_ptr trspt, const void* data, size_t len);
>                                                                                           ˆ
>   ../vmime/net/tls/TLSSocket.hpp:100:82: warning: 'gnutls_transport_ptr' is deprecated [-Wdeprecated-declarations]
>     static ssize_t gnutlsPullFunc(gnutls_transport_ptr trspt, void* data, size_t len);
>                                                                                     ˆ
>   In file included from net_tls_TLSSocket.cpp:28:0:
>   ../vmime/net/tls/TLSSession.hpp:80:18: warning: 'gnutls_session' is deprecated [-Wdeprecated-declarations]
>     gnutls_session* m_gnutlsSession;
>                     ˆ
>   In file included from /usr/include/gnutls/gnutls.h:2594:0,
>                    from net_tls_TLSSocket.cpp:24:
>   /usr/include/gnutls/compat.h:78:26: note: declared here
>    typedef gnutls_session_t gnutls_session _GNUTLS_GCC_ATTR_DEPRECATED;
>                             ˆ
>   net_tls_TLSSocket.cpp: In member function 'virtual void vmime::net::tls::TLSSocket::send(const string&)':
>   net_tls_TLSSocket.cpp:108:40: warning: conversion to 'vmime::net::socket::size_type {aka int}' from 'std::__cxx11::basic_string<char>::size_type {aka long unsigned int}' may alter its value [-Wconversion]
>     sendRaw(buffer.data(), buffer.length());
>                                           ˆ
>   net_tls_TLSSocket.cpp: In member function 'virtual vmime::net::socket::size_type vmime::net::tls::TLSSocket::receiveRaw(char*, vmime::net::socket::size_type)':
>   net_tls_TLSSocket.cpp:126:58: warning: conversion to 'int' from 'ssize_t {aka long int}' may alter its value [-Wconversion]
>      TLSSession::throwTLSException("gnutls_record_recv", ret);
>                                                             ˆ
>   net_tls_TLSSocket.cpp: At global scope:
>   net_tls_TLSSocket.cpp:206:59: warning: 'gnutls_transport_ptr' is deprecated [-Wdeprecated-declarations]
>     (gnutls_transport_ptr trspt, const void* data, size_t len)
>                                                              ˆ
>   net_tls_TLSSocket.cpp:228:53: warning: 'gnutls_transport_ptr' is deprecated [-Wdeprecated-declarations]
>     (gnutls_transport_ptr trspt, void* data, size_t len)
>                                                        ˆ
>   net_tls_TLSSocket.cpp: In member function 'vmime::utility::ref<vmime::security::cert::certificateChain> vmime::net::tls::TLSSocket::getPeerCertificates() const':
>   net_tls_TLSSocket.cpp:292:22: warning: 'gnutls_datum' is deprecated [-Wdeprecated-declarations]
>     const gnutls_datum* rawData = gnutls_certificate_get_peers
>                         ˆ
>   In file included from /usr/include/gnutls/gnutls.h:2594:0,
>                    from net_tls_TLSSocket.cpp:24:
>   /usr/include/gnutls/compat.h:112:24: note: declared here
>    typedef gnutls_datum_t gnutls_datum _GNUTLS_GCC_ATTR_DEPRECATED;
>                           ˆ
>   net_tls_TLSSocket.cpp:299:19: warning: 'gnutls_x509_crt' is deprecated [-Wdeprecated-declarations]
>     gnutls_x509_crt* x509Certs = new gnutls_x509_crt[certCount];
>                      ˆ
>   In file included from /usr/include/gnutls/gnutls.h:2594:0,
>                    from net_tls_TLSSocket.cpp:24:
>   /usr/include/gnutls/compat.h:89:27: note: declared here
>    typedef gnutls_x509_crt_t gnutls_x509_crt _GNUTLS_GCC_ATTR_DEPRECATED;
>                              ˆ
>   net_tls_TLSSocket.cpp:299:60: warning: 'gnutls_x509_crt' is deprecated [-Wdeprecated-declarations]
>     gnutls_x509_crt* x509Certs = new gnutls_x509_crt[certCount];
>                                                               ˆ
>   In file included from /usr/include/gnutls/gnutls.h:2594:0,
>                    from net_tls_TLSSocket.cpp:24:
>   /usr/include/gnutls/compat.h:89:27: note: declared here
>    typedef gnutls_x509_crt_t gnutls_x509_crt _GNUTLS_GCC_ATTR_DEPRECATED;
>                              ˆ
>   net_tls_TLSSocket.cpp:333:63: warning: conversion to 'unsigned int' from 'size_t {aka long unsigned int}' may alter its value [-Wconversion]
>        security::cert::X509Certificate::import(&data[0], dataSize);
>                                                                  ˆ
>   libtool: compile:  x86_64-linux-gnu-g++ -DHAVE_CONFIG_H -I. -I.. -I/usr/include -I.. -D_REENTRANT=1 -D_THREAD_SAFE=1 -I/usr/include/p11-kit-1 -fPIC -DPIC -ansi -pedantic -W -Wall -Wpointer-arith -Wold-style-cast -Wconversion -Wdate-time -D_FORTIFY_SOURCE=2 -O2 -c net_tls_TLSSocket.cpp -o net_tls_TLSSocket.o >/dev/null 2>&1
>   make[3]: Leaving directory '/home/lamby/temp/cdt.20160128083412.bSSdKcTq8D/libvmime-0.9.1/src'
>   Makefile:474: recipe for target 'all-recursive' failed
>   make[2]: *** [all-recursive] Error 1
>   make[2]: Leaving directory '/home/lamby/temp/cdt.20160128083412.bSSdKcTq8D/libvmime-0.9.1'
>   Makefile:362: recipe for target 'all' failed
>   make[1]: *** [all] Error 2
>   make[1]: Leaving directory '/home/lamby/temp/cdt.20160128083412.bSSdKcTq8D/libvmime-0.9.1'
>   dh_auto_build: make -j9 returned exit code 2
>   debian/rules:29: recipe for target 'build' failed
>   make: *** [build] Error 2
> 
>   [..]
> 
> The full build log is attached.
> 
> 
> Regards,
> 
> 
> 
> _______________________________________________
> Pkg-giraffe-maintainers mailing list
> Pkg-giraffe-maintainers at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-giraffe-maintainers
> 

-- 
Regards
Carsten Schoenert
_______________________________________________
Pkg-giraffe-discuss mailing list
Pkg-giraffe-discuss at lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-giraffe-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-giraffe-discuss/attachments/20160129/cac39932/attachment-0001.html>


More information about the Pkg-giraffe-discuss mailing list