[Pkg-giraffe-discuss] [Pkg-giraffe-maintainers] Bug#812969: libvmime: FTBFS: net_tls_TLSSession.cpp:120:38: error: 'gnutls_certificate_type_set_priority' was not declared in this scope

Jelle van der Waa j.vanderwaa at zarafa.com
Mon Feb 1 21:09:38 UTC 2016


> as maybe someone has noted the libvime package is currently failing to
> build from source. See the bug opened mail by Chris Lamb at the end of
> this email.

I always wondered why I didn't have this issue on Arch, turns out we use Zarafa's snapshot of libvmime
and somehow the libvmime version is named 0.9.2. [1]
Which raises some concerns here, since we ship a different vmime then Debian will :-(

I ran a diff between the two mentioned files and it still fails to compile, since the patch takes the harder approach to #ifdef everything between old and new it might be that your patch actually was already correct.

I can check your patch later, but I don't have that time now and just wanted to clarify the situation :)

[1] https://download.zarafa.com/community/final/7.1/7.1.7-42779/sourcecode/libvmime-0.9.2%2Bsvn603.tar.bz2

P.S. I think we (as Zarafa) have to be make contact with the libvmime guys and help them get a new release even if it's just some patches on top of 0.9.1. (Since now we run a snapshot + 10 custom patches..)

Hope this helps ;)

Jelle

> 
> The upstream GnuTLS team has now switched of some of the already
> deprecated marked functions with version 3.4.0 (and above) which has now
> entered sid/unstable with version 3.4.8. Because of this the latest
> builds of libvime are now failing.
> 
> I looked at the issue and figured out that some functions in
> src/net/tls/TLSSession.cpp are not available any longer and replaced by
> a function named gnutls_priority_set_direct() as proposed at [1].
> 
> These old functions are:
> 
>   gnutls_certificate_type_set_priority()
>   gnutls_protocol_set_priority()
>   gnutls_cipher_set_priority()
>   gnutls_mac_set_priority()
>   gnutls_compression_set_priority()
> 
> I reworked the code in src/net/tls/TLSSession.cpp based on the upgrading
> description on [2] and created the patch that's appended to this email.
> The libvime package is building again after this changes.
> 
> As I'm not a security expert I would like to ask the Zarafa guys if you
> agree with these changes from the security point of view? Have you
> already seen this issue?
> 
> [1] http://www.gnutls.org/manual/html_node/Core-TLS-API.html
> [2]
> http://www.gnutls.org/manual/html_node/Upgrading-from-previous-versions.html#Upgrading-from-previous-versions
> 
> Am 28.01.2016 um 08:36 schrieb Chris Lamb:
> > Source: libvmime
> > Version: 0.9.1-4
> > Severity: serious
> > Justification: fails to build from source
> > User: reproducible-builds at lists.alioth.debian.org
> > Usertags: ftbfs
> > X-Debbugs-Cc: reproducible-builds at lists.alioth.debian.org
> > 
> > Dear Maintainer,
> > 
> > libvmime fails to build from source in unstable/amd64:
> > 
> >   [..]
> > 
> > 
> >   net_tls_TLSSession.cpp: In constructor 'vmime::net::tls::TLSSession::TLSSession(vmime::utility::ref<vmime::security::cert::certificateVerifier>)':
> >   net_tls_TLSSession.cpp:105:24: warning: 'gnutls_session' is deprecated [-Wdeprecated-declarations]
> >     m_gnutlsSession = new gnutls_session;
> >                           ^
> >   In file included from /usr/include/gnutls/gnutls.h:2594:0,
> >                    from net_tls_TLSSession.cpp:24:
> >   /usr/include/gnutls/compat.h:78:26: note: declared here
> >    typedef gnutls_session_t gnutls_session _GNUTLS_GCC_ATTR_DEPRECATED;
> >                             ^
> >   net_tls_TLSSession.cpp:120:38: error: 'gnutls_certificate_type_set_priority' was not declared in this scope
> >      (*m_gnutlsSession, certTypePriority);
> >                                         ^
> >   net_tls_TLSSession.cpp:131:68: error: 'gnutls_protocol_set_priority' was not declared in this scope
> >     res = gnutls_protocol_set_priority(*m_gnutlsSession, protoPriority);
> >                                                                       ^
> >   net_tls_TLSSession.cpp:152:61: error: 'gnutls_cipher_set_priority' was not declared in this scope
> >     gnutls_cipher_set_priority(*m_gnutlsSession, cipherPriority);
> >                                                                ^
> >   net_tls_TLSSession.cpp:157:55: error: 'gnutls_mac_set_priority' was not declared in this scope
> >     gnutls_mac_set_priority(*m_gnutlsSession, macPriority);
> >                                                          ^
> >   net_tls_TLSSession.cpp:173:53: error: 'gnutls_kx_set_priority' was not declared in this scope
> >     gnutls_kx_set_priority(*m_gnutlsSession, kxPriority);
> >                                                        ^
> >   net_tls_TLSSession.cpp:184:71: error: 'gnutls_compression_set_priority' was not declared in this scope
> >     gnutls_compression_set_priority(*m_gnutlsSession, compressionPriority);
> >                                                                          ^
> >   Makefile:657: recipe for target 'net_tls_TLSSession.lo' failed
> >   make[3]: *** [net_tls_TLSSession.lo] Error 1
> >   make[3]: *** Waiting for unfinished jobs....
> >   libtool: compile:  x86_64-linux-gnu-g++ -DHAVE_CONFIG_H -I. -I.. -I/usr/include -I.. -D_REENTRANT=1 -D_THREAD_SAFE=1 -I/usr/include/p11-kit-1 -fPIC -DPIC -ansi -pedantic -W -Wall -Wpointer-arith -Wold-style-cast -Wconversion -Wdate-time -D_FORTIFY_SOURCE=2 -O2 -c security_sasl_builtinSASLMechanism.cpp -o security_sasl_builtinSASLMechanism.o >/dev/null 2>&1
> >   libtool: compile:  x86_64-linux-gnu-g++ -DHAVE_CONFIG_H -I. -I.. -I/usr/include -I.. -D_REENTRANT=1 -D_THREAD_SAFE=1 -I/usr/include/p11-kit-1 -fPIC -DPIC -ansi -pedantic -W -Wall -Wpointer-arith -Wold-style-cast -Wconversion -Wdate-time -D_FORTIFY_SOURCE=2 -O2 -c security_sasl_defaultSASLAuthenticator.cpp -o security_sasl_defaultSASLAuthenticator.o >/dev/null 2>&1
> >   In file included from net_tls_TLSSocket.cpp:27:0:
> >   ../vmime/net/tls/TLSSocket.hpp:99:88: warning: 'gnutls_transport_ptr' is deprecated [-Wdeprecated-declarations]
> >     static ssize_t gnutlsPushFunc(gnutls_transport_ptr trspt, const void* data, size_t len);
> >                                                                                           ^
> >   ../vmime/net/tls/TLSSocket.hpp:100:82: warning: 'gnutls_transport_ptr' is deprecated [-Wdeprecated-declarations]
> >     static ssize_t gnutlsPullFunc(gnutls_transport_ptr trspt, void* data, size_t len);
> >                                                                                     ^
> >   In file included from net_tls_TLSSocket.cpp:28:0:
> >   ../vmime/net/tls/TLSSession.hpp:80:18: warning: 'gnutls_session' is deprecated [-Wdeprecated-declarations]
> >     gnutls_session* m_gnutlsSession;
> >                     ^
> >   In file included from /usr/include/gnutls/gnutls.h:2594:0,
> >                    from net_tls_TLSSocket.cpp:24:
> >   /usr/include/gnutls/compat.h:78:26: note: declared here
> >    typedef gnutls_session_t gnutls_session _GNUTLS_GCC_ATTR_DEPRECATED;
> >                             ^
> >   net_tls_TLSSocket.cpp: In member function 'virtual void vmime::net::tls::TLSSocket::send(const string&)':
> >   net_tls_TLSSocket.cpp:108:40: warning: conversion to 'vmime::net::socket::size_type {aka int}' from 'std::__cxx11::basic_string<char>::size_type {aka long unsigned int}' may alter its value [-Wconversion]
> >     sendRaw(buffer.data(), buffer.length());
> >                                           ^
> >   net_tls_TLSSocket.cpp: In member function 'virtual vmime::net::socket::size_type vmime::net::tls::TLSSocket::receiveRaw(char*, vmime::net::socket::size_type)':
> >   net_tls_TLSSocket.cpp:126:58: warning: conversion to 'int' from 'ssize_t {aka long int}' may alter its value [-Wconversion]
> >      TLSSession::throwTLSException("gnutls_record_recv", ret);
> >                                                             ^
> >   net_tls_TLSSocket.cpp: At global scope:
> >   net_tls_TLSSocket.cpp:206:59: warning: 'gnutls_transport_ptr' is deprecated [-Wdeprecated-declarations]
> >     (gnutls_transport_ptr trspt, const void* data, size_t len)
> >                                                              ^
> >   net_tls_TLSSocket.cpp:228:53: warning: 'gnutls_transport_ptr' is deprecated [-Wdeprecated-declarations]
> >     (gnutls_transport_ptr trspt, void* data, size_t len)
> >                                                        ^
> >   net_tls_TLSSocket.cpp: In member function 'vmime::utility::ref<vmime::security::cert::certificateChain> vmime::net::tls::TLSSocket::getPeerCertificates() const':
> >   net_tls_TLSSocket.cpp:292:22: warning: 'gnutls_datum' is deprecated [-Wdeprecated-declarations]
> >     const gnutls_datum* rawData = gnutls_certificate_get_peers
> >                         ^
> >   In file included from /usr/include/gnutls/gnutls.h:2594:0,
> >                    from net_tls_TLSSocket.cpp:24:
> >   /usr/include/gnutls/compat.h:112:24: note: declared here
> >    typedef gnutls_datum_t gnutls_datum _GNUTLS_GCC_ATTR_DEPRECATED;
> >                           ^
> >   net_tls_TLSSocket.cpp:299:19: warning: 'gnutls_x509_crt' is deprecated [-Wdeprecated-declarations]
> >     gnutls_x509_crt* x509Certs = new gnutls_x509_crt[certCount];
> >                      ^
> >   In file included from /usr/include/gnutls/gnutls.h:2594:0,
> >                    from net_tls_TLSSocket.cpp:24:
> >   /usr/include/gnutls/compat.h:89:27: note: declared here
> >    typedef gnutls_x509_crt_t gnutls_x509_crt _GNUTLS_GCC_ATTR_DEPRECATED;
> >                              ^
> >   net_tls_TLSSocket.cpp:299:60: warning: 'gnutls_x509_crt' is deprecated [-Wdeprecated-declarations]
> >     gnutls_x509_crt* x509Certs = new gnutls_x509_crt[certCount];
> >                                                               ^
> >   In file included from /usr/include/gnutls/gnutls.h:2594:0,
> >                    from net_tls_TLSSocket.cpp:24:
> >   /usr/include/gnutls/compat.h:89:27: note: declared here
> >    typedef gnutls_x509_crt_t gnutls_x509_crt _GNUTLS_GCC_ATTR_DEPRECATED;
> >                              ^
> >   net_tls_TLSSocket.cpp:333:63: warning: conversion to 'unsigned int' from 'size_t {aka long unsigned int}' may alter its value [-Wconversion]
> >        security::cert::X509Certificate::import(&data[0], dataSize);
> >                                                                  ^
> >   libtool: compile:  x86_64-linux-gnu-g++ -DHAVE_CONFIG_H -I. -I.. -I/usr/include -I.. -D_REENTRANT=1 -D_THREAD_SAFE=1 -I/usr/include/p11-kit-1 -fPIC -DPIC -ansi -pedantic -W -Wall -Wpointer-arith -Wold-style-cast -Wconversion -Wdate-time -D_FORTIFY_SOURCE=2 -O2 -c net_tls_TLSSocket.cpp -o net_tls_TLSSocket.o >/dev/null 2>&1
> >   make[3]: Leaving directory '/home/lamby/temp/cdt.20160128083412.bSSdKcTq8D/libvmime-0.9.1/src'
> >   Makefile:474: recipe for target 'all-recursive' failed
> >   make[2]: *** [all-recursive] Error 1
> >   make[2]: Leaving directory '/home/lamby/temp/cdt.20160128083412.bSSdKcTq8D/libvmime-0.9.1'
> >   Makefile:362: recipe for target 'all' failed
> >   make[1]: *** [all] Error 2
> >   make[1]: Leaving directory '/home/lamby/temp/cdt.20160128083412.bSSdKcTq8D/libvmime-0.9.1'
> >   dh_auto_build: make -j9 returned exit code 2
> >   debian/rules:29: recipe for target 'build' failed
> >   make: *** [build] Error 2
> > 
> >   [..]
> > 
> > The full build log is attached.
> > 
> > 
> > Regards,
> > 
> > 
> > 
> > _______________________________________________
> > Pkg-giraffe-maintainers mailing list
> > Pkg-giraffe-maintainers at lists.alioth.debian.org
> > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-giraffe-maintainers
> > 
> 
> -- 
> Regards
> Carsten Schoenert
> _______________________________________________
> Pkg-giraffe-discuss mailing list
> Pkg-giraffe-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-giraffe-discuss
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libvmime_0.9.2.patch
Type: text/x-patch
Size: 6588 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-giraffe-discuss/attachments/20160201/fdaf7dcc/attachment.bin>


More information about the Pkg-giraffe-discuss mailing list