[Pkg-giraffe-maintainers] Bug#812969: libvmime: FTBFS: net_tls_TLSSession.cpp:120:38: error: 'gnutls_certificate_type_set_priority' was not declared in this scope

Carsten Schoenert c.schoenert at t-online.de
Mon Feb 1 07:45:37 UTC 2016


Dear GnuTLS maintainers,

with the new gnutls v3.4 in unstable we hit some old deprecated marked
function now as errors while building the libvmime package. ;)
libvmime is a reverse dependency for the zarafa groupware we have
packaged and is currently waiting in the new queue.
The upstream maintainer of libvmime doesn't released a newer version
than 0.9.1 and so we have to fight with this old version (released
2010-11-16).

Peter Green has submitted a debdiff with a possibly solution that's seen
below. I'm not a security expert on those used functions inside libvmime
and found a another solution based on suggestions for upgrading to 3.4
[1] and created a patch that's appended.

Can you give us a suggestion how to handle this issues? I've seen a
similar solution like mine on the samba package upstream [5]. The zarafa
suite isn't using this parts of the libvmime package as they connect
locally to localhost. But the we have to provide a secure libvmime
package.

The full FTBFS log can be found here [2] for amd64. The source can be
found on [3] and the file that holds the deprecated functions can be
viewd on [4].

Thanks and regards
Carsten

[1] http://www.gnutls.org/manual/html_node/Upgrading-from-previous-versions.html#Upgrading-from-previous-versions
[2] https://buildd.debian.org/status/fetch.php?pkg=libvmime&arch=amd64&ver=0.9.1-4%2Bb1&stamp=1453493127
[3] https://anonscm.debian.org/cgit/pkg-giraffe/libvmime.git/tree/
[4] https://anonscm.debian.org/cgit/pkg-giraffe/libvmime.git/tree/src/net/tls/TLSSession.cpp
[5] https://lists.samba.org/archive/samba-technical/2015-April/107008.html

On Sun, Jan 31, 2016 at 11:33:16PM +0000, peter green wrote:
> >
> >  net_tls_TLSSession.cpp:120:38: error: 'gnutls_certificate_type_set_priority' was not declared in this scope
> >      (*m_gnutlsSession, certTypePriority);
> >                                         ^
> >   net_tls_TLSSession.cpp:131:68: error: 'gnutls_protocol_set_priority' was not declared in this scope
> >     res = gnutls_protocol_set_priority(*m_gnutlsSession, protoPriority);
> >                                                                       ^
> >   net_tls_TLSSession.cpp:152:61: error: 'gnutls_cipher_set_priority' was not declared in this scope
> >     gnutls_cipher_set_priority(*m_gnutlsSession, cipherPriority);
> >                                                                ^
> >   net_tls_TLSSession.cpp:157:55: error: 'gnutls_mac_set_priority' was not declared in this scope
> >     gnutls_mac_set_priority(*m_gnutlsSession, macPriority);
> >                                                          ^
> >   net_tls_TLSSession.cpp:173:53: error: 'gnutls_kx_set_priority' was not declared in this scope
> >     gnutls_kx_set_priority(*m_gnutlsSession, kxPriority);
> >                                                        ^
> >   net_tls_TLSSession.cpp:184:71: error: 'gnutls_compression_set_priority' was not declared in this scope
> >     gnutls_compression_set_priority(*m_gnutlsSession, compressionPriority);
> 
> 
> The gnutls_*_set_priority functions have been removed. According to.
>  http://www.gnutls.org/manual/html_node/Upgrading-from-previous-versions.html
>  the replacement is gnutls_priority_set_direct but in this case the settings
> used seem
>  rather outdated anyway, so rather than converting I just removed them.
>  (so gnutls will use it's defaults).
> 
> I have uploaded my changes to raspbian stretch-staging. Debdiff attached, no
> intent to NMU in Debian.
> 

> diff -Nru libvmime-0.9.1/debian/changelog libvmime-0.9.1/debian/changelog
> --- libvmime-0.9.1/debian/changelog	2015-09-22 17:33:22.000000000 +0000
> +++ libvmime-0.9.1/debian/changelog	2016-01-31 18:41:26.000000000 +0000
> @@ -1,3 +1,9 @@
> +libvmime (0.9.1-4+rpi1) stretch-staging; urgency=medium
> +
> +  * Remove calls to gnutls_*_set_priority
> +
> + -- Peter Michael Green <plugwash at raspbian.org>  Sun, 31 Jan 2016 18:41:14 +0000
> +
>  libvmime (0.9.1-4) unstable; urgency=medium
>  
>    [ Carsten Schoenert ]
> diff -Nru libvmime-0.9.1/debian/patches/gnutls3.4.patch libvmime-0.9.1/debian/patches/gnutls3.4.patch
> --- libvmime-0.9.1/debian/patches/gnutls3.4.patch	1970-01-01 00:00:00.000000000 +0000
> +++ libvmime-0.9.1/debian/patches/gnutls3.4.patch	2016-01-31 18:41:03.000000000 +0000
> @@ -0,0 +1,102 @@
> +Description: remove calls to gnutls_*_set_priority
> + The gnutls_*_set_priority functions have been removed. According to 
> + http://www.gnutls.org/manual/html_node/Upgrading-from-previous-versions.html
> + the replacement is gnutls_priority_set_direct but the settings used seem
> + rather outdated anyway, so rather than converting I just removed them.
> + (so gnutls will use it's defaults).
> +uthor: Peter Michael Green <plugwash at raspbian.org>
> +
> +---
> +The information above should follow the Patch Tagging Guidelines, please
> +checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
> +are templates for supplementary fields that you might want to add:
> +
> +Origin: <vendor|upstream|other>, <url of original patch>
> +Bug: <url in upstream bugtracker>
> +Bug-Debian: https://bugs.debian.org/<bugnumber>
> +Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
> +Forwarded: <no|not-needed|url proving that it has been forwarded>
> +Reviewed-By: <name and email of someone who approved the patch>
> +Last-Update: <YYYY-MM-DD>
> +
> +--- libvmime-0.9.1.orig/src/net/tls/TLSSession.cpp
> ++++ libvmime-0.9.1/src/net/tls/TLSSession.cpp
> +@@ -111,78 +111,6 @@ TLSSession::TLSSession(ref <security::ce
> + 	// macs and compression methods.
> + 	gnutls_set_default_priority(*m_gnutlsSession);
> + 
> +-	// Sets the priority on the certificate types supported by gnutls.
> +-	// Priority is higher for types specified before others. After
> +-	// specifying the types you want, you must append a 0.
> +-	const int certTypePriority[] = { GNUTLS_CRT_X509, 0 };
> +-
> +-	res = gnutls_certificate_type_set_priority
> +-		(*m_gnutlsSession, certTypePriority);
> +-
> +-	if (res < 0)
> +-	{
> +-		throwTLSException
> +-			("gnutls_certificate_type_set_priority", res);
> +-	}
> +-
> +-	// Sets the priority on the protocol types
> +-	const int protoPriority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
> +-
> +-	res = gnutls_protocol_set_priority(*m_gnutlsSession, protoPriority);
> +-
> +-	if (res < 0)
> +-	{
> +-		throwTLSException
> +-			("gnutls_certificate_type_set_priority", res);
> +-	}
> +-
> +-	// Priority on the ciphers
> +-	const int cipherPriority[] =
> +-	{
> +-		GNUTLS_CIPHER_ARCFOUR_128,
> +-		GNUTLS_CIPHER_3DES_CBC,
> +-		GNUTLS_CIPHER_AES_128_CBC,
> +-		GNUTLS_CIPHER_AES_256_CBC,
> +-		GNUTLS_CIPHER_ARCFOUR_40,
> +-		GNUTLS_CIPHER_RC2_40_CBC,
> +-		GNUTLS_CIPHER_DES_CBC,
> +-		0
> +-	};
> +-
> +-	gnutls_cipher_set_priority(*m_gnutlsSession, cipherPriority);
> +-
> +-	// Priority on MACs
> +-	const int macPriority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0};
> +-
> +-	gnutls_mac_set_priority(*m_gnutlsSession, macPriority);
> +-
> +-	// Priority on key exchange methods
> +-	const int kxPriority[] =
> +-	{
> +-		GNUTLS_KX_RSA,
> +-		GNUTLS_KX_DHE_DSS,
> +-		GNUTLS_KX_DHE_RSA,
> +-		GNUTLS_KX_ANON_DH,
> +-		GNUTLS_KX_SRP,
> +-		GNUTLS_KX_RSA_EXPORT,
> +-		GNUTLS_KX_SRP_RSA,
> +-		GNUTLS_KX_SRP_DSS,
> +-		0
> +-	};
> +-
> +-	gnutls_kx_set_priority(*m_gnutlsSession, kxPriority);
> +-
> +-	// Priority on compression methods
> +-	const int compressionPriority[] =
> +-	{
> +-		GNUTLS_COMP_ZLIB,
> +-		//GNUTLS_COMP_LZO,
> +-		GNUTLS_COMP_NULL,
> +-		0
> +-	};
> +-
> +-	gnutls_compression_set_priority(*m_gnutlsSession, compressionPriority);
> +-
> + 	// Initialize credentials
> + 	gnutls_credentials_set(*m_gnutlsSession,
> + 		GNUTLS_CRD_ANON, g_gnutlsGlobal.anonCred);
> diff -Nru libvmime-0.9.1/debian/patches/series libvmime-0.9.1/debian/patches/series
> --- libvmime-0.9.1/debian/patches/series	2015-09-22 17:33:22.000000000 +0000
> +++ libvmime-0.9.1/debian/patches/series	2016-01-31 18:37:47.000000000 +0000
> @@ -17,3 +17,4 @@
>  debian/Adopt-changes-required-on-update-by-gnutls28-dev.patch
>  debian/remove-reference-to-gcrypt.h-related-on-update-to-gn.patch
>  adjust-configure.in-and-Makefile.am-to-recent-autoto.patch
> +gnutls3.4.patch

-------------- next part --------------
A non-text attachment was scrubbed...
Name: replace-deprecated-gnutls-function-after-v3.4.0.patch
Type: text/x-diff
Size: 3409 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-giraffe-maintainers/attachments/20160201/33d7a18c/attachment-0001.patch>


More information about the Pkg-giraffe-maintainers mailing list