[Pkg-giraffe-maintainers] Bug#812969: libvmime: FTBFS: net_tls_TLSSession.cpp:120:38: error: 'gnutls_certificate_type_set_priority' was not declared in this scope
Carsten Schoenert
c.schoenert at t-online.de
Mon Feb 1 07:45:37 UTC 2016
Dear GnuTLS maintainers,
with the new gnutls v3.4 in unstable we hit some old deprecated marked
function now as errors while building the libvmime package. ;)
libvmime is a reverse dependency for the zarafa groupware we have
packaged and is currently waiting in the new queue.
The upstream maintainer of libvmime doesn't released a newer version
than 0.9.1 and so we have to fight with this old version (released
2010-11-16).
Peter Green has submitted a debdiff with a possibly solution that's seen
below. I'm not a security expert on those used functions inside libvmime
and found a another solution based on suggestions for upgrading to 3.4
[1] and created a patch that's appended.
Can you give us a suggestion how to handle this issues? I've seen a
similar solution like mine on the samba package upstream [5]. The zarafa
suite isn't using this parts of the libvmime package as they connect
locally to localhost. But the we have to provide a secure libvmime
package.
The full FTBFS log can be found here [2] for amd64. The source can be
found on [3] and the file that holds the deprecated functions can be
viewd on [4].
Thanks and regards
Carsten
[1] http://www.gnutls.org/manual/html_node/Upgrading-from-previous-versions.html#Upgrading-from-previous-versions
[2] https://buildd.debian.org/status/fetch.php?pkg=libvmime&arch=amd64&ver=0.9.1-4%2Bb1&stamp=1453493127
[3] https://anonscm.debian.org/cgit/pkg-giraffe/libvmime.git/tree/
[4] https://anonscm.debian.org/cgit/pkg-giraffe/libvmime.git/tree/src/net/tls/TLSSession.cpp
[5] https://lists.samba.org/archive/samba-technical/2015-April/107008.html
On Sun, Jan 31, 2016 at 11:33:16PM +0000, peter green wrote:
> >
> > net_tls_TLSSession.cpp:120:38: error: 'gnutls_certificate_type_set_priority' was not declared in this scope
> > (*m_gnutlsSession, certTypePriority);
> > ^
> > net_tls_TLSSession.cpp:131:68: error: 'gnutls_protocol_set_priority' was not declared in this scope
> > res = gnutls_protocol_set_priority(*m_gnutlsSession, protoPriority);
> > ^
> > net_tls_TLSSession.cpp:152:61: error: 'gnutls_cipher_set_priority' was not declared in this scope
> > gnutls_cipher_set_priority(*m_gnutlsSession, cipherPriority);
> > ^
> > net_tls_TLSSession.cpp:157:55: error: 'gnutls_mac_set_priority' was not declared in this scope
> > gnutls_mac_set_priority(*m_gnutlsSession, macPriority);
> > ^
> > net_tls_TLSSession.cpp:173:53: error: 'gnutls_kx_set_priority' was not declared in this scope
> > gnutls_kx_set_priority(*m_gnutlsSession, kxPriority);
> > ^
> > net_tls_TLSSession.cpp:184:71: error: 'gnutls_compression_set_priority' was not declared in this scope
> > gnutls_compression_set_priority(*m_gnutlsSession, compressionPriority);
>
>
> The gnutls_*_set_priority functions have been removed. According to.
> http://www.gnutls.org/manual/html_node/Upgrading-from-previous-versions.html
> the replacement is gnutls_priority_set_direct but in this case the settings
> used seem
> rather outdated anyway, so rather than converting I just removed them.
> (so gnutls will use it's defaults).
>
> I have uploaded my changes to raspbian stretch-staging. Debdiff attached, no
> intent to NMU in Debian.
>
> diff -Nru libvmime-0.9.1/debian/changelog libvmime-0.9.1/debian/changelog
> --- libvmime-0.9.1/debian/changelog 2015-09-22 17:33:22.000000000 +0000
> +++ libvmime-0.9.1/debian/changelog 2016-01-31 18:41:26.000000000 +0000
> @@ -1,3 +1,9 @@
> +libvmime (0.9.1-4+rpi1) stretch-staging; urgency=medium
> +
> + * Remove calls to gnutls_*_set_priority
> +
> + -- Peter Michael Green <plugwash at raspbian.org> Sun, 31 Jan 2016 18:41:14 +0000
> +
> libvmime (0.9.1-4) unstable; urgency=medium
>
> [ Carsten Schoenert ]
> diff -Nru libvmime-0.9.1/debian/patches/gnutls3.4.patch libvmime-0.9.1/debian/patches/gnutls3.4.patch
> --- libvmime-0.9.1/debian/patches/gnutls3.4.patch 1970-01-01 00:00:00.000000000 +0000
> +++ libvmime-0.9.1/debian/patches/gnutls3.4.patch 2016-01-31 18:41:03.000000000 +0000
> @@ -0,0 +1,102 @@
> +Description: remove calls to gnutls_*_set_priority
> + The gnutls_*_set_priority functions have been removed. According to
> + http://www.gnutls.org/manual/html_node/Upgrading-from-previous-versions.html
> + the replacement is gnutls_priority_set_direct but the settings used seem
> + rather outdated anyway, so rather than converting I just removed them.
> + (so gnutls will use it's defaults).
> +uthor: Peter Michael Green <plugwash at raspbian.org>
> +
> +---
> +The information above should follow the Patch Tagging Guidelines, please
> +checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
> +are templates for supplementary fields that you might want to add:
> +
> +Origin: <vendor|upstream|other>, <url of original patch>
> +Bug: <url in upstream bugtracker>
> +Bug-Debian: https://bugs.debian.org/<bugnumber>
> +Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
> +Forwarded: <no|not-needed|url proving that it has been forwarded>
> +Reviewed-By: <name and email of someone who approved the patch>
> +Last-Update: <YYYY-MM-DD>
> +
> +--- libvmime-0.9.1.orig/src/net/tls/TLSSession.cpp
> ++++ libvmime-0.9.1/src/net/tls/TLSSession.cpp
> +@@ -111,78 +111,6 @@ TLSSession::TLSSession(ref <security::ce
> + // macs and compression methods.
> + gnutls_set_default_priority(*m_gnutlsSession);
> +
> +- // Sets the priority on the certificate types supported by gnutls.
> +- // Priority is higher for types specified before others. After
> +- // specifying the types you want, you must append a 0.
> +- const int certTypePriority[] = { GNUTLS_CRT_X509, 0 };
> +-
> +- res = gnutls_certificate_type_set_priority
> +- (*m_gnutlsSession, certTypePriority);
> +-
> +- if (res < 0)
> +- {
> +- throwTLSException
> +- ("gnutls_certificate_type_set_priority", res);
> +- }
> +-
> +- // Sets the priority on the protocol types
> +- const int protoPriority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
> +-
> +- res = gnutls_protocol_set_priority(*m_gnutlsSession, protoPriority);
> +-
> +- if (res < 0)
> +- {
> +- throwTLSException
> +- ("gnutls_certificate_type_set_priority", res);
> +- }
> +-
> +- // Priority on the ciphers
> +- const int cipherPriority[] =
> +- {
> +- GNUTLS_CIPHER_ARCFOUR_128,
> +- GNUTLS_CIPHER_3DES_CBC,
> +- GNUTLS_CIPHER_AES_128_CBC,
> +- GNUTLS_CIPHER_AES_256_CBC,
> +- GNUTLS_CIPHER_ARCFOUR_40,
> +- GNUTLS_CIPHER_RC2_40_CBC,
> +- GNUTLS_CIPHER_DES_CBC,
> +- 0
> +- };
> +-
> +- gnutls_cipher_set_priority(*m_gnutlsSession, cipherPriority);
> +-
> +- // Priority on MACs
> +- const int macPriority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0};
> +-
> +- gnutls_mac_set_priority(*m_gnutlsSession, macPriority);
> +-
> +- // Priority on key exchange methods
> +- const int kxPriority[] =
> +- {
> +- GNUTLS_KX_RSA,
> +- GNUTLS_KX_DHE_DSS,
> +- GNUTLS_KX_DHE_RSA,
> +- GNUTLS_KX_ANON_DH,
> +- GNUTLS_KX_SRP,
> +- GNUTLS_KX_RSA_EXPORT,
> +- GNUTLS_KX_SRP_RSA,
> +- GNUTLS_KX_SRP_DSS,
> +- 0
> +- };
> +-
> +- gnutls_kx_set_priority(*m_gnutlsSession, kxPriority);
> +-
> +- // Priority on compression methods
> +- const int compressionPriority[] =
> +- {
> +- GNUTLS_COMP_ZLIB,
> +- //GNUTLS_COMP_LZO,
> +- GNUTLS_COMP_NULL,
> +- 0
> +- };
> +-
> +- gnutls_compression_set_priority(*m_gnutlsSession, compressionPriority);
> +-
> + // Initialize credentials
> + gnutls_credentials_set(*m_gnutlsSession,
> + GNUTLS_CRD_ANON, g_gnutlsGlobal.anonCred);
> diff -Nru libvmime-0.9.1/debian/patches/series libvmime-0.9.1/debian/patches/series
> --- libvmime-0.9.1/debian/patches/series 2015-09-22 17:33:22.000000000 +0000
> +++ libvmime-0.9.1/debian/patches/series 2016-01-31 18:37:47.000000000 +0000
> @@ -17,3 +17,4 @@
> debian/Adopt-changes-required-on-update-by-gnutls28-dev.patch
> debian/remove-reference-to-gcrypt.h-related-on-update-to-gn.patch
> adjust-configure.in-and-Makefile.am-to-recent-autoto.patch
> +gnutls3.4.patch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: replace-deprecated-gnutls-function-after-v3.4.0.patch
Type: text/x-diff
Size: 3409 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-giraffe-maintainers/attachments/20160201/33d7a18c/attachment-0001.patch>
More information about the Pkg-giraffe-maintainers
mailing list