First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 79161
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Crypto team <crypto@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Scott Taylor (RETIRED) <swtaylor@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 79161 depends on: Show dependency tree
Bug 79161 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-01-22 17:01 0000 
soup-gnutls.c: In function `verify_certificate':
soup-gnutls.c:64: error: `GNUTLS_CERT_NOT_TRUSTED' undeclared (first use in this function)
soup-gnutls.c:64: error: (Each undeclared identifier is reported only once
soup-gnutls.c:64: error: for each function it appears in.)
make[3]: *** [soup-gnutls.lo] Error 1

gnutls-1.1.23 only mentions that name in the changelog:
2003-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>
        * GNUTLS_CERT_NOT_TRUSTED was replaced by GNUTLS_CERT_INVALID, to
          avoid having two flags for the same thing.

gnutls-1.0.23 did define it:
./includes/gnutls/compat8.h:#define GNUTLS_CERT_NOT_TRUSTED GNUTLS_CERT_INVALID

I plan to nuke the GNUTLS_CERT_NOT_TRUSTED mention from libsoup, as its pretty
much not needed, and breaks building with the new gnutls.

------- Comment #1 From Scott Taylor (RETIRED) 2005-01-22 17:31:37 0000 ------- 
fixed in cvs.

has_version ">=net-libs/gnutls-1.1.23" && sed -e's|GNUTLS_CERT_NOT_TRUSTED|0|g' -i ${S}/libsoup/soup-gnutls.c

------- Comment #2 From foser (RETIRED) 2005-02-09 14:28:46 0000 ------- 
swtaylor, you are aware that your fix is breaking in 2 ways ?

1. it sets the def to 0, while it just should be reset to GNUTLS_CERT_INVALID (dunno why you choose to not do the obvious thing?)
2. it might break ABI compatability, if someone compiled this with an old enough version of gnutls and only later on upgrades gnutls there's the chance of a symbol missing. You should just always apply the patch (given that GNUTLS_CERT_INVALID has been around long enough).

------- Comment #3 From Daniel Black 2005-02-10 03:36:00 0000 ------- 
1. yes - doubly bad because GNUTLS_CERT_INVALID=2 - fixed now cause it was real
bad(tm)
2. unlikely. There has been two API changes from 1.0.23 to 1.2.0. Users would
of had to do a revdev-rebuild after the last upgrade.

Also:

In gnutls-1.0.23 and gnutls-1.0.17, GNUTLS_CERT_INVALID is a #defines of
GNUTLS_CERT_INVALID. They are set at compile time shouldn't be a problem.

fgrep -r GNUTLS_CERT_INVALID 
./usr/include/gnutls/gnutls.h:  GNUTLS_CERT_INVALID=2, /* will be set if the
certificate
./usr/include/gnutls/compat8.h:#define GNUTLS_CERT_NOT_TRUSTED
GNUTLS_CERT_INVALID

Fixed sed to: sed -e's|GNUTLS_CERT_NOT_TRUSTED|GNUTLS_CERT_INVALID|g'

This has been upstream for a while.

Any other issues?

------- Comment #4 From foser (RETIRED) 2005-02-10 06:00:06 0000 ------- 
point 2 might be unlikely (i already phrased it conservative in my initial
comment), but with the amount of users & resulting setups we have, why take the
chance ? The dep at least (the only form of control) is not exclusive enough.

------- Comment #5 From Daniel Black 2005-02-17 04:51:04 0000 ------- 
libsoup depend on >=app-crypt/gnutls-1.0.17?

------- Comment #6 From foser (RETIRED) 2005-02-18 06:32:46 0000 ------- 
hypothetical case (should be >=1.1.23 if you apply the patch conditionally, but
that doesn't make sense). Just always apply the patch, the conditional is
unneeded & a possible source of ABI problems later on.

------- Comment #7 From Daniel Black 2005-02-18 15:07:10 0000 ------- 
changed to use patch from upstream unconditionally.
First Last Prev Next    No search results available      Search page      Enter new bug