Bug 79161 - libsoup-2.2.1 won't build after gnutls-1.1.23 upgrade
Bug#: 79161 Product:  Gentoo Linux Version: unspecified Platform: All
OS/Version: All Status: RESOLVED Severity: normal Priority: P2
Resolution: FIXED Assigned To: crypto@gentoo.org Reported By: swtaylor@gentoo.org
Component: Ebuilds
URL:  http://bugzilla.ximian.com/show_bug.cgi?id=57811
Summary: libsoup-2.2.1 won't build after gnutls-1.1.23 upgrade
Keywords:  
Status Whiteboard: 
Opened: 2005-01-22 17:01 0000
Description:   Opened: 2005-01-22 17:01 0000 
soup-gnutls.c: In function `verify_certificate':
soup-gnutls.c:64: error: `GNUTLS_CERT_NOT_TRUSTED' undeclared (first use in this function)
soup-gnutls.c:64: error: (Each undeclared identifier is reported only once
soup-gnutls.c:64: error: for each function it appears in.)
make[3]: *** [soup-gnutls.lo] Error 1

gnutls-1.1.23 only mentions that name in the changelog:
2003-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>
        * GNUTLS_CERT_NOT_TRUSTED was replaced by GNUTLS_CERT_INVALID, to
          avoid having two flags for the same thing.

gnutls-1.0.23 did define it:
./includes/gnutls/compat8.h:#define GNUTLS_CERT_NOT_TRUSTED GNUTLS_CERT_INVALID

I plan to nuke the GNUTLS_CERT_NOT_TRUSTED mention from libsoup, as its pretty
much not needed, and breaks building with the new gnutls.

------- Comment #1 From Scott Taylor (RETIRED) 2005-01-22 17:31:37 0000 ------- 
fixed in cvs.

has_version ">=net-libs/gnutls-1.1.23" && sed -e's|GNUTLS_CERT_NOT_TRUSTED|0|g' -i ${S}/libsoup/soup-gnutls.c

------- Comment #2 From foser (RETIRED) 2005-02-09 14:28:46 0000 ------- 
swtaylor, you are aware that your fix is breaking in 2 ways ?

1. it sets the def to 0, while it just should be reset to GNUTLS_CERT_INVALID (dunno why you choose to not do the obvious thing?)
2. it might break ABI compatability, if someone compiled this with an old enough version of gnutls and only later on upgrades gnutls there's the chance of a symbol missing. You should just always apply the patch (given that GNUTLS_CERT_INVALID has been around long enough).

------- Comment #3 From Daniel Black 2005-02-10 03:36:00 0000 ------- 
1. yes - doubly bad because GNUTLS_CERT_INVALID=2 - fixed now cause it was real
bad(tm)
2. unlikely. There has been two API changes from 1.0.23 to 1.2.0. Users would
of had to do a revdev-rebuild after the last upgrade.

Also:

In gnutls-1.0.23 and gnutls-1.0.17, GNUTLS_CERT_INVALID is a #defines of
GNUTLS_CERT_INVALID. They are set at compile time shouldn't be a problem.

fgrep -r GNUTLS_CERT_INVALID 
./usr/include/gnutls/gnutls.h:  GNUTLS_CERT_INVALID=2, /* will be set if the
certificate
./usr/include/gnutls/compat8.h:#define GNUTLS_CERT_NOT_TRUSTED
GNUTLS_CERT_INVALID

Fixed sed to: sed -e's|GNUTLS_CERT_NOT_TRUSTED|GNUTLS_CERT_INVALID|g'

This has been upstream for a while.

Any other issues?

------- Comment #4 From foser (RETIRED) 2005-02-10 06:00:06 0000 ------- 
point 2 might be unlikely (i already phrased it conservative in my initial
comment), but with the amount of users & resulting setups we have, why take the
chance ? The dep at least (the only form of control) is not exclusive enough.

------- Comment #5 From Daniel Black 2005-02-17 04:51:04 0000 ------- 
libsoup depend on >=app-crypt/gnutls-1.0.17?

------- Comment #6 From foser (RETIRED) 2005-02-18 06:32:46 0000 ------- 
hypothetical case (should be >=1.1.23 if you apply the patch conditionally, but
that doesn't make sense). Just always apply the patch, the conditional is
unneeded & a possible source of ABI problems later on.

------- Comment #7 From Daniel Black 2005-02-18 15:07:10 0000 ------- 
changed to use patch from upstream unconditionally.