net-p2p/fms-0.3.71 cannot compile with upgraded net-libs/polarssl-1.3.0 After upgrading to net-libs/polarssl-1.3.0 because of: http://www.gentoo.org/security/en/glsa/glsa-201310-10.xml FMS (with frost support) fails to compile near the end: [ 98%] Building CXX object CMakeFiles/fms.dir/src/freenet/frostidentity.o /usr/bin/i686-pc-linux-gnu-g++ -DDO_CHARSET_CONVERSION -DFROST_SUPPORT -DPOCO_HAVE_IPv6 -DNDEBUG -O3 -march=pentium-m -pipe -fomit-frame-pointer -o CMakeFiles/fms.dir/src/freenet/frostidentity.o -c /va r/tmp/portage/net-p2p/fms-0.3.71/work/src/freenet/frostidentity.cpp /var/tmp/portage/net-p2p/fms-0.3.71/work/src/freenet/frostidentity.cpp: In member function ‘const bool FrostIdentity::VerifySignature(const std::vector<unsigned char, std::allocator<unsigned char> >&, const std::string&)’: /var/tmp/portage/net-p2p/fms-0.3.71/work/src/freenet/frostidentity.cpp:97: error: ‘SIG_RSA_SHA1’ was not declared in this scope Reproducible: Always
Please attach the entire build log to this bug report.
No need. It seems to be an upstream issue, not supporting the new polarssl. I tried: #include <polarssl/compat-1.2.h> ... which contained a definition for SIG_RSA_SHA1, but just ended up with more obvious compile-type warnings about functions needing to be changed/updated. However it does still compile without frost support, USE=-frost
Bump. Can someone contact upstream (SomeDude) to fix this situation with polarssl? Is he aware of the security vulnerabilities with polarssl < 1.3.0?
Created attachment 363780 [details, diff] polarssl-1.3.0 compatibility fix I think this simple patch fixes things.
for now i masked the frost USE flag Once i checked if there was any report in the fms board, i may report this issue there for SomeDude to respond. As a side note: You should be able to do that yourself, no need to wait for the ebuild maintainer for an upstream report, if you are sure that the issue is an upstream issue.
Any word from upstream? In the meantime, the patch still works with fms 0.3.73. Perhaps we should simply apply the patch instead of masking the USE flag?
Bump. This patch still works with net-p2p/fms-0.3.75, and is required to be able to compile with USE=frost. (There's no need to mask the use flag.)
I dont think that use mask (default/linux/package.use.mask:net-p2p/fms frost) is required any more with 0.3.79?
This is probably outdated by now, latest version of fms does not longer use polarssl, but instead depends on mbedtls. If the issue is still there for mbedtls, please open a new bug.