tags 782469 +patch
thanks
I took a look at the code in conjunction with the migration instructions
that were linked in the bug report (thanks for linking to those).
The results of the call to gnutls_pubkey_get_verify_algorithm are
discarded, the code only checks if it succeeds or not. I guess it was
intended as some sort of sanity check. I replaced it with a call to
gnutls_x509_crt_get_signature_algorithm
I replaced the call to gnutls_pubkey_verify_hash with a call to
gnutls_pubkey_verify_hash2 filling in the new "algo" parameter with the
result of gnutls_x509_crt_get_signature_algorithm
The code now compiles and I don't think it's any more broken than it was
before but I have concerns about the code in general. It seems to have
been written on the assumption that the certificate signature algorithm
would always be sha1. I also have no idea how to test the package.
I have uploaded my changes to raspbian stretch-staging, debdiff attached
no intent to NMU in Debian.
diff -Nru efl-1.8.6/debian/changelog efl-1.8.6/debian/changelog
--- efl-1.8.6/debian/changelog 2015-12-16 04:39:05.000000000 +0000
+++ efl-1.8.6/debian/changelog 2016-01-31 17:11:10.000000000 +0000
@@ -1,3 +1,10 @@
+efl (1.8.6-2.3+rpi1) stretch-staging; urgency=medium
+
+ * Fix gnutls related build failure, but the code could still do with closer
+ inspection by someone more familiar with the code.
+
+ -- Peter Michael Green <plugw...@raspbian.org> Sun, 31 Jan 2016 17:10:41
+0000
+
efl (1.8.6-2.3) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru efl-1.8.6/debian/patches/gnutls3.4.diff
efl-1.8.6/debian/patches/gnutls3.4.diff
--- efl-1.8.6/debian/patches/gnutls3.4.diff 1970-01-01 00:00:00.000000000
+0000
+++ efl-1.8.6/debian/patches/gnutls3.4.diff 2016-01-31 17:17:38.000000000
+0000
@@ -0,0 +1,58 @@
+Description: Fix build with gnutls 3.4
+ gnutls_pubkey_get_verify_algorithm and gnutls_pubkey_verify_hash no longer
+ exist in gnutls 3.4. See
+ http://www.gnutls.org/manual/html_node/Upgrading-from-previous-versions.html
+
+ The results of the call to gnutls_pubkey_get_verify_algorithm are discarded,
+ the code only checks if it succeeds or not. I guess it was intended as some
+ sort of sanity check. I replaced it with a call to
+ gnutls_x509_crt_get_signature_algorithm
+
+ I replaced the call to gnutls_pubkey_verify_hash with a call to
+ gnutls_pubkey_verify_hash2 filling in the new "algo" parameter with the result
+ of gnutls_x509_crt_get_signature_algorithm
+
+ The code now compiles and I don't think it's any more broken than it was
+ before but I have concerns about the code in general. It seems to have an
+ implicit assuption that the certificate signature algorithm will be sha1.
+Author: Peter Michael Green <plugw...@raspbian.org>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: https://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- efl-1.8.6.orig/src/lib/eet/eet_cipher.c
++++ efl-1.8.6/src/lib/eet/eet_cipher.c
+@@ -681,7 +681,6 @@ eet_identity_check(const void *data_ba
+ gnutls_datum_t datum;
+ gnutls_datum_t signature;
+ gnutls_pubkey_t pubkey;
+- gnutls_digest_algorithm_t hash_algo;
+ unsigned char *hash;
+ gcry_md_hd_t md;
+ int err;
+@@ -718,11 +717,12 @@ eet_identity_check(const void *data_ba
+
+ if (gnutls_pubkey_import_x509(pubkey, cert, 0) < 0)
+ goto on_error;
+-
+- if (gnutls_pubkey_get_verify_algorithm(pubkey, &signature, &hash_algo) < 0)
++
++ int algo = gnutls_x509_crt_get_signature_algorithm(cert);
++ if (algo < 0)
+ goto on_error;
+
+- if (gnutls_pubkey_verify_hash(pubkey, 0, &datum, &signature) < 0)
++ if (gnutls_pubkey_verify_hash2(pubkey,algo, 0, &datum, &signature) < 0)
+ goto on_error;
+
+ if (sha1)
diff -Nru efl-1.8.6/debian/patches/series efl-1.8.6/debian/patches/series
--- efl-1.8.6/debian/patches/series 2015-12-16 04:39:40.000000000 +0000
+++ efl-1.8.6/debian/patches/series 2016-01-31 17:14:43.000000000 +0000
@@ -4,3 +4,4 @@
04_eina_suite_lockup.diff
05_no_xprint_support.diff
giflib5.diff
+gnutls3.4.diff