Subject: pkg/29462: gnutls-1.2.0 breaks net/libsoup-devel and mail/wmbiff
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <reilles@loria.fr>
List: pkgsrc-bugs
Date: 02/20/2005 13:25:00
>Number:         29462
>Category:       pkg
>Synopsis:       gnutls-1.2.0 breaks net/libsoup-devel and mail/wmbiff
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Feb 20 13:25:00 +0000 2005
>Originator:     Antoine Reilles
>Release:        NetBSD 2.99.15
>Organization:
	
>Environment:
	
	
System: NetBSD arcelot.loria.fr 2.99.15 NetBSD 2.99.15 (MYKERNEL) #1: Thu Feb 10 11:31:16 CET 2005 tonio@arcelot.loria.fr:/usr/obj/sys/arch/i386/compile/MYKERNEL i386
Architecture: i386
Machine: i386
>Description:
gnutls-1.2.0 breaks net/libsoup-devel and mail/wmbiff

This is due to a change in gnutls flags, from GNUTLS_CERT_NOT_TRUSTED to
GNUTLS_CERT_INVALID. the log message in gnutls cvs repository says:
"GNUTLS_CERT_NOT_TRUSTED was replaced by GNUTLS_CERT_INVALID, to avoid      
 having two flags for the same thing."                                     

net/libsoup-devel and mail/wmbiff still use this flag, so they fail to compile.
This is annoying, since gnome-base depends on net/libsoup-devel

>How-To-Repeat:
update security/gnutls, and then try to make net/libsoup-devel or mail/wmbiff
>Fix:
I managed to build net/libsoup-devel and mail/wmbiff by simply patching them to
remove mention to GNUTLS_CERT_NOT_TRUSTED. However, i'm not sure it is the good
way to do it.

I added the patches/patch-aa to net/libsoup-devel:

--- libsoup/soup-gnutls.c.orig	2005-02-19 19:30:47.000000000 +0100
+++ libsoup/soup-gnutls.c	2005-02-19 19:31:13.000000000 +0100
@@ -61,7 +61,6 @@
 	}
 
 	if (status & GNUTLS_CERT_INVALID ||
-	    status & GNUTLS_CERT_NOT_TRUSTED ||
 	    status & GNUTLS_CERT_REVOKED)
 	{
 		g_warning ("The certificate is not trusted.");

make makepathsum, and then it compiles without problems (and all the thing depending on libsoup-devel too.

also, for mail/wmbiff, i added the patches/patch-ac:

--- wmbiff/tlsComm.c.orig	2005-02-19 19:33:11.000000000 +0100
+++ wmbiff/tlsComm.c	2005-02-19 19:35:40.000000000 +0100
@@ -407,10 +407,6 @@
 							"server's certificate is invalid or not X.509.\n"
 							"there may be a problem with the certificate stored in your certfile\n");
 		}
-	} else if (certstat & GNUTLS_CERT_NOT_TRUSTED) {
-		TDM(DEBUG_INFO, "server's certificate is not trusted.\n");
-		TDM(DEBUG_INFO,
-			"to verify that a certificate is trusted, use the certfile option.\n");
 	}
 
 	if (gnutls_x509_crt_init(&cert) < 0) {

make makpatchsum, and it builds fine

>Unformatted: