tags 782801 +patch
thanks
This now fixed in upstream GIT, see
958f5f9e4ba752ca3e4045c09618579eae74f219 GNUTLS 3.4 compartibility.
7857ccafe14848d8378272421d2e49c3b351334b GNUTLS version 3.4.4 and newer
compartibility
After some googling I managed to find said upstream git repo
http://libre.adacore.com/tools/aws/
git clone --recursive http://forge.open-do.org/anonscm/git/aws/aws.gi
I was then able to extract the two commits mentioned above and apply
them as patches to the Debian packaging with a little bit of tweaking.
Unfortunatley the result of doing so failed to build (in a raspbian
stretch-staging chroot but I doubt that matters much) with
/libaws-3.2.0/debian/build_aws_obj_dynamic/ssl-thin__gnutls.o: In
function `ssl__thin___elabs':
/libaws-3.2.0/config/ssl/ssl-thin__gnutls.ads:1471: undefined
reference to `_AWS_GNUTLS_SEC_PARAM_NORMAL'
collect2: error: ld returned 1 exit status
Turns out that the gnutls build path now has a wrappers.c (previously
the openssl one did but the gnutls one didn't). Since debian/rules
doesn't use the upstream buildsystem this required a little tweaking to
debian/rules.
With that I got a succesful build in raspbian stretch-staging which I
have uploaded to there. Debdiff attatched, no intent to NMU in debian.
diff -Nru libaws-3.2.0/debian/changelog libaws-3.2.0/debian/changelog
--- libaws-3.2.0/debian/changelog 2014-10-06 21:31:41.000000000 +0000
+++ libaws-3.2.0/debian/changelog 2016-01-30 00:04:32.000000000 +0000
@@ -1,3 +1,11 @@
+libaws (3.2.0-3+rpi1) stretch-staging; urgency=medium
+
+ * Add patches based on upstream commits to fix build with new gnutls
+ (Closes: 782801)
+ * Tweak debian/rules to build wrappers.c when building with gnutls.
+
+ -- Peter Michael Green <plugw...@raspbian.org> Fri, 29 Jan 2016 23:40:28
+0000
+
libaws (3.2.0-3) unstable; urgency=medium
* Move source package to section libs, raise -bin and -doc binary packages
diff -Nru libaws-3.2.0/debian/patches/gnutls3.4.4.diff
libaws-3.2.0/debian/patches/gnutls3.4.4.diff
--- libaws-3.2.0/debian/patches/gnutls3.4.4.diff 1970-01-01
00:00:00.000000000 +0000
+++ libaws-3.2.0/debian/patches/gnutls3.4.4.diff 2016-01-29
22:12:29.000000000 +0000
@@ -0,0 +1,66 @@
+This patch is based on the git commit described below and was refreshed against
+the Debian package by Peter Michael Green.
+
+commit 7857ccafe14848d8378272421d2e49c3b351334b
+Author: Dmitriy Anisimkov <anisim...@ada-ru.org>
+Date: Fri Sep 25 12:12:20 2015 +0600
+
+ GNUTLS version 3.4.4 and newer compartibility.
+
+ * config/ssl/ssl-thin__gnutls.ads:
+ More session flags.
+
+ * config/ssl/aws-net-ssl__gnutls.adb:
+ Use GNUTLS_NO_EXTENSIONS session flag when ticket support is not necessary.
+
+Index: libaws-3.2.0/config/ssl/aws-net-ssl__gnutls.adb
+===================================================================
+--- libaws-3.2.0.orig/config/ssl/aws-net-ssl__gnutls.adb
++++ libaws-3.2.0/config/ssl/aws-net-ssl__gnutls.adb
+@@ -1646,7 +1646,11 @@ package body AWS.Net.SSL is
+ Check_Config (Socket);
+
+ Check_Error_Code
+- (gnutls_init (Socket.SSL'Access, GNUTLS_CLIENT), Socket);
++ (gnutls_init
++ (Socket.SSL'Access,
++ GNUTLS_CLIENT + (if Socket.Config.Ticket_Support then 0
++ else GNUTLS_NO_EXTENSIONS)),
++ Socket);
+
+ if Socket.Config.Ticket_Support then
+ Check_Error_Code (gnutls_session_ticket_enable_client (Socket.SSL));
+@@ -1744,7 +1748,11 @@ package body AWS.Net.SSL is
+ end if;
+
+ Check_Error_Code
+- (gnutls_init (Socket.SSL'Access, GNUTLS_SERVER), Socket);
++ (gnutls_init
++ (Socket.SSL'Access,
++ GNUTLS_SERVER + (if Socket.Config.Ticket_Support then 0
++ else GNUTLS_NO_EXTENSIONS)),
++ Socket);
+
+ if Socket.Config.Ticket_Support then
+ Check_Error_Code
+Index: libaws-3.2.0/config/ssl/ssl-thin__gnutls.ads
+===================================================================
+--- libaws-3.2.0.orig/config/ssl/ssl-thin__gnutls.ads
++++ libaws-3.2.0/config/ssl/ssl-thin__gnutls.ads
+@@ -177,10 +177,12 @@ package SSL.Thin is
+ GNUTLS_CRD_PSK : constant gnutls_credentials_type_t := 4;
+ GNUTLS_CRD_IA : constant gnutls_credentials_type_t := 5;
+
+- GNUTLS_SERVER : constant C.unsigned := 1;
+- GNUTLS_CLIENT : constant C.unsigned := 2;
+- GNUTLS_DATAGRAM : constant C.unsigned := 4;
+- GNUTLS_NONBLOCK : constant C.unsigned := 8;
++ GNUTLS_SERVER : constant C.unsigned := 1;
++ GNUTLS_CLIENT : constant C.unsigned := 2;
++ GNUTLS_DATAGRAM : constant C.unsigned := 4;
++ GNUTLS_NONBLOCK : constant C.unsigned := 8;
++ GNUTLS_NO_EXTENSIONS : constant C.unsigned := 16;
++ GNUTLS_NO_REPLAY_PROTECTION : constant C.unsigned := 32;
+
+ type gnutls_certificate_verify_flags is new C.int;
+ subtype certificate_verify_flags is gnutls_certificate_verify_flags;
diff -Nru libaws-3.2.0/debian/patches/gnutls3.4.diff
libaws-3.2.0/debian/patches/gnutls3.4.diff
--- libaws-3.2.0/debian/patches/gnutls3.4.diff 1970-01-01 00:00:00.000000000
+0000
+++ libaws-3.2.0/debian/patches/gnutls3.4.diff 2016-01-29 22:11:36.000000000
+0000
@@ -0,0 +1,271 @@
+This patch is based on the git commit described below with modifications by
+plugwash to make it apply to the Debian package.
+
+commit 958f5f9e4ba752ca3e4045c09618579eae74f219
+Author: Dmitriy Anisimkov <anisim...@ada-ru.org>
+Date: Wed Sep 23 19:09:32 2015 +0600
+
+ GNUTLS 3.4 compartibility.
+
+ * config/ssl/ssl-thin__gnutls.ads:
+ (GNUTLS_SEC_PARAM_*): constants imported from C wrapper.
+ (gnutls_rsa_params_t): became subtype of gnutls_x509_privkey_t.
+ (gnutls_certificate_set_rsa_export_params): Removed.
+ (gnutls_rsa_params_init): Removed.
+ (gnutls_rsa_params_deinit): Removed.
+ (gnutls_rsa_params_cpy): Removed.
+ (gnutls_rsa_params_import_raw): Removed.
+ (gnutls_rsa_params_generate2): Removed.
+ (gnutls_rsa_params_export_raw): Removed.
+ (gnutls_rsa_params_import_pkcs1): Removed.
+ (gnutls_x509_privkey_generate): New bound routine.
+
+ * ssl/ssl.gpr, config/ssl/gnutls/wrappers.c:
+ C wrapper for GNUTLS_SEC_PARAM_* constants.
+
+ * config/ssl/aws-net-ssl__gnutls.adb:
+ (Generate_RSA): Use gnutls_x509_privkey_generate instead of
+ obsolete gnutls_rsa_params_generate2.
+
+Index: libaws-3.2.0/config/ssl/aws-net-ssl__gnutls.adb
+===================================================================
+--- libaws-3.2.0.orig/config/ssl/aws-net-ssl__gnutls.adb
++++ libaws-3.2.0/config/ssl/aws-net-ssl__gnutls.adb
+@@ -859,14 +859,14 @@ package body AWS.Net.SSL is
+ return;
+ end if;
+
+- Check_Error_Code (TSSL.gnutls_rsa_params_init (New_One'Access));
++ Check_Error_Code (TSSL.gnutls_x509_privkey_init (New_One'Access));
+ Check_Error_Code
+- (TSSL.gnutls_rsa_params_generate2
+- (New_One,
++ (TSSL.gnutls_x509_privkey_generate
++ (New_One, TSSL.GNUTLS_PK_RSA,
+ TSSL.gnutls_sec_param_to_pk_bits
+- (TSSL.GNUTLS_PK_RSA, TSSL.GNUTLS_SEC_PARAM_NORMAL)));
++ (TSSL.GNUTLS_PK_RSA, TSSL.GNUTLS_SEC_PARAM_NORMAL), 0));
+
+- TSSL.gnutls_rsa_params_deinit (RSA_Params (1));
++ TSSL.gnutls_x509_privkey_deinit (RSA_Params (1));
+
+ RSA_Params (1) := RSA_Params (0);
+ RSA_Params (0) := New_One;
+Index: libaws-3.2.0/config/ssl/gnutls/wrappers.c
+===================================================================
+--- /dev/null
++++ libaws-3.2.0/config/ssl/gnutls/wrappers.c
+@@ -0,0 +1,46 @@
++/***************************************************************************
++ * Ada Web Server *
++ * *
++ * Copyright (C) 2015, AdaCore *
++ * *
++ * This library is free software; you can redistribute it and/or modify *
++ * it under the terms of the GNU General Public License as published by *
++ * the Free Software Foundation; either version 2 of the License, or (at *
++ * your option) any later version. *
++ * *
++ * This library is distributed in the hope that it will be useful, but *
++ * WITHOUT ANY WARRANTY; without even the implied warranty of *
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
++ * General Public License for more details. *
++ * *
++ * You should have received a copy of the GNU General Public License *
++ * along with this library; if not, write to the Free Software Foundation, *
++ * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
++ * *
++ * As a special exception, if other files instantiate generics from this *
++ * unit, or you link this unit with other files to produce an executable, *
++ * this unit does not by itself cause the resulting executable to be *
++ * covered by the GNU General Public License. This exception does not *
++ * however invalidate any other reasons why the executable file might be *
++ * covered by the GNU Public License. *
++ ***************************************************************************/
++
++/* This wrappers is neccessary because the constants GNUTLS_SEC_PARAM_*
changed
++ * in GNUTLS version 3.4. We could use this constants directly when decide to
++ * complete support of the GNUTLS versions earlier then 3.4.
++ */
++
++#include <gnutls/gnutls.h>
++#define AWS_EXPORT(c) extern const int _AWS_##c; \
++ const int _AWS_##c = c;
++
++AWS_EXPORT(GNUTLS_SEC_PARAM_INSECURE);
++AWS_EXPORT(GNUTLS_SEC_PARAM_EXPORT);
++AWS_EXPORT(GNUTLS_SEC_PARAM_VERY_WEAK);
++AWS_EXPORT(GNUTLS_SEC_PARAM_WEAK);
++AWS_EXPORT(GNUTLS_SEC_PARAM_UNKNOWN);
++AWS_EXPORT(GNUTLS_SEC_PARAM_LOW);
++AWS_EXPORT(GNUTLS_SEC_PARAM_LEGACY);
++AWS_EXPORT(GNUTLS_SEC_PARAM_NORMAL);
++AWS_EXPORT(GNUTLS_SEC_PARAM_HIGH);
++AWS_EXPORT(GNUTLS_SEC_PARAM_ULTRA);
+Index: libaws-3.2.0/config/ssl/ssl-thin__gnutls.ads
+===================================================================
+--- libaws-3.2.0.orig/config/ssl/ssl-thin__gnutls.ads
++++ libaws-3.2.0/config/ssl/ssl-thin__gnutls.ads
+@@ -335,29 +335,32 @@ package SSL.Thin is
+ GNUTLS_SIGN_RSA_MD2 : constant gnutls_sign_algorithm_t := 4;
+ GNUTLS_SIGN_UNKNOWN : constant gnutls_sign_algorithm_t := 255;
+
+- type gnutls_sec_param_t is
+- (GNUTLS_SEC_PARAM_INSECURE,
+- GNUTLS_SEC_PARAM_EXPORT,
+- GNUTLS_SEC_PARAM_VERY_WEAK,
+- GNUTLS_SEC_PARAM_WEAK,
+- GNUTLS_SEC_PARAM_UNKNOWN,
+- GNUTLS_SEC_PARAM_LOW,
+- GNUTLS_SEC_PARAM_LEGACY,
+- GNUTLS_SEC_PARAM_NORMAL,
+- GNUTLS_SEC_PARAM_HIGH,
+- GNUTLS_SEC_PARAM_ULTRA);
+- for gnutls_sec_param_t use
+- (GNUTLS_SEC_PARAM_INSECURE => -20,
+- GNUTLS_SEC_PARAM_EXPORT => -15,
+- GNUTLS_SEC_PARAM_VERY_WEAK => -12,
+- GNUTLS_SEC_PARAM_WEAK => -10,
+- GNUTLS_SEC_PARAM_UNKNOWN => 0,
+- GNUTLS_SEC_PARAM_LOW => 1,
+- GNUTLS_SEC_PARAM_LEGACY => 2,
+- GNUTLS_SEC_PARAM_NORMAL => 3,
+- GNUTLS_SEC_PARAM_HIGH => 4,
+- GNUTLS_SEC_PARAM_ULTRA => 5);
+- for gnutls_sec_param_t'Size use C.int'Size;
++ type gnutls_sec_param_t is new C.int;
++ GNUTLS_SEC_PARAM_UNKNOWN : constant gnutls_sec_param_t with Import,
++ Convention => C, External_Name => "_AWS_GNUTLS_SEC_PARAM_UNKNOWN";
++ GNUTLS_SEC_PARAM_INSECURE : constant gnutls_sec_param_t with Import,
++ Convention => C, External_Name => "_AWS_GNUTLS_SEC_PARAM_INSECURE";
++ GNUTLS_SEC_PARAM_EXPORT : constant gnutls_sec_param_t with Import,
++ Convention => C, External_Name => "_AWS_GNUTLS_SEC_PARAM_EXPORT";
++ GNUTLS_SEC_PARAM_VERY_WEAK : constant gnutls_sec_param_t with Import,
++ Convention => C, External_Name => "_AWS_GNUTLS_SEC_PARAM_VERY_WEAK";
++ GNUTLS_SEC_PARAM_WEAK : constant gnutls_sec_param_t with Import,
++ Convention => C, External_Name => "_AWS_GNUTLS_SEC_PARAM_WEAK";
++ GNUTLS_SEC_PARAM_LOW : constant gnutls_sec_param_t with Import,
++ Convention => C, External_Name => "_AWS_GNUTLS_SEC_PARAM_LOW";
++ GNUTLS_SEC_PARAM_LEGACY : constant gnutls_sec_param_t with Import,
++ Convention => C, External_Name => "_AWS_GNUTLS_SEC_PARAM_LEGACY";
++ GNUTLS_SEC_PARAM_MEDIUM : constant gnutls_sec_param_t with Import,
++ Convention => C, External_Name => "_AWS_GNUTLS_SEC_PARAM_NORMAL";
++ -- MEDIUM parameter imported as NORMAL for compartibility with different
++ -- GNUTLS versions. MEDIUM appeared at GNUTLS version 3.3.
++ GNUTLS_SEC_PARAM_HIGH : constant gnutls_sec_param_t with Import,
++ Convention => C, External_Name => "_AWS_GNUTLS_SEC_PARAM_HIGH";
++ GNUTLS_SEC_PARAM_ULTRA : constant gnutls_sec_param_t with Import,
++ Convention => C, External_Name => "_AWS_GNUTLS_SEC_PARAM_ULTRA";
++
++ GNUTLS_SEC_PARAM_NORMAL : constant gnutls_sec_param_t :=
++ GNUTLS_SEC_PARAM_MEDIUM;
+
+ type gnutls_params_type_t is new C.int;
+ GNUTLS_PARAMS_RSA_EXPORT : constant gnutls_params_type_t := 1;
+@@ -384,7 +387,6 @@ package SSL.Thin is
+
+ type gnutls_session_t is access all STRUCT_DSTRUCT;
+ type gnutls_dh_params_t is access all STRUCT_DSTRUCT;
+- type gnutls_rsa_params_t is access all STRUCT_DSTRUCT;
+ type gnutls_ecdh_params_t is access all STRUCT_DSTRUCT;
+ type gnutls_certificate_credentials_t is access all STRUCT_DSTRUCT;
+ type gnutls_anon_server_credentials_t is access all STRUCT_DSTRUCT;
+@@ -403,6 +405,7 @@ package SSL.Thin is
+ type gnutls_privkey_t is access all STRUCT_DSTRUCT;
+ type gnutls_priority_t is access all STRUCT_DSTRUCT;
+
++ subtype gnutls_rsa_params_t is gnutls_x509_privkey_t;
+ type gnutls_retr_st is record
+ cert_type : gnutls_certificate_type_t;
+ cert_x509 : a_gnutls_x509_crt_t;
+@@ -951,11 +954,6 @@ package SSL.Thin is
+ p2 : gnutls_dh_params_t)
+ with Import, Convention => C;
+
+- procedure gnutls_certificate_set_rsa_export_params
+- (res : gnutls_certificate_credentials_t;
+- rsa_params : gnutls_rsa_params_t)
+- with Import, Convention => C;
+-
+ procedure gnutls_certificate_set_verify_flags
+ (res : gnutls_certificate_credentials_t;
+ flags : C.unsigned)
+@@ -1050,6 +1048,12 @@ package SSL.Thin is
+ (key : access gnutls_x509_privkey_t) return C.int
+ with Import, Convention => C;
+
++ function gnutls_x509_privkey_generate
++ (key : gnutls_x509_privkey_t;
++ algo : gnutls_pk_algorithm_t;
++ bits : C.unsigned;
++ flags : C.unsigned) return C.int with Import, Convention => C;
++
+ procedure gnutls_x509_privkey_deinit (key : gnutls_x509_privkey_t)
+ with Import, Convention => C;
+
+@@ -1201,50 +1205,6 @@ package SSL.Thin is
+ src : gnutls_dh_params_t) return C.int
+ with Import, Convention => C;
+
+- function gnutls_rsa_params_init
+- (rsa_params : access gnutls_rsa_params_t) return C.int
+- with Import, Convention => C;
+-
+- procedure gnutls_rsa_params_deinit (rsa_params : gnutls_rsa_params_t)
+- with Import, Convention => C;
+-
+- function gnutls_rsa_params_cpy
+- (dst : gnutls_rsa_params_t;
+- src : gnutls_rsa_params_t) return C.int
+- with Import, Convention => C;
+-
+- function gnutls_rsa_params_import_raw
+- (rsa_params : gnutls_rsa_params_t;
+- m : a_gnutls_datum_t;
+- e : a_gnutls_datum_t;
+- d : a_gnutls_datum_t;
+- p : a_gnutls_datum_t;
+- q : a_gnutls_datum_t;
+- u : a_gnutls_datum_t) return C.int
+- with Import, Convention => C;
+-
+- function gnutls_rsa_params_generate2
+- (params : gnutls_rsa_params_t;
+- bits : C.unsigned) return C.int
+- with Import, Convention => C;
+-
+- function gnutls_rsa_params_export_raw
+- (params : gnutls_rsa_params_t;
+- m : a_gnutls_datum_t;
+- e : a_gnutls_datum_t;
+- d : a_gnutls_datum_t;
+- p : a_gnutls_datum_t;
+- q : a_gnutls_datum_t;
+- u : a_gnutls_datum_t;
+- bits : access C.unsigned) return C.int
+- with Import, Convention => C;
+-
+- function gnutls_rsa_params_import_pkcs1
+- (params : gnutls_rsa_params_t;
+- pkcs1_params : a_gnutls_datum_t;
+- format : gnutls_x509_crt_fmt_t) return C.int
+- with Import, Convention => C;
+-
+ function gnutls_transport_get_ptr
+ (session : gnutls_session_t) return gnutls_transport_ptr_t
+ with Import, Convention => C;
+Index: libaws-3.2.0/ssl/ssl.gpr
+===================================================================
+--- libaws-3.2.0.orig/ssl/ssl.gpr
++++ libaws-3.2.0/ssl/ssl.gpr
+@@ -28,8 +28,8 @@ library project SSL is
+ for Languages use ("Ada", "Project file");
+ for Source_Dirs use (".", "../config/ssl");
+ when "gnutls" =>
+- for Languages use ("Ada", "Project file");
+- for Source_Dirs use (".", "../config/ssl");
++ for Languages use ("Ada", "Project file", "C");
++ for Source_Dirs use (".", "../config/ssl", "../config/ssl/gnutls");
+ when others =>
+ for Languages use ("Ada", "Project file", "C");
+ for Source_Dirs use (".", "../config/ssl", "../config/ssl/openssl");
diff -Nru libaws-3.2.0/debian/patches/series libaws-3.2.0/debian/patches/series
--- libaws-3.2.0/debian/patches/series 2014-10-06 21:20:44.000000000 +0000
+++ libaws-3.2.0/debian/patches/series 2016-01-29 22:08:33.000000000 +0000
@@ -4,6 +4,9 @@
noisy_style_warnings.diff
build_flags_doc_gen.diff
+gnutls3.4.diff
+gnutls3.4.4.diff
+
# These patches may be useful if we ever attempt to use upstream build
# system (see libaws-doc.TODO).
# no_silent_makefile.diff
diff -Nru libaws-3.2.0/debian/rules libaws-3.2.0/debian/rules
--- libaws-3.2.0/debian/rules 2014-10-06 21:20:44.000000000 +0000
+++ libaws-3.2.0/debian/rules 2016-01-30 00:05:39.000000000 +0000
@@ -89,17 +89,20 @@
######################################################################
# Compile C sources from config/ssl/openssl (currently, only
# wrappers.c) as described in build_aws.gpr.
-AWS_C_SRC_DIR := config/ssl/openssl
+ifeq ($(SSL),openssl)
+ AWS_C_SRC_DIR := config/ssl/openssl
+else
+ AWS_C_SRC_DIR := config/ssl/gnutls
+endif
AWS_C_OBJ_DIR_D := debian/build_aws_obj_dynamic
AWS_C_OBJ_DIR_S := debian/build_aws_obj_static
AWS_C_SRCS := $(wildcard $(AWS_C_SRC_DIR)/*.c)
AWS_C_OBJS_D := $(patsubst
$(AWS_C_SRC_DIR)/%.c,$(AWS_C_OBJ_DIR_D)/%.o,$(AWS_C_SRCS))
AWS_C_OBJS_S := $(patsubst
$(AWS_C_SRC_DIR)/%.c,$(AWS_C_OBJ_DIR_S)/%.o,$(AWS_C_SRCS))
-ifeq ($(SSL),openssl)
- build-aws-dynamic: $(AWS_C_OBJS_D)
- build-aws-static : $(AWS_C_OBJS_S)
-endif
+build-aws-dynamic: $(AWS_C_OBJS_D)
+build-aws-static : $(AWS_C_OBJS_S)
+
$(AWS_C_OBJS_D): $(AWS_C_OBJ_DIR_D)/%.o: $(AWS_C_SRC_DIR)/%.c
$(CC) -c -fPIC $(CFLAGS) $(CPPFLAGS) $< -o $@
$(AWS_C_OBJS_S): $(AWS_C_OBJ_DIR_S)/%.o: $(AWS_C_SRC_DIR)/%.c
