Bug#828457: nodejs: FTBFS with openssl 1.1.0
Package: nodejs Version: 4.6.1~dfsg-1 Followup-For: Bug #828457 Control: reopen -1 This bug has been fixed in nodejs 6.9.2~dfsg-1, which is in experimental, node in testing. Reopening, then. Jérémy
Bug#828457: nodejs: FTBFS with openssl 1.1.0
2016-11-03 17:49 GMT+01:00 Kurt Roeckx: > On Thu, Nov 03, 2016 at 10:42:50AM -0400, Sandro Tosi wrote: >> On Sun, 11 Sep 2016 20:10:53 +0200 =?UTF-8?B?SsOpcsOpbXkgTGFs?= >> wrote: >> > 2016-09-11 14:25 GMT+02:00 Kurt Roeckx : >> > >> > > tags 828457 + patch >> > > >> > > A patch for it is available at: >> > > https://github.com/nodejs/node/pull/8491 >> > > >> > > >> > Wonderful, and thank you. >> > I'll upload nodejs 6.x in experimental with your patch applied. >> >> Hello Jérémy, it looks like in 6.8.0 you decided to go in the opposite >> direction ad "Build-Depends openssl 1.0.2 (Closes: #821403)" - is this >> patch still something you plan to apply to the experimental version of >> nodejs? any plan to move 6.x to unstable and/or get this bug fixed in >> sid? thanks! > > Note that at least 1 problem has been pointed out in the pull > request. And I understand that they did other changes to make it > work, but I didn't really have time to look at it again. > Hello, i tried to backport the patches to node 6.9.2 - you can actually run the tests from the gbp repo's master-6.x branch. Patches are in debian/patches/openssl/ I get the following failures: not ok xxx test/parallel/test-https-agent-session-eviction that test just hanged so i removed it. Upon inspection the second request does not fail. not ok 580 parallel/test-https-agent-session-reuse --- duration_ms: 0.263 severity: fail stack: |- _tls_wrap.js:883 this._sharedCreds.context.setTicketKeys(keys); ^ TypeError: Ticket keys length incorrect at TypeError (native) at Server.setTicketKeys (_tls_wrap.js:883:29) at Server. (/home/dev/Software/debian/nodejs/collab-maint/test/parallel/test-https-agent-session-reuse.js:31:12) at emitTwo (events.js:106:13) at Server.emit (events.js:191:7) at HTTPParser.parserOnIncoming [as onIncoming] (_http_server.js:546:12) at HTTPParser.parserOnHeadersComplete (_http_common.js:99:23) not ok 979 parallel/test-tls-0-dns-altname --- duration_ms: 0.109 severity: fail stack: |- _tls_common.js:69 c.context.setCert(options.cert); ^ Error: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak at Error (native) at Object.createSecureContext (_tls_common.js:69:17) at new Server (_tls_wrap.js:768:25) at Object.exports.createServer (_tls_wrap.js:861:10) at Object. (/home/dev/Software/debian/nodejs/collab-maint/test/parallel/test-tls-0-dns-altname.js:13:18) at Module._compile (module.js:570:32) at Object.Module._extensions..js (module.js:579:10) at Module.load (module.js:487:32) at tryModuleLoad (module.js:446:12) at Function.Module._load (module.js:438:3) not ok 983 parallel/test-tls-alpn-server-client --- duration_ms: 0.211 severity: fail stack: |- events.js:160 throw er; // Unhandled 'error' event ^ Error: socket hang up at TLSSocket.onHangUp (_tls_wrap.js::19) at TLSSocket.g (events.js:291:16) at emitNone (events.js:91:20) at TLSSocket.emit (events.js:185:7) at endReadableNT (_stream_readable.js:974:12) at _combinedTickCallback (internal/process/next_tick.js:74:11) at process._tickCallback (internal/process/next_tick.js:98:9) ... not ok 986 parallel/test-tls-cert-regression --- duration_ms: 0.169 severity: fail stack: |- _tls_common.js:69 c.context.setCert(options.cert); ^ Error: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small at Error (native) at Object.createSecureContext (_tls_common.js:69:17) at new Server (_tls_wrap.js:768:25) at Object.exports.createServer (_tls_wrap.js:861:10) at test (/home/dev/Software/debian/nodejs/collab-maint/test/parallel/test-tls-cert-regression.js:36:20) at Object. (/home/dev/Software/debian/nodejs/collab-maint/test/parallel/test-tls-cert-regression.js:44:1) at Module._compile (module.js:570:32) at Object.Module._extensions..js (module.js:579:10) at Module.load (module.js:487:32) at tryModuleLoad (module.js:446:12) not ok 1013 parallel/test-tls-ecdh-disable --- duration_ms: 0.211 severity: fail stack: |- assert.js:85 throw new assert.AssertionError({ ^ AssertionError: [object Object] at Server.exports.fail (/home/dev/Software/debian/nodejs/collab-maint/test/common.js:426:10) at emitOne (events.js:96:13) at Server.emit (events.js:188:7) at TLSSocket. (_tls_wrap.js:827:14) at emitNone (events.js:86:13) at TLSSocket.emit (events.js:185:7) at TLSSocket._finishInit (_tls_wrap.js:603:8) at TLSSocket.onhandshakedone (_tls_wrap.js:52:8) at
Bug#828457: nodejs: FTBFS with openssl 1.1.0
On Thu, Nov 03, 2016 at 10:42:50AM -0400, Sandro Tosi wrote: > On Sun, 11 Sep 2016 20:10:53 +0200 =?UTF-8?B?SsOpcsOpbXkgTGFs?= >wrote: > > 2016-09-11 14:25 GMT+02:00 Kurt Roeckx : > > > > > tags 828457 + patch > > > > > > A patch for it is available at: > > > https://github.com/nodejs/node/pull/8491 > > > > > > > > Wonderful, and thank you. > > I'll upload nodejs 6.x in experimental with your patch applied. > > Hello Jérémy, it looks like in 6.8.0 you decided to go in the opposite > direction ad "Build-Depends openssl 1.0.2 (Closes: #821403)" - is this > patch still something you plan to apply to the experimental version of > nodejs? any plan to move 6.x to unstable and/or get this bug fixed in > sid? thanks! Note that at least 1 problem has been pointed out in the pull request. And I understand that they did other changes to make it work, but I didn't really have time to look at it again. Kurt
Bug#828457: nodejs: FTBFS with openssl 1.1.0
On Sun, 11 Sep 2016 20:10:53 +0200 =?UTF-8?B?SsOpcsOpbXkgTGFs?=wrote: > 2016-09-11 14:25 GMT+02:00 Kurt Roeckx : > > > tags 828457 + patch > > > > A patch for it is available at: > > https://github.com/nodejs/node/pull/8491 > > > > > Wonderful, and thank you. > I'll upload nodejs 6.x in experimental with your patch applied. Hello Jérémy, it looks like in 6.8.0 you decided to go in the opposite direction ad "Build-Depends openssl 1.0.2 (Closes: #821403)" - is this patch still something you plan to apply to the experimental version of nodejs? any plan to move 6.x to unstable and/or get this bug fixed in sid? thanks!
Bug#828457: nodejs: FTBFS with openssl 1.1.0
2016-09-11 14:25 GMT+02:00 Kurt Roeckx: > tags 828457 + patch > > A patch for it is available at: > https://github.com/nodejs/node/pull/8491 > > Wonderful, and thank you. I'll upload nodejs 6.x in experimental with your patch applied. Jérémy.
Bug#828457: nodejs: FTBFS with openssl 1.1.0
tags 828457 + patch A patch for it is available at: https://github.com/nodejs/node/pull/8491 Kurt
Bug#828457: nodejs: FTBFS with openssl 1.1.0
On Mon, Jun 27, 2016 at 12:23:04AM +0200, Jérémy Lal wrote: > 2016-06-26 20:24 GMT+02:00 Kurt Roeckx: > > > On Sun, Jun 26, 2016 at 06:53:42PM +0200, Jérémy Lal wrote: > > > > > > I'm on it, and after a couple things i could solve, i need a "gentle > > push" > > > to continue solving these: > > > > They all seem to be about the same problem. The structure has > > become opaque and you can't have it directly on the stack or in an > > other struct. Instead you need to allocate it with TYPE_new(), > > which will give you a pointer back. This will ensure that the > > allocated size is the correct one, since we might change the > > structure to add new fields and thing like that. When you do > > things like sizeof(TYPE) you would get the size at compile time > > which might be a different one than the one at runtime. > > > > These changes seem quite easy and doable for a novice like me. > However the whole part about BIO seems to be much harder to fix: > https://github.com/nodejs/node/blob/v4.x/src/node_crypto_bio.h > https://github.com/nodejs/node/blob/v4.x/src/node_crypto_bio.cc It looks like they implemented their own BIO method? You might want to read: https://www.openssl.org/docs/manmaster/crypto/BIO_meth_new.html Instead of having the struct, you now need to set some of those things with function calls. Kurt
Bug#828457: nodejs: FTBFS with openssl 1.1.0
2016-06-26 20:24 GMT+02:00 Kurt Roeckx: > On Sun, Jun 26, 2016 at 06:53:42PM +0200, Jérémy Lal wrote: > > > > I'm on it, and after a couple things i could solve, i need a "gentle > push" > > to continue solving these: > > They all seem to be about the same problem. The structure has > become opaque and you can't have it directly on the stack or in an > other struct. Instead you need to allocate it with TYPE_new(), > which will give you a pointer back. This will ensure that the > allocated size is the correct one, since we might change the > structure to add new fields and thing like that. When you do > things like sizeof(TYPE) you would get the size at compile time > which might be a different one than the one at runtime. > These changes seem quite easy and doable for a novice like me. However the whole part about BIO seems to be much harder to fix: https://github.com/nodejs/node/blob/v4.x/src/node_crypto_bio.h https://github.com/nodejs/node/blob/v4.x/src/node_crypto_bio.cc Sadly, upstream is not considering moving soon to openssl 1.1. https://github.com/nodejs/node/issues/4270 Jérémy.
Bug#828457: nodejs: FTBFS with openssl 1.1.0
On Sun, Jun 26, 2016 at 06:53:42PM +0200, Jérémy Lal wrote: > > I'm on it, and after a couple things i could solve, i need a "gentle push" > to continue solving these: They all seem to be about the same problem. The structure has become opaque and you can't have it directly on the stack or in an other struct. Instead you need to allocate it with TYPE_new(), which will give you a pointer back. This will ensure that the allocated size is the correct one, since we might change the structure to add new fields and thing like that. When you do things like sizeof(TYPE) you would get the size at compile time which might be a different one than the one at runtime. Kurt
Bug#828457: nodejs: FTBFS with openssl 1.1.0
2016-06-26 12:23 GMT+02:00 Kurt Roeckx: > Source: nodejs > Version: 4.4.3~dfsg-1 > Severity: important > Control: block 827061 by -1 > > Hi, > > OpenSSL 1.1.0 is about to released. During a rebuild of all packages using > OpenSSL this package fail to build. A log of that build can be found at: > > https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/nodejs_4.4.3~dfsg-1_amd64-20160529-1457 > > On https://wiki.openssl.org/index.php/1.1_API_Changes you can see various > of the > reasons why it might fail. There are also updated man pages at > https://www.openssl.org/docs/manmaster/ that should contain useful > information. > > There is a libssl-dev package available in experimental that contains a > recent > snapshot, I suggest you try building against that to see if everything > works. > > If you have problems making things work, feel free to contact us. > I'm on it, and after a couple things i could solve, i need a "gentle push" to continue solving these: ``` g++ '-DNODE_ARCH="x64"' '-DNODE_PLATFORM="linux"' '-DNODE_WANT_INTERNALS=1' '-DV8_DEPRECATION_WARNINGS=1' '-DNODE_HAVE_I18N_SUPPORT=1' '-DHAVE_OPENSSL=1' '-D__POSIX__' '-DHTTP_PARSER_STRICT=0' -I/usr/include/x86_64-linux-gnu -I../src -I../tools/msvs/genfiles -I../deps/uv/src/ares -I/home/dev/Software/debian/nodejs/collab-maint/out/Release/obj/gen -I../deps/v8 -I../deps/cares/include -I../deps/v8/include -I../deps/http_parser -pthread -Wall -Wextra -Wno-unused-parameter -m64 -O3 -ffunction-sections -fdata-sections -fno-omit-frame-pointer -fno-rtti -fno-exceptions -std=gnu++0x -MMD -MF /home/dev/Software/debian/nodejs/collab-maint/out/Release/.deps//home/dev/Software/debian/nodejs/collab-maint/out/Release/obj.target/node/src/node.o.d.raw -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -c -o /home/dev/Software/debian/nodejs/collab-maint/out/Release/obj.target/node/src/node.o ../src/node.cc In file included from ../src/node.cc:16:0: ../src/node_crypto.h:94:54: error: invalid application of ‘sizeof’ to incomplete type ‘SSL_CTX {aka ssl_ctx_st}’ static const int64_t kExternalSize = sizeof(SSL_CTX); ^ ../src/node_crypto.h:225:17: error: invalid application of ‘sizeof’ to incomplete type ‘SSL {aka ssl_st}’ sizeof(SSL) + sizeof(SSL3_STATE) + 42 * 1024; ^ ../src/node_crypto.h:225:28: error: ‘SSL3_STATE’ was not declared in this scope sizeof(SSL) + sizeof(SSL3_STATE) + 42 * 1024; ^ ../src/node_crypto.h:469:18: error: field ‘ctx_’ has incomplete type ‘EVP_CIPHER_CTX {aka evp_cipher_ctx_st}’ EVP_CIPHER_CTX ctx_; /* coverity[member_decl] */ ^ In file included from /usr/include/openssl/crypto.h:31:0, from /usr/include/openssl/comp.h:16, from /usr/include/openssl/ssl.h:47, from ../src/node_crypto.h:20, from ../src/node.cc:16: /usr/include/openssl/ossl_typ.h:89:16: note: forward declaration of ‘EVP_CIPHER_CTX {aka struct evp_cipher_ctx_st}’ typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; ^ In file included from ../src/node.cc:16:0: ../src/node_crypto.h:505:12: error: field ‘ctx_’ has incomplete type ‘HMAC_CTX {aka hmac_ctx_st}’ HMAC_CTX ctx_; /* coverity[member_decl] */ ^ In file included from /usr/include/openssl/crypto.h:31:0, from /usr/include/openssl/comp.h:16, from /usr/include/openssl/ssl.h:47, from ../src/node_crypto.h:20, from ../src/node.cc:16: /usr/include/openssl/ossl_typ.h:101:16: note: forward declaration of ‘HMAC_CTX {aka struct hmac_ctx_st}’ typedef struct hmac_ctx_st HMAC_CTX; ^ In file included from ../src/node.cc:16:0: ../src/node_crypto.h:536:14: error: field ‘mdctx_’ has incomplete type ‘EVP_MD_CTX {aka evp_md_ctx_st}’ EVP_MD_CTX mdctx_; /* coverity[member_decl] */ ^ In file included from /usr/include/openssl/crypto.h:31:0, from /usr/include/openssl/comp.h:16, from /usr/include/openssl/ssl.h:47, from ../src/node_crypto.h:20, from ../src/node.cc:16: /usr/include/openssl/ossl_typ.h:91:16: note: forward declaration of ‘EVP_MD_CTX {aka struct evp_md_ctx_st}’ typedef struct evp_md_ctx_st EVP_MD_CTX; ^ In file included from ../src/node.cc:16:0: ../src/node_crypto.h:568:14: error: field ‘mdctx_’ has incomplete type ‘EVP_MD_CTX {aka evp_md_ctx_st}’ EVP_MD_CTX mdctx_; /* coverity[member_decl] */ ^ In file included from /usr/include/openssl/crypto.h:31:0, from /usr/include/openssl/comp.h:16, from /usr/include/openssl/ssl.h:47, from ../src/node_crypto.h:20, from ../src/node.cc:16: /usr/include/openssl/ossl_typ.h:91:16: note: forward declaration of ‘EVP_MD_CTX {aka struct
Bug#828457: nodejs: FTBFS with openssl 1.1.0
Source: nodejs Version: 4.4.3~dfsg-1 Severity: important Control: block 827061 by -1 Hi, OpenSSL 1.1.0 is about to released. During a rebuild of all packages using OpenSSL this package fail to build. A log of that build can be found at: https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/nodejs_4.4.3~dfsg-1_amd64-20160529-1457 On https://wiki.openssl.org/index.php/1.1_API_Changes you can see various of the reasons why it might fail. There are also updated man pages at https://www.openssl.org/docs/manmaster/ that should contain useful information. There is a libssl-dev package available in experimental that contains a recent snapshot, I suggest you try building against that to see if everything works. If you have problems making things work, feel free to contact us. Kurt