Bug#828457: nodejs: FTBFS with openssl 1.1.0

2017-01-04 Thread Jérémy Lal 
Package: nodejs
Version: 4.6.1~dfsg-1
Followup-For: Bug #828457
Control: reopen -1

This bug has been fixed in nodejs 6.9.2~dfsg-1,
which is in experimental, node in testing.

Reopening, then.

Jérémy

Bug#828457: nodejs: FTBFS with openssl 1.1.0

2016-12-06 Thread Jérémy Lal 
2016-11-03 17:49 GMT+01:00 Kurt Roeckx :
> On Thu, Nov 03, 2016 at 10:42:50AM -0400, Sandro Tosi wrote:
>> On Sun, 11 Sep 2016 20:10:53 +0200 =?UTF-8?B?SsOpcsOpbXkgTGFs?=
>>  wrote:
>> > 2016-09-11 14:25 GMT+02:00 Kurt Roeckx :
>> >
>> > > tags 828457 + patch
>> > >
>> > > A patch for it is available at:
>> > > https://github.com/nodejs/node/pull/8491
>> > >
>> > >
>> > Wonderful, and thank you.
>> > I'll upload nodejs 6.x in experimental with your patch applied.
>>
>> Hello Jérémy, it looks like in 6.8.0 you decided to go in the opposite
>> direction ad "Build-Depends openssl 1.0.2 (Closes: #821403)" - is this
>> patch still something you plan to apply to the experimental version of
>> nodejs? any plan to move 6.x to unstable and/or get this bug fixed in
>> sid? thanks!
>
> Note that at least 1 problem has been pointed out in the pull
> request. And I understand that they did other changes to make it
> work, but I didn't really have time to look at it again.
>

Hello, i tried to backport the patches to node 6.9.2 - you can
actually run the tests
from the gbp repo's master-6.x branch.
Patches are in debian/patches/openssl/

I get the following failures:

not ok xxx test/parallel/test-https-agent-session-eviction
 that test just hanged so i removed it. Upon inspection the second
request does not fail.

not ok 580 parallel/test-https-agent-session-reuse
  ---
  duration_ms: 0.263
  severity: fail
  stack: |-
_tls_wrap.js:883
  this._sharedCreds.context.setTicketKeys(keys);
^

TypeError: Ticket keys length incorrect
at TypeError (native)
at Server.setTicketKeys (_tls_wrap.js:883:29)
at Server.
(/home/dev/Software/debian/nodejs/collab-maint/test/parallel/test-https-agent-session-reuse.js:31:12)
at emitTwo (events.js:106:13)
at Server.emit (events.js:191:7)
at HTTPParser.parserOnIncoming [as onIncoming] (_http_server.js:546:12)
at HTTPParser.parserOnHeadersComplete (_http_common.js:99:23)

not ok 979 parallel/test-tls-0-dns-altname
  ---
  duration_ms: 0.109
  severity: fail
  stack: |-
_tls_common.js:69
  c.context.setCert(options.cert);
^

Error: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak
at Error (native)
at Object.createSecureContext (_tls_common.js:69:17)
at new Server (_tls_wrap.js:768:25)
at Object.exports.createServer (_tls_wrap.js:861:10)
at Object.
(/home/dev/Software/debian/nodejs/collab-maint/test/parallel/test-tls-0-dns-altname.js:13:18)
at Module._compile (module.js:570:32)
at Object.Module._extensions..js (module.js:579:10)
at Module.load (module.js:487:32)
at tryModuleLoad (module.js:446:12)
at Function.Module._load (module.js:438:3)

not ok 983 parallel/test-tls-alpn-server-client
  ---
  duration_ms: 0.211
  severity: fail
  stack: |-
events.js:160
  throw er; // Unhandled 'error' event
  ^

Error: socket hang up
at TLSSocket.onHangUp (_tls_wrap.js::19)
at TLSSocket.g (events.js:291:16)
at emitNone (events.js:91:20)
at TLSSocket.emit (events.js:185:7)
at endReadableNT (_stream_readable.js:974:12)
at _combinedTickCallback (internal/process/next_tick.js:74:11)
at process._tickCallback (internal/process/next_tick.js:98:9)
  ...
not ok 986 parallel/test-tls-cert-regression
  ---
  duration_ms: 0.169
  severity: fail
  stack: |-
_tls_common.js:69
  c.context.setCert(options.cert);
^

Error: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small
at Error (native)
at Object.createSecureContext (_tls_common.js:69:17)
at new Server (_tls_wrap.js:768:25)
at Object.exports.createServer (_tls_wrap.js:861:10)
at test
(/home/dev/Software/debian/nodejs/collab-maint/test/parallel/test-tls-cert-regression.js:36:20)
at Object.
(/home/dev/Software/debian/nodejs/collab-maint/test/parallel/test-tls-cert-regression.js:44:1)
at Module._compile (module.js:570:32)
at Object.Module._extensions..js (module.js:579:10)
at Module.load (module.js:487:32)
at tryModuleLoad (module.js:446:12)

not ok 1013 parallel/test-tls-ecdh-disable
  ---
  duration_ms: 0.211
  severity: fail
  stack: |-

assert.js:85
  throw new assert.AssertionError({
  ^
AssertionError: [object Object]
at Server.exports.fail
(/home/dev/Software/debian/nodejs/collab-maint/test/common.js:426:10)
at emitOne (events.js:96:13)
at Server.emit (events.js:188:7)
at TLSSocket. (_tls_wrap.js:827:14)
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:185:7)
at TLSSocket._finishInit (_tls_wrap.js:603:8)
at TLSSocket.onhandshakedone (_tls_wrap.js:52:8)
at

Bug#828457: nodejs: FTBFS with openssl 1.1.0

2016-11-03 Thread Kurt Roeckx 
On Thu, Nov 03, 2016 at 10:42:50AM -0400, Sandro Tosi wrote:
> On Sun, 11 Sep 2016 20:10:53 +0200 =?UTF-8?B?SsOpcsOpbXkgTGFs?=
>  wrote:
> > 2016-09-11 14:25 GMT+02:00 Kurt Roeckx :
> >
> > > tags 828457 + patch
> > >
> > > A patch for it is available at:
> > > https://github.com/nodejs/node/pull/8491
> > >
> > >
> > Wonderful, and thank you.
> > I'll upload nodejs 6.x in experimental with your patch applied.
> 
> Hello Jérémy, it looks like in 6.8.0 you decided to go in the opposite
> direction ad "Build-Depends openssl 1.0.2 (Closes: #821403)" - is this
> patch still something you plan to apply to the experimental version of
> nodejs? any plan to move 6.x to unstable and/or get this bug fixed in
> sid? thanks!

Note that at least 1 problem has been pointed out in the pull
request. And I understand that they did other changes to make it
work, but I didn't really have time to look at it again.


Kurt

Bug#828457: nodejs: FTBFS with openssl 1.1.0

2016-11-03 Thread Sandro Tosi 
On Sun, 11 Sep 2016 20:10:53 +0200 =?UTF-8?B?SsOpcsOpbXkgTGFs?=
 wrote:
> 2016-09-11 14:25 GMT+02:00 Kurt Roeckx :
>
> > tags 828457 + patch
> >
> > A patch for it is available at:
> > https://github.com/nodejs/node/pull/8491
> >
> >
> Wonderful, and thank you.
> I'll upload nodejs 6.x in experimental with your patch applied.

Hello Jérémy, it looks like in 6.8.0 you decided to go in the opposite
direction ad "Build-Depends openssl 1.0.2 (Closes: #821403)" - is this
patch still something you plan to apply to the experimental version of
nodejs? any plan to move 6.x to unstable and/or get this bug fixed in
sid? thanks!

Bug#828457: nodejs: FTBFS with openssl 1.1.0

2016-09-11 Thread Jérémy Lal 
2016-09-11 14:25 GMT+02:00 Kurt Roeckx :

> tags 828457 + patch
>
> A patch for it is available at:
> https://github.com/nodejs/node/pull/8491
>
>
Wonderful, and thank you.
I'll upload nodejs 6.x in experimental with your patch applied.

Jérémy.

Bug#828457: nodejs: FTBFS with openssl 1.1.0

2016-09-11 Thread Kurt Roeckx 
tags 828457 + patch

A patch for it is available at:
https://github.com/nodejs/node/pull/8491


Kurt

Bug#828457: nodejs: FTBFS with openssl 1.1.0

2016-06-27 Thread Kurt Roeckx 
On Mon, Jun 27, 2016 at 12:23:04AM +0200, Jérémy Lal wrote:
> 2016-06-26 20:24 GMT+02:00 Kurt Roeckx :
> 
> > On Sun, Jun 26, 2016 at 06:53:42PM +0200, Jérémy Lal wrote:
> > >
> > > I'm on it, and after a couple things i could solve, i need a "gentle
> > push"
> > > to continue solving these:
> >
> > They all seem to be about the same problem.  The structure has
> > become opaque and you can't have it directly on the stack or in an
> > other struct.  Instead you need to allocate it with TYPE_new(),
> > which will give you a pointer back.  This will ensure that the
> > allocated size is the correct one, since we might change the
> > structure to add new fields and thing like that.  When you do
> > things like sizeof(TYPE) you would get the size at compile time
> > which might be a different one than the one at runtime.
> >
> 
> These changes seem quite easy and doable for a novice like me.
> However the whole part about BIO seems to be much harder to fix:
> https://github.com/nodejs/node/blob/v4.x/src/node_crypto_bio.h
> https://github.com/nodejs/node/blob/v4.x/src/node_crypto_bio.cc

It looks like they implemented their own BIO method?  You might
want to read:
https://www.openssl.org/docs/manmaster/crypto/BIO_meth_new.html

Instead of having the struct, you now need to set some of those
things with function calls.


Kurt

Bug#828457: nodejs: FTBFS with openssl 1.1.0

2016-06-26 Thread Jérémy Lal 
2016-06-26 20:24 GMT+02:00 Kurt Roeckx :

> On Sun, Jun 26, 2016 at 06:53:42PM +0200, Jérémy Lal wrote:
> >
> > I'm on it, and after a couple things i could solve, i need a "gentle
> push"
> > to continue solving these:
>
> They all seem to be about the same problem.  The structure has
> become opaque and you can't have it directly on the stack or in an
> other struct.  Instead you need to allocate it with TYPE_new(),
> which will give you a pointer back.  This will ensure that the
> allocated size is the correct one, since we might change the
> structure to add new fields and thing like that.  When you do
> things like sizeof(TYPE) you would get the size at compile time
> which might be a different one than the one at runtime.
>

These changes seem quite easy and doable for a novice like me.
However the whole part about BIO seems to be much harder to fix:
https://github.com/nodejs/node/blob/v4.x/src/node_crypto_bio.h
https://github.com/nodejs/node/blob/v4.x/src/node_crypto_bio.cc

Sadly, upstream is not considering moving soon to openssl 1.1.
https://github.com/nodejs/node/issues/4270

Jérémy.

Bug#828457: nodejs: FTBFS with openssl 1.1.0

2016-06-26 Thread Kurt Roeckx 
On Sun, Jun 26, 2016 at 06:53:42PM +0200, Jérémy Lal wrote:
> 
> I'm on it, and after a couple things i could solve, i need a "gentle push"
> to continue solving these:

They all seem to be about the same problem.  The structure has
become opaque and you can't have it directly on the stack or in an
other struct.  Instead you need to allocate it with TYPE_new(),
which will give you a pointer back.  This will ensure that the
allocated size is the correct one, since we might change the
structure to add new fields and thing like that.  When you do
things like sizeof(TYPE) you would get the size at compile time
which might be a different one than the one at runtime.


Kurt

Bug#828457: nodejs: FTBFS with openssl 1.1.0

2016-06-26 Thread Jérémy Lal 
2016-06-26 12:23 GMT+02:00 Kurt Roeckx :

> Source: nodejs
> Version: 4.4.3~dfsg-1
> Severity: important
> Control: block 827061 by -1
>
> Hi,
>
> OpenSSL 1.1.0 is about to released.  During a rebuild of all packages using
> OpenSSL this package fail to build.  A log of that build can be found at:
>
> https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/nodejs_4.4.3~dfsg-1_amd64-20160529-1457
>
> On https://wiki.openssl.org/index.php/1.1_API_Changes you can see various
> of the
> reasons why it might fail.  There are also updated man pages at
> https://www.openssl.org/docs/manmaster/ that should contain useful
> information.
>
> There is a libssl-dev package available in experimental that contains a
> recent
> snapshot, I suggest you try building against that to see if everything
> works.
>
> If you have problems making things work, feel free to contact us.
>


I'm on it, and after a couple things i could solve, i need a "gentle push"
to continue solving these:

```
  g++ '-DNODE_ARCH="x64"' '-DNODE_PLATFORM="linux"'
'-DNODE_WANT_INTERNALS=1' '-DV8_DEPRECATION_WARNINGS=1'
'-DNODE_HAVE_I18N_SUPPORT=1' '-DHAVE_OPENSSL=1' '-D__POSIX__'
'-DHTTP_PARSER_STRICT=0' -I/usr/include/x86_64-linux-gnu -I../src
-I../tools/msvs/genfiles -I../deps/uv/src/ares
-I/home/dev/Software/debian/nodejs/collab-maint/out/Release/obj/gen
-I../deps/v8 -I../deps/cares/include -I../deps/v8/include
-I../deps/http_parser  -pthread -Wall -Wextra -Wno-unused-parameter -m64
-O3 -ffunction-sections -fdata-sections -fno-omit-frame-pointer -fno-rtti
-fno-exceptions -std=gnu++0x -MMD -MF
/home/dev/Software/debian/nodejs/collab-maint/out/Release/.deps//home/dev/Software/debian/nodejs/collab-maint/out/Release/obj.target/node/src/node.o.d.raw
-g -O2 -fstack-protector-strong -Wformat -Werror=format-security
-Wdate-time -D_FORTIFY_SOURCE=2  -c -o
/home/dev/Software/debian/nodejs/collab-maint/out/Release/obj.target/node/src/node.o
../src/node.cc
In file included from ../src/node.cc:16:0:
../src/node_crypto.h:94:54: error: invalid application of ‘sizeof’ to
incomplete type ‘SSL_CTX {aka ssl_ctx_st}’
   static const int64_t kExternalSize = sizeof(SSL_CTX);
  ^
../src/node_crypto.h:225:17: error: invalid application of ‘sizeof’ to
incomplete type ‘SSL {aka ssl_st}’
   sizeof(SSL) + sizeof(SSL3_STATE) + 42 * 1024;
 ^
../src/node_crypto.h:225:28: error: ‘SSL3_STATE’ was not declared in this
scope
   sizeof(SSL) + sizeof(SSL3_STATE) + 42 * 1024;
^
../src/node_crypto.h:469:18: error: field ‘ctx_’ has incomplete type
‘EVP_CIPHER_CTX {aka evp_cipher_ctx_st}’
   EVP_CIPHER_CTX ctx_; /* coverity[member_decl] */
  ^
In file included from /usr/include/openssl/crypto.h:31:0,
 from /usr/include/openssl/comp.h:16,
 from /usr/include/openssl/ssl.h:47,
 from ../src/node_crypto.h:20,
 from ../src/node.cc:16:
/usr/include/openssl/ossl_typ.h:89:16: note: forward declaration of
‘EVP_CIPHER_CTX {aka struct evp_cipher_ctx_st}’
 typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
^
In file included from ../src/node.cc:16:0:
../src/node_crypto.h:505:12: error: field ‘ctx_’ has incomplete type
‘HMAC_CTX {aka hmac_ctx_st}’
   HMAC_CTX ctx_; /* coverity[member_decl] */
^
In file included from /usr/include/openssl/crypto.h:31:0,
 from /usr/include/openssl/comp.h:16,
 from /usr/include/openssl/ssl.h:47,
 from ../src/node_crypto.h:20,
 from ../src/node.cc:16:
/usr/include/openssl/ossl_typ.h:101:16: note: forward declaration of
‘HMAC_CTX {aka struct hmac_ctx_st}’
 typedef struct hmac_ctx_st HMAC_CTX;
^
In file included from ../src/node.cc:16:0:
../src/node_crypto.h:536:14: error: field ‘mdctx_’ has incomplete type
‘EVP_MD_CTX {aka evp_md_ctx_st}’
   EVP_MD_CTX mdctx_; /* coverity[member_decl] */
  ^
In file included from /usr/include/openssl/crypto.h:31:0,
 from /usr/include/openssl/comp.h:16,
 from /usr/include/openssl/ssl.h:47,
 from ../src/node_crypto.h:20,
 from ../src/node.cc:16:
/usr/include/openssl/ossl_typ.h:91:16: note: forward declaration of
‘EVP_MD_CTX {aka struct evp_md_ctx_st}’
 typedef struct evp_md_ctx_st EVP_MD_CTX;
^
In file included from ../src/node.cc:16:0:
../src/node_crypto.h:568:14: error: field ‘mdctx_’ has incomplete type
‘EVP_MD_CTX {aka evp_md_ctx_st}’
   EVP_MD_CTX mdctx_; /* coverity[member_decl] */
  ^
In file included from /usr/include/openssl/crypto.h:31:0,
 from /usr/include/openssl/comp.h:16,
 from /usr/include/openssl/ssl.h:47,
 from ../src/node_crypto.h:20,
 from ../src/node.cc:16:
/usr/include/openssl/ossl_typ.h:91:16: note: forward declaration of
‘EVP_MD_CTX {aka struct

Bug#828457: nodejs: FTBFS with openssl 1.1.0

2016-06-26 Thread Kurt Roeckx 
Source: nodejs
Version: 4.4.3~dfsg-1
Severity: important
Control: block 827061 by -1

Hi,

OpenSSL 1.1.0 is about to released.  During a rebuild of all packages using
OpenSSL this package fail to build.  A log of that build can be found at:
https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/nodejs_4.4.3~dfsg-1_amd64-20160529-1457

On https://wiki.openssl.org/index.php/1.1_API_Changes you can see various of the
reasons why it might fail.  There are also updated man pages at
https://www.openssl.org/docs/manmaster/ that should contain useful information.

There is a libssl-dev package available in experimental that contains a recent
snapshot, I suggest you try building against that to see if everything works.

If you have problems making things work, feel free to contact us.


Kurt