Bug#1005718: mosh: FTBFS with OpenSSL 3.0

2022-05-28 Thread Nicholas Guriev 
To prevent mosh from being deleted from testing in a few days, I am
proposing to change warnings level to distcheck. This option effectively
adds `-Wno-error=unused-parameter -Wno-error=deprecated-declarations`
compiler flags. This solution will buy us time to rewrite related code
before the deprecated low-level functions get removed away.

diffstat for mosh-1.3.2 mosh-1.3.2

 changelog |8 
 rules |2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff -Nru mosh-1.3.2/debian/changelog mosh-1.3.2/debian/changelog
--- mosh-1.3.2/debian/changelog 2018-08-08 20:45:44.0 +0300
+++ mosh-1.3.2/debian/changelog 2022-05-28 10:01:51.0 +0300
@@ -1,3 +1,11 @@
+mosh (1.3.2-2.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Lower warning level to distcheck to solve build against OpenSSL 3.0 with
+permitted deprecated declarations. (Closes: #1005718)
+
+ -- Nicholas Guriev   Sat, 28 May 2022 10:01:51 +0300
+
 mosh (1.3.2-2.1) unstable; urgency=low
 
   * Non-maintainer upload.
diff -Nru mosh-1.3.2/debian/rules mosh-1.3.2/debian/rules
--- mosh-1.3.2/debian/rules 2017-08-25 01:04:25.0 +0300
+++ mosh-1.3.2/debian/rules 2022-05-28 10:01:46.0 +0300
@@ -22,7 +22,7 @@
--disable-silent-rules \
--enable-ufw \
--enable-completion \
-   --enable-compile-warnings=error
+   --enable-compile-warnings=distcheck
 
 override_dh_perl:
# mosh only uses Perl modules in perl-base.


signature.asc
Description: This is a digitally signed message part

Bug#1005718: mosh: FTBFS with OpenSSL 3.0

2022-05-17 Thread Vincent Lefevre 
On 2022-05-17 16:57:55 +0200, Axel Beckert wrote:
> > Concerning this bug, it was reported upstream 3 months ago, and
> > there is still no reaction there.
> 
> You are aware, that at least for mosh the Debian package maintainer
> and main upstream developer of Mosh is the same person? So actually
> the forwarding of this bug report into the upstream bug tracker was an
> upstream reaction itself.

I didn't know that. So I'm wondering why he hasn't done anything
for 3 months.

Also note that /usr/share/doc/mosh/README.md.gz says

A note on compiler flags: Mosh is security-sensitive code. When making
automated builds for a binary package, we recommend passing the option
`--enable-compile-warnings=error` to `./configure`. On GNU/Linux with
`g++` or `clang++`, the package should compile cleanly with
`-Werror`. Please report a bug if it doesn't.

I assume that this is the real reason for the current failure. But
the -Wdeprecated-declarations warning (which is thus changed into
an error) isn't related to security.

BTW, warnings may also come from macros provided by libraries, if any.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#1005718: mosh: FTBFS with OpenSSL 3.0

2022-05-17 Thread Axel Beckert 
Hi Vincent,

Vincent Lefevre wrote:
> > > Shouldn't Debian use -Wno-error=deprecated-declarations to ignore
> > > the use of deprecated functions?
> > 
> > No, in contrary. These kind of problems only appear in Debian Unstable
> > which is our development branch. And there we should see such issues
> > rather early than late.
> 
> Upstream developers could (should) test their software on a machine
> with recent libraries (such as Debian/unstable), so that they would
> see the issue without needing downstream to tell them.

I agree.

> Or Debian should have a specific build system (with options like
> -Werror=deprecated-declarations for any package) just for testing
> and reporting bugs to upstream, but which would not affect the
> build of packages for Debian/unstable.

I disagree.

> Concerning this bug, it was reported upstream 3 months ago, and
> there is still no reaction there.

You are aware, that at least for mosh the Debian package maintainer
and main upstream developer of Mosh is the same person? So actually
the forwarding of this bug report into the upstream bug tracker was an
upstream reaction itself.

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , https://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Bug#1005718: mosh: FTBFS with OpenSSL 3.0

2022-05-17 Thread Vincent Lefevre 
Hi Axel,

On 2022-05-17 14:26:51 +0200, Axel Beckert wrote:
> Vincent Lefevre wrote:
> > Shouldn't Debian use -Wno-error=deprecated-declarations to ignore
> > the use of deprecated functions?
> 
> No, in contrary. These kind of problems only appear in Debian Unstable
> which is our development branch. And there we should see such issues
> rather early than late.

Upstream developers could (should) test their software on a machine
with recent libraries (such as Debian/unstable), so that they would
see the issue without needing downstream to tell them.

Or Debian should have a specific build system (with options like
-Werror=deprecated-declarations for any package) just for testing
and reporting bugs to upstream, but which would not affect the
build of packages for Debian/unstable.

The problem is that it can take months before upstream provides
updated code, while in general, deprecated functions are not removed
before several years (giving the time to developers to notice them
even on platforms with a stable OS release). Of course, this is
completely different if the maintainer or some other Debian developer
is willing to do the work.

Concerning this bug, it was reported upstream 3 months ago, and
there is still no reaction there.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#1005718: mosh: FTBFS with OpenSSL 3.0

2022-05-17 Thread Axel Beckert 
Hi Vincent,

Vincent Lefevre wrote:
> Shouldn't Debian use -Wno-error=deprecated-declarations to ignore
> the use of deprecated functions?

No, in contrary. These kind of problems only appear in Debian Unstable
which is our development branch. And there we should see such issues
rather early than late.

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , https://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Bug#1005718: mosh: FTBFS with OpenSSL 3.0

2022-05-17 Thread Vincent Lefevre 
On 2022-02-13 21:58:36 +0100, Sebastian Andrzej Siewior wrote:
> Your package is failing to build using OpenSSL 3.0 with the
> following error:
> 
> | c++ -DHAVE_CONFIG_H -I. -I../..  -I./../util  -Wdate-time 
> -D_FORTIFY_SOURCE=2 -Wall -Werror -Wextra -pedantic -Wno-long-long -Weffc++ 
> -Wmissing-declarations -fno-strict-overflow -D_FORTIFY_SOURCE=2 
> -fstack-protector-all -Wstack-protector --param ssp-buffer-size=1 -fPIE 
> -fno-default-inline -pipe -g -O2 -ffile-prefix-map=/<>=. 
> -Wformat -Werror=format-security -c -o ocb.o ocb.cc
> | ocb.cc: In function ‘void AES_ecb_encrypt_blks(block*, unsigned int, 
> AES_KEY*)’:
> | ocb.cc:360:80: error: ‘void AES_encrypt(const unsigned char*, unsigned 
> char*, const AES_KEY*)’ is deprecated: Since OpenSSL 3.0 
> [-Werror=deprecated-declarations]
> |   360 |   AES_encrypt((unsigned char *)(blks+nblks), (unsigned char 
> *)(blks+nblks), key);
> |   | 
>^

and other similar errors.

I suppose that the -Werror=deprecated-declarations errors are useful
only for the upstream developers (so that they know that they should
update their code).

Shouldn't Debian use -Wno-error=deprecated-declarations to ignore
the use of deprecated functions?

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#1005718: mosh: FTBFS with OpenSSL 3.0

2022-02-17 Thread Keith Winstein 
forwarded 1005718 https://github.com/mobile-shell/mosh/issues/1174
thankyou


On Sun, Feb 13, 2022 at 1:03 PM Sebastian Andrzej Siewior
 wrote:
>
> Source: mosh
> Version: 1.3.2-2.1
> Severity: important
> Tags: bookworm sid
> User: pkg-openssl-de...@lists.alioth.debian.org
> Usertags: ftbfs-3.0
>
> Your package is failing to build using OpenSSL 3.0 with the
> following error:
>
> | c++ -DHAVE_CONFIG_H -I. -I../..  -I./../util  -Wdate-time 
> -D_FORTIFY_SOURCE=2 -Wall -Werror -Wextra -pedantic -Wno-long-long -Weffc++ 
> -Wmissing-declarations -fno-strict-overflow -D_FORTIFY_SOURCE=2 
> -fstack-protector-all -Wstack-protector --param ssp-buffer-size=1 -fPIE 
> -fno-default-inline -pipe -g -O2 -ffile-prefix-map=/<>=. 
> -Wformat -Werror=format-security -c -o ocb.o ocb.cc
> | ocb.cc: In function ‘void AES_ecb_encrypt_blks(block*, unsigned int, 
> AES_KEY*)’:
> | ocb.cc:360:80: error: ‘void AES_encrypt(const unsigned char*, unsigned 
> char*, const AES_KEY*)’ is deprecated: Since OpenSSL 3.0 
> [-Werror=deprecated-declarations]
> |   360 |   AES_encrypt((unsigned char *)(blks+nblks), (unsigned char 
> *)(blks+nblks), key);
> |   | 
>^
> | In file included from ocb.cc:354:
> | /usr/include/openssl/aes.h:57:6: note: declared here
> |57 | void AES_encrypt(const unsigned char *in, unsigned char *out,
> |   |  ^~~
> | ocb.cc: In function ‘void AES_ecb_decrypt_blks(block*, unsigned int, 
> AES_KEY*)’:
> | ocb.cc:367:80: error: ‘void AES_decrypt(const unsigned char*, unsigned 
> char*, const AES_KEY*)’ is deprecated: Since OpenSSL 3.0 
> [-Werror=deprecated-declarations]
> |   367 |   AES_decrypt((unsigned char *)(blks+nblks), (unsigned char 
> *)(blks+nblks), key);
> |   | 
>^
> | In file included from ocb.cc:354:
> | /usr/include/openssl/aes.h:60:6: note: declared here
> |60 | void AES_decrypt(const unsigned char *in, unsigned char *out,
> |   |  ^~~
> | ocb.cc: In function ‘int ae_init(ae_ctx*, const void*, int, int, int)’:
> | ocb.cc:804:75: error: ‘int AES_set_encrypt_key(const unsigned char*, int, 
> AES_KEY*)’ is deprecated: Since OpenSSL 3.0 
> [-Werror=deprecated-declarations]
> |   804 | AES_set_encrypt_key((unsigned char *)key, key_len*8, 
> >encrypt_key);
> |   | 
>   ^
> | In file included from ocb.cc:354:
> | /usr/include/openssl/aes.h:51:5: note: declared here
> |51 | int AES_set_encrypt_key(const unsigned char *userKey, const int 
> bits,
> |   | ^~~
> | ocb.cc:808:82: error: ‘int AES_set_decrypt_key(const unsigned char*, int, 
> AES_KEY*)’ is deprecated: Since OpenSSL 3.0 
> [-Werror=deprecated-declarations]
> |   808 | AES_set_decrypt_key((unsigned char *)key, (int)(key_len*8), 
> >decrypt_key);
> |   | 
>  ^
> | In file included from ocb.cc:354:
> | /usr/include/openssl/aes.h:54:5: note: declared here
> |54 | int AES_set_decrypt_key(const unsigned char *userKey, const int 
> bits,
> |   | ^~~
> | ocb.cc:817:76: error: ‘void AES_encrypt(const unsigned char*, unsigned 
> char*, const AES_KEY*)’ is deprecated: Since OpenSSL 3.0 
> [-Werror=deprecated-declarations]
> |   817 | (unsigned char *)>Lstar, 
> >encrypt_key);
> |   | 
>^
> | In file included from ocb.cc:354:
> | /usr/include/openssl/aes.h:57:6: note: declared here
> |57 | void AES_encrypt(const unsigned char *in, unsigned char *out,
> |   |  ^~~
> | ocb.cc: In function ‘block gen_offset_from_nonce(ae_ctx*, const void*)’:
> | ocb.cc:854:72: error: ‘void AES_encrypt(const unsigned char*, unsigned 
> char*, const AES_KEY*)’ is deprecated: Since OpenSSL 3.0 
> [-Werror=deprecated-declarations]
> |   854 |   AES_encrypt(tmp.u8, (unsigned char *)>KtopStr, 
> >encrypt_key);
> |   | 
>^
> | In file included from ocb.cc:354:
> | /usr/include/openssl/aes.h:57:6: note: declared here
> |57 | void AES_encrypt(const unsigned char *in, unsigned char *out,
> |   |  ^~~
> | ocb.cc: In function ‘int ae_decrypt(ae_ctx*, const void*, const void*, 
> int, const void*, int, void*, const void*, int)’:
> | ocb.cc:1338:68: error: ‘void AES_encrypt(const unsigned char*, unsigned 
> char*, const AES_KEY*)’ is deprecated: Since OpenSSL 3.0 
> [-Werror=deprecated-declarations]
> |  1338 | AES_encrypt((unsigned char *), tmp.u8, 
> >encrypt_key);
> |   |^
> | In file included from ocb.cc:354:
> |

Bug#1005718: mosh: FTBFS with OpenSSL 3.0

2022-02-13 Thread Sebastian Andrzej Siewior 
Source: mosh
Version: 1.3.2-2.1
Severity: important
Tags: bookworm sid
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: ftbfs-3.0

Your package is failing to build using OpenSSL 3.0 with the
following error:

| c++ -DHAVE_CONFIG_H -I. -I../..  -I./../util  -Wdate-time -D_FORTIFY_SOURCE=2 
-Wall -Werror -Wextra -pedantic -Wno-long-long -Weffc++ -Wmissing-declarations 
-fno-strict-overflow -D_FORTIFY_SOURCE=2 -fstack-protector-all 
-Wstack-protector --param ssp-buffer-size=1 -fPIE -fno-default-inline -pipe -g 
-O2 -ffile-prefix-map=/<>=. -Wformat -Werror=format-security -c -o 
ocb.o ocb.cc
| ocb.cc: In function ‘void AES_ecb_encrypt_blks(block*, unsigned int, 
AES_KEY*)’:
| ocb.cc:360:80: error: ‘void AES_encrypt(const unsigned char*, unsigned 
char*, const AES_KEY*)’ is deprecated: Since OpenSSL 3.0 
[-Werror=deprecated-declarations]
|   360 |   AES_encrypt((unsigned char *)(blks+nblks), (unsigned char 
*)(blks+nblks), key);
|   |   
 ^
| In file included from ocb.cc:354:
| /usr/include/openssl/aes.h:57:6: note: declared here
|57 | void AES_encrypt(const unsigned char *in, unsigned char *out,
|   |  ^~~
| ocb.cc: In function ‘void AES_ecb_decrypt_blks(block*, unsigned int, 
AES_KEY*)’:
| ocb.cc:367:80: error: ‘void AES_decrypt(const unsigned char*, unsigned 
char*, const AES_KEY*)’ is deprecated: Since OpenSSL 3.0 
[-Werror=deprecated-declarations]
|   367 |   AES_decrypt((unsigned char *)(blks+nblks), (unsigned char 
*)(blks+nblks), key);
|   |   
 ^
| In file included from ocb.cc:354:
| /usr/include/openssl/aes.h:60:6: note: declared here
|60 | void AES_decrypt(const unsigned char *in, unsigned char *out,
|   |  ^~~
| ocb.cc: In function ‘int ae_init(ae_ctx*, const void*, int, int, int)’:
| ocb.cc:804:75: error: ‘int AES_set_encrypt_key(const unsigned char*, int, 
AES_KEY*)’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
|   804 | AES_set_encrypt_key((unsigned char *)key, key_len*8, 
>encrypt_key);
|   |   
^
| In file included from ocb.cc:354:
| /usr/include/openssl/aes.h:51:5: note: declared here
|51 | int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
|   | ^~~
| ocb.cc:808:82: error: ‘int AES_set_decrypt_key(const unsigned char*, int, 
AES_KEY*)’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
|   808 | AES_set_decrypt_key((unsigned char *)key, (int)(key_len*8), 
>decrypt_key);
|   |   
   ^
| In file included from ocb.cc:354:
| /usr/include/openssl/aes.h:54:5: note: declared here
|54 | int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
|   | ^~~
| ocb.cc:817:76: error: ‘void AES_encrypt(const unsigned char*, unsigned 
char*, const AES_KEY*)’ is deprecated: Since OpenSSL 3.0 
[-Werror=deprecated-declarations]
|   817 | (unsigned char *)>Lstar, 
>encrypt_key);
|   |   
 ^
| In file included from ocb.cc:354:
| /usr/include/openssl/aes.h:57:6: note: declared here
|57 | void AES_encrypt(const unsigned char *in, unsigned char *out,
|   |  ^~~
| ocb.cc: In function ‘block gen_offset_from_nonce(ae_ctx*, const void*)’:
| ocb.cc:854:72: error: ‘void AES_encrypt(const unsigned char*, unsigned 
char*, const AES_KEY*)’ is deprecated: Since OpenSSL 3.0 
[-Werror=deprecated-declarations]
|   854 |   AES_encrypt(tmp.u8, (unsigned char *)>KtopStr, 
>encrypt_key);
|   |   
 ^
| In file included from ocb.cc:354:
| /usr/include/openssl/aes.h:57:6: note: declared here
|57 | void AES_encrypt(const unsigned char *in, unsigned char *out,
|   |  ^~~
| ocb.cc: In function ‘int ae_decrypt(ae_ctx*, const void*, const void*, int, 
const void*, int, void*, const void*, int)’:
| ocb.cc:1338:68: error: ‘void AES_encrypt(const unsigned char*, unsigned 
char*, const AES_KEY*)’ is deprecated: Since OpenSSL 3.0 
[-Werror=deprecated-declarations]
|  1338 | AES_encrypt((unsigned char *), tmp.u8, >encrypt_key);
|   |^
| In file included from ocb.cc:354:
| /usr/include/openssl/aes.h:57:6: note: declared here
|57 | void AES_encrypt(const unsigned char *in, unsigned char *out,
|   |  ^~~
| ocb.cc:1376:48: error: ‘void AES_encrypt(const unsigned char*, unsigned 
char*, const AES_KEY*)’ is deprecated: Since OpenSSL 3.0 
[-Werror=deprecated-declarations]
|  1376 |   AES_encrypt(tmp.u8,