Forwarded from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624075:
This package is using some functions which are marked deprecated in
newer versions of GnuTLS (>=2.12.x). (They are not yet removed, though.)
These functions will be removed in future releases. GnuTLS 2.12.x is
already available in experimental.
Excerpt from buildlog:
../lib/tls/tls.c:569:2: warning: 'gnutls_certificate_type_set_priority' is deprecated (declared at /usr/include/gnutls/compat.h:347)
../lib/tls/tls_tstream.c:921:2: warning: 'gnutls_certificate_type_set_priority' is deprecated (declared at /usr/include/gnutls/compat.h:347)
The gnutls_*_set_priority family of functions has been marked deprecated
in 2.12.x. These functions have been superceded by
gnutls_priority_set_direct(). The replacement function was added in gnutls
stable release 2.2.0 (released 2007-12-14).
Created attachment 10947 [details]
[PATCH] s4:lib/tls: use gnutls_priority_set_direct()
gnutls_certificate_type_set_priority() has been removed in GnuTLS 3.4.0.
The attached patch replaces the calls to gnutls_set_default_priority() and gnutls_certificate_type_set_priority() with a single call to gnutls_priority_set_direct(), passing "NORMAL:+CTYPE-OPENPGP" as the priorities string.
Note: I haven't tested the patch; I have only confirmed that Samba 4.2.0 builds against GnuTLS 3.4.0 after applying it. The transition to gnutls_priority_set_direct() seems pretty straightforward, but I might have missed something.
Created attachment 10948 [details]
[PATCH v2] s4:lib/tls: use gnutls_priority_set_direct()
I realized that my previous patch might have changed the code logic in a way that required GnuTLS to be built with OpenPGP support.
This new patch only replaces the gnutls_certificate_type_set_priority() calls and leaves the gnutls_set_default_priority() ones alone.
Created attachment 11020 [details]
cherry pick patch that should go to 4.1 and 4.2
Pushed to autobuild-v4-1-test.
Patch does not apply on current v4-2-test.
Re-assigning to Björn.
Created attachment 11100 [details]
cherry-pick patch for 4.2
# git cherry-pick -x c6ad8a10c12c8a79dc83cab1591e5279edd62bd6
applied cleanly for 4-2-test. For reference here it is attached.
(In reply to Björn Jacke from comment #5)
Strange, it failed again.
I cherry-picked it. Pushed to autobuild-v4-2-test.
(In reply to Karolin Seeger from comment #6)
Pushed to v4-2-test.
Closing out bug report.