Your package is failing to build using OpenSSL 3.0 with the following error: | c++ -DHAVE_CONFIG_H -I. -I../.. -I./../util -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Werror -Wextra -pedantic -Wno-long-long -Weffc++ -Wmissing-declarations -fno-strict-overflow -D_FORTIFY_SOURCE=2 -fstack-protector-all -Wstack-protector --param ssp-buffer-size=1 -fPIE -fno-default-inline -pipe -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -Wformat -Werror=format-security -c -o ocb.o ocb.cc | ocb.cc: In function ‘void AES_ecb_encrypt_blks(block*, unsigned int, AES_KEY*)’: | ocb.cc:360:80: error: ‘void AES_encrypt(const unsigned char*, unsigned char*, const AES_KEY*)’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations] | 360 | AES_encrypt((unsigned char *)(blks+nblks), (unsigned char *)(blks+nblks), key); | | ^ | In file included from ocb.cc:354: | /usr/include/openssl/aes.h:57:6: note: declared here | 57 | void AES_encrypt(const unsigned char *in, unsigned char *out, | | ^~~~~~~~~~~ | ocb.cc: In function ‘void AES_ecb_decrypt_blks(block*, unsigned int, AES_KEY*)’: | ocb.cc:367:80: error: ‘void AES_decrypt(const unsigned char*, unsigned char*, const AES_KEY*)’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations] | 367 | AES_decrypt((unsigned char *)(blks+nblks), (unsigned char *)(blks+nblks), key); | | ^ | In file included from ocb.cc:354: | /usr/include/openssl/aes.h:60:6: note: declared here | 60 | void AES_decrypt(const unsigned char *in, unsigned char *out, | | ^~~~~~~~~~~ | ocb.cc: In function ‘int ae_init(ae_ctx*, const void*, int, int, int)’: | ocb.cc:804:75: error: ‘int AES_set_encrypt_key(const unsigned char*, int, AES_KEY*)’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations] | 804 | AES_set_encrypt_key((unsigned char *)key, key_len*8, &ctx->encrypt_key); | | ^ | In file included from ocb.cc:354: | /usr/include/openssl/aes.h:51:5: note: declared here | 51 | int AES_set_encrypt_key(const unsigned char *userKey, const int bits, | | ^~~~~~~~~~~~~~~~~~~ | ocb.cc:808:82: error: ‘int AES_set_decrypt_key(const unsigned char*, int, AES_KEY*)’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations] | 808 | AES_set_decrypt_key((unsigned char *)key, (int)(key_len*8), &ctx->decrypt_key); | | ^ | In file included from ocb.cc:354: | /usr/include/openssl/aes.h:54:5: note: declared here | 54 | int AES_set_decrypt_key(const unsigned char *userKey, const int bits, | | ^~~~~~~~~~~~~~~~~~~ | ocb.cc:817:76: error: ‘void AES_encrypt(const unsigned char*, unsigned char*, const AES_KEY*)’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations] | 817 | (unsigned char *)&ctx->Lstar, &ctx->encrypt_key); | | ^ | In file included from ocb.cc:354: | /usr/include/openssl/aes.h:57:6: note: declared here | 57 | void AES_encrypt(const unsigned char *in, unsigned char *out, | | ^~~~~~~~~~~ | ocb.cc: In function ‘block gen_offset_from_nonce(ae_ctx*, const void*)’: | ocb.cc:854:72: error: ‘void AES_encrypt(const unsigned char*, unsigned char*, const AES_KEY*)’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations] | 854 | AES_encrypt(tmp.u8, (unsigned char *)&ctx->KtopStr, &ctx->encrypt_key); | | ^ | In file included from ocb.cc:354: | /usr/include/openssl/aes.h:57:6: note: declared here | 57 | void AES_encrypt(const unsigned char *in, unsigned char *out, | | ^~~~~~~~~~~ | ocb.cc: In function ‘int ae_decrypt(ae_ctx*, const void*, const void*, int, const void*, int, void*, const void*, int)’: | ocb.cc:1338:68: error: ‘void AES_encrypt(const unsigned char*, unsigned char*, const AES_KEY*)’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations] | 1338 | AES_encrypt((unsigned char *)&offset, tmp.u8, &ctx->encrypt_key); | | ^ | In file included from ocb.cc:354: | /usr/include/openssl/aes.h:57:6: note: declared here | 57 | void AES_encrypt(const unsigned char *in, unsigned char *out, | | ^~~~~~~~~~~ | ocb.cc:1376:48: error: ‘void AES_encrypt(const unsigned char*, unsigned char*, const AES_KEY*)’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations] | 1376 | AES_encrypt(tmp.u8, tmp.u8, &ctx->encrypt_key); | | ^ | In file included from ocb.cc:354: | /usr/include/openssl/aes.h:57:6: note: declared here | 57 | void AES_encrypt(const unsigned char *in, unsigned char *out, | | ^~~~~~~~~~~ | cc1plus: all warnings being treated as errors | make[4]: *** [Makefile:381: ocb.o] Error 1 For more information see: https://www.openssl.org/docs/man3.0/man7/migration_guide.html Sebastian
forwarded 1005718 https://github.com/mobile-shell/mosh/issues/1174 thankyou
forwarded 1005718 https://github.com/mobile-shell/mosh/issues/1174 thankyou
and other similar errors. I suppose that the -Werror=deprecated-declarations errors are useful only for the upstream developers (so that they know that they should update their code). Shouldn't Debian use -Wno-error=deprecated-declarations to ignore the use of deprecated functions?
Hi Vincent, Vincent Lefevre wrote: No, in contrary. These kind of problems only appear in Debian Unstable which is our development branch. And there we should see such issues rather early than late. Regards, Axel
Hi Axel, Upstream developers could (should) test their software on a machine with recent libraries (such as Debian/unstable), so that they would see the issue without needing downstream to tell them. Or Debian should have a specific build system (with options like -Werror=deprecated-declarations for any package) just for testing and reporting bugs to upstream, but which would not affect the build of packages for Debian/unstable. The problem is that it can take months before upstream provides updated code, while in general, deprecated functions are not removed before several years (giving the time to developers to notice them even on platforms with a stable OS release). Of course, this is completely different if the maintainer or some other Debian developer is willing to do the work. Concerning this bug, it was reported upstream 3 months ago, and there is still no reaction there.
Hi Vincent, Vincent Lefevre wrote: I agree. I disagree. You are aware, that at least for mosh the Debian package maintainer and main upstream developer of Mosh is the same person? So actually the forwarding of this bug report into the upstream bug tracker was an upstream reaction itself. Regards, Axel
for 3 months. Also note that /usr/share/doc/mosh/README.md.gz says A note on compiler flags: Mosh is security-sensitive code. When making automated builds for a binary package, we recommend passing the option `--enable-compile-warnings=error` to `./configure`. On GNU/Linux with `g++` or `clang++`, the package should compile cleanly with `-Werror`. Please report a bug if it doesn't. I assume that this is the real reason for the current failure. But the -Wdeprecated-declarations warning (which is thus changed into an error) isn't related to security. BTW, warnings may also come from macros provided by libraries, if any.
To prevent mosh from being deleted from testing in a few days, I am proposing to change warnings level to distcheck. This option effectively adds `-Wno-error=unused-parameter -Wno-error=deprecated-declarations` compiler flags. This solution will buy us time to rewrite related code before the deprecated low-level functions get removed away.
We believe that the bug you reported is fixed in the latest version of
mosh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1005718@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nicholas Guriev <guriev-ns@ya.ru> (supplier of updated mosh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Sat, 28 May 2022 10:01:51 +0300
Source: mosh
Architecture: source
Version: 1.3.2-2.2
Distribution: unstable
Urgency: medium
Maintainer: Keith Winstein <keithw@mit.edu>
Changed-By: Nicholas Guriev <guriev-ns@ya.ru>
Closes: 1005718
Changes:
mosh (1.3.2-2.2) unstable; urgency=medium
.
* Non-maintainer upload.
* Lower warning level to distcheck to solve build against OpenSSL 3.0 with
permitted deprecated declarations. (Closes: #1005718)
Checksums-Sha1:
42843d52d3b62706738e6168839e07901dad8272 1936 mosh_1.3.2-2.2.dsc
556c661acb30a910448f3a186b81b605b0910333 12840 mosh_1.3.2-2.2.debian.tar.xz
e905acd8d52dc0e1fb2a8fe71ec9f3738e206bc1 6666 mosh_1.3.2-2.2_amd64.buildinfo
Checksums-Sha256:
5416fc4cd693c1cd9c4ed0ffd0fde298995f33ec73661592b8563da847fa231c 1936 mosh_1.3.2-2.2.dsc
7a4294808e5b0bcc355eadce93ecdf8a2d1c8645ae332312cc526f6f6c325096 12840 mosh_1.3.2-2.2.debian.tar.xz
a404550c3dacbbd8f05ffebfbbc95741004e34dd2bd48e4d05f82ef6fcf7748b 6666 mosh_1.3.2-2.2_amd64.buildinfo
Files:
83a16085ce74abf93cfd38b7820b3d42 1936 net optional mosh_1.3.2-2.2.dsc
f85a7386e49d17026f71189ad69c819c 12840 net optional mosh_1.3.2-2.2.debian.tar.xz
9aeb7743ff9751fadf430354c7516299 6666 net optional mosh_1.3.2-2.2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAmKSdmYACgkQCBa54Yx2
K62DeQ/+KWo5AI9XuYV3xdJsabKzylpX+/htpb99OjPwXiyT/N97vdMLahJOHHRm
w8eAEWTPEOb7/x+O+PM7KlHkB0nNgnyOKCSfHJDe9wLEjt1wV5prY6h6BkdLndpl
xnIiF5WgVuKlyjImEfICNEwueRDN7SU1I1CdK1ojjnElG/L/iwCpSCoasCMNBwq+
Hxwq2H8TE+Y2ygrNGH/ORjwWjfk7gv2Ie1AUjzqVdpVsgluG5bY/gcn9AF6RXOAt
OSe+LHBrOnAfqbsWvo3JltiSPQyKNis2rRqdZo4a4ITreFqXEJsKffNqOIPMVhb/
QCMfGMoTrlVWYavl6hWpMlsYWOkr++pjqvfH1UpewaoSFkFQNDzt9fVSBa5i4uvk
+2L4/2jZMu3BB2x5NxMujIsimpbGA7PiROZ0tVB6zE4ehir7PFl4wN0NeJG+KF9Z
oD/9w5bpccjrnCJ6tYu2M7Y+Nk1mQvHN3YxcyUWAeltQmWwgoT/gBErwbjb6O+7F
cTYwfvTZlKKZx5EQIldEKrqWKZAzi60jngSsYgflinMiVa/V+nVaAIv3evph+I5z
zME/q6R36pAwgUNap8DUgILptRGYlUTaSQ26bMdq2yZkyfteQUErUeUiXeD/2ICC
abzVyO5vVPDFSnUrfduShk9X+kWvV9uv9LRikovPKhZHQDoU/Vo=
=ZQEj
-----END PGP SIGNATURE-----