[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Pan-users] [gentooers] New pan/ssl problem from gnutls upgrade
From: |
Duncan |
Subject: |
Re: [Pan-users] [gentooers] New pan/ssl problem from gnutls upgrade |
Date: |
Fri, 2 Nov 2012 01:24:38 +0000 (UTC) |
User-agent: |
Pan/0.140 (Chocolate Salty Balls; GIT f91bd24 /usr/src/portage/src/egit-src/pan2) |
walt posted on Thu, 01 Nov 2012 15:22:39 -0700 as excerpted:
> The 'testing/unstable' version of gentoo upgraded gnutls today
> (finally!) but then I discovered pan could not open a successful
> encrypted session with any of my news servers :(
>
> By painful trial-and-error I found that the update to gnutls from
> 2.12.20 today didn't break pan, it broke glib-networking instead, which
> is now linked against the new gnutls-3.1.3
>
> I haven't tested enough yet to know if any other tls-using apps are also
> broken, but breaking pan is more than I can tolerate so I'm downgrading
> gnutls right now :)
>
> Anyway, gentoo is currently using glib-networking-2.32.3 and I'm
> wondering if that version is too old to work with gnutls-3.x
>
> Heinrich, are you using glib-networking? If yes, what version?
>
> Duncan, have you done the update yet?
I've done the update, yes, but unfortunately don't believe I can be much
help, as while I'm building pan with gnutls, I'm not actually /using/
gnutls for gmane, the only server I have active ATM (I'm more or less
unemployed ATM as I'm getting some work but not enough to survive on long
or even medium term, so have time to do news, but no money).
* I actually upgraded to gnutls-3.x quite some time ago, when pan first
switched from openssl to gnutls (required for license reasons, openssl
isn't gpl compatible and pan's gplv2) and AFAIK required gnutls-3.x for a
bit.
* I was running secure pan connections in the early testing, but
somewhere along the line something broke, and I switched back to unsecure
connections.
* But, I /have/ been upgrading gnutls regularly since then, and of course
rebuilding pan-9999 against the new gnutls when I updated pan, until
gnutls-3.1.2.
* gnutls-3.1.3 originally had build issues. It was still officially
masked at the time, so I just modified my package.unmask to < 3.1.3 and
copied the 3.1.2 ebuild from /var/db/pkg to my overlay, since it was
removed from-tree when 3.1.3 was introduced.
* But the gnutls-3.1.3 build issues turned out to be parallel-make
related, and a few days later they were resolved.
* Soon thereafter, the tree issues (boost or glibc or icu, IDR which)
that had kept gnutls-3.x masked were resolved as well, and the current
gnutls-3.x, the now working 3.1.3, was officially unmasked.
* I had been tracking some of this thru gentoo-dev list discussions, and
when I saw 3.1.3 being unmasked, I tried it again. By this time the
parallel-make issues had been patched and I could build and install it
just fine.
* pan (and everything else I run that deps on gnutls) seems fine with it,
but that's not surprising, because I said, I've been upgrading gnutls
regularly, so had long ago worked out any problems beyond the latest
3.1.2 -> 3.1.3 bump, and that problem turned out to be the parallel-make
problem, which was resolved.
* But, as I said, I've not actually been /running/ pan with secure/gnutls
connections for some months now, so while I know pan's building fine with
it, and working fine too, at least with non-secure connections, I really
can't tell you what secure connections are doing, at all.
So I know there's no build or unsecure runtime issues with it and pan,
but I don't know about secure-connections, and that seems to be the one
thing you haven't gotten working, either.
But, I've been meaning to try secure connections again one of these
days. Now's as good a time as any, I guess, and the glib-networking clue
you mentioned could be useful if I run into problems.
Let me get back to you.
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman