Bug#1138479: marked as done (xmlsec1: FTBFS with openssl 4.0)

Sat, 30 May 2026 10:01:18 -0700 

Your message dated Sat, 30 May 2026 18:58:40 +0200
with message-id <[email protected]>
and subject line Re: [xml/sgml-pkgs] Bug#1138479: xmlsec1: FTBFS with openssl 
4.0
has caused the Debian Bug report #1138479,
regarding xmlsec1: FTBFS with openssl 4.0
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1138479: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138479
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: xmlsec1
Version: 1.3.10-2
Severity: normal
Tags: sid
control: affects -1 src:openssl
User: [email protected]
Usertags: openssl-4.0

OpenSSL 4.0 is in experimental. This package fails to build against it:

| libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../.. -DPACKAGE=\"xmlsec1\" 
-I../../include -I../../include -D__XMLSEC_FUNCTION__=__func__ 
-DXMLSEC_OPENSSL3_ENGINES=1 -DXMLSEC_NO_FTP=1 -DXMLSEC_NO_HTTP=1 
-DXMLSEC_NO_MD5=1 -DXMLSEC_NO_MLDSA=1 -DXMLSEC_NO_SLHDSA=1 -DXMLSEC_NO_GOST=1 
-DXMLSEC_NO_GOST2012=1 -DXMLSEC_NO_CRYPTO_DYNAMIC_LOADING=1 
-DXMLSEC_CRYPTO_OPENSSL=1 -I/usr/include/libxml2 -I/usr/include/libxml2 
-Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -Werror=implicit-function-declaration 
-ffile-prefix-map=/build/reproducible-path/xmlsec1-1.3.10=. 
-fstack-protector-strong -fstack-clash-protection -Wformat 
-Werror=format-security -fcf-protection -fno-strict-overflow 
-fno-strict-aliasing -O -std=c99 -pedantic -pedantic-errors -W -Wall -Wextra 
-fno-inline -Wnull-dereference -Wdouble-promotion -Wformat=2 -Wformat-security 
-Wformat-nonliteral -Wconversion -Wunused -Wshadow -Wpointer-arith -Wcast-align 
-Wwrite-strings -Wmissing-prototypes -Wnested-externs -Wredundant-decls 
-Wformat-overflow=2 -Wformat-signedness -fno-builtin-memset -c x509.c  -fPIC 
-DPIC -o .libs/libxmlsec1_openssl_la-x509.o
| x509.c: In function 'xmlSecOpenSSLX509SKIWrite':
| x509.c:1018:9: error: assignment discards 'const' qualifier from pointer 
target type [-Wdiscarded-qualifiers]
|  1018 |     ext = X509_get_ext(cert, index);
|       |         ^
| x509.c: In function 'xmlSecOpenSSLKeyDataX509Write':
| x509.c:1303:61: error: passing argument 1 of 'xmlSecOpenSSLX509NameWrite' 
discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
|  1303 |             x509Value->subject = 
xmlSecOpenSSLX509NameWrite(X509_get_subject_name(cert));
|       |                                                             
^~~~~~~~~~~~~~~~~~~~~~~~~~~
| x509.c:1156:39: note: expected 'X509_NAME *' {aka 'struct X509_name_st *'} 
but argument is of type 'const X509_NAME *' {aka 'const struct X509_name_st *'}
|  1156 | xmlSecOpenSSLX509NameWrite(X509_NAME* nm) {
|       |                            ~~~~~~~~~~~^~
| x509.c:1315:64: error: passing argument 1 of 'xmlSecOpenSSLX509NameWrite' 
discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
|  1315 |             x509Value->issuerName = 
xmlSecOpenSSLX509NameWrite(X509_get_issuer_name(cert));
|       |                                                                
^~~~~~~~~~~~~~~~~~~~~~~~~~
| x509.c:1156:39: note: expected 'X509_NAME *' {aka 'struct X509_name_st *'} 
but argument is of type 'const X509_NAME *' {aka 'const struct X509_name_st *'}
|  1156 | xmlSecOpenSSLX509NameWrite(X509_NAME* nm) {
|       |                            ~~~~~~~~~~~^~
| x509.c: In function 'xmlSecOpenSSLX509CertDebugDump':
| x509.c:1860:35: error: passing argument 1 of 'xmlSecOpenSSLX509NameToString' 
discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
|  1860 |     xmlSecOpenSSLX509NameToString(X509_get_subject_name(cert), buf, 
sizeof(buf));
|       |                                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~
| x509.c:1824:42: note: expected 'X509_NAME *' {aka 'struct X509_name_st *'} 
but argument is of type 'const X509_NAME *' {aka 'const struct X509_name_st *'}
|  1824 | xmlSecOpenSSLX509NameToString(X509_NAME* name, char* buf, int bufLen) 
{
|       |                               ~~~~~~~~~~~^~~~
| x509.c:1862:35: error: passing argument 1 of 'xmlSecOpenSSLX509NameToString' 
discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
|  1862 |     xmlSecOpenSSLX509NameToString(X509_get_issuer_name(cert), buf, 
sizeof(buf));
|       |                                   ^~~~~~~~~~~~~~~~~~~~~~~~~~
| x509.c:1824:42: note: expected 'X509_NAME *' {aka 'struct X509_name_st *'} 
but argument is of type 'const X509_NAME *' {aka 'const struct X509_name_st *'}
|  1824 | xmlSecOpenSSLX509NameToString(X509_NAME* name, char* buf, int bufLen) 
{
|       |                               ~~~~~~~~~~~^~~~
| x509.c: In function 'xmlSecOpenSSLX509CertDebugXmlDump':
| x509.c:1885:35: error: passing argument 1 of 'xmlSecOpenSSLX509NameToString' 
discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
|  1885 |     xmlSecOpenSSLX509NameToString(X509_get_subject_name(cert), buf, 
sizeof(buf));
|       |                                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~
| x509.c:1824:42: note: expected 'X509_NAME *' {aka 'struct X509_name_st *'} 
but argument is of type 'const X509_NAME *' {aka 'const struct X509_name_st *'}
|  1824 | xmlSecOpenSSLX509NameToString(X509_NAME* name, char* buf, int bufLen) 
{
|       |                               ~~~~~~~~~~~^~~~
| x509.c:1891:35: error: passing argument 1 of 'xmlSecOpenSSLX509NameToString' 
discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
|  1891 |     xmlSecOpenSSLX509NameToString(X509_get_issuer_name(cert), buf, 
sizeof(buf));
|       |                                   ^~~~~~~~~~~~~~~~~~~~~~~~~~
| x509.c:1824:42: note: expected 'X509_NAME *' {aka 'struct X509_name_st *'} 
but argument is of type 'const X509_NAME *' {aka 'const struct X509_name_st *'}
|  1824 | xmlSecOpenSSLX509NameToString(X509_NAME* name, char* buf, int bufLen) 
{
|       |                               ~~~~~~~~~~~^~~~
| make[5]: *** [Makefile:801: libxmlsec1_openssl_la-x509.lo] Error 1

Full buildlog
        
https://breakpoint.cc/openssl-rebuild/logs-4/attempted/xmlsec1_1.3.10-2_amd64-2026-04-19T10:13:08Z

Sebastian

--- End Message ---
--- Begin Message --- 
Version: 1.3.11-1

Am 30.05.26 um 18:22 schrieb Sebastian Andrzej Siewior:

Package: xmlsec1
Version: 1.3.10-2
Severity: normal
Tags: sid
control: affects -1 src:openssl
User: [email protected]
Usertags: openssl-4.0

OpenSSL 4.0 is in experimental. This package fails to build against it:
(...)


xmlsec1 1.3.11 as of experimental is supposed to fix this:

https://github.com/lsh123/xmlsec/releases/tag/1.3.11:

XMLSec 1.3.11 Latest
@lsh123 lsh123 released this Apr 22
· 46 commits to master since this release
 1.3.11
 8ed6192
The XML Security Library 1.3.11 release includes the following changes:

(xmlsec-openssl) Added support for OpenSSL 4.0.0.

[...]


Unfoirtunately a ratt rebuild caused a segfault on one test and a failing other 
one (see https://github.com/lsh123/xmlsec/pull/1104#issuecomment-4308404435 
ff.), then dropped the ball.

Will try the patch for python-xmlsec.


Regards,


Rene

--- End Message ---

Reply via email to