Bug#874679: libssh2: Fails to build on stable if libssl-dev is installed

Fri, 08 Sep 2017 08:57:35 -0700 

Source: libssh2
Version: 1.7.0-1
Severity: serious
Justification: fails to build from source (but built successfully in the past)

libssh2 fails to build on stable if libssl-dev is installed:

-----------------
libtool: compile:  gcc -DHAVE_CONFIG_H -I../include -I../src -Wdate-time 
-D_FORTIFY_SOURCE=2 -g -O2 -fdebug-prefix-map=/tmp/libssh2-1.7.0=. 
-fstack-protector-strong -Wformat -Werror=format-security -c openssl.c  -fPIC 
-DPIC -o .libs/openssl.o
openssl.c: In function ‘_libssh2_rsa_new’:
openssl.c:71:11: error: dereferencing pointer to incomplete type ‘RSA {aka 
struct rsa_st}’
     (*rsa)->e = BN_new();
           ^~
openssl.c: In function ‘_libssh2_dsa_new’:
openssl.c:130:14: error: dereferencing pointer to incomplete type ‘DSA {aka 
struct dsa_st}’
     (*dsactx)->p = BN_new();
              ^~
openssl.c: In function ‘_libssh2_dsa_sha1_verify’:
openssl.c:156:13: error: storage size of ‘dsasig’ isn’t known
     DSA_SIG dsasig;
             ^~~~~~
In file included from /usr/include/openssl/asn1.h:24:0,
                 from /usr/include/openssl/rsa.h:16,
                 from openssl.h:42,
                 from crypto.h:42,
                 from libssh2_priv.h:140,
                 from openssl.c:41:
openssl.c: In function ‘_libssh2_dsa_sha1_sign’:
openssl.c:597:29: error: dereferencing pointer to incomplete type ‘DSA_SIG {aka 
struct DSA_SIG_st}’
     r_len = BN_num_bytes(sig->r);
                             ^
Makefile:575: recipe for target 'openssl.lo' failed
make[3]: *** [openssl.lo] Error 1
make[3]: Leaving directory '/tmp/libssh2-1.7.0/src'
--------------------

if libssl-dev is removed, or libssl1.0-dev installed then it builds OK.

So it seems that the package should declare a build-conflicts with libssl-dev.

The underlying reason appears to be an API change to opaque structs, explained 
on:
https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes
and covered in a debian context in:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857621

I've not worked out the full details of why this works so long as the
headers are not present at all, but the issue is that
/usr/include/openssl/dsa.h (or rsa.h) defines a struct DSA_SIG_st but
not the contents of it, which is now an internal detail not exposed in
the headers.

presumably by the magic of autoconf, if no openssl headers are found
then nothing tries to be too cleaver and access struct members
directly.

I tried this on two architectures and both fail the same way.

Wookey

Reply via email to