configure does not detect LibreSSL 2.2.2 properly

Christian_Neukirchen · August 10, 2015, 3:49pm

Hi,

I noticed the LibreSSL configure test in unbound 1.5.4 does not detect
LibreSSL 2.2.2:

if grep OPENSSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null then

However, LibreSSL 2.2.2 ships /usr/include/openssl/opensslv.h with

/* These will change with each release of LibreSSL-portable */
#define LIBRESSL_VERSION_NUMBER 0x20020002L
#define LIBRESSL_VERSION_TEXT "LibreSSL 2.2.2"

/* These will never change */
#define OPENSSL_VERSION_NUMBER 0x20000000L
#define OPENSSL_VERSION_TEXT LIBRESSL_VERSION_TEXT
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

Perhaps you just want to check for any mention of LibreSSL in
/usr/include/openssl/opensslv.h at all, or do it properly and check
if LIBRESSL_VERSION_NUMBER is defined as a macro.

(This misdetection results in the unfortunate behavior that
reallocarray is used without prototype (because the prototypes are
guarded by HAVE_LIBRESSL), resulting in truncated address return
values on 64-bit machines.)

Found by Void Linux: https://github.com/voidlinux/void-packages/pull/2232.

cu,

Wouter · August 11, 2015, 7:37am

Hi Christian,

Hi,

I noticed the LibreSSL configure test in unbound 1.5.4 does not
detect LibreSSL 2.2.2:

if grep OPENSSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h |
grep "LibreSSL" >/dev/null then

However, LibreSSL 2.2.2 ships /usr/include/openssl/opensslv.h with

/* These will change with each release of LibreSSL-portable */
#define LIBRESSL_VERSION_NUMBER 0x20020002L #define
LIBRESSL_VERSION_TEXT "LibreSSL 2.2.2"

/* These will never change */ #define OPENSSL_VERSION_NUMBER
0x20000000L #define OPENSSL_VERSION_TEXT LIBRESSL_VERSION_TEXT
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

Perhaps you just want to check for any mention of LibreSSL in
/usr/include/openssl/opensslv.h at all, or do it properly and
check if LIBRESSL_VERSION_NUMBER is defined as a macro.

Fixed configure script to detect OPENSSL_VERSION_TEXT and
LIBRESSL_VERSION_TXT. That works for OpenSSL (just like before) and
LibreSSL 2.0.0 and 2.2.2.

This is the patch to configure.ac and configure:
- -if grep OPENSSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h |
grep "LibreSSL" >/dev/null; then
+if grep -e OPENSSL_VERSION_TEXT -e LIBRESSL_VERSION_TEXT
$ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then

Best regards, Wouter