Maintained by: NLnet Labs

configure does not detect LibreSSL 2.2.2 properly

Christian Neukirchen
Mon Aug 10 17:49:45 CEST 2015


Hi,

I noticed the LibreSSL configure test in unbound 1.5.4 does not detect
LibreSSL 2.2.2:

if grep OPENSSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null then

However, LibreSSL 2.2.2 ships /usr/include/openssl/opensslv.h with

/* These will change with each release of LibreSSL-portable */
#define LIBRESSL_VERSION_NUMBER 0x20020002L
#define LIBRESSL_VERSION_TEXT   "LibreSSL 2.2.2"

/* These will never change */
#define OPENSSL_VERSION_NUMBER  0x20000000L
#define OPENSSL_VERSION_TEXT    LIBRESSL_VERSION_TEXT
#define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT


Perhaps you just want to check for any mention of LibreSSL in
/usr/include/openssl/opensslv.h at all, or do it properly and check
if LIBRESSL_VERSION_NUMBER is defined as a macro.

(This misdetection results in the unfortunate behavior that
reallocarray is used without prototype (because the prototypes are
guarded by HAVE_LIBRESSL), resulting in truncated address return
values on 64-bit machines.)

Found by Void Linux: https://github.com/voidlinux/void-packages/pull/2232.

cu,
-- 
Christian Neukirchen  <chneukirchen at gmail.com>  http://chneukirchen.org