configure does not detect LibreSSL 2.2.2 properly

W.C.A. Wijngaards wouter at nlnetlabs.nl
Tue Aug 11 07:37:58 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Christian,

On 10/08/15 17:49, Christian Neukirchen via Unbound-users wrote:
> Hi,
> 
> I noticed the LibreSSL configure test in unbound 1.5.4 does not
> detect LibreSSL 2.2.2:
> 
> if grep OPENSSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h |
> grep "LibreSSL" >/dev/null then
> 
> However, LibreSSL 2.2.2 ships /usr/include/openssl/opensslv.h with
> 
> /* These will change with each release of LibreSSL-portable */ 
> #define LIBRESSL_VERSION_NUMBER 0x20020002L #define
> LIBRESSL_VERSION_TEXT   "LibreSSL 2.2.2"
> 
> /* These will never change */ #define OPENSSL_VERSION_NUMBER
> 0x20000000L #define OPENSSL_VERSION_TEXT    LIBRESSL_VERSION_TEXT 
> #define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
> 
> 
> Perhaps you just want to check for any mention of LibreSSL in 
> /usr/include/openssl/opensslv.h at all, or do it properly and
> check if LIBRESSL_VERSION_NUMBER is defined as a macro.
> 

Fixed configure script to detect OPENSSL_VERSION_TEXT and
LIBRESSL_VERSION_TXT.  That works for OpenSSL (just like before) and
LibreSSL 2.0.0 and 2.2.2.

This is the patch to configure.ac and configure:
- -if grep OPENSSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h |
grep "LibreSSL" >/dev/null; then
+if grep -e OPENSSL_VERSION_TEXT -e LIBRESSL_VERSION_TEXT
$ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then


Best regards, Wouter

> (This misdetection results in the unfortunate behavior that 
> reallocarray is used without prototype (because the prototypes are 
> guarded by HAVE_LIBRESSL), resulting in truncated address return 
> values on 64-bit machines.)
> 
> Found by Void Linux:
> https://github.com/voidlinux/void-packages/pull/2232.
> 
> cu,
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVyaZWAAoJEJ9vHC1+BF+NF3IP/RnhAv87BQcDwvhZTXs4ct1W
QdSB+fPLdbXsxQ7o/NreK1Z0dqk6HPhOiUlOVRt0Tv4w/szicqIACycPrzfLQe2p
sWI8RlMN3FfxjIX68lr39cvP14RfV4wTE/Vgdvr0yfiR+zNNzIRZBo+y69tlC30A
GLk1Qloq6+A2Pb4rkH/KcCL7yEJNPL0XlFQrBOOfzfagqVSLSMqD5AM9S0Bw8esU
vrnZAqDBgMDhHkXKLmwJRrmLcrc2wR6c4YU3iD5zVlg3V9EZdm9AbQTte3DOeGt4
SXt7UYwfhUD5ssqoamomXD4XPwp6thIiSu91Lbh6BgMol5KD2Vl6aVRTd1bkPwKH
NCDH2JuFpjXgMepSmmNvRHAOlQWUGvDFiL9I54C9yenEHfDneobG2yOBtHY0sTAO
3A5J85JQRXurUyGl3XOHT7crF+BIiRCwJEbptcS3SNwOi9sJBWuFcUAzkWxgvYk1
crShDvIoQE6Wq8xWoR5HjrScYWX2B5jVUZ7I0gfwMzRQdKTJXTHibmJHNhCAhgRH
ZlHSoCA7nCVnc7ke3klMgRuKsFaptx0un95hVsPl2y05TskVsNXdhnptyTcm03Zq
Q3Vd6w2R9JHq4g5KPP+56sVoOg7JxZX6kc8F4ejHURTtM6wJvxr8hiIfsxc5sEgQ
rdzzOQz2Zb7rlRhdA5Ue
=u8Py
-----END PGP SIGNATURE-----



More information about the Unbound-users mailing list