[Pkg-openssl-devel] Bug#751457: libssl-dev: SSL_OP_MSIE_SSLV2_RSA_PADDING missing from /usr/include/openssl/ssl.h which breaks building things

Tim Shepard shep at alum.mit.edu
Fri Jun 13 04:56:15 UTC 2014 


Package: libssl-dev
Version: 1.0.1e-2+deb7u10
Severity: important


After taking several security updates last week, a wheezy system now
can no longer be used to build things that used to be buildable on
wheezy.

One good example to demonstrate the problem is to (on a wheezy system
that has the recent security updates):

     apt-get source python-openssl

and then try to build it.   The build breaks with this error:


OpenSSL/ssl/ssl.c: In function 'initSSL':
OpenSSL/ssl/ssl.c:214:66: error: 'SSL_OP_MSIE_SSLV2_RSA_PADDING' undeclared (first use in this function)
OpenSSL/ssl/ssl.c:214:66: note: each undeclared identifier is reported only once for each function it appears in
error: command 'gcc' failed with exit status 1
make: *** [build-stamp] Error 1


But this is *just* *an* *example* of the sort of thing that is now
broken because of this missing define.  Other packages (apparently),
and other non-debian build systems (think "buildroot-based") that used
to build fine on debian wheezy also stop working.

(I wanted to label this bug "serious", but could not find something in
 the Debian policy manual to quote regarding installing a security
 update in stable making other stable packages non-buildable in
 stable.  Is that a bug in the policy manual?)

It appears that this bug was introduced upstream, and then later
fixed upstream:

  http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3c6c139a07353b9fc4b27feb33a089cca346ce75

It also appears this bug was introduced and then later fixed in
unstable, if I understand #733366 and #733371 correctly.


Can this be fixed in wheezy's libssl-dev, or going forward do I need
to kludge around this now-missing define (add it by hand back to
/usr/include/openssl/ssl.h on systems I want to be usable for builds),
or should I start fixing (or filing bugs) on everything that is now
broken by this?


-- System Information:
Debian Release: 7.5
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.15.0-rc7 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libssl-dev depends on:
ii  libssl1.0.0  1.0.1e-2+deb7u10
ii  zlib1g-dev   1:1.2.7.dfsg-13

Versions of packages libssl-dev recommends:
ii  libssl-doc  1.0.1e-2+deb7u10

libssl-dev suggests no packages.

-- no debconf information

More information about the Pkg-openssl-devel mailing list