Bug#828240: asterisk: FTBFS with openssl 1.1.0
06.11.2016 в 23:39:41 +0100 Bernhard Schmidt написал(а): > On Sun, Nov 06, 2016 at 04:39:03PM +0400, Stepan Golosunov wrote: > > 06.11.2016 в 16:18:32 +0400 Stepan Golosunov написал: > > > #if defined(HAVE_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x1010L > > > /* No explicit initialization is needed with OpenSSL 1.1.0. > > >All the functions called or overridden in this file were removed. */ > > > #undef HAVE_OPENSSL > > > #endif > Thanks a lot, your suggestion together with > https://anonscm.debian.org/cgit/pkg-voip/asterisk.git/commit/?id=ec0143a92f4ced996be419bf49115be8f236e3ea > > leads to something that builds and runs. Yay! > > @Tzafrir: What do you think of this? Your patch is touching > main/libasteriskssl.c as well, but Stepan suggested to drop even more. Note that code in ast_ssl_init would still call functions from libssl1.0.2, even if compiled with OpenSSL 1.1.0 (but with the wrong value for CRYPTO_num_locks(), 1 instead of 41). Or return -1 if libssl.so.1.0.2 is not loaded. (Though not running that code can be problematic if libssl1.0.2 is not only loaded but actually used via some third library.) And I suspect that OPENSSL_API_COMPAT is wrong value for conditional compilation (it's not defined in OpenSSL 1.0.2 for example).
Bug#828240: asterisk: FTBFS with openssl 1.1.0
On Sun, Nov 06, 2016 at 04:39:03PM +0400, Stepan Golosunov wrote: Hi, > 06.11.2016 в 16:18:32 +0400 Stepan Golosunov написал: > > 03.11.2016 в 09:24:19 +0100 Bernhard Schmidt написал(а): > > > - Asterisk is doing some weird stuff with macros in > > > > > > https://sources.debian.net/src/asterisk/1:13.11.2~dfsg-1/main/libasteriskssl.c/ > > > that causes the build against 1.1.0 to fail. This is beyond my C > > > knowledge. I will gladly test and accept any patch for that. > > > > I think that > > > > #if defined(HAVE_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x1010L > > /* No explicit initialization is needed with OpenSSL 1.1.0. > >All the functions called or overridden in this file were removed. */ > > #undef HAVE_OPENSSL > > #endif > > > > should be added after ASTERISK_FILE_VERSION in libasteriskssl.c. > > After or inside > > #ifdef HAVE_OPENSSL > #include > #include > #endif > > seems more apropriate as #include is still needed to get > OPENSSL_VERSION_NUMBER. Thanks a lot, your suggestion together with https://anonscm.debian.org/cgit/pkg-voip/asterisk.git/commit/?id=ec0143a92f4ced996be419bf49115be8f236e3ea leads to something that builds and runs. Yay! @Tzafrir: What do you think of this? Your patch is touching main/libasteriskssl.c as well, but Stepan suggested to drop even more. Bernhard signature.asc Description: Digital signature
Bug#828240: asterisk: FTBFS with openssl 1.1.0
06.11.2016 в 16:18:32 +0400 Stepan Golosunov написал: > 03.11.2016 в 09:24:19 +0100 Bernhard Schmidt написал(а): > > - Asterisk is doing some weird stuff with macros in > > > > https://sources.debian.net/src/asterisk/1:13.11.2~dfsg-1/main/libasteriskssl.c/ > > that causes the build against 1.1.0 to fail. This is beyond my C > > knowledge. I will gladly test and accept any patch for that. > > I think that > > #if defined(HAVE_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x1010L > /* No explicit initialization is needed with OpenSSL 1.1.0. >All the functions called or overridden in this file were removed. */ > #undef HAVE_OPENSSL > #endif > > should be added after ASTERISK_FILE_VERSION in libasteriskssl.c. After or inside #ifdef HAVE_OPENSSL #include #include #endif seems more apropriate as #include is still needed to get OPENSSL_VERSION_NUMBER.
Bug#828240: asterisk: FTBFS with openssl 1.1.0
03.11.2016 в 09:24:19 +0100 Bernhard Schmidt написал(а): > - Asterisk is doing some weird stuff with macros in > > https://sources.debian.net/src/asterisk/1:13.11.2~dfsg-1/main/libasteriskssl.c/ > that causes the build against 1.1.0 to fail. This is beyond my C > knowledge. I will gladly test and accept any patch for that. I think that #if defined(HAVE_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x1010L /* No explicit initialization is needed with OpenSSL 1.1.0. All the functions called or overridden in this file were removed. */ #undef HAVE_OPENSSL #endif should be added after ASTERISK_FILE_VERSION in libasteriskssl.c. (The fact that the functions were removed also means that asterisk compiled with OpenSSL 1.0.2 probably won't break when both 1.0.2 and 1.1.0 are loaded. But probably will break if libssl1.0.0 from jessie is loaded.)
Bug#828240: asterisk: FTBFS with openssl 1.1.0
Control: tags -1 help Hi, current state on this: - There is no progress visible in the upstream bugtracker, I have also not found anything in other distros (Fedora etc.) - switching to libssl1.0-dev does not work for now because the build-deps libc-client2007e-dev libpjproject-dev libsnmp-dev depend on the conflicting libssl-dev. libpjproject has already switched to libssl1.0-dev, so the dependency looks like a bug in d-devlibdeps. That could be easily overridden. libc-client2007e-dev has an open FTBFS against OpenSSL 1.1.0 anyway, but there is a patch in the BTS. Maybe one could just drop the libssl-dev dependency from libc-client2007e-dev and libsnmp-dev, as done for libpq-dev? - Asterisk is doing some weird stuff with macros in https://sources.debian.net/src/asterisk/1:13.11.2~dfsg-1/main/libasteriskssl.c/ that causes the build against 1.1.0 to fail. This is beyond my C knowledge. I will gladly test and accept any patch for that. Best Regards, Bernhard signature.asc Description: Digital signature
Bug#828240: asterisk: FTBFS with openssl 1.1.0
Source: asterisk Version: 13.8.2~dfsg-1 Severity: important Control: block 827061 by -1 Hi, OpenSSL 1.1.0 is about to released. During a rebuild of all packages using OpenSSL this package fail to build. A log of that build can be found at: https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/asterisk_13.8.2~dfsg-1_amd64-20160529-1405 On https://wiki.openssl.org/index.php/1.1_API_Changes you can see various of the reasons why it might fail. There are also updated man pages at https://www.openssl.org/docs/manmaster/ that should contain useful information. There is a libssl-dev package available in experimental that contains a recent snapshot, I suggest you try building against that to see if everything works. If you have problems making things work, feel free to contact us. Kurt