** Changed in: openssl (Debian)
       Status: Unknown => New

** Changed in: openssl
       Status: Unknown => New

You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.

  openssl: After symbol versioning, distributed pkgs are missing API
  symbols (e.g. EVP_PKEY_asn1_set_item)

Status in OpenSSL:
Status in openssl package in Ubuntu:
Status in openssl package in Debian:

Bug description:
  I'm developing an ENGINE for OpenSSL, and close to release, I noticed
  that in Ubuntu 16.04 LTS and in Debian oldstable-backports the build fails 
with the following output:

  /usr/bin/cc  -fPIC -g  -shared -Wl,-soname,liblibsuola.so -o liblibsuola.so 
CMakeFiles/suola.dir/suola.c.o CMakeFiles/suola.dir/suola_keypair.c.o 
CMakeFiles/suola.dir/debug/debug.c.o CMakeFiles/suola.dir/meths/X25519_meth.c.o 
CMakeFiles/suola.dir/providers/libsodium/ed25519.c.o -lssl -lcrypto 
/opt/libsodium-stable/lib/libsodium.so -Wl,-z,defs 
  CMakeFiles/suola.dir/meths/suola_asn1_meth.c.o: In function 
  /usr/local/src/libsuola/meths/suola_asn1_meth.c:505: undefined reference to 
  collect2: error: ld returned 1 exit status
  make[2]: *** [liblibsuola.so] Error 1
  CMakeFiles/suola.dir/build.make:412: recipe for target 'liblibsuola.so' failed
  make[2]: Leaving directory '/usr/local/src/libsuola/build'
  make[1]: *** [CMakeFiles/suola.dir/all] Error 2
  make: *** [all] Error 2

  This does not happen linking against the same exact release of openssl
  compiled from source on the same system.

  I then learned that one of the patches applied by Debian and inherited
  also by Ubuntu has the goal of versioning library symbols to avoid

  Unfortunately said patch is not updated regularly with each release of
  OpenSSL, resulting, like in my case, in symbols available in the public
  header files but masked through versioning in the shared library binary.

  The attached patch fixes my need by adding `EVP_PKEY_asn1_set_item` to
  the list, but you might consider an internal review of your release
  process to make sure that the list of symbols is updated whenever a new
  upstream releases makes new functions publicly available.

  I believe this bug is important, as it stops everyone using official
  packages from using third-party ENGINEs that require to use that
  function to set special handling of ASN.1 format, which basically
  includes every ENGINE that would add support for cryptosystems that
  upstream OpenSSL does not support (defying the purpose of using some

  The patch I propose covers my use case, but basically the package as is 
  unusable to any user of any application that may require functions
  available in the public headers but accidentally masked in the symbol
  versioning step.

  The ideal outcome of fixing this issue would consist in making the
  versioning patch dynamic, checking when symbols are added (or removed)
  in newer releases and updating the list accordingly.

  You might have the same versioning patch applied in other releases, so it's
  worth tagging this bug also for those to make the handling of the exposed 
symbols consistent.

  Finally I also opened a similar bug against the equivalent Debian 
oldstable-backports package, but I opened an Ubuntu-specific bug report because 
16.04 ships a more recent version of the package and the inherited symbol 
versioning patch has already been modified compared with the original Debian 
  For reference this is the Debian bug report: 

  -- System information --

  # lsv_release -rd
  Description:    Ubuntu 16.04.4 LTS
  Release:        16.04

  # apt-cache policy libssl-dev
    Installed: 1.0.2g-1ubuntu4.11
    Candidate: 1.0.2g-1ubuntu4.11
    Version table:
   *** 1.0.2g-1ubuntu4.11 500
          500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 
          500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 
          100 /var/lib/dpkg/status
       1.0.2g-1ubuntu4 500
          500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: libssl-dev 1.0.2g-1ubuntu4.11
  ProcVersionSignature: Ubuntu 4.13.0-36.40~16.04.1-generic 4.13.13
  Uname: Linux 4.13.0-36-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.16
  Architecture: amd64
  Date: Fri Apr 13 21:10:58 2018
   PATH=(custom, no user)
  SourcePackage: openssl
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:

Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to