2024-04-19 15:09 BST
  

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002855NetSurf[All Projects] Generalpublic2023-04-11 21:252023-08-12 18:57
Reporterorbea 
Assigned To 
SeverityminorReproducibilityalways 
StatusnewResolutionopen 
PlatformLinuxOSGentooOS Version2.13
Product Version3.10 
Target VersionFixed in Version 
Summary0002855: Build failure with LibreSSL 3.7.2
DescriptionWhen building NetSurf 3.10 with LibreSSL 3.7.2 the build will fail because of legacy code paths that are no longer needed with newer LibreSSL versions. This can be solved by simply disabling these code paths with newer LibreSSL versions.
Steps To ReproduceBuild NetSurf using LibreSSL instead of OpenSSL.
TagsNo tags attached.
Fixed in CI build #
Reported in CI build #
URL of problem page
Attached Files
  • log file icon netsurf-3.10-build.log (97,901 bytes) 2023-04-11 21:25
  • patch file icon netsurf-3.10-libressl-3.5.patch (1,669 bytes) 2023-04-11 21:26 - 
    X509_get_signature_nid(), ASN1_STRING_get0_data(), RSA_bits() and DH_bits()
have been available since LibreSSL 2.7.
DSA_bits(), RSA_get0_n(), RSA_get0_e() will be available in LibreSSL 3.5.

Index: content/fetchers/about.c
--- a/content/fetchers/about.c
+++ b/content/fetchers/about.c
@@ -538,7 +538,8 @@ static nserror free_ns_cert_info(struct ns_cert_info *
 /* OpenSSL 1.0.x, 1.0.2, 1.1.0 and 1.1.1 API all changed
  * LibreSSL declares its OpenSSL version as 2.1 but only supports 1.0.x API
  */
-#if (defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x1010000fL))
+#if (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3050000fL) || \
+	(OPENSSL_VERSION_NUMBER < 0x1010000fL)
 /* 1.0.x */

 #if (defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x1000200fL))
@@ -609,7 +610,7 @@ static const BIGNUM *ns_RSA_get0_e(const RSA *r)
 #define ns_DH_bits DH_bits

 #else
-/* 1.1.1 and later */
+/* 1.1.1 and later, LibreSSL 3.5.0 and later */
 #define ns_X509_get_signature_nid X509_get_signature_nid
 #define ns_ASN1_STRING_get0_data ASN1_STRING_get0_data
 #define ns_RSA_get0_n RSA_get0_n

X509_up_ref has been available since LibreSSL 2.5.
X509_free has always been available.

Index: content/fetchers/curl.c
--- a/content/fetchers/curl.c
+++ b/content/fetchers/curl.c
@@ -92,7 +92,7 @@
 /* OpenSSL 1.0.x to 1.1.0 certificate reference counting changed
  * LibreSSL declares its OpenSSL version as 2.1 but only supports the old way
  */
-#if (defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x1010000fL))
+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
 static int ns_X509_up_ref(X509 *cert)
 {
 	cert->references++;
    patch file icon netsurf-3.10-libressl-3.5.patch (1,669 bytes) 2023-04-11 21:26 +

-Relationships
+Relationships

-Notes
Michael Orlitzky

~0002415

Michael Orlitzky (reporter)

2023-08-12 18:57

 For easy reference: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.2-relnotes.txt

Does this comment need to be updated?

 /* OpenSSL 1.0.x, 1.0.2, 1.1.0 and 1.1.1 API all changed
  * LibreSSL declares its OpenSSL version as 2.1 but only supports 1.0.x API
  */

I was going to ask if you are using this in Gentoo because I'm the ersatz maintainer of netsurf, but I see now that you're running the libressl overlay.
+Notes

-Issue History
Date Modified Username Field Change
2023-04-11 21:25 orbea New Issue
2023-04-11 21:25 orbea File Added: netsurf-3.10-build.log
2023-04-11 21:26 orbea File Added: netsurf-3.10-libressl-3.5.patch
2023-08-12 18:57 Michael Orlitzky Note Added: 0002415
+Issue History