Bug#1138340: libre: FTBFS with openssl 4.0
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Sat May 30 16:56:44 BST 2026
Package: libre
Version: 2.0.1-3
Severity: normal
Tags: sid
control: affects -1 src:openssl
User: pkg-openssl-devel at lists.alioth.debian.org
Usertags: openssl-4.0
OpenSSL 4.0 is in experimental. This package fails to build against it:
| x86_64-linux-gnu-gcc -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/libre-2.0.1=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -DRELEASE -Wall -Wextra -Wmissing-declarations -Wmissing-prototypes -Wstrict-prototypes -Wbad-function-cast -Wsign-compare -Wnested-externs -Wshadow -Waggregate-return -Wcast-align -Wold-style-definition -Wdeclaration-after-statement -g -O3 -Wuninitialized -Wno-strict-aliasing -fPIC -DLINUX -DOS=\"linux\" -std=c11 -pedantic -DHAVE_ATOMIC -DARCH=\"x86_64\" -DUSE_OPENSSL -DUSE_TLS -DUSE_OPENSSL_DTLS -DUSE_DTLS -DUSE_OPENSSL_SRTP -DUSE_DTLS_SRTP -DUSE_ZLIB -DHAVE_PTHREAD -DHAVE_GETIFADDRS -DHAVE_STRERROR_R -DHAVE_GETOPT -DHAVE_INTTYPES_H -DHAVE_NET_ROUTE_H -DHAVE_SYS_SYSCTL_H -DHAVE_STDBOOL_H -DHAVE_INET6 -DHAVE_RESOLV -DHAVE_SYSLOG -DHAVE_FORK -DHAVE_INET_NTOP -DHAVE_PWD_H -DHAVE_POLL -DHAVE_INET_PTON -DHAVE_SELECT -DHAVE_SELECT_H -DHAVE_SETRLIMIT -DHAVE_SIGNAL -DHAVE_SYS_TIME_H -DHAVE_EPOLL -DHAVE_UNAME -DHAVE_UNISTD_H -DHAVE_STRINGS_H -DVERSION=\"2.0.1\" -DVER_MAJOR=2 -DVER_MINOR=0 -DVER_PATCH=1 -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -Iinclude -DHAVE_ROUTE_LIST -c src/tls/openssl/tls.c -o build-x86_64/tls/openssl/tls.o -MD -MF build-x86_64/tls/openssl/tls.d -MT build-x86_64/tls/openssl/tls.o
| src/tls/openssl/tls.c: In function ‘tls_set_selfsigned_ec’:
| src/tls/openssl/tls.c:468:9: warning: ‘EC_KEY_new_by_curve_name’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
| 468 | eckey = EC_KEY_new_by_curve_name(eccgrp);
| | ^~~~~
| In file included from /usr/include/openssl/x509.h:35,
| from /usr/include/openssl/ssl.h:34,
| from src/tls/openssl/tls.c:7:
| /usr/include/openssl/ec.h:1017:31: note: declared here
| 1017 | OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_by_curve_name(int nid);
| | ^~~~~~~~~~~~~~~~~~~~~~~~
| src/tls/openssl/tls.c:472:9: warning: ‘EC_KEY_generate_key’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
| 472 | if (!EC_KEY_generate_key(eckey))
| | ^~
| /usr/include/openssl/ec.h:1114:27: note: declared here
| 1114 | OSSL_DEPRECATEDIN_3_0 int EC_KEY_generate_key(EC_KEY *key);
| | ^~~~~~~~~~~~~~~~~~~
| src/tls/openssl/tls.c:476:9: warning: ‘EC_KEY_set_asn1_flag’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
| 476 | EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE);
| | ^~~~~~~~~~~~~~~~~~~~
| /usr/include/openssl/ec.h:1100:28: note: declared here
| 1100 | OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
| | ^~~~~~~~~~~~~~~~~~~~
| src/tls/openssl/tls.c:485:9: warning: ‘EVP_PKEY_set1_EC_KEY’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
| 485 | if (!EVP_PKEY_set1_EC_KEY(key, eckey))
| | ^~
| In file included from /usr/include/openssl/x509.h:31:
| /usr/include/openssl/evp.h:1327:5: note: declared here
| 1327 | int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
| | ^~~~~~~~~~~~~~~~~~~~
| src/tls/openssl/tls.c:515:17: warning: ‘EC_KEY_free’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
| 515 | EC_KEY_free(eckey);
| | ^~~~~~~~~~~
| /usr/include/openssl/ec.h:1022:28: note: declared here
| 1022 | OSSL_DEPRECATEDIN_3_0 void EC_KEY_free(EC_KEY *key);
| | ^~~~~~~~~~~
| src/tls/openssl/tls.c: In function ‘tls_set_selfsigned_rsa’:
| src/tls/openssl/tls.c:539:9: warning: ‘RSA_new’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
| 539 | rsa = RSA_new();
| | ^~~
| In file included from /usr/include/openssl/x509.h:38:
| /usr/include/openssl/rsa.h:212:28: note: declared here
| 212 | OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void);
| | ^~~~~~~
| src/tls/openssl/tls.c:548:9: warning: ‘RSA_generate_key_ex’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
| 548 | if (!RSA_generate_key_ex(rsa, (int)bits, bn, NULL))
| | ^~
| /usr/include/openssl/rsa.h:269:27: note: declared here
| 269 | OSSL_DEPRECATEDIN_3_0 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
| | ^~~~~~~~~~~~~~~~~~~
| src/tls/openssl/tls.c:555:9: warning: ‘EVP_PKEY_set1_RSA’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
| 555 | if (!EVP_PKEY_set1_RSA(key, rsa))
| | ^~
| /usr/include/openssl/evp.h:1301:5: note: declared here
| 1301 | int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key);
| | ^~~~~~~~~~~~~~~~~
| src/tls/openssl/tls.c:591:17: warning: ‘RSA_free’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
| 591 | RSA_free(rsa);
| | ^~~~~~~~
| /usr/include/openssl/rsa.h:302:28: note: declared here
| 302 | OSSL_DEPRECATEDIN_3_0 void RSA_free(RSA *r);
| | ^~~~~~~~
| src/tls/openssl/tls.c: In function ‘tls_peer_common_name’:
| src/tls/openssl/tls.c:923:9: warning: ‘X509_NAME_get_text_by_NID’ is deprecated: Since OpenSSL 4.0 [-Wdeprecated-declarations]
| 923 | n = X509_NAME_get_text_by_NID(X509_get_subject_name(cert),
| | ^
| /usr/include/openssl/x509.h:1041:27: note: declared here
| 1041 | OSSL_DEPRECATEDIN_4_0 int X509_NAME_get_text_by_NID(const X509_NAME *name,
| | ^~~~~~~~~~~~~~~~~~~~~~~~~
| src/tls/openssl/tls.c: In function ‘tls_set_verify_server’:
| src/tls/openssl/tls.c:1141:17: warning: ‘SSL_set1_host’ is deprecated: Since OpenSSL 4.0 [-Wdeprecated-declarations]
| 1141 | if (!SSL_set1_host(tc->ssl, host)) {
| | ^~
| /usr/include/openssl/ssl.h:1922:34: note: declared here
| 1922 | OSSL_DEPRECATEDIN_4_0 __owur int SSL_set1_host(SSL *s, const char *host);
| | ^~~~~~~~~~~~~
| src/tls/openssl/tls.c: In function ‘tls_get_issuer’:
| src/tls/openssl/tls.c:1280:48: error: passing argument 3 of ‘tls_get_ca_chain_field’ from incompatible pointer type [-Wincompatible-pointer-types]
| 1280 | return tls_get_ca_chain_field(tls, mb, &X509_get_issuer_name,
| | ^~~~~~~~~~~~~~~~~~~~~
| | |
| | const X509_NAME * (*)(const X509 *) {aka const struct X509_name_st * (*)(const struct x509_st *)}
| src/tls/openssl/tls.c:1250:30: note: expected ‘X509_NAME * (*)(const X509 *)’ {aka ‘struct X509_name_st * (*)(const struct x509_st *)’} but argument is of type ‘const X509_NAME * (*)(const X509 *)’ {aka ‘const struct X509_name_st * (*)(const struct x509_st *)’}
| 1250 | tls_get_certfield_h *field_getter, unsigned long flags)
| | ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~
| /usr/include/openssl/x509.h:860:18: note: ‘X509_get_issuer_name’ declared here
| 860 | const X509_NAME *X509_get_issuer_name(const X509 *a);
| | ^~~~~~~~~~~~~~~~~~~~
| src/tls/openssl/tls.c: In function ‘tls_get_subject’:
| src/tls/openssl/tls.c:1298:48: error: passing argument 3 of ‘tls_get_ca_chain_field’ from incompatible pointer type [-Wincompatible-pointer-types]
| 1298 | return tls_get_ca_chain_field(tls, mb, &X509_get_subject_name,
| | ^~~~~~~~~~~~~~~~~~~~~~
| | |
| | const X509_NAME * (*)(const X509 *) {aka const struct X509_name_st * (*)(const struct x509_st *)}
| src/tls/openssl/tls.c:1250:30: note: expected ‘X509_NAME * (*)(const X509 *)’ {aka ‘struct X509_name_st * (*)(const struct x509_st *)’} but argument is of type ‘const X509_NAME * (*)(const X509 *)’ {aka ‘const struct X509_name_st * (*)(const struct x509_st *)’}
| 1250 | tls_get_certfield_h *field_getter, unsigned long flags)
| | ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~
| /usr/include/openssl/x509.h:862:18: note: ‘X509_get_subject_name’ declared here
| 862 | const X509_NAME *X509_get_subject_name(const X509 *a);
| | ^~~~~~~~~~~~~~~~~~~~~
| make[2]: *** [GNUmakefile:108: build-x86_64/tls/openssl/tls.o] Error 1
| make[2]: Leaving directory '/build/reproducible-path/libre-2.0.1'
Full buildlog
https://breakpoint.cc/openssl-rebuild/logs-4/attempted/libre_2.0.1-3_amd64-2026-04-19T08:20:42Z
Sebastian
More information about the Pkg-voip-maintainers
mailing list