[Bug 2154887] [NEW] libre: FTBFS with openssl 4.0

Tue, 02 Jun 2026 04:01:04 -0700 

Public bug reported:

Imported from Debian bug http://bugs.debian.org/1138340:

Package: libre
Version: 2.0.1-3
Severity: normal
Tags: sid
control: affects -1 src:openssl
User: [email protected]
Usertags: openssl-4.0

OpenSSL 4.0 is in experimental. This package fails to build against it:

| x86_64-linux-gnu-gcc -g -O2 -Werror=implicit-function-declaration 
-ffile-prefix-map=/build/reproducible-path/libre-2.0.1=. 
-fstack-protector-strong -fstack-clash-protection -Wformat 
-Werror=format-security -fcf-protection -DRELEASE -Wall -Wextra 
-Wmissing-declarations -Wmissing-prototypes -Wstrict-prototypes 
-Wbad-function-cast -Wsign-compare -Wnested-externs -Wshadow -Waggregate-return 
-Wcast-align -Wold-style-definition -Wdeclaration-after-statement -g -O3   
-Wuninitialized -Wno-strict-aliasing -fPIC -DLINUX -DOS=\"linux\" -std=c11 
-pedantic -DHAVE_ATOMIC -DARCH=\"x86_64\" -DUSE_OPENSSL -DUSE_TLS 
-DUSE_OPENSSL_DTLS -DUSE_DTLS -DUSE_OPENSSL_SRTP -DUSE_DTLS_SRTP -DUSE_ZLIB 
-DHAVE_PTHREAD -DHAVE_GETIFADDRS -DHAVE_STRERROR_R -DHAVE_GETOPT 
-DHAVE_INTTYPES_H -DHAVE_NET_ROUTE_H -DHAVE_SYS_SYSCTL_H -DHAVE_STDBOOL_H 
-DHAVE_INET6 -DHAVE_RESOLV -DHAVE_SYSLOG -DHAVE_FORK -DHAVE_INET_NTOP 
-DHAVE_PWD_H -DHAVE_POLL    -DHAVE_INET_PTON -DHAVE_SELECT -DHAVE_SELECT_H 
-DHAVE_SETRLIMIT -DHAVE_SIGNAL -DHAVE_SYS_TIME_H -DHAVE_EPOLL -DHAVE_UNAME 
-DHAVE_UNISTD_H -DHAVE_STRINGS_H -DVERSION=\"2.0.1\" -DVER_MAJOR=2 
-DVER_MINOR=0 -DVER_PATCH=1 -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE 
-Iinclude -DHAVE_ROUTE_LIST -c src/tls/openssl/tls.c -o 
build-x86_64/tls/openssl/tls.o -MD -MF build-x86_64/tls/openssl/tls.d -MT 
build-x86_64/tls/openssl/tls.o
| src/tls/openssl/tls.c: In function ‘tls_set_selfsigned_ec’:
| src/tls/openssl/tls.c:468:9: warning: ‘EC_KEY_new_by_curve_name’ is 
deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
|   468 |         eckey = EC_KEY_new_by_curve_name(eccgrp);
|       |         ^~~~~
| In file included from /usr/include/openssl/x509.h:35,
|                  from /usr/include/openssl/ssl.h:34,
|                  from src/tls/openssl/tls.c:7:
| /usr/include/openssl/ec.h:1017:31: note: declared here
|  1017 | OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_by_curve_name(int nid);
|       |                               ^~~~~~~~~~~~~~~~~~~~~~~~
| src/tls/openssl/tls.c:472:9: warning: ‘EC_KEY_generate_key’ is 
deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
|   472 |         if (!EC_KEY_generate_key(eckey))
|       |         ^~
| /usr/include/openssl/ec.h:1114:27: note: declared here
|  1114 | OSSL_DEPRECATEDIN_3_0 int EC_KEY_generate_key(EC_KEY *key);
|       |                           ^~~~~~~~~~~~~~~~~~~
| src/tls/openssl/tls.c:476:9: warning: ‘EC_KEY_set_asn1_flag’ is 
deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
|   476 |         EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE);
|       |         ^~~~~~~~~~~~~~~~~~~~
| /usr/include/openssl/ec.h:1100:28: note: declared here
|  1100 | OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_asn1_flag(EC_KEY *eckey, int 
asn1_flag);
|       |                            ^~~~~~~~~~~~~~~~~~~~
| src/tls/openssl/tls.c:485:9: warning: ‘EVP_PKEY_set1_EC_KEY’ is 
deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
|   485 |         if (!EVP_PKEY_set1_EC_KEY(key, eckey))
|       |         ^~
| In file included from /usr/include/openssl/x509.h:31:
| /usr/include/openssl/evp.h:1327:5: note: declared here
|  1327 | int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
|       |     ^~~~~~~~~~~~~~~~~~~~
| src/tls/openssl/tls.c:515:17: warning: ‘EC_KEY_free’ is deprecated: Since 
OpenSSL 3.0 [-Wdeprecated-declarations]
|   515 |                 EC_KEY_free(eckey);
|       |                 ^~~~~~~~~~~
| /usr/include/openssl/ec.h:1022:28: note: declared here
|  1022 | OSSL_DEPRECATEDIN_3_0 void EC_KEY_free(EC_KEY *key);
|       |                            ^~~~~~~~~~~
| src/tls/openssl/tls.c: In function ‘tls_set_selfsigned_rsa’:
| src/tls/openssl/tls.c:539:9: warning: ‘RSA_new’ is deprecated: Since 
OpenSSL 3.0 [-Wdeprecated-declarations]
|   539 |         rsa = RSA_new();
|       |         ^~~
| In file included from /usr/include/openssl/x509.h:38:
| /usr/include/openssl/rsa.h:212:28: note: declared here
|   212 | OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void);
|       |                            ^~~~~~~
| src/tls/openssl/tls.c:548:9: warning: ‘RSA_generate_key_ex’ is 
deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
|   548 |         if (!RSA_generate_key_ex(rsa, (int)bits, bn, NULL))
|       |         ^~
| /usr/include/openssl/rsa.h:269:27: note: declared here
|   269 | OSSL_DEPRECATEDIN_3_0 int RSA_generate_key_ex(RSA *rsa, int bits, 
BIGNUM *e,
|       |                           ^~~~~~~~~~~~~~~~~~~
| src/tls/openssl/tls.c:555:9: warning: ‘EVP_PKEY_set1_RSA’ is deprecated: 
Since OpenSSL 3.0 [-Wdeprecated-declarations]
|   555 |         if (!EVP_PKEY_set1_RSA(key, rsa))
|       |         ^~
| /usr/include/openssl/evp.h:1301:5: note: declared here
|  1301 | int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key);
|       |     ^~~~~~~~~~~~~~~~~
| src/tls/openssl/tls.c:591:17: warning: ‘RSA_free’ is deprecated: Since 
OpenSSL 3.0 [-Wdeprecated-declarations]
|   591 |                 RSA_free(rsa);
|       |                 ^~~~~~~~
| /usr/include/openssl/rsa.h:302:28: note: declared here
|   302 | OSSL_DEPRECATEDIN_3_0 void RSA_free(RSA *r);
|       |                            ^~~~~~~~
| src/tls/openssl/tls.c: In function ‘tls_peer_common_name’:
| src/tls/openssl/tls.c:923:9: warning: ‘X509_NAME_get_text_by_NID’ is 
deprecated: Since OpenSSL 4.0 [-Wdeprecated-declarations]
|   923 |         n = X509_NAME_get_text_by_NID(X509_get_subject_name(cert),
|       |         ^
| /usr/include/openssl/x509.h:1041:27: note: declared here
|  1041 | OSSL_DEPRECATEDIN_4_0 int X509_NAME_get_text_by_NID(const X509_NAME 
*name,
|       |                           ^~~~~~~~~~~~~~~~~~~~~~~~~
| src/tls/openssl/tls.c: In function ‘tls_set_verify_server’:
| src/tls/openssl/tls.c:1141:17: warning: ‘SSL_set1_host’ is deprecated: 
Since OpenSSL 4.0 [-Wdeprecated-declarations]
|  1141 |                 if (!SSL_set1_host(tc->ssl, host)) {
|       |                 ^~
| /usr/include/openssl/ssl.h:1922:34: note: declared here
|  1922 | OSSL_DEPRECATEDIN_4_0 __owur int SSL_set1_host(SSL *s, const char 
*host);
|       |                                  ^~~~~~~~~~~~~
| src/tls/openssl/tls.c: In function ‘tls_get_issuer’:
| src/tls/openssl/tls.c:1280:48: error: passing argument 3 of 
‘tls_get_ca_chain_field’ from incompatible pointer type 
[-Wincompatible-pointer-types]
|  1280 |         return tls_get_ca_chain_field(tls, mb, &X509_get_issuer_name,
|       |                                                ^~~~~~~~~~~~~~~~~~~~~
|       |                                                |
|       |                                                const X509_NAME * 
(*)(const X509 *) {aka const struct X509_name_st * (*)(const struct x509_st *)}
| src/tls/openssl/tls.c:1250:30: note: expected ‘X509_NAME * (*)(const X509 
*)’ {aka ‘struct X509_name_st * (*)(const struct x509_st *)’} but 
argument is of type ‘const X509_NAME * (*)(const X509 *)’ {aka ‘const 
struct X509_name_st * (*)(const struct x509_st *)’}
|  1250 |         tls_get_certfield_h *field_getter, unsigned long flags)
|       |         ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~
| /usr/include/openssl/x509.h:860:18: note: ‘X509_get_issuer_name’ declared 
here
|   860 | const X509_NAME *X509_get_issuer_name(const X509 *a);
|       |                  ^~~~~~~~~~~~~~~~~~~~
| src/tls/openssl/tls.c: In function ‘tls_get_subject’:
| src/tls/openssl/tls.c:1298:48: error: passing argument 3 of 
‘tls_get_ca_chain_field’ from incompatible pointer type 
[-Wincompatible-pointer-types]
|  1298 |         return tls_get_ca_chain_field(tls, mb, &X509_get_subject_name,
|       |                                                ^~~~~~~~~~~~~~~~~~~~~~
|       |                                                |
|       |                                                const X509_NAME * 
(*)(const X509 *) {aka const struct X509_name_st * (*)(const struct x509_st *)}
| src/tls/openssl/tls.c:1250:30: note: expected ‘X509_NAME * (*)(const X509 
*)’ {aka ‘struct X509_name_st * (*)(const struct x509_st *)’} but 
argument is of type ‘const X509_NAME * (*)(const X509 *)’ {aka ‘const 
struct X509_name_st * (*)(const struct x509_st *)’}
|  1250 |         tls_get_certfield_h *field_getter, unsigned long flags)
|       |         ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~
| /usr/include/openssl/x509.h:862:18: note: ‘X509_get_subject_name’ 
declared here
|   862 | const X509_NAME *X509_get_subject_name(const X509 *a);
|       |                  ^~~~~~~~~~~~~~~~~~~~~
| make[2]: *** [GNUmakefile:108: build-x86_64/tls/openssl/tls.o] Error 1
| make[2]: Leaving directory '/build/reproducible-path/libre-2.0.1'


Full buildlog
        
https://breakpoint.cc/openssl-rebuild/logs-4/attempted/libre_2.0.1-3_amd64-2026-04-19T08:20:42Z

Sebastian

** Affects: libre (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: libre (Debian)
     Importance: Undecided
         Status: New

** Bug watch added: Debian Bug tracker #1138340
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138340

** Changed in: libre (Debian)
 Remote watch: None => Debian Bug tracker #1138340

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2154887

Title:
  libre: FTBFS with openssl 4.0

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libre/+bug/2154887/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to