The latest Postfix snapshot ebuild: postfix-3.4_pre20181104.ebuild fails to build with LibreSSL-2.8.2. There are some warnings, and then the build terminates with a fatal linking error: x86_64-pc-linux-gnu-gcc -fPIC -I. -I../../include -DHAS_PCRE -DUSE_TLS -DHAS_LMDB -DDEF_SASL_SERVER=\"dovecot\" -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DNO_NIS -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -DU_DISABLE_RENAMING=1 -I/usr/include -DHAS_DEV_URANDOM -DSNAPSHOT -DDEF_SHLIB_DIR=\"/usr/lib64/postfix/\${mail_version}\" -DUSE_DYNAMIC_LIBS -UUSE_DYNAMIC_MAPS -Wmissing-prototypes -Wformat -Wno-comment -O2 -pipe -march=native -mtune=native -Wno-comment -I. -I../../include -DLINUX4 -c smtpd_state.c In file included from smtpd.h:33, from smtpd_chat.c:109: ../../include/tls.h:95: warning: "OPENSSL_VERSION" redefined #define OPENSSL_VERSION SSLEAY_VERSION In file included from /usr/include/openssl/bio.h:69, from /usr/include/openssl/objects.h:959, from ../../include/mail_params.h:21, from smtpd_chat.c:100: /usr/include/openssl/crypto.h:336: note: this is the location of the previous definition #define OPENSSL_VERSION 0 In file included from ../../include/tls_proxy.h:23, from smtpd.c:1202: ../../include/tls.h:95: warning: "OPENSSL_VERSION" redefined #define OPENSSL_VERSION SSLEAY_VERSION In file included from /usr/include/openssl/bio.h:69, from /usr/include/openssl/objects.h:959, from ../../include/mail_params.h:21, from smtpd.c:1172: /usr/include/openssl/crypto.h:336: note: this is the location of the previous definition #define OPENSSL_VERSION 0 In file included from smtpd.h:33, from smtpd_check.c:256: ../../include/tls.h:95: warning: "OPENSSL_VERSION" redefined #define OPENSSL_VERSION SSLEAY_VERSION In file included from /usr/include/openssl/bio.h:69, from /usr/include/openssl/objects.h:959, from ../../include/mail_params.h:21, from smtpd_check.c:229: /usr/include/openssl/crypto.h:336: note: this is the location of the previous definition #define OPENSSL_VERSION 0 Then a little later on: x86_64-pc-linux-gnu-gcc -fPIC -I. -I../../include -DHAS_PCRE -DUSE_TLS -DHAS_LMDB -DDEF_SASL_SERVER=\"dovecot\" -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DNO_NIS -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -DU_DISABLE_RENAMING=1 -I/usr/include -DHAS_DEV_URANDOM -DSNAPSHOT -DDEF_SHLIB_DIR=\"/usr/lib64/postfix/\${mail_version}\" -DUSE_DYNAMIC_LIBS -UUSE_DYNAMIC_MAPS -Wmissing-prototypes -Wformat -Wno-comment -O2 -pipe -march=native -mtune=native -Wno-comment -I. -I../../include -DLINUX4 -Wl,--enable-new-dtags -Wl,-rpath,/usr/lib64/postfix/3.4-20181104 -o smtpd smtpd.o smtpd_token.o smtpd_check.o smtpd_chat.o smtpd_state.o smtpd_peer.o smtpd_sasl_proto.o smtpd_sasl_glue.o smtpd_proxy.o smtpd_xforward.o smtpd_dsn_fix.o smtpd_milter.o smtpd_resolve.o smtpd_expand.o smtpd_haproxy.o ../../lib/libpostfix-master.so ../../lib/libpostfix-tls.so ../../lib/libxsasl.a ../../lib/libmilter.a ../../lib/libpostfix-dns.so ../../lib/libpostfix-global.so ../../lib/libpostfix-util.so -pie -Wl,-O1 -Wl,--as-needed -ldl -lpam -lssl -lcrypto -lsasl2 -llmdb -lpthread -L/usr/lib64 -lpcre -ldb -lnsl -lresolv -ldl -L/usr/lib64 -licui18n -licuuc -licudata /usr/lib/gcc/x86_64-pc-linux-gnu/8.2.0/../../../../x86_64-pc-linux-gnu/bin/ld: ../../lib/libpostfix-tls.so: undefined reference to `SSL_CTX_set_num_tickets' collect2: error: ld returned 1 exit status make: *** [Makefile:85: smtpd] Error 1 make: *** [Makefile:100: update] Error 1 * ERROR: mail-mta/postfix-3.4_pre20181104::gentoo failed (compile phase): * emake failed The previous snapshot builds just fine. The breakage is almost certainly due to this upstream change that went into this snapshot: 20181104 Multiple 'bit rot' fixes for OpenSSL API changes, including support to disable TLSv1.3, to avoid issuing multiple session tickets, and to allow OpenSSL >= 1.1.0 run-time micro version bumps without complaining about library version mismatches. Viktor Dukhovni. Files: proto/postconf.proto, proto/TLS_README.html, tls/tls.h, tls/tls_dane.c, tls/tls_server.c, tls/tls_misc.c I'm raising this bug to track this problem, as this indicates we may need to make some adjustments to the existing libressl patches in order for this and future Postfix snapshots to compile.
Created attachment 555532 [details, diff] Build fix for latest Postfix snapshots with libressl I wrote this very simple patch which fixes the build problem.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8267b1cce057f59ee23f3a20a0a2bfcb8090ad7d commit 8267b1cce057f59ee23f3a20a0a2bfcb8090ad7d Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2018-11-20 05:11:59 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2018-11-20 05:11:59 +0000 mail-mta/postfix: bump to 3.4_pre20181118 fixes libressl build. Thanks to Reuben Farrelly Closes: https://bugs.gentoo.org/670725 Package-Manager: Portage-2.3.51, Repoman-2.3.12 Signed-off-by: Eray Aslan <eras@gentoo.org> mail-mta/postfix/Manifest | 2 +- mail-mta/postfix/files/postfix-libressl-session-tickets.patch | 11 +++++++++++ ...-3.4_pre20181104.ebuild => postfix-3.4_pre20181118.ebuild} | 3 ++- 3 files changed, 14 insertions(+), 2 deletions(-)