Created attachment 560604 [details] mail-mta/netqmail-1.06-r5 build log Build fails with qmail-remote.c:273:24: error: dereferencing pointer to incomplete type 'SSL' {aka 'struct ssl_st'} int state = ssl ? ssl->state : SSL_ST_BEFORE; ^~ qmail-remote.c:273:34: error: 'SSL_ST_BEFORE' undeclared (first use in this function); did you mean 'TLS_ST_BEFORE'? int state = ssl ? ssl->state : SSL_ST_BEFORE; ^~~~~~~~~~~~~ TLS_ST_BEFORE qmail-remote.c:273:34: note: each undeclared identifier is reported only once for each function it appears in qmail-remote.c:274:15: error: 'SSL_ST_OK' undeclared (first use in this function); did you mean 'TLS_ST_OK'? if (state & SSL_ST_OK || (!smtps && state & SSL_ST_BEFORE)) ^~~~~~~~~ TLS_ST_OK qmail-remote.c: In function 'tls_init': qmail-remote.c:502:60: error: dereferencing pointer to incomplete type 'X509_NAME_ENTRY' {aka 'struct X509_name_entry_st'} const ASN1_STRING *s = X509_NAME_get_entry(subj, i)->value; Full log attached. # emerge --info Portage 2.3.54 (python 2.7.15-final-0, default/linux/amd64/17.0/no-multilib/hardened, gcc-8.2.0, glibc-2.28-r4, 4.16.3-gentoo x86_64) ================================================================= System uname: Linux-4.16.3-gentoo-x86_64-AMD_Phenom-tm-_9550_Quad-Core_Processor-with-gentoo-2.6 KiB Mem: 1019300 total, 145800 free KiB Swap: 499500 total, 490148 free Timestamp of repository gentoo: Thu, 10 Jan 2019 02:15:02 +0000 Head commit of repository gentoo: 9e8b679699b36cea1e03cc5eb2956510ab3f67e1 sh bash 4.4_p23 ld GNU ld (Gentoo 2.31.1 p5) 2.31.1 app-shells/bash: 4.4_p23::gentoo dev-lang/perl: 5.26.2::gentoo dev-lang/python: 2.7.15::gentoo, 3.6.6::gentoo dev-util/pkgconfig: 0.29.2::gentoo sys-apps/baselayout: 2.6-r1::gentoo sys-apps/openrc: 0.17::gentoo sys-apps/sandbox: 2.14::gentoo sys-devel/autoconf: 2.69-r4::gentoo sys-devel/automake: 1.16.1-r1::gentoo sys-devel/binutils: 2.31.1-r3::gentoo sys-devel/gcc: 8.2.0-r6::gentoo sys-devel/gcc-config: 2.0::gentoo sys-devel/libtool: 2.4.6-r5::gentoo sys-devel/make: 4.2.1-r4::gentoo sys-kernel/linux-headers: 4.20::gentoo (virtual/os-headers) sys-libs/glibc: 2.28-r4::gentoo Repositories: gentoo location: /usr/portage sync-type: rsync sync-uri: rsync://rsync.europe.gentoo.org/gentoo-portage priority: -1000 sync-rsync-verify-jobs: 1 sync-rsync-verify-metamanifest: yes sync-rsync-extra-opts: sync-rsync-verify-max-age: 24 x-portage location: /usr/local/portage masters: gentoo priority: 0 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -march=amdfam10 -mcx16 -msahf -mpopcnt -mindirect-branch=thunk --param l1-cache-size=64 --param l1-cache-line-size=64 --param l2-cache-size=1024 -mtune=amdfam10" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /var/qmail/alias /var/qmail/control" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -pipe -march=amdfam10 -mcx16 -msahf -mpopcnt -mindirect-branch=thunk --param l1-cache-size=64 --param l1-cache-line-size=64 --param l2-cache-size=1024 -mtune=amdfam10" DISTDIR="/var/cache/http-replicator" ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://gentoo.mneisen.org/ http://gentoo.mirror.pw.edu.pl/ http://gentoo.prz.rzeszow.pl http://mirror.uni-c.dk/pub/gentoo/ http://mirror.mdfnet.se/mirror/gentoo http://ftp.gentoo.bg/ http://distfiles.gentoo.bg/ http://mirrors.ludost.net/gentoo/ http://mirror.hamakor.org.il/pub/mirrors/gentoo/ http://ftp.dei.uc.pt/pub/linux/gentoo/" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="en_GB en_US" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="3dnow 3dnowext acl amd64 bzip2 caps crypt cxx gpm graphite hardened iconv ipv6 libtirpc mmx ncurses nls nptl openmp pam pcre pie readline seccomp sse sse2 sse4a ssl ssp unicode xattr xtpax zlib" ABI_X86="64" CPU_FLAGS_X86="mmx mmxext popcnt sse sse2 sse3 sse4a" ELIBC="glibc" KERNEL="linux" L10N="en_GB en_US" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6 php7-1" POSTGRES_TARGETS="postgres9_5 postgres10" PYTHON_SINGLE_TARGET="python3_6" PYTHON_TARGETS="python2_7 python3_6" QEMU_SOFTMMU_TARGETS="i386 x86_64 ppc64 sparc sparc64" QEMU_USER_TARGETS="i386 x86_64 ppc64 sparc sparc64" RUBY_TARGETS="ruby24" USERLAND="GNU" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
From https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes: "All structures in libssl public header files have been removed so that they are "opaque" to library users. You should use the provided accessor functions instead" So I looked up those functions there: https://www.openssl.org/docs/man1.1.1/man3/SSL_get_state.html https://www.openssl.org/docs/man1.1.0/crypto/X509_NAME_ENTRY_get_object.html https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_info_callback.html https://www.openssl.org/docs/man1.1.1/man3/SSL_set_connect_state.html Since this effectively involves patching the netqmail-1.05-tls-smtpauth-20070417.patch, I provided the changes in three ways: - netqmail-1.05-tls-smtpauth-20070417.patch.patch is a patch for the patch - netqmail-1.05-tls-smtpauth-20160114.patch is a standalone patch that could replace netqmail-1.05-tls-smtpauth-20070417.patch - netqmail-1.06-openssl-1.1.patch is a subsequent patch to be applied on top of netqmail-1.05-tls-smtpauth-20070417.patch I wouldn't call myself confident enough in C or OpenSSL code to assume I did everything right, so I would love some feedback. Unfortunately I don't have a test environment to check the handling of bad certificates right now. Operation in a correctly working environment (my machines) seems to work fine though.
Created attachment 561152 [details, diff] a patch for netqmail-1.05-tls-smtpauth-20070417.patch
Created attachment 561154 [details, diff] a standalone patch that could replace netqmail-1.05-tls-smtpauth-20070417.patch
Created attachment 561156 [details, diff] a subsequent patch to be applied on top of netqmail-1.05-tls-smtpauth-20070417.patch
(In reply to Alexander Hof from comment #1) > - netqmail-1.05-tls-smtpauth-20160114.patch is a standalone patch that > could replace netqmail-1.05-tls-smtpauth-20070417.patch Typo in the file name, should be netqmail-1.05-tls-smtpauth-20190114.patch
Created attachment 561158 [details, diff] a standalone patch that could replace netqmail-1.05-tls-smtpauth-20070417.patch Typo in the file name of previous patch.
I maintain a mirror with check sums here: https://mirror.alexh.name/qmail/netqmail/
I also wrote Frederik Vermeulen (maintainer of the original TLS patch) to consider including the changes to his line of patches (http://inoa.net/qmail-tls/).
(In reply to Alexander Hof from comment #8) > I also wrote Frederik Vermeulen (maintainer of the original TLS patch) to > consider including the changes to his line of patches > (http://inoa.net/qmail-tls/). Upstream for the patch Frederik Vermeulen incorporated my and other's contributions in an updated patch: http://inoa.net/qmail-tls/netqmail-1.06-tls-20190322.patch
Created attachment 576818 [details] The Manifest file includes the netqmail-1.05-tls-smtpauth-20190114.patch Replaced the netqmail-1.05-tls-smtpauth-20070417.patch file with new patch file netqmail-1.05-tls-smtpauth-20190114.patch in the Manifest file, file size, hashes, all there. This 20190114 patch is from Alexander Hof's mirror site mentioned in his comment.
Created attachment 576820 [details] Updated ebuild file for netqmail-1.06-r5 The source uri of the new patch, netqmail-1.05-tls-smtpauth-20190114.patch, is pointing to Alexander Hof's mirror site mentioned in his comment. Use with the Manifest file in prior attachment. Download the Manifest file and this file to your local portage folder, namely /usr/portage/mail-mta/netqmail, and emerge netqmail as usual, emerge should be completed without any problem. This is a personal modification work, use at your own risk.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4ab807c5baec32dccd38be6872256dc66c98cfc commit c4ab807c5baec32dccd38be6872256dc66c98cfc Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2019-07-13 07:58:13 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2019-07-13 07:58:49 +0000 mail-mta/netqmail: new revision with openssl 1.1 compat Add updated patches that ensure compatibility with openssl 1.1.x. Based on patches by Alexander Hof and ebuild by Yida Zhang. Fixes: https://bugs.gentoo.org/675060 Signed-off-by: Hans de Graaff <graaff@gentoo.org> Package-Manager: Portage-2.3.66, Repoman-2.3.11 mail-mta/netqmail/netqmail-1.06-r6.ebuild | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
Alexander, Yida, I've added a new ebuild revision based on your work. It would be great if the ebuild could be reworked to include Frederik Vermeulen's most recent patches instead, but that looked non-trivial and since I don't use netqmail I'd rather not make changes that are too invasive.
(In reply to Hans de Graaff from comment #13) > Alexander, Yida, I've added a new ebuild revision based on your work. It > would be great if the ebuild could be reworked to include Frederik > Vermeulen's most recent patches instead, but that looked non-trivial and > since I don't use netqmail I'd rather not make changes that are too invasive. I just started work on basing the combined tls+auth patch on Vermeulen's most recent patch (20190517) and will create a pull request. I also looked into reworking the ebuild so that Vermeulen's patches could be applied directly by the build process, but this is indeed non-trivial, because they do not apply cleanly anymore on top of the auth patch (http://www.fehcom.de/qmail/smtpauth.html##PATCHES).
I have an updated patch now at https://mirror.alexh.name/qmail/netqmail/netqmail-1.05-tls-smtpauth-20190517.patch, however patch qmail-smtputf8.patch fails now. Will add the output as new attachment.
Created attachment 589470 [details] Failed patch on top of updated tls+auth patch
