Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 675060

Summary: mail-mta/netqmail-1.06-r5 fails to build against dev-libs/openssl-1.1.0j
Product: Gentoo Linux Reporter: Roy Bamford <neddyseagoon>
Component: Current packagesAssignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed>
Status: RESOLVED FIXED    
Severity: normal CC: gentoobugs, graaff, mike, net-mail+disabled
Priority: Normal Keywords: PATCH
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 592438    
Attachments: mail-mta/netqmail-1.06-r5 build log
a patch for netqmail-1.05-tls-smtpauth-20070417.patch
a standalone patch that could replace netqmail-1.05-tls-smtpauth-20070417.patch
a subsequent patch to be applied on top of netqmail-1.05-tls-smtpauth-20070417.patch
a standalone patch that could replace netqmail-1.05-tls-smtpauth-20070417.patch
The Manifest file includes the netqmail-1.05-tls-smtpauth-20190114.patch
Updated ebuild file for netqmail-1.06-r5
Failed patch on top of updated tls+auth patch

Description Roy Bamford gentoo-dev 2019-01-10 09:18:17 UTC
Created attachment 560604 [details]
mail-mta/netqmail-1.06-r5 build log

Build fails with 
qmail-remote.c:273:24: error: dereferencing pointer to incomplete type 'SSL' {aka 'struct ssl_st'}
   int state = ssl ? ssl->state : SSL_ST_BEFORE;
                        ^~
qmail-remote.c:273:34: error: 'SSL_ST_BEFORE' undeclared (first use in this function); did you mean 'TLS_ST_BEFORE'?
   int state = ssl ? ssl->state : SSL_ST_BEFORE;
                                  ^~~~~~~~~~~~~
                                  TLS_ST_BEFORE
qmail-remote.c:273:34: note: each undeclared identifier is reported only once for each function it appears in
qmail-remote.c:274:15: error: 'SSL_ST_OK' undeclared (first use in this function); did you mean 'TLS_ST_OK'?
   if (state & SSL_ST_OK || (!smtps && state & SSL_ST_BEFORE))
               ^~~~~~~~~
               TLS_ST_OK
qmail-remote.c: In function 'tls_init':
qmail-remote.c:502:60: error: dereferencing pointer to incomplete type 'X509_NAME_ENTRY' {aka 'struct X509_name_entry_st'}
         const ASN1_STRING *s = X509_NAME_get_entry(subj, i)->value;

Full log attached.

# emerge --info
Portage 2.3.54 (python 2.7.15-final-0, default/linux/amd64/17.0/no-multilib/hardened, gcc-8.2.0, glibc-2.28-r4, 4.16.3-gentoo x86_64)
=================================================================
System uname: Linux-4.16.3-gentoo-x86_64-AMD_Phenom-tm-_9550_Quad-Core_Processor-with-gentoo-2.6
KiB Mem:     1019300 total,    145800 free
KiB Swap:     499500 total,    490148 free
Timestamp of repository gentoo: Thu, 10 Jan 2019 02:15:02 +0000
Head commit of repository gentoo: 9e8b679699b36cea1e03cc5eb2956510ab3f67e1
sh bash 4.4_p23
ld GNU ld (Gentoo 2.31.1 p5) 2.31.1
app-shells/bash:          4.4_p23::gentoo
dev-lang/perl:            5.26.2::gentoo
dev-lang/python:          2.7.15::gentoo, 3.6.6::gentoo
dev-util/pkgconfig:       0.29.2::gentoo
sys-apps/baselayout:      2.6-r1::gentoo
sys-apps/openrc:          0.17::gentoo
sys-apps/sandbox:         2.14::gentoo
sys-devel/autoconf:       2.69-r4::gentoo
sys-devel/automake:       1.16.1-r1::gentoo
sys-devel/binutils:       2.31.1-r3::gentoo
sys-devel/gcc:            8.2.0-r6::gentoo
sys-devel/gcc-config:     2.0::gentoo
sys-devel/libtool:        2.4.6-r5::gentoo
sys-devel/make:           4.2.1-r4::gentoo
sys-kernel/linux-headers: 4.20::gentoo (virtual/os-headers)
sys-libs/glibc:           2.28-r4::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://rsync.europe.gentoo.org/gentoo-portage
    priority: -1000
    sync-rsync-verify-jobs: 1
    sync-rsync-verify-metamanifest: yes
    sync-rsync-extra-opts: 
    sync-rsync-verify-max-age: 24

x-portage
    location: /usr/local/portage
    masters: gentoo
    priority: 0

ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=amdfam10 -mcx16 -msahf -mpopcnt -mindirect-branch=thunk            --param l1-cache-size=64 --param l1-cache-line-size=64 --param l2-cache-size=1024 -mtune=amdfam10"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /var/qmail/alias /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -pipe -march=amdfam10 -mcx16 -msahf -mpopcnt -mindirect-branch=thunk            --param l1-cache-size=64 --param l1-cache-line-size=64 --param l2-cache-size=1024 -mtune=amdfam10"
DISTDIR="/var/cache/http-replicator"
ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://gentoo.mneisen.org/                  http://gentoo.mirror.pw.edu.pl/                  http://gentoo.prz.rzeszow.pl                  http://mirror.uni-c.dk/pub/gentoo/                  http://mirror.mdfnet.se/mirror/gentoo                  http://ftp.gentoo.bg/                  http://distfiles.gentoo.bg/                  http://mirrors.ludost.net/gentoo/                  http://mirror.hamakor.org.il/pub/mirrors/gentoo/                  http://ftp.dei.uc.pt/pub/linux/gentoo/"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="en_GB en_US"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="3dnow 3dnowext acl amd64 bzip2 caps crypt cxx gpm graphite hardened iconv ipv6 libtirpc mmx ncurses nls nptl openmp pam pcre pie readline seccomp sse sse2 sse4a ssl ssp unicode xattr xtpax zlib" ABI_X86="64" CPU_FLAGS_X86="mmx mmxext popcnt sse sse2 sse3 sse4a" ELIBC="glibc" KERNEL="linux" L10N="en_GB en_US" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6 php7-1" POSTGRES_TARGETS="postgres9_5 postgres10" PYTHON_SINGLE_TARGET="python3_6" PYTHON_TARGETS="python2_7 python3_6" QEMU_SOFTMMU_TARGETS="i386 x86_64 ppc64 sparc sparc64" QEMU_USER_TARGETS="i386 x86_64 ppc64 sparc sparc64" RUBY_TARGETS="ruby24" USERLAND="GNU" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Alexander Hof 2019-01-14 20:23:55 UTC
From https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes:
"All structures in libssl public header files have been removed so that they are "opaque" to library users. You should use the provided accessor functions instead"

So I looked up those functions there:
https://www.openssl.org/docs/man1.1.1/man3/SSL_get_state.html
https://www.openssl.org/docs/man1.1.0/crypto/X509_NAME_ENTRY_get_object.html
https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_info_callback.html
https://www.openssl.org/docs/man1.1.1/man3/SSL_set_connect_state.html

Since this effectively involves patching the netqmail-1.05-tls-smtpauth-20070417.patch, I provided the changes in three ways:
  - netqmail-1.05-tls-smtpauth-20070417.patch.patch is a patch for the patch
  - netqmail-1.05-tls-smtpauth-20160114.patch is a standalone patch that could replace netqmail-1.05-tls-smtpauth-20070417.patch
  - netqmail-1.06-openssl-1.1.patch is a subsequent patch to be applied on top of netqmail-1.05-tls-smtpauth-20070417.patch

I wouldn't call myself confident enough in C or OpenSSL code to assume I did everything right, so I would love some feedback.
Unfortunately I don't have a test environment to check the handling of bad certificates right now. Operation in a correctly working environment (my machines) seems to work fine though.
Comment 2 Alexander Hof 2019-01-14 20:25:05 UTC
Created attachment 561152 [details, diff]
a patch for netqmail-1.05-tls-smtpauth-20070417.patch
Comment 3 Alexander Hof 2019-01-14 20:25:52 UTC
Created attachment 561154 [details, diff]
a standalone patch that could replace netqmail-1.05-tls-smtpauth-20070417.patch
Comment 4 Alexander Hof 2019-01-14 20:26:27 UTC
Created attachment 561156 [details, diff]
a subsequent patch to be applied on top of netqmail-1.05-tls-smtpauth-20070417.patch
Comment 5 Alexander Hof 2019-01-14 20:41:22 UTC
(In reply to Alexander Hof from comment #1)
>   - netqmail-1.05-tls-smtpauth-20160114.patch is a standalone patch that
> could replace netqmail-1.05-tls-smtpauth-20070417.patch

Typo in the file name, should be netqmail-1.05-tls-smtpauth-20190114.patch
Comment 6 Alexander Hof 2019-01-14 20:42:18 UTC
Created attachment 561158 [details, diff]
a standalone patch that could replace netqmail-1.05-tls-smtpauth-20070417.patch

Typo in the file name of previous patch.
Comment 7 Alexander Hof 2019-01-14 20:46:06 UTC
I maintain a mirror with check sums here:
https://mirror.alexh.name/qmail/netqmail/
Comment 8 Alexander Hof 2019-01-15 13:57:15 UTC
I also wrote Frederik Vermeulen (maintainer of the original TLS patch) to consider including the changes to his line of patches (http://inoa.net/qmail-tls/).
Comment 9 Alexander Hof 2019-04-02 15:30:07 UTC
(In reply to Alexander Hof from comment #8)
> I also wrote Frederik Vermeulen (maintainer of the original TLS patch) to
> consider including the changes to his line of patches
> (http://inoa.net/qmail-tls/).

Upstream for the patch Frederik Vermeulen incorporated my and other's contributions in an updated patch: http://inoa.net/qmail-tls/netqmail-1.06-tls-20190322.patch
Comment 10 Yida Zhang 2019-05-16 01:01:01 UTC
Created attachment 576818 [details]
The Manifest file includes the netqmail-1.05-tls-smtpauth-20190114.patch

Replaced the netqmail-1.05-tls-smtpauth-20070417.patch file with new patch file netqmail-1.05-tls-smtpauth-20190114.patch in the Manifest file, file size, hashes, all there. This 20190114 patch is from Alexander Hof's mirror site mentioned in his comment.
Comment 11 Yida Zhang 2019-05-16 01:05:36 UTC
Created attachment 576820 [details]
Updated ebuild file for netqmail-1.06-r5

The source uri of the new patch, netqmail-1.05-tls-smtpauth-20190114.patch, is pointing to Alexander Hof's mirror site mentioned in his comment.
Use with the Manifest file in prior attachment. Download the Manifest file and this file to your local portage folder, namely /usr/portage/mail-mta/netqmail, and emerge netqmail as usual, emerge should be completed without any problem.
This is a personal modification work, use at your own risk.
Comment 12 Larry the Git Cow gentoo-dev 2019-07-13 07:59:24 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4ab807c5baec32dccd38be6872256dc66c98cfc

commit c4ab807c5baec32dccd38be6872256dc66c98cfc
Author:     Hans de Graaff <graaff@gentoo.org>
AuthorDate: 2019-07-13 07:58:13 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2019-07-13 07:58:49 +0000

    mail-mta/netqmail: new revision with openssl 1.1 compat
    
    Add updated patches that ensure compatibility with openssl 1.1.x.
    Based on patches by Alexander Hof and ebuild by Yida Zhang.
    
    Fixes: https://bugs.gentoo.org/675060
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>
    Package-Manager: Portage-2.3.66, Repoman-2.3.11

 mail-mta/netqmail/netqmail-1.06-r6.ebuild | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
Comment 13 Hans de Graaff gentoo-dev Security 2019-07-13 08:01:26 UTC
Alexander, Yida, I've added a new ebuild revision based on your work. It would be great if the ebuild could be reworked to include Frederik Vermeulen's most recent patches instead, but that looked non-trivial and since I don't use netqmail I'd rather not make changes that are too invasive.
Comment 14 Alexander Hof 2019-09-08 15:19:46 UTC
(In reply to Hans de Graaff from comment #13)
> Alexander, Yida, I've added a new ebuild revision based on your work. It
> would be great if the ebuild could be reworked to include Frederik
> Vermeulen's most recent patches instead, but that looked non-trivial and
> since I don't use netqmail I'd rather not make changes that are too invasive.

I just started work on basing the combined tls+auth patch on Vermeulen's most recent patch (20190517) and will create a pull request. I also looked into reworking the ebuild so that Vermeulen's patches could be applied directly by the build process, but this is indeed non-trivial, because they do not apply cleanly anymore on top of the auth patch (http://www.fehcom.de/qmail/smtpauth.html##PATCHES).
Comment 15 Alexander Hof 2019-09-08 16:35:48 UTC
I have an updated patch now at https://mirror.alexh.name/qmail/netqmail/netqmail-1.05-tls-smtpauth-20190517.patch, however patch qmail-smtputf8.patch fails now. Will add the output as new attachment.
Comment 16 Alexander Hof 2019-09-08 16:36:52 UTC
Created attachment 589470 [details]
Failed patch on top of updated tls+auth patch