The fetchmail ebuild depends on dev-libs/openssl if either the ssl or kerberos use flags are set. Please update the ebuild to allow use with libressl. Fetchmail works without a patch for dev-libs/libressl-2.2* however >=dev-libs/libressl-2.3.0 removed ssl3 support and requires a patch to compile. Upstream as fixed the issue in git but has not had a release since. Refer to commits: http://sourceforge.net/p/fetchmail/git/ci/a2ae6f8d15d7caf815d7bdd13df833fd1b2af5cc/ http://sourceforge.net/p/fetchmail/git/ci/e6340bf8226c37fc35d41e69348714cba1d7baf5/ This commits also allow operation with openssl build without ssl3 support. Reproducible: Always
Created attachment 424202 [details, diff] fetchmail-6.3.26-libressl.patch I have back ported the two upstream commits to 6.3.26 (latest release) with this patch.
Created attachment 424204 [details, diff] fetchmail.ebuild.diff diff of net-mail/fetchmail-6.3.26-r2.ebuild to add libressl use flag, contengent dev-libs/libressl dependancy and apply the attached patch.
Any issues about merging the patches?
I just verified that this same patch still works for 6.3.26-r3 after changing the version in the ebuild patch.
Hi. Is there any update on this, any problem? I had to manually apply the same kind of patches discussed here on my fetchmail-6.3.26-r3 to be able to use SSL with libressl.
Stephane, I am glad you were able to use my patch successfully. Unfortunately, it does not appear that the patch has been merged into portage. However, I was able to get it added to the libressl overlay: https://github.com/gentoo/libressl. With that overlay you don't have to add the patches by hand. You can add the overlay to your system by first ensuring you have layman installed: emerge --ask layman and then adding the overlay: layman --add libressl Every so often you will need to sync the overlay to get updated ebuilds with: layman --sync libressl or layman --sync-all
Hi maurerpe, The patch I applied wasn't yours but a part of another one I found before finding yours, but anyway they do almost the same thing. Fetchmail is not a very fast moving target (to say the least), so my poor man ebuild will be enough for a while, I guess :-) Now that I've learned to copy and modify ebuilds into a local tree, that's much easier than I thought it was. My post was mostly intended to ping and wake up the maintainer, know if he encountered specific problem with the patch, and show that one more guy ran into this concern and had to find a workaround. Thanks for your efforts.
Since OpenSSL 1.1 removes SSLv3, this issue now impacts users with OpenSSL >=1.1. Ttested with net-mail/fetchmail-6.3.26-r3 which fails with the error "undefined reference to `SSLv3_client_method'".
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b8bc9045644c9e0bb9c6a648bd491dcf8c157f9b commit b8bc9045644c9e0bb9c6a648bd491dcf8c157f9b Author: Craig Andrews <candrews@gentoo.org> AuthorDate: 2018-10-26 18:00:12 +0000 Commit: Craig Andrews <candrews@gentoo.org> CommitDate: 2018-10-26 18:07:51 +0000 net-mail/fetchmail: libressl and OpenSSL 1.1 support, EAPI=7 Closes: https://bugs.gentoo.org/573352 Signed-off-by: Craig Andrews <candrews@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 net-mail/fetchmail/fetchmail-6.3.26-r4.ebuild | 109 +++++++++++++++++++ .../files/fetchmail-6.3.26-libressl.patch | 117 +++++++++++++++++++++ 2 files changed, 226 insertions(+)
