Bug#828466: opendkim: FTBFS with openssl 1.1.0

2016-10-27 Thread Scott Kitterman 
On Thursday, October 27, 2016 09:55:03 PM Sebastian Andrzej Siewior wrote:
> Control: tags - patch
> 
> builds. Further testing is welcome.

Thanks.  I think this will do.  Here's what I did:

I re-enabled the test suite (it has about 5% random errors, so it's not run 
routinely) and tested both 2.10.3 from unstable and 2.11.0 Alpha 1 from 
experimental both with and without the patch with openssl 1.0.2 and with the 
patch with 1.1.0.

The test suite error is always:

lt-opendkim: opendkim.c:5901: dkimf_config_free: Assertion `conf->conf_refcnt 
== 0' failed.

It shows up in a different test each time.  I am convinced it can't be 
anything other than a testism because if it blew up that often for real, I'd 
be drowning in bug reports.

Based on that testing, I'm convinced this works with both openssl versions and 
will apply it to the next upload (that I'm currently preparing).  I appreciate 
both the patch and your willingness to send it upstream.

Scott K

Bug#828466: opendkim: FTBFS with openssl 1.1.0

2016-10-27 Thread Sebastian Andrzej Siewior 
Control: tags - patch

builds. Further testing is welcome.

Sebastian
>From f6afa6be81eae0b149ad18a0642c67e75b148c69 Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior 
Date: Thu, 27 Oct 2016 19:43:15 +
Subject: [PATCH] opendkim: port to openssl 1.1.0

In configure.ac AC_SEARCH_LIBS([SSL_library_init]) does not work as
expected because openssl 1.1.0 does not provide this function anymore.
Instead it is a macro pointing to another function so we need the
header file for this to work. Therefore it is replaced with
AC_LINK_IFELSE() where it is possible to add a header file.

OPENSSL_thread_stop() shouldn't be required. As of openssl 1.1.0 thread
managements is different and those function shouldn't be required
because openssl takes care of it. As per "NOTES" is is said, that it
might be requiired for staticaly linked code.

Signed-off-by: Sebastian Andrzej Siewior 
---
 configure.ac   | 40 +---
 opendkim/opendkim-crypto.c |  8 
 2 files changed, 29 insertions(+), 19 deletions(-)

diff --git a/configure.ac b/configure.ac
index 0370d43..0eec798 100644
--- a/configure.ac
+++ b/configure.ac
@@ -860,26 +860,28 @@ then
 	AC_SEARCH_LIBS([ERR_peek_error], [crypto], ,
 	   AC_MSG_ERROR([libcrypto not found]))
 
-	AC_SEARCH_LIBS([SSL_library_init], [ssl], ,
-		[
-			if test x"$enable_shared" = x"yes"
-			then
-AC_MSG_ERROR([Cannot build shared opendkim
-  against static openssl libraries.
-  Configure with --disable-shared
-  to get this working or obtain a
-  shared libssl library for
-  opendkim to use.])
-			fi
 
-			# avoid caching issue - last result of SSL_library_init
-			# shouldn't be cached for this next check
-			unset ac_cv_search_SSL_library_init
-			LIBCRYPTO_LIBS="$LIBCRYPTO_LIBS -ldl"
-			AC_SEARCH_LIBS([SSL_library_init], [ssl], ,
-			   AC_MSG_ERROR([libssl not found]), [-ldl])
-		]
-	)
+	AC_LINK_IFELSE(
+		   [AC_LANG_PROGRAM([[#include ]],
+	[[SSL_library_init();]])],
+	[od_have_ossl="yes";],
+	[od_have_ossl="no";])
+	if test x"$od_have_ossl" = x"no"
+	then
+		if test x"$enable_shared" = x"yes"
+		then
+			AC_MSG_ERROR([Cannot build shared opendkim
+			  against static openssl libraries.
+			  Configure with --disable-shared
+			  to get this working or obtain a
+			  shared libssl library for
+			  opendkim to use.])
+		fi
+
+		LIBCRYPTO_LIBS="$LIBCRYPTO_LIBS -ldl"
+		AC_SEARCH_LIBS([SSL_library_init], [ssl], ,
+		   AC_MSG_ERROR([libssl not found]), [-ldl])
+	fi
 
 	AC_CHECK_DECL([SHA256_DIGEST_LENGTH],
   AC_DEFINE([HAVE_SHA256], 1,
diff --git a/opendkim/opendkim-crypto.c b/opendkim/opendkim-crypto.c
index d78426d..ba82789 100644
--- a/opendkim/opendkim-crypto.c
+++ b/opendkim/opendkim-crypto.c
@@ -222,7 +222,11 @@ dkimf_crypto_free_id(void *ptr)
 	{
 		assert(pthread_setspecific(id_key, ptr) == 0);
 
+#if OPENSSL_VERSION_NUMBER >= 0x1010
+		OPENSSL_thread_stop();
+#else
 		ERR_remove_state(0);
+#endif
 
 		free(ptr);
 
@@ -392,11 +396,15 @@ dkimf_crypto_free(void)
 {
 	if (crypto_init_done)
 	{
+#if OPENSSL_VERSION_NUMBER >= 0x1010
+		OPENSSL_thread_stop();
+#else
 		CRYPTO_cleanup_all_ex_data();
 		CONF_modules_free();
 		EVP_cleanup();
 		ERR_free_strings();
 		ERR_remove_state(0);
+#endif
 
 		if (nmutexes > 0)
 		{
-- 
2.10.1

Bug#828466: opendkim: FTBFS with openssl 1.1.0

2016-06-26 Thread Kurt Roeckx 
Source: opendkim
Version: 2.10.3-4
Severity: important
Control: block 827061 by -1

Hi,

OpenSSL 1.1.0 is about to released.  During a rebuild of all packages using
OpenSSL this package fail to build.  A log of that build can be found at:
https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/opendkim_2.10.3-4_amd64-20160529-1459

On https://wiki.openssl.org/index.php/1.1_API_Changes you can see various of the
reasons why it might fail.  There are also updated man pages at
https://www.openssl.org/docs/manmaster/ that should contain useful information.

There is a libssl-dev package available in experimental that contains a recent
snapshot, I suggest you try building against that to see if everything works.

If you have problems making things work, feel free to contact us.


Kurt