Re: OpenSMTPD build on OpenSSL 1.1.x
On 8/14/19 3:43 PM, Harald Dunkel wrote: > > This is Debian sid (amd64), including openssl version 1.1.1c . > Here is the list of packages providing shared objects for smtpd: > > ||/ Name VersionArchitecture Description > +++--==--=== > ii libasr0 1.0.2-2+b1 amd64asynchronous DNS > resolver > ii libaudit1:amd64 1:2.8.5-2 amd64Dynamic library for > security auditing > ii libc6:amd64 2.28-10amd64GNU C Library: > Shared libraries > ii libcap-ng0:amd64 0.7.9-2amd64An alternate POSIX > capabilities library > ii libdb5.3:amd64 5.3.28+dfsg1-0.6 amd64Berkeley v5.3 > Database Libraries [runtime] > ii libevent-2.1-6:amd64 2.1.8-stable-4 amd64Asynchronous event > notification library > ii libpam0g:amd64 1.3.1-5amd64Pluggable > Authentication Modules library > ii libssl1.1:amd64 1.1.1c-1 amd64Secure Sockets Layer > toolkit - shared libraries > ii zlib1g:amd64 1:1.2.11.dfsg-1+b1 amd64compression library > - runtime > PS: compiler version: {harri@cecil:~ (master) 502} gcc -v Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/8/lto-wrapper OFFLOAD_TARGET_NAMES=nvptx-none OFFLOAD_TARGET_DEFAULT=1 Target: x86_64-linux-gnu Configured with: ../src/configure -v --with-pkgversion='Debian 8.3.0-19' --with-bugurl=file:///usr/share/doc/gcc-8/README.Bugs --enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++ --prefix=/usr --with-gcc-major-version-only --program-suffix=-8 --program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --enable-bootstrap --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-libmpx --enable-plugin --enable-default-pie --with-system-zlib --with-target-system-zlib --enable-objc-gc=auto --enable-multiarch --disable-werror --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-offload-targets=nvptx-none --without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu --with-build-config=bootstrap-lto --enable-link-mutex Thread model: posix gcc version 8.3.0 (Debian 8.3.0-19) Regards Harri
Re: OpenSMTPD build on OpenSSL 1.1.x
> > ../../smtpd/ca.c: In function 'ca_X509_verify': > ../../smtpd/ca.c:204:47: error: dereferencing pointer to incomplete type > 'X509_STORE_CTX' {aka 'struct x509_store_ctx_st'} > 204 |*errstr = X509_verify_cert_error_string(xsc->error); > This can be fixed in "smtpd/ca.c" with: - *errstr = X509_verify_cert_error_string(xsc->error); + *errstr = X509_verify_cert_error_string(X509_STORE_CTX_get_error(xsc)); But as for rsae-specific, it should be more complicated. I remember an old openssl-1.1.x compat patch, where RSA methods were explicitly defined. --- wbr, Denis.
Re: OpenSMTPD build on OpenSSL 1.1.x
Hello Gilles, Tried to rebuild on Fedora 30, but got compile errors (providing below with warnings in case if you find them useful): --- < cut here > --- gcc -DHAVE_CONFIG_H -I. -I../.. -I../../smtpd -I../../openbsd-compat -I../../openbsd-compat/err_h -I../../openbsd-compat/paths_h -I. -I/usr/include -DSMTPD_CONFDIR=\"/etc/opensmtpd\" -DPATH_CHROOT=\"/var/empty/smtpd\" -DPATH_SMTPCTL=\"/usr/sbin/smtpctl\" -DPATH_MAILLOCAL=\"/usr/libexec/opensmtpd/mail.local\" -DPATH_LIBEXEC=\"/usr/libexec/opensmtpd\" -DHAVE_CONFIG_H -DIO_SSL -DCA_FILE=\"/etc/pki/tls/cert.pem\" -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fPIC -DPIC -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -fno-builtin-memset -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE -DNEED_EVENT_ASR_RUN -c -o ../../smtpd/smtpd-ca.o `test -f '../../smtpd/ca.c' || echo './'`../../smtpd/ca.c ../../smtpd/aliases.c: In function 'aliases_get': ../../smtpd/aliases.c:56:23: warning: variable 'userbase' set but not used [-Wunused-but-set-variable] 56 | struct table*userbase = NULL; | ^~~~ ../../smtpd/aliases.c: In function 'aliases_virtual_get': ../../smtpd/aliases.c:114:23: warning: variable 'userbase' set but not used [-Wunused-but-set-variable] 114 | struct table*userbase = NULL; | ^~~~ gcc -DHAVE_CONFIG_H -I. -I../.. -I../../smtpd -I../../openbsd-compat -I../../openbsd-compat/err_h -I../../openbsd-compat/paths_h -I. -I/usr/include -DSMTPD_CONFDIR=\"/etc/opensmtpd\" -DPATH_CHROOT=\"/var/empty/smtpd\" -DPATH_SMTPCTL=\"/usr/sbin/smtpctl\" -DPATH_MAILLOCAL=\"/usr/libexec/opensmtpd/mail.local\" -DPATH_LIBEXEC=\"/usr/libexec/opensmtpd\" -DHAVE_CONFIG_H -DIO_SSL -DCA_FILE=\"/etc/pki/tls/cert.pem\" -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fPIC -DPIC -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -fno-builtin-memset -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE -DNEED_EVENT_ASR_RUN -c -o ../../smtpd/smtpd-compress_backend.o `test -f '../../smtpd/compress_backend.c' || echo './'`../../smtpd/compress_backend.c ../../smtpd/ca.c: In function 'ca_X509_verify': ../../smtpd/ca.c:204:47: error: dereferencing pointer to incomplete type 'X509_STORE_CTX' {aka 'struct x509_store_ctx_st'} 204 |*errstr = X509_verify_cert_error_string(xsc->error); | ^~ ../../smtpd/ca.c: At top level: ../../smtpd/ca.c:307:1: error: variable 'rsae_method' has initializer but incomplete type 307 | static RSA_METHOD rsae_method = { | ^~ ../../smtpd/ca.c:308:2: warning: excess elements in struct initializer 308 | "RSA privsep engine", | ^~~~ ../../smtpd/ca.c:308:2: note: (near initialization for 'rsae_method') ../../smtpd/ca.c:309:2: warning: excess elements in struct initializer 309 | rsae_pub_enc, | ^~~~ ../../smtpd/ca.c:309:2: note: (near initialization for 'rsae_method') ../../smtpd/ca.c:310:2: warning: excess elements in struct initializer 310 | rsae_pub_dec, | ^~~~ ../../smtpd/ca.c:310:2: note: (near initialization for 'rsae_method') ../../smtpd/ca.c:311:2: warning: excess elements in struct initializer 311 | rsae_priv_enc, | ^ ../../smtpd/ca.c:311:2: note: (near initialization for 'rsae_method') ../../smtpd/ca.c:312:2: warning: excess elements in struct initializer 312 | rsae_priv_dec, | ^ ../../smtpd/ca.c:312:2: note: (near initialization for 'rsae_method') ../../smtpd/ca.c:313:2: warning: excess elements in struct initializer 313 | rsae_mod_exp, | ^~~~ ../../smtpd/ca.c:313:2: note: (near initialization for 'rsae_method') ../../smtpd/ca.c:314:2: warning: excess elements in struct initializer 314 | rsae_bn_mod_exp, | ^~~ ../../smtpd/ca.c:314:2: note: (near initialization for 'rsae_method') ../../smtpd/ca.c:315:2: warning: excess elements in struct initializer 315 | rsae_init, | ^ ../../smtpd/ca.c:315:2: note: (near initialization for 'rsae_method') ../../smtpd/ca.c:316:2: warning: excess elements in struct initializer 316 | rsae_finish, | ^~~
Re: OpenSMTPD build on OpenSSL 1.1.x
On 8/13/19 9:02 PM, gil...@poolp.org wrote: > 13 août 2019 12:35 "Harald Dunkel" a écrit: > >> >> Surely I don't have a highly complex EMail configuration, but >> the new version is running on my MTA and the nullclients since >> Aug 7th: No issues by now, AFAICT. Cool. >> > > Care to mention what system you are using ? :-) > This is Debian sid (amd64), including openssl version 1.1.1c . Here is the list of packages providing shared objects for smtpd: ||/ Name VersionArchitecture Description +++--==--=== ii libasr0 1.0.2-2+b1 amd64asynchronous DNS resolver ii libaudit1:amd64 1:2.8.5-2 amd64Dynamic library for security auditing ii libc6:amd64 2.28-10amd64GNU C Library: Shared libraries ii libcap-ng0:amd64 0.7.9-2amd64An alternate POSIX capabilities library ii libdb5.3:amd64 5.3.28+dfsg1-0.6 amd64Berkeley v5.3 Database Libraries [runtime] ii libevent-2.1-6:amd64 2.1.8-stable-4 amd64Asynchronous event notification library ii libpam0g:amd64 1.3.1-5amd64Pluggable Authentication Modules library ii libssl1.1:amd64 1.1.1c-1 amd64Secure Sockets Layer toolkit - shared libraries ii zlib1g:amd64 1:1.2.11.dfsg-1+b1 amd64compression library - runtime Regards Harri
filter-rspamd available for testing (repost)
Hello, It seems that I forgot to setup a proper outgoing route yesterday, so my mail announcing availability of filter-rspamd has been SPF-rejected by a bunch of hosts... Here's a link to the mail archive: https://www.mail-archive.com/misc@opensmtpd.org/msg04472.html Note that since then, the port has been committed to OpenBSD ! -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles