Hi all, have tried to build IPFire with the new OpenSSL-1.1.0 and have had a couple of other packages (beneath Michaels already announced ones) which did not build properly. Have had problems with: 1) wget: openssl.o: In function `ssl_init': openssl.c:(.text+0x72e): undefined reference to `ENGINE_load_builtin_engines' collect2: error: ld returned 1 exit status make[4]: *** [Makefile:1569: wget] Error 1 there is a patch for OpenSSL-1.1.0 --> https://git.savannah.gnu.org/cgit/wget.git/commit/?h=openssl-1.1 available which do not fixes this problem. 2) openvmtools: ../lib/sslDirect/.libs/libSslDirect.a(libSslDirect_la-sslDirect.o): In function `SSL_Init': sslDirect.c:(.text+0x25e): undefined reference to `ENGINE_register_all_ciphers' sslDirect.c:(.text+0x263): undefined reference to `ENGINE_register_all_digests' collect2: error: ld returned 1 exit status make[2]: *** [Makefile:548: libvmtools.la] Error 1 make[2]: Leaving directory '/usr/src/open-vm-tools-10.0.5-3227872/libvmtools' make[1]: *** [Makefile:505: all-recursive] Error 1 make[1]: Leaving directory '/usr/src/open-vm-tools-10.0.5-3227872' make: *** [openvmtools:85: /usr/src/log/open-vm-tools-10.0.5-3227872] Error 2 3) Asterisk: which pointed Michael already out. 4) crda: Also with the new 3.18 version --> http://drvbp1.linux-foundation.org/~mcgrof/rel-html/crda/ the building process do not work. make[1]: Entering directory '/usr/src/crda-3.13' GEN keys-gcrypt.c Trusted pubkeys: pubkeys/linville.key.pub.pem ERROR: Failed to import the "M2Crypto" module: No module named _m2crypto Please install the "M2Crypto" Python module. On Debian GNU/Linux the package is called "python-m2crypto". make[1]: *** [Makefile:114: keys-gcrypt.c] Error 1 make[1]: Leaving directory '/usr/src/crda-3.13' make: *** [crda:75: /usr/src/log/crda-3.13] Error 2 whereby python-m2crypt is presant also a newer M2Crypto version do not solves this. 5) tor: src/common/crypto.c:3435:3: warning: nested extern declaration of 'ENGINE_cleanup' [-Wnested-externs] make[2]: *** [Makefile:5213: src/common/crypto.o] Error 1 make[2]: *** Waiting for unfinished jobs.... make[2]: Leaving directory '/usr/src/tor-0.3.1.7' make[1]: *** [Makefile:3106: all] Error 2 make[1]: Leaving directory '/usr/src/tor-0.3.1.7' make: *** [tor:81: /usr/src/log/tor-0.3.1.7] Error 2 also updates to 0.3.1.9 but also 0.3.2.6_alpha do not solves this issue. 6) freeradius: build/objs/src/main/tls.o: In function `tls_global_cleanup': tls.c:(.text+0x4670): undefined reference to `ENGINE_cleanup' collect2: error: ld returned 1 exit status make[1]: *** [scripts/boiler.mk:629: build/bin/local/radiusd] Error 1 make[1]: *** Waiting for unfinished jobs.... build/objs/src/main/tls.o: In function `tls_global_cleanup': tls.c:(.text+0x4670): undefined reference to `ENGINE_cleanup' collect2: error: ld returned 1 exit status make[1]: *** [scripts/boiler.mk:630: build/bin/radiusd] Error 1 make[1]: Leaving directory '/usr/src/freeradius-server-3.0.14' make: *** [freeradius:81: /usr/src/log/freeradius-server-3.0.14] Error 2 Tried to find all packages which do not build with the new OpenSSL version, since i haven´t found fixes (fast search around) i commented them to get a full picture of what works and what not. Some ROOTFILES seems to be also problematic. It was possible to build: 1) php-7.2.0 but haven´t test it yet. 2) OpenVPN-2.4.4 But an installation of the ISO is currently not possible cause a problem with the language cache "der sprachdateizwischenspeicher konnte nicht erstellt werden" . So i currently stuck here (make nevertheless currently again a clean build). Some news from here. Greetings, Erik Am 29.11.2017 um 14:12 schrieb Michael Tremer: > Hello, > > I have started working on upgrading the entire distribution to OpenSSL 1.1.0. > This is however not the easiest task since many packages are just incompatible > with the API changes of OpenSSL. > > Therefore, I started this in an own branch, upgraded all sorts of packages that > won't build and patched those who could be patched. However, this is still quite > chaotic and I need some help of the maintainers of some of the packages to do > this for their own packages. > > I have already dropped some packages in this process that a) were incompatible > with OpenSSL 1.1.0, b) where no patches were available and c) that are not > maintained upstream any longer. I also cherry-picked those commits to the > current next tree. If someone disagrees, please open a separate discussion. > > The packages dropped are: > > * Pound > * vsftp > * sslscan > > Packages which currently don't build and I could not patch very easily: > > * php > * asterisk > * openvpn > > I suppose Erik is best to upgrade to openvpn 2.4, Dirk upgrades asterisk and I > am quite sure that there is a few people out there who have been working on php. > Please raise your hands. > > I would like to have the openssl 1.1 branch ready for merge into next at the end > of December. Please make sure that any patches have been submitted until then. > > Please work on top of this branch: > > https://git.ipfire.org/pub/git/people/ms/ipfire-2.x.git openssl-11 > > https://git.ipfire.org/?p=people/ms/ipfire-2.x.git;a=shortlog;h=refs/heads/openssl-11 > > Please also submit improvements of other packages that we can make sure of (i.e. > better cipher suites for Apache, etc.)... > > Best, > -Michael