Hi all, have tried to build IPFire with the new OpenSSL-1.1.0 and have had a couple of other packages (beneath Michaels already announced ones) which did not build properly.
Have had problems with:
1) wget: openssl.o: In function `ssl_init': openssl.c:(.text+0x72e): undefined reference to `ENGINE_load_builtin_engines' collect2: error: ld returned 1 exit status make[4]: *** [Makefile:1569: wget] Error 1
there is a patch for OpenSSL-1.1.0 --> https://git.savannah.gnu.org/cgit/wget.git/commit/?h=openssl-1.1 available which do not fixes this problem.
2) openvmtools: ../lib/sslDirect/.libs/libSslDirect.a(libSslDirect_la-sslDirect.o): In function `SSL_Init': sslDirect.c:(.text+0x25e): undefined reference to `ENGINE_register_all_ciphers' sslDirect.c:(.text+0x263): undefined reference to `ENGINE_register_all_digests' collect2: error: ld returned 1 exit status make[2]: *** [Makefile:548: libvmtools.la] Error 1 make[2]: Leaving directory '/usr/src/open-vm-tools-10.0.5-3227872/libvmtools' make[1]: *** [Makefile:505: all-recursive] Error 1 make[1]: Leaving directory '/usr/src/open-vm-tools-10.0.5-3227872' make: *** [openvmtools:85: /usr/src/log/open-vm-tools-10.0.5-3227872] Error 2
3) Asterisk: which pointed Michael already out.
4) crda: Also with the new 3.18 version --> http://drvbp1.linux-foundation.org/~mcgrof/rel-html/crda/ the building process do not work. make[1]: Entering directory '/usr/src/crda-3.13' GEN keys-gcrypt.c Trusted pubkeys: pubkeys/linville.key.pub.pem ERROR: Failed to import the "M2Crypto" module: No module named _m2crypto Please install the "M2Crypto" Python module. On Debian GNU/Linux the package is called "python-m2crypto". make[1]: *** [Makefile:114: keys-gcrypt.c] Error 1 make[1]: Leaving directory '/usr/src/crda-3.13' make: *** [crda:75: /usr/src/log/crda-3.13] Error 2
whereby python-m2crypt is presant also a newer M2Crypto version do not solves this.
5) tor: src/common/crypto.c:3435:3: warning: nested extern declaration of 'ENGINE_cleanup' [-Wnested-externs] make[2]: *** [Makefile:5213: src/common/crypto.o] Error 1 make[2]: *** Waiting for unfinished jobs.... make[2]: Leaving directory '/usr/src/tor-0.3.1.7' make[1]: *** [Makefile:3106: all] Error 2 make[1]: Leaving directory '/usr/src/tor-0.3.1.7' make: *** [tor:81: /usr/src/log/tor-0.3.1.7] Error 2
also updates to 0.3.1.9 but also 0.3.2.6_alpha do not solves this issue.
6) freeradius: build/objs/src/main/tls.o: In function `tls_global_cleanup': tls.c:(.text+0x4670): undefined reference to `ENGINE_cleanup' collect2: error: ld returned 1 exit status make[1]: *** [scripts/boiler.mk:629: build/bin/local/radiusd] Error 1 make[1]: *** Waiting for unfinished jobs.... build/objs/src/main/tls.o: In function `tls_global_cleanup': tls.c:(.text+0x4670): undefined reference to `ENGINE_cleanup' collect2: error: ld returned 1 exit status make[1]: *** [scripts/boiler.mk:630: build/bin/radiusd] Error 1 make[1]: Leaving directory '/usr/src/freeradius-server-3.0.14' make: *** [freeradius:81: /usr/src/log/freeradius-server-3.0.14] Error 2
Tried to find all packages which do not build with the new OpenSSL version, since i haven´t found fixes (fast search around) i commented them to get a full picture of what works and what not.
Some ROOTFILES seems to be also problematic.
It was possible to build:
1) php-7.2.0 but haven´t test it yet.
2) OpenVPN-2.4.4
But an installation of the ISO is currently not possible cause a problem with the language cache "der sprachdateizwischenspeicher konnte nicht erstellt werden" . So i currently stuck here (make nevertheless currently again a clean build).
Some news from here.
Greetings,
Erik
Am 29.11.2017 um 14:12 schrieb Michael Tremer:
Hello,
I have started working on upgrading the entire distribution to OpenSSL 1.1.0. This is however not the easiest task since many packages are just incompatible with the API changes of OpenSSL.
Therefore, I started this in an own branch, upgraded all sorts of packages that won't build and patched those who could be patched. However, this is still quite chaotic and I need some help of the maintainers of some of the packages to do this for their own packages.
I have already dropped some packages in this process that a) were incompatible with OpenSSL 1.1.0, b) where no patches were available and c) that are not maintained upstream any longer. I also cherry-picked those commits to the current next tree. If someone disagrees, please open a separate discussion.
The packages dropped are:
- Pound
- vsftp
- sslscan
Packages which currently don't build and I could not patch very easily:
- php
- asterisk
- openvpn
I suppose Erik is best to upgrade to openvpn 2.4, Dirk upgrades asterisk and I am quite sure that there is a few people out there who have been working on php. Please raise your hands.
I would like to have the openssl 1.1 branch ready for merge into next at the end of December. Please make sure that any patches have been submitted until then.
Please work on top of this branch:
https://git.ipfire.org/pub/git/people/ms/ipfire-2.x.git openssl-11
https://git.ipfire.org/?p=people/ms/ipfire-2.x.git;a=shortlog;h=refs/heads/o...
Please also submit improvements of other packages that we can make sure of (i.e. better cipher suites for Apache, etc.)...
Best, -Michael