Bug 203701

Summary:

[PATCH] sysutils/webjob: Fix build with No-SSLv3

Product:

Ports & Packages

Reporter:

cpbsdmail

Component:

Individual Port(s)

Assignee:

Bernard Spil <brnrd>

Status:

Closed FIXED

Severity:

Affects Some People

CC:

brnrd, klm, miwi

Priority:

---

Keywords:

easy, needs-qa, patch

Version:

Latest

Flags:

klm: maintainer-feedback+
koobs: merge-quarterly?

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
svn diff for sysutils/webjob	none
svn diff for sysutils/webjob	none
Disables flawed SSL protocols	none
Disables flawed SSL protocols	none
Disables flawed SSL protocols	none

Description cpbsdmail 2015-10-11 15:17:32 UTC

Created attachment 161914 [details]
svn diff for sysutils/webjob

webjob will not build if OpenSSL was built without SSLv3 (--no-ssl3).

LibreSSL 2.3.0 has removed SSLv3 support completely.

- Fix build without SSLv3

Comment 1 cpbsdmail 2015-10-11 15:18:00 UTC

Created attachment 161915 [details]
svn diff for sysutils/webjob

Comment 2 Kubilay Kocak freebsd_committer

2015-10-19 11:16:58 UTC

Can you provide these patches as a single diffs against the port head. please

You can create the files/ patches using `make makepatch` after modifying the original source files using your individual patches.

Comment 3 klm 2015-12-04 03:27:01 UTC

Patch being reviewed/tested. Will post an update once that is done.

Comment 4 klm 2016-01-12 21:37:55 UTC

I was not able to replicate the issue, so some additional feedback is required. More specifically, I would like to know the exact build environment and steps needed to reproduce the build failure.

My build environment was a fresh install of FreeBSD 10.2. For the openssl port, I ran 'make config' and disabled SSLv2/3 protocol support. Next, I disabled the base version of openssl by adding 'WITH_OPENSSL_PORT=yes' to /etc/make.conf. Finally, I built an webjob with 'make NO_STATIC=1'. The result was a successful build. The following output shows that webjob was linked against the openssl port (as opposed to the base version):

# /usr/bin/openssl version
OpenSSL 1.0.1p-freebsd 9 Jul 2015

# /usr/local/bin/openssl version
OpenSSL 1.0.2d 9 Jul 2015

# webjob -v
webjob 1.9.0 64-bit dsv,ssl(1.0.2d)

# ldd /usr/local/bin/webjob
/usr/local/bin/webjob:
        libssl.so.8 => /usr/local/lib/libssl.so.8 (0x80083d000)
        libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x800aa7000)
        libc.so.7 => /lib/libc.so.7 (0x800eb3000)
        libthr.so.3 => /lib/libthr.so.3 (0x80125f000)

Comment 5 klm 2016-01-13 18:07:24 UTC

Created attachment 165517 [details]
Disables flawed SSL protocols

The patches for ssl.c (one for webjob and one for webjob-dsvtool) disable SSLv2, SSLv3, TLSv1, and TLSv1_1.

Comment 6 Bernard Spil freebsd_committer

2016-01-13 19:20:39 UTC

Hi Klayton,

I think you'll need ifdef guards around the SSL_OP_NO_* as well, I've seen failures when these are used when the libraries don't provide them. Probably a guard around SSL_OP_NO_TLSv1_1 may still be required for FreeBSD 9.3's OpenSSL 0.9.8.

From LibreSSL-devel's /usr/local/include/openssl/ssl.h
#define SSL_OP_NO_SSLv3 0x0

In contrast, openssl's /usr/local/include/openssl/ssl.h
# define SSL_OP_NO_SSLv2 0x01000000L

Beware, these errors were triggered in the ports builder of PC-BSD which builds with LibreSSL

Cheers, Bernard.

Comment 7 klm 2016-01-13 19:58:08 UTC

Created attachment 165527 [details]
Disables flawed SSL protocols

Comment 8 klm 2016-01-13 23:16:19 UTC

Created attachment 165531 [details]
Disables flawed SSL protocols

Comment 9 commit-hook freebsd_committer

2016-06-12 18:19:21 UTC

A commit references this bug:

Author: brnrd
Date: Sun Jun 12 18:18:31 UTC 2016
New revision: 416817
URL: https://svnweb.freebsd.org/changeset/ports/416817

Log:
  sysutils/webjob: Fix build without SSLv2

  PR:		203701
  Sponsored by:	BSDCan 2016

Changes:
  head/sysutils/webjob/files/
  head/sysutils/webjob/files/patch-src_ssl.c
  head/sysutils/webjob/files/patch-tools_webjob-dsvtool_ssl.c