Bug 247959

Summary: sendmail SASL example in /usr/share/examples/etc/make.conf is out of date
Product: Base System Reporter: Scott Allendorf <sallendorf>
Component: miscAssignee: Gregory Neil Shapiro <gshapiro>
Status: Closed FIXED    
Severity: Affects Some People CC: eugen, gshapiro, markj
Priority: ---    
Version: 11.3-STABLE   
Hardware: Any   
OS: Any   

Description Scott Allendorf 2020-07-14 03:15:59 UTC 
The lines in /usr/share/examples/etc/make.conf do not match those in the handbook.  Sendmail does not compile on 11-STABLE with these lines in /etc/make.conf if the security/openssl port is installed.

From /usr/share/examples/etc/make.conf:

        SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2
        SENDMAIL_LDFLAGS=-L/usr/local/lib
        SENDMAIL_LDADD=-lsasl2

From the handbook:

        SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
        SENDMAIL_LDADD=/usr/local/lib/libsasl2.so

Sendmail does compile successfully when the lines from the handbook are used in /etc/make.conf.
Comment 1 commit-hook freebsd_committer freebsd_triage 2020-08-01 04:58:12 UTC 
A commit references this bug:

Author: gshapiro
Date: Sat Aug  1 04:57:31 UTC 2020
New revision: 363750
URL: https://svnweb.freebsd.org/changeset/base/363750

Log:
  Mirror recommendation from Handbook to avoid linking conflicts when
  pulling in SASL libraries.

  PR:		247959
  Reported by:	Scott Allendorf
  MFC after:	3 days

Changes:
  head/share/examples/etc/make.conf
Comment 2 Gregory Neil Shapiro freebsd_committer freebsd_triage 2020-08-01 05:00:20 UTC 
Thanks for the report.  The change will be MFC'ed to stable/11 and stable/12 in ~3 days.
Comment 3 Scott Allendorf 2020-08-01 08:05:31 UTC 
On STABLE-11, the compile still fails with the SENDMAIL_CFLAGS from the revised make.conf.  I believe it needs to be changed as well.

Thanks,

Scott
Comment 4 Eugene Grosbein freebsd_committer freebsd_triage 2020-08-01 09:21:56 UTC 
(In reply to Scott Allendorf from comment #3)

Please show building log with errors.
Comment 5 Scott Allendorf 2020-08-01 19:13:01 UTC 
root@sallendorf:/home/sca # grep SENDMAIL /etc/make.conf
SENDMAIL_MC=/etc/mail/local.mc
#SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2
SENDMAIL_LDADD=/usr/local/lib/libsasl2.so

Using the commented out line (from the handbook) in place of the new make.conf line does compile/link and work for client auth, but I have not tested server auth.

Here is the relevant (I hope) part of the build log.

==========
root@sallendorf:/usr/src/usr.sbin/sendmail # cd /usr/src/usr.sbin/sendmail
root@sallendorf:/usr/src/usr.sbin/sendmail # make cleandir && make obj
rm -f sm_os.h sendmail sendmail.full sendmail.debug alias.o arpadate.o bf.o collect.o conf.o control.o convtime.o daemon.o deliver.o domain.o envelope.o err.o headers.o macro.o main.o map.o mci.o milter.o mime.o parseaddr.o queue.o ratectrl.o readcf.o recipient.o savemail.o sasl.o sfsasl.o shmticklib.o sm_resolve.o srvrsmtp.o stab.o stats.o sysexits.o timers.o tlsh.o tls.o trace.o udb.o usersmtp.o util.o version.o mailq.1.gz newaliases.1.gz aliases.5.gz sendmail.8.gz mailq.1.cat.gz newaliases.1.cat.gz aliases.5.cat.gz sendmail.8.cat.gz
rm -f .depend .depend.* GPATH GRTAGS GSYMS GTAGS
/usr/obj/usr/src/usr.sbin/sendmail created for /usr/src/usr.sbin/sendmail
root@sallendorf:/usr/src/usr.sbin/sendmail # make
ln -sf /usr/src/contrib/sendmail/include/sm/os/sm_os_freebsd.h sm_os.h
echo sendmail.full: /usr/lib/libc.a  /usr/lib/libutil.a /usr/obj/usr/src/lib/libsm/libsm.a /usr/obj/usr/src/lib/libsmutil/libsmutil.a /usr/lib/libssl.a /usr/lib/libcrypto.a /usr/lib/libwrap.a >> .depend

...

cc -O2 -pipe -march=skylake  -I/usr/src/contrib/sendmail/src -I/usr/src/contrib/sendmail/include -I. -DNEWDB -DNIS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -DTLS_EC -DTCPWRAPPERS -I/usr/local/include -DSASL=2 -g -MD  -MF.depend.version.o -MTversion.o -std=gnu99 -fstack-protector-strong -Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int -Wno-unused-const-variable -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality -Wno-unused-function -Wno-enum-conversion -Wno-unused-local-typedef -Wno-address-of-packed-member -Wno-switch -Wno-switch-enum -Wno-knr-promoted-parameter -Wno-parentheses  -Qunused-arguments  -c /usr/src/contrib/sendmail/src/version.c -o version.o
cc -O2 -pipe -march=skylake -I/usr/src/contrib/sendmail/src -I/usr/src/contrib/sendmail/include -I. -DNEWDB -DNIS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -DTLS_EC -DTCPWRAPPERS -I/usr/local/include -DSASL=2 -g -std=gnu99 -fstack-protector-strong -Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int -Wno-unused-const-variable -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality -Wno-unused-function -Wno-enum-conversion -Wno-unused-local-typedef -Wno-address-of-packed-member -Wno-switch -Wno-switch-enum -Wno-knr-promoted-parameter -Wno-parentheses -Qunused-arguments   -o sendmail.full alias.o arpadate.o bf.o collect.o conf.o control.o convtime.o daemon.o deliver.o domain.o envelope.o err.o headers.o macro.o main.o map.o mci.o milter.o mime.o parseaddr.o queue.o ratectrl.o readcf.o recipient.o savemail.o sasl.o sfsasl.o shmticklib.o sm_resolve.o srvrsmtp.o stab.o stats.o sysexits.o timers.o tlsh.o tls.o trace.o udb.o usersmtp.o util.o version.o  /usr/local/lib/libsasl2.so  -lutil -L/usr/obj/usr/src/lib/libsm -L/usr/obj/usr/src/lib/libsm -lsm -L/usr/obj/usr/src/lib/libsmutil -lsmutil  -lssl  -lcrypto  -lwrap
main.o: In function `main':
/usr/src/contrib/sendmail/src/main.c:658: undefined reference to `OpenSSL_version_num'
readcf.o: In function `get_tls_se_options':
/usr/src/contrib/sendmail/src/readcf.c:2492: undefined reference to `SSL_set_options'
tls.o: In function `inittls':
/usr/src/contrib/sendmail/src/tls.c:1117: undefined reference to `TLS_server_method'
/usr/src/contrib/sendmail/src/tls.c:1118: undefined reference to `TLS_client_method'
/usr/src/contrib/sendmail/src/tls.c:1321: undefined reference to `OpenSSL_version_num'
tls.o: In function `sk_SSL_COMP_num':
/usr/local/include/openssl/ssl.h:959: undefined reference to `OPENSSL_sk_num'
tls.o: In function `inittls':
/usr/src/contrib/sendmail/src/tls.c:1329: undefined reference to `SSL_CTX_set_options'
/usr/src/contrib/sendmail/src/tls.c:(.text+0x1ab9): undefined reference to `DH_set0_pqg'
/usr/src/contrib/sendmail/src/tls.c:1431: undefined reference to `SSL_CTX_set_options'
/usr/src/contrib/sendmail/src/tls.c:1448: undefined reference to `SSL_CTX_set_options'
cc: error: linker command failed with exit code 1 (use -v to see invocation)
*** Error code 1

Stop.
make: stopped in /usr/src/usr.sbin/sendmail
root@sallendorf:/usr/src/usr.sbin/sendmail #
==========

Is the '-I /usr/local/include' allowing the compile to see the port openssl headers and hilarity ensues when it links against the system ssl libraries?

Please let me know if I can provide anything else.

Thanks for all of your FreeBSD efforts (and sendmail efforts too).

-Scott
Comment 6 Gregory Neil Shapiro freebsd_committer freebsd_triage 2020-08-01 19:18:40 UTC 
Yes, if you install your own OpenSSL in /usr/local add you add -I/usr/local/include, you'll get those header files but then without linking to the newer OpenSSL library in /usr/local/lib, you'll end up with the old one in /usr/lib which doesn't match the headers.

This is the same regardless of any base library that gets installed in /usr/local/ as well.
Comment 7 Gregory Neil Shapiro freebsd_committer freebsd_triage 2020-08-11 17:54:15 UTC 
Change MFC'ed to active stable branches (11 & 12)