Bug 210656 - mail/fetchmail: socket.c:(.text+0x11fd): undefined reference to `SSLv2_client_method'
Summary: mail/fetchmail: socket.c:(.text+0x11fd): undefined reference to `SSLv2_client...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Matthias Andree
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-28 11:02 UTC by Gerard Seibert
Modified: 2018-05-11 11:25 UTC (History)
3 users (show)

See Also:
chalpin: maintainer-feedback+

Attachments
Build Log (29.95 KB, text/plain)
2016-06-28 11:02 UTC, Gerard Seibert 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Gerard Seibert 2016-06-28 11:02:47 UTC 
Created attachment 171906 [details]
Build Log

uname -a: FreeBSD scorpio.seibercom.net 11.0-CURRENT FreeBSD 11.0-CURRENT #0 r296485: Tue Mar  8 07:04:36 UTC 2016     root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64

I am unable to upgrade to the latest version of "fetchmail" It continually terminates with this message:

cc  -I/usr/include -O2 -pipe  -fstack-protector -fno-strict-aliasing -I/usr/local/include -I/usr/kerberos/include -I/usr/include  -L/usr/lib  -L/usr/local/lib -Wl,-rpath,/usr/local/lib -fstack-protector -L/usr/local/lib -L/usr/lib -o fetchmail socket.o getpass.o fetchmail.o env.o idle.o options.o daemon.o driver.o transact.o sink.o smtp.o idlist.o uid.o mxget.o md5ify.o cram.o gssapi.o opie.o interface.o netrc.o unmime.o conf.o checkalias.o lock.o rcfile_l.o rcfile_y.o norm_charmap.o  pop3.o imap.o etrn.o odmr.o  rpa.o   libfm.a /usr/local/lib/libintl.so -Wl,-rpath -Wl,/usr/local/lib   -lopie -lcrypt -lkrb5 -lgssapi -lgssapi_krb5  -lkvm -lcom_err  -lssl -lcrypto  -L/usr/lib -lgssapi -lgssapi_krb5 -lheimntlm -lkrb5 -lhx509 -lcom_err -lcrypto -lasn1 -lwind -lheimbase -lroken -lcrypt -pthread
socket.o: In function `SSLOpen':
socket.c:(.text+0x11fd): undefined reference to `SSLv2_client_method'
cc: error: linker command failed with exit code 1 (use -v to see invocation)
gmake[4]: *** [Makefile:700: fetchmail] Error 1
gmake[4]: Leaving directory '/usr/ports/mail/fetchmail/work/fetchmail-6.3.26'
gmake[3]: *** [Makefile:1176: all-recursive] Error 1
gmake[3]: Leaving directory '/usr/ports/mail/fetchmail/work/fetchmail-6.3.26'
gmake[2]: *** [Makefile:591: all] Error 2
gmake[2]: Leaving directory '/usr/ports/mail/fetchmail/work/fetchmail-6.3.26'
*** Error code 1

Stop.
make[1]: stopped in /usr/ports/mail/fetchmail
*** Error code 1

The complete build log is attached.
Comment 1 Corey Halpin 2016-06-28 12:11:44 UTC 
Early in your configure output, it says:

configure: Enabling OpenSSL support in /usr/local.

Could you provide more information on which SSL library you are using?

However, your compiler line includes -I/usr/kerberos/include, which makes me think that you're attempting to mix GSSAPI from base with an SSL library from ports.  That is known to be problematic, and patches are in review to update the USES=gssapi framework to prevent that combination: https://reviews.freebsd.org/D5865

If that is the issue, then it can be worked around by selecting the MIT implementation for GSSAPI in 'make config' or by setting the following in your make.conf:

OPTIONS_UNSET+= GSSAPI_BASE
OPTIONS_SET+= GSSAPI_MIT

(If you're using OpenSSL from ports, then you can probably also select HEIMDAL if you prefer it to MIT.  If you're using LibreSSL, that won't currently work. See https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198527 )
Comment 2 Gerard Seibert 2016-06-28 14:01:06 UTC 
(In reply to Corey Halpin from comment #1)

Yes, I am using OpenSSL from ports. The "fetchmail" config I was using is the default one for the port. I disabled "GSSAPI" and the port built perfectly. Perhaps "GSSAPI_NONE" should be the default setting until this problem is corrected.
Comment 3 Corey Halpin 2016-06-28 14:21:09 UTC 
(In reply to Gerard Seibert from comment #2)

Disabling GSSAPI by default would remove functionality from the version in packages, requiring anyone who needs that functionality to build from ports. I'd rather not pull the rug out from users in that way, especially when a fix for the ports infrastructure to resolve this problem is currently in progress.
Comment 4 Matthias Andree freebsd_committer freebsd_triage 2016-08-22 21:52:51 UTC 
I think the right way forward is to rip out SSLv2 support from fetchmail, which I have already done in the upstream Git branch "legacy_64" that I plan to release 6.4.0 from later, and what I had already done for Debian five years ago, but hadn't released that at the time. The references are in FreeBSD Bugzilla Bug #212055.  It's not a duplicate nor a "Depends on" in the strict sense, so I'm setting "See Also" instead.
Comment 5 Martin Wilke freebsd_committer freebsd_triage 2018-05-11 10:32:50 UTC 
Hi,

Can we close this?
Comment 6 Matthias Andree freebsd_committer freebsd_triage 2018-05-11 11:25:37 UTC 
I think we can - the SSLv2 and v3 issues should be fixed since r415811 (disabling SSLv2 altogether),  r417187 (trapping this at run-time, and also missing SSLv3), r420788 (trapping incompatible base GSSAPI vs. ports OPENSSL). I tried to provoke the error, but either the build rid would complain about GSSAPI_BASE, or the build would pass.

I have allowed myself to commit r469628 without running it through Corey Halpin's approval to make the build compatible with openssl-devel, no functional change (the "SSL does not know SSLv2" test is now more thorough, see files/patch-socket.c)