Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#59497 - [opensmtpd] build compile with wrong --with-libssl= path and outdated OpenSSL version

Attached to Project: Community Packages
Opened by ipp (n8V8r) - Tuesday, 31 July 2018, 18:09 GMT
Last edited by Doug Newgard (Scimmia) - Tuesday, 31 July 2018, 23:30 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To No-one
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description: [ --with-libssl='/usr/lib/openssl-1.0' \ ] (https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/opensmtpd) appears to be the wrong OpenSSL path considering [ --openssldir=/etc/ssl --libdir=lib \ ] (https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/openssl)

Notwithstanding the OpenSSL version in the Archlinux repo being 1.1.0.h-1 which likely is supported by upstream https://github.com/OpenSMTPD/OpenSMTPD/pull/825

Suppose that may also impact [ --with-cflags= ]


Additional info:
* package version(s) 6.0.3p1-2

This task depends upon

Closed by  Doug Newgard (Scimmia)
Tuesday, 31 July 2018, 23:30 GMT
Reason for closing:  Not a bug
Comment by loqs (loqs) - Tuesday, 31 July 2018, 20:05 GMT
https://git.archlinux.org/svntogit/community.git/commit/trunk?h=packages/opensmtpd&id=0a5b4d1d8006dfd12c04493a793dd8c4f6e26b72
Does the package as built not work with openssl-1.0 for you?
Have you tested locally a package built with openssl instead?
Comment by ipp (n8V8r) - Tuesday, 31 July 2018, 20:39 GMT
That build is 6.0.2p1-2 whilst as reported using 6.0.3p1-2. Why should I downgrade?

There is an issue with private EC keys brainpoolP512r1 (not EC signed certificates) resulting in

[ pony express: ssl_ctx_create: could not fake private key ]

Can only speculate that it might be caused by building with OpenSSL 1.0 1.0.2.o-1 as opposed to 1.1.0.h-1 but I am not sure.
I do not have the knowlegde or resources for compiling locally or else I would likely not feel compelled to file a bug report. Instead I am gratefully relying on packages provided by the repo.

If this considered as not applicable as a bug than please close the task. No need to waste valuable time/resources.
Comment by loqs (loqs) - Tuesday, 31 July 2018, 20:49 GMT
The first link I provided shows where the PKGBUILD was changed from openssl to openssl-1.0 when openssl was updated to version 1.1
https://github.com/OpenSMTPD/OpenSMTPD/issues/738 and the pull request you referenced not being merged indicate to me opensmtpd is still incompatible with openssl 1.1
The actual issue appears to be with EC keys rather than the wrong paths for configuring openssl support.
Edit:
not being merged rather than now being merged.
Comment by loqs (loqs) - Tuesday, 31 July 2018, 21:52 GMT
Build with openssl fails.
   opensmtpd-6.0.3p1-2-x86_64-bu... (29.1 KiB)

Loading...