Bug 7361

Summary: 3.4.1 does not build with openssl-1.1.0b
Product: Spamassassin Reporter: Kevin Fenzi <kevin>
Component: Building & PackagingAssignee: SpamAssassin Developer Mailing List <dev>
Severity: normal CC: frodo, kevin, spamassassinbugs_peep
Priority: P2    
Version: 3.4.1   
Target Milestone: Undefined   
Hardware: PC   
OS: Linux   
Attachments: Proposed patch from Debian
Look for CRYPTO_malloc when detecting libcrypto

Description Kevin Fenzi 2016-10-24 20:21:51 UTC
Fedora rawhide has recently switched over to openssl 1.1.0 versions, and spamassassin seems to not detect this correctly: 

checking for CRYPTO_lock in -lcrypto... no
checking for SSL_CTX_free in -lssl... yes
configure: error: Cannot use SSL; libraries or header files are missing.

downstream bug: https://bugzilla.redhat.com/show_bug.cgi?id=1386205
Comment 1 Noah Meyerhans 2016-10-29 20:50:05 UTC
Created attachment 5415 [details]
Proposed patch from Debian

This is also tracked in Debian at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828552

At patch has been proposed there by Sebastian Andrzej Siewior <sebastian@breakpoint.cc>. I will attach it here as well.

SA doesn't actually have any problems with the new OpenSSL, but the symbol we look for in spamc/configure.in is no longer available. Switching to a different symbol lets the test pass.
Comment 2 Noah Meyerhans 2016-10-29 21:23:33 UTC
Actually, the proposed patch breaks compatibility with older OpenSSL versions, so we can't use it. It looks for the CRYPTO_zalloc symbol in libcrypto, which didn't exist in older versions. CRYPTO_malloc seems like a better candidate, as it exists in current versions and older releases at least as far back as 0.9.6c from 2002 (which of course, is unsafe to use and plenty old enough to not be concerned about).

Will put together another patch...
Comment 3 Noah Meyerhans 2016-10-29 21:59:18 UTC
Created attachment 5416 [details]
Look for CRYPTO_malloc when detecting libcrypto

This patch against trunk changes the spamc configure script to look for CRYPTO_malloc when detecting libcrypto. It should support current and legacy versions of OpenSSL.

spamc/configure.in was the only change made manually. spamc/configure is autogenerated by autoconf 2.59, which was the same version used to generate the previous version a long, long time ago. It may be worth regenerating with a modern autoconf, but that's not necessary here.
Comment 4 Kevin Fenzi 2016-11-06 21:48:02 UTC
That patch seems to have a bunch of line wrapping changes in it: 

-	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'

but just the parts that change CRYPTO_lock to CRYPTO_malloc seem to work here and get it building ok against openssl 1.1.0.
Comment 5 Noah Meyerhans 2016-11-07 05:04:37 UTC
Yes, as I said, spamc/configure is autogenerated. Any formatting changes there are the result of autoconf. Feel free to manually purge the whitespace changes in the autogenerated file if you want, but I don't recommend it. Alternatively you can try to recreate the environment that Justin Mason used to generate it when it was last done (9 years ago) and generate one that doesn't have the whitespace changes. I put in a reasonable effort to do that, in that I used the same version of autoconf, but it's been a long time and the runtime environment, packaging, etc, has evolved over the years.
Comment 6 Kevin Fenzi 2016-11-07 14:43:01 UTC
No big deal... just wanted to mention it. 

auto* can definitely be a pain. ;(
Comment 7 Karsten Br├Ąckelmann 2017-08-29 10:47:13 UTC
Thanks Noah and Kevin. Patch attachment 5416 [details] looks good to me, keeping the added line breaks, just dropping the first hunk removing quotation marks guarding a variable.

Committed to trunk and stable 3.4 branch.

Sending        spamc/configure
Sending        spamc/configure.in
Committed revision 1806554.

Committed revision 1806555.