Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ClamAV>
  3. devel
Clam* build incompat with OpenSSL 1.1.0x ? patch available
pgnet.dev at gmail
Nov 30, 2017, 5:59 PM
Post #1 of 3 (1287 views)
Permalink
I'm building clam 0.99.3/head,

git branch -a | grep \*
* 0.99.3

git log | head
commit 6f8290632b6e1ddcf08b3a64c6cbc9d8b98571e3
Author: Steven Morgan <stevmorg@cisco.com>
Date: Wed Nov 29 17:38:57 2017 -0500

ClamAV 0.99.3 beta2 versioning.

commit 0a320049f1fe058dbed05606c925bb2ec2584264
Author: Steven Morgan <stevmorg@cisco.com>
Date: Wed Nov 29 17:18:42 2017 -0500

The build FAILs -- as it has for over a year -- when linking against
OpenSSL 1.1.0x libs/api, due to reference of deprecated symbols,

...
-L/usr/local/lib64 -Wl,-rpath,/usr/local/lib64 -o clamscan output.o
getopt.o optparser.o actions.o misc.o clamscan.o manager.o ../libclamav/
libclamav.la -lpthread
libtool: link: rm -f .libs/clamscan.nm .libs/clamscan.nmS
.libs/clamscan.nmT
libtool: link: rm -f ".libs/clamscan.nmI"
libtool: link: (cd .libs && /usr/bin/gcc-7 -O3 -Wall -fstack-protector
-funwind-tables -fasynchronous-unwind-tables -fmessage-length=0
-grecord-gcc-switches -march=native -mtune=native
-I/usr/local/openssl11/include -I/usr/local/include -I/usr/local/include
-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -c
-fno-builtin "clamscanS.c")
libtool: link: rm -f ".libs/clamscanS.c" ".libs/clamscan.nm"
".libs/clamscan.nmS" ".libs/clamscan.nmT" ".libs/clamscan.nmI"
libtool: link: /usr/bin/gcc-7 -O3 -Wall -fstack-protector
-funwind-tables -fasynchronous-unwind-tables -fmessage-length=0
-grecord-gcc-switches -march=native -mtune=native
-I/usr/local/openssl11/include -I/usr/local/include -I/usr/local/include
-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Wl,-rpath
-Wl,/usr/local/openssl11/lib64 -Wl,-rpath -Wl,/usr/local/lib64 -Wl,-rpath
-Wl,/usr/local/lib64 -o .libs/clamscan output.o getopt.o optparser.o
actions.o misc.o clamscan.o manager.o -L/usr/local/openssl11/lib64
-L/usr/local/lib64 ../libclamav/.libs/libclamav.so
-L/usr/local/openssl11/lib -L/lib64 -L/usr/local/lib /usr/lib64/libxml2.so
-llzma -lbz2 /usr/lib64/libltdl.so -ldl /usr/local/lib64/libpcre2-8.so -lm
/usr/local/lib64/libpcrecpp.so /usr/local/lib64/libpcre.so
/usr/local/lib64/libcurl.so /usr/local/lib64/libnghttp2.so -lpsl -lz -lssl
-lcrypto -lssh2 -lpthread -pthread
../libclamav/.libs/libclamav.so: undefined reference to
`X509_CRL_get_nextUpdate'
../libclamav/.libs/libclamav.so: undefined reference to
`SSL_library_init'
../libclamav/.libs/libclamav.so: undefined reference to
`ERR_load_crypto_strings'
../libclamav/.libs/libclamav.so: undefined reference to
`OpenSSL_add_all_algorithms'
../libclamav/.libs/libclamav.so: undefined reference to `EVP_cleanup'
../libclamav/.libs/libclamav.so: undefined reference to
`OpenSSL_add_all_digests'
../libclamav/.libs/libclamav.so: undefined reference to
`SSL_load_error_strings'
../libclamav/.libs/libclamav.so: undefined reference to
`OpenSSL_add_all_ciphers'
collect2: error: ld returned 1 exit status
Makefile:611: recipe for target 'clamscan' failed
make[2]: *** [clamscan] Error 1
make[2]: Leaving directory '/usr/local/src/clamav-devel/clamscan'
Makefile:767: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/usr/local/src/clamav-devel'
Makefile:596: recipe for target 'all' failed
make: *** [all] Error 2

Mod'ing the build by applying changes similar to a 3rd-party patch (
https://github.com/patch-exchange/openssl-1.1-transition/tree/master/clamav)
for v0.99.2x, also available for over a year now,


https://github.com/patch-exchange/openssl-1.1-transition/blob/master/clamav/clamav-0.99.2-openssl-1.1.patch

clam* build/linked with OpenSSL 1.1.0,

ldd `which clamdscan` `which clamd` | egrep "ssl|crypto"
libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1
(0x00007fbda5a85000)
libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1
(0x00007fbda55dc000)
libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1
(0x00007f08b5a00000)
libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1
(0x00007f08b5557000)

and exec OK

systemctl status clamd.service
? clamd.service - clamd scanner daemon
Loaded: loaded (/etc/systemd/system/clamd.service; enabled;
vendor preset: disabled)
Active: active (running) since Thu 2017-11-30 15:46:05 PST; 1h
20min ago
Main PID: 14070 (clamd)
Tasks: 2 (limit: 512)
CGroup: /system.slice/clamd.service
??14070 /usr/local/sbin/clamd -c
/usr/local/etc/clamav/clamd.conf

Nov 30 17:07:21 dev.loc clamd[14070]: SelfCheck: Database status OK.
Nov 30 17:07:22 dev.loc clamd[30292]: Portable Executable support
enabled.
Nov 30 17:07:22 dev.loc clamd[30292]: ELF support enabled.
Nov 30 17:07:22 dev.loc clamd[30292]: Mail files support enabled.
Nov 30 17:07:22 dev.loc clamd[30292]: OLE2 support enabled.
Nov 30 17:07:22 dev.loc clamd[30292]: PDF support enabled.
Nov 30 17:07:22 dev.loc clamd[30292]: SWF support enabled.
Nov 30 17:07:22 dev.loc clamd[30292]: HTML support enabled.
Nov 30 17:07:22 dev.loc clamd[30292]: XMLDOCS support enabled.
Nov 30 17:07:22 dev.loc clamd[30292]: HWP3 support enabled.
Nov 30 17:07:22 dev.loc clamd[30292]: Self checking every 1800
seconds.

clamscan -d /var/lib/clamav
...
----------- SCAN SUMMARY -----------
Known viruses: 9380408
Engine version: 0.99.3-beta2
Scanned directories: 1
Scanned files: 33
Infected files: 0
Data scanned: 4.41 MB
Data read: 1.93 MB (ratio 2.29:1)
Time: 27.834 sec (0 m 27 s)


openssl references in git log suggest openssl 110 readiness, as well as the
option to link to local instances of it,

...
commit a4013285691478f165f1fe2de070ff32f34093fc
Author: Micah Snyder <micasnyd@cisco.com>
Date: Fri Nov 17 09:00:06 2017 -0500

Regargeting openssl solution to match the other projects.
...
commit 89c6504289cd54e2db60e9e04e5752c553d4449c
Author: Steven Morgan <smorgan@sourcefire.com>
Date: Fri Jul 14 16:50:12 2017 -0400

fix for linking to openssl fo x64.
...
commit 950be7e5eb93cdafc1349d85813c125a53886ee5
Author: Steven Morgan <smorgan@sourcefire.com>
Date: Wed Dec 21 17:16:39 2016 -0500

Change Windows build to use OpenSSL 1.1.0.c
...
commit dd1b59482dab05f732b8116218eea9d187c41031
Author: Mickey Sola <msola@sourcefire.com>
Date: Tue Aug 9 15:48:31 2016 -0400

bb11594 - allow for compilation against openssl 1.1.0
...
commit 3f40439f56ba179107afea9e349441fa57cbeb84
Author: Kevin Lin <klin@sourcefire.com>
Date: Thu Oct 22 14:50:41 2015 -0400

fix for openssl build with specific openssl location (needs autogen)
...


But attempting to view that bug#11594 for more detail, we're refused:


@ https://bugzilla.clamav.net/show_bug.cgi?id=11594

"You are not authorized to access bug #11594"


What's needed to get full OpenSSL 1.1.0 compat into master branch?
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml
Re: Clam* build incompat with OpenSSL 1.1.0x ? patch available [ In reply to ]
clamav-devel at jubileegroup
Dec 1, 2017, 9:28 AM
Post #2 of 3 (1285 views)
Permalink
Hi there,

On Fri, 1 Dec 2017, pgndev wrote:

> I'm building clam 0.99.3/head,
> ...
> The build FAILs -- as it has for over a year -- when linking against
> OpenSSL 1.1.0x libs/api, due to reference of deprecated symbols,
> ...
> Mod'ing the build by applying changes similar to a 3rd-party patch
> ... also available for over a year now,
> ...
> and exec OK
> ...
> What's needed to get full OpenSSL 1.1.0 compat into master branch?

Either a community with the will and the energy to fork it, or some
kind of serious commitment to the project from Cisco/Sourcefire which
wouldn't be so laughable for a company with over seventy thousand
employees.

Cisco figures, for anyone interested (Wikipedia/Cisco_Systems today):

Revenue
US$ 48.0 billion
Net income
US$ 9.6 billion
Total assets
US$ 129.8 billion

It seems to me that Cisco, having taken what it wants from the project
to use in things that it sells, would be very happy for it to die -
but it can't be seen to just kill it, because that wouldn't look well.
I'd love for them to show (*) me that I'm wrong.

(*) Not tell.

--

73,
Ged.
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml
Re: Clam* build incompat with OpenSSL 1.1.0x ? patch available [ In reply to ]
smorgan at sourcefire
Dec 1, 2017, 6:18 PM
Post #3 of 3 (1284 views)
Permalink
Thanks, we are investigating. #11594 is updated and should now be allow
viewing by all.

Steve

On Thu, Nov 30, 2017 at 8:59 PM, pgndev <pgnet.dev@gmail.com> wrote:

> I'm building clam 0.99.3/head,
>
> git branch -a | grep \*
> * 0.99.3
>
> git log | head
> commit 6f8290632b6e1ddcf08b3a64c6cbc9d8b98571e3
> Author: Steven Morgan <stevmorg@cisco.com>
> Date: Wed Nov 29 17:38:57 2017 -0500
>
> ClamAV 0.99.3 beta2 versioning.
>
> commit 0a320049f1fe058dbed05606c925bb2ec2584264
> Author: Steven Morgan <stevmorg@cisco.com>
> Date: Wed Nov 29 17:18:42 2017 -0500
>
> The build FAILs -- as it has for over a year -- when linking against
> OpenSSL 1.1.0x libs/api, due to reference of deprecated symbols,
>
> ...
> -L/usr/local/lib64 -Wl,-rpath,/usr/local/lib64 -o clamscan output.o
> getopt.o optparser.o actions.o misc.o clamscan.o manager.o ../libclamav/
> libclamav.la -lpthread
> libtool: link: rm -f .libs/clamscan.nm .libs/clamscan.nmS
> .libs/clamscan.nmT
> libtool: link: rm -f ".libs/clamscan.nmI"
> libtool: link: (cd .libs && /usr/bin/gcc-7 -O3 -Wall -fstack-protector
> -funwind-tables -fasynchronous-unwind-tables -fmessage-length=0
> -grecord-gcc-switches -march=native -mtune=native
> -I/usr/local/openssl11/include -I/usr/local/include -I/usr/local/include
> -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -c
> -fno-builtin "clamscanS.c")
> libtool: link: rm -f ".libs/clamscanS.c" ".libs/clamscan.nm"
> ".libs/clamscan.nmS" ".libs/clamscan.nmT" ".libs/clamscan.nmI"
> libtool: link: /usr/bin/gcc-7 -O3 -Wall -fstack-protector
> -funwind-tables -fasynchronous-unwind-tables -fmessage-length=0
> -grecord-gcc-switches -march=native -mtune=native
> -I/usr/local/openssl11/include -I/usr/local/include -I/usr/local/include
> -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Wl,-rpath
> -Wl,/usr/local/openssl11/lib64 -Wl,-rpath -Wl,/usr/local/lib64 -Wl,-rpath
> -Wl,/usr/local/lib64 -o .libs/clamscan output.o getopt.o optparser.o
> actions.o misc.o clamscan.o manager.o -L/usr/local/openssl11/lib64
> -L/usr/local/lib64 ../libclamav/.libs/libclamav.so
> -L/usr/local/openssl11/lib -L/lib64 -L/usr/local/lib /usr/lib64/libxml2.so
> -llzma -lbz2 /usr/lib64/libltdl.so -ldl /usr/local/lib64/libpcre2-8.so -lm
> /usr/local/lib64/libpcrecpp.so /usr/local/lib64/libpcre.so
> /usr/local/lib64/libcurl.so /usr/local/lib64/libnghttp2.so -lpsl -lz -lssl
> -lcrypto -lssh2 -lpthread -pthread
> ../libclamav/.libs/libclamav.so: undefined reference to
> `X509_CRL_get_nextUpdate'
> ../libclamav/.libs/libclamav.so: undefined reference to
> `SSL_library_init'
> ../libclamav/.libs/libclamav.so: undefined reference to
> `ERR_load_crypto_strings'
> ../libclamav/.libs/libclamav.so: undefined reference to
> `OpenSSL_add_all_algorithms'
> ../libclamav/.libs/libclamav.so: undefined reference to `EVP_cleanup'
> ../libclamav/.libs/libclamav.so: undefined reference to
> `OpenSSL_add_all_digests'
> ../libclamav/.libs/libclamav.so: undefined reference to
> `SSL_load_error_strings'
> ../libclamav/.libs/libclamav.so: undefined reference to
> `OpenSSL_add_all_ciphers'
> collect2: error: ld returned 1 exit status
> Makefile:611: recipe for target 'clamscan' failed
> make[2]: *** [clamscan] Error 1
> make[2]: Leaving directory '/usr/local/src/clamav-devel/clamscan'
> Makefile:767: recipe for target 'all-recursive' failed
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory '/usr/local/src/clamav-devel'
> Makefile:596: recipe for target 'all' failed
> make: *** [all] Error 2
>
> Mod'ing the build by applying changes similar to a 3rd-party patch (
> https://github.com/patch-exchange/openssl-1.1-
> transition/tree/master/clamav)
> for v0.99.2x, also available for over a year now,
>
>
> https://github.com/patch-exchange/openssl-1.1-
> transition/blob/master/clamav/clamav-0.99.2-openssl-1.1.patch
>
> clam* build/linked with OpenSSL 1.1.0,
>
> ldd `which clamdscan` `which clamd` | egrep "ssl|crypto"
> libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1
> (0x00007fbda5a85000)
> libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1
> (0x00007fbda55dc000)
> libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1
> (0x00007f08b5a00000)
> libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1
> (0x00007f08b5557000)
>
> and exec OK
>
> systemctl status clamd.service
> ? clamd.service - clamd scanner daemon
> Loaded: loaded (/etc/systemd/system/clamd.service; enabled;
> vendor preset: disabled)
> Active: active (running) since Thu 2017-11-30 15:46:05 PST; 1h
> 20min ago
> Main PID: 14070 (clamd)
> Tasks: 2 (limit: 512)
> CGroup: /system.slice/clamd.service
> ??14070 /usr/local/sbin/clamd -c
> /usr/local/etc/clamav/clamd.conf
>
> Nov 30 17:07:21 dev.loc clamd[14070]: SelfCheck: Database status
> OK.
> Nov 30 17:07:22 dev.loc clamd[30292]: Portable Executable support
> enabled.
> Nov 30 17:07:22 dev.loc clamd[30292]: ELF support enabled.
> Nov 30 17:07:22 dev.loc clamd[30292]: Mail files support enabled.
> Nov 30 17:07:22 dev.loc clamd[30292]: OLE2 support enabled.
> Nov 30 17:07:22 dev.loc clamd[30292]: PDF support enabled.
> Nov 30 17:07:22 dev.loc clamd[30292]: SWF support enabled.
> Nov 30 17:07:22 dev.loc clamd[30292]: HTML support enabled.
> Nov 30 17:07:22 dev.loc clamd[30292]: XMLDOCS support enabled.
> Nov 30 17:07:22 dev.loc clamd[30292]: HWP3 support enabled.
> Nov 30 17:07:22 dev.loc clamd[30292]: Self checking every 1800
> seconds.
>
> clamscan -d /var/lib/clamav
> ...
> ----------- SCAN SUMMARY -----------
> Known viruses: 9380408
> Engine version: 0.99.3-beta2
> Scanned directories: 1
> Scanned files: 33
> Infected files: 0
> Data scanned: 4.41 MB
> Data read: 1.93 MB (ratio 2.29:1)
> Time: 27.834 sec (0 m 27 s)
>
>
> openssl references in git log suggest openssl 110 readiness, as well as the
> option to link to local instances of it,
>
> ...
> commit a4013285691478f165f1fe2de070ff32f34093fc
> Author: Micah Snyder <micasnyd@cisco.com>
> Date: Fri Nov 17 09:00:06 2017 -0500
>
> Regargeting openssl solution to match the other projects.
> ...
> commit 89c6504289cd54e2db60e9e04e5752c553d4449c
> Author: Steven Morgan <smorgan@sourcefire.com>
> Date: Fri Jul 14 16:50:12 2017 -0400
>
> fix for linking to openssl fo x64.
> ...
> commit 950be7e5eb93cdafc1349d85813c125a53886ee5
> Author: Steven Morgan <smorgan@sourcefire.com>
> Date: Wed Dec 21 17:16:39 2016 -0500
>
> Change Windows build to use OpenSSL 1.1.0.c
> ...
> commit dd1b59482dab05f732b8116218eea9d187c41031
> Author: Mickey Sola <msola@sourcefire.com>
> Date: Tue Aug 9 15:48:31 2016 -0400
>
> bb11594 - allow for compilation against openssl 1.1.0
> ...
> commit 3f40439f56ba179107afea9e349441fa57cbeb84
> Author: Kevin Lin <klin@sourcefire.com>
> Date: Thu Oct 22 14:50:41 2015 -0400
>
> fix for openssl build with specific openssl location (needs
> autogen)
> ...
>
>
> But attempting to view that bug#11594 for more detail, we're refused:
>
>
> @ https://bugzilla.clamav.net/show_bug.cgi?id=11594
>
> "You are not authorized to access bug #11594"
>
>
> What's needed to get full OpenSSL 1.1.0 compat into master branch?
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>
> http://www.clamav.net/contact.html#ml
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal