Date: Mon, 17 Feb 2020 08:31:29 +0000 (UTC) From: Pietro Cerutti <gahr@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r526350 - head/mail/rspamd/files Message-ID: <202002170831.01H8VTIa033531@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gahr Date: Mon Feb 17 08:31:29 2020 New Revision: 526350 URL: https://svnweb.freebsd.org/changeset/ports/526350 Log: mail/rspamd: fix build with LibreSSL Added: head/mail/rspamd/files/patch-fips (contents, props changed) Added: head/mail/rspamd/files/patch-fips ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/mail/rspamd/files/patch-fips Mon Feb 17 08:31:29 2020 (r526350) @@ -0,0 +1,69 @@ +From 963657514d24c29604e0b873c17dcee0d3efd345 Mon Sep 17 00:00:00 2001 +From: Vsevolod Stakhov <vsevolod@highsecure.ru> +Date: Fri, 7 Feb 2020 13:18:32 +0000 +Subject: [PATCH] [Minor] Add explicit checks for FIPS mode presence + +--- + CMakeLists.txt | 11 +++++++++++ + config.h.in | 1 + + src/libutil/util.c | 4 ++++ + 3 files changed, 16 insertions(+) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 29986a740..a41dd8abb 100644 +--- CMakeLists.txt.orig ++++ CMakeLists.txt +@@ -331,8 +331,19 @@ CHECK_SYMBOL_EXISTS(I_SETSIG "sys/types.h;sys/ioctl.h" HAVE_SETSIG) + CHECK_SYMBOL_EXISTS(O_ASYNC "sys/types.h;sys/fcntl.h" HAVE_OASYNC) + CHECK_SYMBOL_EXISTS(O_NOFOLLOW "sys/types.h;sys/fcntl.h" HAVE_ONOFOLLOW) + CHECK_SYMBOL_EXISTS(O_CLOEXEC "sys/types.h;sys/fcntl.h" HAVE_OCLOEXEC) ++ ++# OpenSSL specific stuff + LIST(APPEND CMAKE_REQUIRED_INCLUDES "${LIBSSL_INCLUDE}") ++IF(LIBCRYPT_LIBRARY_PATH) ++ SET(CMAKE_REQUIRED_LIBRARIES "${CMAKE_REQUIRED_LIBRARIES};-L${LIBCRYPT_LIBRARY_PATH};${LIBCRYPT_LIBRARY}") ++ SET(CMAKE_REQUIRED_LIBRARIES "${CMAKE_REQUIRED_LIBRARIES};-L${LIBSSL_LIBRARY_PATH};${LIBSSL_LIBRARY}") ++ELSE() ++ SET(CMAKE_REQUIRED_LIBRARIES "${CMAKE_REQUIRED_LIBRARIES};-lcrypt;-lssl") ++ENDIF() ++ + CHECK_SYMBOL_EXISTS(SSL_set_tlsext_host_name "openssl/ssl.h" HAVE_SSL_TLSEXT_HOSTNAME) ++CHECK_SYMBOL_EXISTS(FIPS_mode "openssl/crypto.h" HAVE_FIPS_MODE) ++ + CHECK_SYMBOL_EXISTS(dirfd "sys/types.h;unistd.h;dirent.h" HAVE_DIRFD) + CHECK_SYMBOL_EXISTS(fpathconf "sys/types.h;unistd.h" HAVE_FPATHCONF) + CHECK_SYMBOL_EXISTS(sigaltstack "signal.h" HAVE_SIGALTSTACK) +diff --git a/config.h.in b/config.h.in +index c2d73a0a9..b3aefd980 100644 +--- config.h.in.orig ++++ config.h.in +@@ -32,6 +32,7 @@ + #cmakedefine HAVE_FCNTL_H 1 + #cmakedefine HAVE_FDATASYNC 1 + #cmakedefine HAVE_FETCH_H 1 ++#cmakedefine HAVE_FIPS_MODE 1 + #cmakedefine HAVE_FLOCK 1 + #cmakedefine HAVE_FPATHCONF 1 + #cmakedefine HAVE_GETPAGESIZE 1 +diff --git a/src/libutil/util.c b/src/libutil/util.c +index 3256becb9..119082964 100644 +--- src/libutil/util.c.orig ++++ src/libutil/util.c +@@ -2484,6 +2484,7 @@ rspamd_config_libs (struct rspamd_external_libs_ctx *ctx, + } + + if (cfg->fips_mode) { ++#ifdef HAVE_FIPS_MODE + int mode = FIPS_mode (); + unsigned long err = (unsigned long)-1; + +@@ -2505,6 +2506,9 @@ rspamd_config_libs (struct rspamd_external_libs_ctx *ctx, + else { + msg_info_config ("OpenSSL FIPS mode is enabled"); + } ++#else ++ msg_warn_config ("SSL FIPS mode is enabled but not supported by OpenSSL library!"); ++#endif + } + + if (cfg->ssl_ca_path) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202002170831.01H8VTIa033531>