[Clamav-devel] Clam* build incompat with OpenSSL 1.1.0x ? patch available

Steven Morgan smorgan at sourcefire.com
Fri Dec 1 21:18:47 EST 2017


Thanks, we are investigating. #11594 is updated and should now be allow
viewing by all.

 Steve

On Thu, Nov 30, 2017 at 8:59 PM, pgndev <pgnet.dev at gmail.com> wrote:

> I'm building clam 0.99.3/head,
>
>     git branch -a | grep \*
>         * 0.99.3
>
>     git log | head
>         commit 6f8290632b6e1ddcf08b3a64c6cbc9d8b98571e3
>         Author: Steven Morgan <stevmorg at cisco.com>
>         Date:   Wed Nov 29 17:38:57 2017 -0500
>
>             ClamAV 0.99.3 beta2 versioning.
>
>         commit 0a320049f1fe058dbed05606c925bb2ec2584264
>         Author: Steven Morgan <stevmorg at cisco.com>
>         Date:   Wed Nov 29 17:18:42 2017 -0500
>
> The build FAILs -- as it has for over a year -- when linking against
> OpenSSL 1.1.0x libs/api, due to reference of deprecated symbols,
>
>     ...
>     -L/usr/local/lib64  -Wl,-rpath,/usr/local/lib64  -o clamscan output.o
> getopt.o optparser.o actions.o misc.o clamscan.o manager.o  ../libclamav/
> libclamav.la -lpthread
>     libtool: link: rm -f .libs/clamscan.nm .libs/clamscan.nmS
> .libs/clamscan.nmT
>     libtool: link: rm -f ".libs/clamscan.nmI"
>     libtool: link: (cd .libs && /usr/bin/gcc-7 -O3 -Wall -fstack-protector
> -funwind-tables -fasynchronous-unwind-tables -fmessage-length=0
> -grecord-gcc-switches -march=native -mtune=native
> -I/usr/local/openssl11/include -I/usr/local/include -I/usr/local/include
> -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -c
> -fno-builtin "clamscanS.c")
>     libtool: link: rm -f ".libs/clamscanS.c" ".libs/clamscan.nm"
> ".libs/clamscan.nmS" ".libs/clamscan.nmT" ".libs/clamscan.nmI"
>     libtool: link: /usr/bin/gcc-7 -O3 -Wall -fstack-protector
> -funwind-tables -fasynchronous-unwind-tables -fmessage-length=0
> -grecord-gcc-switches -march=native -mtune=native
> -I/usr/local/openssl11/include -I/usr/local/include -I/usr/local/include
> -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Wl,-rpath
> -Wl,/usr/local/openssl11/lib64 -Wl,-rpath -Wl,/usr/local/lib64 -Wl,-rpath
> -Wl,/usr/local/lib64 -o .libs/clamscan output.o getopt.o optparser.o
> actions.o misc.o clamscan.o manager.o  -L/usr/local/openssl11/lib64
> -L/usr/local/lib64 ../libclamav/.libs/libclamav.so
> -L/usr/local/openssl11/lib -L/lib64 -L/usr/local/lib /usr/lib64/libxml2.so
> -llzma -lbz2 /usr/lib64/libltdl.so -ldl /usr/local/lib64/libpcre2-8.so -lm
> /usr/local/lib64/libpcrecpp.so /usr/local/lib64/libpcre.so
> /usr/local/lib64/libcurl.so /usr/local/lib64/libnghttp2.so -lpsl -lz -lssl
> -lcrypto -lssh2 -lpthread -pthread
>     ../libclamav/.libs/libclamav.so: undefined reference to
> `X509_CRL_get_nextUpdate'
>     ../libclamav/.libs/libclamav.so: undefined reference to
> `SSL_library_init'
>     ../libclamav/.libs/libclamav.so: undefined reference to
> `ERR_load_crypto_strings'
>     ../libclamav/.libs/libclamav.so: undefined reference to
> `OpenSSL_add_all_algorithms'
>     ../libclamav/.libs/libclamav.so: undefined reference to `EVP_cleanup'
>     ../libclamav/.libs/libclamav.so: undefined reference to
> `OpenSSL_add_all_digests'
>     ../libclamav/.libs/libclamav.so: undefined reference to
> `SSL_load_error_strings'
>     ../libclamav/.libs/libclamav.so: undefined reference to
> `OpenSSL_add_all_ciphers'
>     collect2: error: ld returned 1 exit status
>     Makefile:611: recipe for target 'clamscan' failed
>     make[2]: *** [clamscan] Error 1
>     make[2]: Leaving directory '/usr/local/src/clamav-devel/clamscan'
>     Makefile:767: recipe for target 'all-recursive' failed
>     make[1]: *** [all-recursive] Error 1
>     make[1]: Leaving directory '/usr/local/src/clamav-devel'
>     Makefile:596: recipe for target 'all' failed
>     make: *** [all] Error 2
>
> Mod'ing the build by applying changes similar to a 3rd-party patch (
> https://github.com/patch-exchange/openssl-1.1-
> transition/tree/master/clamav)
> for v0.99.2x, also available for over a year now,
>
>
> https://github.com/patch-exchange/openssl-1.1-
> transition/blob/master/clamav/clamav-0.99.2-openssl-1.1.patch
>
> clam* build/linked with OpenSSL 1.1.0,
>
>     ldd `which clamdscan` `which clamd` | egrep "ssl|crypto"
>         libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1
> (0x00007fbda5a85000)
>         libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1
> (0x00007fbda55dc000)
>         libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1
> (0x00007f08b5a00000)
>         libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1
> (0x00007f08b5557000)
>
> and exec OK
>
>     systemctl status clamd.service
>         ● clamd.service - clamd scanner daemon
>            Loaded: loaded (/etc/systemd/system/clamd.service; enabled;
> vendor preset: disabled)
>            Active: active (running) since Thu 2017-11-30 15:46:05 PST; 1h
> 20min ago
>          Main PID: 14070 (clamd)
>             Tasks: 2 (limit: 512)
>            CGroup: /system.slice/clamd.service
>                    └─14070 /usr/local/sbin/clamd -c
> /usr/local/etc/clamav/clamd.conf
>
>         Nov 30 17:07:21 dev.loc clamd[14070]: SelfCheck: Database status
> OK.
>         Nov 30 17:07:22 dev.loc clamd[30292]: Portable Executable support
> enabled.
>         Nov 30 17:07:22 dev.loc clamd[30292]: ELF support enabled.
>         Nov 30 17:07:22 dev.loc clamd[30292]: Mail files support enabled.
>         Nov 30 17:07:22 dev.loc clamd[30292]: OLE2 support enabled.
>         Nov 30 17:07:22 dev.loc clamd[30292]: PDF support enabled.
>         Nov 30 17:07:22 dev.loc clamd[30292]: SWF support enabled.
>         Nov 30 17:07:22 dev.loc clamd[30292]: HTML support enabled.
>         Nov 30 17:07:22 dev.loc clamd[30292]: XMLDOCS support enabled.
>         Nov 30 17:07:22 dev.loc clamd[30292]: HWP3 support enabled.
>         Nov 30 17:07:22 dev.loc clamd[30292]: Self checking every 1800
> seconds.
>
>     clamscan -d /var/lib/clamav
>         ...
>         ----------- SCAN SUMMARY -----------
>         Known viruses: 9380408
>         Engine version: 0.99.3-beta2
>         Scanned directories: 1
>         Scanned files: 33
>         Infected files: 0
>         Data scanned: 4.41 MB
>         Data read: 1.93 MB (ratio 2.29:1)
>         Time: 27.834 sec (0 m 27 s)
>
>
> openssl references in git log suggest openssl 110 readiness, as well as the
> option to link to local instances of it,
>
>     ...
>     commit a4013285691478f165f1fe2de070ff32f34093fc
>     Author: Micah Snyder <micasnyd at cisco.com>
>     Date:   Fri Nov 17 09:00:06 2017 -0500
>
>         Regargeting openssl solution to match the other projects.
>     ...
>     commit 89c6504289cd54e2db60e9e04e5752c553d4449c
>     Author: Steven Morgan <smorgan at sourcefire.com>
>     Date:   Fri Jul 14 16:50:12 2017 -0400
>
>         fix for linking to openssl fo x64.
>     ...
>     commit 950be7e5eb93cdafc1349d85813c125a53886ee5
>     Author: Steven Morgan <smorgan at sourcefire.com>
>     Date:   Wed Dec 21 17:16:39 2016 -0500
>
>         Change Windows build to use OpenSSL 1.1.0.c
>     ...
>     commit dd1b59482dab05f732b8116218eea9d187c41031
>     Author: Mickey Sola <msola at sourcefire.com>
>     Date:   Tue Aug 9 15:48:31 2016 -0400
>
>         bb11594 - allow for compilation against openssl 1.1.0
>     ...
>     commit 3f40439f56ba179107afea9e349441fa57cbeb84
>     Author: Kevin Lin <klin at sourcefire.com>
>     Date:   Thu Oct 22 14:50:41 2015 -0400
>
>         fix for openssl build with specific openssl location (needs
> autogen)
>     ...
>
>
> But attempting to view that bug#11594 for more detail, we're refused:
>
>
>     @ https://bugzilla.clamav.net/show_bug.cgi?id=11594
>
>         "You are not authorized to access bug #11594"
>
>
> What's needed to get full OpenSSL 1.1.0 compat into master branch?
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>
> http://www.clamav.net/contact.html#ml


More information about the clamav-devel mailing list