[Clamav-devel] Clam* build incompat with OpenSSL 1.1.0x ? patch available

pgndev pgnet.dev at gmail.com
Thu Nov 30 20:59:18 EST 2017


I'm building clam 0.99.3/head,

    git branch -a | grep \*
        * 0.99.3

    git log | head
        commit 6f8290632b6e1ddcf08b3a64c6cbc9d8b98571e3
        Author: Steven Morgan <stevmorg at cisco.com>
        Date:   Wed Nov 29 17:38:57 2017 -0500

            ClamAV 0.99.3 beta2 versioning.

        commit 0a320049f1fe058dbed05606c925bb2ec2584264
        Author: Steven Morgan <stevmorg at cisco.com>
        Date:   Wed Nov 29 17:18:42 2017 -0500

The build FAILs -- as it has for over a year -- when linking against
OpenSSL 1.1.0x libs/api, due to reference of deprecated symbols,

    ...
    -L/usr/local/lib64  -Wl,-rpath,/usr/local/lib64  -o clamscan output.o
getopt.o optparser.o actions.o misc.o clamscan.o manager.o  ../libclamav/
libclamav.la -lpthread
    libtool: link: rm -f .libs/clamscan.nm .libs/clamscan.nmS
.libs/clamscan.nmT
    libtool: link: rm -f ".libs/clamscan.nmI"
    libtool: link: (cd .libs && /usr/bin/gcc-7 -O3 -Wall -fstack-protector
-funwind-tables -fasynchronous-unwind-tables -fmessage-length=0
-grecord-gcc-switches -march=native -mtune=native
-I/usr/local/openssl11/include -I/usr/local/include -I/usr/local/include
-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -c
-fno-builtin "clamscanS.c")
    libtool: link: rm -f ".libs/clamscanS.c" ".libs/clamscan.nm"
".libs/clamscan.nmS" ".libs/clamscan.nmT" ".libs/clamscan.nmI"
    libtool: link: /usr/bin/gcc-7 -O3 -Wall -fstack-protector
-funwind-tables -fasynchronous-unwind-tables -fmessage-length=0
-grecord-gcc-switches -march=native -mtune=native
-I/usr/local/openssl11/include -I/usr/local/include -I/usr/local/include
-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Wl,-rpath
-Wl,/usr/local/openssl11/lib64 -Wl,-rpath -Wl,/usr/local/lib64 -Wl,-rpath
-Wl,/usr/local/lib64 -o .libs/clamscan output.o getopt.o optparser.o
actions.o misc.o clamscan.o manager.o  -L/usr/local/openssl11/lib64
-L/usr/local/lib64 ../libclamav/.libs/libclamav.so
-L/usr/local/openssl11/lib -L/lib64 -L/usr/local/lib /usr/lib64/libxml2.so
-llzma -lbz2 /usr/lib64/libltdl.so -ldl /usr/local/lib64/libpcre2-8.so -lm
/usr/local/lib64/libpcrecpp.so /usr/local/lib64/libpcre.so
/usr/local/lib64/libcurl.so /usr/local/lib64/libnghttp2.so -lpsl -lz -lssl
-lcrypto -lssh2 -lpthread -pthread
    ../libclamav/.libs/libclamav.so: undefined reference to
`X509_CRL_get_nextUpdate'
    ../libclamav/.libs/libclamav.so: undefined reference to
`SSL_library_init'
    ../libclamav/.libs/libclamav.so: undefined reference to
`ERR_load_crypto_strings'
    ../libclamav/.libs/libclamav.so: undefined reference to
`OpenSSL_add_all_algorithms'
    ../libclamav/.libs/libclamav.so: undefined reference to `EVP_cleanup'
    ../libclamav/.libs/libclamav.so: undefined reference to
`OpenSSL_add_all_digests'
    ../libclamav/.libs/libclamav.so: undefined reference to
`SSL_load_error_strings'
    ../libclamav/.libs/libclamav.so: undefined reference to
`OpenSSL_add_all_ciphers'
    collect2: error: ld returned 1 exit status
    Makefile:611: recipe for target 'clamscan' failed
    make[2]: *** [clamscan] Error 1
    make[2]: Leaving directory '/usr/local/src/clamav-devel/clamscan'
    Makefile:767: recipe for target 'all-recursive' failed
    make[1]: *** [all-recursive] Error 1
    make[1]: Leaving directory '/usr/local/src/clamav-devel'
    Makefile:596: recipe for target 'all' failed
    make: *** [all] Error 2

Mod'ing the build by applying changes similar to a 3rd-party patch (
https://github.com/patch-exchange/openssl-1.1-transition/tree/master/clamav)
for v0.99.2x, also available for over a year now,


https://github.com/patch-exchange/openssl-1.1-transition/blob/master/clamav/clamav-0.99.2-openssl-1.1.patch

clam* build/linked with OpenSSL 1.1.0,

    ldd `which clamdscan` `which clamd` | egrep "ssl|crypto"
        libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1
(0x00007fbda5a85000)
        libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1
(0x00007fbda55dc000)
        libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1
(0x00007f08b5a00000)
        libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1
(0x00007f08b5557000)

and exec OK

    systemctl status clamd.service
        ● clamd.service - clamd scanner daemon
           Loaded: loaded (/etc/systemd/system/clamd.service; enabled;
vendor preset: disabled)
           Active: active (running) since Thu 2017-11-30 15:46:05 PST; 1h
20min ago
         Main PID: 14070 (clamd)
            Tasks: 2 (limit: 512)
           CGroup: /system.slice/clamd.service
                   └─14070 /usr/local/sbin/clamd -c
/usr/local/etc/clamav/clamd.conf

        Nov 30 17:07:21 dev.loc clamd[14070]: SelfCheck: Database status OK.
        Nov 30 17:07:22 dev.loc clamd[30292]: Portable Executable support
enabled.
        Nov 30 17:07:22 dev.loc clamd[30292]: ELF support enabled.
        Nov 30 17:07:22 dev.loc clamd[30292]: Mail files support enabled.
        Nov 30 17:07:22 dev.loc clamd[30292]: OLE2 support enabled.
        Nov 30 17:07:22 dev.loc clamd[30292]: PDF support enabled.
        Nov 30 17:07:22 dev.loc clamd[30292]: SWF support enabled.
        Nov 30 17:07:22 dev.loc clamd[30292]: HTML support enabled.
        Nov 30 17:07:22 dev.loc clamd[30292]: XMLDOCS support enabled.
        Nov 30 17:07:22 dev.loc clamd[30292]: HWP3 support enabled.
        Nov 30 17:07:22 dev.loc clamd[30292]: Self checking every 1800
seconds.

    clamscan -d /var/lib/clamav
        ...
        ----------- SCAN SUMMARY -----------
        Known viruses: 9380408
        Engine version: 0.99.3-beta2
        Scanned directories: 1
        Scanned files: 33
        Infected files: 0
        Data scanned: 4.41 MB
        Data read: 1.93 MB (ratio 2.29:1)
        Time: 27.834 sec (0 m 27 s)


openssl references in git log suggest openssl 110 readiness, as well as the
option to link to local instances of it,

    ...
    commit a4013285691478f165f1fe2de070ff32f34093fc
    Author: Micah Snyder <micasnyd at cisco.com>
    Date:   Fri Nov 17 09:00:06 2017 -0500

        Regargeting openssl solution to match the other projects.
    ...
    commit 89c6504289cd54e2db60e9e04e5752c553d4449c
    Author: Steven Morgan <smorgan at sourcefire.com>
    Date:   Fri Jul 14 16:50:12 2017 -0400

        fix for linking to openssl fo x64.
    ...
    commit 950be7e5eb93cdafc1349d85813c125a53886ee5
    Author: Steven Morgan <smorgan at sourcefire.com>
    Date:   Wed Dec 21 17:16:39 2016 -0500

        Change Windows build to use OpenSSL 1.1.0.c
    ...
    commit dd1b59482dab05f732b8116218eea9d187c41031
    Author: Mickey Sola <msola at sourcefire.com>
    Date:   Tue Aug 9 15:48:31 2016 -0400

        bb11594 - allow for compilation against openssl 1.1.0
    ...
    commit 3f40439f56ba179107afea9e349441fa57cbeb84
    Author: Kevin Lin <klin at sourcefire.com>
    Date:   Thu Oct 22 14:50:41 2015 -0400

        fix for openssl build with specific openssl location (needs autogen)
    ...


But attempting to view that bug#11594 for more detail, we're refused:


    @ https://bugzilla.clamav.net/show_bug.cgi?id=11594

        "You are not authorized to access bug #11594"


What's needed to get full OpenSSL 1.1.0 compat into master branch?


More information about the clamav-devel mailing list