The amanda is failing to configure with openssl 1.1.0. I have contacted
the upstream on the mailing list amanda-users and he sent me the
attached patch. With the patch amanda configures and compiles, failing
only during linking in a way I think is not amanda fault:
libtool: link: gcc -Wall -Wextra -Wparentheses
-Wdeclaration-after-statement -Wmissing-prototypes -Wstrict-prototypes
-Wmissing-declarations -Wformat -Wformat-security -Wsign-compare
-Wfloat-equal -Wold-style-definition -Wno-strict-aliasing
-Wno-unknown-pragmas -Wno-deprecated-declarations -g -O2 -fPIE
-fstack-protector-strong -Wformat -Werror=format-security -O2 -g -Wall
-DIGNORE_TAR_ERRORS -fPIE -pie -Wl,-z -Wl,relro -Wl,-z -Wl,now -o
.libs/amflock-test amflock-test.o -Wl,--export-dynamic -pthread -pthread
./.libs/libamanda.so ./.libs/libtestutils.a -L/usr/lib/x86_64-linux-gnu
-lcrypto /usr/lib/x86_64-linux-gnu/libcurl.so -lm -lgmodule-2.0
-lgobject-2.0 -lgthread-2.0 -lglib-2.0 -lnsl -lresolv -pthread
-Wl,-rpath -Wl,/usr/lib/amanda
/usr/bin/ld: warning: libcrypto.so.1.0.2, needed by
/usr/lib/x86_64-linux-gnu/libcurl.so, may conflict with libcrypto.so.1.1
./.libs/libamanda.so: undefined reference to `OPENSSL_init_ssl'
collect2: error: ld returned 1 exit status
Makefile:2206: recipe for target 'amflock-test' failed
make[4]: *** [amflock-test] Error 1
I will prepare a new package for the new upstream version amanda 3.3.9.
In case there is the need of a fast NMU because of this bug, please go
head.
Kind regards
Jose M Calhariz
On 2016-06-26 11:20, Kurt Roeckx wrote:
Source: amanda
Version: 3.3.8-1
Severity: important
Control: block 827061 by -1
Hi,
OpenSSL 1.1.0 is about to released. During a rebuild of all packages
using
OpenSSL this package fail to build. A log of that build can be found
at:
https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/amanda_3.3.8-1_amd64-20160529-1404
On https://wiki.openssl.org/index.php/1.1_API_Changes you can see
various of the
reasons why it might fail. There are also updated man pages at
https://www.openssl.org/docs/manmaster/ that should contain useful
information.
There is a libssl-dev package available in experimental that contains a
recent
snapshot, I suggest you try building against that to see if everything
works.
If you have problems making things work, feel free to contact us.
Kurt
diff --git a/common-src/glib-util.c b/common-src/glib-util.c
index ff26d53..c6f79dd 100644
--- a/common-src/glib-util.c
+++ b/common-src/glib-util.c
@@ -35,6 +35,8 @@
#ifdef LIBCURL_USE_OPENSSL
#include <openssl/crypto.h>
+#include <openssl/ssl.h>
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
static GMutex **openssl_mutex_array;
static void openssl_lock_callback(int mode, int type, const char *file, int line)
{
@@ -47,19 +49,23 @@ static void openssl_lock_callback(int mode, int type, const char *file, int line
g_mutex_unlock(openssl_mutex_array[type]);
}
}
+#endif /* OPENSSL_VERSION_NUMBER */
static void
init_ssl(void)
{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
int i;
-
openssl_mutex_array = g_new0(GMutex *, CRYPTO_num_locks());
+ SSL_library_init();
for (i=0; i<CRYPTO_num_locks(); i++) {
openssl_mutex_array[i] = g_mutex_new();
}
CRYPTO_set_locking_callback(openssl_lock_callback);
-
+#else
+ OPENSSL_init_ssl(0, NULL);
+#endif /* OPENSSL_VERSION_NUMBER */
}
#else /* LIBCURL_USE_OPENSSL */
diff --git a/config/amanda/libs.m4 b/config/amanda/libs.m4
index 098d8e4..a090a3e 100644
--- a/config/amanda/libs.m4
+++ b/config/amanda/libs.m4
@@ -54,7 +54,12 @@ AC_DEFUN([AMANDA_CHECK_LIBCURL], [
#
AC_DEFUN([AMANDA_CHECK_HMAC], [
HAVE_HMAC=yes
- AC_CHECK_LIB([crypto], [HMAC_CTX_init], [], [HAVE_HMAC=no])
+ AC_CHECK_LIB([crypto], [HMAC_CTX_init], [], [HAVE_HMAC_CTX_INIT=no])
+ AC_CHECK_LIB([crypto], [HMAC_CTX_reset], [], [HAVE_HMAC_CTX_RESET=no])
+ if test x"HAVE_HMAC_CTX_INIT" == x"no" -a \
+ x"HAVE_HMAC_CTX_RESET" == x"no"; then
+ HAVE_HMAC=no
+ fi
found_hmac_h=no
AC_CHECK_HEADERS([openssl/hmac.h crypto/hmac.h hmac.h],
diff --git a/config/compile b/config/compile
old mode 100644
new mode 100755
diff --git a/config/config.guess b/config/config.guess
old mode 100644
new mode 100755
diff --git a/device-src/s3-util.c b/device-src/s3-util.c
index 50e7bfb..778ec8f 100644
--- a/device-src/s3-util.c
+++ b/device-src/s3-util.c
@@ -238,7 +238,11 @@ EncodeHMACSHA256(
unsigned char tk[SHA256_DIGEST_LENGTH];
// Initialise HMACh
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
HMAC_CTX HMAC;
+#else
+ HMAC_CTX *HMAC;
+#endif
unsigned int hmaclength = 32;
memset(hmachash, 0, hmaclength);
@@ -249,11 +253,20 @@ EncodeHMACSHA256(
}
// Digest the key and message using SHA256
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
HMAC_CTX_init(&HMAC);
HMAC_Init_ex(&HMAC, key, keylen, EVP_sha256(),NULL);
HMAC_Update(&HMAC, datatohash, datalen);
HMAC_Final(&HMAC, hmachash, &hmaclength);
HMAC_CTX_cleanup(&HMAC);
+#else
+ HMAC = HMAC_CTX_new();
+ HMAC_CTX_reset(HMAC);
+ HMAC_Init_ex(HMAC, key, keylen, EVP_sha256(),NULL);
+ HMAC_Update(HMAC, datatohash, datalen);
+ HMAC_Final(HMAC, hmachash, &hmaclength);
+ HMAC_CTX_free(HMAC);
+#endif
return hmachash;
}
diff --git a/device-src/s3.c b/device-src/s3.c
index 10f5a20..d7d88fa 100644
--- a/device-src/s3.c
+++ b/device-src/s3.c
@@ -832,7 +832,11 @@ authenticate_request(S3Handle *hdl,
char *szS3Date = NULL;
char *zulu_date = NULL;
char *buf = NULL;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
HMAC_CTX ctx;
+#else
+ HMAC_CTX *ctx;
+#endif
GByteArray *md = NULL;
char *auth_base64 = NULL;
struct curl_slist *headers = NULL;
@@ -1154,12 +1158,22 @@ authenticate_request(S3Handle *hdl,
/* run HMAC-SHA1 on the canonicalized string */
md = g_byte_array_sized_new(EVP_MAX_MD_SIZE+1);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, hdl->secret_key, (int) strlen(hdl->secret_key),
EVP_sha1(), NULL);
HMAC_Update(&ctx, (unsigned char*) auth_string->str, auth_string->len);
HMAC_Final(&ctx, md->data, &md->len);
HMAC_CTX_cleanup(&ctx);
+#else
+ ctx = HMAC_CTX_new();
+ HMAC_CTX_reset(ctx);
+ HMAC_Init_ex(ctx, hdl->secret_key, (int) strlen(hdl->secret_key),
+ EVP_sha1(), NULL);
+ HMAC_Update(ctx, (unsigned char*) auth_string->str, auth_string->len);
+ HMAC_Final(ctx, md->data, &md->len);
+ HMAC_CTX_free(ctx);
+#endif
auth_base64 = s3_base64_encode(md);
/* append the new headers */
if (is_non_empty_string(hdl->user_token)) {
