svn commit: r526350 - head/mail/rspamd/files
Pietro Cerutti
gahr at FreeBSD.org
Mon Feb 17 08:31:30 UTC 2020
Author: gahr
Date: Mon Feb 17 08:31:29 2020
New Revision: 526350
URL: https://svnweb.freebsd.org/changeset/ports/526350
Log:
mail/rspamd: fix build with LibreSSL
Added:
head/mail/rspamd/files/patch-fips (contents, props changed)
Added: head/mail/rspamd/files/patch-fips
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/mail/rspamd/files/patch-fips Mon Feb 17 08:31:29 2020 (r526350)
@@ -0,0 +1,69 @@
+From 963657514d24c29604e0b873c17dcee0d3efd345 Mon Sep 17 00:00:00 2001
+From: Vsevolod Stakhov <vsevolod at highsecure.ru>
+Date: Fri, 7 Feb 2020 13:18:32 +0000
+Subject: [PATCH] [Minor] Add explicit checks for FIPS mode presence
+
+---
+ CMakeLists.txt | 11 +++++++++++
+ config.h.in | 1 +
+ src/libutil/util.c | 4 ++++
+ 3 files changed, 16 insertions(+)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 29986a740..a41dd8abb 100644
+--- CMakeLists.txt.orig
++++ CMakeLists.txt
+@@ -331,8 +331,19 @@ CHECK_SYMBOL_EXISTS(I_SETSIG "sys/types.h;sys/ioctl.h" HAVE_SETSIG)
+ CHECK_SYMBOL_EXISTS(O_ASYNC "sys/types.h;sys/fcntl.h" HAVE_OASYNC)
+ CHECK_SYMBOL_EXISTS(O_NOFOLLOW "sys/types.h;sys/fcntl.h" HAVE_ONOFOLLOW)
+ CHECK_SYMBOL_EXISTS(O_CLOEXEC "sys/types.h;sys/fcntl.h" HAVE_OCLOEXEC)
++
++# OpenSSL specific stuff
+ LIST(APPEND CMAKE_REQUIRED_INCLUDES "${LIBSSL_INCLUDE}")
++IF(LIBCRYPT_LIBRARY_PATH)
++ SET(CMAKE_REQUIRED_LIBRARIES "${CMAKE_REQUIRED_LIBRARIES};-L${LIBCRYPT_LIBRARY_PATH};${LIBCRYPT_LIBRARY}")
++ SET(CMAKE_REQUIRED_LIBRARIES "${CMAKE_REQUIRED_LIBRARIES};-L${LIBSSL_LIBRARY_PATH};${LIBSSL_LIBRARY}")
++ELSE()
++ SET(CMAKE_REQUIRED_LIBRARIES "${CMAKE_REQUIRED_LIBRARIES};-lcrypt;-lssl")
++ENDIF()
++
+ CHECK_SYMBOL_EXISTS(SSL_set_tlsext_host_name "openssl/ssl.h" HAVE_SSL_TLSEXT_HOSTNAME)
++CHECK_SYMBOL_EXISTS(FIPS_mode "openssl/crypto.h" HAVE_FIPS_MODE)
++
+ CHECK_SYMBOL_EXISTS(dirfd "sys/types.h;unistd.h;dirent.h" HAVE_DIRFD)
+ CHECK_SYMBOL_EXISTS(fpathconf "sys/types.h;unistd.h" HAVE_FPATHCONF)
+ CHECK_SYMBOL_EXISTS(sigaltstack "signal.h" HAVE_SIGALTSTACK)
+diff --git a/config.h.in b/config.h.in
+index c2d73a0a9..b3aefd980 100644
+--- config.h.in.orig
++++ config.h.in
+@@ -32,6 +32,7 @@
+ #cmakedefine HAVE_FCNTL_H 1
+ #cmakedefine HAVE_FDATASYNC 1
+ #cmakedefine HAVE_FETCH_H 1
++#cmakedefine HAVE_FIPS_MODE 1
+ #cmakedefine HAVE_FLOCK 1
+ #cmakedefine HAVE_FPATHCONF 1
+ #cmakedefine HAVE_GETPAGESIZE 1
+diff --git a/src/libutil/util.c b/src/libutil/util.c
+index 3256becb9..119082964 100644
+--- src/libutil/util.c.orig
++++ src/libutil/util.c
+@@ -2484,6 +2484,7 @@ rspamd_config_libs (struct rspamd_external_libs_ctx *ctx,
+ }
+
+ if (cfg->fips_mode) {
++#ifdef HAVE_FIPS_MODE
+ int mode = FIPS_mode ();
+ unsigned long err = (unsigned long)-1;
+
+@@ -2505,6 +2506,9 @@ rspamd_config_libs (struct rspamd_external_libs_ctx *ctx,
+ else {
+ msg_info_config ("OpenSSL FIPS mode is enabled");
+ }
++#else
++ msg_warn_config ("SSL FIPS mode is enabled but not supported by OpenSSL library!");
++#endif
+ }
+
+ if (cfg->ssl_ca_path) {
More information about the svn-ports-all
mailing list