Full_Name: Bernard Spil Version: 2.4.40 OS: FreeBSD 10.1-RC2 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (185.9.255.20) When compiling OpenLDAP against the LibreSSL OpenSSL fork, compilation fails because deprecated types and functions are used. These types and functions have been marked deprecated by OpenSSL since 2002 and moved from des.h to des_old.h. LibreSSL removed these deprecated types and functions in April 2014 see https://github.com/libressl-portable/openbsd/commit/e0d211052a6946b9f8af1123278f89a8403ef960 From the make output: --- passwd.o --- passwd.c:41:9: error: unknown type name 'des_cblock'; did you mean 'DES_cblock'? typedef des_cblock des_key; ^~~~~~~~~~ DES_cblock /usr/local/include/openssl/des.h:73:23: note: 'DES_cblock' declared here typedef unsigned char DES_cblock[8]; ^ passwd.c:42:9: erro3A3A unknown type name 'des_cblock'; did you mean 'DES_cblock'? typedef des_cblock des_data_block; ^~~~~~~~~~ DES_cblock /usr/local/include/openssl/des.h:73:23: note: 'DES_cblock' declared here typedef unsigned char DES_cblock[8]; ^ passwd.c:43:9: error: unknown type name 'des_key_schedule'; did you mean 'DES_key_schedule'? typedef des_key_schedule des_context; ^~~~~~~~~~~~~~~~ DES_key_schedule /usr/local/include/openssl/des.h:87:7: note: 'DESeyey_schedule' declared here } DES_key_schedule; ^ passwd.c:670:5: warning: implicit declaration of function 'des_set_odd_parity' is invalid in C99 [-Wimplicit-function-declaration] des_set_odd_parity( key ); ^ passwd.c:867:2: warningA imimplicit declaration of function 'des_set_key_unchecked' is invalid in C99 [-Wimplicit-function-declaration] des_set_key_unchecked( &key, schedule ); ^ passwd.c:868:2: warning: implicit declaration of function 'des_ecb_encrypt' is invalid in C99 [-Wimplicit-function-declaration] des_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT ); ^ 3 warnings and 3 errors generated. *** [passwd.o] Error code 1 make[4]: stopped in /usr/ports/net/openldap24-server/work/openldap-2.4.40/libraries/liblutil 1 error make[4]: stopped in /usr/ports/net/openldap24-server/work/openldap-2.4.40/libraries/liblutil *** [all-common] Error code 2 make[3]: stopped in /usr/ports/net/openldap24-server/work/openldap-2.4.40/librars%s 1 error make[3]: stopped in /usr/ports/net/openldap24-server/work/openldap-2.4.40/libraries *** [all-common] Error code 2 make[2]: stopped in /usr/ports/net/openldap24-server/work/openldap-2.4.40 1 error make[2]: stopped in /u%2/ports/net/openldap24-server/work/openldap-2.4.40 ===> Compilation failed unexpectedly. Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to the maintainer. *** Error code 1 Stop.
spil.oss@gmail.com wrote: > Full_Name: Bernard Spil > Version: 2.4.40 > OS: FreeBSD 10.1-RC2 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (185.9.255.20) > > > When compiling OpenLDAP against the LibreSSL OpenSSL fork, compilation fails > because deprecated types and functions are used. These types and functions have > been marked deprecated by OpenSSL since 2002 and moved from des.h to des_old.h. > LibreSSL removed these deprecated types and functions in April 2014 see > https://github.com/libressl-portable/openbsd/commit/e0d211052a6946b9f8af1123278f89a8403ef960 > >>From the make output: It appears you're compiling with the old LANMAN hash support. Nobody should be using LANMAN any more, it's trivially insecure. I'm inclined to ignore this ITS. > > --- passwd.o --- > passwd.c:41:9: error: unknown type name 'des_cblock'; did you mean > 'DES_cblock'? > typedef des_cblock des_key; > ^~~~~~~~~~ > DES_cblock > /usr/local/include/openssl/des.h:73:23: note: 'DES_cblock' declared here > typedef unsigned char DES_cblock[8]; > ^ > passwd.c:42:9: erro3A3A unknown type name 'des_cblock'; did you mean > 'DES_cblock'? > typedef des_cblock des_data_block; > ^~~~~~~~~~ > DES_cblock > /usr/local/include/openssl/des.h:73:23: note: 'DES_cblock' declared here > typedef unsigned char DES_cblock[8]; > ^ > passwd.c:43:9: error: unknown type name 'des_key_schedule'; did you mean > 'DES_key_schedule'? > typedef des_key_schedule des_context; > ^~~~~~~~~~~~~~~~ > DES_key_schedule > /usr/local/include/openssl/des.h:87:7: note: 'DESeyey_schedule' declared here > } DES_key_schedule; > ^ > passwd.c:670:5: warning: implicit declaration of function 'des_set_odd_parity' > is invalid in C99 [-Wimplicit-function-declaration] > des_set_odd_parity( key ); > ^ > passwd.c:867:2: warningA imimplicit declaration of function > 'des_set_key_unchecked' is invalid in C99 [-Wimplicit-function-declaration] > des_set_key_unchecked( &key, schedule ); > ^ > passwd.c:868:2: warning: implicit declaration of function 'des_ecb_encrypt' is > invalid in C99 [-Wimplicit-function-declaration] > des_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT ); > ^ > 3 warnings and 3 errors generated. > *** [passwd.o] Error code 1 > > make[4]: stopped in /usr/ports/net/openldap24-server/work/openldap-2.4.40/libraries/liblutil > 1 error > > make[4]: stopped in /usr/ports/net/openldap24-server/work/openldap-2.4.40/libraries/liblutil > *** [all-common] Error code 2 > > make[3]: stopped in /usr/ports/net/openldap24-server/work/openldap-2.4.40/librars%s > 1 error > > make[3]: stopped in /usr/ports/net/openldap24-server/work/openldap-2.4.40/libraries > *** [all-common] Error code 2 > > make[2]: stopped in /usr/ports/net/openldap24-server/work/openldap-2.4.40 > 1 error > > make[2]: stopped in /u%2/ports/net/openldap24-server/work/openldap-2.4.40 > ===> Compilation failed unexpectedly. > Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to > the maintainer. > *** Error code 1 > > Stop. > > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Patch to upgrade to the current DES_* types and functions, at least compiles with this. On 2014-11-05 17:48, Howard Chu wrote: > spil.oss@gmail.com wrote: >> Full_Name: Bernard Spil >> Version: 2.4.40 >> OS: FreeBSD 10.1-RC2 >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (185.9.255.20) >> >> >> When compiling OpenLDAP against the LibreSSL OpenSSL fork, compilation >> fails >> because deprecated types and functions are used. These types and >> functions have >> been marked deprecated by OpenSSL since 2002 and moved from des.h to >> des_old.h. >> LibreSSL removed these deprecated types and functions in April 2014 >> see >> https://github.com/libressl-portable/openbsd/commit/e0d211052a6946b9f8af1123278f89a8403ef960 >> >>> From the make output: > > It appears you're compiling with the old LANMAN hash support. Nobody > should be using LANMAN any more, it's trivially insecure. I'm inclined > to ignore this ITS. >> >> --- passwd.o --- >> passwd.c:41:9: error: unknown type name 'des_cblock'; did you mean >> 'DES_cblock'? >> typedef des_cblock des_key; >> ^~~~~~~~~~ >> DES_cblock >> /usr/local/include/openssl/des.h:73:23: note: 'DES_cblock' declared >> here >> typedef unsigned char DES_cblock[8]; >> ^ >> passwd.c:42:9: erro3A3A unknown type name 'des_cblock'; did you mean >> 'DES_cblock'? >> typedef des_cblock des_data_block; >> ^~~~~~~~~~ >> DES_cblock >> /usr/local/include/openssl/des.h:73:23: note: 'DES_cblock' declared >> here >> typedef unsigned char DES_cblock[8]; >> ^ >> passwd.c:43:9: error: unknown type name 'des_key_schedule'; did you >> mean >> 'DES_key_schedule'? >> typedef des_key_schedule des_context; >> ^~~~~~~~~~~~~~~~ >> DES_key_schedule >> /usr/local/include/openssl/des.h:87:7: note: 'DESeyey_schedule' >> declared here >> } DES_key_schedule; >> ^ >> passwd.c:670:5: warning: implicit declaration of function >> 'des_set_odd_parity' >> is invalid in C99 [-Wimplicit-function-declaration] >> des_set_odd_parity( key ); >> ^ >> passwd.c:867:2: warningA imimplicit declaration of function >> 'des_set_key_unchecked' is invalid in C99 >> [-Wimplicit-function-declaration] >> des_set_key_unchecked( &key, schedule ); >> ^ >> passwd.c:868:2: warning: implicit declaration of function >> 'des_ecb_encrypt' is >> invalid in C99 [-Wimplicit-function-declaration] >> des_ecb_encrypt( &StdText, &PasswordHash1, schedule , >> DES_ENCRYPT ); >> ^ >> 3 warnings and 3 errors generated. >> *** [passwd.o] Error code 1 >> >> make[4]: stopped in >> /usr/ports/net/openldap24-server/work/openldap-2.4.40/libraries/liblutil >> 1 error >> >> make[4]: stopped in >> /usr/ports/net/openldap24-server/work/openldap-2.4.40/libraries/liblutil >> *** [all-common] Error code 2 >> >> make[3]: stopped in >> /usr/ports/net/openldap24-server/work/openldap-2.4.40/librars%s >> 1 error >> >> make[3]: stopped in >> /usr/ports/net/openldap24-server/work/openldap-2.4.40/libraries >> *** [all-common] Error code 2 >> >> make[2]: stopped in >> /usr/ports/net/openldap24-server/work/openldap-2.4.40 >> 1 error >> >> make[2]: stopped in >> /u%2/ports/net/openldap24-server/work/openldap-2.4.40 >> ===> Compilation failed unexpectedly. >> Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the >> failure to >> the maintainer. >> *** Error code 1 >> >> Stop. >> >> >>
Hi Howard, Thanks for the pointer. --enable-lmpasswd was indeed enabled in the FreeBSD port. Notifying maintainer of port to switch it off and provided a patch for the port. Hope the patch I created for OpenLDAP is usable after all! Deprecated code in a function that should not be used, would it not be better to remove it completely? (or is that violating the RFCs?) Kind regards, Bernard. On Wed, Nov 5, 2014 at 5:48 PM, Howard Chu <hyc@symas.com> wrote: > spil.oss@gmail.com wrote: >> >> Full_Name: Bernard Spil >> Version: 2.4.40 >> OS: FreeBSD 10.1-RC2 >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (185.9.255.20) >> >> >> When compiling OpenLDAP against the LibreSSL OpenSSL fork, compilation >> fails >> because deprecated types and functions are used. These types and functions >> have >> been marked deprecated by OpenSSL since 2002 and moved from des.h to >> des_old.h. >> LibreSSL removed these deprecated types and functions in April 2014 see >> >> https://github.com/libressl-portable/openbsd/commit/e0d211052a6946b9f8af1123278f89a8403ef960 >> >>> From the make output: > > > It appears you're compiling with the old LANMAN hash support. Nobody should > be using LANMAN any more, it's trivially insecure. I'm inclined to ignore > this ITS. >> >> >> --- passwd.o --- >> passwd.c:41:9: error: unknown type name 'des_cblock'; did you mean >> 'DES_cblock'? >> typedef des_cblock des_key; >> ^~~~~~~~~~ >> DES_cblock >> /usr/local/include/openssl/des.h:73:23: note: 'DES_cblock' declared here >> typedef unsigned char DES_cblock[8]; >> ^ >> passwd.c:42:9: erro3A3A unknown type name 'des_cblock'; did you mean >> 'DES_cblock'? >> typedef des_cblock des_data_block; >> ^~~~~~~~~~ >> DES_cblock >> /usr/local/include/openssl/des.h:73:23: note: 'DES_cblock' declared here >> typedef unsigned char DES_cblock[8]; >> ^ >> passwd.c:43:9: error: unknown type name 'des_key_schedule'; did you mean >> 'DES_key_schedule'? >> typedef des_key_schedule des_context; >> ^~~~~~~~~~~~~~~~ >> DES_key_schedule >> /usr/local/include/openssl/des.h:87:7: note: 'DESeyey_schedule' declared >> here >> } DES_key_schedule; >> ^ >> passwd.c:670:5: warning: implicit declaration of function >> 'des_set_odd_parity' >> is invalid in C99 [-Wimplicit-function-declaration] >> des_set_odd_parity( key ); >> ^ >> passwd.c:867:2: warningA imimplicit declaration of function >> 'des_set_key_unchecked' is invalid in C99 >> [-Wimplicit-function-declaration] >> des_set_key_unchecked( &key, schedule ); >> ^ >> passwd.c:868:2: warning: implicit declaration of function >> 'des_ecb_encrypt' is >> invalid in C99 [-Wimplicit-function-declaration] >> des_ecb_encrypt( &StdText, &PasswordHash1, schedule , DES_ENCRYPT >> ); >> ^ >> 3 warnings and 3 errors generated. >> *** [passwd.o] Error code 1 >> >> make[4]: stopped in >> /usr/ports/net/openldap24-server/work/openldap-2.4.40/libraries/liblutil >> 1 error >> >> make[4]: stopped in >> /usr/ports/net/openldap24-server/work/openldap-2.4.40/libraries/liblutil >> *** [all-common] Error code 2 >> >> make[3]: stopped in >> /usr/ports/net/openldap24-server/work/openldap-2.4.40/librars%s >> 1 error >> >> make[3]: stopped in >> /usr/ports/net/openldap24-server/work/openldap-2.4.40/libraries >> *** [all-common] Error code 2 >> >> make[2]: stopped in /usr/ports/net/openldap24-server/work/openldap-2.4.40 >> 1 error >> >> make[2]: stopped in /u%2/ports/net/openldap24-server/work/openldap-2.4.40 >> ===> Compilation failed unexpectedly. >> Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure >> to >> the maintainer. >> *** Error code 1 >> >> Stop. >> >> >> > > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/
Spil Oss wrote: > Hi Howard, > > Thanks for the pointer. --enable-lmpasswd was indeed enabled in the > FreeBSD port. Notifying maintainer of port to switch it off and > provided a patch for the port. > Hope the patch I created for OpenLDAP is usable after all! Deprecated > code in a function that should not be used, would it not be better to > remove it completely? (or is that violating the RFCs?) Very likely we should remove it. Will queue that up for 2.5. 2.4 is end-of-life and feature-frozen so nothing will be added or removed from it. > Kind regards, > > Bernard. > > On Wed, Nov 5, 2014 at 5:48 PM, Howard Chu <hyc@symas.com> wrote: >> spil.oss@gmail.com wrote: >>> >>> Full_Name: Bernard Spil >>> Version: 2.4.40 >>> OS: FreeBSD 10.1-RC2 >>> URL: ftp://ftp.openldap.org/incoming/ >>> Submission from: (NULL) (185.9.255.20) >>> >>> >>> When compiling OpenLDAP against the LibreSSL OpenSSL fork, compilation >>> fails >>> because deprecated types and functions are used. These types and functions >>> have >>> been marked deprecated by OpenSSL since 2002 and moved from des.h to >>> des_old.h. >>> LibreSSL removed these deprecated types and functions in April 2014 see >>> >>> https://github.com/libressl-portable/openbsd/commit/e0d211052a6946b9f8af1123278f89a8403ef960 >>> >>>> From the make output: >> >> >> It appears you're compiling with the old LANMAN hash support. Nobody should >> be using LANMAN any more, it's trivially insecure. I'm inclined to ignore >> this ITS. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
moved from Incoming to Software Bugs
changed notes moved from Software Bugs to Software Enhancements
See also ITS#8445, ITS#8666, ITS#8832
changed notes
*** Issue 8445 has been marked as a duplicate of this issue. ***
*** Issue 8666 has been marked as a duplicate of this issue. ***
*** Issue 8832 has been marked as a duplicate of this issue. ***
2.5 decision -- do we support LibreSSL?
Created attachment 889 [details] Fix building against LibreSSL OpenLDAP 2.6.1 works fine against LibreSSL 3.4+. The only problem is the configure script checks for a symbol LibreSSL doesn't implement yet.