[ircd-hybrid] Bug in 6.7 (v8.2.28) TLS detection is broken

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[ircd-hybrid] Bug in 6.7 (v8.2.28) TLS detection is broken

Stefan Hagen-3
Hello,

I saw that ircd-hybrid is updated in -current to Version 8.2.31.
This version works fine.

However, in 6.7 release, we have version 8.2.28, which is affected by a
bug that was corrected in 8.2.30 with this commit:

https://github.com/ircd-hybrid/ircd-hybrid/commit/8512c8ef40bde3b3ec1cf8e0d4090089c240e3a2

The bug leads to TLS not being activated and the TLS ports won't be
available. It took me too long to figure this out as the SSL/TLS
configuration from the version in 6.6 to 6.7 also changed and I
suspected the error in the configuration changes I had to make.

I think this is a big one as it breaks a primary function of the port.

Should we correct it in 6.7?

The easy way would be to update the port to 8.2.30.
Or shall we patch it into 8.2.28?

For the latter, I've attached the required additional patches.

Regards,
Stefan

ircd-hybrid-8.2.28-tlsfix.tar.gz (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [ircd-hybrid] Bug in 6.7 (v8.2.28) TLS detection is broken

Stefan Hagen-3
*ping*

Is this worth to be corrected in -release? If so - how does it work?

Stefan Hagen wrote:

> I saw that ircd-hybrid is updated in -current to Version 8.2.31.
> This version works fine.
>
> However, in 6.7 release, we have version 8.2.28, which is affected by a
> bug that was corrected in 8.2.30 with this commit:
>
> https://github.com/ircd-hybrid/ircd-hybrid/commit/8512c8ef40bde3b3ec1cf8e0d4090089c240e3a2
>
> The bug leads to TLS not being activated and the TLS IRC ports won't
> be available. It took me too long to figure this out as the SSL/TLS
> configuration from the version in 6.6 to 6.7 also changed and I
> suspected the error in the configuration changes I had to make.
>
> I think this is a big one as it breaks a primary function of the port.
>
> Should we correct it in 6.7?
>
> The easy way would be to update the port to 8.2.30.
> Or shall we patch it into 8.2.28?
>
> For the latter, I've attached the required additional patches.
>
> Regards,
> Stefan

Reply | Threaded
Open this post in threaded view
|

Re: [ircd-hybrid] Bug in 6.7 (v8.2.28) TLS detection is broken

Stefan Hagen-3
> Stefan Hagen wrote:
> > I saw that ircd-hybrid is updated in -current to Version 8.2.31.
> > This version works fine.
> >
> > However, in 6.7 release, we have version 8.2.28, which is affected by a
> > bug that was corrected in 8.2.30 with this commit:
> >
> > https://github.com/ircd-hybrid/ircd-hybrid/commit/8512c8ef40bde3b3ec1cf8e0d4090089c240e3a2
> > Should we correct it in 6.7?

As I'm using this port in production, I can as well take over the
maintenance. Thus I snug the MAINTAINER line into the diff.

This diff is for 6.7. to fix TLS in in the Version used in the stable
OpenBSD release.

Index: net/ircd-hybrid/Makefile
===================================================================
RCS file: /cvs/ports/net/ircd-hybrid/Makefile,v
retrieving revision 1.53
diff -u -p -u -p -r1.53 Makefile
--- net/ircd-hybrid/Makefile 2 Feb 2020 15:33:23 -0000 1.53
+++ net/ircd-hybrid/Makefile 30 May 2020 21:21:24 -0000
@@ -4,8 +4,12 @@ COMMENT = Internet Relay Chat server
 
 DISTNAME = ircd-hybrid-8.2.28
 CATEGORIES = net
+REVISION = 0
+
 MASTER_SITES = ${MASTER_SITE_SOURCEFORGE:=ircd-hybrid/}
 EXTRACT_SUFX = .tgz
+
+MAINTAINER = Stefan Hagen <[hidden email]>
 
 HOMEPAGE = http://ircd-hybrid.com/
 
Index: net/ircd-hybrid/patches/patch-config_h_in
===================================================================
RCS file: net/ircd-hybrid/patches/patch-config_h_in
diff -N net/ircd-hybrid/patches/patch-config_h_in
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/ircd-hybrid/patches/patch-config_h_in 30 May 2020 21:21:24 -0000
@@ -0,0 +1,17 @@
+$OpenBSD$
+
+Fixed issue where HAVE_LIBCRYPTO wouldn't get defined even if the configure test was successful
+
+Index: config.h.in
+--- config.h.in.orig
++++ config.h.in
+@@ -76,6 +76,9 @@
+ /* Define to 1 if you have the <inttypes.h> header file. */
+ #undef HAVE_INTTYPES_H
+
++/* Define to 1 if you have the `crypto' library (-lcrypto). */
++#undef HAVE_LIBCRYPTO
++
+ /* Define if you have the libdl library or equivalent. */
+ #undef HAVE_LIBDL
+
Index: net/ircd-hybrid/patches/patch-configure
===================================================================
RCS file: net/ircd-hybrid/patches/patch-configure
diff -N net/ircd-hybrid/patches/patch-configure
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/ircd-hybrid/patches/patch-configure 30 May 2020 21:21:24 -0000
@@ -0,0 +1,46 @@
+$OpenBSD$
+
+Fixed issue where HAVE_LIBCRYPTO wouldn't get defined even if the configure test was successful
+
+Index: configure
+--- configure.orig
++++ configure
+@@ -16758,6 +16758,22 @@ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_RSA_free" >&5
+ $as_echo "$ac_cv_lib_crypto_RSA_free" >&6; }
+ if test "x$ac_cv_lib_crypto_RSA_free" = xyes; then :
++  cat >>confdefs.h <<_ACEOF
++#define HAVE_LIBCRYPTO 1
++_ACEOF
++
++  LIBS="-lcrypto $LIBS"
++
++fi
++
++fi
++rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
++  conftest.$ac_objext conftest.beam conftest.$ac_ext
++fi
++
++fi
++
++    if test "$ac_cv_lib_crypto_RSA_free" = "yes"; then :
+   { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_connect in -lssl" >&5
+ $as_echo_n "checking for SSL_connect in -lssl... " >&6; }
+ if ${ac_cv_lib_ssl_SSL_connect+:} false; then :
+@@ -16804,15 +16820,6 @@ _ACEOF
+ fi
+
+ fi
+-
+-fi
+-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+-  conftest.$ac_objext conftest.beam conftest.$ac_ext
+-fi
+-
+-fi
+-
+-
+
+     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LibreSSL, or OpenSSL 1.1.1 and above" >&5
+ $as_echo_n "checking for LibreSSL, or OpenSSL 1.1.1 and above... " >&6; }
Index: net/ircd-hybrid/patches/patch-m4_ax_arg_with_tls_m4
===================================================================
RCS file: net/ircd-hybrid/patches/patch-m4_ax_arg_with_tls_m4
diff -N net/ircd-hybrid/patches/patch-m4_ax_arg_with_tls_m4
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/ircd-hybrid/patches/patch-m4_ax_arg_with_tls_m4 30 May 2020 21:21:24 -0000
@@ -0,0 +1,17 @@
+$OpenBSD$
+
+Fixed issue where HAVE_LIBCRYPTO wouldn't get defined even if the configure test was successful
+
+Index: m4/ax_arg_with_tls.m4
+--- m4/ax_arg_with_tls.m4.orig
++++ m4/ax_arg_with_tls.m4
+@@ -9,7 +9,8 @@ if test "$with_tls" = "openssl" ||
+         AC_LANG_PROGRAM([
+           #include <openssl/opensslv.h>
+           #include <stdlib.h>], [
+-          exit(!(OPENSSL_VERSION_NUMBER >= 0x1010100fL)); ])], [AC_CHECK_LIB(crypto, RSA_free,
[AC_CHECK_LIB(ssl, SSL_connect)], [], [])], [], [])])
++          exit(!(OPENSSL_VERSION_NUMBER >= 0x1010100fL)); ])], [AC_CHECK_LIB(crypto, RSA_free, [], [],
[])], [], [])])
++    AS_IF([test "$ac_cv_lib_crypto_RSA_free" = "yes"], [AC_CHECK_LIB(ssl, SSL_connect)], [])
+
+     AC_MSG_CHECKING([for LibreSSL, or OpenSSL 1.1.1 and above])
+     AS_IF([test "$ac_cv_lib_ssl_SSL_connect" = "yes"],