https://gitlab.synchro.net/main/sbbs/-/commit/96770fc129b92abb61be6875
Added Files:
3rdp/build/cl-visibility.patch
Modified Files:
3rdp/build/GNUmakefile
Log Message:
cryptlib: hide vendored OpenSSL symbols so libcrypto can coexist

cryptlib's libcl.a bundles an ancient OpenSSL and exports ~139 OpenSSL-namespace globals (BN_*, MD5_*, SHA*, RSA_*, sanityCheckBignum,
...). Statically linked into libsbbs.so with those symbols global, they interpose a separately-linked libcrypto: e.g. EVP_RSA_gen's internal
BN_free binds to cryptlib's BN_free, which is then handed an OpenSSL
BIGNUM of incompatible layout -> crash in sanityCheckBignum. (libcrypto
was previously only a transitive dependency via libmosquitto and never
called by our own code, so this was latent.)

New cl-visibility.patch compiles cryptlib with -fvisibility=hidden and decorates its public C_RET API with visibility("default") -- gated on
__GNUC__ && _CRYPT_DEFINED, mirroring the existing Windows dllexport
split -- so only the crypt* API is exported and the vendored OpenSSL
symbols become local. Verified: crypt* stays exported (the server .so
modules still resolve it), BN_*/MD5_*/sanityCheckBignum are hidden, and a
full release relink is clean. Enables direct libcrypto use in the mail
server (DKIM signing) and closes the latent interposition risk against mosquitto's libcrypto.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
(cherry picked from commit 57656a4c55e84faefcdcca66cebf8df65fc4a8c6)

---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net