Date: Sun, 28 Aug 2016 22:34:25 +0200 From: Bernard Spil <brnrd@freebsd.org> To: Dirk Meyer <dirk.meyer@dinoex.sub.org> Cc: Ollivier Robert <roberto@keltia.freenix.fr>, ports-secteam@freebsd.org, portmgr@freebsd.org, ports@freebsd.org Subject: Re: Upcoming OpenSSL 1.1.0 release Message-ID: <CAEJyAvORppnntTxaNW%2BFH5niQ8b1psQiEU8_Y0NPnPE==P0ziQ@mail.gmail.com> In-Reply-To: <CAEJyAvPDdYyqktKs9OVZ%2Bc=DDoLoE6rtQrk=dj_4ic1GhtNwpQ@mail.gmail.com> References: <6d35459045985929d061f3c6cca85efe@imap.brnrd.eu> <20160826111813.zdm32djdt7qw6rmj@roberto-aw.eurocontrol.fr> <MMH%2BXA8BMc@dmeyer.dinoex.sub.org> <CAEJyAvPDdYyqktKs9OVZ%2Bc=DDoLoE6rtQrk=dj_4ic1GhtNwpQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Aug 28, 2016 at 5:01 PM, Bernard Spil <brnrd@freebsd.org> wrote: > 2016-08-27 11:18 GMT+02:00 Dirk Meyer <dirk.meyer@dinoex.sub.org>: >> Hallo Ollivier Robert, >> >>> [01:19:54] =3D=3D=3D=3D>> Failed ports: lang/go14:build security/libssh= 2:build devel/libevent2:build archivers/libarchive:build lang/python27:pack= age security/trousers:build lang/python34:package devel/apr1:configure lang= /ruby23:package dns/ldns:configure databa >>> ses/freetds:build www/libwww:configure ftp/lftp:build security/pkcs11-h= elper:build security/php56-openssl:build www/lynx:build net-p2p/libtorrent:= build security/cyrus-sasl2:build dns/bind910:configure mail/postfix-current= :build mail/dovecot2:build lang/r >>> uby22:package ftp/wget:configure www/nginx-devel:build dns/bind99:confi= gure www/aria2:build >>> >>> Most of them were building before (exception is go14 which is always fa= iling on my poudriere but I know why). >> >> a number of your ports failing with openssl-devel-1.1.0 >> builds fine with my version of openssl-1.1.0 in ports: >> >> archivers/libarchive >> devel/apr1 >> devel/libevent2 >> dns/bind910 >> dns/ldns >> net-p2p/libtorrent >> security/php56-openssl >> security/cyrus-sasl2 >> security/trousers >> www/lynx >> >> For them there are no regressions with the update of security/openssl I = an testing. >> >> kind regards Dirk >> >> - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany >> - [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org] >> > > Hi All, > > There were indeed some issues with my openssl-devel port. I'm now > finishing up aligning it with the port that Dirk committed (and that > was reverted pending more testing). List of fixes below and a patch > for security/openssl-devel to follow soon. > > 1. ASM : Some error in OpenSSL's configure, adding `asm` to > configure_args triggers failure > 2. ldconfig: SHARED_USE_LDCONFIG doesn't work, switch to SHARED_USE=3D > ldconfig=3Dyes > 3. Rework options handling to upstream default off and default on > a. default-off, to enable use enable-opt > b. default-on, to disable use no-opt > > This does NOT fix the build issue(s?) yet. bind910 fails on the > removed openssl/dso.h header file and the DSO_METHOD_dlfcn having been > removed completely. Removing that test makes build fail on missing > ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED which is unrelated to DSO I > believe. > > Checked devel/apr1 shortly and that fails on a missing EVP_PKEY_CTX_new. > > I had already opened a PR for an exp-run with openssl-devel to see how > much fixing we need with OpenSSL 1.1.0 > > Started a wiki page to list issues, solutions etc. > > Propose to update the security/openssl-devel port with the attached > patch and use that to do an exp-run so we can uncover all failing > ports. > > Cheers, > > Bernard. > > > On Sat, Aug 27, 2016 at 11:18 AM, Dirk Meyer <dirk.meyer@dinoex.sub.org> = wrote: >> Hallo Ollivier Robert, >> >>> [01:19:54] =3D=3D=3D=3D>> Failed ports: lang/go14:build security/libssh= 2:build devel/libevent2:build archivers/libarchive:build lang/python27:pack= age security/trousers:build lang/python34:package devel/apr1:configure lang= /ruby23:package dns/ldns:configure databa >>> ses/freetds:build www/libwww:configure ftp/lftp:build security/pkcs11-h= elper:build security/php56-openssl:build www/lynx:build net-p2p/libtorrent:= build security/cyrus-sasl2:build dns/bind910:configure mail/postfix-current= :build mail/dovecot2:build lang/r >>> uby22:package ftp/wget:configure www/nginx-devel:build dns/bind99:confi= gure www/aria2:build >>> >>> Most of them were building before (exception is go14 which is always fa= iling on my poudriere but I know why). >> >> a number of your ports failing with openssl-devel-1.1.0 >> builds fine with my version of openssl-1.1.0 in ports: >> >> archivers/libarchive >> devel/apr1 >> devel/libevent2 >> dns/bind910 >> dns/ldns >> net-p2p/libtorrent >> security/php56-openssl >> security/cyrus-sasl2 >> security/trousers >> www/lynx >> >> For them there are no regressions with the update of security/openssl I = an testing. >> >> kind regards Dirk >> >> - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany >> - [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org] >> Hi All, I've committed the patch which fixes the ASM configure issue, the i386 build issue (by fixing the EC option) and aligns with the (now reverted) security/openssl 1.1.0 port. https://svnweb.freebsd.org/ports?view=3Drevision&revision=3D420878 - Do not pass asm to configure (upstream default ON), fixes configure - Disable EC optimizations on i386, fixes build - Split options activation into upstream-default-enabled and -disabled - Rework EC option handling - Align order of Makefile with security/openssl - Use improved patching from security/openssl - Improve options descriptions - Remove old PRECIOUSMAKEVARS - Add pkg-message The ports build issues I've analysed thusfar are problems in the upstream code. Probably takes a while for upstream projects to release fixes. Will add analysis results to the wiki page at https://wiki.freebsd.org/OpenSSL/1.1.0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEJyAvORppnntTxaNW%2BFH5niQ8b1psQiEU8_Y0NPnPE==P0ziQ>