Date: Tue, 7 Apr 2026 22:07:06 +0800 From: Po-Chuan Hsieh <sunpoet@freebsd.org> To: Dima Panov <fluffy@freebsd.org> Cc: ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org, Daniel Engberg <diizzy@freebsd.org> Subject: Re: git: 4211f99a216d - main - security/libssh: Mark BROKEN on 15+ and add backup for MASTER_SITES Message-ID: <CAMHz58RboXLnP51v7HgLObNiTQM8_0=x3Y6uAoB2i3WhazrTkg@mail.gmail.com> In-Reply-To: <9456e6a6-45c6-4102-b827-866c9f0f6e43@FreeBSD.org> References: <69d3acd9.315eb.2e00dff0@gitrepo.freebsd.org> <28b58316-b472-4cba-a458-1deae223a455@FreeBSD.org> <9456e6a6-45c6-4102-b827-866c9f0f6e43@FreeBSD.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] Hello, I've committed the workaround in 08397e80c8929b63765d853dfc0286327ac8276d. I've also sent ngie@ exactly the same patch ( https://people.freebsd.org/~sunpoet/patch/ml_kem.txt) yesterday. Best regards, sunpoet On Mon, Apr 6, 2026 at 11:18 PM Dima Panov <fluffy@freebsd.org> wrote: > BTW, we have missed corresponding include file in base openssl since it > was merged with 3.5.x > > diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile > index 9d484e9d48..f57f53a8c7 100644 > --- a/secure/lib/libcrypto/Makefile > +++ b/secure/lib/libcrypto/Makefile > @@ -635,7 +635,7 @@ INCS+= des.h dh.h dherr.h dsa.h > INCS+= dsaerr.h > INCS+= dtls1.h e_os2.h e_ostime.h ebcdic.h ec.h ecdh.h ecdsa.h ecerr.h > encoder.h encodererr.h > INCS+= engine.h engineerr.h err.h ess.h esserr.h evp.h evperr.h > fips_names.h fipskey.h hmac.h hpke.h http.h httperr.h idea.h indicator.h > -INCS+= kdf.h kdferr.h lhash.h macros.h md2.h md4.h md5.h mdc2.h modes.h > obj_mac.h > +INCS+= kdf.h kdferr.h lhash.h macros.h md2.h md4.h md5.h mdc2.h ml_kem.h > modes.h obj_mac.h > INCS+= objects.h objectserr.h ocsp.h ocsperr.h opensslconf.h opensslv.h > INCS+= ossl_typ.h param_build.h params.h pem.h pem2.h pemerr.h pkcs12.h > pkcs12err.h pkcs7.h > INCS+= pkcs7err.h prov_ssl.h proverr.h provider.h quic.h rand.h randerr.h > rc2.h rc4.h rc5.h ripemd.h > > > > On 06.04.2026 18:12, Dima Panov wrote: > > Hello! > > There is another solution -- force check for openssl 3.6 to enable ML-KEM > extension > > > diff --git a/security/libssh/Makefile b/security/libssh/Makefile > index cbec0cfe7b..2f1224e3be 100644 > --- a/security/libssh/Makefile > +++ b/security/libssh/Makefile > @@ -67,6 +68,10 @@ OPENSSL_CMAKE_BOOL_OFF= > CMAKE_DISABLE_FIND_PACKAGE_OpenSSL > OPENSSL_USES= ssl > STATIC_CMAKE_BOOL= BUILD_STATIC_LIB > > +post-patch: > + ${REINPLACE_CMD} -e '/OPENSSL_VERSION/s,3.5.0,3.6.0,g' \ > + ${WRKSRC}/ConfigureChecks.cmake > + > post-install-STATIC-on: > ${INSTALL_DATA} ${INSTALL_WRKSRC}/src/libssh.a ${STAGEDIR}${PREFIX}/lib/ > > > On 06.04.2026 15:53, Daniel Engberg wrote: > > The branch main has been updated by diizzy: > > URL: > https://cgit.FreeBSD.org/ports/commit/?id=4211f99a216d4f440b3b804a1e6db475087e3ed2 > > commit 4211f99a216d4f440b3b804a1e6db475087e3ed2 > Author: Daniel Engberg <diizzy@FreeBSD.org> > AuthorDate: 2026-04-06 12:45:14 +0000 > Commit: Daniel Engberg <diizzy@FreeBSD.org> > CommitDate: 2026-04-06 12:53:21 +0000 > > security/libssh: Mark BROKEN on 15+ and add backup for MASTER_SITES > > Fails to build on 15+, > src/mlkem_crypto.c:31:10: fatal error: 'openssl/ml_kem.h' file not found > > Add temporary backup for MASTER_SITES to avoid build failures on other > versions and of consumers as main upstream site current truncates > downloads > > Thanks to eduardo@ for verifying build issues on -CURRENT > > PR: 294268 > Approved by: blanket, just fix it > --- > security/libssh/Makefile | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/security/libssh/Makefile b/security/libssh/Makefile > index cbec0cfe7b55..10ebb693d642 100644 > --- a/security/libssh/Makefile > +++ b/security/libssh/Makefile > @@ -1,7 +1,9 @@ > PORTNAME= libssh > PORTVERSION= 0.12.0 > +PORTREVISION= 1 > CATEGORIES= security devel > -MASTER_SITES= https://www.libssh.org/files/${PORTVERSION:R}/ > +MASTER_SITES= https://www.libssh.org/files/${PORTVERSION:R}/ \ > + https://ftp.openbsd.org/pub/OpenBSD/distfiles/ > > MAINTAINER= sunpoet@FreeBSD.org > COMMENT= Library implementing the SSH2 protocol > @@ -11,6 +13,9 @@ WWW= https://www.libssh.org/ \ > LICENSE= LGPL21 > LICENSE_FILE= ${WRKSRC}/COPYING > > +BROKEN_FreeBSD_15= src/mlkem_crypto.c:31:10: fatal error: > 'openssl/ml_kem.h' file not found > +BROKEN_FreeBSD_16= src/mlkem_crypto.c:31:10: fatal error: > 'openssl/ml_kem.h' file not found > + > TEST_DEPENDS= cmocka>=0:sysutils/cmocka > > USES= cmake:testing cpe tar:xz > > > -- > Sincerely, > Dima (fluffy@FreeBSD.org, https://t.me/FluffyBSD, @fluffy: > matrix-dev.freebsd.org) > (desktop, kde, x11, office, ports-secteam)@FreeBSD team > > > -- > Sincerely, > Dima (fluffy@FreeBSD.org, https://t.me/FluffyBSD, @fluffy: > matrix-dev.freebsd.org) > (desktop, kde, x11, office, ports-secteam)@FreeBSD team > > [-- Attachment #2 --] <div dir="ltr"><div>Hello,</div><div><br></div><div>I've committed the workaround in 08397e80c8929b63765d853dfc0286327ac8276d.</div><div>I've also sent ngie@ exactly the same patch (<a href="https://people.freebsd.org/~sunpoet/patch/ml_kem.txt">https://people.freebsd.org/~sunpoet/patch/ml_kem.txt</a>) yesterday.</div><div><br></div><div>Best regards,</div><div>sunpoet</div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Mon, Apr 6, 2026 at 11:18 PM Dima Panov <<a href="mailto:fluffy@freebsd.org">fluffy@freebsd.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div id="m_4641467975817252596CanaryBody">BTW, we have missed corresponding include file in base openssl since it was merged with 3.5.x <br> <br>diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile <br>index 9d484e9d48..f57f53a8c7 100644 <br>--- a/secure/lib/libcrypto/Makefile <br>+++ b/secure/lib/libcrypto/Makefile <br>@@ -635,7 +635,7 @@ INCS+= des.h dh.h dherr.h dsa.h <br> INCS+= dsaerr.h <br> INCS+= dtls1.h e_os2.h e_ostime.h ebcdic.h ec.h ecdh.h ecdsa.h ecerr.h encoder.h encodererr.h <br> INCS+= engine.h engineerr.h err.h ess.h esserr.h evp.h evperr.h fips_names.h fipskey.h hmac.h hpke.h http.h httperr.h idea.h indicator.h <br>-INCS+= kdf.h kdferr.h lhash.h macros.h md2.h md4.h md5.h mdc2.h modes.h obj_mac.h <br>+INCS+= kdf.h kdferr.h lhash.h macros.h md2.h md4.h md5.h mdc2.h ml_kem.h modes.h obj_mac.h <br> INCS+= objects.h objectserr.h ocsp.h ocsperr.h opensslconf.h opensslv.h <br> INCS+= ossl_typ.h param_build.h params.h pem.h pem2.h pemerr.h pkcs12.h pkcs12err.h pkcs7.h <br> INCS+= pkcs7err.h prov_ssl.h proverr.h provider.h quic.h rand.h randerr.h rc2.h rc4.h rc5.h ripemd.h <br> <br> <br> <br>On 06.04.2026 18:12, Dima Panov wrote: <br><blockquote type="cite">Hello! <br> <br>There is another solution -- force check for openssl 3.6 to enable ML-KEM extension <br> <br> <br>diff --git a/security/libssh/Makefile b/security/libssh/Makefile <br>index cbec0cfe7b..2f1224e3be 100644 <br>--- a/security/libssh/Makefile <br>+++ b/security/libssh/Makefile <br>@@ -67,6 +68,10 @@ OPENSSL_CMAKE_BOOL_OFF= CMAKE_DISABLE_FIND_PACKAGE_OpenSSL <br>OPENSSL_USES= ssl <br>STATIC_CMAKE_BOOL= BUILD_STATIC_LIB <br> <br>+post-patch: <br>+ ${REINPLACE_CMD} -e '/OPENSSL_VERSION/s,3.5.0,3.6.0,g' \ <br>+ ${WRKSRC}/ConfigureChecks.cmake <br>+ <br>post-install-STATIC-on: <br>${INSTALL_DATA} ${INSTALL_WRKSRC}/src/libssh.a ${STAGEDIR}${PREFIX}/lib/ <br> <br> <br>On 06.04.2026 15:53, Daniel Engberg wrote: <br><blockquote type="cite">The branch main has been updated by diizzy: <br> <br>URL: <a href="https://cgit.FreeBSD.org/ports/commit/?id=4211f99a216d4f440b3b804a1e6db475087e3ed2" target="_blank">https://cgit.FreeBSD.org/ports/commit/?id=4211f99a216d4f440b3b804a1e6db475087e3ed2</a>; <br> <br>commit 4211f99a216d4f440b3b804a1e6db475087e3ed2 <br>Author: Daniel Engberg <diizzy@FreeBSD.org> <br>AuthorDate: 2026-04-06 12:45:14 +0000 <br>Commit: Daniel Engberg <diizzy@FreeBSD.org> <br>CommitDate: 2026-04-06 12:53:21 +0000 <br> <br>security/libssh: Mark BROKEN on 15+ and add backup for MASTER_SITES <br> <br>Fails to build on 15+, <br>src/mlkem_crypto.c:31:10: fatal error: 'openssl/ml_kem.h' file not found <br> <br>Add temporary backup for MASTER_SITES to avoid build failures on other <br>versions and of consumers as main upstream site current truncates <br>downloads <br> <br>Thanks to eduardo@ for verifying build issues on -CURRENT <br> <br>PR: 294268 <br>Approved by: blanket, just fix it <br>--- <br>security/libssh/Makefile | 7 ++++++- <br>1 file changed, 6 insertions(+), 1 deletion(-) <br> <br>diff --git a/security/libssh/Makefile b/security/libssh/Makefile <br>index cbec0cfe7b55..10ebb693d642 100644 <br>--- a/security/libssh/Makefile <br>+++ b/security/libssh/Makefile <br>@@ -1,7 +1,9 @@ <br>PORTNAME= libssh <br>PORTVERSION= 0.12.0 <br>+PORTREVISION= 1 <br>CATEGORIES= security devel <br>-MASTER_SITES= <a href="https://www.libssh.org/files/$%7BPORTVERSION:R%7D/" target="_blank">https://www.libssh.org/files/${PORTVERSION:R}/</a>; <br>+MASTER_SITES= <a href="https://www.libssh.org/files/$%7BPORTVERSION:R%7D/" target="_blank">https://www.libssh.org/files/${PORTVERSION:R}/</a>; \ <br>+ <a href="https://ftp.openbsd.org/pub/OpenBSD/distfiles/" target="_blank">https://ftp.openbsd.org/pub/OpenBSD/distfiles/</a>; <br> <br>MAINTAINER= sunpoet@FreeBSD.org <br>COMMENT= Library implementing the SSH2 protocol <br>@@ -11,6 +13,9 @@ WWW= <a href="https://www.libssh.org/" target="_blank">https://www.libssh.org/</a>; \ <br>LICENSE= LGPL21 <br>LICENSE_FILE= ${WRKSRC}/COPYING <br> <br>+BROKEN_FreeBSD_15= src/mlkem_crypto.c:31:10: fatal error: 'openssl/ml_kem.h' file not found <br>+BROKEN_FreeBSD_16= src/mlkem_crypto.c:31:10: fatal error: 'openssl/ml_kem.h' file not found <br>+ <br>TEST_DEPENDS= cmocka>=0:sysutils/cmocka <br> <br>USES= cmake:testing cpe tar:xz <br> <br></blockquote> <br>-- <br>Sincerely, <br>Dima (fluffy@FreeBSD.org, <a href="https://t.me/FluffyBSD" target="_blank">https://t.me/FluffyBSD</a>, @fluffy:<a href="http://matrix-dev.freebsd.org" target="_blank">matrix-dev.freebsd.org</a>) <br>(desktop, kde, x11, office, ports-secteam)@FreeBSD team <br> <br></blockquote> <br>-- <br>Sincerely, <br>Dima (fluffy@FreeBSD.org, <a href="https://t.me/FluffyBSD" target="_blank">https://t.me/FluffyBSD</a>, @fluffy:<a href="http://matrix-dev.freebsd.org" target="_blank">matrix-dev.freebsd.org</a>) <br>(desktop, kde, x11, office, ports-secteam)@FreeBSD team <br> <br></div></div></blockquote></div></div>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAMHz58RboXLnP51v7HgLObNiTQM8_0=x3Y6uAoB2i3WhazrTkg>