From nobody Tue Apr  7 14:07:06 2026
X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fqp1Z3K2rz6YKBq
	for <dev-commits-ports-main@mlmmj.nyi.freebsd.org>; Tue, 07 Apr 2026 14:07:46 +0000 (UTC)
	(envelope-from sunpoet@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R13" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4fqp1Z0MmGz3Zbp
	for <dev-commits-ports-main@freebsd.org>; Tue, 07 Apr 2026 14:07:46 +0000 (UTC)
	(envelope-from sunpoet@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1775570866;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=oszfiz8SWkZx4mYaBjvo86nQ8AxYqd6YyDSdpI4NOcg=;
	b=OX1X0Vkn6BEyAz7iRYUYeFrkaMtUOKL0j2irt0BHEzvrmsYYEtd0HOSKlr7SyrBUdgnx5q
	N0eI+aMCPONMdAe8oFp6orVYgDMUwET93v0t3Rw1iiB5K2U5sBqX1jsN2WV9Wf2/IiQcIQ
	nE0BM2jsYBkq5WwSYBimPbClMfXt6hH9+uJMEQUtHEq1pT135uGm3ad4qlNKYWCWG3AyAj
	nWMBOoh058gy0Z1EshDTI2qqMS1QS4H1mqvC9uXIn3nDVLsrTn9M/3EAXBli+QLASu+wqu
	JYoiNPi4nLixFzbZ6RgE7mBbnJd2BYoo1BL0W7qdG+y4HcEWe3KHpEs4iKmQ0w==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1775570866; a=rsa-sha256; cv=none;
	b=SI5qpM5aBrSSn/4h+tWpG9YUJJN0N4HW/iGtNPL0/m0KLFd2a0OmhWVKti25XmYFeEsZ4V
	7ifAFJTVmsj8PLxmdItyhSAlH7k0X5agdEl0byYhyRyUGnIaxI9qJouR9SrUnHPKWRoxtX
	Cw6eCizO4Usycsbq/G4ZDYMIVolKlfhJlEDPtHvZyE9nLJzFRdOV2HhWmiyrcE1goNz/As
	43kNfe9cWCzEB+Q9fASQaf5CHePIjHJdYlNFFOYOf3mDWFiRkaKjN+7VNkeLX6qXKrbJ3L
	6ZdBjo7s5fPAKoFbEUBDIxNkVgT1R93hl06/q5l6JifqOyWZW8m9icKWhLn2HA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1775570866;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=oszfiz8SWkZx4mYaBjvo86nQ8AxYqd6YyDSdpI4NOcg=;
	b=kSJjxvkLBXPbAoxEMjfrpOeiEx1TSH1G9qq7jxhxEn7N279Kd+N4FSeQtqCPaa4b4IUrAY
	lSTHxLkw13NUeyoWLGl4EXr6hJYfy0ZONGdF6BGGLQCKH3RTtL0OcteEOL0AWN39nvXnj0
	/4GcJKFzaYhHJNV7xJKC3E9JR6B/DhbeeIAcFw6PaOcTurg1sAWxmmUXe0ua0Thy3kUXRI
	5C8cvJpN1Q4PgzPL8O93xvoHx6LF/rwf73U7pGMaxfACA5Yl+7ABCEoanY3XiOjA8P69kF
	mCSCTDrZQYRrM8sN7PpdBAHSObfx5NRwI99UnTNAkq8Crqa9FcSq9nEfEeVSuQ==
Received: from mail-ed1-f48.google.com (mail-ed1-f48.google.com [209.85.208.48])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	(Authenticated sender: sunpoet)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4fqp1Y6FWczYx1
	for <dev-commits-ports-main@freebsd.org>; Tue, 07 Apr 2026 14:07:45 +0000 (UTC)
	(envelope-from sunpoet@freebsd.org)
Received: by mail-ed1-f48.google.com with SMTP id 4fb4d7f45d1cf-66dd0531d01so7710689a12.3
        for <dev-commits-ports-main@freebsd.org>; Tue, 07 Apr 2026 07:07:45 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCXRcPmDHpIuedmejOdVtg6u1K2K0IHnNcBQyWzrgpNzqYVLu+ozQvmlBW2eZAhUHR+yeln9R80UKChMm9k8OUyGh1i12sbD@freebsd.org
X-Gm-Message-State: AOJu0YyhKL2CUJnODodW7N5iVQEIid51395GXFA/SY08biQBo6KRzOwr
	lcB/iFTzLYDslJyZ3l5IIj+nPpbv6yRxhgaodW9BnOje/yFb3CcHabBkH0liPz5IymrfZSwJAqk
	KoJJwmEJCdroxQS7BAxp+qQuEm6Kccs3JKp3JEFx8XQ==
X-Received: by 2002:a05:6402:3253:b0:66b:b6e2:66ce with SMTP id
 4fb4d7f45d1cf-66e3f71fab4mr5391742a12.23.1775570864685; Tue, 07 Apr 2026
 07:07:44 -0700 (PDT)
List-Id: Commits to the main branch of the FreeBSD ports repository <dev-commits-ports-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main
List-Help: <mailto:dev-commits-ports-main+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-main@freebsd.org
Sender: owner-dev-commits-ports-main@FreeBSD.org
MIME-Version: 1.0
References: <69d3acd9.315eb.2e00dff0@gitrepo.freebsd.org> <28b58316-b472-4cba-a458-1deae223a455@FreeBSD.org>
 <9456e6a6-45c6-4102-b827-866c9f0f6e43@FreeBSD.org>
In-Reply-To: <9456e6a6-45c6-4102-b827-866c9f0f6e43@FreeBSD.org>
From: Po-Chuan Hsieh <sunpoet@freebsd.org>
Date: Tue, 7 Apr 2026 22:07:06 +0800
X-Gmail-Original-Message-ID: <CAMHz58RboXLnP51v7HgLObNiTQM8_0=x3Y6uAoB2i3WhazrTkg@mail.gmail.com>
X-Gm-Features: AQROBzBjVnVxxr92WP2C_2TDMlnZGsGMzTj-2SebHKHov8RVf3CHIH-FFLGUsZ8
Message-ID: <CAMHz58RboXLnP51v7HgLObNiTQM8_0=x3Y6uAoB2i3WhazrTkg@mail.gmail.com>
Subject: Re: git: 4211f99a216d - main - security/libssh: Mark BROKEN on 15+
 and add backup for MASTER_SITES
To: Dima Panov <fluffy@freebsd.org>
Cc: ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, 
	dev-commits-ports-main@freebsd.org, Daniel Engberg <diizzy@freebsd.org>
Content-Type: multipart/alternative; boundary="000000000000a9e46b064edf4ed2"

--000000000000a9e46b064edf4ed2
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hello,

I've committed the workaround in 08397e80c8929b63765d853dfc0286327ac8276d.
I've also sent ngie@ exactly the same patch (
https://people.freebsd.org/~sunpoet/patch/ml_kem.txt) yesterday.

Best regards,
sunpoet

On Mon, Apr 6, 2026 at 11:18=E2=80=AFPM Dima Panov <fluffy@freebsd.org> wro=
te:

> BTW, we have missed corresponding include file in base openssl since it
> was merged with 3.5.x
>
> diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefil=
e
> index 9d484e9d48..f57f53a8c7 100644
> --- a/secure/lib/libcrypto/Makefile
> +++ b/secure/lib/libcrypto/Makefile
> @@ -635,7 +635,7 @@ INCS+=3D des.h dh.h dherr.h dsa.h
> INCS+=3D dsaerr.h
> INCS+=3D dtls1.h e_os2.h e_ostime.h ebcdic.h ec.h ecdh.h ecdsa.h ecerr.h
> encoder.h encodererr.h
> INCS+=3D engine.h engineerr.h err.h ess.h esserr.h evp.h evperr.h
> fips_names.h fipskey.h hmac.h hpke.h http.h httperr.h idea.h indicator.h
> -INCS+=3D kdf.h kdferr.h lhash.h macros.h md2.h md4.h md5.h mdc2.h modes.=
h
> obj_mac.h
> +INCS+=3D kdf.h kdferr.h lhash.h macros.h md2.h md4.h md5.h mdc2.h ml_kem=
.h
> modes.h obj_mac.h
> INCS+=3D objects.h objectserr.h ocsp.h ocsperr.h opensslconf.h opensslv.h
> INCS+=3D ossl_typ.h param_build.h params.h pem.h pem2.h pemerr.h pkcs12.h
> pkcs12err.h pkcs7.h
> INCS+=3D pkcs7err.h prov_ssl.h proverr.h provider.h quic.h rand.h randerr=
.h
> rc2.h rc4.h rc5.h ripemd.h
>
>
>
> On 06.04.2026 18:12, Dima Panov wrote:
>
> Hello!
>
> There is another solution -- force check for openssl 3.6 to enable ML-KEM
> extension
>
>
> diff --git a/security/libssh/Makefile b/security/libssh/Makefile
> index cbec0cfe7b..2f1224e3be 100644
> --- a/security/libssh/Makefile
> +++ b/security/libssh/Makefile
> @@ -67,6 +68,10 @@ OPENSSL_CMAKE_BOOL_OFF=3D
> CMAKE_DISABLE_FIND_PACKAGE_OpenSSL
> OPENSSL_USES=3D ssl
> STATIC_CMAKE_BOOL=3D BUILD_STATIC_LIB
>
> +post-patch:
> + ${REINPLACE_CMD} -e '/OPENSSL_VERSION/s,3.5.0,3.6.0,g' \
> + ${WRKSRC}/ConfigureChecks.cmake
> +
> post-install-STATIC-on:
> ${INSTALL_DATA} ${INSTALL_WRKSRC}/src/libssh.a ${STAGEDIR}${PREFIX}/lib/
>
>
> On 06.04.2026 15:53, Daniel Engberg wrote:
>
> The branch main has been updated by diizzy:
>
> URL:
> https://cgit.FreeBSD.org/ports/commit/?id=3D4211f99a216d4f440b3b804a1e6db=
475087e3ed2
>
> commit 4211f99a216d4f440b3b804a1e6db475087e3ed2
> Author: Daniel Engberg <diizzy@FreeBSD.org>
> AuthorDate: 2026-04-06 12:45:14 +0000
> Commit: Daniel Engberg <diizzy@FreeBSD.org>
> CommitDate: 2026-04-06 12:53:21 +0000
>
> security/libssh: Mark BROKEN on 15+ and add backup for MASTER_SITES
>
> Fails to build on 15+,
> src/mlkem_crypto.c:31:10: fatal error: 'openssl/ml_kem.h' file not found
>
> Add temporary backup for MASTER_SITES to avoid build failures on other
> versions and of consumers as main upstream site current truncates
> downloads
>
> Thanks to eduardo@ for verifying build issues on -CURRENT
>
> PR: 294268
> Approved by: blanket, just fix it
> ---
> security/libssh/Makefile | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/security/libssh/Makefile b/security/libssh/Makefile
> index cbec0cfe7b55..10ebb693d642 100644
> --- a/security/libssh/Makefile
> +++ b/security/libssh/Makefile
> @@ -1,7 +1,9 @@
> PORTNAME=3D libssh
> PORTVERSION=3D 0.12.0
> +PORTREVISION=3D 1
> CATEGORIES=3D security devel
> -MASTER_SITES=3D https://www.libssh.org/files/${PORTVERSION:R}/
> +MASTER_SITES=3D https://www.libssh.org/files/${PORTVERSION:R}/ \
> + https://ftp.openbsd.org/pub/OpenBSD/distfiles/
>
> MAINTAINER=3D sunpoet@FreeBSD.org
> COMMENT=3D Library implementing the SSH2 protocol
> @@ -11,6 +13,9 @@ WWW=3D https://www.libssh.org/ \
> LICENSE=3D LGPL21
> LICENSE_FILE=3D ${WRKSRC}/COPYING
>
> +BROKEN_FreeBSD_15=3D src/mlkem_crypto.c:31:10: fatal error:
> 'openssl/ml_kem.h' file not found
> +BROKEN_FreeBSD_16=3D src/mlkem_crypto.c:31:10: fatal error:
> 'openssl/ml_kem.h' file not found
> +
> TEST_DEPENDS=3D cmocka>=3D0:sysutils/cmocka
>
> USES=3D cmake:testing cpe tar:xz
>
>
> --
> Sincerely,
> Dima (fluffy@FreeBSD.org, https://t.me/FluffyBSD, @fluffy:
> matrix-dev.freebsd.org)
> (desktop, kde, x11, office, ports-secteam)@FreeBSD team
>
>
> --
> Sincerely,
> Dima (fluffy@FreeBSD.org, https://t.me/FluffyBSD, @fluffy:
> matrix-dev.freebsd.org)
> (desktop, kde, x11, office, ports-secteam)@FreeBSD team
>
>

--000000000000a9e46b064edf4ed2
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Hello,</div><div><br></div><div>I&#39;ve committed th=
e workaround in 08397e80c8929b63765d853dfc0286327ac8276d.</div><div>I&#39;v=
e also sent ngie@ exactly the same patch (<a href=3D"https://people.freebsd=
.org/~sunpoet/patch/ml_kem.txt">https://people.freebsd.org/~sunpoet/patch/m=
l_kem.txt</a>) yesterday.</div><div><br></div><div>Best regards,</div><div>=
sunpoet</div><br><div class=3D"gmail_quote gmail_quote_container"><div dir=
=3D"ltr" class=3D"gmail_attr">On Mon, Apr 6, 2026 at 11:18=E2=80=AFPM Dima =
Panov &lt;<a href=3D"mailto:fluffy@freebsd.org">fluffy@freebsd.org</a>&gt; =
wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0=
px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div=
 id=3D"m_4641467975817252596CanaryBody">BTW, we have missed corresponding i=
nclude file in base openssl since it was merged with 3.5.x <br> <br>diff --=
git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile <br>ind=
ex 9d484e9d48..f57f53a8c7 100644 <br>--- a/secure/lib/libcrypto/Makefile <b=
r>+++ b/secure/lib/libcrypto/Makefile <br>@@ -635,7 +635,7 @@ INCS+=3D des.=
h dh.h dherr.h dsa.h <br> INCS+=3D dsaerr.h <br> INCS+=3D dtls1.h e_os2.h e=
_ostime.h ebcdic.h ec.h ecdh.h ecdsa.h ecerr.h encoder.h encodererr.h <br> =
INCS+=3D engine.h engineerr.h err.h ess.h esserr.h evp.h evperr.h fips_name=
s.h fipskey.h hmac.h hpke.h http.h httperr.h idea.h indicator.h <br>-INCS+=
=3D kdf.h kdferr.h lhash.h macros.h md2.h md4.h md5.h mdc2.h modes.h obj_ma=
c.h <br>+INCS+=3D kdf.h kdferr.h lhash.h macros.h md2.h md4.h md5.h mdc2.h =
ml_kem.h modes.h obj_mac.h <br> INCS+=3D objects.h objectserr.h ocsp.h ocsp=
err.h opensslconf.h opensslv.h <br> INCS+=3D ossl_typ.h param_build.h param=
s.h pem.h pem2.h pemerr.h pkcs12.h pkcs12err.h pkcs7.h <br> INCS+=3D pkcs7e=
rr.h prov_ssl.h proverr.h provider.h quic.h rand.h randerr.h rc2.h rc4.h rc=
5.h ripemd.h <br> <br> <br> <br>On 06.04.2026 18:12, Dima Panov wrote: <br>=
<blockquote type=3D"cite">Hello! <br> <br>There is another solution -- forc=
e check for openssl 3.6 to enable ML-KEM extension <br> <br> <br>diff --git=
 a/security/libssh/Makefile b/security/libssh/Makefile <br>index cbec0cfe7b=
..2f1224e3be 100644 <br>--- a/security/libssh/Makefile <br>+++ b/security/l=
ibssh/Makefile <br>@@ -67,6 +68,10 @@ OPENSSL_CMAKE_BOOL_OFF=3D CMAKE_DISAB=
LE_FIND_PACKAGE_OpenSSL <br>OPENSSL_USES=3D ssl <br>STATIC_CMAKE_BOOL=3D BU=
ILD_STATIC_LIB <br> <br>+post-patch: <br>+ ${REINPLACE_CMD} -e &#39;/OPENSS=
L_VERSION/s,3.5.0,3.6.0,g&#39; \ <br>+ ${WRKSRC}/ConfigureChecks.cmake <br>=
+ <br>post-install-STATIC-on: <br>${INSTALL_DATA} ${INSTALL_WRKSRC}/src/lib=
ssh.a ${STAGEDIR}${PREFIX}/lib/ <br> <br> <br>On 06.04.2026 15:53, Daniel E=
ngberg wrote: <br><blockquote type=3D"cite">The branch main has been update=
d by diizzy: <br> <br>URL: <a href=3D"https://cgit.FreeBSD.org/ports/commit=
/?id=3D4211f99a216d4f440b3b804a1e6db475087e3ed2" target=3D"_blank">https://=
cgit.FreeBSD.org/ports/commit/?id=3D4211f99a216d4f440b3b804a1e6db475087e3ed=
2</a> <br> <br>commit 4211f99a216d4f440b3b804a1e6db475087e3ed2 <br>Author: =
Daniel Engberg &lt;diizzy@FreeBSD.org&gt; <br>AuthorDate: 2026-04-06 12:45:=
14 +0000 <br>Commit: Daniel Engberg &lt;diizzy@FreeBSD.org&gt; <br>CommitDa=
te: 2026-04-06 12:53:21 +0000 <br> <br>security/libssh: Mark BROKEN on 15+ =
and add backup for MASTER_SITES <br> <br>Fails to build on 15+, <br>src/mlk=
em_crypto.c:31:10: fatal error: &#39;openssl/ml_kem.h&#39; file not found <=
br> <br>Add temporary backup for MASTER_SITES to avoid build failures on ot=
her <br>versions and of consumers as main upstream site current truncates <=
br>downloads <br> <br>Thanks to eduardo@ for verifying build issues on -CUR=
RENT <br> <br>PR: 294268 <br>Approved by: blanket, just fix it <br>--- <br>=
security/libssh/Makefile | 7 ++++++- <br>1 file changed, 6 insertions(+), 1=
 deletion(-) <br> <br>diff --git a/security/libssh/Makefile b/security/libs=
sh/Makefile <br>index cbec0cfe7b55..10ebb693d642 100644 <br>--- a/security/=
libssh/Makefile <br>+++ b/security/libssh/Makefile <br>@@ -1,7 +1,9 @@ <br>=
PORTNAME=3D libssh <br>PORTVERSION=3D 0.12.0 <br>+PORTREVISION=3D 1 <br>CAT=
EGORIES=3D security devel <br>-MASTER_SITES=3D <a href=3D"https://www.libss=
h.org/files/$%7BPORTVERSION:R%7D/" target=3D"_blank">https://www.libssh.org=
/files/${PORTVERSION:R}/</a> <br>+MASTER_SITES=3D <a href=3D"https://www.li=
bssh.org/files/$%7BPORTVERSION:R%7D/" target=3D"_blank">https://www.libssh.=
org/files/${PORTVERSION:R}/</a> \ <br>+ <a href=3D"https://ftp.openbsd.org/=
pub/OpenBSD/distfiles/" target=3D"_blank">https://ftp.openbsd.org/pub/OpenB=
SD/distfiles/</a> <br> <br>MAINTAINER=3D sunpoet@FreeBSD.org <br>COMMENT=3D=
 Library implementing the SSH2 protocol <br>@@ -11,6 +13,9 @@ WWW=3D <a hre=
f=3D"https://www.libssh.org/" target=3D"_blank">https://www.libssh.org/</a>=
 \ <br>LICENSE=3D LGPL21 <br>LICENSE_FILE=3D ${WRKSRC}/COPYING <br> <br>+BR=
OKEN_FreeBSD_15=3D src/mlkem_crypto.c:31:10: fatal error: &#39;openssl/ml_k=
em.h&#39; file not found <br>+BROKEN_FreeBSD_16=3D src/mlkem_crypto.c:31:10=
: fatal error: &#39;openssl/ml_kem.h&#39; file not found <br>+ <br>TEST_DEP=
ENDS=3D cmocka&gt;=3D0:sysutils/cmocka <br> <br>USES=3D cmake:testing cpe t=
ar:xz <br> <br></blockquote> <br>-- <br>Sincerely, <br>Dima (fluffy@FreeBSD=
.org, <a href=3D"https://t.me/FluffyBSD" target=3D"_blank">https://t.me/Flu=
ffyBSD</a>, @fluffy:<a href=3D"http://matrix-dev.freebsd.org" target=3D"_bl=
ank">matrix-dev.freebsd.org</a>) <br>(desktop, kde, x11, office, ports-sect=
eam)@FreeBSD team <br> <br></blockquote> <br>-- <br>Sincerely, <br>Dima (fl=
uffy@FreeBSD.org, <a href=3D"https://t.me/FluffyBSD" target=3D"_blank">http=
s://t.me/FluffyBSD</a>, @fluffy:<a href=3D"http://matrix-dev.freebsd.org" t=
arget=3D"_blank">matrix-dev.freebsd.org</a>) <br>(desktop, kde, x11, office=
, ports-secteam)@FreeBSD team <br> <br></div></div></blockquote></div></div=
>

--000000000000a9e46b064edf4ed2--