234034 – security/racoon2: Fails to build with OpenSSL 1.1.1 on on 12-STABLE

Bug 234034 - security/racoon2: Fails to build with OpenSSL 1.1.1 on on 12-STABLE

Summary: security/racoon2: Fails to build with OpenSSL 1.1.1 on on 12-STABLE

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	amd64 Any

Importance:	--- Affects Some People
Assignee:	Cy Schubert

URL:
Keywords:	needs-qa

Depends on:
Blocks:	231931
	Show dependency tree / graph

Reported:	2018-12-15 07:59 UTC by Alexey
Modified:	2019-05-24 15:34 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (cy) koobs: merge-quarterly?

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexey 2018-12-15 07:59:40 UTC

After upgrade to 12.0-STABLE security/racoon2 could not be built anymore. Looks like base openssl switched to 1.1.1 is the problem.


===>  Building for racoon2-20100526a_13
for d in lib spmd iked pskgen samples ; do  if test -d $d ; then  echo "===> Change directory to $d" ;  (cd $d && /usr/bin/make) || exit 1 ;  fi ; done
===> Change directory to lib
cc -O2 -pipe  -fstack-protector -fno-strict-aliasing   -DENABLE_SECURE -Werror -Wall -Wmissing-prototypes -Wmissing-declarations -g -O  -DINET6=1 -DSTDC_HEADERS=1 -DHAVE_SYS_WAIT_H=1 -DHAVE_SYS_TIME_H=1 -DHAVE_NET_IF_VAR_H=1 -DHAVE_NET_ETHERNET_H=1 -DHAVE_LIMITS_H=1 -DHAVE_UNISTD_H=1 -DHAVE_STDARG_H=1 -DHAVE_NETIPSEC_IPSEC_H=1 -DHAVE_NET_PFKEYV2_H=1 -DENABLE_NATT=1 -DTIME_WITH_SYS_TIME=1 -DHAVE_STRFTIME=1 -DHAVE_VPRINTF=1 -DHAVE_GETTIMEOFDAY=1 -DHAVE_MKTIME=1 -DHAVE_SOCKET=1 -DHAVE_STRDUP=1 -DHAVE_STRERROR=1 -DHAVE_STRTOL=1 -DHAVE_GETIFADDRS=1 -DHAVE_STRLCPY=1 -DHAVE_STRLCAT=1 -DHAVE_ATOLL=1 -DHAVE_SA_LEN=1 -DHAVE_OPENSSL_EVP_H=1 -DSYSCONFDIR=\"/etc/racoon2\" -DCF_DEBUG -c vmbuf.c
cc -O2 -pipe  -fstack-protector -fno-strict-aliasing   -DENABLE_SECURE -Werror -Wall -Wmissing-prototypes -Wmissing-declarations -g -O  -DINET6=1 -DSTDC_HEADERS=1 -DHAVE_SYS_WAIT_H=1 -DHAVE_SYS_TIME_H=1 -DHAVE_NET_IF_VAR_H=1 -DHAVE_NET_ETHERNET_H=1 -DHAVE_LIMITS_H=1 -DHAVE_UNISTD_H=1 -DHAVE_STDARG_H=1 -DHAVE_NETIPSEC_IPSEC_H=1 -DHAVE_NET_PFKEYV2_H=1 -DENABLE_NATT=1 -DTIME_WITH_SYS_TIME=1 -DHAVE_STRFTIME=1 -DHAVE_VPRINTF=1 -DHAVE_GETTIMEOFDAY=1 -DHAVE_MKTIME=1 -DHAVE_SOCKET=1 -DHAVE_STRDUP=1 -DHAVE_STRERROR=1 -DHAVE_STRTOL=1 -DHAVE_GETIFADDRS=1 -DHAVE_STRLCPY=1 -DHAVE_STRLCAT=1 -DHAVE_ATOLL=1 -DHAVE_SA_LEN=1 -DHAVE_OPENSSL_EVP_H=1 -DSYSCONFDIR=\"/etc/racoon2\" -DCF_DEBUG -c rc_type.c
cc -O2 -pipe  -fstack-protector -fno-strict-aliasing   -DENABLE_SECURE -Werror -Wall -Wmissing-prototypes -Wmissing-declarations -g -O  -DINET6=1 -DSTDC_HEADERS=1 -DHAVE_SYS_WAIT_H=1 -DHAVE_SYS_TIME_H=1 -DHAVE_NET_IF_VAR_H=1 -DHAVE_NET_ETHERNET_H=1 -DHAVE_LIMITS_H=1 -DHAVE_UNISTD_H=1 -DHAVE_STDARG_H=1 -DHAVE_NETIPSEC_IPSEC_H=1 -DHAVE_NET_PFKEYV2_H=1 -DENABLE_NATT=1 -DTIME_WITH_SYS_TIME=1 -DHAVE_STRFTIME=1 -DHAVE_VPRINTF=1 -DHAVE_GETTIMEOFDAY=1 -DHAVE_MKTIME=1 -DHAVE_SOCKET=1 -DHAVE_STRDUP=1 -DHAVE_STRERROR=1 -DHAVE_STRTOL=1 -DHAVE_GETIFADDRS=1 -DHAVE_STRLCPY=1 -DHAVE_STRLCAT=1 -DHAVE_ATOLL=1 -DHAVE_SA_LEN=1 -DHAVE_OPENSSL_EVP_H=1 -DSYSCONFDIR=\"/etc/racoon2\" -DCF_DEBUG -c rc_net.c
cc -O2 -pipe  -fstack-protector -fno-strict-aliasing   -DENABLE_SECURE -Werror -Wall -Wmissing-prototypes -Wmissing-declarations -g -O  -DINET6=1 -DSTDC_HEADERS=1 -DHAVE_SYS_WAIT_H=1 -DHAVE_SYS_TIME_H=1 -DHAVE_NET_IF_VAR_H=1 -DHAVE_NET_ETHERNET_H=1 -DHAVE_LIMITS_H=1 -DHAVE_UNISTD_H=1 -DHAVE_STDARG_H=1 -DHAVE_NETIPSEC_IPSEC_H=1 -DHAVE_NET_PFKEYV2_H=1 -DENABLE_NATT=1 -DTIME_WITH_SYS_TIME=1 -DHAVE_STRFTIME=1 -DHAVE_VPRINTF=1 -DHAVE_GETTIMEOFDAY=1 -DHAVE_MKTIME=1 -DHAVE_SOCKET=1 -DHAVE_STRDUP=1 -DHAVE_STRERROR=1 -DHAVE_STRTOL=1 -DHAVE_GETIFADDRS=1 -DHAVE_STRLCPY=1 -DHAVE_STRLCAT=1 -DHAVE_ATOLL=1 -DHAVE_SA_LEN=1 -DHAVE_OPENSSL_EVP_H=1 -DSYSCONFDIR=\"/etc/racoon2\" -DCF_DEBUG -c rc_str.c
cc -O2 -pipe  -fstack-protector -fno-strict-aliasing   -DENABLE_SECURE -Werror -Wall -Wmissing-prototypes -Wmissing-declarations -g -O  -DINET6=1 -DSTDC_HEADERS=1 -DHAVE_SYS_WAIT_H=1 -DHAVE_SYS_TIME_H=1 -DHAVE_NET_IF_VAR_H=1 -DHAVE_NET_ETHERNET_H=1 -DHAVE_LIMITS_H=1 -DHAVE_UNISTD_H=1 -DHAVE_STDARG_H=1 -DHAVE_NETIPSEC_IPSEC_H=1 -DHAVE_NET_PFKEYV2_H=1 -DENABLE_NATT=1 -DTIME_WITH_SYS_TIME=1 -DHAVE_STRFTIME=1 -DHAVE_VPRINTF=1 -DHAVE_GETTIMEOFDAY=1 -DHAVE_MKTIME=1 -DHAVE_SOCKET=1 -DHAVE_STRDUP=1 -DHAVE_STRERROR=1 -DHAVE_STRTOL=1 -DHAVE_GETIFADDRS=1 -DHAVE_STRLCPY=1 -DHAVE_STRLCAT=1 -DHAVE_ATOLL=1 -DHAVE_SA_LEN=1 -DHAVE_OPENSSL_EVP_H=1 -DSYSCONFDIR=\"/etc/racoon2\" -DCF_DEBUG -c if_pfkeyv2.c
cc -O2 -pipe  -fstack-protector -fno-strict-aliasing   -DENABLE_SECURE -Werror -Wall -Wmissing-prototypes -Wmissing-declarations -g -O  -DINET6=1 -DSTDC_HEADERS=1 -DHAVE_SYS_WAIT_H=1 -DHAVE_SYS_TIME_H=1 -DHAVE_NET_IF_VAR_H=1 -DHAVE_NET_ETHERNET_H=1 -DHAVE_LIMITS_H=1 -DHAVE_UNISTD_H=1 -DHAVE_STDARG_H=1 -DHAVE_NETIPSEC_IPSEC_H=1 -DHAVE_NET_PFKEYV2_H=1 -DENABLE_NATT=1 -DTIME_WITH_SYS_TIME=1 -DHAVE_STRFTIME=1 -DHAVE_VPRINTF=1 -DHAVE_GETTIMEOFDAY=1 -DHAVE_MKTIME=1 -DHAVE_SOCKET=1 -DHAVE_STRDUP=1 -DHAVE_STRERROR=1 -DHAVE_STRTOL=1 -DHAVE_GETIFADDRS=1 -DHAVE_STRLCPY=1 -DHAVE_STRLCAT=1 -DHAVE_ATOLL=1 -DHAVE_SA_LEN=1 -DHAVE_OPENSSL_EVP_H=1 -DSYSCONFDIR=\"/etc/racoon2\" -DCF_DEBUG -c if_spmd.c
if_spmd.c:1103:13: error: variable has incomplete type 'EVP_MD_CTX' (aka 'struct evp_md_ctx_st')
        EVP_MD_CTX ctx;
                   ^
/usr/include/openssl/ossl_typ.h:92:16: note: forward declaration of 'struct evp_md_ctx_st'
typedef struct evp_md_ctx_st EVP_MD_CTX;
               ^
if_spmd.c:1157:7: error: implicit declaration of function 'EVP_MD_CTX_cleanup' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
        if (!EVP_MD_CTX_cleanup(&ctx)) {
             ^
2 errors generated.
*** Error code 1

Stop.
make[2]: stopped in /usr/ports/security/racoon2/work/racoon2-20100526a/lib


cat /var/db/ports/security_racoon2/options
# This file is auto-generated by 'make config'.
# Options for racoon2-20100526a_13
_OPTIONS_READ=racoon2-20100526a_13
_FILE_COMPLETE_OPTIONS_LIST=DOCS KRB5 KRB5_114  HEIMDAL_PORTS HEIMDAL_BASE
OPTIONS_FILE_UNSET+=DOCS
OPTIONS_FILE_UNSET+=KRB5
OPTIONS_FILE_UNSET+=KRB5_114
OPTIONS_FILE_UNSET+=HEIMDAL_PORTS
OPTIONS_FILE_UNSET+=HEIMDAL_BASE

openssl version
OpenSSL 1.1.1a-freebsd  20 Nov 2018

Comment 1 Cy Schubert freebsd_committer

2018-12-15 18:39:45 UTC

This is a known problem. As the racoon2 upstream hasn't been maintained for a long time, the solution being worked on is to switch to the racoon2 on github, maintained by Christos Zoulas (a NetBSD committer).

Comment 2 commit-hook freebsd_committer

2018-12-21 02:09:41 UTC

A commit references this bug:

Author: cy
Date: Fri Dec 21 02:09:34 UTC 2018
New revision: 487939
URL: https://svnweb.freebsd.org/changeset/ports/487939

Log:
  The security/racoon2 port broke when FreeBSD-CURRENT switched to
  openssl111. Unfortunately racoon is no longer maintained by the now
  defunct KAME project, which officially concluded in March 2006
  (see http://www.kame.net/). However the good news is that racoon2
  was forked on github and is maintained by Christos Zoulas, a NetBSD
  committer (christos@NetBSD.org). This commit switches from the
  no longer maintained KAME version of racoon2 to the fork maintained
  at by Christos Zoulas on github (https://github.com/zoulasc).

  This commit resolves building with openssl111 on FreeBSD-CURRENT.
  Looking through Christos' logs on github this resolves many other
  issues. As can bee seen, the many patches required to wedge this
  fork of racoon2 into our ports tree fixed many issues in the base
  software. These will be pushed upstream over time, when time permits.

  PR:		234034

Changes:
  head/security/racoon2/Makefile
  head/security/racoon2/distinfo
  head/security/racoon2/files/patch-configure
  head/security/racoon2/files/patch-kinkd-Makefile.in
  head/security/racoon2/files/patch-kinkd-configure
  head/security/racoon2/files/patch-kinkd_pathnames.h
  head/security/racoon2/files/patch-lib-cfparse.y
  head/security/racoon2/files/patch-lib-cftoken.l
  head/security/racoon2/files/patch-lib_if__pfkkeyv2.h
  head/security/racoon2/files/patch-pskgen-Makefile.in
  head/security/racoon2/files/patch-pskgen-pskgen.in
  head/security/racoon2/files/patch-samples-Makefile.in
  head/security/racoon2/files/patch-samples-rc.d-iked.in
  head/security/racoon2/files/patch-samples-rc.d-kinkd.in
  head/security/racoon2/files/patch-samples-rc.d-spmd.in
  head/security/racoon2/files/patch-samples_Makefile.in
  head/security/racoon2/files/patch-samples_hook_Makefile.in
  head/security/racoon2/files/patch-samples_hook_child-down.d_Makefile.in
  head/security/racoon2/files/patch-samples_hook_child-up.d_Makefile.in
  head/security/racoon2/files/patch-samples_hook_ikesa-up.d_Makefile.in
  head/security/racoon2/files/patch-samples_rc.d_Makefile.in
  head/security/racoon2/files/patch-spmd-Makefile.in
  head/security/racoon2/pkg-plist

Comment 3 Sunny007 2019-05-24 15:34:22 UTC

MARKED AS SPAM