Upgraded ports via source overnight. Attempted to rebuild on Environment: FreeBSD 12.1-STABLE #0 r359973M: i386 1201513 1201513 # make -C /usr/ports/www/squid showconfig|grep =on DOCS=on: Build and/or install documentation EXAMPLES=on: Build and/or install examples FS_AUFS=on: AUFS (threaded-io) support FS_DISKD=on: DISKD storage engine controlled by separate service ICAP=on: the ICAP client IPV6=on: IPv6 protocol support KQUEUE=on: Kqueue(2) support PCRE=on: Use Perl Compatible Regular Expressions SSL=on: SSL gatewaying support SSL_CRTD=on: Use ssl_crtd to handle SSL cert requests AUTH_LDAP=on: Install LDAP authentication helpers AUTH_SASL=on: Install SASL authentication helpers AUTH_SMB=on: Install SMB auth. helpers (req. Samba) GSSAPI_HEIMDAL=on: GSSAPI support via security/heimdal result: ... depbase=`echo support_krb5.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`; /usr/local/libexec/ccache/c++ -DHAVE_CONFIG_H -DDEFAULT_CONFIG_FILE=\"/usr/local/etc/squid/squid.conf\" -DDEFAULT_SQUID_DATA_DIR=\"/usr/local/etc/squid\" -DDEFAULT_SQUID_CONFIG_DIR=\"/usr/local/etc/squid\" -I../../../.. -I../../../../include -I../../../../lib -I../../../../src -I../../../../include -I/usr/local/include/heimdal -I../../../../libltdl -I. -I/usr/local/include -Wno-write-strings -Wno-error=unused-command-line-argument -Wno-ignored-optimization-argument -Wno-error=macro-redefined -fPIE -fPIC -I/usr/local/include -I/usr/local/include -D_REENTRANT -I/usr/local/include -I/usr/local/include -O2 -pipe -Wl,-m,elf_x86_64_fbsd -Wl,--strip-debug -Wl,--build-id=md5 -Wl,--hash-style=sysv -Wno-write-strings -Wno-unused-variable -Wno-error=unused-command-line-argument -Wno-ignored-optimization-argument -Wno-error=macro-redefined -fPIE -fPIC -fomit-frame-pointer -fPIE -fPIC -march=haswell -I/usr/local/include -MT support_krb5.o -MD -MP -MF $depbase.Tpo -c -o support_krb5.o support_krb5.cc && mv -f $depbase.Tpo $depbase.Po support_krb5.cc:470:24: error: no member named 'keyblock' in 'krb5_creds' creds->keyblock.enctype = 0; ~~~~~ ^ support_krb5.cc:471:28: error: no member named 'keyblock' in 'krb5_creds' if (creds->keyblock.contents) ~~~~~ ^ support_krb5.cc:472:73: error: no member named 'keyblock' in 'krb5_creds' krb5_free_keyblock_contents(kparam.context, &creds->keyblock); ~~~~~ ^ 3 errors generated. *** Error code 1 Stop. make[6]: stopped in /var/ports/usr/ports/www/squid/work/squid-4.11/src/acl/external/kerberos_ldap_group *** Error code 1
(In reply to dewayne from comment #0) I'm wondering what build options your openldap and '*sasl*' have
(In reply to dewayne from comment #0) Could you please show /etc/make.conf content also?
Hello, when updating a squid from 4.10 to 4.11 leads to errors as mentioned above comment #0. An error occurs when AUTH_SASL is enabled. Environment: FreeBSD 11.3-RELEASE-p7 x86_64 cyrus-sasl-2.1.27_1 cyrus-sasl-gssapi-2.1.27_1 openldap-sasl-client-2.4.49 If the following lines are commented out in the support_krb5.cc file, then no errors appear: // overwrite limitation of enctypes creds->keyblock.enctype = 0; if (creds->keyblock.contents) krb5_free_keyblock_contents(kparam.context, &creds->keyblock);
(In reply to user_bsd from comment #3) Thank you! Could you please tell me what kerberos implementation you used to complie cyrus-sasl-gssapi?
(In reply to timp87 from comment #2) Umm - my make.conf is 1250 lines without comments... The only thing I've changed in the last quarter was to add -fno-common to CFLAGS. I use security/heimdal everywhere. # kadmin -v kadmin (Heimdal 7.7.0) It appears to be a definition issue (ref: http://www.squid-cache.org/Versions/v4/squid-4.11.patch search for "overwrite limitation of enctypes") The following CFLAGS and LDFLAGS for www/squid build are listed, cyrus-sasl and ldap are similar, on FreeBSD 12.1-STABLE #0 r359973M i386, we use CFLAGS=-O2 -pipe -Wl,-m,elf_i386_fbsd -Wl,--strip-debug -Wl,--build-id=md5 -Wl,--hash-style=sysv -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -fno-math-errno -Wno-write-strings -Wno-unused-variable -Wno-error=unused-command-line-argument -Wno-ignored-optimization-argument -Wno-error=macro-redefined -fPIE -fPIC -fomit-frame-pointer -fno-asynchronous-unwind-tables -fno-common -march=prescott -I/usr/local/include -I/usr/local/include -DLDAP_DEPRECATED -fno-strict-aliasing LDFLAGS=-Wl,--strip-debug -Wl,--build-id=md5 -Wl,--hash-style=sysv -pie -L/usr/local/lib -pthread -lpcreposix -lpcre -Wl,-rpath,/usr/local/lib/heimdal:/usr/lib while options are set with: net_openldap24-client_SET=SASL GSSAPI net_openldap24-sasl-client_SET=SASL GSSAPI security_cyrus-sasl2_UNSET=ANONYMOUS OBSOLETE_CRAM_ATTR CRAM BDB DEV_URANDOM KEEP_DB_OPEN security_cyrus-sasl2_SET=DIGEST SCRAM AUTHDAEMOND NTLM LOGIN PLAIN security_cyrus-sasl2-gssapi_UNSET=ANONYMOUS GSSAPI_BASE GSSAPI_MIT GSSAPI_NONE security_cyrus-sasl2-gssapi_SET=GSSAPI_HEIMDAL Though you're right as we rebuild everything in our ports tree in virgin jails, it is possible that something upstream is affecting squid 4.11.
(In reply to timp87 from comment #4) heimdal-7.7.0 GSSAPI_HEIMDAL=on: GSSAPI support via security/heimdal
(In reply to user_bsd from comment #6) I gonna investigate it during next several days
Seems like upstream broke heimdal compatibility for such build option set. I tried the same build options with security/krb5 instead of base/ports heimdal and it built ok. I'm preparing port for squid-5.0.2 now and it's also affected. I'll open bug in upstream first. Then I'll try to find a way to fix it myself, I'm not really good at C++ and krb however.
Thank you. Bug already created in bugs.squid-cache.org: https://bugs.squid-cache.org/show_bug.cgi?id=5042
(In reply to user_bsd from comment #9) This is great! Thanks a lot!
Created attachment 214309 [details] patch I've got a patch from upstream. Could you please place this file into www/squid/files directory and try it. This built on my machine, but I have no working krb5 env to fully check its functionality.
(In reply to timp87 from comment #11) Hello! Now checked on one of the squid servers. Yes, everything works with this patch.
(In reply to user_bsd from comment #12) Thanks a lot! I'll report that back to upstream and prepare diff for the port.
Created attachment 214338 [details] port patch - apply fix to kerberos_ldap_group helper to make it work with heimdal - regenerate patch-src_acl_external_eDirectory__userip_ext__edirectory__userip__acl.cc to follow upstreamed version of the patch
The same for www/squid-devel https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246355
testbuilds@work
A commit references this bug: Author: pi Date: Mon May 18 09:09:07 UTC 2020 New revision: 535732 URL: https://svnweb.freebsd.org/changeset/ports/535732 Log: www/squid: add patch to fix kerberos_ldap_group helper, fix pinger - add patch to fix kerberos_ldap_group helper work with heimdal - regenerate two patches to follow upstreamed versions - fix pinger permissions PR: 245861, 246410 Submitted by: Pavel Timofeev <timp87@gmail.com> (maintainer) Changes: head/www/squid/files/patch-src-cf.data.pre head/www/squid/files/patch-src_acl_external_eDirectory__userip_ext__edirectory__userip__acl.cc head/www/squid/files/patch-src_acl_external_kerberos__ldap__group_support__krb5.cc head/www/squid/pkg-plist
Could anybody close this one?
Yes, thanks for the reminder.