Created attachment 157314 [details] patch to improve OPENSSL vs. GSSAPI_BASE sanity check When doing a poudriere build of ftp/curl and WITH_OPENSSL_PORT=yes included in make.conf, bsd.openssl.mk will cause OPENSSL_PORT to be installed as a build dependency, but the resulting curl package gets linked to the base version of openssl if the GSSAPI_BASE options is set (default). There is some sanity check logic in ftp/curl/Makefile that attempts to catch this, but it misses some cases: * If the OPENSSL option is set and WITH_OPENSSL_PORT is defined, then we always want to link to OPENSSL_PORT. * If the OPENSSL option is set in a non-poudriere build and no WITH_OPENSSL_* preferences are specified, bsd.openssl.mk will check to see whether the openssl or libressl port is installed and if so it will expect to use that for the build. Note: poudriere builds will be in a clean environment, so they will default to using openssl from base. Setting OPENSSL_PORT does not cause poudriere to install OPENSSL_PORT as a build dependency before building curl, so testing OPENSSL_PORT is not useful as part of the sanity check. If base openssl is not installed, bsd.openssl.mk will add OPENSSL_PORT as a build dependency, but this case should not conflict with GSSAPI_BASE. The attached patch attempts to match the GSSAPI_BASE sanity check logic to the logic in bsd.openssl.mk. It also tweaks the message and removes some extraneous whitespace.
A commit references this bug: Author: bdrewery Date: Wed Jun 24 17:21:30 UTC 2015 New revision: 390499 URL: https://svnweb.freebsd.org/changeset/ports/390499 Log: Prevent building a broken curl when using the openssl port when GSSAPI_BASE set. Without this curl would link to both /usr/lib/libssl.so and /usr/local/lib/libssl.so resulting in a crash at runtime. Bump revision as current builds are broken at runtime and need to be rebuilt. PR: 200555 Submitted by: truckman Approved by: maintainer timeout Changes: head/ftp/curl/Makefile
Committed
A commit references this bug: Author: bdrewery Date: Thu Jun 25 00:17:09 UTC 2015 New revision: 390525 URL: https://svnweb.freebsd.org/changeset/ports/390525 Log: Try to improve the wording for the GSSAPI+OpenSSL IGNORE in r390499. PR: 200555 Changes: head/ftp/curl/Makefile
A commit references this bug: Author: bdrewery Date: Thu Jun 25 00:22:30 UTC 2015 New revision: 390526 URL: https://svnweb.freebsd.org/changeset/ports/390526 Log: Be more explicit about which setting to use. PR: 200555 Changes: head/ftp/curl/Makefile
For more context this particular issue broke 'git clone https:///' for me resulting in crashes in OpenSSL.
(In reply to commit-hook from comment #4) Any of the possible GSSAPI option values other than GSSAPI_BASE seemed to work properly for me. I chose GSSAPI_NONE because I didn't need the functionality, but that may not be the case for all users.