undefined reference to `EVP_MD_CTX_free' During BSDCan 2018 the intention to update OpenSSL in base to 1.1.x branch was documented. Intention is to update 12-STABLE to current 1.1.0 and subsequently update it to 1.1.1 when that is released. Poudriere log: https://keg.brnrd.eu/data/111amd64-default-openssl110/2018-06-11_10h42m37s/logs/errors/net-snmp-5.7.3_18.log
Recent failure log: http://package18.nyi.freebsd.org/data/headamd64PR231931-default/2018-10-04_07h49m12s/logs/errors/net-snmp-5.7.3_18.log
I'll work on this one
(In reply to Nathan from comment #2) Edit: I had no luck with this one, so feel free to work on this one
Created attachment 198040 [details] svm-diff-net-snmp-openssl
I found this at https://build.opensuse.org/package/view_file/openSUSE:Leap:15.0/net-snmp/net-snmp-5.7.3-build-with-openssl-1.1.patch?expand=0 Looks useful, but I cannot test, with openssl. (compiles fine with libressl).
Comment on attachment 198040 [details] svm-diff-net-snmp-openssl Someone on IRC tested the patch, does not work.
Created attachment 198050 [details] svm-diff-net-snmp-openssl_v2 This should work with libressl and openssl111. It is a modified debian-patch (unfortunately I forgot to save the link).
Created attachment 198051 [details] svm-diff-net-snmp-openssl_v3 Forgot Portrevison.
Maybe, the obsoleted patch also works, the point was: -CONFIGURE_ARGS+=--with-openssl="/usr" +CONFIGURE_ARGS+=--with-openssl="${OPENSSLBASE}" but I have not tested again yet (was a long night....).
Just notice: With svm-diff-net-snmp-openssl_v3 patch I'm sucessfuly build net-snmp and it' s working fine on FreeBSD 12.0-ALPHA9 #0 r339354 But with option TLS DISABLED (just no need for me)
Setting CONFIGURE_ARGS+=--with-openssl="${OPENSSLBASE}" alone fixes the build with ssl=libressl-devel and TLS enabled. However, OpenSSL 1.1.1 (which is in base now) still fails during configure, primarily because SSL_library_init(3) is deprecated since OpenSSL 1.1.0 in favour of OPENSSL_init_ssl(3); the latter function is also available in LibreSSL.
It could not be more as a workaround. There is a newer verion (5.8 - see bug #232025). And there another 12 Bugs open for net-snmp.
Breakage of this port affects important other ports, like hplip, cups, qt4-network, icinga2 and so on and ports depending on them. Is there a timeframe when to expect a relieve? The proposed patch fixes the openssl-1.1.1 issue as long as option TLS is not selected.
Is this going somewhere ?
I can confirm that this patch with openssl 1.1.1 from ports and disabled TLS in net-snmp works.
Created attachment 198690 [details] additional-patch I have a additional patch silents some error during build with TLS=on, but I got still a linker-error: /wrkdirs/usr/ports/net-mgmt/net-snmp/work/net-snmp-5.7.3/snmplib/.libs/libnetsnmp.so: undefined reference to `OPENSSL _sk_num' /wrkdirs/usr/ports/net-mgmt/net-snmp/work/net-snmp-5.7.3/snmplib/.libs/libnetsnmp.so: undefined reference to `OPENSSL _init_ssl' /wrkdirs/usr/ports/net-mgmt/net-snmp/work/net-snmp-5.7.3/snmplib/.libs/libnetsnmp.so: undefined reference to `SSL_set _options' /wrkdirs/usr/ports/net-mgmt/net-snmp/work/net-snmp-5.7.3/snmplib/.libs/libnetsnmp.so: undefined reference to `OPENSSL_sk_value' /wrkdirs/usr/ports/net-mgmt/net-snmp/work/net-snmp-5.7.3/snmplib/.libs/libnetsnmp.so: undefined reference to `OPENSSL_init_crypto' /wrkdirs/usr/ports/net-mgmt/net-snmp/work/net-snmp-5.7.3/snmplib/.libs/libnetsnmp.so: undefined reference to `EVP_MD_CTX_free' and I have no idea. Maybe someone other find something
Does this fix on 12 with OpenSSL from the base system?
See comment7 and I think O.Hartmann has also 12. But TLS=on still not work.
sorry not comment7 I meant comment10.
*** Bug 232763 has been marked as a duplicate of this bug. ***
So, what does the maintainer has to say about this? The maintainer timeout window has passed 4 days ago, it can be committed.
building, I'll commit after testing it works.
A commit references this bug: Author: mat Date: Wed Oct 31 14:35:16 UTC 2018 New revision: 483586 URL: https://svnweb.freebsd.org/changeset/ports/483586 Log: Fix build with OpenSSL 1.1.1 in base. PR: 228898 Submitted by: w.schwarzenfeld@utanet.at Reported by: brnrd Approved by: maintainer Changes: head/net-mgmt/net-snmp/Makefile head/net-mgmt/net-snmp/files/extra-patch-openssl11
A commit references this bug: Author: mat Date: Wed Oct 31 14:38:32 UTC 2018 New revision: 483587 URL: https://svnweb.freebsd.org/changeset/ports/483587 Log: MFH: r483586 Fix build with OpenSSL 1.1.1 in base. PR: 228898 Submitted by: w.schwarzenfeld@utanet.at Reported by: brnrd Approved by: maintainer Changes: _U branches/2018Q4/ branches/2018Q4/net-mgmt/net-snmp/Makefile branches/2018Q4/net-mgmt/net-snmp/files/extra-patch-openssl11
Thank you! But you have forgot to mark the TLS option BROKEN (for the moment) only for OPENSSL user. It works with LIBRESSL.
Created attachment 198805 [details] diff-Makefile Also bumped PORTREVISION.
The most recently committed patch also doesn't cover the case of FreeBSD 11.2 and DEFAULT_VERSIONS= ssl=openssl111 -- this is the one port keeping me from switching over to OpenSSL 1.1.1 (and thus enabling TLS 1.3 on our website) on FreeBSD 11.2. Would net-snmp 5.8 make any of this easier? Bug 232025 covers that one.
I did not bump PORTREVISION because the port was not building before.
(In reply to Mike Andrews from comment #27) Yes it was an impediment to me (11.2Stable, using security/openssl111), and I'm sure many others. I've spent 4+ hours on this, lots of different issues, but this patch is correct (its after 1am so I wont try to attribute, but thank-you) /usr/ports/net-mgmt/net-snmp/files/extra-patch-openssl11 however the configure strip tests for SSL_library_init and fails. There's the clue, so I made these changes to the net-snmp/Makefile, via svnlite diff: -BROKEN_SSL= openssl111 +#BROKEN_SSL= openssl111 -.if ${OSVERSION} >= 1200085 +#.if ${OSVERSION} >= 1200085 # perhap >1100000 ? EXTRA_PATCHES= ${PATCHDIR}/extra-patch-openssl11 -.endif +#.endif -CONFIGURE_ARGS+=--with-openssl="/usr" +CONFIGURE_ARGS+=--with-openssl="/usr/local" @@ -251,6 +252,7 @@ @${REINPLACE_CMD} -e 's!utmp_p->ut_name!utmp_p->ut_user!' \ ${WRKSRC}/agent/mibgroup/host/hr_system.c @${REINPLACE_CMD} -E -e 's|return pci_lookup_name|disabled broken|g' \ + -e 's|SSL_library_init|OPENSSL_init_ssl|g' \ ${WRKSRC}/configure @${CP} ${WRKSRC}/include/net-snmp/system/freebsd12.h \ ${WRKSRC}/include/net-snmp/system/freebsd13.h Compiles cleanly on i386 and amd64.
That worked for me. Thanks
*** Bug 236202 has been marked as a duplicate of this bug. ***
Created attachment 203784 [details] Unbreak with openssl111, rebased from comment #29 (In reply to dewayne from comment #29) Use OPENSSLBASE instead of hardcode path, add more conditions to check for extra patch
Any reason to not commit the last patch from Dima so this can be closed?
(In reply to John Baldwin from comment #33) Looks like noone interested in fixed TLS support :( Will commit it tomorrow with maintainer timeout (>2 months silence since submission)
A commit references this bug: Author: fluffy Date: Sun Jul 7 15:17:18 UTC 2019 New revision: 506141 URL: https://svnweb.freebsd.org/changeset/ports/506141 Log: - Real unbreak with openssl111 from ports - Use ${OPENSSLBASE} instead of hardcode path - Add more conditions to check for extra patch - TLS option is fine now PR: 228898 Submitted by: myself (this patch) Approved by: maintainer timeout (>2 months after submission) MFH: 2019Q3 Changes: head/net-mgmt/net-snmp/Makefile
*** Bug 238097 has been marked as a duplicate of this bug. ***