> src/engine/openssl/ossl_bc.cpp:43:30: error: field has incomplete type 'EVP_CIPHER_CTX' (aka 'evp_cipher_ctx_st') During BSDCan 2018 the intention to update OpenSSL in base to 1.1.x branch was documented. Intention is to update 12-STABLE to current 1.1.0 and subsequently update it to 1.1.1 when that is released. The intent to update OpenSSL to 1.1 in 12 has now officially been documented in Bug #228912 Poudriere log: https://keg.brnrd.eu/data/111amd64-default-openssl110/2018-06-11_10h42m37s/logs/errors/botan110-1.10.13_8.log
Created attachment 198160 [details] Fix OpenSSL 1.1.x build security/botan110: Fix OpenSSL build PR: 228865 Submitted by: Nathan <ndowens@yahoo.com>
grab
Botan branch 1.10.x doesn't officially support OpenSSL 1.1. This patch, which I tested both per se and over existing 1.10.17 upgrade as per bug 222971, breaks build on 11.2/amd64 with: src/engine/openssl/ossl_md.cpp:102:4: error: use of undeclared identifier 'EVP_MD_CTX_free' EVP_MD_CTX_free(md); I guess that chunk should be #ifdef-protected depending on OpenSSL version, but I didn't have the time to test my theory yet.
Yes, it does work changing the last chunk to: @@ -95,7 +95,11 @@ EVP_HashFunction::EVP_HashFunction(const EVP_MD* algo, */ EVP_HashFunction::~EVP_HashFunction() { - EVP_MD_CTX_cleanup(&md); +#if OPENSSL_VERSION_NUMBER >= 0x10100000 + EVP_MD_CTX_free(md); +#else + EVP_MD_CTX_cleanup(md); +#endif } } …but this means there was a change already (to require removing the "&") which I didn't track down (yet).
A commit references this bug: Author: fluffy Date: Tue Oct 30 14:00:32 UTC 2018 New revision: 483489 URL: https://svnweb.freebsd.org/changeset/ports/483489 Log: - Update to 1.10.7 release [1] - While here, add unofficial OpenSSL 1.1.x API support [2, based on] PR: 222971 [1], 229030 [2] Submitted by: Ralf van der Enden [1], Nathan Dowens [2] Reported by: brnrd [2] Approved by: maintainer MFH: 2018Q4 Changes: head/security/botan110/Makefile head/security/botan110/distinfo head/security/botan110/files/extra-patch-openssl11
Created attachment 198959 [details] botan110.diff As mentioned on ports-committers, the committed fix does not work and breaks the runtime. It leads to build failures/segfaults in dependent ports now: http://beefy11.nyi.freebsd.org/data/head-i386-default/p483632_s339979/logs/bundy-0.20170618_10.log http://beefy11.nyi.freebsd.org/data/head-i386-default/p483632_s339979/logs/monotone-1.1_13.log Here is an attempt to fix it. It also hooks up the test suite so that we can sanity check changes easier in the future.
A commit references this bug: Author: tobik Date: Mon Nov 19 17:35:57 UTC 2018 New revision: 485334 URL: https://svnweb.freebsd.org/changeset/ports/485334 Log: security/botan110: Attempt to unbreak consumers with OpenSSL 1.1.1 The OpenSSL 1.1.1 support added in ports r483489 was incomplete and leads to segfaults and build failures in consumers [1,2]. Amend the patch to actually allocate some memory. While here hook up the test suite. [1] http://beefy11.nyi.freebsd.org/data/head-i386-default/p483632_s339979/logs/bundy-0.20170618_10.log [2] http://beefy11.nyi.freebsd.org/data/head-i386-default/p483632_s339979/logs/monotone-1.1_13.log PR: 229030 Approved by: lapo@lapo.it (maintainer timeout, 2 weeks) Pointy hat: fluffy Changes: head/security/botan110/Makefile head/security/botan110/files/extra-patch-openssl11
Closing this. All consumers build fine again. http://beefy6.nyi.freebsd.org/data/120amd64-default/485373/logs/monotone-1.1_14.log http://beefy6.nyi.freebsd.org/data/120amd64-default/485373/logs/softhsm-1.3.8.log http://beefy6.nyi.freebsd.org/data/120amd64-default/485373/logs/bundy-0.20170618_10.log