After compiling the new 2.9 version of security/libressl, rebuilding security/krb5-1.17_2 fails with an error similar to bug #234064: (cd .. && ln -s `basename plugins/preauth/pkinit`/pkinit.so .) pkinit_crypto_openssl.c:3085:2: error: expected ';' after top level declarator } static_ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams) ^ ; 1 error generated. gmake[3]: *** [Makefile:836: pkinit_crypto_openssl.so] Error 1
Having looked at openssl/asn1t.h as provided by LibreSSL, I wonder if the patch from bug #234064 has ever been tested before being committed. LibreSSL does not define static_ASN1_SEQUENCE_END_name. Gentoo has this proposed patch https://bugs.gentoo.org/attachment.cgi?id=456170&action=diff, whereas some people in Japan created a separate compatibility header in http://yama-ga.seesaa.net/article/465353240.html In any case, it will be necessary to use ASN1_SEQUENCE_END_name or define static_ASN1_SEQUENCE_END_name. (It's been a long time since I coded in C, so I'm not sure what's necessary and valid here.)
This is a libressl bug. The latest version is missing the following macro definitions. /usr/include/openssl/asn1t.h 122:# define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname) 136:# define static_ASN1_SEQUENCE_END_name(stname, tname) \
Opened libressl PR/237679.
(In reply to Cy Schubert from comment #2) I'm not sure they will see it as a bug, as it appears the macros have never been part of LibreSSL's version of that header file.
(In reply to Peter Putzer from comment #1) I considered the first option prior to opening the libressl bug and rejected it. I'm not enamoured with the solution and the compatibility header is a worse solution. This should be fixed upstream. However thinking about it a little more this morning and considering the libressl folks will probably take some time to fix this I'll temporarily add a workaround for a while.
A commit references this bug: Author: cy Date: Fri May 3 12:50:53 UTC 2019 New revision: 500725 URL: https://svnweb.freebsd.org/changeset/ports/500725 Log: Fix build with libressl 2.9.1. PR: 237621 Reported by: many MFH: 2019Q2 Changes: head/security/krb5-115/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c head/security/krb5-116/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c head/security/krb5-117/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c head/security/krb5-devel/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c
A commit references this bug: Author: cy Date: Tue May 7 17:37:14 UTC 2019 New revision: 500972 URL: https://svnweb.freebsd.org/changeset/ports/500972 Log: MFH: r500725 Fix build with libressl 2.9.1. PR: 237621 Reported by: many Approved by: portmgr (joneum@) Changes: _U branches/2019Q2/ branches/2019Q2/security/krb5-115/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c branches/2019Q2/security/krb5-116/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c branches/2019Q2/security/krb5-117/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c branches/2019Q2/security/krb5-devel/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c