Bug 264520 - databases/db18: DEFAULT_VERSIONS=ssl settings are not reflected
Summary: databases/db18: DEFAULT_VERSIONS=ssl settings are not reflected
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Yasuhiro Kimura
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-06-07 15:12 UTC by Toshimichi Masubuchi
Modified: 2022-07-18 17:00 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (yasu)
yasu: merge-quarterly+


Attachments
[PATCH] Reflect the value of the DEFAULT_VERSIONS=ssl parameter (656 bytes, patch)
2022-06-07 15:12 UTC, Toshimichi Masubuchi
no flags Details | Diff
Survey Notes (7.67 KB, text/plain)
2022-06-07 15:14 UTC, Toshimichi Masubuchi
no flags Details
[PATCH] Reflect the value of the DEFAULT_VERSIONS=ssl parameter (r2) (558 bytes, patch)
2022-06-14 09:04 UTC, Toshimichi Masubuchi
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Toshimichi Masubuchi 2022-06-07 15:12:36 UTC
Created attachment 234525 [details]
[PATCH] Reflect the value of the DEFAULT_VERSIONS=ssl parameter

Even if DEFAULT_VERSIONS=ssl is set to openssl (Use security/openssl),
the OpenSSL libraries included in the base system are always used.

# ldd /usr/local/lib/libdb-18.1.so | grep -E 'ssl|crypto'
        libssl.so.111 => /usr/lib/libssl.so.111 (0x8006ad000)
        libcrypto.so.111 => /lib/libcrypto.so.111 (0x800fdc000)

Attach a patch to fix this.
This patch was build tested in Poudriere.

  - FreeBSD 12.3-RELEASE-p5 (amd64) / (1) ssl=openssl (2) ssl=base
  - FreeBSD 13.1-RELEASE-p0 (amd64) / (1) ssl=openssl (2) ssl=base

Background
----------
I'm using www/apache24, and after switching Berkeley DB
from databases/db5 to databases/db18, mod_ssl now gives me
an OpenSSL version warning.

ex.
[Thu Apr 07 11:08:14.144782 2022] [ssl:warn] [pid 966:tid 34375102464] AH01882: Init: this version of mod_ssl was compiled against a newer library (OpenSSL 1.1.1n  15 Mar 2022, version currently loaded is OpenSSL 1.1.1l-freebsd  24 Aug 2021) - may result in undefined or erroneous behavior
Comment 1 Toshimichi Masubuchi 2022-06-07 15:14:20 UTC
Created attachment 234526 [details]
Survey Notes
Comment 2 Yasuhiro Kimura freebsd_committer freebsd_triage 2022-06-14 00:52:42 UTC
(In reply to Toshimichi Masubuchi from comment #0)

Thanks for bug report and patch. I confirmed the problem happens with 'DEFAULT_VERSIONS=ssl=openssl', 'DEFAULT_VERSIONS=ssl=libressl' and 'DEFAULT_VERSIONS=ssl=libressl-devel'.
I also confirmed your patch fixes the problem. And it surprised me. It adds definitions of OPENSSL_{CFLAGS,CPPFLAGS,LDFLAGS} in Makefile. IIUC it should be no-op as OPENSSL option isn't defined. But actually it fixes the problem. Do I overlook something?
Comment 3 Toshimichi Masubuchi 2022-06-14 09:04:26 UTC
Created attachment 234670 [details]
[PATCH] Reflect the value of the DEFAULT_VERSIONS=ssl parameter (r2)

(In reply to Yasuhiro Kimura from comment #2)
Thank you for your confirmation.

OPENSSL_LDFLAGS is reflected in LDFLAGS at Uses/ssl.mk (USES=ssl).

  | LDFLAGS+=               ${OPENSSL_LDFLAGS}

OPENSSL_{CFLAGS,CPPFLAGS} was incorrect, so I fixed the patch.
This patch is also build tested with Poudriere.
Comment 4 Toshimichi Masubuchi 2022-06-30 17:15:44 UTC
(In reply to Yasuhiro Kimura from comment #2)
Kimura-san,
Is there any other information or work needed?
Comment 5 commit-hook freebsd_committer freebsd_triage 2022-07-18 16:56:46 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=043c4ce17d47717559aeb567b04d1913ec0626b6

commit 043c4ce17d47717559aeb567b04d1913ec0626b6
Author:     Toshimichi Masubuchi <t.masub@gmail.com>
AuthorDate: 2022-07-18 16:36:12 +0000
Commit:     Yasuhiro Kimura <yasu@FreeBSD.org>
CommitDate: 2022-07-18 16:55:17 +0000

    databases/db18: Fix linking problem about OpenSSL

    Fix the problem that OpenSSL in base system is linked even if
    'DEFAULT_VERSIONS=ssl=openssl' is specified in make.conf.

    While I'm here,

    * Pet portlint and portclippy.
    * Tidy up Makefile with portfmt.

    PR:             264520
    MFH:            2022Q3

 databases/db18/Makefile | 70 ++++++++++++++++++++++++++++++-------------------
 1 file changed, 43 insertions(+), 27 deletions(-)
Comment 6 commit-hook freebsd_committer freebsd_triage 2022-07-18 16:58:47 UTC
A commit in branch 2022Q3 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=07a6a3f0630c7d74b5f305badee9118614437c0a

commit 07a6a3f0630c7d74b5f305badee9118614437c0a
Author:     Toshimichi Masubuchi <t.masub@gmail.com>
AuthorDate: 2022-07-18 16:36:12 +0000
Commit:     Yasuhiro Kimura <yasu@FreeBSD.org>
CommitDate: 2022-07-18 16:57:52 +0000

    databases/db18: Fix linking problem about OpenSSL

    Fix the problem that OpenSSL in base system is linked even if
    'DEFAULT_VERSIONS=ssl=openssl' is specified in make.conf.

    While I'm here,

    * Pet portlint and portclippy.
    * Tidy up Makefile with portfmt.

    PR:             264520
    MFH:            2022Q3
    (cherry picked from commit 043c4ce17d47717559aeb567b04d1913ec0626b6)

 databases/db18/Makefile | 70 ++++++++++++++++++++++++++++++-------------------
 1 file changed, 43 insertions(+), 27 deletions(-)
Comment 7 Yasuhiro Kimura freebsd_committer freebsd_triage 2022-07-18 17:00:06 UTC
Committed with additional cleanup. Thanks!