Created attachment 234525 [details] [PATCH] Reflect the value of the DEFAULT_VERSIONS=ssl parameter Even if DEFAULT_VERSIONS=ssl is set to openssl (Use security/openssl), the OpenSSL libraries included in the base system are always used. # ldd /usr/local/lib/libdb-18.1.so | grep -E 'ssl|crypto' libssl.so.111 => /usr/lib/libssl.so.111 (0x8006ad000) libcrypto.so.111 => /lib/libcrypto.so.111 (0x800fdc000) Attach a patch to fix this. This patch was build tested in Poudriere. - FreeBSD 12.3-RELEASE-p5 (amd64) / (1) ssl=openssl (2) ssl=base - FreeBSD 13.1-RELEASE-p0 (amd64) / (1) ssl=openssl (2) ssl=base Background ---------- I'm using www/apache24, and after switching Berkeley DB from databases/db5 to databases/db18, mod_ssl now gives me an OpenSSL version warning. ex. [Thu Apr 07 11:08:14.144782 2022] [ssl:warn] [pid 966:tid 34375102464] AH01882: Init: this version of mod_ssl was compiled against a newer library (OpenSSL 1.1.1n 15 Mar 2022, version currently loaded is OpenSSL 1.1.1l-freebsd 24 Aug 2021) - may result in undefined or erroneous behavior
Created attachment 234526 [details] Survey Notes
(In reply to Toshimichi Masubuchi from comment #0) Thanks for bug report and patch. I confirmed the problem happens with 'DEFAULT_VERSIONS=ssl=openssl', 'DEFAULT_VERSIONS=ssl=libressl' and 'DEFAULT_VERSIONS=ssl=libressl-devel'. I also confirmed your patch fixes the problem. And it surprised me. It adds definitions of OPENSSL_{CFLAGS,CPPFLAGS,LDFLAGS} in Makefile. IIUC it should be no-op as OPENSSL option isn't defined. But actually it fixes the problem. Do I overlook something?
Created attachment 234670 [details] [PATCH] Reflect the value of the DEFAULT_VERSIONS=ssl parameter (r2) (In reply to Yasuhiro Kimura from comment #2) Thank you for your confirmation. OPENSSL_LDFLAGS is reflected in LDFLAGS at Uses/ssl.mk (USES=ssl). | LDFLAGS+= ${OPENSSL_LDFLAGS} OPENSSL_{CFLAGS,CPPFLAGS} was incorrect, so I fixed the patch. This patch is also build tested with Poudriere.
(In reply to Yasuhiro Kimura from comment #2) Kimura-san, Is there any other information or work needed?
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=043c4ce17d47717559aeb567b04d1913ec0626b6 commit 043c4ce17d47717559aeb567b04d1913ec0626b6 Author: Toshimichi Masubuchi <t.masub@gmail.com> AuthorDate: 2022-07-18 16:36:12 +0000 Commit: Yasuhiro Kimura <yasu@FreeBSD.org> CommitDate: 2022-07-18 16:55:17 +0000 databases/db18: Fix linking problem about OpenSSL Fix the problem that OpenSSL in base system is linked even if 'DEFAULT_VERSIONS=ssl=openssl' is specified in make.conf. While I'm here, * Pet portlint and portclippy. * Tidy up Makefile with portfmt. PR: 264520 MFH: 2022Q3 databases/db18/Makefile | 70 ++++++++++++++++++++++++++++++------------------- 1 file changed, 43 insertions(+), 27 deletions(-)
A commit in branch 2022Q3 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=07a6a3f0630c7d74b5f305badee9118614437c0a commit 07a6a3f0630c7d74b5f305badee9118614437c0a Author: Toshimichi Masubuchi <t.masub@gmail.com> AuthorDate: 2022-07-18 16:36:12 +0000 Commit: Yasuhiro Kimura <yasu@FreeBSD.org> CommitDate: 2022-07-18 16:57:52 +0000 databases/db18: Fix linking problem about OpenSSL Fix the problem that OpenSSL in base system is linked even if 'DEFAULT_VERSIONS=ssl=openssl' is specified in make.conf. While I'm here, * Pet portlint and portclippy. * Tidy up Makefile with portfmt. PR: 264520 MFH: 2022Q3 (cherry picked from commit 043c4ce17d47717559aeb567b04d1913ec0626b6) databases/db18/Makefile | 70 ++++++++++++++++++++++++++++++------------------- 1 file changed, 43 insertions(+), 27 deletions(-)
Committed with additional cleanup. Thanks!