Created attachment 154222 [details] svn diff for security/heimdal heimdal unconditionally relies on RAND_egd which makes building fail with LibreSSL which has removed EGD. FreeBSD does not require EGD at all, /dev/random has been available since FreeBSD 4.2 The patch checks for the LibreSSL by looking for LIBRESSL_VERSION_NUMBER which is defined in openssl/opensslv.h and disables code that requires egd. Couldn't find a clean spot to check for RAND_egd in configure like so AC_CHECK_LIB(crypto, RAND_egd, AC_DEFINE(HAVE_RAND_EGD, 1, [Define if the libcrypto has RAND_egd]))
Wanted to upstream the patch, but there's been a change in heimdal master where RAND_EGD is disabled for Windows it seems...
Created attachment 155420 [details] patch for security/heimdal The attached patch integrates Bernards changes with security/heimdal and adds the autoconf check to cf/crypto which was missing in the previous diff. Port now uses autoconf, needed to regen configure script. Bump port rev
Created attachment 155435 [details] svn diff for security/heimdal This patch improves on the previous patch by properly detecting EGD support in configure. No need to delete EGD support from bundled heimdal crypto lib.
Upstream implemented this in https://github.com/heimdal/heimdal/pull/124
Created attachment 159861 [details] svn diff for security/heimdal Adapted/simplified the patch to work with the new OPENSSL_NO_EGD define that was recently added to LibreSSL's headers.
The file you are trying to attach is 1632 kilobytes (KB) in size. Attachments cannot be more than 1000 KB. We recommend that you store your attachment elsewhere and then paste the URL to this file on the attachment creation page in the appropriate text field, which you can access by clicking the "paste text as attachment" link. So https://brnrd.eu/poudriere/data/102amd64-default/2015-08-14_18h20m12s/logs/heimdal-1.5.3_4.log should do!
Created attachment 167022 [details] Poudriere log security/heimdal Built with LibreSSL-devel 2.3.2 1634kb so gzipped Source: https://brnrd.eu/poudriere/data/102amd64-default/2016-02-14_21h54m39s/logs/heimdal-1.5.3_4.log
Bernard, Great job getting libressl to build and the obvious effort that you have put in to getting the upstream ports/folks to accept the changes necessary to build various ports using libressl. (per https://wiki.freebsd.org/LibreSSL and attached pages) Hiroki, Is there any chance of getting the patches into security/heimdal/files as a permanent fix? As an aside, as EGD appears to provide no benefit on "modern" operating systems which take care of system entropy, then why not remove the unnecessary function call (RAND_egd) altogether?
(In reply to dewayne from comment #8) > Is there any chance of getting the patches into security/heimdal/files as a > permanent fix? This will have to be applied as a permanent fix, OpenSSL 1.1.0 also disables EGD support by default. Fortunately it uses the same OPENSSL_NO_EGD define as LibreSSL does. I've just created the security/openssl-devel port for OpenSSL 1.1.0, see review D5484 > As an aside, as EGD appears to provide no benefit on "modern" operating systems > which take care of system entropy, then why not remove the unnecessary function > call (RAND_egd) altogether? Correct, but projects try to keep all options open. The #ifndef guards should suffice.
Thank you for the efforts. I'm just now trying to get all my systems to use libressl and am eagerly awaiting this.
Upstream request https://github.com/heimdal/heimdal/pull/167
This is now also relevant for OpenSSL 1.1.0 which disables EGD by default at build time and defines OPENSSL_NO_EGD (like LibreSSL does)
Looks like upstream was merged. Is this able to proceed? Any other blockers?
*** Bug 210392 has been marked as a duplicate of this bug. ***
See https://reviews.freebsd.org/D7053 Backport EGD removal from 1.6 branch
Closed by ports r421928