Bug 226843

Summary: security/libressl-devel: 2.7 breaks multiple ports
Product: Ports & Packages Reporter: Charlie Li <ml+freebsd>
Component: Individual Port(s)Assignee: Bernard Spil <brnrd>
Status: New ---    
Severity: Affects Some People CC: emaste
Priority: --- Keywords: needs-patch
Version: LatestFlags: bugzilla: maintainer-feedback? (brnrd)
Hardware: Any   
OS: Any   
URL: https://wiki.freebsd.org/LibreSSL/Ports#LibreSSL_2.7
See Also: https://bugs.gentoo.org/show_bug.cgi?id=561854
Bug Depends on: 224148, 226845, 226852, 226853, 226883, 226900, 226902, 226903, 226906, 226911, 226922, 226925, 226927, 226933, 226953, 226954, 226955, 226956, 227090, 227108, 227165, 227166, 227167, 227169, 227171, 227172, 227173, 227177, 227178, 227183, 227184, 227187, 227192, 227264, 227860, 227942, 228150, 228219, 228248, 228344, 228970, 229606, 229608    
Bug Blocks:    

Description Charlie Li 2018-03-22 11:45:43 UTC
Upon updating to 2.7.0, breakages were observed in a handful but wide variety of ports. So far, they are of the variety "static declaration of 'X509_NAME_ENTRY_set' follows non-static declaration", albeit with a slew of different functions from ssl.h.

This may or may not become a meta bug at some point. The ports observed to break with my small run:
- lang/python27
- lang/python36
- lang/ruby25
- lang/ruby24
- ftp/curl
Interestingly, in terms of the python ports, lang/python34 builds fine. I haven't tried any further ports as many of those depending on USES=ssl also list at least one of the aforementioned listed ports as dependencies.
Comment 1 Charlie Li 2018-03-22 20:21:03 UTC
Gentoo also has this tracked as a meta bug, albeit from the start of their libressl support. Their dependent bugs relevant to this breakage start from 651162.
Comment 2 Bernard Spil freebsd_committer 2018-03-23 08:27:03 UTC
Hi Charlie,

Thanks for reporting. I'm "commandeering" this PR a bit to keep track of other PR's that break with LibreSSL 2.7.

I'll use this PR as placeholder to check how far along we are to update the ports tree so I can update security/libressl to 2.7 branch.

This is also tracked on the FreeBSD wiki https://wiki.freebsd.org/LibreSSL/Ports#LibreSSL_2.7

I've done exp-runs on 2.6.4 and 2.7.0 to compare diffs
2.6.4: https://keg.brnrd.eu/build.html?mastername=111amd64-default-libressl&build=2018-03-22_07h59m42s
2.7.0 https://keg.brnrd.eu/build.html?mastername=111amd64-default-libressldev&build=2018-03-22_20h46m47s
Comment 3 Charlie Li 2018-03-24 19:07:27 UTC
2.7.1 is released [1]. Python upstream released their patches when this happened, I expect some other projects to follow.

[1] https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.1-relnotes.txt
Comment 4 Bernard Spil freebsd_committer 2018-03-25 12:02:22 UTC
Started a new exp-run with LibreSSL 2.7.1
https://keg.brnrd.eu/build.html?mastername=111amd64-default-libressldev&build=2018-03-25_11h09m25s

Patches for
> archivers/libarchive
> databases/freetds
> devel/libevent
> lang/python27
> lang/python36
> lang/ruby24
> lang/ruby25
> security/py-cryptography
Imported the patch for python27 from the correct branch in git but it fails. Removed the patch for Tools/ssl/multissltests.py for now.
Comment 5 Charlie Li 2018-03-25 19:20:41 UTC
multissltests.py was renamed from something else previously; the file name escapes me but groking the content you'll see the resemblence. For lang/python27 and lang/python35, I removed that part of the patch anyway.