Bug 232784
| Summary: | devel/qca Latest version links against undefined OpenSSL 1.1 symbols on 11.2 | ||
|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Ivan <bsd> |
| Component: | Individual Port(s) | Assignee: | freebsd-kde (group) <kde> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | CC: | adridg, damjan.jov, dave, fjwcash, mxze0x, ports, tcberner, vvd, w.schwarzenfeld |
| Priority: | --- | Flags: | tcberner:
maintainer-feedback+
|
| Version: | Latest | ||
| Hardware: | Any | ||
| OS: | Any | ||
|
Description
Ivan
2018-10-29 16:02:53 UTC
Moin moin Could you try with the port before the Openssl fix? Mfg Tobias As I wrote :P Reverting https://svnweb.freebsd.org/ports?view=revision&revision=481850 fixed the issue. (In reply to Ivan from comment #2) Woops, my bad, I overlooked that sentence :) Looks like this can be confirmed: in 12-CURRENT my evp.h contains a declaration of EVP_MD_CTX_new() and #defines EVP_MD_CTX_create() to new. In 11.2, my evp.h contains a declaration of EVP_MD_CTX_create() and nothing for EVP_MD_CTX_new(). Looks like this needs to be guarded more. Similar problem with libressl:
#define M_ASN1_IA5STRING_new() ASN1_IA5STRING_new()
^
/usr/local/include/openssl/asn1.h:636:9: note: previous definition is here
#define M_ASN1_IA5STRING_new() (ASN1_IA5STRING *)\
^
/ram/usr/ports/devel/qca/work-qt4/qca-2.1.3/plugins/qca-ossl/qca-ossl.cpp:2835:4: error: use of undeclared identifier 'RSA_meth_set_sign'; did you mean 'DSA_meth_set_sign'?
RSA_meth_set_sign(ops, NULL);
^~~~~~~~~~~~~~~~~
DSA_meth_set_sign
/usr/local/include/openssl/dsa.h:275:5: note: 'DSA_meth_set_sign' declared here
int DSA_meth_set_sign(DSA_METHOD *meth,
^
/ram/usr/ports/devel/qca/work-qt4/qca-2.1.3/plugins/qca-ossl/qca-ossl.cpp:2835:22: error: cannot initialize a parameter of type 'DSA_METHOD *' (aka 'dsa_method *') with an lvalue of type 'RSA_METHOD *' (aka 'rsa_meth_st *')
RSA_meth_set_sign(ops, NULL);
^~~
/usr/local/include/openssl/dsa.h:275:35: note: passing argument to parameter 'meth' here
int DSA_meth_set_sign(DSA_METHOD *meth,
^
/ram/usr/ports/devel/qca/work-qt4/qca-2.1.3/plugins/qca-ossl/qca-ossl.cpp:2839:4: error: use of undeclared identifier 'RSA_meth_set_verify'; did you mean 'RSA_meth_set_finish'?
RSA_meth_set_verify(ops, NULL); //pkcs11_rsa_verify
^~~~~~~~~~~~~~~~~~~
RSA_meth_set_finish
/usr/local/include/openssl/rsa.h:442:5: note: 'RSA_meth_set_finish' declared here
int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa));
^
/ram/usr/ports/devel/qca/work-qt4/qca-2.1.3/plugins/qca-ossl/qca-ossl.cpp:2860:11: error: use of undeclared identifier 'RSA_F_RSA_OSSL_PRIVATE_DECRYPT'
RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
^
1 warning and 4 errors generated.
ninja: build stopped: subcommand failed.
===> Compilation failed unexpectedly.
Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to
the maintainer.
*** Error code 1
Stop.
make[1]: stopped in /usr/ports/devel/qca
*** Error code 1
Stop.
make: stopped in /usr/ports/devel/qca
if I remove patch-plugins_qca-ossl_qca-ossl.cpp it builds fine.
Just confirming the above. Libressl appears to break devel/qca on ports/HEAD. Removing patch-plugins_qca-ossl_qca-ossl.cpp fixes the issue and allows all of KDE to be built. :) There are eight combinations to test: - 11.2 with DEFAULT_VERSIONS+=ssl=<ver> where <ver> is each one of base, openssl, openssl111, libressl, and libressl-devel. - 12.0 (-RC2 right now) with the same (I don't count <ver> openssl and openssl111 because those don't seem to make sense on 12?). Removing a patch in order to fix one of those eight, which breaks another one (presumably 11.2 + openssl111) is not a good step forward. In any case this PR is going nowhere until net/qt4-network is resolved, which has the same eight variants to test (which means roughly 24 hours of compiling for each change). (In reply to Ivan from comment #0) > /usr/local/lib/qca-qt5/crypto/libqca-ossl.so: Undefined symbol "EVP_MD_CTX_new" Here same with psi. I removed patch https://svnweb.freebsd.org/ports?view=revision&revision=481850 and rebuild qca-qt5 - psi is working fine now. A commit references this bug: Author: adridg Date: Mon Dec 31 22:30:01 UTC 2018 New revision: 488842 URL: https://svnweb.freebsd.org/changeset/ports/488842 Log: Be more defensive in Qt5Network code. It's possible, but rather unlikely, to build Qt5Network with QT_NO_NETWORKINTERFACE, and still get around to building the generic bearer. In that case, comment out the workaround that needs an interface. PR: 232784 Obtained from: Max Steciuk Changes: head/net/qt5-network/Makefile head/net/qt5-network/files/patch-src_plugins_bearer_generic_qgenericengine.cpp This PR is in dire need of a cleanup: what is the actual issue, which make.conf and other settings are in play, and how can te problem be seen? Throwing libressl into the mix doesn't help unless that's clearly indicated, and neither do unrelated compile errors (it *looks* like this was originally a runtime error). So, back to the original reporter, Ivan: I have an 11.2-RELEASE VM ready. What do I do to show the problem? Hello, Adriaan, I updated my laptop to 12.0, so I'm not sure if this issue is still relevant, but I think it is. The problem: 11.2 has OpenSSL < 1.1.1 in the base and it simply hasn't sybmols mentioned in https://svnweb.freebsd.org/ports?view=revision&revision=481850 which it applied. The test is to link qca against base (it does by default) and try to use qca-depended software. It should abort in start. For example, build deskutils/kdeconnect-kde and attempt to interactivly start it's daemon /usr/local/lib/libexec/kdeconnectd *** Bug 235628 has been marked as a duplicate of this bug. *** *** Bug 235171 has been marked as a duplicate of this bug. *** Proposed patch: https://reviews.freebsd.org/D19347 A commit references this bug: Author: rakuco Date: Wed Feb 27 19:22:17 UTC 2019 New revision: 494079 URL: https://svnweb.freebsd.org/changeset/ports/494079 Log: Replace OpenSSL 1.1.0 with upstream ones The patches from bug 228902 and added in r481850 are not entirely compatible with older OpenSSL versions, to the point that the qca-ossl plugin refuses to load at all on FreeBSD 11.2, for example (see bug 232784 and its duplicates). Fix it by replacing our patches with backports from upstream the same way OpenSUSE does it (the OpenSSL 1.1.0 upstream patch was authored by SUSE): * Revert an upstream commit made only to the 2.1 branch disabling a few ciphers in the unit tests. * Backport a change to the master branch that never made it to the 2.1 branch disabling the ciphers mentioned above as well as a few other ones, so that we can backport the actual change adding support for OpenSSL 1.1.0 more clealy. * Backport the actual OpenSSL 1.1.0 support commit, with a few conflicts resolved due to the lack of a commit adding suport for AES GCM and AES CCM in the 2.1 branch. The patch was actually obtained from OpenSUSE's repositories, since they had to resolve the same conflict as well. The port built fine on 11.2-i386, an old 12-CURRENT snapshot on amd64 as well as 13-CURRENT on amd64, and all unit tests are passing except for some PGP ones that are unrelated. With the patches we have in the tree, a lot of unit tests failed on 11.2 due to the qca-ossl plugin failing to load. PR: 228902 PR: 232784 Reviewed by: tcberner Differential Revision: https://reviews.freebsd.org/D19347 Changes: head/devel/qca/Makefile head/devel/qca/files/patch-openssl110_01 head/devel/qca/files/patch-openssl110_02 head/devel/qca/files/patch-openssl110_03 head/devel/qca/files/patch-plugins_qca-ossl_libcrypto-compat.c head/devel/qca/files/patch-plugins_qca-ossl_libcrypto-compat.h head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp I think this is finally fixed. I missed the MFH request in the commit message, but I've messaged portmgr afterwards. *** Bug 232783 has been marked as a duplicate of this bug. *** A commit references this bug: Author: rakuco Date: Thu Feb 28 13:47:40 UTC 2019 New revision: 494150 URL: https://svnweb.freebsd.org/changeset/ports/494150 Log: MFH: r494079 Replace OpenSSL 1.1.0 with upstream ones The patches from bug 228902 and added in r481850 are not entirely compatible with older OpenSSL versions, to the point that the qca-ossl plugin refuses to load at all on FreeBSD 11.2, for example (see bug 232784 and its duplicates). Fix it by replacing our patches with backports from upstream the same way OpenSUSE does it (the OpenSSL 1.1.0 upstream patch was authored by SUSE): * Revert an upstream commit made only to the 2.1 branch disabling a few ciphers in the unit tests. * Backport a change to the master branch that never made it to the 2.1 branch disabling the ciphers mentioned above as well as a few other ones, so that we can backport the actual change adding support for OpenSSL 1.1.0 more clealy. * Backport the actual OpenSSL 1.1.0 support commit, with a few conflicts resolved due to the lack of a commit adding suport for AES GCM and AES CCM in the 2.1 branch. The patch was actually obtained from OpenSUSE's repositories, since they had to resolve the same conflict as well. The port built fine on 11.2-i386, an old 12-CURRENT snapshot on amd64 as well as 13-CURRENT on amd64, and all unit tests are passing except for some PGP ones that are unrelated. With the patches we have in the tree, a lot of unit tests failed on 11.2 due to the qca-ossl plugin failing to load. PR: 228902 PR: 232784 Reviewed by: tcberner Differential Revision: https://reviews.freebsd.org/D19347 Approved by: ports-secteam (joneum) Changes: _U branches/2019Q1/ branches/2019Q1/devel/qca/Makefile branches/2019Q1/devel/qca/files/patch-openssl110_01 branches/2019Q1/devel/qca/files/patch-openssl110_02 branches/2019Q1/devel/qca/files/patch-openssl110_03 branches/2019Q1/devel/qca/files/patch-plugins_qca-ossl_libcrypto-compat.c branches/2019Q1/devel/qca/files/patch-plugins_qca-ossl_libcrypto-compat.h branches/2019Q1/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp |
