Bug 237621

Summary: security/krb5: fix build with LibreSSL 2.9 (again)
Product: Ports & Packages Reporter: Peter Putzer <freebsd>
Component: Individual Port(s)Assignee: Cy Schubert <cy>
Status: Closed FIXED    
Severity: Affects Some People CC: brnrd, freebsd, hostmaster+freebsd, wcarson.bugzilla
Priority: --- Flags: bugzilla: maintainer-feedback? (cy)
Version: Latest   
Hardware: Any   
OS: Any   
Bug Depends on: 237679    
Bug Blocks:    

Description Peter Putzer 2019-04-28 06:24:06 UTC 
After compiling the new 2.9 version of security/libressl, rebuilding security/krb5-1.17_2 fails with an error similar to bug #234064:

(cd .. && ln -s `basename plugins/preauth/pkinit`/pkinit.so .)
pkinit_crypto_openssl.c:3085:2: error: expected ';' after top level declarator
} static_ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams)
 ^
 ;
1 error generated.
gmake[3]: *** [Makefile:836: pkinit_crypto_openssl.so] Error 1
Comment 1 Peter Putzer 2019-04-30 17:14:28 UTC 
Having looked at openssl/asn1t.h as provided by LibreSSL, I wonder if the patch from bug #234064 has ever been tested before being committed. LibreSSL does not define static_ASN1_SEQUENCE_END_name. Gentoo has this proposed patch https://bugs.gentoo.org/attachment.cgi?id=456170&action=diff, whereas some people in Japan created a separate compatibility header in http://yama-ga.seesaa.net/article/465353240.html

In any case, it will be necessary to use ASN1_SEQUENCE_END_name or define static_ASN1_SEQUENCE_END_name. (It's been a long time since I coded in C, so I'm not sure what's necessary and valid here.)
Comment 2 Cy Schubert freebsd_committer freebsd_triage 2019-05-01 05:47:40 UTC 
This is a libressl bug. The latest version is missing the following macro definitions.

/usr/include/openssl/asn1t.h
122:# define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname)
136:# define static_ASN1_SEQUENCE_END_name(stname, tname) \
Comment 3 Cy Schubert freebsd_committer freebsd_triage 2019-05-01 05:51:41 UTC 
Opened libressl PR/237679.
Comment 4 Peter Putzer 2019-05-01 07:16:27 UTC 
(In reply to Cy Schubert from comment #2)

I'm not sure they will see it as a bug, as it appears the macros have never been part of LibreSSL's version of that header file.
Comment 5 Cy Schubert freebsd_committer freebsd_triage 2019-05-02 19:07:30 UTC 
(In reply to Peter Putzer from comment #1)
I considered the first option prior to opening the libressl bug and rejected it. I'm not enamoured with the solution and the compatibility header is a worse solution. This should be fixed upstream.

However thinking about it a little more this morning and considering the libressl folks will probably take some time to fix this I'll temporarily add a workaround for a while.
Comment 6 commit-hook freebsd_committer freebsd_triage 2019-05-03 12:51:15 UTC 
A commit references this bug:

Author: cy
Date: Fri May  3 12:50:53 UTC 2019
New revision: 500725
URL: https://svnweb.freebsd.org/changeset/ports/500725

Log:
  Fix build with libressl 2.9.1.

  PR:		237621
  Reported by:	many
  MFH:		2019Q2

Changes:
  head/security/krb5-115/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c
  head/security/krb5-116/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c
  head/security/krb5-117/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c
  head/security/krb5-devel/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c
Comment 7 commit-hook freebsd_committer freebsd_triage 2019-05-07 17:37:24 UTC 
A commit references this bug:

Author: cy
Date: Tue May  7 17:37:14 UTC 2019
New revision: 500972
URL: https://svnweb.freebsd.org/changeset/ports/500972

Log:
  MFH: r500725

  Fix build with libressl 2.9.1.

  PR:		237621
  Reported by:	many
  Approved by:	portmgr (joneum@)

Changes:
_U  branches/2019Q2/
  branches/2019Q2/security/krb5-115/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c
  branches/2019Q2/security/krb5-116/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c
  branches/2019Q2/security/krb5-117/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c
  branches/2019Q2/security/krb5-devel/files/patch-plugins_preauth_pkinit_pkinit__crypto__openssl.c