Bug 228898 - net-mgmt/net-snmp: Fails to link with OpenSSL 1.1
Summary: net-mgmt/net-snmp: Fails to link with OpenSSL 1.1
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Ryan Steinmetz
URL:
Keywords:
: 232763 (view as bug list)
Depends on:
Blocks: 228865 231931
  Show dependency treegraph
 
Reported: 2018-06-11 19:25 UTC by Bernard Spil
Modified: 2019-01-11 21:46 UTC (History)
13 users (show)

See Also:
bugzilla: maintainer-feedback? (zi)


Attachments
svm-diff-net-snmp-openssl (42.69 KB, patch)
2018-10-11 17:35 UTC, w.schwarzenfeld
no flags Details | Diff
svm-diff-net-snmp-openssl_v2 (5.85 KB, patch)
2018-10-12 02:05 UTC, w.schwarzenfeld
no flags Details | Diff
svm-diff-net-snmp-openssl_v3 (6.04 KB, patch)
2018-10-12 02:07 UTC, w.schwarzenfeld
no flags Details | Diff
additional-patch (2.09 KB, patch)
2018-10-27 14:09 UTC, w.schwarzenfeld
no flags Details | Diff
diff-Makefile (572 bytes, patch)
2018-10-31 16:40 UTC, w.schwarzenfeld
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Bernard Spil freebsd_committer 2018-06-11 19:25:33 UTC
undefined reference to `EVP_MD_CTX_free'

During BSDCan 2018 the intention to update OpenSSL in base to 1.1.x branch was documented.

Intention is to update 12-STABLE to current 1.1.0 and subsequently update it to 1.1.1 when that is released.

Poudriere log: https://keg.brnrd.eu/data/111amd64-default-openssl110/2018-06-11_10h42m37s/logs/errors/net-snmp-5.7.3_18.log
Comment 2 Nathan 2018-10-07 07:30:14 UTC
I'll work on this one
Comment 3 Nathan 2018-10-07 15:33:54 UTC
(In reply to Nathan from comment #2)
Edit: I had no luck with this one, so feel free to work on this one
Comment 4 w.schwarzenfeld freebsd_triage 2018-10-11 17:35:36 UTC
Created attachment 198040 [details]
svm-diff-net-snmp-openssl
Comment 5 w.schwarzenfeld freebsd_triage 2018-10-11 17:36:22 UTC
I found this at
https://build.opensuse.org/package/view_file/openSUSE:Leap:15.0/net-snmp/net-snmp-5.7.3-build-with-openssl-1.1.patch?expand=0

Looks useful, but I cannot test, with openssl.
(compiles fine with libressl).
Comment 6 w.schwarzenfeld freebsd_triage 2018-10-11 19:01:08 UTC
Comment on attachment 198040 [details]
svm-diff-net-snmp-openssl

Someone on IRC tested the patch, does not work.
Comment 7 w.schwarzenfeld freebsd_triage 2018-10-12 02:05:36 UTC
Created attachment 198050 [details]
svm-diff-net-snmp-openssl_v2

This should work with libressl and openssl111.
It is a modified debian-patch (unfortunately I forgot to save the link).
Comment 8 w.schwarzenfeld freebsd_triage 2018-10-12 02:07:50 UTC
Created attachment 198051 [details]
svm-diff-net-snmp-openssl_v3

Forgot Portrevison.
Comment 9 w.schwarzenfeld freebsd_triage 2018-10-12 02:16:59 UTC
Maybe, the obsoleted patch also works, the point was:

-CONFIGURE_ARGS+=--with-openssl="/usr"
+CONFIGURE_ARGS+=--with-openssl="${OPENSSLBASE}"

but I have not tested again yet (was a long night....).
Comment 10 Vitalij Satanivskij 2018-10-14 22:56:12 UTC
Just notice:
With svm-diff-net-snmp-openssl_v3 patch I'm sucessfuly build net-snmp and it'
s working fine on FreeBSD 12.0-ALPHA9 #0 r339354
But with option TLS DISABLED (just no need for me)
Comment 11 Charlie Li 2018-10-16 06:05:07 UTC
Setting CONFIGURE_ARGS+=--with-openssl="${OPENSSLBASE}" alone fixes the build with ssl=libressl-devel and TLS enabled. However, OpenSSL 1.1.1 (which is in base now) still fails during configure, primarily because SSL_library_init(3) is deprecated since OpenSSL 1.1.0 in favour of OPENSSL_init_ssl(3); the latter function is also available in LibreSSL.
Comment 12 w.schwarzenfeld freebsd_triage 2018-10-16 11:15:30 UTC
It could not be more as a workaround. There is a newer verion  (5.8 - see bug #232025).  And there another 12 Bugs open for net-snmp.
Comment 13 O. Hartmann 2018-10-17 08:05:33 UTC
Breakage of this port affects important other ports, like hplip, cups, qt4-network, icinga2 and so on  and ports depending on them. Is there a timeframe when to expect a relieve?

The proposed patch fixes the openssl-1.1.1 issue as long as option TLS is not selected.
Comment 14 Mathieu Arnold freebsd_committer 2018-10-27 10:46:29 UTC
Is this going somewhere ?
Comment 15 Matthias Fechner freebsd_committer 2018-10-27 11:21:25 UTC
I can confirm that this patch with openssl 1.1.1 from ports and disabled TLS in net-snmp works.
Comment 16 w.schwarzenfeld freebsd_triage 2018-10-27 14:09:57 UTC
Created attachment 198690 [details]
additional-patch

I have a additional patch silents some error during build with TLS=on, but I got still a linker-error:

/wrkdirs/usr/ports/net-mgmt/net-snmp/work/net-snmp-5.7.3/snmplib/.libs/libnetsnmp.so: undefined reference to `OPENSSL
_sk_num'
/wrkdirs/usr/ports/net-mgmt/net-snmp/work/net-snmp-5.7.3/snmplib/.libs/libnetsnmp.so: undefined reference to `OPENSSL
_init_ssl'
/wrkdirs/usr/ports/net-mgmt/net-snmp/work/net-snmp-5.7.3/snmplib/.libs/libnetsnmp.so: undefined reference to `SSL_set
_options'
/wrkdirs/usr/ports/net-mgmt/net-snmp/work/net-snmp-5.7.3/snmplib/.libs/libnetsnmp.so: undefined reference to `OPENSSL_sk_value'
/wrkdirs/usr/ports/net-mgmt/net-snmp/work/net-snmp-5.7.3/snmplib/.libs/libnetsnmp.so: undefined reference to `OPENSSL_init_crypto'
/wrkdirs/usr/ports/net-mgmt/net-snmp/work/net-snmp-5.7.3/snmplib/.libs/libnetsnmp.so: undefined reference to `EVP_MD_CTX_free'


and I have no idea. Maybe someone other find something
Comment 17 Mathieu Arnold freebsd_committer 2018-10-27 16:17:13 UTC
Does this fix on 12 with OpenSSL from the base system?
Comment 18 w.schwarzenfeld freebsd_triage 2018-10-27 16:49:41 UTC
See comment7 and I think O.Hartmann has also 12. But TLS=on still not work.
Comment 19 w.schwarzenfeld freebsd_triage 2018-10-27 16:53:02 UTC
sorry not comment7 I meant comment10.
Comment 20 w.schwarzenfeld freebsd_triage 2018-10-28 15:01:50 UTC
*** Bug 232763 has been marked as a duplicate of this bug. ***
Comment 21 Mathieu Arnold freebsd_committer 2018-10-30 22:15:58 UTC
So, what does the maintainer has to say about this?  The maintainer timeout window has passed 4 days ago, it can be committed.
Comment 22 Mathieu Arnold freebsd_committer 2018-10-31 11:33:01 UTC
building, I'll commit after testing it works.
Comment 23 commit-hook freebsd_committer 2018-10-31 14:36:02 UTC
A commit references this bug:

Author: mat
Date: Wed Oct 31 14:35:16 UTC 2018
New revision: 483586
URL: https://svnweb.freebsd.org/changeset/ports/483586

Log:
  Fix build with OpenSSL 1.1.1 in base.

  PR:		228898
  Submitted by:	w.schwarzenfeld@utanet.at
  Reported by:	brnrd
  Approved by:	maintainer

Changes:
  head/net-mgmt/net-snmp/Makefile
  head/net-mgmt/net-snmp/files/extra-patch-openssl11
Comment 24 commit-hook freebsd_committer 2018-10-31 14:39:09 UTC
A commit references this bug:

Author: mat
Date: Wed Oct 31 14:38:32 UTC 2018
New revision: 483587
URL: https://svnweb.freebsd.org/changeset/ports/483587

Log:
  MFH: r483586

  Fix build with OpenSSL 1.1.1 in base.

  PR:		228898
  Submitted by:	w.schwarzenfeld@utanet.at
  Reported by:	brnrd
  Approved by:	maintainer

Changes:
_U  branches/2018Q4/
  branches/2018Q4/net-mgmt/net-snmp/Makefile
  branches/2018Q4/net-mgmt/net-snmp/files/extra-patch-openssl11
Comment 25 w.schwarzenfeld freebsd_triage 2018-10-31 15:35:03 UTC
Thank you!
But you have forgot to mark the TLS option BROKEN (for the moment) only for OPENSSL user.
It works with LIBRESSL.
Comment 26 w.schwarzenfeld freebsd_triage 2018-10-31 16:40:06 UTC
Created attachment 198805 [details]
diff-Makefile

Also bumped PORTREVISION.
Comment 27 Mike Andrews 2018-11-01 04:54:30 UTC
The most recently committed patch also doesn't cover the case of FreeBSD 11.2 and DEFAULT_VERSIONS= ssl=openssl111 -- this is the one port keeping me from switching over to OpenSSL 1.1.1 (and thus enabling TLS 1.3 on our website) on FreeBSD 11.2.

Would net-snmp 5.8 make any of this easier?  Bug 232025 covers that one.
Comment 28 Mathieu Arnold freebsd_committer 2018-11-01 16:36:46 UTC
I did not bump PORTREVISION because the port was not building before.