Bug 231647 - security/cyrus-sasl2 saslauthd patch included for openssl 1.1.0
Summary: security/cyrus-sasl2 saslauthd patch included for openssl 1.1.0
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Hajimu UMEMOTO
Depends on:
Reported: 2018-09-24 00:17 UTC by dewayne
Modified: 2018-10-07 01:04 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (ume)

Patch for cyrus-sasl2-saslauthd enabling openssl 1.1.0 build (2.71 KB, text/plain)
2018-09-24 00:17 UTC, dewayne
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description dewayne 2018-09-24 00:17:18 UTC
Created attachment 197419 [details]
Patch for cyrus-sasl2-saslauthd enabling openssl 1.1.0 build

Please find enclosed the patch for security/cyrus-sasl2 to enable saslauthd to build with openssl 1.1.0i on FreeBSD 11.2-STABLE  r338612M.

There is already a patch in /usr/ports/security/cyrus-sasl2/files/ called patch-saslauthd_lak.c

I've moved this file to patch-saslauthd_lak2.c and added the patch from https://build.opensuse.org/package/view_file/network/cyrus-sasl-saslauthd/cyrus-sasl-2.1.27-openssl-1.1.0.patch?expand=1
naming it patch-saslauthd_lak2.c simply to preserve line numbering. They could easily be merged, but that's a maintainers call.

Note: This new patch needs to be applied to /usr/ports/security/cyrus-sasl2/files/ and not /usr/ports/security/cyrus-sasl2-saslauthd/files/
Comment 1 commit-hook freebsd_committer 2018-09-24 12:47:00 UTC
A commit references this bug:

Author: ume
Date: Mon Sep 24 12:46:13 UTC 2018
New revision: 480605
URL: https://svnweb.freebsd.org/changeset/ports/480605

  Add OpenSSL 1.1.0 support for saslauthd.
  There are the patches to support OpenSSL 1.1.0 in cyrus-sasl2
  port, already.  But, it was incomplete for saslauthd.

  PR:		231647
  Submitted by:	dewayne [...] heuristicsystems.com.au (with some modifications)

Comment 2 Hajimu UMEMOTO freebsd_committer 2018-09-24 12:52:49 UTC
Thank you for the info.
Though it seemed buildable without your patch, it was inpomplete.
However, your patch was still imcomplete.  So, I made the patch
from cyrus-sasl-2.1.27-rc8, then committed it.
Comment 3 dewayne 2018-09-24 21:55:11 UTC
(In reply to Hajimu UMEMOTO from comment #2)
Excellent :)
Thank-you for addressing.
(One small step for openssl, one giant leap for Cyrus)
Comment 4 dewayne 2018-09-26 05:54:31 UTC
(In reply to dewayne from comment #3)
Unfortunately I didn't think this through.  The patch works nicely for openssl 1.1.0, and probably 1.1.1.  However it does break openssl 1.0.2p and probably what is in FreeBSD 11.x base, with
lak.o: In function `lak_check_hashed':
lak.c:(.text+0xb9c): undefined reference to `EVP_MD_CTX_new'
lak.c:(.text+0xbab): undefined reference to `EVP_ENCODE_CTX_new'
lak.c:(.text+0xc37): undefined reference to `EVP_ENCODE_CTX_free'
lak.c:(.text+0xc97): undefined reference to `EVP_MD_CTX_free'
lak.c:(.text+0xd0d): undefined reference to `EVP_ENCODE_CTX_free'
lak.c:(.text+0xd1a): undefined reference to `EVP_MD_CTX_free'
lak.c:(.text+0xd41): undefined reference to `EVP_ENCODE_CTX_free'
collect2: error: ld returned 1 exit status
*** Error code 1

I think we need a conditional in the Makefile to enable the patch if the builder wants to use openssl 1.1.0 or later.  

Aside: As I build for other destinations relying upon what I have installed on the build machine is not a valid test :(
Comment 5 Hajimu UMEMOTO freebsd_committer 2018-09-26 13:40:34 UTC
It is strange to me.  Sorry but I could not reproduce your problem.
I confirmed that it could build with either ssl=openssl-devel, ssl=openssl
or ssl=base on 11.2-STABLE and 11.2-RELEASE boxes without any problem.
Comment 6 dewayne 2018-09-26 13:43:25 UTC
(In reply to Hajimu UMEMOTO from comment #5)
Yes it surprised me too - that it worked, until I turned off ccache.  Perhaps you have ccache running?
Comment 7 Hajimu UMEMOTO freebsd_committer 2018-09-26 13:48:12 UTC
No, I'm not using ccache.
Comment 8 Athanasios Douitsis 2018-10-02 22:38:54 UTC
Poudriere jail 11.2-RELEASE. Getting exactly the same error as dewayne. Haven't changed the default openssl version, so I'm at openssl=base.
Comment 9 Hajimu UMEMOTO freebsd_committer 2018-10-06 04:49:15 UTC
It was happen when the OPENLDAP option is enabled.
It should be fixed now.  Please try it.
Comment 10 Athanasios Douitsis 2018-10-06 19:24:02 UTC
Confirmed, my poudriere builds on 10.4 and 11.2 no longer break. Much obliged!
Comment 11 dewayne 2018-10-07 01:04:18 UTC
(In reply to Hajimu UMEMOTO from comment #9)
Thank-you - a good patch.  I'll advise Bernard as he may wish to apply against other ports that are experiencing this problem.