Bug 232784 - devel/qca Latest version links against undefined OpenSSL 1.1 symbols on 11.2
Summary: devel/qca Latest version links against undefined OpenSSL 1.1 symbols on 11.2
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: kde
URL:
Keywords:
: 232783 235171 235628 (view as bug list)
Depends on:
Blocks:
 
Reported: 2018-10-29 16:02 UTC by Ivan
Modified: 2019-02-28 13:48 UTC (History)
9 users (show)

See Also:
tcberner: maintainer-feedback+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ivan 2018-10-29 16:02:53 UTC
abishai@sphinx:~ % /usr/local/lib/libexec/kdeconnectd
kdeconnect.core: KdeConnect daemon starting
/usr/local/lib/qca-qt5/crypto/libqca-ossl.so: Undefined symbol "EVP_MD_CTX_new"

Reverting latest compatibility patch fixes the issue.
Comment 1 Tobias C. Berner freebsd_committer 2018-10-29 16:33:58 UTC
Moin moin

Could you try with the port before the Openssl fix?

Mfg Tobias
Comment 2 Ivan 2018-10-29 16:51:01 UTC
As I wrote :P
Reverting https://svnweb.freebsd.org/ports?view=revision&revision=481850 fixed the issue.
Comment 3 Tobias C. Berner freebsd_committer 2018-10-29 17:00:22 UTC
(In reply to Ivan from comment #2)
Woops, my bad, I overlooked that sentence :)
Comment 4 Adriaan de Groot freebsd_committer 2018-10-30 10:45:40 UTC
Looks like this can be confirmed: in 12-CURRENT my evp.h contains a declaration of EVP_MD_CTX_new() and #defines EVP_MD_CTX_create() to new. In 11.2, my evp.h contains a declaration of EVP_MD_CTX_create() and nothing for EVP_MD_CTX_new(). Looks like this needs to be guarded more.
Comment 5 Walter Schwarzenfeld freebsd_triage 2018-10-30 12:01:35 UTC
Similar problem with libressl:
#define M_ASN1_IA5STRING_new() ASN1_IA5STRING_new()
        ^
/usr/local/include/openssl/asn1.h:636:9: note: previous definition is here
#define M_ASN1_IA5STRING_new()  (ASN1_IA5STRING *)\
        ^
/ram/usr/ports/devel/qca/work-qt4/qca-2.1.3/plugins/qca-ossl/qca-ossl.cpp:2835:4: error: use of undeclared identifier 'RSA_meth_set_sign'; did you mean 'DSA_meth_set_sign'?
                        RSA_meth_set_sign(ops, NULL);
                        ^~~~~~~~~~~~~~~~~
                        DSA_meth_set_sign
/usr/local/include/openssl/dsa.h:275:5: note: 'DSA_meth_set_sign' declared here
int DSA_meth_set_sign(DSA_METHOD *meth,
    ^
/ram/usr/ports/devel/qca/work-qt4/qca-2.1.3/plugins/qca-ossl/qca-ossl.cpp:2835:22: error: cannot initialize a parameter of type 'DSA_METHOD *' (aka 'dsa_method *') with an lvalue of type 'RSA_METHOD *' (aka 'rsa_meth_st *')
                        RSA_meth_set_sign(ops, NULL);
                                          ^~~
/usr/local/include/openssl/dsa.h:275:35: note: passing argument to parameter 'meth' here
int DSA_meth_set_sign(DSA_METHOD *meth,
                                  ^
/ram/usr/ports/devel/qca/work-qt4/qca-2.1.3/plugins/qca-ossl/qca-ossl.cpp:2839:4: error: use of undeclared identifier 'RSA_meth_set_verify'; did you mean 'RSA_meth_set_finish'?
                        RSA_meth_set_verify(ops, NULL); //pkcs11_rsa_verify
                        ^~~~~~~~~~~~~~~~~~~
                        RSA_meth_set_finish
/usr/local/include/openssl/rsa.h:442:5: note: 'RSA_meth_set_finish' declared here
int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa));
    ^
/ram/usr/ports/devel/qca/work-qt4/qca-2.1.3/plugins/qca-ossl/qca-ossl.cpp:2860:11: error: use of undeclared identifier 'RSA_F_RSA_OSSL_PRIVATE_DECRYPT'
                        RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
                               ^
1 warning and 4 errors generated.
ninja: build stopped: subcommand failed.
===> Compilation failed unexpectedly.
Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to
the maintainer.
*** Error code 1

Stop.
make[1]: stopped in /usr/ports/devel/qca
*** Error code 1

Stop.
make: stopped in /usr/ports/devel/qca




if I remove patch-plugins_qca-ossl_qca-ossl.cpp it builds fine.
Comment 6 dave 2018-11-26 22:47:51 UTC
Just confirming the above. Libressl appears to break devel/qca on ports/HEAD. Removing patch-plugins_qca-ossl_qca-ossl.cpp fixes the issue and allows all of KDE to be built. :)
Comment 7 Adriaan de Groot freebsd_committer 2018-11-27 10:27:39 UTC
There are eight combinations to test:
 - 11.2 with DEFAULT_VERSIONS+=ssl=<ver> where <ver> is each one of base, openssl, openssl111, libressl, and libressl-devel.
 - 12.0 (-RC2 right now) with the same (I don't count <ver> openssl and openssl111 because those don't seem to make sense on 12?).

Removing a patch in order to fix one of those eight, which breaks another one (presumably 11.2 + openssl111) is not a good step forward. In any case this PR is going nowhere until net/qt4-network is resolved, which has the same eight variants to test (which means roughly 24 hours of compiling for each change).
Comment 8 VVD 2018-12-20 23:10:49 UTC
(In reply to Ivan from comment #0)
> /usr/local/lib/qca-qt5/crypto/libqca-ossl.so: Undefined symbol "EVP_MD_CTX_new"
Here same with psi.

I removed patch https://svnweb.freebsd.org/ports?view=revision&revision=481850 and rebuild qca-qt5 - psi is working fine now.
Comment 9 commit-hook freebsd_committer 2018-12-31 22:30:56 UTC
A commit references this bug:

Author: adridg
Date: Mon Dec 31 22:30:01 UTC 2018
New revision: 488842
URL: https://svnweb.freebsd.org/changeset/ports/488842

Log:
  Be more defensive in Qt5Network code.

  It's possible, but rather unlikely, to build Qt5Network with
  QT_NO_NETWORKINTERFACE, and still get around to building the
  generic bearer. In that case, comment out the workaround
  that needs an interface.

  PR:		232784
  Obtained from:	Max Steciuk

Changes:
  head/net/qt5-network/Makefile
  head/net/qt5-network/files/patch-src_plugins_bearer_generic_qgenericengine.cpp
Comment 10 Adriaan de Groot freebsd_committer 2018-12-31 22:41:31 UTC
This PR is in dire need of a cleanup: what is the actual issue, which make.conf and other settings are in play, and how can te problem be seen? Throwing libressl into the mix doesn't help unless that's clearly indicated, and neither do unrelated compile errors (it *looks* like this was originally a runtime error).

So, back to the original reporter, Ivan: I have an 11.2-RELEASE VM ready. What do I do to show the problem?
Comment 11 Ivan 2019-01-01 12:05:29 UTC
Hello, Adriaan,
I updated my laptop to 12.0, so I'm not sure if this issue is still relevant, but I think it is.

The problem: 11.2 has OpenSSL < 1.1.1 in the base and it simply hasn't sybmols mentioned in https://svnweb.freebsd.org/ports?view=revision&revision=481850 which it applied.

The test is to link qca against base (it does by default) and try to use qca-depended software. It should abort in start.

For example, build deskutils/kdeconnect-kde and attempt to interactivly start it's daemon /usr/local/lib/libexec/kdeconnectd
Comment 12 Walter Schwarzenfeld freebsd_triage 2019-02-09 22:18:11 UTC
*** Bug 235628 has been marked as a duplicate of this bug. ***
Comment 13 Raphael Kubo da Costa freebsd_committer 2019-02-23 21:01:13 UTC
*** Bug 235171 has been marked as a duplicate of this bug. ***
Comment 14 Raphael Kubo da Costa freebsd_committer 2019-02-25 14:38:48 UTC
Proposed patch: https://reviews.freebsd.org/D19347
Comment 15 commit-hook freebsd_committer 2019-02-27 19:23:05 UTC
A commit references this bug:

Author: rakuco
Date: Wed Feb 27 19:22:17 UTC 2019
New revision: 494079
URL: https://svnweb.freebsd.org/changeset/ports/494079

Log:
  Replace OpenSSL 1.1.0 with upstream ones

  The patches from bug 228902 and added in r481850 are not entirely compatible
  with older OpenSSL versions, to the point that the qca-ossl plugin refuses to
  load at all on FreeBSD 11.2, for example (see bug 232784 and its duplicates).

  Fix it by replacing our patches with backports from upstream the same way
  OpenSUSE does it (the OpenSSL 1.1.0 upstream patch was authored by SUSE):

  * Revert an upstream commit made only to the 2.1 branch disabling a few ciphers
    in the unit tests.
  * Backport a change to the master branch that never made it to the 2.1 branch
    disabling the ciphers mentioned above as well as a few other ones, so that we
    can backport the actual change adding support for OpenSSL 1.1.0 more clealy.
  * Backport the actual OpenSSL 1.1.0 support commit, with a few conflicts
    resolved due to the lack of a commit adding suport for AES GCM and AES CCM in
    the 2.1 branch. The patch was actually obtained from OpenSUSE's repositories,
    since they had to resolve the same conflict as well.

  The port built fine on 11.2-i386, an old 12-CURRENT snapshot on amd64 as well
  as 13-CURRENT on amd64, and all unit tests are passing except for some PGP ones
  that are unrelated. With the patches we have in the tree, a lot of unit tests
  failed on 11.2 due to the qca-ossl plugin failing to load.

  PR:		228902
  PR:		232784
  Reviewed by:	tcberner
  Differential Revision:	https://reviews.freebsd.org/D19347

Changes:
  head/devel/qca/Makefile
  head/devel/qca/files/patch-openssl110_01
  head/devel/qca/files/patch-openssl110_02
  head/devel/qca/files/patch-openssl110_03
  head/devel/qca/files/patch-plugins_qca-ossl_libcrypto-compat.c
  head/devel/qca/files/patch-plugins_qca-ossl_libcrypto-compat.h
  head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp
Comment 16 Raphael Kubo da Costa freebsd_committer 2019-02-27 19:25:40 UTC
I think this is finally fixed. I missed the MFH request in the commit message, but I've messaged portmgr afterwards.
Comment 17 Raphael Kubo da Costa freebsd_committer 2019-02-27 19:26:47 UTC
*** Bug 232783 has been marked as a duplicate of this bug. ***
Comment 18 commit-hook freebsd_committer 2019-02-28 13:48:23 UTC
A commit references this bug:

Author: rakuco
Date: Thu Feb 28 13:47:40 UTC 2019
New revision: 494150
URL: https://svnweb.freebsd.org/changeset/ports/494150

Log:
  MFH: r494079

  Replace OpenSSL 1.1.0 with upstream ones

  The patches from bug 228902 and added in r481850 are not entirely compatible
  with older OpenSSL versions, to the point that the qca-ossl plugin refuses to
  load at all on FreeBSD 11.2, for example (see bug 232784 and its duplicates).

  Fix it by replacing our patches with backports from upstream the same way
  OpenSUSE does it (the OpenSSL 1.1.0 upstream patch was authored by SUSE):

  * Revert an upstream commit made only to the 2.1 branch disabling a few ciphers
    in the unit tests.
  * Backport a change to the master branch that never made it to the 2.1 branch
    disabling the ciphers mentioned above as well as a few other ones, so that we
    can backport the actual change adding support for OpenSSL 1.1.0 more clealy.
  * Backport the actual OpenSSL 1.1.0 support commit, with a few conflicts
    resolved due to the lack of a commit adding suport for AES GCM and AES CCM in
    the 2.1 branch. The patch was actually obtained from OpenSUSE's repositories,
    since they had to resolve the same conflict as well.

  The port built fine on 11.2-i386, an old 12-CURRENT snapshot on amd64 as well
  as 13-CURRENT on amd64, and all unit tests are passing except for some PGP ones
  that are unrelated. With the patches we have in the tree, a lot of unit tests
  failed on 11.2 due to the qca-ossl plugin failing to load.

  PR:		228902
  PR:		232784
  Reviewed by:	tcberner
  Differential Revision:	https://reviews.freebsd.org/D19347

  Approved by:	ports-secteam (joneum)

Changes:
_U  branches/2019Q1/
  branches/2019Q1/devel/qca/Makefile
  branches/2019Q1/devel/qca/files/patch-openssl110_01
  branches/2019Q1/devel/qca/files/patch-openssl110_02
  branches/2019Q1/devel/qca/files/patch-openssl110_03
  branches/2019Q1/devel/qca/files/patch-plugins_qca-ossl_libcrypto-compat.c
  branches/2019Q1/devel/qca/files/patch-plugins_qca-ossl_libcrypto-compat.h
  branches/2019Q1/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp