ports/188184: [patch] security/gnutls3: should not depend on security/openssl
Lawrence The Dreamer Chen
beastie at tardisi.com
Tue Apr 1 23:50:00 UTC 2014
>Number: 188184
>Category: ports
>Synopsis: [patch] security/gnutls3: should not depend on security/openssl
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Apr 01 23:50:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator: Lawrence "The Dreamer" Chen
>Release: FreeBSD 9.2-RELEASE-p3 amd64
>Organization:
>Environment:
System: FreeBSD zen.lhaven.homeip.net 9.2-RELEASE-p3 FreeBSD 9.2-RELEASE-p3 #0: Sat Jan 11 03:25:02 UTC 2014 root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
After this port was updated to 3.1.22 to address some vulnerabilities,
I found that it wanted to install security/openssl from ports as
a dependency. But, installing security/openssl from ports conflicts
with other ports on my system, I avoid ports that need this.
Plus doesn't it seem strange that gnutls needs openssl?
>How-To-Repeat:
>Fix:
The default options for dns/unbound, makes it need openssl-1.0+, which
has become a required dependency for gnutls3. Even though its a
feature auto-activation in the configure script.
The inclusion from dns/unbound is to add DNSSEC Verification support to
DANE. And, for the '--check' option of danetool3.
So, I have made it an option, default to disabled, to not inconvenience
people just needing this as an auto pkg.
Don't know why the man page for danetool3 is omitted if
--disable-libdane is set.
--- patch begins here ---
--- Makefile.orig 2014-04-01 17:01:23.475717843 -0500
+++ Makefile 2014-04-01 18:04:57.729718103 -0500
@@ -15,7 +15,6 @@
libnettle.so:${PORTSDIR}/security/nettle \
libp11-kit.so:${PORTSDIR}/security/p11-kit \
libidn.so:${PORTSDIR}/dns/libidn \
- libunbound.so:${PORTSDIR}/dns/unbound \
libtspi.so:${PORTSDIR}/security/trousers
GNUTLS_SUFFIX= 3
@@ -42,16 +41,23 @@
EXAMPLESDIR= ${PREFIX}/share/examples/${PORTNAME}${GNUTLS_SUFFIX}
INFO_SUBDIR= gnutls${GNUTLS_SUFFIX}
-OPTIONS_DEFINE= CXX DOCS EXAMPLES LIBTASN1
+OPTIONS_DEFINE= CXX DOCS EXAMPLES LIBTASN1 LIBDANE
OPTIONS_DEFAULT= CXX
OPTIONS_SUB= yes
LIBTASN1_DESC= Use libtasn1 from ports
+LIBDANE_DESC= DNSSEC support for DANE (danetool3 --check)
CXX_CONFIGURE_ENABLE= cxx
.include <bsd.port.options.mk>
+.if ${PORT_OPTIONS:MLIBDANE}
+LIB_DEPENDS+= libunbound.so:${PORTSDIR}/dns/unbound
+.else
+CONFIGURE_ARGS+= --disable-libdane
+.endif
+
.if ${PORT_OPTIONS:MLIBTASN1} || exists(${LOCALBASE}/lib/libtasn1.so.7)
LIB_DEPENDS+= libtasn1.so:${PORTSDIR}/security/libtasn1
.else
--- pkg-plist.orig 2014-04-01 17:01:10.259717874 -0500
+++ pkg-plist 2014-04-01 18:04:53.968719048 -0500
@@ -12,7 +12,7 @@
include/gnutls3/gnutls/abstract.h
include/gnutls3/gnutls/compat.h
include/gnutls3/gnutls/crypto.h
-include/gnutls3/gnutls/dane.h
+%%LIBDANE%%include/gnutls3/gnutls/dane.h
include/gnutls3/gnutls/dtls.h
include/gnutls3/gnutls/gnutls.h
%%CXX%%include/gnutls3/gnutls/gnutlsxx.h
@@ -42,10 +42,10 @@
info/gnutls3/gnutls.info-4
info/gnutls3/gnutls.info-5
info/gnutls3/pkcs11-vision.png
-lib/gnutls3/libgnutls-dane.a
-lib/gnutls3/libgnutls-dane.la
-lib/gnutls3/libgnutls-dane.so
-lib/gnutls3/libgnutls-dane.so.0
+%%LIBDANE%%lib/gnutls3/libgnutls-dane.a
+%%LIBDANE%%lib/gnutls3/libgnutls-dane.la
+%%LIBDANE%%lib/gnutls3/libgnutls-dane.so
+%%LIBDANE%%lib/gnutls3/libgnutls-dane.so.0
lib/gnutls3/libgnutls-openssl.a
lib/gnutls3/libgnutls-openssl.la
lib/gnutls3/libgnutls-openssl.so
@@ -63,8 +63,8 @@
%%CXX%%lib/gnutls3/libgnutlsxx.so
%%CXX%%lib/gnutls3/libgnutlsxx.so.28
libdata/pkgconfig/gnutls3.pc
-libdata/pkgconfig/gnutls3-dane.pc
-man/man1/danetool3.1.gz
+%%LIBDANE%%libdata/pkgconfig/gnutls3-dane.pc
+%%LIBDANE%%man/man1/danetool3.1.gz
man/man1/certtool3.1.gz
man/man1/gnutls-cli-debug3.1.gz
man/man1/gnutls-cli3.1.gz
--- patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list