Upcoming OpenSSL 1.1.0 release

Bernard Spil brnrd at freebsd.org
Sun Aug 28 20:34:39 UTC 2016 

On Sun, Aug 28, 2016 at 5:01 PM, Bernard Spil <brnrd at freebsd.org> wrote:
> 2016-08-27 11:18 GMT+02:00 Dirk Meyer <dirk.meyer at dinoex.sub.org>:
>> Hallo Ollivier Robert,
>>
>>> [01:19:54] ====>> Failed ports: lang/go14:build security/libssh2:build devel/libevent2:build archivers/libarchive:build lang/python27:package security/trousers:build lang/python34:package devel/apr1:configure lang/ruby23:package dns/ldns:configure databa
>>> ses/freetds:build www/libwww:configure ftp/lftp:build security/pkcs11-helper:build security/php56-openssl:build www/lynx:build net-p2p/libtorrent:build security/cyrus-sasl2:build dns/bind910:configure mail/postfix-current:build mail/dovecot2:build lang/r
>>> uby22:package ftp/wget:configure www/nginx-devel:build dns/bind99:configure www/aria2:build
>>>
>>> Most of them were building before (exception is go14 which is always failing on my poudriere but I know why).
>>
>> a number of your ports failing with openssl-devel-1.1.0
>> builds fine with my version of openssl-1.1.0 in ports:
>>
>> archivers/libarchive
>> devel/apr1
>> devel/libevent2
>> dns/bind910
>> dns/ldns
>> net-p2p/libtorrent
>> security/php56-openssl
>> security/cyrus-sasl2
>> security/trousers
>> www/lynx
>>
>> For them there are no regressions with the update of security/openssl I an testing.
>>
>> kind regards Dirk
>>
>> - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany
>> - [dirk.meyer at dinoex.sub.org],[dirk.meyer at guug.de],[dinoex at FreeBSD.org]
>>
>
> Hi All,
>
> There were indeed some issues with my openssl-devel port. I'm now
> finishing up aligning it with the port that Dirk committed (and that
> was reverted pending more testing). List of fixes below and a patch
> for security/openssl-devel to follow soon.
>
>   1. ASM : Some error in OpenSSL's configure, adding `asm` to
> configure_args triggers failure
>   2. ldconfig: SHARED_USE_LDCONFIG doesn't work, switch to SHARED_USE=
> ldconfig=yes
>   3. Rework options handling to upstream default off and default on
>      a. default-off, to enable use enable-opt
>      b. default-on, to disable use no-opt
>
> This does NOT fix the build issue(s?) yet. bind910 fails on the
> removed openssl/dso.h header file and the DSO_METHOD_dlfcn having been
> removed completely. Removing that test makes build fail on missing
> ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED which is unrelated to DSO I
> believe.
>
> Checked devel/apr1 shortly and that fails on a missing EVP_PKEY_CTX_new.
>
> I had already opened a PR for an exp-run with openssl-devel to see how
> much fixing we need with OpenSSL 1.1.0
>
> Started a wiki page to list issues, solutions etc.
>
> Propose to update the security/openssl-devel port with the attached
> patch and use that to do an exp-run so we can uncover all failing
> ports.
>
> Cheers,
>
> Bernard.
>
>
> On Sat, Aug 27, 2016 at 11:18 AM, Dirk Meyer <dirk.meyer at dinoex.sub.org> wrote:
>> Hallo Ollivier Robert,
>>
>>> [01:19:54] ====>> Failed ports: lang/go14:build security/libssh2:build devel/libevent2:build archivers/libarchive:build lang/python27:package security/trousers:build lang/python34:package devel/apr1:configure lang/ruby23:package dns/ldns:configure databa
>>> ses/freetds:build www/libwww:configure ftp/lftp:build security/pkcs11-helper:build security/php56-openssl:build www/lynx:build net-p2p/libtorrent:build security/cyrus-sasl2:build dns/bind910:configure mail/postfix-current:build mail/dovecot2:build lang/r
>>> uby22:package ftp/wget:configure www/nginx-devel:build dns/bind99:configure www/aria2:build
>>>
>>> Most of them were building before (exception is go14 which is always failing on my poudriere but I know why).
>>
>> a number of your ports failing with openssl-devel-1.1.0
>> builds fine with my version of openssl-1.1.0 in ports:
>>
>> archivers/libarchive
>> devel/apr1
>> devel/libevent2
>> dns/bind910
>> dns/ldns
>> net-p2p/libtorrent
>> security/php56-openssl
>> security/cyrus-sasl2
>> security/trousers
>> www/lynx
>>
>> For them there are no regressions with the update of security/openssl I an testing.
>>
>> kind regards Dirk
>>
>> - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany
>> - [dirk.meyer at dinoex.sub.org],[dirk.meyer at guug.de],[dinoex at FreeBSD.org]
>>

Hi All,

I've committed the patch which fixes the ASM configure issue, the i386
build issue (by fixing the EC option) and aligns with the (now
reverted) security/openssl 1.1.0 port.
https://svnweb.freebsd.org/ports?view=revision&revision=420878

  - Do not pass asm to configure (upstream default ON), fixes configure
  - Disable EC optimizations on i386, fixes build
  - Split options activation into upstream-default-enabled and -disabled
  - Rework EC option handling
  - Align order of Makefile with security/openssl
  - Use improved patching from security/openssl
  - Improve options descriptions
  - Remove old PRECIOUSMAKEVARS
  - Add pkg-message

The ports build issues I've analysed thusfar are problems in the
upstream code. Probably takes a while for upstream projects to release
fixes. Will add analysis results to the wiki page at
https://wiki.freebsd.org/OpenSSL/1.1.0

More information about the freebsd-ports mailing list