NetBSD Problem Report #53587
From hf@spg.tu-darmstadt.de Mon Sep 10 10:45:06 2018
Return-Path: <hf@spg.tu-darmstadt.de>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 1CFB17A1AE
for <gnats-bugs@gnats.NetBSD.org>; Mon, 10 Sep 2018 10:45:06 +0000 (UTC)
Message-Id: <201809101041.w8AAfo5I003824@Petzeck.nt.e-technik.tu-darmstadt.de>
Date: Mon, 10 Sep 2018 12:41:50 +0200 (CEST)
From: Hauke Fath <hf@spg.tu-darmstadt.de>
Reply-To: Hauke Fath <hf@spg.tu-darmstadt.de>
To: gnats-bugs@NetBSD.org
Cc: Hauke Fath <hf@spg.tu-darmstadt.de>
Subject: security/racoon2 does not build
X-Send-Pr-Version: 3.95
>Number: 53587
>Category: pkg
>Synopsis: security/racoon2 does not build
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Sep 10 10:50:00 +0000 2018
>Closed-Date: Tue Oct 13 04:01:24 +0000 2020
>Last-Modified: Tue Oct 13 04:01:24 +0000 2020
>Originator: Hauke Fath
>Release: NetBSD 8.0_STABLE
>Organization:
Technische Universitaet Darmstadt
>Environment:
System: NetBSD Petzeck 8.0_STABLE NetBSD 8.0_STABLE (DMZ_DOMU) #1: Fri Sep 7 15:39:44 CEST 2018 hf@Hochstuhl:/var/obj/netbsd-builds/8/amd64/sys/arch/amd64/compile/DMZ_DOMU amd64
Architecture: x86_64
Machine: amd64
>Description:
Building security/racoon2 on netbsd-8 fails with
[...]
gcc -O2 -D_FORTIFY_SOURCE=2 -I/usr/include/krb5 -I/usr/include -I/usr/include/krb5 -I/usr/include -DENABLE_SECURE -Werror -Wall -Wmissing-prototypes -Wmissing-declarations -g -O -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DYYTEXT_POINTER=1 -DINET6=1 -DSTDC_HEADERS=1 -DHAVE_SYS_WAIT_H=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_SYS_TIME_H=1 -DHAVE_LIMITS_H=1 -DHAVE_UNISTD_H=1 -DHAVE_STDARG_H=1 -DHAVE_NETINET6_IPSEC_H=1 -DHAVE_NETIPSEC_IPSEC_H=1 -DHAVE_NET_PFKEYV2_H=1 -DENABLE_NATT=1 -DTIME_WITH_SYS_TIME=1 -DHAVE_STRFTIME=1 -DHAVE_VPRINTF=1 -DHAVE_GETTIMEOFDAY=1 -DHAVE_MKTIME=1 -DHAVE_SOCKET=1 -DHAVE_STRDUP=1 -DHAVE_STRERROR=1 -DHAVE_STRTOL=1 -DHAVE_GETIFADDRS=1 -DHAVE_STRLCPY=1 -DHAVE_STRLCAT=1 -DHAVE_ATOLL=1 -DHAVE_SA_LEN=1 -DHAVE_OPENSSL_EVP_H=1 -DSYSCON!
FDIR=\"/etc/pkg/racoon2\" -DCF_DEBUG -c if_spmd.c
if_spmd.c: In function 'spmd_if_login_response':
if_spmd.c:1111:8: error: implicit declaration of function 'EVP_MD_CTX_new' [-Werror=implicit-function-declaration]
ctx = EVP_MD_CTX_new();
^
if_spmd.c:1111:6: error: assignment makes pointer from integer without a cast [-Werror=int-conversion]
ctx = EVP_MD_CTX_new();
^
if_spmd.c:1162:2: error: implicit declaration of function 'EVP_MD_CTX_free' [-Werror=implicit-function-declaration]
EVP_MD_CTX_free(ctx);
^
cc1: all warnings being treated as errors
*** Error code 1
probably because the code is out of sync with openssl api
versioning, since the function prototypes, declared in
<openssl/evp.h>, are protected with #if OPENSSL_API_COMPAT >=
0x10100000L.
>How-To-Repeat:
Build pkg on netbsd.8.
>Fix:
Yes, please.
>Release-Note:
>Audit-Trail:
From: christos@zoulas.com (Christos Zoulas)
To: gnats-bugs@NetBSD.org, pkg-manager@netbsd.org, gnats-admin@netbsd.org,
pkgsrc-bugs@netbsd.org
Cc:
Subject: Re: pkg/53587: security/racoon2 doesn not build
Date: Mon, 10 Sep 2018 08:30:19 -0400
On Sep 10, 10:50am, hf@spg.tu-darmstadt.de (Hauke Fath) wrote:
-- Subject: pkg/53587: security/racoon2 doesn not build
Try defining OPENSSL_API_COMPAT to 0x10100000 ...
christos
From: Hauke Fath <hf@spg.tu-darmstadt.de>
To: gnats-bugs@netbsd.org
Cc: pkg-manager@netbsd.org, gnats-admin@netbsd.org,
Christos Zoulas <christos@zoulas.com>
Subject: Re: pkg/53587: security/racoon2 doesn not build
Date: Tue, 11 Sep 2018 11:46:07 +0200
On 09/10/18 14:35, Christos Zoulas wrote:
> The following reply was made to PR pkg/53587; it has been noted by GNATS.
>
> From: christos@zoulas.com (Christos Zoulas)
> To: gnats-bugs@NetBSD.org, pkg-manager@netbsd.org, gnats-admin@netbsd.org,
> pkgsrc-bugs@netbsd.org
> Cc:
> Subject: Re: pkg/53587: security/racoon2 doesn not build
> Date: Mon, 10 Sep 2018 08:30:19 -0400
>
> On Sep 10, 10:50am, hf@spg.tu-darmstadt.de (Hauke Fath) wrote:
> -- Subject: pkg/53587: security/racoon2 doesn not build
>
>
> Try defining OPENSSL_API_COMPAT to 0x10100000 ...
Hum. After finding that several source files needed the above, I went with
Index: Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/security/racoon2/Makefile,v
retrieving revision 1.14
diff -u -u -r1.14 Makefile
--- Makefile 22 Aug 2018 09:46:29 -0000 1.14
+++ Makefile 11 Sep 2018 09:43:11 -0000
@@ -23,6 +23,8 @@
USE_TOOLS+= grep sed flex yacc
USE_TOOLS+= gzip:run perl:run # used by pskgen
+CPPFLAGS+= -DOPENSSL_API_COMPAT=0x10100000L
+
# @perl_bindir@ will be /usr/pkgsrc/security/racoon2/work/.tools/bin/perl.
# REPLACE_PERL cannot be used, since @perl_bindir@ does not match its
pattern.
REPLACE_INTERPRETER+= perl
which then led to
[...]
--- iked ---
gcc -L../lib -L/usr/lib -Wl,-R/usr/lib -Wl,-R/usr/pkg/lib -L/usr/lib -o
iked main.o dh.o ike_sa.o ike_conf.o isakmp.o authenticator.o
encryptor.o crypto_openssl.o str2val.o keyed_hash.o sockmisc.o
ike_pfkey.o ike_spmif.o schedule.o ratelimit.o script.o ikev1/ikev1.o
ikev1/genlist.o ikev1/ipsec_doi.o ikev1/isakmp_ident.o
ikev1/isakmp_quick.o ikev1/isakmp_inf.o ikev1/handler.o ikev1/strnames.o
ikev1/oakley.o ikev1/vendorid.o ikev1/algorithm.o ikev1/proposal.o
ikev1/pfkey.o ikev1/ikev1_natt.o ikev2.o ikev2_auth.o ikev2_child.o
ikev2_cookie.o ikev2_notify.o ikev2_packet.o ikev2_payload.o
ikev2_proposal.o ikev2_rekey.o ikev2_config.o nattraversal.o -lracoon
-lcrypto
crypto_openssl.o: In function `cb_check_cert':
/var/obj/pkgsrc/security/racoon2/work/racoon2-b2a193fc9875d1fb89c0a51690745379bc135fcf/iked/crypto_openssl.c:331:
undefined reference to `X509_STORE_CTX_get0_cert'
crypto_openssl.o: In function `eay_dss_sign':
/var/obj/pkgsrc/security/racoon2/work/racoon2-b2a193fc9875d1fb89c0a51690745379bc135fcf/iked/crypto_openssl.c:1241:
undefined reference to `EVP_PKEY_get0_DSA'
*** [iked] Error code 1
make[1]: stopped in
/var/obj/pkgsrc/security/racoon2/work/racoon2-b2a193fc9875d1fb89c0a51690745379bc135fcf/iked
1 error
[...]
both of which are not anywhere under /usr/include on netbsd-8.
Cheerio,
hauke
--
The ASCII Ribbon Campaign Hauke Fath
() No HTML/RTF in email Institut für Nachrichtentechnik
/\ No Word docs in email TU Darmstadt
Respect for open standards Ruf +49-6151-16-21344
From: atsushi fukumoto <fukumoto.at@gmail.com>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: pkg/53587
Date: Tue, 11 Sep 2018 20:01:17 +0900
--Apple-Mail-51AF5AD1-980E-4440-A940-FE1606C17E28
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: quoted-printable
A quick fix will be to copy the compatibility layer from https://wiki.openss=
l.org/index.php/OpenSSL_1.1.0_Changes to somewhere in iked/crypto_openssl.c
FUKUMOTO Atsushi
fukumoto.at@gmail.com
--Apple-Mail-51AF5AD1-980E-4440-A940-FE1606C17E28
Content-Type: text/html;
charset=utf-8
Content-Transfer-Encoding: 7bit
<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">A quick fix will be to copy the compatibility layer from <a href="https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes">https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes</a> to somewhere in iked/crypto_openssl.c<div></div><div><br></div><div>FUKUMOTO Atsushi</div><div><a href="mailto:fukumoto.at@gmail.com">fukumoto.at@gmail.com</a></div><div><br></div></body></html>
--Apple-Mail-51AF5AD1-980E-4440-A940-FE1606C17E28--
From: Hauke Fath <hf@spg.tu-darmstadt.de>
To: gnats-bugs@NetBSD.org, pkg-manager@NetBSD.org, gnats-admin@NetBSD.org
Cc:
Subject: Re: pkg/53587
Date: Tue, 11 Sep 2018 14:31:41 +0200
On 09/11/18 13:05, atsushi fukumoto wrote:
> A quick fix will be to copy the compatibility layer fromhttps://wiki.openss=
> l.org/index.php/OpenSSL_1.1.0_Changes to somewhere in iked/crypto_openssl.c
I will leave that to upstream. ;)
Cheerio,
hauke
--
The ASCII Ribbon Campaign Hauke Fath
() No HTML/RTF in email Institut für Nachrichtentechnik
/\ No Word docs in email TU Darmstadt
Respect for open standards Ruf +49-6151-16-21344
From: christos@zoulas.com (Christos Zoulas)
To: gnats-bugs@NetBSD.org, pkg-manager@netbsd.org, gnats-admin@netbsd.org,
pkgsrc-bugs@netbsd.org, Hauke Fath <hf@spg.tu-darmstadt.de>
Cc:
Subject: Re: pkg/53587: security/racoon2 doesn not build
Date: Tue, 11 Sep 2018 12:53:01 -0400
On Sep 11, 10:10am, hf@spg.tu-darmstadt.de (Hauke Fath) wrote:
-- Subject: Re: pkg/53587: security/racoon2 doesn not build
| Hum. After finding that several source files needed the above, I went with
|
| Index: Makefile
| ===================================================================
| RCS file: /cvsroot/pkgsrc/security/racoon2/Makefile,v
| retrieving revision 1.14
| diff -u -u -r1.14 Makefile
| --- Makefile 22 Aug 2018 09:46:29 -0000 1.14
| +++ Makefile 11 Sep 2018 09:43:11 -0000
| @@ -23,6 +23,8 @@
| USE_TOOLS+= grep sed flex yacc
| USE_TOOLS+= gzip:run perl:run # used by pskgen
|
| +CPPFLAGS+= -DOPENSSL_API_COMPAT=0x10100000L
| +
| # @perl_bindir@ will be /usr/pkgsrc/security/racoon2/work/.tools/bin/perl.
| # REPLACE_PERL cannot be used, since @perl_bindir@ does not match its
| pattern.
| REPLACE_INTERPRETER+= perl
Great, that's the way to do it!
| which then led to
|
| undefined reference to `X509_STORE_CTX_get0_cert'
| undefined reference to `EVP_PKEY_get0_DSA'
|
| both of which are not anywhere under /usr/include on netbsd-8.
They are supposed to:
https://releng.netbsd.org/cgi-bin/req-8.cgi?show=967
christos
From: Hauke Fath <hf@spg.tu-darmstadt.de>
To: Christos Zoulas <christos@zoulas.com>
Cc: gnats-bugs@NetBSD.org, pkg-manager@NetBSD.org, gnats-admin@NetBSD.org
Subject: Re: pkg/53587: security/racoon2 doesn not build
Date: Tue, 11 Sep 2018 21:06:46 +0200
On Tue, 11 Sep 2018 12:53:01 -0400, Christos Zoulas wrote:
> | which then led to
> | =20
> | undefined reference to `X509_STORE_CTX_get0_cert'
> | undefined reference to `EVP_PKEY_get0_DSA'
> | =20
> | both of which are not anywhere under /usr/include on netbsd-8.
>=20
> They are supposed to:
>=20
> https://releng.netbsd.org/cgi-bin/req-8.cgi?show=3D967
Ah. I'll wait for those to land, then.
Cheerio,
hauke
--=20
The ASCII Ribbon Campaign Hauke Fath
() No HTML/RTF in email Institut f=FCr Nachrichtentechnik
/\ No Word docs in email TU Darmstadt
Respect for open standards Ruf +49-6151-16-21344
State-Changed-From-To: open->closed
State-Changed-By: maya@NetBSD.org
State-Changed-When: Tue, 13 Oct 2020 04:01:24 +0000
State-Changed-Why:
I don't think this scenario is possible any more as pkgsrc should pull in a newer openssl for netbsd-8. Sorry your bug was not addressed at the time. Thanks for the report.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.