Introduces OpenSSL 1.1 API Replace defined(LIBRESSL_VERSION_NUMBER) with (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)

Status

category/port

Problem

Ports Status

Upstream status/Comment

archivers/libarchive

1.1 API

PR226853

Upstream pull-requestIn ports

audio/vamp-plugin-sdk

databases/freetds

1.1 API

PR226911

Upstream pull-requestIn ports

databases/freetds-devel

Upstream pull-request

databases/mongodb34

1.1 API

PR229606

Upstream pull-request In ports

databases/mongodb36

1.1 API

PR229608

Upstream pull-request In ports

databases/mysac

databases/mysql56-server

PR227178

In ports

databases/pecl-mongodb

databases/pecl-mongodb@php70

databases/pecl-mongodb@php71

databases/pecl-mongodb@php72

databases/ruby-mysql

databases/sqlcipher

PR228248

deskutils/spice-gtk

devel/grpc

PR227187

Upstream pull-requestIn ports

devel/libevent

1.1 API

PR226900

Upstream pull-requestIn ports

devel/libgit2

1.1 API

PR226954

Upstream pull-requestIn ports

devel/mongo-c-driver

dns/bind910

bind912 patch applies

dns/bind911

bind912 patch applies

dns/bind912

1.1 API

PR226903

Upstream fixedIn ports

dns/bind99

bind912 patch applies

dns/bind9-devel

bind912 patch applies

dns/bind-tools

PR226903

Slave-port of bind912In ports

dns/powerdns

1.1 API

PR227184

Upstream pull-requestIn ports

dns/powerdns-recursor

1.1 API

PR227183

Upstream pull-requestIn ports

dns/powerdns-recursor40

1.1 API

PR227183

Upstream pull-requestIn ports

emulators/virtualbox

PR228219

ftp/curl

1.1 API

PR226845

Upstream pull-requestIn ports

games/tinymux

games/tome4

irc/irssi

1.1 API

PR226925

In ports

lang/erlang-runtime20

PR227942

In ports

lang/python27

1.1 API

PR226883

Review D14837In ports

lang/python35

1.1 API

PR226883

Review D14837In ports

lang/python36

1.1 API

PR226883

Review D14837 Fixed in 3.6.5In ports

lang/ruby24

1.1 API

PR227851

Upstream pull-requestIn ports

lang/ruby25

1.1 API

PR226852

Upstream pull-requestIn ports

lang/rust

PR226955

lang/rust-nightly

mail/cyrus-imapd24

PR227167

In ports

mail/cyrus-imapd25

PR227165

In ports

mail/cyrus-imapd30

PR227166

Upstream pull-requestIn ports

mail/sendmail

PR227171

In ports

multimedia/winff

net/haproxy

PR226956

Patches upstreamed via mail

net/hostapd

PR227172

Upstream mailIn ports

net/netatalk3

PR227860

In ports

net/nuster

net/openldap24-server

PR227192

Upstream emailIn ports

net/qt4-network

net/qt5-network

1.1 API

PR228344

Upstream issue

net-mgmt/seafile-server

net-mgmt/sx

PR227188

In ports

net-mgmt/zabbix32-proxy

PSK

net-mgmt/zabbix32-server

PSK

net-mgmt/zabbix34-proxy

PSK

net-mgmt/zabbix34-server

PSK

net-mgmt/zabbix3-proxy

PSK

net-mgmt/zabbix3-server

PSK

net-p2p/transmission-cli

PR226953

Upstream pull-requestIn ports

net-p2p/transmission-daemon

PR226953

Slave-port of transmission-cliIn ports

net-p2p/transmission-qt5

PR226953

Slave-port of transmission-cliIn ports

security/duo

security/krb5

build regression

PR228970

In ports

security/openconnect

security/opensc

security/openvpn

2.4.6

In ports

security/php70-openssl

1.1 API

PR226902

php72 patch appliesIn ports

security/php71-openssl

1.1 API

PR226902

php72 patch appliesIn ports

security/php72-openssl

1.1 API

PR226902

Upstream PRIn ports

security/py-cryptography

1.1 API

PR226906

Patches Upstream

security/py-cryptography@py36

1.1 API

PR226906

Patches Upstream

security/rubygem-openssl

security/stunnel

1.1 API & 2.6 regression

PR224148

security/trousers

PR226927

Upstream issueIn ports

security/wpa_supplicant

PR227173

Upstream mailIn ports

security/xmlsec1

1.1 API

PR226933

Upstream pull-requestIn ports

sysutils/bacula9-client

1.1 API

PR228402

sysutils/pcbsd-utils

textproc/erlang-fast_xml

textproc/rubygem-github-linguist

www/apache24

1.1 API

PR226647

Upstream PRIn ports

www/aria2

PR227177

Upstream pull-requestIn ports

www/h2o

PR227169

Upstream issue/patchIn ports

www/nghttp2

1.1 API

PR226922

UpstreamIn ports

www/sogo3

PR228150

Bulk builds

Initial bulk builds

Initially, a full bulk build was run with security/libressl 2.6.4 so it could be compared with the failures of the security/libressl-devel 2.7.0 bulk build.<<BR> LibreSSL 2.6.4 reference poudriere logs
LibreSSL 2.7.0 first full build logs

OpenSSL 1.1 API

Looks like failure is triggered on clang 6 and later. Reported by Daniel Stenberg of cURL and Kris Moore of TrueOS for Apache 2.4.33.

cURL failure

Observed on MacOS by Daniel Stenberg on Apple MacOS

vtls/openssl.c:2805:35: error: passing 'const X509_ALGOR *' (aka 'const struct X509_algor_st *') to parameter of type 'X509_ALGOR *' (aka 'struct X509_algor_st *') discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
        X509_signature_print(mem, palg, a);
                                  ^~~~
/usr/local/Cellar/libressl/2.7.2/include/openssl/x509.h:670:46: note: passing argument to parameter 'alg' here
int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig);
                                             ^
1 error generated.

Fixed with openssl: provide defines for argument typecasts to build warning-free

Apache 2.4 failure

Observed by Kris Moore of TrueOS on FreeBSD 12-STABLE (i.e. TrueOS) which has clang 6.

--- ssl_engine_vars.slo ---
ssl_engine_vars.c:536:25: error: passing 'const ASN1_OBJECT **' (aka 'const struct asn1_object_st **') to parameter of type 'ASN1_OBJECT **' (aka 'struct asn1_object_st **') discards qualifiers in nested pointer types [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
        X509_ALGOR_get0(&paobj, NULL, NULL, X509_get0_tbs_sigalg(xs));
                        ^~~~~~
/usr/include/openssl/x509.h:774:36: note: passing argument to parameter 'paobj' here
void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
                                   ^
ssl_engine_vars.c:536:45: error: passing 'const X509_ALGOR *' (aka 'const struct X509_algor_st *') to parameter of type 'X509_ALGOR *' (aka 'struct X509_algor_st *') discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
        X509_ALGOR_get0(&paobj, NULL, NULL, X509_get0_tbs_sigalg(xs));
                                            ^~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/openssl/x509.h:775:19: note: passing argument to parameter 'algor' here
                                                X509_ALGOR *algor);
                                                            ^
2 errors generated.

Work-around: Set CFLAGS+= -Wno-incompatible-pointer-types-discards-qualifiers in port Makefile.

LibreSSL/2.7 (last edited 2018-07-08T18:21:04+0000 by MichaelGmelin)