net-libs/neon-0.30.2 using pcks11 use flag fails to build with dev-libs/openssl-1.1.0j Builds OK with pkcs11 use flag removed. emerge --info Portage 2.3.53 (python 3.6.6-final-0, default/linux/amd64/17.0/desktop/plasma, gcc-8.2.0, glibc-2.28-r4, 4.20.0-gentoo x86_64) ================================================================= System uname: Linux-4.20.0-gentoo-x86_64-Intel-R-_Core-TM-_i7-4700MQ_CPU_@_2.40GHz-with-gentoo-2.6 KiB Mem: 16340240 total, 10616832 free KiB Swap: 16777212 total, 16777212 free Timestamp of repository gentoo: Wed, 02 Jan 2019 22:04:14 +0000 Head commit of repository gentoo: a34e345b8ccd69954595bfa72625b2a2fac292a8 sh bash 4.4_p23 ld GNU ld (Gentoo 2.31.1 p5) 2.31.1 app-shells/bash: 4.4_p23::gentoo dev-java/java-config: 2.2.0-r4::gentoo dev-lang/perl: 5.26.2::gentoo dev-lang/python: 2.7.15::gentoo, 3.6.6::gentoo dev-util/cmake: 3.13.2::gentoo dev-util/pkgconfig: 0.29.2::gentoo sys-apps/baselayout: 2.6-r1::gentoo sys-apps/openrc: 0.40.3::gentoo sys-apps/sandbox: 2.14::gentoo sys-devel/autoconf: 2.13-r1::gentoo, 2.69-r4::gentoo sys-devel/automake: 1.16.1-r1::gentoo sys-devel/binutils: 2.30-r4::gentoo, 2.31.1-r3::gentoo sys-devel/gcc: 7.3.0-r3::gentoo, 8.2.0-r6::gentoo sys-devel/gcc-config: 2.0::gentoo sys-devel/libtool: 2.4.6-r5::gentoo sys-devel/make: 4.2.1-r4::gentoo sys-kernel/linux-headers: 4.20::gentoo (virtual/os-headers) sys-libs/glibc: 2.28-r4::gentoo Repositories: gentoo location: /usr/portage sync-type: git sync-uri: git://192.168.1.115/portage priority: -1000 x-portage location: /usr/local/portage masters: gentoo priority: 0 ace location: /var/lib/layman/ace masters: gentoo priority: 50 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="* -@EULA AdobeFlash-10.1 AdobeFlash-11.x Oracle-BCLA-JavaSE skype-4.0.0.7-copyright NVIDIA-CUDA Nessus-EULA google-chrome RAR" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -march=native -mtune=native" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -pipe -march=native -mtune=native" DISTDIR="/usr/portage/distfiles" ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs distlocks ebuild-locks fixlafiles merge-sync multilib-strict news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="ftp://192.168.1.115/ ftp://192.168.1.100/ http://gentoo.mirrors.pair.com/ http://gentoo.osuosl.org/ http://mirrors.rit.edu/gentoo/" LANG="en_US.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j7" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="X a52 aac aacplus acpi activities afpacket alsa alsa-plugin amd64 bbswitch berkdb binary-drivers bluetooth branding bzip2 cairo caps-ng cdda cddb cdr cli client consolekit crypt cups cxx dbus declarative dhcpcd dri dri3 dts dvb dvd dvdr efi efiemu emboss encode evdev exif external-fuse fam ffmpeg flac fortran gdbm gif git glamor gles gles2 gpm gstreamer gtk gtk3 hex hpcups iconv icu ipv6 java javafx javascript jit jpeg kipi kwallet lcms ldap legacy-systray libnotify libtirpc lightdm mad maxminddb mjpeg mng mp3 mp4 mpeg mtp multilib native-exceptions ncurses nfs nfsv4 nls nptl nsplugin nss ntfsprogs ntp nvidia objc offensive ogg openal opengl openmp openssl ovftool pam pango pcap pcre pcsc-lite pdf phonon pkcs11 plasma png policykit ppds prelink proprietary-codecs pulseaudio python qemu qml qt5 rar rdp readline realtime samba sdl sdl2 seccomp semantic-desktop shm smartcard sna spell sqlite ssl startup-notification svc svg taglib tcpd theora threads tiff touchpad truetype udev udisks unicode upower usb uvm uxa v4l2 vaapi vdpau vix vnc vorbis vpx vulkan wayland widevine widgets wifi winbind wma wxwidgets x264 x265 xa xattr xcb xcomposite xine xml xnest xorg xv xvid xvmc zip zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon plan sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64" INPUT_DEVICES="keyboard evdev synaptics void" KERNEL="linux" L10N="en en_US" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LLVM_TARGETS="X86" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6 php7-1" POSTGRES_TARGETS="postgres9_5 postgres10" PYTHON_SINGLE_TARGET="python3_6" PYTHON_TARGETS="python2_7 python3_6" RUBY_TARGETS="ruby24 ruby25" USERLAND="GNU" VIDEO_CARDS="intel i965 nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Created attachment 559882 [details] build.log
I've seen this as well. Disabling "pkcs11" use flag fixes; relatively few downstream apps seem to be using this (notably musicbrainz, needed by kdemultimedia) and I haven't seen anything that breaks as a result of disabling pkcs11. Is there a way conditionally mask the use flag based on the openssl version?
This code was changed once in a commit (r1974) which said "Add OpenSSL 1.1.0 compatibility": http://lists.manyfish.co.uk/pipermail/neon-commits/2016-September/001037.html +#if defined(RSA_F_RSA_PRIVATE_ENCRYPT) +#define PK11_RSA_ERR (RSA_F_RSA_PRIVATE_ENCRYPT) +#else #define PK11_RSA_ERR (RSA_F_RSA_EAY_PRIVATE_ENCRYPT) +#endif But maybe it was incorrect or only correct for earlier versions of OpenSSL 1.1.0... Neon with USE="gnutls" would not use OpenSSL, so unconditional masking of USE="pkcs11" would be wrong.
According to my research, RSA_F_RSA_EAY_PRIVATE_ENCRYPT was renamed to not RSA_F_RSA_PRIVATE_ENCRYPT, but RSA_F_RSA_OSSL_PRIVATE_ENCRYPT. The value remains 102. https://github.com/openssl/openssl/commit/bf1605518a085256320ff4a36054445f842d5c1c "Rename RSA_eay_xxx to rsa_ossl_xxx"
To confirm, I can build neon with the pkcs11 flag if I change the macro from RSA_F_RSA_PRIVATE_ENCRYPT to RSA_F_RSA_OSSL_PRIVATE_ENCRYPT.
http://lists.manyfish.co.uk/pipermail/neon/2019-February/001622.html
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0556ce3cbc530d36ba9548aedcac376d545b970 commit e0556ce3cbc530d36ba9548aedcac376d545b970 Author: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> AuthorDate: 2019-02-23 05:03:10 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2019-02-25 21:24:55 +0000 net-libs/neon: Fix building with USE="-gnutls pkcs11 ssl" and >=dev-libs/openssl-1.1. Fixes: https://bugs.gentoo.org/674554 Signed-off-by: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> Signed-off-by: Mike Gilbert <floppym@gentoo.org> net-libs/neon/neon-0.30.2.ebuild | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)