Date: Tue, 1 Apr 2014 18:44:04 -0500 (CDT) From: Lawrence "The Dreamer" Chen <beastie@tardisi.com> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/188184: [patch] security/gnutls3: should not depend on security/openssl Message-ID: <201404012344.s31Ni4NS078310@zen.lhaven.homeip.net> Resent-Message-ID: <201404012350.s31No0NZ075698@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 188184 >Category: ports >Synopsis: [patch] security/gnutls3: should not depend on security/openssl >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Apr 01 23:50:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Lawrence "The Dreamer" Chen >Release: FreeBSD 9.2-RELEASE-p3 amd64 >Organization: >Environment: System: FreeBSD zen.lhaven.homeip.net 9.2-RELEASE-p3 FreeBSD 9.2-RELEASE-p3 #0: Sat Jan 11 03:25:02 UTC 2014 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 >Description: After this port was updated to 3.1.22 to address some vulnerabilities, I found that it wanted to install security/openssl from ports as a dependency. But, installing security/openssl from ports conflicts with other ports on my system, I avoid ports that need this. Plus doesn't it seem strange that gnutls needs openssl? >How-To-Repeat: >Fix: The default options for dns/unbound, makes it need openssl-1.0+, which has become a required dependency for gnutls3. Even though its a feature auto-activation in the configure script. The inclusion from dns/unbound is to add DNSSEC Verification support to DANE. And, for the '--check' option of danetool3. So, I have made it an option, default to disabled, to not inconvenience people just needing this as an auto pkg. Don't know why the man page for danetool3 is omitted if --disable-libdane is set. --- patch begins here --- --- Makefile.orig 2014-04-01 17:01:23.475717843 -0500 +++ Makefile 2014-04-01 18:04:57.729718103 -0500 @@ -15,7 +15,6 @@ libnettle.so:${PORTSDIR}/security/nettle \ libp11-kit.so:${PORTSDIR}/security/p11-kit \ libidn.so:${PORTSDIR}/dns/libidn \ - libunbound.so:${PORTSDIR}/dns/unbound \ libtspi.so:${PORTSDIR}/security/trousers GNUTLS_SUFFIX= 3 @@ -42,16 +41,23 @@ EXAMPLESDIR= ${PREFIX}/share/examples/${PORTNAME}${GNUTLS_SUFFIX} INFO_SUBDIR= gnutls${GNUTLS_SUFFIX} -OPTIONS_DEFINE= CXX DOCS EXAMPLES LIBTASN1 +OPTIONS_DEFINE= CXX DOCS EXAMPLES LIBTASN1 LIBDANE OPTIONS_DEFAULT= CXX OPTIONS_SUB= yes LIBTASN1_DESC= Use libtasn1 from ports +LIBDANE_DESC= DNSSEC support for DANE (danetool3 --check) CXX_CONFIGURE_ENABLE= cxx .include <bsd.port.options.mk> +.if ${PORT_OPTIONS:MLIBDANE} +LIB_DEPENDS+= libunbound.so:${PORTSDIR}/dns/unbound +.else +CONFIGURE_ARGS+= --disable-libdane +.endif + .if ${PORT_OPTIONS:MLIBTASN1} || exists(${LOCALBASE}/lib/libtasn1.so.7) LIB_DEPENDS+= libtasn1.so:${PORTSDIR}/security/libtasn1 .else --- pkg-plist.orig 2014-04-01 17:01:10.259717874 -0500 +++ pkg-plist 2014-04-01 18:04:53.968719048 -0500 @@ -12,7 +12,7 @@ include/gnutls3/gnutls/abstract.h include/gnutls3/gnutls/compat.h include/gnutls3/gnutls/crypto.h -include/gnutls3/gnutls/dane.h +%%LIBDANE%%include/gnutls3/gnutls/dane.h include/gnutls3/gnutls/dtls.h include/gnutls3/gnutls/gnutls.h %%CXX%%include/gnutls3/gnutls/gnutlsxx.h @@ -42,10 +42,10 @@ info/gnutls3/gnutls.info-4 info/gnutls3/gnutls.info-5 info/gnutls3/pkcs11-vision.png -lib/gnutls3/libgnutls-dane.a -lib/gnutls3/libgnutls-dane.la -lib/gnutls3/libgnutls-dane.so -lib/gnutls3/libgnutls-dane.so.0 +%%LIBDANE%%lib/gnutls3/libgnutls-dane.a +%%LIBDANE%%lib/gnutls3/libgnutls-dane.la +%%LIBDANE%%lib/gnutls3/libgnutls-dane.so +%%LIBDANE%%lib/gnutls3/libgnutls-dane.so.0 lib/gnutls3/libgnutls-openssl.a lib/gnutls3/libgnutls-openssl.la lib/gnutls3/libgnutls-openssl.so @@ -63,8 +63,8 @@ %%CXX%%lib/gnutls3/libgnutlsxx.so %%CXX%%lib/gnutls3/libgnutlsxx.so.28 libdata/pkgconfig/gnutls3.pc -libdata/pkgconfig/gnutls3-dane.pc -man/man1/danetool3.1.gz +%%LIBDANE%%libdata/pkgconfig/gnutls3-dane.pc +%%LIBDANE%%man/man1/danetool3.1.gz man/man1/certtool3.1.gz man/man1/gnutls-cli-debug3.1.gz man/man1/gnutls-cli3.1.gz --- patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404012344.s31Ni4NS078310>