[MacPorts] #68766: openssl3 @3.2.0_0+universal may have broken PRNG on High Sierra and older
MacPorts
noreply at macports.org
Sat Apr 20 22:43:44 UTC 2024
#68766: openssl3 @3.2.0_0+universal may have broken PRNG on High Sierra and older
------------------------+------------------------
Reporter: fhgwright | Owner: neverpanic
Type: defect | Status: closed
Priority: Normal | Milestone:
Component: ports | Version:
Resolution: fixed | Keywords:
Port: openssl3 |
------------------------+------------------------
Comment (by RJVB):
So ... OpenSSL 3.2.1 built with gcc12 on 10.9.5, non-universal x86_64 :
{{{
> DR=`port work openssl3`/destroot
> env DYDL_LIBRARY_PATH=${DR}/opt/local/libexec/openssl3/lib
${DR}/opt/local/libexec/openssl3/bin/openssl version
OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024)
> env DYDL_LIBRARY_PATH=${DR}/opt/local/libexec/openssl3/lib
${DR}/opt/local/libexec/openssl3/bin/openssl list -providers
Providers:
default
name: OpenSSL Default Provider
version: 3.2.1
status: active
legacy
name: OpenSSL Legacy Provider
version: 3.1.5
status: active
> env DYDL_LIBRARY_PATH=${DR}/opt/local/libexec/openssl3/lib
${DR}/opt/local/libexec/openssl3/bin/openssl list -random-generators
Provided RNGs and seed sources:
CTR-DRBG @ default
HASH-DRBG @ default
HMAC-DRBG @ default
SEED-SRC @ default
TEST-RAND @ default
> /opt/local/libexec/openssl3/bin/openssl list -providers
Providers:
default
name: OpenSSL Default Provider
version: 3.1.5
status: active
legacy
name: OpenSSL Legacy Provider
version: 3.1.5
status: active
> /opt/local/libexec/openssl3/bin/openssl list -random-generators
Provided RNGs and seed sources:
CTR-DRBG @ default
HASH-DRBG @ default
HMAC-DRBG @ default
SEED-SRC @ default
TEST-RAND @ default
}}}
Two naggles using GCC:
- building with `-g` isn't currently possible (with GCC12) because of the
assembly files: for those it will invoke `$prefix/bin/as` with `--gstabs`,
which clang doesn't support.
- the `Configure` script still assumes that "GCC on Apple" means one of
the pre-clang compilers that couldn't yet generate dependencies. As a
result, `makedepend` will be used, increasing the build time immensely.
This patch fixes that:
{{{
> cat patch-avoid-makedepend.diff
diff --git orig.Configure Configure
index cca1ac8..a5fd98e 100755
--- orig.Configure
+++ Configure
@@ -1628,8 +1628,7 @@ if (!$disabled{makedepend}) {
# If the makedepcmd attribute is defined, copy it. If not, the
# build files will have to fend for themselves.
$config{makedepcmd} = $target{makedepcmd} if $target{makedepcmd};
- } elsif (($predefined_C{__GNUC__} // -1) >= 3
- && !($predefined_C{__APPLE_CC__} &&
!$predefined_C{__clang__})) {
+ } elsif (($predefined_C{__GNUC__} // -1) >= 3) {
# We know that GNU C version 3 and up as well as all clang
# versions support dependency generation, but Xcode did not
# handle $cc -M before clang support (but claims __GNUC__ = 3)
}}}
--
Ticket URL: <https://trac.macports.org/ticket/68766#comment:88>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list