# Poudriere fails to build apache24-2.4.26



## kjpetrie (Jun 23, 2017)

This morning poudriere attempted a bulk build including www/apache24. All seemed to go well until:

```
/usr/local/share/apr/build-1/libtool --silent --mode=compile cc -I/usr/local/include
    -O2 -pipe -I/usr/local/include -DLIBICONV_PLUG -fstack-protector -fno-strict-ali
asing      -DLIBICONV_PLUG    -I. -I/wrkdirs/usr/ports/www/apache24/work/httpd-2.4.2
6/os/unix -I/wrkdirs/usr/ports/www/apache24/work/httpd-2.4.26/include -I/usr/local/i
nclude/apr-1 -I/usr/local/include -I/usr/local/include/db5 -I/usr/include -I/wrkdirs
/usr/ports/www/apache24/work/httpd-2.4.26/modules/aaa -I/wrkdirs/usr/ports/www/apach
e24/work/httpd-2.4.26/modules/cache -I/wrkdirs/usr/ports/www/apache24/work/httpd-2.4
.26/modules/core -I/wrkdirs/usr/ports/www/apache24/work/httpd-2.4.26/modules/databas
e -I/wrkdirs/usr/ports/www/apache24/work/httpd-2.4.26/modules/filters -I/wrkdirs/usr
/ports/www/apache24/work/httpd-2.4.26/modules/ldap -I/wrkdirs/usr/ports/www/apache24
/work/httpd-2.4.26/server -I/wrkdirs/usr/ports/www/apache24/work/httpd-2.4.26/module
s/loggers -I/wrkdirs/usr/ports/www/apache24/work/httpd-2.4.26/modules/lua -I/wrkdirs
/usr/ports/www/apache24/work/httpd-2.4.26/modules/proxy -I/wrkdirs/usr/ports/www/apa
che24/work/httpd-2.4.26/modules/session -I/wrkdirs/usr/ports/www/apache24/work/httpd
-2.4.26/modules/ssl -I/wrkdirs/usr/ports/www/apache24/work/httpd-2.4.26/modules/test
 -I/wrkdirs/usr/ports/www/apache24/work/httpd-2.4.26/server -I/wrkdirs/usr/ports/www
/apache24/work/httpd-2.4.26/modules/arch/unix -I/wrkdirs/usr/ports/www/apache24/work
/httpd-2.4.26/modules/dav/main -I/wrkdirs/usr/ports/www/apache24/work/httpd-2.4.26/m
odules/generators -I/wrkdirs/usr/ports/www/apache24/work/httpd-2.4.26/modules/mapper
s  -prefer-non-pic -static -c ab.c && touch ab.lo
ab.c:2518:5: warning: implicit declaration of function 'SSL_CTX_set_max_proto_versio
n' is invalid in C99 [-Wimplicit-function-declaration]
    SSL_CTX_set_max_proto_version(ssl_ctx, max_prot);
    ^
ab.c:2519:5: warning: implicit declaration of function 'SSL_CTX_set_min_proto_versio
n' is invalid in C99 [-Wimplicit-function-declaration]
    SSL_CTX_set_min_proto_version(ssl_ctx, min_prot);
    ^
2 warnings generated.
/usr/local/share/apr/build-1/libtool --silent --mode=link cc    -O2 -pipe -I/usr/local/include -DLIBICONV_PLUG -fstack-protector -fno-strict-aliasing -L/usr/local/lib -lssl -lcrypto -lcrypt -lpthread     -L/usr/local/lib/db5 -L/usr/lib  -L/usr/local/lib -Wl,-rpath,/usr/local/lib -fstack-protector -o ab  ab.lo      -L/usr/local/lib -R/usr/local/lib -laprutil-1 -ldb-5.3 -lgdbm -lexpat -L/usr/local/lib -R/usr/local/lib -lapr-1 -lcrypt -lpthread -lm
ab.o: In function `main':
ab.c:(.text+0xca1): undefined reference to `SSL_CTX_set_max_proto_version'
ab.c:(.text+0xcb6): undefined reference to `SSL_CTX_set_min_proto_version'
cc: error: linker command failed with exit code 1 (use -v to see invocation)
*** Error code 1

Stop.
make[3]: stopped in /wrkdirs/usr/ports/www/apache24/work/httpd-2.4.26/support
*** Error code 1

Stop.
make[2]: stopped in /wrkdirs/usr/ports/www/apache24/work/httpd-2.4.26/support
*** Error code 1

Stop.
make[1]: stopped in /wrkdirs/usr/ports/www/apache24/work/httpd-2.4.26
*** Error code 1

Stop.
make: stopped in /usr/ports/www/apache24
====>> Cleaning up wrkdir
===>  Cleaning for apache24-2.4.26
build of www/apache24 ended at Fri Jun 23 05:50:49 BST 2017
build time: 00:01:13
!!! build failure encountered !!!
```

Any idea what I need to do to get this security upgrade built?


----------



## SirDice (Jun 23, 2017)

This appears to be a problem with the port itself. Apache 2.4.25 built fine, 2.4.26 produces this error. Isssues like this are usually quickly fixed, so hang on.

Edit: PR 220160 refers to the 2.4.26 update. It also mentions the errors when building with LibreSSL.


----------



## kjpetrie (Jun 23, 2017)

Now I'm trying to remember why I use security/libressl rather than security/openssl.

*Further thought:* It seems we will have to stay at risk while FreeBSD and Apache argue about the neatest way to deal with this. I think FreeBSD should just distribute a patched version that works in the interim to buy time to devise a more elegant solution. In fact, as I understand it, this problem will go away at the next upgrade of LibreSSL anyway, so it's a temporary problem requiring a temporary solution. In the meantime, I will try to apply the patch myself.


----------



## SirDice (Jun 24, 2017)

kjpetrie said:


> I think FreeBSD should just distribute a patched version that works in the interim to buy time to devise a more elegant solution.


That's probably going to happen. Note that OpenBSD for example also uses LibreSSL. Recently HAProxy had a similar problem, it also produced build errors with LibreSSL. If I'm not mistaken this was solved by importing a patch from OpenBSD into the port.


----------



## kjpetrie (Jun 25, 2017)

Well, at least I've learnt how to apply patches to a port, so some good's come out of it.


----------

