httpd-2.4.26

[bdubbs@…]

New point version.

[Pierre Labastie]

Looks the openssl-1.1 patch has been applied in this version.

[Pierre Labastie]

Without the patch, I get:

ssl_engine_init.c:105:7: error: 'BN_get_rfc3526_prime_8192' undeclared here (not in a function); did you mean 'get_rfc3526_prime_8192'?
     { BN_get_rfc3526_prime_8192, NULL, 6145 },
       ^~~~~~~~~~~~~~~~~~~~~~~~~
       get_rfc3526_prime_8192
ssl_engine_init.c:106:7: error: 'BN_get_rfc3526_prime_6144' undeclared here (not in a function); did you mean 'BN_get_rfc3526_prime_8192'?
     { BN_get_rfc3526_prime_6144, NULL, 4097 },
       ^~~~~~~~~~~~~~~~~~~~~~~~~
       BN_get_rfc3526_prime_8192
ssl_engine_init.c:107:7: error: 'BN_get_rfc3526_prime_4096' undeclared here (not in a function); did you mean 'BN_get_rfc3526_prime_8192'?
     { BN_get_rfc3526_prime_4096, NULL, 3073 },
       ^~~~~~~~~~~~~~~~~~~~~~~~~
       BN_get_rfc3526_prime_8192
ssl_engine_init.c:108:7: error: 'BN_get_rfc3526_prime_3072' undeclared here (not in a function); did you mean 'BN_get_rfc3526_prime_4096'?
     { BN_get_rfc3526_prime_3072, NULL, 2049 },
       ^~~~~~~~~~~~~~~~~~~~~~~~~
       BN_get_rfc3526_prime_4096
ssl_engine_init.c:109:7: error: 'BN_get_rfc3526_prime_2048' undeclared here (not in a function); did you mean 'BN_get_rfc3526_prime_3072'?
     { BN_get_rfc3526_prime_2048, NULL, 1025 },
       ^~~~~~~~~~~~~~~~~~~~~~~~~
       BN_get_rfc3526_prime_3072
ssl_engine_init.c:110:7: error: 'BN_get_rfc2409_prime_1024' undeclared here (not in a function); did you mean 'get_rfc2409_prime_1024'?
     { BN_get_rfc2409_prime_1024, NULL, 0 }
       ^~~~~~~~~~~~~~~~~~~~~~~~~
       get_rfc2409_prime_1024

I'm out of my depth here. The current (openssl-1.1) patch does not apply, but it seems one is needed anyway.

[Pierre Labastie]

Unless Dj knows what to do, I'll wait for google to return meaningful results... archlinux is still at 2.4.25, and so is debian.

[Pierre Labastie]

I hoped that it would be fixed with apr/apr-util-1.6, but no joy.

[Pierre Labastie]

Well, using gcc -E, it appears the get_rfc3526_prime_xxx functions definitions are taken from /usr/lib/gcc/x86_64-pc-linux-gnu/7.1.0/include-fixed/openssl/bn.h.

I may be wrong, but when updating openssl, the files in include-fixed/openssl did not get updated! So they still correspond to version 1.0. I do not know how to rerun fixinclude, but it might have to do with a solution...

Hmmm, from gcc's doc:

If you update the system's header files, such as by installing a new system
version, the fixed header files of GCC are not automatically updated. The
easiest way to update them is to reinstall GCC. (If you want to be clever,
look in the makefile and you can find a shortcut.)

Looks like an A-bomb to kill an ant...

Anyway, I'll reinstall gcc and see if that works.

[Pierre Labastie]

Ah, a more recent version of the gcc doc gives a better trick:

If you update the system’s header files, such as by installing a new system
version, the fixed header files of GCC are not automatically updated. They
can be updated using the mkheaders script installed in
libexecdir/gcc/target/version/install-tools/

Let me try...

[Pierre Labastie]

Yeah, that did it... Is there a place in the book where this trick should be described? (or maybe there is already one, and I missed it).

[bdubbs@…]

I do not know of a place for this. It really is only needed, AFAICT, because of the major change in openssl. Perhaps it should go there.

[bdubbs@…]

And another thing, if a user builds the full current development LFS and BLFS, is the mkheaders script needed at all?

[ken@…]

I suspect the right place to note this is on the gcc page in BLFS, although because openssl is the only affected package it might be better to mention it there.

The problem seems to only arise if gcc has been rebuilt on a system after an older openssl had already been installed.

If gcc has not been rebuilt, the only files in include-fixed are limits.h, syslimits.h, and linux/a.out.h.

I suppose that other packages might be affected when things change, so what else do you have in include-fixed ?

An alternative might be to *remove* the file(s) from include-fixed!

[bdubbs@…]

On my current system, I build, i order:

Sun May  7 15:54:26 CDT 2017 /usr/src/openssl/openssl-1.0.2k.tar.gz
Sun Jun  4 14:32:18 CDT 2017 /usr/src/openssl/openssl-1.1.0f.tar.gz
Fri Jun 16 13:46:42 CDT 2017 /usr/src/openssl/openssl-1.0.2l.tar.gz

This system was native gcc7.

For apache testing, I did:

patch -Np1 -i /usr/src/apache/httpd-2.4.25-blfs_layout-1.patch
sed '/dir.*CFG_PREFIX/s@^@#@' -i support/apxs.in
./configure 
make

The patch probably needs ot be rediffed:

patching file config.layout
patching file configure
Hunk #1 succeeded at 37585 (offset 4554 lines).
patching file configure.in
Hunk #1 succeeded at 834 (offset 8 lines).
patching file docs/conf/httpd.conf.in
patching file include/ap_config_layout.h.in
patching file include/httpd.h
patching file Makefile.in
Hunk #1 succeeded at 111 (offset 20 lines).
Hunk #2 succeeded at 165 (offset 20 lines).
Hunk #3 succeeded at 176 (offset 20 lines).
Hunk #4 succeeded at 186 (offset 20 lines).
Hunk #5 succeeded at 196 (offset 20 lines).
Hunk #6 succeeded at 250 (offset 21 lines).
patching file support/apachectl.in
patching file support/Makefile.in

but configure/make completed without complaint.

I then went back and did a full rebuild with the current configure switches and the full build/DESTDIR install completed without complaint.

[Pierre Labastie]

I agree with Ken, it belongs to GCC. I'll take care of that. After running mkheaders, I have:

$ ls /usr/lib/gcc/x86_64-pc-linux-gnu/7.1.0/include-fixed
boost/              limits.h   ntfs-3g/      syslimits.h
ghostscript/        linux/     openssl-1.0/  tidyplatform.h
libv4l1-videodev.h  net-snmp/  ps@           X11/
libv4lconvert.h     nss/       slang.h       xorg/

Note that the openssl-1.1 headers are not anymore "fixed".

[Pierre Labastie]

Fixed a r18863