[MacPorts] #68766: openssl3 @3.2.0_0+universal may have broken PRNG on Mavericks and older

MacPorts noreply at macports.org
Mon Nov 27 19:47:20 UTC 2023 

#68766: openssl3 @3.2.0_0+universal may have broken PRNG on Mavericks and older
------------------------+------------------------
  Reporter:  fhgwright  |      Owner:  neverpanic
      Type:  defect     |     Status:  assigned
  Priority:  Normal     |  Milestone:
 Component:  ports      |    Version:
Resolution:             |   Keywords:
      Port:  openssl3   |
------------------------+------------------------

Comment (by neverpanic):

 So we can commit a stop-gap measure to blacklist older compilers for
 openssl3 – but the question is which versions?

 We have seen reports of brokenness on 10.12. According to
 wiki:XcodeVersionInfo, the newest clang on 10.12 is `Apple LLVM version
 9.0.0 (clang-900.0.39.2)`.
 10.13 has `Apple LLVM version 10.0.0 (clang-1000.11.45.5)`, where we don't
 have data.
 10.14 has `Apple clang version 11.0.0 (clang-1100.0.33.17)`, which might
 work considering that clang-11 also seems to work as reported in this
 ticket.

 Does somebody have a 10.13 system around where they could test whether its
 compiler also miscompiles OpenSSL?

 The other question is whether somebody wants to debug what specifically is
 causing this issue, potentially using a git bisect between openssl-3.1.4
 and openssl-3.2.0. Identifying the offending commit would allow us to fix
 this upstream, which would help us in making sure we don't have to keep
 working around this downstream. I'd do it myself, but running a 10.12 VM
 on arm64 seems to be almost impossible to do.

 Considering that there is something fundamentally broken you should be
 able to identify this quickly by doing these steps in a clone of
 https://github.com/openssl/openssl.git:
 - `./config`
 - `make -j$(sysctl -n hw.ncpu)`
 - `make test HARNESS_JOBS=$(sysctl -n hw.ncpu)`
 - Mark the build as `git bisect good` if all tests pass, or only a few
 tests fail, mark it as `git bisect bad` if many tests fail.

-- 
Ticket URL: <https://trac.macports.org/ticket/68766#comment:41>
MacPorts <https://www.macports.org/>
Ports system for macOS

More information about the macports-tickets mailing list