From: Theo Buehler Subject: curl + ngtcp2 vs quic To: ports@openbsd.org Cc: naddy@openbsd.org Date: Mon, 25 Aug 2025 15:39:55 +0200 ngtcp2 1.15 renamed ngtcp2_crypto_quictls.so to ngtcp2_crypto_libressl.so. The main reason for this is that the curl people wanted that... Unfortunately, ngtcp2 1.15 is broken with libressl as shipped because they forget to install the still-relevant ngtcp2_crypto_quictls.h for libressl. So pull in a fix for that. I think we're better off dealing with this now rather than waiting for 1.16, so the backports during the next cycle have this stumbling block of the way, plus we get some testing before release. It still works for me. For libngtcp2 only a minor is strictly needed, but let's err on the safe side. The patch below updates ngtcp2 to 1.15, pulls in the fix for the missing header and adds the necessary autoconf patches from upstream to curl. I left out the boring wantlib churn and bumps in other ports. https://github.com/ngtcp2/ngtcp2/pull/1716 https://github.com/ngtcp2/ngtcp2/pull/1726 https://github.com/ngtcp2/ngtcp2/pull/1752 https://github.com/curl/curl/commit/31e6798544bf8aafbd8aef61b08623b92312aa42 Index: net/curl/Makefile =================================================================== RCS file: /cvs/ports/net/curl/Makefile,v diff -u -p -r1.208 Makefile --- net/curl/Makefile 20 Jul 2025 22:10:32 -0000 1.208 +++ net/curl/Makefile 25 Aug 2025 13:02:52 -0000 @@ -4,6 +4,7 @@ DISTNAME= curl-8.15.0 SHARED_LIBS= curl 26.32 # 12.0 CATEGORIES= net HOMEPAGE= https://curl.se/ +REVISION= 0 MAINTAINER= Christian Weisgerber @@ -14,7 +15,7 @@ SITES= https://curl.se/download/ EXTRACT_SUFX= .tar.xz LIB_DEPENDS= www/nghttp2 www/nghttp3 net/ngtcp2 -WANTLIB= c crypto pthread nghttp2 nghttp3 ngtcp2 ngtcp2_crypto_quictls +WANTLIB= c crypto pthread nghttp2 nghttp3 ngtcp2 ngtcp2_crypto_libressl WANTLIB+= ssl z AUTOCONF_VERSION=2.71 Index: net/curl/patches/patch-configure_ac =================================================================== RCS file: net/curl/patches/patch-configure_ac diff -N net/curl/patches/patch-configure_ac --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ net/curl/patches/patch-configure_ac 25 Aug 2025 13:02:38 -0000 @@ -0,0 +1,73 @@ +https://github.com/curl/curl/commit/31e6798544bf8aafbd8aef61b08623b92312aa42 + +Index: configure.ac +--- configure.ac.orig ++++ configure.ac +@@ -3201,7 +3201,66 @@ if test X"$want_tcp2" != Xno; then + fi + fi + +-if test "x$USE_NGTCP2" = "x1" -a "x$OPENSSL_ENABLED" = "x1" -a \ ++if test "x$USE_NGTCP2" = "x1" -a "x$OPENSSL_ENABLED" = "x1" -a "$HAVE_LIBRESSL" = "1"; then ++ dnl backup the pre-ngtcp2_crypto_libressl variables ++ CLEANLDFLAGS="$LDFLAGS" ++ CLEANLDFLAGSPC="$LDFLAGSPC" ++ CLEANCPPFLAGS="$CPPFLAGS" ++ CLEANLIBS="$LIBS" ++ ++ CURL_CHECK_PKGCONFIG(libngtcp2_crypto_libressl, $want_tcp2_path) ++ ++ if test "$PKGCONFIG" != "no"; then ++ LIB_NGTCP2_CRYPTO_LIBRESSL=`CURL_EXPORT_PCDIR([$want_tcp2_path]) ++ $PKGCONFIG --libs-only-l libngtcp2_crypto_libressl` ++ AC_MSG_NOTICE([-l is $LIB_NGTCP2_CRYPTO_LIBRESSL]) ++ ++ CPP_NGTCP2_CRYPTO_LIBRESSL=`CURL_EXPORT_PCDIR([$want_tcp2_path]) dnl ++ $PKGCONFIG --cflags-only-I libngtcp2_crypto_libressl` ++ AC_MSG_NOTICE([-I is $CPP_NGTCP2_CRYPTO_LIBRESSL]) ++ ++ LD_NGTCP2_CRYPTO_LIBRESSL=`CURL_EXPORT_PCDIR([$want_tcp2_path]) ++ $PKGCONFIG --libs-only-L libngtcp2_crypto_libressl` ++ AC_MSG_NOTICE([-L is $LD_NGTCP2_CRYPTO_LIBRESSL]) ++ ++ LDFLAGS="$LDFLAGS $LD_NGTCP2_CRYPTO_LIBRESSL" ++ LDFLAGSPC="$LDFLAGSPC $LD_NGTCP2_CRYPTO_LIBRESSL" ++ CPPFLAGS="$CPPFLAGS $CPP_NGTCP2_CRYPTO_LIBRESSL" ++ LIBS="$LIB_NGTCP2_CRYPTO_LIBRESSL $LIBS" ++ ++ if test "x$cross_compiling" != "xyes"; then ++ DIR_NGTCP2_CRYPTO_LIBRESSL=`echo $LD_NGTCP2_CRYPTO_LIBRESSL | $SED -e 's/^-L//'` ++ fi ++ AC_CHECK_LIB(ngtcp2_crypto_libressl, ngtcp2_crypto_recv_client_initial_cb, ++ [ ++ AC_CHECK_HEADERS(ngtcp2/ngtcp2_crypto.h, ++ USE_NGTCP2=1 ++ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_NGTCP2_CRYPTO_LIBRESSL" ++ export CURL_LIBRARY_PATH ++ AC_MSG_NOTICE([Added $DIR_NGTCP2_CRYPTO_LIBRESSL to CURL_LIBRARY_PATH]) ++ LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libngtcp2_crypto_libressl" ++ ) ++ ], ++ dnl not found, revert back to clean variables ++ LDFLAGS=$CLEANLDFLAGS ++ LDFLAGSPC=$CLEANLDFLAGSPC ++ CPPFLAGS=$CLEANCPPFLAGS ++ LIBS=$CLEANLIBS ++ ) ++ ++ else ++ dnl no ngtcp2_crypto_libressl pkg-config found, deal with it ++ if test X"$want_tcp2" != Xdefault; then ++ dnl To avoid link errors, we do not allow --with-ngtcp2 without ++ dnl a pkgconfig file ++ AC_MSG_WARN([--with-ngtcp2 was specified but could not find ngtcp2_crypto_libressl pkg-config file.]) ++ dnl Pretend to be quictls to fall back to using ngtcp2_crypto_quictls ++ fi ++ HAVE_LIBRESSL=0 ++ fi ++fi ++ ++if test "x$USE_NGTCP2" = "x1" -a "x$OPENSSL_ENABLED" = "x1" -a "$HAVE_LIBRESSL" != "1" -a \ + "x$OPENSSL_IS_BORINGSSL" != "x1" -a "x$OPENSSL_QUIC_API2" != "x1"; then + dnl backup the pre-ngtcp2_crypto_quictls variables + CLEANLDFLAGS="$LDFLAGS" Index: net/curl/patches/patch-m4_curl-openssl_m4 =================================================================== RCS file: net/curl/patches/patch-m4_curl-openssl_m4 diff -N net/curl/patches/patch-m4_curl-openssl_m4 --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ net/curl/patches/patch-m4_curl-openssl_m4 25 Aug 2025 13:02:43 -0000 @@ -0,0 +1,13 @@ +https://github.com/curl/curl/commit/31e6798544bf8aafbd8aef61b08623b92312aa42 + +Index: m4/curl-openssl.m4 +--- m4/curl-openssl.m4.orig ++++ m4/curl-openssl.m4 +@@ -292,6 +292,7 @@ if test "x$OPT_OPENSSL" != xno; then + ],[ + AC_MSG_RESULT([yes]) + ssl_msg="LibreSSL" ++ HAVE_LIBRESSL=1 + ],[ + AC_MSG_RESULT([no]) + ]) Index: net/ngtcp2/Makefile =================================================================== RCS file: /cvs/ports/net/ngtcp2/Makefile,v diff -u -p -r1.29 Makefile --- net/ngtcp2/Makefile 26 Jul 2025 06:10:04 -0000 1.29 +++ net/ngtcp2/Makefile 25 Aug 2025 12:52:09 -0000 @@ -1,10 +1,10 @@ COMMENT= implementation of the RFC 9000 QUIC protocol -V= 1.14.0 +V= 1.15.0 DISTNAME= ngtcp2-$V -SHARED_LIBS+= ngtcp2 4.1 # 20.0 -SHARED_LIBS+= ngtcp2_crypto_quictls 0.2 # 5.0 +SHARED_LIBS+= ngtcp2 5.0 # 21.0 +SHARED_LIBS+= ngtcp2_crypto_libressl 0.0 # 5.0 CATEGORIES= net @@ -22,7 +22,9 @@ SITES= https://github.com/ngtcp2/ngtcp2 SEPARATE_BUILD= Yes DEBUG_PACKAGES= ${BUILD_PACKAGES} -CONFIGURE_STYLE= gnu +CONFIGURE_STYLE= autoreconf +AUTOCONF_VERSION= 2.72 +AUTOMAKE_VERSION= 1.16 CONFIGURE_ARGS+= --with-openssl .include Index: net/ngtcp2/distinfo =================================================================== RCS file: /cvs/ports/net/ngtcp2/distinfo,v diff -u -p -r1.27 distinfo --- net/ngtcp2/distinfo 26 Jul 2025 06:10:04 -0000 1.27 +++ net/ngtcp2/distinfo 25 Aug 2025 11:33:52 -0000 @@ -1,2 +1,2 @@ -SHA256 (ngtcp2-1.14.0.tar.gz) = JSckc/Eur3oE+PQ37diSdT5edy9JD0aWCWCbdWk9SRA= -SIZE (ngtcp2-1.14.0.tar.gz) = 1170472 +SHA256 (ngtcp2-1.15.0.tar.gz) = fe6JmgUzShDLSUWv8DDAvtcHlmPsANbrx9Z/HwG1RL8= +SIZE (ngtcp2-1.15.0.tar.gz) = 1189156 Index: net/ngtcp2/pkg/PLIST =================================================================== RCS file: /cvs/ports/net/ngtcp2/pkg/PLIST,v diff -u -p -r1.2 PLIST --- net/ngtcp2/pkg/PLIST 20 Sep 2023 15:58:21 -0000 1.2 +++ net/ngtcp2/pkg/PLIST 25 Aug 2025 12:55:37 -0000 @@ -6,10 +6,10 @@ include/ngtcp2/version.h @static-lib lib/libngtcp2.a lib/libngtcp2.la @lib lib/libngtcp2.so.${LIBngtcp2_VERSION} -@static-lib lib/libngtcp2_crypto_quictls.a -lib/libngtcp2_crypto_quictls.la -@lib lib/libngtcp2_crypto_quictls.so.${LIBngtcp2_crypto_quictls_VERSION} +@static-lib lib/libngtcp2_crypto_libressl.a +lib/libngtcp2_crypto_libressl.la +@lib lib/libngtcp2_crypto_libressl.so.${LIBngtcp2_crypto_libressl_VERSION} lib/pkgconfig/libngtcp2.pc -lib/pkgconfig/libngtcp2_crypto_quictls.pc +lib/pkgconfig/libngtcp2_crypto_libressl.pc share/doc/ngtcp2/ share/doc/ngtcp2/README.rst Index: net/ngtcp2/patches/patch-crypto_includes_CMakeLists_txt =================================================================== RCS file: net/ngtcp2/patches/patch-crypto_includes_CMakeLists_txt diff -N net/ngtcp2/patches/patch-crypto_includes_CMakeLists_txt --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ net/ngtcp2/patches/patch-crypto_includes_CMakeLists_txt 25 Aug 2025 13:14:48 -0000 @@ -0,0 +1,14 @@ +https://github.com/ngtcp2/ngtcp2/pull/1752 + +Index: crypto/includes/CMakeLists.txt +--- crypto/includes/CMakeLists.txt.orig ++++ crypto/includes/CMakeLists.txt +@@ -25,7 +25,7 @@ install(FILES + ngtcp2/ngtcp2_crypto.h + DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/ngtcp2") + +-if(HAVE_QUICTLS) ++if(HAVE_QUICTLS OR HAVE_LIBRESSL) + install(FILES + ngtcp2/ngtcp2_crypto_quictls.h + DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/ngtcp2") Index: net/ngtcp2/patches/patch-crypto_includes_Makefile_am =================================================================== RCS file: net/ngtcp2/patches/patch-crypto_includes_Makefile_am diff -N net/ngtcp2/patches/patch-crypto_includes_Makefile_am --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ net/ngtcp2/patches/patch-crypto_includes_Makefile_am 25 Aug 2025 13:14:48 -0000 @@ -0,0 +1,16 @@ +https://github.com/ngtcp2/ngtcp2/pull/1752 + +Index: crypto/includes/Makefile.am +--- crypto/includes/Makefile.am.orig ++++ crypto/includes/Makefile.am +@@ -28,6 +28,10 @@ if HAVE_QUICTLS + nobase_include_HEADERS += ngtcp2/ngtcp2_crypto_quictls.h + endif + ++if HAVE_LIBRESSL ++nobase_include_HEADERS += ngtcp2/ngtcp2_crypto_quictls.h ++endif ++ + if HAVE_GNUTLS + nobase_include_HEADERS += ngtcp2/ngtcp2_crypto_gnutls.h + endif