Comment 1 Li-Wen Hsu 2021-04-20 15:37:58 UTC

CC the committer updating to 3.3.2.

Comment 2 Kubilay Kocak 2021-04-21 04:42:53 UTC

Thank you for the report and patch Charlie. Does the patch apply to the current port version and pass QA for all USES=ssl values?

Set merge-quarterly (-), assuming the 3.3.2 update is not or wont be merged

Comment 3 Charlie Li 2021-04-21 05:44:49 UTC

The patch applies verbatim, as the relevant source files from the version we have in ports have not changed upstream. Fully passes QA, confirmed with upstream's CI (patch would not have been merged there otherwise).

All in all, this patch only adds a C preprocessor guard that hides two opcodes when LibreSSL < 3.3.2; OpenSSL not affected.

Comment 4 Kubilay Kocak 2021-04-22 01:53:34 UTC

(In reply to Charlie Li from comment #3)

Thank you Charlie.

Comment 5 Kubilay Kocak 2021-04-22 01:54:09 UTC

Comment on attachment 224270 [details]
v1

Approved by: koobs (maintainer)
MFH: No (libressl 3.3.2 not in quarterly)

Comment 6 Charlie Li 2021-05-04 23:54:48 UTC

LibreSSL 3.3.3 has landed in security/libressl which will probably MFH at some point.

Comment 7 Kubilay Kocak 2021-05-05 02:26:24 UTC

(In reply to Charlie Li from comment #6)

Feel free to self-assign and land this if it passes QA. If 3.3.3 will be MFH'd, please MFH (updating merge-quarterly flag here to ? until merged)

Hi,

Just to clarify, does this error manifest along the lines of:

build/temp.freebsd-13.0-RELEASE-amd64-3.8/_openssl.c:2172:19: error: expected identifier or '('
static const long SSL_OP_NO_DTLSv1 = 0;
                  ^
/usr/local/include/openssl/ssl.h:524:29: note: expanded from macro 'SSL_OP_NO_DTLSv1'
#define SSL_OP_NO_DTLSv1                                0x40000000L
                                                        ^
build/temp.freebsd-13.0-RELEASE-amd64-3.8/_openssl.c:2173:19: error: expected identifier or '('
static const long SSL_OP_NO_DTLSv1_2 = 0;
                  ^
/usr/local/include/openssl/ssl.h:525:31: note: expanded from macro 'SSL_OP_NO_DTLSv1_2'
#define SSL_OP_NO_DTLSv1_2                              0x80000000L
                                                        ^
... when I try to install "security/py-cryptography@py38" via "portmaster"? I just updated to FreeBSD 13.0 and this is the only port that I cannot rebuild (which is precluding a bunch of other ports being rebuilt). If this is the same error, then do you have an estimate for when the patch will start appearing in the port tree?

Thanks,

Tom

@Thomas Guymer
Yes, that is exactly the error I see.

It would be good if this could be merged with some priority.. it's blocking 80+ dependent ports on my system.

Comment 10 Kubilay Kocak 2021-05-20 02:14:47 UTC

This is up next post (unrelated) requests update which required substantial coordination and QA.

@ Danilo & Charlie This is approved to commit (and merge if required) if it passes QA

Comment 11 Charlie Li 2021-05-21 04:19:01 UTC

Approved by: ? (mentor)

Comment 12 Dima Panov 2021-05-21 04:22:44 UTC

(In reply to Charlie Li from comment #11)

Mentor: +

Comment 13 commit-hook 2021-05-21 04:33:37 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6f05c9c07cffc6ae65d8a1ea55096d3b9968e33b

commit 6f05c9c07cffc6ae65d8a1ea55096d3b9968e33b
Author:     Charlie Li <vishwin@FreeBSD.org>
AuthorDate: 2021-04-19 23:30:08 +0000
Commit:     Charlie Li <vishwin@FreeBSD.org>
CommitDate: 2021-05-21 04:32:25 +0000

    security/py-cryptography: fix build with LibreSSL 3.3.2+

    Merged upstream as https://github.com/pyca/cryptography/pull/5988
    and backported to this version.

    Approved by: koobs (maintainer), fluffy (mentor)
    PR: 255241

 .../patch-Fix-build-with-LibreSSL-3.3.2-5988 (new) | 62 ++++++++++++++++++++++
 1 file changed, 62 insertions(+)

Comment 14 Charlie Li 2021-05-21 04:34:26 UTC

Thanks all!

Comment 15 commit-hook 2021-05-21 15:19:06 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=58a2c0b4b774c28cdb023d5cab9c1179b7f88af3

commit 58a2c0b4b774c28cdb023d5cab9c1179b7f88af3
Author:     Charlie Li <vishwin@FreeBSD.org>
AuthorDate: 2021-05-21 15:11:07 +0000
Commit:     Charlie Li <vishwin@FreeBSD.org>
CommitDate: 2021-05-21 15:11:07 +0000

    security/py-cryptography: fix build on FreeBSD 11

    The LibreSSL 3.3.2+ patch does not and was never intended to apply
    with older py-cryptography 2.9.2 that we offer for FreeBSD 11 using
    base OpenSSL. For now, make the LibreSSL 3.3.2+ patch conditional
    on SSL_DEFAULT=libressl* until FreeBSD 11 goes EOL.

    Reported by: dvl
    Fixes: 6f05c9c07cff security/py-cryptography: fix build with LibreSSL 3.3.2+
    Pointy hat to: vishwin
    Approved by: koobs (maintainer, implicit), fluffly (mentor, implicit)
    PR: 255241

 security/py-cryptography/Makefile                                   | 6 ++++++
 ...SL-3.3.2-5988 => extra-patch-Fix-build-with-LibreSSL-3.3.2-5988} | 0
 2 files changed, 6 insertions(+)

Comment 16 Kubilay Kocak 2021-05-22 00:29:41 UTC

Thank you Charlie