|Summary:||lang/python27, lang/python35, lang/python36: Add libressl 2.7 support (fixes build failures)|
|Product:||Ports & Packages||Reporter:||Charlie Li <ml+freebsd>|
|Component:||Individual Port(s)||Assignee:||Bernard Spil <brnrd>|
|Severity:||Affects Some People||CC:||andoriyu, brnrd, python|
|Bug Depends on:||227090|
Description Charlie Li 2018-03-23 22:39:54 UTC
libressl 2.7.0 was released on 21 March, and it introduced support for many OpenSSL 1.0.2 and 1.1 APIs. However, this has broken builds of the affected lang/python ports when DEFAULT_VERSIONS contains ssl=libressl-devel (currently). Both the OpenBSD ports team and upstream have tracked this issue separately. OpenBSD has patched their ports tree , but when applied here, their patch breaks builds for both ssl=openssl and ssl=openssl-devel. Meanwhile, upstream will not release their patch until libressl 2.7.1 is released. Thus, this PR mainly exists to coordinate downstream patching efforts until upstream releases something.  http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/lang/python/2.7/patches/patch-Modules__ssl_c?rev=1.6&content-type=text/x-cvsweb-markup and http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/lang/python/3.6/patches/patch-Modules__ssl_c?rev=1.2&content-type=text/x-cvsweb-markup
Comment 1 Charlie Li 2018-03-24 18:52:43 UTC
Upstream has released patches. Putting them in Phabricator in a bit.
Comment 2 Kubilay Kocak 2018-03-27 09:46:54 UTC
Thank you for your report Charlie, Could you confirm/clarify some points that might be slightly ambiguous: - Is D14837 the same as the OpenBSD patches, or different, fixing "both ssl=openssl and ssl=openssl-devel" build failures referenced in comment 0? - In D14837, Does "Fails otherwise" mean the same as "breaks both ssl=openssl and ssl=openssl-devel" as referenced in comment 0 here, or some other subset/combination? - I interpreted 'upstream' in 'upstream will not release their patch' to mean Python (waiting for libressl upstream to 'release' before committing code). Is this correct? An explicit/accurate/complete list of what succeeds/fails would be super handy to figure out where/what needs work from here: From the standpoint of Python (team) and python ports, we'd ideally like to take changesets from upstream after they're committed and backported there. We're happy to carry local patches prior to next point releases in each branch. If we can confidently get to the point where we have a candidate changeset with thorough QA passing and no regressions, we can consider landing it early (before upstream (Python)). For clarity purposes, if the changeset in D14837 is incomplete (in that it regresses certain ssl combinations), then it should be abandoned in favour of a 'work in progress' patch here for someone (Bernard, CC'd, is the point on libressl things) to review and improve upon. At the point where a QA passing/complete patch is ready, we can put it back up on Phabricator for broader review, if necessary beyond here.
Comment 3 Charlie Li 2018-03-27 11:10:26 UTC
Upstream refers to the Python project themselves, not OpenBSD. The stuff on Phabricator came directly from them. "Fails otherwise" referred to earlier testport runs of mine where ccache interfered with proper testing, ie used a cached copy with wrong symbols when the ssl= value was changed. Disabling ccache fixed this, and all ssl= values work. So everything succeeds.
Comment 4 Bernard Spil 2018-03-27 13:00:58 UTC
Comment 5 Charlie Li 2018-03-31 20:25:26 UTC
Bug 227090 updates lang/python36 to 3.6.5. This patch is still needed there, as upstream released 3.6.5rc1 before landing it, thus missing the merge window there.
Comment 6 Kubilay Kocak 2018-04-01 02:51:22 UTC
Landing this after bug 227090 is easier/faster than moving the python36 specific patch to that update. Make this bug block on it.
Comment 7 commit-hook 2018-04-28 19:11:30 UTC
A commit references this bug: Author: brnrd Date: Sat Apr 28 19:11:14 UTC 2018 New revision: 468566 URL: https://svnweb.freebsd.org/changeset/ports/468566 Log: lang/python27: Fix build with LibreSSL 2.7 PR: 226883 Submitted by: Charlie Li <ml+freebsd vishwin info> Approved by: python (koobs) Differential Revision: https://reviews.freebsd.org/D14837 Changes: head/lang/python27/files/patch-issue33127
Comment 8 commit-hook 2018-04-28 19:17:38 UTC
A commit references this bug: Author: brnrd Date: Sat Apr 28 19:17:34 UTC 2018 New revision: 468567 URL: https://svnweb.freebsd.org/changeset/ports/468567 Log: lang/python35: Fix build with LibreSSL 2.7 PR: 226883 Submitted by: Charlie Li <ml+freebsd vishwin info> Approved by: python (koobs) Differential Revision: https://reviews.freebsd.org/D14837 Changes: head/lang/python35/files/patch-issue33127
Comment 9 commit-hook 2018-04-28 19:30:50 UTC
A commit references this bug: Author: brnrd Date: Sat Apr 28 19:30:01 UTC 2018 New revision: 468569 URL: https://svnweb.freebsd.org/changeset/ports/468569 Log: lang/python36: Fix build with LibreSSL 2.7 PR: 226883 Submitted by: Charlie Li <ml+freebsd vishwin info> Approved by: python (koobs) Differential Revision: https://reviews.freebsd.org/D14837 Changes: head/lang/python36/files/patch-issue33127
Comment 10 Andrey Cherkashin 2018-05-01 19:56:19 UTC
FYI while python builds with libressl now, py-cryptography does not: https://pkg.andoriyu.xyz/data/live-system-nimble/2018-05-01_10h53m35s/logs/errors/py27-cryptography-2.1.4.log
Comment 11 Charlie Li 2018-05-01 19:59:03 UTC
(In reply to Andrey Cherkashin from comment #10) Please refer to bug 226906.
Comment 12 Kubilay Kocak 2018-05-02 02:08:47 UTC
Assign to committer that resolved.
Comment 13 commit-hook 2018-05-25 17:46:59 UTC
A commit references this bug: Author: feld Date: Fri May 25 17:46:42 UTC 2018 New revision: 470858 URL: https://svnweb.freebsd.org/changeset/ports/470858 Log: MFH: r468566 r469635 lang/python27: Fix build with LibreSSL 2.7 PR: 226883 Submitted by: Charlie Li <ml+freebsd vishwin info> Approved by: python (koobs) Differential Revision: https://reviews.freebsd.org/D14837 - Update to 2.7.15(include security fix) PR: 228028 Submitted by: wen@(myself) Exp-run by: antoine@ Changes: _U branches/2018Q2/ branches/2018Q2/lang/python-doc-html/distinfo branches/2018Q2/lang/python27/Makefile branches/2018Q2/lang/python27/Makefile.version branches/2018Q2/lang/python27/distinfo branches/2018Q2/lang/python27/files/patch-issue30622 branches/2018Q2/lang/python27/pkg-plist