Summary: | security/py-cryptography: Fails to build with libressl 2.9.1 | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Simeon Simeonov <sgs> | ||||||||
Component: | Individual Port(s) | Assignee: | Kubilay Kocak <koobs> | ||||||||
Status: | Closed FIXED | ||||||||||
Severity: | Affects Some People | CC: | andrej, brnrd, dweimer, gahr, jakub_lach, maciej, oz42, rozhuk.im | ||||||||
Priority: | --- | Flags: | koobs:
maintainer-feedback+
|
||||||||
Version: | Latest | ||||||||||
Hardware: | Any | ||||||||||
OS: | Any | ||||||||||
See Also: | https://github.com/pyca/cryptography/pull/4855 | ||||||||||
Attachments: |
|
Seems related: https://github.com/pyca/cryptography/pull/4855 Created attachment 203915 [details] py-cryptography-libressl291.patch https://github.com/pyca/cryptography/pull/4855/ as a patch against ports tree, fixes py-crytpography build with LibreSSL 2.9.1 I can confirm that https://github.com/pyca/cryptography/pull/4855 works fine. Thanks for taking care of this! (In reply to Maciej Pasternacki from comment #2) This patch didn't work for me, received some redefinition errors. creating build/temp.freebsd-12.0-RELEASE-p3-amd64-3.7/build/temp.freebsd-12.0-RELEASE-p3-amd64-3.7 cc -DNDEBUG -O2 -pipe -I/usr/local/include -fstack-protector -fno-strict-aliasing -fPIC -I/usr/local/include/python3.7m -c build/temp.freebsd-12.0-RELEASE-p3-amd64-3.7/_openssl.c -o build/temp.freebsd-12.0-RELEASE-p3-amd64-3.7/build/temp.freebsd-12.0-RELEASE-p3-amd64-3.7/_openssl.o -Wconversion -Wno-error=sign-conversion build/temp.freebsd-12.0-RELEASE-p3-amd64-3.7/_openssl.c:2498:21: error: redefinition of 'DTLS_method' as different kind of symbol const SSL_METHOD *(*DTLS_method)(void) = NULL; ^ /usr/local/include/openssl/ssl.h:1474:19: note: previous definition is here const SSL_METHOD *DTLS_method(void); /* DTLS v1.0 or later */ ^ build/temp.freebsd-12.0-RELEASE-p3-amd64-3.7/_openssl.c:2499:21: error: redefinition of 'DTLS_server_method' as different kind of symbol const SSL_METHOD *(*DTLS_server_method)(void) = NULL; ^ /usr/local/include/openssl/ssl.h:1475:19: note: previous definition is here const SSL_METHOD *DTLS_server_method(void); /* DTLS v1.0 or later */ ^ build/temp.freebsd-12.0-RELEASE-p3-amd64-3.7/_openssl.c:2500:21: error: redefinition of 'DTLS_client_method' as different kind of symbol const SSL_METHOD *(*DTLS_client_method)(void) = NULL; ^ /usr/local/include/openssl/ssl.h:1476:19: note: previous definition is here const SSL_METHOD *DTLS_client_method(void); /* DTLS v1.0 or later */ (In reply to Dean E. Weimer from comment #4) never mind, patch didn't apply correctly, changes weren't applied to my ports build attempt. Patch works, thanks! The patch works for all combinations of (i386, amd64) and (base, openssl, openssl111, libressl): https://people.freebsd.org/~gahr/py36-cryptography-logs/ (In reply to Pietro Cerutti from comment #7) Patch applies cleanly, but then I get the following at patch stage: ===> Applying FreeBSD patches for py27-cryptography-2.6.1 1 out of 1 hunks failed--saving rejects to src/_cffi_src/openssl/cryptography.py.rej => FreeBSD patch patch-src___cffi__src_openssl_cryptography.py failed to apply cleanly. *** Error code 1 @Maciej Was the patch backported against the current version (2.6.1) ? Here's the version I used. https://people.freebsd.org/~gahr/py36-cryptography-logs/patch-libressl-1.9.1.txt (In reply to Pietro Cerutti from comment #9) Could you include it as an attachment here please, and is your version of the patch the one that was QA'd with base/openssl/openssl111/libressl{11,12} ? Created attachment 204005 [details]
QA'd patch
(In reply to Kubilay Kocak from comment #10) Yes - I uploaded directly from my ports tree The patch I attached was generated against PORTVERSION 2.6.1 (master branch of https://github.com/freebsd/freebsd-ports which tracks SVN HEAD; there were no commits in security/py-cryptography after I made the patch). In case I generated it the wrong way: I ran `make extract`, applied patches manually in work dir, ran `make makepatch`, committed generated `files/patch-*` into my private git repo. The attached patch is diff of the resulting commit. I just checked that `make clean patch` works with both py27 and py37 flavors (and poudriere doesn't complain either). I'm running CURRENT (r346149 at the moment), so version of patch/diff might be slightly different than RELEASE/STABLE. I can regenerate the patches if needed, but Pietro's version has received more extensive QA. Thank you both for following up, I'll test Pietro's patch and report back A commit references this bug: Author: koobs Date: Fri Apr 26 05:13:27 UTC 2019 New revision: 500082 URL: https://svnweb.freebsd.org/changeset/ports/500082 Log: security/py-cryptography: Fix build with libressl 2.9.1 Backport upstream pull request #4855 by Charlie Li <ml+freebsd vishwin info> PR: 237487 Submitted by: Maciej Pasternacki <maciej pasternacki. net> (v1) Submitted by: gahr (v2) Reported by: Simeon Simeonov <sgs pichove org> Obtained from: https://github.com/pyca/cryptography/pull/4855 Tested by: gahr (all USES=ssl versions), many Changes: head/security/py-cryptography/files/ head/security/py-cryptography/files/patch-PR4855 Committed, with minor changes (added patch comments). Thank you everyone for the quality of the report, upstream resolution, testing and confirmation of resolution. |
Created attachment 203914 [details] Build log After upgrading to the newest security/libressl (2.9.1), security/py-cryptography fails to build. Build log attached.