Bug 255241
| Summary: | security/py-cryptography: Fix build with LibreSSL 3.3.2 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Charlie Li <vishwin> | ||||
| Component: | Individual Port(s) | Assignee: | Charlie Li <vishwin> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Some People | CC: | arrowd, clukas, dbaio, fixer, fluffy, lwhsu, owen, t.m.guymer, tcberner, vishwin | ||||
| Priority: | --- | Flags: | vishwin:
maintainer-feedback+
koobs: merge-quarterly- |
||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| URL: | https://github.com/pyca/cryptography/pull/5988 | ||||||
| Attachments: |
|
||||||
CC the committer updating to 3.3.2. Thank you for the report and patch Charlie. Does the patch apply to the current port version and pass QA for all USES=ssl values? Set merge-quarterly (-), assuming the 3.3.2 update is not or wont be merged The patch applies verbatim, as the relevant source files from the version we have in ports have not changed upstream. Fully passes QA, confirmed with upstream's CI (patch would not have been merged there otherwise). All in all, this patch only adds a C preprocessor guard that hides two opcodes when LibreSSL < 3.3.2; OpenSSL not affected. (In reply to Charlie Li from comment #3) Thank you Charlie. Comment on attachment 224270 [details]
v1
Approved by: koobs (maintainer)
MFH: No (libressl 3.3.2 not in quarterly)
LibreSSL 3.3.3 has landed in security/libressl which will probably MFH at some point. (In reply to Charlie Li from comment #6) Feel free to self-assign and land this if it passes QA. If 3.3.3 will be MFH'd, please MFH (updating merge-quarterly flag here to ? until merged) Hi,
Just to clarify, does this error manifest along the lines of:
build/temp.freebsd-13.0-RELEASE-amd64-3.8/_openssl.c:2172:19: error: expected identifier or '('
static const long SSL_OP_NO_DTLSv1 = 0;
^
/usr/local/include/openssl/ssl.h:524:29: note: expanded from macro 'SSL_OP_NO_DTLSv1'
#define SSL_OP_NO_DTLSv1 0x40000000L
^
build/temp.freebsd-13.0-RELEASE-amd64-3.8/_openssl.c:2173:19: error: expected identifier or '('
static const long SSL_OP_NO_DTLSv1_2 = 0;
^
/usr/local/include/openssl/ssl.h:525:31: note: expanded from macro 'SSL_OP_NO_DTLSv1_2'
#define SSL_OP_NO_DTLSv1_2 0x80000000L
^
... when I try to install "security/py-cryptography@py38" via "portmaster"? I just updated to FreeBSD 13.0 and this is the only port that I cannot rebuild (which is precluding a bunch of other ports being rebuilt). If this is the same error, then do you have an estimate for when the patch will start appearing in the port tree?
Thanks,
Tom
@Thomas Guymer Yes, that is exactly the error I see. It would be good if this could be merged with some priority.. it's blocking 80+ dependent ports on my system. This is up next post (unrelated) requests update which required substantial coordination and QA. @ Danilo & Charlie This is approved to commit (and merge if required) if it passes QA Approved by: ? (mentor) (In reply to Charlie Li from comment #11) Mentor: + A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=6f05c9c07cffc6ae65d8a1ea55096d3b9968e33b commit 6f05c9c07cffc6ae65d8a1ea55096d3b9968e33b Author: Charlie Li <vishwin@FreeBSD.org> AuthorDate: 2021-04-19 23:30:08 +0000 Commit: Charlie Li <vishwin@FreeBSD.org> CommitDate: 2021-05-21 04:32:25 +0000 security/py-cryptography: fix build with LibreSSL 3.3.2+ Merged upstream as https://github.com/pyca/cryptography/pull/5988 and backported to this version. Approved by: koobs (maintainer), fluffy (mentor) PR: 255241 .../patch-Fix-build-with-LibreSSL-3.3.2-5988 (new) | 62 ++++++++++++++++++++++ 1 file changed, 62 insertions(+) Thanks all! A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=58a2c0b4b774c28cdb023d5cab9c1179b7f88af3 commit 58a2c0b4b774c28cdb023d5cab9c1179b7f88af3 Author: Charlie Li <vishwin@FreeBSD.org> AuthorDate: 2021-05-21 15:11:07 +0000 Commit: Charlie Li <vishwin@FreeBSD.org> CommitDate: 2021-05-21 15:11:07 +0000 security/py-cryptography: fix build on FreeBSD 11 The LibreSSL 3.3.2+ patch does not and was never intended to apply with older py-cryptography 2.9.2 that we offer for FreeBSD 11 using base OpenSSL. For now, make the LibreSSL 3.3.2+ patch conditional on SSL_DEFAULT=libressl* until FreeBSD 11 goes EOL. Reported by: dvl Fixes: 6f05c9c07cff security/py-cryptography: fix build with LibreSSL 3.3.2+ Pointy hat to: vishwin Approved by: koobs (maintainer, implicit), fluffly (mentor, implicit) PR: 255241 security/py-cryptography/Makefile | 6 ++++++ ...SL-3.3.2-5988 => extra-patch-Fix-build-with-LibreSSL-3.3.2-5988} | 0 2 files changed, 6 insertions(+) Thank you Charlie |
Created attachment 224270 [details] v1 After security/libressl-devel update to 3.3.2, build breaks due to SSL_OP_NO_DTLS* symbols now being present. This patch was merged upstream.