Bug 255241 - security/py-cryptography: Fix build with LibreSSL 3.3.2
Summary: security/py-cryptography: Fix build with LibreSSL 3.3.2
Status: In Progress
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Kubilay Kocak
URL: https://github.com/pyca/cryptography/...
Depends on:
Reported: 2021-04-20 00:28 UTC by Charlie Li
Modified: 2021-05-17 10:03 UTC (History)
8 users (show)

See Also:
koobs: maintainer-feedback+
koobs: merge-quarterly-

v1 (2.64 KB, patch)
2021-04-20 00:28 UTC, Charlie Li
koobs: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Charlie Li freebsd_committer 2021-04-20 00:28:16 UTC
Created attachment 224270 [details]

After security/libressl-devel update to 3.3.2, build breaks due to SSL_OP_NO_DTLS* symbols now being present. This patch was merged upstream.
Comment 1 Li-Wen Hsu freebsd_committer 2021-04-20 15:37:58 UTC
CC the committer updating to 3.3.2.
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2021-04-21 04:42:53 UTC
Thank you for the report and patch Charlie. Does the patch apply to the current port version and pass QA for all USES=ssl values?

Set merge-quarterly (-), assuming the 3.3.2 update is not or wont be merged
Comment 3 Charlie Li freebsd_committer 2021-04-21 05:44:49 UTC
The patch applies verbatim, as the relevant source files from the version we have in ports have not changed upstream. Fully passes QA, confirmed with upstream's CI (patch would not have been merged there otherwise).

All in all, this patch only adds a C preprocessor guard that hides two opcodes when LibreSSL < 3.3.2; OpenSSL not affected.
Comment 4 Kubilay Kocak freebsd_committer freebsd_triage 2021-04-22 01:53:34 UTC
(In reply to Charlie Li from comment #3)

Thank you Charlie.
Comment 5 Kubilay Kocak freebsd_committer freebsd_triage 2021-04-22 01:54:09 UTC
Comment on attachment 224270 [details]

Approved by: koobs (maintainer)
MFH: No (libressl 3.3.2 not in quarterly)
Comment 6 Charlie Li freebsd_committer 2021-05-04 23:54:48 UTC
LibreSSL 3.3.3 has landed in security/libressl which will probably MFH at some point.
Comment 7 Kubilay Kocak freebsd_committer freebsd_triage 2021-05-05 02:26:24 UTC
(In reply to Charlie Li from comment #6)

Feel free to self-assign and land this if it passes QA. If 3.3.3 will be MFH'd, please MFH (updating merge-quarterly flag here to ? until merged)
Comment 8 Thomas Guymer 2021-05-16 10:10:37 UTC

Just to clarify, does this error manifest along the lines of:

build/temp.freebsd-13.0-RELEASE-amd64-3.8/_openssl.c:2172:19: error: expected identifier or '('
static const long SSL_OP_NO_DTLSv1 = 0;
/usr/local/include/openssl/ssl.h:524:29: note: expanded from macro 'SSL_OP_NO_DTLSv1'
#define SSL_OP_NO_DTLSv1                                0x40000000L
build/temp.freebsd-13.0-RELEASE-amd64-3.8/_openssl.c:2173:19: error: expected identifier or '('
static const long SSL_OP_NO_DTLSv1_2 = 0;
/usr/local/include/openssl/ssl.h:525:31: note: expanded from macro 'SSL_OP_NO_DTLSv1_2'
#define SSL_OP_NO_DTLSv1_2                              0x80000000L
... when I try to install "security/py-cryptography@py38" via "portmaster"? I just updated to FreeBSD 13.0 and this is the only port that I cannot rebuild (which is precluding a bunch of other ports being rebuilt). If this is the same error, then do you have an estimate for when the patch will start appearing in the port tree?


Comment 9 Owen 2021-05-17 10:03:57 UTC
@Thomas Guymer
Yes, that is exactly the error I see.

It would be good if this could be merged with some priority.. it's blocking 80+ dependent ports on my system.