Created attachment 224270 [details]
After security/libressl-devel update to 3.3.2, build breaks due to SSL_OP_NO_DTLS* symbols now being present. This patch was merged upstream.
CC the committer updating to 3.3.2.
Thank you for the report and patch Charlie. Does the patch apply to the current port version and pass QA for all USES=ssl values?
Set merge-quarterly (-), assuming the 3.3.2 update is not or wont be merged
The patch applies verbatim, as the relevant source files from the version we have in ports have not changed upstream. Fully passes QA, confirmed with upstream's CI (patch would not have been merged there otherwise).
All in all, this patch only adds a C preprocessor guard that hides two opcodes when LibreSSL < 3.3.2; OpenSSL not affected.
(In reply to Charlie Li from comment #3)
Thank you Charlie.
Comment on attachment 224270 [details]
Approved by: koobs (maintainer)
MFH: No (libressl 3.3.2 not in quarterly)
LibreSSL 3.3.3 has landed in security/libressl which will probably MFH at some point.
(In reply to Charlie Li from comment #6)
Feel free to self-assign and land this if it passes QA. If 3.3.3 will be MFH'd, please MFH (updating merge-quarterly flag here to ? until merged)
Just to clarify, does this error manifest along the lines of:
build/temp.freebsd-13.0-RELEASE-amd64-3.8/_openssl.c:2172:19: error: expected identifier or '('
static const long SSL_OP_NO_DTLSv1 = 0;
/usr/local/include/openssl/ssl.h:524:29: note: expanded from macro 'SSL_OP_NO_DTLSv1'
#define SSL_OP_NO_DTLSv1 0x40000000L
build/temp.freebsd-13.0-RELEASE-amd64-3.8/_openssl.c:2173:19: error: expected identifier or '('
static const long SSL_OP_NO_DTLSv1_2 = 0;
/usr/local/include/openssl/ssl.h:525:31: note: expanded from macro 'SSL_OP_NO_DTLSv1_2'
#define SSL_OP_NO_DTLSv1_2 0x80000000L
... when I try to install "security/py-cryptography@py38" via "portmaster"? I just updated to FreeBSD 13.0 and this is the only port that I cannot rebuild (which is precluding a bunch of other ports being rebuilt). If this is the same error, then do you have an estimate for when the patch will start appearing in the port tree?
Yes, that is exactly the error I see.
It would be good if this could be merged with some priority.. it's blocking 80+ dependent ports on my system.