Date: Thu, 30 May 2024 15:04:06 +0200 From: Matthias Andree <mandree@FreeBSD.org> To: Vladimir Druzenko <vvd@freebsd.org> Cc: dev-commits-ports-main@FreeBSD.org, ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org Subject: Re: git: 403f201a1461 - main - security/py-cryptography-legacy: fix OpenSSL >= 3.0 compat Message-ID: <ea70efda-dd69-43e7-b603-70ac79a8abd3@FreeBSD.org> In-Reply-To: <633e774b-52d7-466b-b657-ec05d21acb55@freebsd.org> References: <202405300959.44U9xTWw057983@gitrepo.freebsd.org> <5e022f71-6078-4b90-9299-66a019448f73@FreeBSD.org> <633e774b-52d7-466b-b657-ec05d21acb55@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 30.05.24 um 14:59 schrieb Vladimir Druzenko: > 30.05.2024 13:49, Matthias Andree пишет: >> Am 30.05.24 um 11:59 schrieb Matthias Andree: >>> The branch main has been updated by mandree: >>> >>> URL: >>> https://cgit.FreeBSD.org/ports/commit/?id=403f201a1461fd26f026f2c8d3e67f1481908362 >>> >>> commit 403f201a1461fd26f026f2c8d3e67f1481908362 >>> Author: Matthias Andree <mandree@FreeBSD.org> >>> AuthorDate: 2024-05-30 09:48:22 +0000 >>> Commit: Matthias Andree <mandree@FreeBSD.org> >>> CommitDate: 2024-05-30 09:53:54 +0000 >>> >>> security/py-cryptography-legacy: fix OpenSSL >= 3.0 compat >>> py-cryptography-legacy still references functions that have >>> been >>> removed in OpenSSL 3.0, and fails to load openssl.abi3.so at >>> run-time because >>> it lacks ERR_GET_FUNC (reported) and FIPS_mode (masked by first >>> error), >>> and later because py-openssl feeds our utils/deprecated() an >>> unsupported name=<some string> keyword argument. >>> https://www.openssl.org/docs/man3.0/man7/migration_guide.html >>> is the basis for fixes #1 and #2 >>> removed, because OpenSSL 3.0 removed function codes from >>> the error. >>> In our own binding, leave the err_func attribute in, but set it >>> to a constant 0. >>> (patch-src___cffi* and patch-*binding.py) >> >> ... sorry for the botched commit log message. The one in 2024Q2 is >> formatted in a readable manner. > > Hello! > > I understand correctly that the patch fixes compatibility with > security/py-openssl 23+? > > Thanks for your work! I have tested that "certbot renew" runs for me with py311-certbot-2.10.0,1 py311-cryptography-legacy-3.4.8_3,1 py311-openssl-23.2.0,1 and should cover other failures if you have a backtrace where py-openssl calls into some utils.deprecated function complaining about an unsupported keyword argument for "name". -- Matthias Andree FreeBSD ports committer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ea70efda-dd69-43e7-b603-70ac79a8abd3>