From owner-freebsd-ports@freebsd.org Tue Jun 16 18:05:28 2020 Return-Path: Delivered-To: freebsd-ports@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BB23D346436 for ; Tue, 16 Jun 2020 18:05:28 +0000 (UTC) (envelope-from kp@krion.cc) Received: from krion.cc (krion.cc [148.251.235.209]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49mbhl2NKRz4TGW; Tue, 16 Jun 2020 18:05:27 +0000 (UTC) (envelope-from kp@krion.cc) Date: Tue, 16 Jun 2020 20:05:19 +0200 From: Kirill Ponomarev To: Konstantin Belousov Cc: gordon@freebsd.org, Kevin Oberman , Pete Wright , FreeBSD Ports ML Subject: Re: might need to bump version of python ports after recent openssl changes Message-ID: <20200616180519.GA6124@krion.cc> References: <63bc596e-0e78-7ed0-236e-5a11f017ba26@nomadlogic.org> <20200527110707.GD48478@kib.kiev.ua> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="oyUTqETQ0mS9luUI" Content-Disposition: inline In-Reply-To: <20200527110707.GD48478@kib.kiev.ua> X-Rspamd-Queue-Id: 49mbhl2NKRz4TGW X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of kp@krion.cc designates 148.251.235.209 as permitted sender) smtp.mailfrom=kp@krion.cc X-Spamd-Result: default: False [-4.72 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.87)[-0.871]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-0.96)[-0.961]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; DMARC_NA(0.00)[krion.cc]; RCPT_COUNT_FIVE(0.00)[5]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_SHORT(-0.48)[-0.484]; SIGNED_PGP(-2.00)[]; FREEMAIL_TO(0.00)[gmail.com]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:24940, ipnet:148.251.0.0/16, country:DE]; FREEMAIL_CC(0.00)[freebsd.org,gmail.com,nomadlogic.org]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jun 2020 18:05:28 -0000 --oyUTqETQ0mS9luUI Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 05/27, Konstantin Belousov wrote: > On Tue, May 26, 2020 at 11:31:32PM -0700, Kevin Oberman wrote: > > On Tue, May 26, 2020 at 11:09 PM Stefan E=DFer wrote: > >=20 > > > Am 27.05.20 um 04:24 schrieb Jan Beich: > > > > Pete Wright writes: > > > > > > > >> hello - on current i found myself in a situation where python37 was > > > >> unable to import ssl: > > > >> > > > >> $ python3.7 > > > >> Python 3.7.7 (default, May 9 2020, 01:37:42) > > > >> [Clang 10.0.0 (git@github.com:llvm/llvm-project.git > > > >> llvmorg-10.0.0-0-gd32170dbd on freebsd13 > > > >> Type "help", "copyright", "credits" or "license" for more informat= ion. > > > >>>>> import ssl > > > >> Traceback (most recent call last): > > > >> File "", line 1, in > > > >> File "/usr/local/lib/python3.7/ssl.py", line 98, in > > > >> import _ssl # if we can't import it, let the error > > > >> propagate > > > >> ImportError: /usr/local/lib/python3.7/lib-dynload/_ssl.so: Undefin= ed > > > >> symbol "SSLv3_method@OPENSSL_1_1_0" > > > >>>>> > > > >> > > > >> > > > >> after a little digging it looks like we recently disabled SSLv3 on > > > >> CURRENT (huzzah!): > > > >> https://reviews.freebsd.org/D24945 > > > >> > > > >> After forcing a re-install of python37 things are working again as= it > > > >> looked like the pbuilder did rebuild python after this commit. But= pkg > > > >> upgrade didn't detect a new version, so I think it might be helpfu= l to > > > >> bump the python version's so that people on CURRENT don't end up in > > > >> the same situation I was in? Not sure what the usual process is f= or > > > >> stuff like this... > > > > > > > > OSVERSION was already bumped in base r361410, so poudriere will > > > > force-rebuild all packages. Those who hack .jailversion to avoid > > > > rebuilds can only blame themselves. > > > > > > OSVERSION bumps will be observed by poudriere, but not by other port > > > building tools. > > > > > > Did I miss an announcement that all other methods to keep your system > > > in a workable state are now considered obsolete and unsupported? > > > > > > A port version bump would have enabled rebuilding just the affected > > > ports, while a rebuild of all my ports based on OSVERSION will take > > > days to complete on my local build server. > >=20 > > Even if the packages are updated in the repository, does pkg know it? > > It looks to me like pkg upgrade will simply not upgrade the port unless > > PORT_REVISION is bumped. > What this change needed, and missed, is the dso version bump for libssl.s= o.111. It seems even after rebuilding some ports, we've still got the runtime erro= r: ImportError: /usr/local/lib/python3.7/lib-dynload/_ssl.so: Undefined symbol= "SSLv3_method@OPENSSL_1_1_0" --oyUTqETQ0mS9luUI Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEJCHRFhEAQujKni1pDyI9/LMCykUFAl7pCd8ACgkQDyI9/LMC ykXP8Qf/ZAE+SKZejq4r0VV8594OLwJ1AUYSsQbqzung5HouZQrmn/DId9SZEK4q iJprdrJs7P8rCriyYiV1M95L8gjSVvlS1lR/KfzOxabewcuTmN0/sZLZ6g7n1tBp P7IZQP+nsu/tQQPbYLQQqIJr10mxQzwQYgmfvP+YzAueDrjjspDP5yeW0yhxKfkp EG+dz+uZ7xC4CnZIzMDV7xgYiPyeNu2nmsAa68ocgS6LilKWSmtLIx8uduMNNu31 jeSkvytolsG6wmt9WLGKZ/056NF/VsmiJGzW5KQhEBiMtlSk7F/e1ygw4OMeW27X 0OVrlm859i/zSfgGW4EfSHjka9C+9g== =OfCH -----END PGP SIGNATURE----- --oyUTqETQ0mS9luUI--