might need to bump version of python ports after recent openssl changes
Konstantin Belousov
kostikbel at gmail.com
Wed May 27 11:07:17 UTC 2020
On Tue, May 26, 2020 at 11:31:32PM -0700, Kevin Oberman wrote:
> On Tue, May 26, 2020 at 11:09 PM Stefan Eßer <se at freebsd.org> wrote:
>
> > Am 27.05.20 um 04:24 schrieb Jan Beich:
> > > Pete Wright <pete at nomadlogic.org> writes:
> > >
> > >> hello - on current i found myself in a situation where python37 was
> > >> unable to import ssl:
> > >>
> > >> $ python3.7
> > >> Python 3.7.7 (default, May 9 2020, 01:37:42)
> > >> [Clang 10.0.0 (git at github.com:llvm/llvm-project.git
> > >> llvmorg-10.0.0-0-gd32170dbd on freebsd13
> > >> Type "help", "copyright", "credits" or "license" for more information.
> > >>>>> import ssl
> > >> Traceback (most recent call last):
> > >> File "<stdin>", line 1, in <module>
> > >> File "/usr/local/lib/python3.7/ssl.py", line 98, in <module>
> > >> import _ssl # if we can't import it, let the error
> > >> propagate
> > >> ImportError: /usr/local/lib/python3.7/lib-dynload/_ssl.so: Undefined
> > >> symbol "SSLv3_method at OPENSSL_1_1_0"
> > >>>>>
> > >>
> > >>
> > >> after a little digging it looks like we recently disabled SSLv3 on
> > >> CURRENT (huzzah!):
> > >> https://reviews.freebsd.org/D24945
> > >>
> > >> After forcing a re-install of python37 things are working again as it
> > >> looked like the pbuilder did rebuild python after this commit. But pkg
> > >> upgrade didn't detect a new version, so I think it might be helpful to
> > >> bump the python version's so that people on CURRENT don't end up in
> > >> the same situation I was in? Not sure what the usual process is for
> > >> stuff like this...
> > >
> > > OSVERSION was already bumped in base r361410, so poudriere will
> > > force-rebuild all packages. Those who hack .jailversion to avoid
> > > rebuilds can only blame themselves.
> >
> > OSVERSION bumps will be observed by poudriere, but not by other port
> > building tools.
> >
> > Did I miss an announcement that all other methods to keep your system
> > in a workable state are now considered obsolete and unsupported?
> >
> > A port version bump would have enabled rebuilding just the affected
> > ports, while a rebuild of all my ports based on OSVERSION will take
> > days to complete on my local build server.
>
> Even if the packages are updated in the repository, does pkg know it?
> It looks to me like pkg upgrade will simply not upgrade the port unless
> PORT_REVISION is bumped.
What this change needed, and missed, is the dso version bump for libssl.so.111.
More information about the freebsd-ports
mailing list