> On Jul 10, 2023, at 3:27 PM, Mark Millard <mark...@yahoo.com> wrote: > > On Jul 10, 2023, at 15:03, Mark Millard <mark...@yahoo.com > <mailto:mark...@yahoo.com>> wrote: > >> On Jul 10, 2023, at 11:42, The Doctor <doc...@doctor.nl2k.ab.ca> wrote: >> >>> On Mon, Jul 10, 2023 at 08:56:22AM -0700, Mark Millard wrote: >>>> The subject line's question was prompted by >>>> . . ./hazmat/bindings/_openssl.abi3.so related notices >>>> in a kyua report: >>>> >>>> # kyua report --verbose >>>> --results-file=usr_obj_DESTDIRs_main-CA7-chroot_usr_tests.20230710-064632-752785 >>>> 2>&1 | grep "Undefined symbol" | sort -u >>>> +ImportError: >>>> /usr/obj/DESTDIRs/main-CA7-chroot/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so: >>>> Undefined symbol "ERR_GET_FUNC" >>>> ImportError: >>>> /usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so: >>>> Undefined symbol "ERR_GET_FUNC" >>>> ImportError: >>>> /usr/obj/DESTDIRs/main-CA7-chroot/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so: >>>> Undefined symbol "ERR_GET_FUNC" >>>> >>>> It is possible that this is related to some oddities of my >>>> context for this. But I figured I'd ask the general question >>>> anyway. >>>> >>> >>> No! The problem is that Python is calling an openssl 1.X function >>> which is dropped in Opensss 3.X >>> >>> Python nedds to fix that issue. >> >> Well: >> >> # strings >> /usr/obj/DESTDIRs/main-CA7-chroot/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so >> | grep -i "3\.[0-9]*\.[0-9]" >> OpenSSL 3.0.9 30 May 2023 >> 3.4.8 >> >> From what I read, 3.4.8 is too old and is known to have this issue and this >> was fixed in a later version. I see references to "cryptography" needing to >> be "at least 35.0.0 for OpenSSL 3.0 support" instead of "3.4.8" as one place >> put it. >> >> I've no clue of the details for python3.9 vs. python3.10 or python3.11 for >> containing a sufficiently modern "cryptography" already in FreeBSD ports >> (vs. not). But this may be more of a port-update issue than an up-stream >> python issue -- or possibly just a "use python 3.? or later" issue for >> some value for "?". >> > > 35.0.0 of cryptography dates back to 2021-09-29. > Current for cryptography is 41.0.1 (2023-06-01). > It claims: "It supports Python 3.7+ and PyPy3 > 7.3.10+." > > security/py-cryptography is at 3.4.8 (2021-08-24) > for py39-cryptography and is, in-part, a FreeBSD > ports issue as far as I can tell. > > Looking, it seems it is at 3.4.8 for all @${PY_FLAVOR} > instances. So trying python310 or python311 might > well do no good for openssl 3.0 compatibility if they > use security/py-cryptography . > > (Note: I build my own ports via poudriere-devel .)
py-cryptography in ports doesn’t support OpenSSL 3. Please see this issue for more details: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254853 <https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254853> . Thanks, -Enji
signature.asc
Description: Message signed with OpenPGP
