# py37-openssl broken dependency



## cbrace (Feb 27, 2021)

Hi all,

A `pkg upgrade` I did yesterday broke my net-p2p/deluge-cli installation. security/py-openssl was upgraded from v19.1.0 to v20.1.0. A dependency of the latter is security/py-cryptography py37-openssl v20 requires v3.2 or higher of the latter. However, py37-cryptography is currently at v2.9.2 in the pkg system. This breaks py37-openssl and hence deluged fails to start. Using pkg, I removed v20 and reinstalled v19 of py37-openssl. deluged now runs again.

For the time being I have locked py37-ssl so that I don't inadvertently upgrade it again with pkg.

Question: is there anything constructive I can do with this information? Should I look up a port maintainer to inform them? Please advise!


----------



## Jose (Feb 27, 2021)

Looks like it's been noticed and fixed





						253711 – security/py-openssl issues while running certbot after 20.0.1 upgrade
					






					bugs.freebsd.org
				




You might not have this fix if you're on the quarterly ports branch.

As an aside, this gives me the heebie-jeebies
"If the issue with py-cryptography becoming dependent on a rust toolchain is a  blocker, then a compromise might be to update py-cryptography to version 3.3.2 (Released on 2021-02-07) which is the  last version before the  rust dependency was introduced."


----------

