Bug 260897 - Replace security/py-pycrypto with security/py-pycryptodome
Summary: Replace security/py-pycrypto with security/py-pycryptodome
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-01-03 01:42 UTC by Yuri Victorovich
Modified: 2022-12-31 14:57 UTC (History)
11 users (show)

See Also:

Attachments
replace-pycrypto-with-pycryptodome.patch (12.04 KB, patch)
2022-01-03 01:42 UTC, Yuri Victorovich 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yuri Victorovich freebsd_committer freebsd_triage 2022-01-03 01:42:32 UTC 
Created attachment 230647 [details]
replace-pycrypto-with-pycryptodome.patch

Hello folks,

Currently some ports use security/py-pycrypto and some other ports use security/py-pycryptodome which causes conflicts.

The PyCryptodome README (https://github.com/Legrandin/pycryptodome) says that PyCryptodome is a drop-in replacement of outdated and insecure security/py-pycrypto.

It's probably a good idea to replace security/py-pycrypto in all depending ports to both reduce security risks and solve conflicts.

The attached patch replaces security/py-pycrypto with security/py-pycryptodome.


Yuri
Comment 1 Li-Wen Hsu freebsd_committer freebsd_triage 2022-01-04 07:37:08 UTC 
```
-RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}pycrypto>=2.1:security/py-pycrypto@${PY_FLAVOR}
+RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}pycryptodome>=2.1:security/py-pycryptodome@${PY_FLAVOR}
```

I don't think their versions are compatible so I am fine to just using `>0`

BTW, the PyCryptodome README says "almost" drop-in replacement, I guess it's fine but we need to test some basic functions of those ports using it.
Comment 2 Mateusz Piotrowski freebsd_committer freebsd_triage 2022-01-25 00:15:17 UTC 
I was summoned because I'm maintaining ansible. If ansible's test suite passes with this patch, I'm alright with the change.
Comment 3 Muhammad Moinur Rahman freebsd_committer freebsd_triage 2022-01-25 00:32:17 UTC 
Hi Li-Wen,

Is it possible for you to check scappy with this patch in our CI systems?

Moin
Comment 4 Li-Wen Hsu freebsd_committer freebsd_triage 2022-01-25 05:36:50 UTC 
(In reply to Muhammad Moinur Rahman from comment #3)
I am happy to, but I'm not sure I can reply in time. If possible, please apply the patch and use `kyua test` under /usr/tests/sys/{netphil,netinet,netinet6}. There is also VM images available at https://artifact.ci.freebsd.org/snapshot/main/latest_testvm/amd64/amd64/ which might help.
Comment 5 John W. O'Brien 2022-07-08 23:46:56 UTC 
For maintainers who wish to transition to pycryptodome, and avoid conflicts with others who remain on pycrypto, be aware that pycryptodomex exists for this purpose, and may represent a viable option.
Comment 6 commit-hook freebsd_committer freebsd_triage 2022-08-07 11:08:46 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=21ca997e163fd0a462cdcf444b129b06e1202d53

commit 21ca997e163fd0a462cdcf444b129b06e1202d53
Author:     Vinícius Zavam <egypcio@FreeBSD.org>
AuthorDate: 2022-08-07 11:06:46 +0000
Commit:     Vinícius Zavam <egypcio@FreeBSD.org>
CommitDate: 2022-08-07 11:06:46 +0000

    www/onionbalance: Replace 'pycrypto' with 'pycryptodome'

    PR:             260897
    Reported by:    yuri@

 www/onionbalance/Makefile | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)
Comment 7 commit-hook freebsd_committer freebsd_triage 2022-08-07 15:24:28 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=d0aab7f46df1ee2494ac09858fd903330f785d43

commit d0aab7f46df1ee2494ac09858fd903330f785d43
Author:     Vinícius Zavam <egypcio@FreeBSD.org>
AuthorDate: 2022-08-07 15:17:20 +0000
Commit:     Vinícius Zavam <egypcio@FreeBSD.org>
CommitDate: 2022-08-07 15:24:17 +0000

    www/onionshare: fix DEPRECATED deps, and update pluggable transports

      * fix DEPRECATED flag, by using a more reliable Python module;
      * used pycryptodome instead of cryptography to keep compatibility;
      * update pluggable transports support by adding snowflake.

    PR:             260897, 262503, 265390
    Reported by:    yuri@, ruben <ruben % verweg.com>, chris <chris % crvintel.com>
    Sponsored by:   TorBSD Diversity Project, TDP
    Sponsored by:   The Tor Project

 www/onionshare/Makefile | 17 ++++++++---------
 www/onionshare/distinfo |  6 +++---
 2 files changed, 11 insertions(+), 12 deletions(-)
Comment 8 Vinícius Zavam freebsd_committer freebsd_triage 2022-08-07 15:33:13 UTC 
fixed following ports:

  * security/py-stem [0]
  * security/py-yubikey-manager [0]
  * www/onionbalance [1]
  * www/onionshare [1]

thank you for flagging that! much appreciated.

[0] used 'cryptography', following upstream's changes
[1] used 'pycryptodome'

// removing myself from the CC list.
Comment 9 commit-hook freebsd_committer freebsd_triage 2022-12-31 14:31:11 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=0a7ac5cfb56d90b2966e50ad150c2c9064c8bb8b

commit 0a7ac5cfb56d90b2966e50ad150c2c9064c8bb8b
Author:     Rene Ladan <rene@FreeBSD.org>
AuthorDate: 2022-12-31 14:28:32 +0000
Commit:     Rene Ladan <rene@FreeBSD.org>
CommitDate: 2022-12-31 14:28:32 +0000

    all: salvage python-potr and it consumer from removal for now.

    Both security/py-potr and irc/weechat-otr seem experimental abandonware
    from looking at their websites though.

    PR:             260897

 irc/weechat-otr/Makefile  | 4 +---
 security/py-potr/Makefile | 6 ++----
 2 files changed, 3 insertions(+), 7 deletions(-)
Comment 10 Rene Ladan freebsd_committer freebsd_triage 2022-12-31 14:57:54 UTC 
I have updated or remvoved all remaining conumsers of security/py-pycrypto.