FreeBSD Bugzilla – Attachment 216949 Details for
Bug 245929
security/py-cryptography: Update to 2.9.2
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
py-cryptography-2.9.2-with-openssl-102u.fix
py-cryptography-2.9.2-with-openssl-102u.fix (text/plain), 11.60 KB, created by
Kai Knoblich
on 2020-08-02 09:03:48 UTC
(
hide
)
Description:
py-cryptography-2.9.2-with-openssl-102u.fix
Filename:
MIME Type:
Creator:
Kai Knoblich
Created:
2020-08-02 09:03:48 UTC
Size:
11.60 KB
patch
obsolete
>Index: security/py-cryptography/Makefile >=================================================================== >--- security/py-cryptography/Makefile (revision 543830) >+++ security/py-cryptography/Makefile (working copy) >@@ -2,7 +2,7 @@ > # $FreeBSD$ > > PORTNAME= cryptography >-PORTVERSION= 2.6.1 >+PORTVERSION= 2.9.2 > CATEGORIES= security python > MASTER_SITES= CHEESESHOP > PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} >@@ -16,8 +16,7 @@ > LICENSE_FILE_BSD3CLAUSE= ${WRKSRC}/LICENSE.BSD > > BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cffi>=1.8:devel/py-cffi@${PY_FLAVOR} >-RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}asn1crypto>=0.21.0:devel/py-asn1crypto@${PY_FLAVOR} \ >- ${PYTHON_PKGNAMEPREFIX}cffi>=1.8:devel/py-cffi@${PY_FLAVOR} \ >+RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cffi>=1.8:devel/py-cffi@${PY_FLAVOR} \ > ${PY_ENUM34} \ > ${PY_IPADDRESS} \ > ${PYTHON_PKGNAMEPREFIX}six>=1.4.1:devel/py-six@${PY_FLAVOR} >@@ -28,7 +27,7 @@ > ${PYTHON_PKGNAMEPREFIX}pytest>=3.6.0:devel/py-pytest@${PY_FLAVOR} \ > ${PYTHON_PKGNAMEPREFIX}pytz>0:devel/py-pytz@${PY_FLAVOR} > >-# Python 2.7, 3.4-3.7 >+# Python 2.7, 3.5-3.8 > USES= compiler:env python ssl > USE_PYTHON= autoplist concurrent distutils > >@@ -37,6 +36,21 @@ > > .include <bsd.port.pre.mk> > >+# OpenSSL 1.0.2t got some curve matching parameter code backported before it >+# has reached its End-of-Life and security/py-cryptography already had some >+# code to handle this case, but it assumed OpenSSL 1.1.0+ . >+# >+# This has been fixed in 3.0-23-g241f8450 of security/py-cryptography and to be >+# clear: It isn't a security fix but rather a workaround to handle unnamed but >+# really named curves with OpenSSL 1.0.2t/u . >+.if ${OPSYS} == FreeBSD && ${SSL_DEFAULT} == "base" >+. if ${OSVERSION} >= 1103500 && ${OSVERSION} < 1200085 >+# 1103500 352193 2019-09-10 11.3-STABLE got OpenSSL 1.0.2t >+# 1200085 339270 2018-10-19 12.0-STABLE got OpenSSL 1.1.1 >+EXTRA_PATCHES= ${PATCHDIR}/openssl102u >+. endif >+.endif >+ > .if ${CHOSEN_COMPILER_TYPE} == gcc && ${COMPILER_VERSION} <= 42 > post-patch: > @${REINPLACE_CMD} -e 's|"-Wno-error=sign-conversion"||' \ >@@ -47,6 +61,7 @@ > ${STRIP_CMD} ${STAGEDIR}${PYTHON_SITELIBDIR}/cryptography/hazmat/bindings/*.so > > do-test: >- @cd ${WRKSRC} && ${PYTHON_CMD} ${PYDISTUTILS_SETUP} test >+ @cd ${WRKSRC} && ${SETENV} ${TEST_ENV} PYTHONPATH=${STAGEDIR}${PYTHONPREFIX_SITELIBDIR} ${PYTHON_CMD} -m pytest -rs -v >+ #@cd ${WRKSRC} && ${PYTHON_CMD} -m pytest -rs -v > > .include <bsd.port.post.mk> >Index: security/py-cryptography/distinfo >=================================================================== >--- security/py-cryptography/distinfo (revision 543830) >+++ security/py-cryptography/distinfo (working copy) >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1551354433 >-SHA256 (cryptography-2.6.1.tar.gz) = 26c821cbeb683facb966045e2064303029d572a87ee69ca5a1bf54bf55f93ca6 >-SIZE (cryptography-2.6.1.tar.gz) = 491580 >+TIMESTAMP = 1596263213 >+SHA256 (cryptography-2.9.2.tar.gz) = a0c30272fb4ddda5f5ffc1089d7405b7a71b0b0f51993cb4e5dbb4590b2fc229 >+SIZE (cryptography-2.9.2.tar.gz) = 517571 >Index: security/py-cryptography/files/openssl102u/patch-src___cffi__src_openssl_cryptography.py >=================================================================== >--- security/py-cryptography/files/openssl102u/patch-src___cffi__src_openssl_cryptography.py (nonexistent) >+++ security/py-cryptography/files/openssl102u/patch-src___cffi__src_openssl_cryptography.py (working copy) >@@ -0,0 +1,26 @@ >+Workaround for OpenSSL 1.0.2t/u to handle unnamed but really named curves >+ >+PR #5362 >+ >+Obtained from: >+https://github.com/pyca/cryptography/commit/241f845071a8747d0986ed60575e28840f096b79 >+ >+--- src/_cffi_src/openssl/cryptography.py.orig 2020-04-22 22:27:48 UTC >++++ src/_cffi_src/openssl/cryptography.py >+@@ -47,6 +47,8 @@ INCLUDES = """ >+ (OPENSSL_VERSION_NUMBER >= 0x10002000 && !CRYPTOGRAPHY_IS_LIBRESSL) >+ #define CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER \ >+ (OPENSSL_VERSION_NUMBER >= 0x100020cf && !CRYPTOGRAPHY_IS_LIBRESSL) >++#define CRYPTOGRAPHY_OPENSSL_102U_OR_GREATER \ >++ (OPENSSL_VERSION_NUMBER >= 0x1000215fL && !CRYPTOGRAPHY_IS_LIBRESSL) >+ #define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER \ >+ (OPENSSL_VERSION_NUMBER >= 0x10100000 && !CRYPTOGRAPHY_IS_LIBRESSL) >+ #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \ >+@@ -68,6 +70,7 @@ INCLUDES = """ >+ >+ TYPES = """ >+ static const int CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER; >++static const int CRYPTOGRAPHY_OPENSSL_102U_OR_GREATER; >+ static const int CRYPTOGRAPHY_OPENSSL_110_OR_GREATER; >+ static const int CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER; >+ > >Property changes on: security/py-cryptography/files/openssl102u/patch-src___cffi__src_openssl_cryptography.py >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: security/py-cryptography/files/openssl102u/patch-src_cryptography_hazmat_backends_openssl_backend.py >=================================================================== >--- security/py-cryptography/files/openssl102u/patch-src_cryptography_hazmat_backends_openssl_backend.py (nonexistent) >+++ security/py-cryptography/files/openssl102u/patch-src_cryptography_hazmat_backends_openssl_backend.py (working copy) >@@ -0,0 +1,29 @@ >+Workaround for OpenSSL 1.0.2t/u to handle unnamed but really named curves >+ >+PR #5362 >+ >+Obtained from: >+https://github.com/pyca/cryptography/commit/241f845071a8747d0986ed60575e28840f096b79 >+ >+--- src/cryptography/hazmat/backends/openssl/backend.py.orig 2020-04-22 22:27:48 UTC >++++ src/cryptography/hazmat/backends/openssl/backend.py >+@@ -1515,8 +1515,19 @@ class Backend(object): >+ >+ def _ec_key_new_by_curve(self, curve): >+ curve_nid = self._elliptic_curve_to_nid(curve) >++ return self._ec_key_new_by_curve_nid(curve_nid) >++ >++ def _ec_key_new_by_curve_nid(self, curve_nid): >+ ec_cdata = self._lib.EC_KEY_new_by_curve_name(curve_nid) >+ self.openssl_assert(ec_cdata != self._ffi.NULL) >++ # Setting the ASN.1 flag to OPENSSL_EC_NAMED_CURVE is >++ # only necessary on OpenSSL 1.0.2t/u. Once we drop support for 1.0.2 >++ # we can remove this as it's done automatically when getting an EC_KEY >++ # from new_by_curve_name >++ # CRYPTOGRAPHY_OPENSSL_102U_OR_GREATER >++ self._lib.EC_KEY_set_asn1_flag( >++ ec_cdata, backend._lib.OPENSSL_EC_NAMED_CURVE >++ ) >+ return self._ffi.gc(ec_cdata, self._lib.EC_KEY_free) >+ >+ def load_der_ocsp_request(self, data): > >Property changes on: security/py-cryptography/files/openssl102u/patch-src_cryptography_hazmat_backends_openssl_backend.py >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: security/py-cryptography/files/openssl102u/patch-src_cryptography_hazmat_backends_openssl_ec.py >=================================================================== >--- security/py-cryptography/files/openssl102u/patch-src_cryptography_hazmat_backends_openssl_ec.py (nonexistent) >+++ security/py-cryptography/files/openssl102u/patch-src_cryptography_hazmat_backends_openssl_ec.py (working copy) >@@ -0,0 +1,32 @@ >+Workaround for OpenSSL 1.0.2t/u to handle unnamed but really named curves >+ >+PR #5362 >+ >+Obtained from: >+https://github.com/pyca/cryptography/commit/241f845071a8747d0986ed60575e28840f096b79 >+ >+--- src/cryptography/hazmat/backends/openssl/ec.py.orig 2020-04-22 22:26:51 UTC >++++ src/cryptography/hazmat/backends/openssl/ec.py >+@@ -42,7 +42,7 @@ def _ec_key_curve_sn(backend, ec_key): >+ # explicitly encoded a curve with the same parameters as a named curve. >+ # Don't do that. >+ if ( >+- backend._lib.CRYPTOGRAPHY_OPENSSL_110_OR_GREATER and >++ backend._lib.CRYPTOGRAPHY_OPENSSL_102U_OR_GREATER and >+ backend._lib.EC_GROUP_get_asn1_flag(group) == 0 >+ ): >+ raise NotImplementedError( >+@@ -195,12 +195,7 @@ class _EllipticCurvePrivateKey(object): >+ self._backend.openssl_assert(group != self._backend._ffi.NULL) >+ >+ curve_nid = self._backend._lib.EC_GROUP_get_curve_name(group) >+- >+- public_ec_key = self._backend._lib.EC_KEY_new_by_curve_name(curve_nid) >+- self._backend.openssl_assert(public_ec_key != self._backend._ffi.NULL) >+- public_ec_key = self._backend._ffi.gc( >+- public_ec_key, self._backend._lib.EC_KEY_free >+- ) >++ public_ec_key = self._backend._ec_key_new_by_curve_nid(curve_nid) >+ >+ point = self._backend._lib.EC_KEY_get0_public_key(self._ec_key) >+ self._backend.openssl_assert(point != self._backend._ffi.NULL) > >Property changes on: security/py-cryptography/files/openssl102u/patch-src_cryptography_hazmat_backends_openssl_ec.py >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: security/py-cryptography/files/patch-PR4855 >=================================================================== >--- security/py-cryptography/files/patch-PR4855 (revision 543830) >+++ security/py-cryptography/files/patch-PR4855 (nonexistent) >@@ -1,49 +0,0 @@ >-# security/py-cryptography fails to build with libressl-2.9.1 >-# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237487 >-# Use generic DTLS functions added in LibreSSL 2.9.1 >-# https://github.com/pyca/cryptography/pull/4855 >- >-index 4124dcb879..ac32fdffde 100644 >---- src/_cffi_src/openssl/cryptography.py.orig >-+++ src/_cffi_src/openssl/cryptography.py >-@@ -38,9 +38,12 @@ >- (LIBRESSL_VERSION_NUMBER >= 0x2070000f) >- #define CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER \ >- (LIBRESSL_VERSION_NUMBER >= 0x2080000f) >-+#define CRYPTOGRAPHY_LIBRESSL_291_OR_GREATER \ >-+ (LIBRESSL_VERSION_NUMBER >= 0x2090100f) >- #else >- #define CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER (0) >- #define CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER (0) >-+#define CRYPTOGRAPHY_LIBRESSL_291_OR_GREATER (0) >- #endif >- >- #define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER \ >-diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py >-index 92fd1e3ec8..da21f3ce90 100644 >---- src/_cffi_src/openssl/ssl.py.orig >-+++ src/_cffi_src/openssl/ssl.py >-@@ -719,17 +719,20 @@ >- static const long TLS_ST_OK = 0; >- #endif >- >--#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 >-+/* LibreSSL 2.9.1 added only the DTLS_*_method functions */ >-+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_LIBRESSL_291_OR_GREATER >- static const long Cryptography_HAS_GENERIC_DTLS_METHOD = 0; >- const SSL_METHOD *(*DTLS_method)(void) = NULL; >- const SSL_METHOD *(*DTLS_server_method)(void) = NULL; >- const SSL_METHOD *(*DTLS_client_method)(void) = NULL; >-+#else >-+static const long Cryptography_HAS_GENERIC_DTLS_METHOD = 1; >-+#endif >-+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 >- static const long SSL_OP_NO_DTLSv1 = 0; >- static const long SSL_OP_NO_DTLSv1_2 = 0; >- long (*DTLS_set_link_mtu)(SSL *, long) = NULL; >- long (*DTLS_get_link_min_mtu)(SSL *) = NULL; >--#else >--static const long Cryptography_HAS_GENERIC_DTLS_METHOD = 1; >- #endif >- >- static const long Cryptography_HAS_DTLS = 1; > >Property changes on: security/py-cryptography/files/patch-PR4855 >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=216949">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
kai
:
maintainer-approval?
(
koobs
)
Actions:
View
|
Diff
Attachments on
bug 245929
:
213807
|
213873
| 216949