Index: security/py-cryptography/files/patch-issue4210
===================================================================
--- security/py-cryptography/files/patch-issue4210	(nonexistent)
+++ security/py-cryptography/files/patch-issue4210	(working copy)
@@ -0,0 +1,182 @@
+--- src/_cffi_src/openssl/crypto.py.orig	2017-11-30 01:53:32 UTC
++++ src/_cffi_src/openssl/crypto.py
+@@ -92,7 +92,7 @@ CUSTOMIZATIONS = """
+ # define OPENSSL_PLATFORM        SSLEAY_PLATFORM
+ # define OPENSSL_DIR             SSLEAY_DIR
+ #endif
+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL
+ static const long Cryptography_HAS_LOCKING_CALLBACKS = 1;
+ #else
+ static const long Cryptography_HAS_LOCKING_CALLBACKS = 0;
+--- src/_cffi_src/openssl/cryptography.py.orig	2017-11-30 01:53:32 UTC
++++ src/_cffi_src/openssl/cryptography.py
+@@ -25,27 +25,31 @@ INCLUDES = """
+ #include <windows.h>
+ #endif
+ 
+-#define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER \
+-    (OPENSSL_VERSION_NUMBER >= 0x10002000 && !CRYPTOGRAPHY_IS_LIBRESSL)
+-#define CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER \
+-    (OPENSSL_VERSION_NUMBER >= 0x100020cf && !CRYPTOGRAPHY_IS_LIBRESSL)
+-#define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER \
+-    (OPENSSL_VERSION_NUMBER >= 0x10100000 && !CRYPTOGRAPHY_IS_LIBRESSL)
+-#define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \
+-    (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL)
++#if CRYPTOGRAPHY_IS_LIBRESSL
++#define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER (LIBRESSL_VERSION_NUMBER >= 0x20700000)
++#define CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER (LIBRESSL_VERSION_NUMBER >= 0x20700000)
++#define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER (LIBRESSL_VERSION_NUMBER >= 0x20700000)
++#define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER (LIBRESSL_VERSION_NUMBER >= 0x20700000)
+ 
+-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 \
+-    (OPENSSL_VERSION_NUMBER < 0x10002000 || CRYPTOGRAPHY_IS_LIBRESSL)
+-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I \
+-    (OPENSSL_VERSION_NUMBER < 0x1000209f || CRYPTOGRAPHY_IS_LIBRESSL)
+-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 \
+-    (OPENSSL_VERSION_NUMBER < 0x10100000 || CRYPTOGRAPHY_IS_LIBRESSL)
+-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE4 \
+-    (OPENSSL_VERSION_NUMBER < 0x10100004 || CRYPTOGRAPHY_IS_LIBRESSL)
+-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 \
+-    (OPENSSL_VERSION_NUMBER < 0x10100005 || CRYPTOGRAPHY_IS_LIBRESSL)
+-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE6 \
+-    (OPENSSL_VERSION_NUMBER < 0x10100006 || CRYPTOGRAPHY_IS_LIBRESSL)
++#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 (LIBRESSL_VERSION_NUMBER < 0x20700000)
++#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I (LIBRESSL_VERSION_NUMBER < 0x20700000)
++#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 (LIBRESSL_VERSION_NUMBER < 0x20700000)
++#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE4 (LIBRESSL_VERSION_NUMBER < 0x20700000)
++#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 (LIBRESSL_VERSION_NUMBER < 0x20700000)
++#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE6 (LIBRESSL_VERSION_NUMBER < 0x20700000)
++#else
++#define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER (OPENSSL_VERSION_NUMBER >= 0x10002000)
++#define CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER (OPENSSL_VERSION_NUMBER >= 0x100020cf)
++#define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER (OPENSSL_VERSION_NUMBER >= 0x10100000) 
++#define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER (OPENSSL_VERSION_NUMBER >= 0x1010006f)
++
++#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 (OPENSSL_VERSION_NUMBER < 0x10002000)
++#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I (OPENSSL_VERSION_NUMBER < 0x1000209f)
++#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 (OPENSSL_VERSION_NUMBER < 0x10100000)
++#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE4 (OPENSSL_VERSION_NUMBER < 0x10100004)
++#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 (OPENSSL_VERSION_NUMBER < 0x10100005)
++#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE6 (OPENSSL_VERSION_NUMBER < 0x10100006)
++#endif
+ """
+ 
+ TYPES = """
+--- src/_cffi_src/openssl/ct.py.orig	2018-04-29 18:09:26 UTC
++++ src/_cffi_src/openssl/ct.py
+@@ -5,7 +5,7 @@
+ from __future__ import absolute_import, division, print_function
+ 
+ INCLUDES = """
+-#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER
++#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !CRYPTOGRAPHY_IS_LIBRESSL
+ #include <openssl/ct.h>
+ 
+ typedef STACK_OF(SCT) Cryptography_STACK_OF_SCT;
+@@ -55,7 +55,7 @@ void SCT_LIST_free(Cryptography_STACK_OF
+ """
+ 
+ CUSTOMIZATIONS = """
+-#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER
++#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !CRYPTOGRAPHY_IS_LIBRESSL
+ static const long Cryptography_HAS_SCT = 1;
+ #else
+ static const long Cryptography_HAS_SCT = 0;
+--- src/_cffi_src/openssl/ssl.py.orig	2017-11-30 01:53:32 UTC
++++ src/_cffi_src/openssl/ssl.py
+@@ -578,7 +578,7 @@ static const long Cryptography_HAS_SSL_C
+ 
+ /* in OpenSSL 1.1.0 the SSL_ST values were renamed to TLS_ST and several were
+    removed */
+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL
+ static const long Cryptography_HAS_SSL_ST = 1;
+ #else
+ static const long Cryptography_HAS_SSL_ST = 0;
+@@ -587,7 +587,7 @@ static const long SSL_ST_OK = 0;
+ static const long SSL_ST_INIT = 0;
+ static const long SSL_ST_RENEGOTIATE = 0;
+ #endif
+-#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER
++#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !CRYPTOGRAPHY_IS_LIBRESSL
+ static const long Cryptography_HAS_TLS_ST = 1;
+ #else
+ static const long Cryptography_HAS_TLS_ST = 0;
+--- src/_cffi_src/openssl/x509.py.orig	2017-11-30 01:53:32 UTC
++++ src/_cffi_src/openssl/x509.py
+@@ -359,7 +359,7 @@ int X509_get_signature_nid(const X509 *x
+ 
+ /* Added in 1.0.2 but we need it in all versions now due to the great
+    opaquing. */
+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102
++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 || CRYPTOGRAPHY_IS_LIBRESSL
+ /* from x509/x_x509.c */
+ int i2d_re_X509_tbs(X509 *x, unsigned char **pp)
+ {
+@@ -401,15 +401,6 @@ void X509_REQ_get0_signature(const X509_
+     if (palg != NULL)
+         *palg = req->sig_alg;
+ }
+-int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp)
+-{
+-    req->req_info->enc.modified = 1;
+-    return i2d_X509_REQ_INFO(req->req_info, pp);
+-}
+-int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) {
+-    crl->crl->enc.modified = 1;
+-    return i2d_X509_CRL_INFO(crl->crl, pp);
+-}
+ 
+ void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
+                              const X509_ALGOR **palg)
+@@ -428,4 +419,17 @@ const ASN1_INTEGER *X509_REVOKED_get0_se
+     return x->serialNumber;
+ }
+ #endif
++
++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL
++int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) {
++    crl->crl->enc.modified = 1;
++    return i2d_X509_CRL_INFO(crl->crl, pp);
++}
++
++int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp)
++{
++    req->req_info->enc.modified = 1;
++    return i2d_X509_REQ_INFO(req->req_info, pp);
++}
++#endif
+ """
+--- src/_cffi_src/openssl/x509_vfy.py.orig	2017-11-30 01:53:32 UTC
++++ src/_cffi_src/openssl/x509_vfy.py
+@@ -257,6 +257,20 @@ void (*X509_VERIFY_PARAM_set_hostflags)(
+                                         unsigned int) = NULL;
+ #endif
+ 
++#if CRYPTOGRAPHY_OPENSSL_102_OR_GREATER && CRYPTOGRAPHY_IS_LIBRESSL
++static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0;
++static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0;
++static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0;
++static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0;
++static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0;
++static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0;
++/* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately
++   below because it shows up in some earlier 3rd party OpenSSL packages. */
++static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0;
++static const long X509_V_FLAG_SUITEB_192_LOS = 0;
++static const long X509_V_FLAG_SUITEB_128_LOS = 0;
++#endif
++
+ /* OpenSSL 1.0.2+ or Solaris's backport */
+ #ifdef X509_V_FLAG_PARTIAL_CHAIN
+ static const long Cryptography_HAS_X509_V_FLAG_PARTIAL_CHAIN = 1;
+@@ -297,7 +311,7 @@ X509 *X509_OBJECT_get0_X509(X509_OBJECT 
+ }
+ #endif
+ 
+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL
+ static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 0;
+ typedef void *X509_STORE_CTX_get_issuer_fn;
+ X509_STORE_CTX_get_issuer_fn (*X509_STORE_get_get_issuer)(X509_STORE *) = NULL;

Property changes on: security/py-cryptography/files/patch-issue4210
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property