FreeBSD Bugzilla – Attachment 192933 Details for
Bug 226906
security/py-cryptography: Update to 2.3 (Fixes build with libressl* 2.7)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
svn diff for security/py-cryptography
patch-security_py-cryptography-LibreSSL2.7 (text/plain), 8.73 KB, created by
Bernard Spil
on 2018-04-30 17:00:13 UTC
(
hide
)
Description:
svn diff for security/py-cryptography
Filename:
MIME Type:
Creator:
Bernard Spil
Created:
2018-04-30 17:00:13 UTC
Size:
8.73 KB
patch
obsolete
>Index: security/py-cryptography/files/patch-issue4210 >=================================================================== >--- security/py-cryptography/files/patch-issue4210 (nonexistent) >+++ security/py-cryptography/files/patch-issue4210 (working copy) >@@ -0,0 +1,182 @@ >+--- src/_cffi_src/openssl/crypto.py.orig 2017-11-30 01:53:32 UTC >++++ src/_cffi_src/openssl/crypto.py >+@@ -92,7 +92,7 @@ CUSTOMIZATIONS = """ >+ # define OPENSSL_PLATFORM SSLEAY_PLATFORM >+ # define OPENSSL_DIR SSLEAY_DIR >+ #endif >+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 >++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL >+ static const long Cryptography_HAS_LOCKING_CALLBACKS = 1; >+ #else >+ static const long Cryptography_HAS_LOCKING_CALLBACKS = 0; >+--- src/_cffi_src/openssl/cryptography.py.orig 2017-11-30 01:53:32 UTC >++++ src/_cffi_src/openssl/cryptography.py >+@@ -25,27 +25,31 @@ INCLUDES = """ >+ #include <windows.h> >+ #endif >+ >+-#define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER \ >+- (OPENSSL_VERSION_NUMBER >= 0x10002000 && !CRYPTOGRAPHY_IS_LIBRESSL) >+-#define CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER \ >+- (OPENSSL_VERSION_NUMBER >= 0x100020cf && !CRYPTOGRAPHY_IS_LIBRESSL) >+-#define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER \ >+- (OPENSSL_VERSION_NUMBER >= 0x10100000 && !CRYPTOGRAPHY_IS_LIBRESSL) >+-#define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \ >+- (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL) >++#if CRYPTOGRAPHY_IS_LIBRESSL >++#define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER (LIBRESSL_VERSION_NUMBER >= 0x20700000) >++#define CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER (LIBRESSL_VERSION_NUMBER >= 0x20700000) >++#define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER (LIBRESSL_VERSION_NUMBER >= 0x20700000) >++#define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER (LIBRESSL_VERSION_NUMBER >= 0x20700000) >+ >+-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 \ >+- (OPENSSL_VERSION_NUMBER < 0x10002000 || CRYPTOGRAPHY_IS_LIBRESSL) >+-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I \ >+- (OPENSSL_VERSION_NUMBER < 0x1000209f || CRYPTOGRAPHY_IS_LIBRESSL) >+-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 \ >+- (OPENSSL_VERSION_NUMBER < 0x10100000 || CRYPTOGRAPHY_IS_LIBRESSL) >+-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE4 \ >+- (OPENSSL_VERSION_NUMBER < 0x10100004 || CRYPTOGRAPHY_IS_LIBRESSL) >+-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 \ >+- (OPENSSL_VERSION_NUMBER < 0x10100005 || CRYPTOGRAPHY_IS_LIBRESSL) >+-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE6 \ >+- (OPENSSL_VERSION_NUMBER < 0x10100006 || CRYPTOGRAPHY_IS_LIBRESSL) >++#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 (LIBRESSL_VERSION_NUMBER < 0x20700000) >++#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I (LIBRESSL_VERSION_NUMBER < 0x20700000) >++#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 (LIBRESSL_VERSION_NUMBER < 0x20700000) >++#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE4 (LIBRESSL_VERSION_NUMBER < 0x20700000) >++#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 (LIBRESSL_VERSION_NUMBER < 0x20700000) >++#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE6 (LIBRESSL_VERSION_NUMBER < 0x20700000) >++#else >++#define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER (OPENSSL_VERSION_NUMBER >= 0x10002000) >++#define CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER (OPENSSL_VERSION_NUMBER >= 0x100020cf) >++#define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER (OPENSSL_VERSION_NUMBER >= 0x10100000) >++#define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER (OPENSSL_VERSION_NUMBER >= 0x1010006f) >++ >++#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 (OPENSSL_VERSION_NUMBER < 0x10002000) >++#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I (OPENSSL_VERSION_NUMBER < 0x1000209f) >++#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 (OPENSSL_VERSION_NUMBER < 0x10100000) >++#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE4 (OPENSSL_VERSION_NUMBER < 0x10100004) >++#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 (OPENSSL_VERSION_NUMBER < 0x10100005) >++#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE6 (OPENSSL_VERSION_NUMBER < 0x10100006) >++#endif >+ """ >+ >+ TYPES = """ >+--- src/_cffi_src/openssl/ct.py.orig 2018-04-29 18:09:26 UTC >++++ src/_cffi_src/openssl/ct.py >+@@ -5,7 +5,7 @@ >+ from __future__ import absolute_import, division, print_function >+ >+ INCLUDES = """ >+-#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER >++#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !CRYPTOGRAPHY_IS_LIBRESSL >+ #include <openssl/ct.h> >+ >+ typedef STACK_OF(SCT) Cryptography_STACK_OF_SCT; >+@@ -55,7 +55,7 @@ void SCT_LIST_free(Cryptography_STACK_OF >+ """ >+ >+ CUSTOMIZATIONS = """ >+-#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER >++#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !CRYPTOGRAPHY_IS_LIBRESSL >+ static const long Cryptography_HAS_SCT = 1; >+ #else >+ static const long Cryptography_HAS_SCT = 0; >+--- src/_cffi_src/openssl/ssl.py.orig 2017-11-30 01:53:32 UTC >++++ src/_cffi_src/openssl/ssl.py >+@@ -578,7 +578,7 @@ static const long Cryptography_HAS_SSL_C >+ >+ /* in OpenSSL 1.1.0 the SSL_ST values were renamed to TLS_ST and several were >+ removed */ >+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 >++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL >+ static const long Cryptography_HAS_SSL_ST = 1; >+ #else >+ static const long Cryptography_HAS_SSL_ST = 0; >+@@ -587,7 +587,7 @@ static const long SSL_ST_OK = 0; >+ static const long SSL_ST_INIT = 0; >+ static const long SSL_ST_RENEGOTIATE = 0; >+ #endif >+-#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER >++#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !CRYPTOGRAPHY_IS_LIBRESSL >+ static const long Cryptography_HAS_TLS_ST = 1; >+ #else >+ static const long Cryptography_HAS_TLS_ST = 0; >+--- src/_cffi_src/openssl/x509.py.orig 2017-11-30 01:53:32 UTC >++++ src/_cffi_src/openssl/x509.py >+@@ -359,7 +359,7 @@ int X509_get_signature_nid(const X509 *x >+ >+ /* Added in 1.0.2 but we need it in all versions now due to the great >+ opaquing. */ >+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 >++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 || CRYPTOGRAPHY_IS_LIBRESSL >+ /* from x509/x_x509.c */ >+ int i2d_re_X509_tbs(X509 *x, unsigned char **pp) >+ { >+@@ -401,15 +401,6 @@ void X509_REQ_get0_signature(const X509_ >+ if (palg != NULL) >+ *palg = req->sig_alg; >+ } >+-int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) >+-{ >+- req->req_info->enc.modified = 1; >+- return i2d_X509_REQ_INFO(req->req_info, pp); >+-} >+-int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) { >+- crl->crl->enc.modified = 1; >+- return i2d_X509_CRL_INFO(crl->crl, pp); >+-} >+ >+ void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, >+ const X509_ALGOR **palg) >+@@ -428,4 +419,17 @@ const ASN1_INTEGER *X509_REVOKED_get0_se >+ return x->serialNumber; >+ } >+ #endif >++ >++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL >++int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) { >++ crl->crl->enc.modified = 1; >++ return i2d_X509_CRL_INFO(crl->crl, pp); >++} >++ >++int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) >++{ >++ req->req_info->enc.modified = 1; >++ return i2d_X509_REQ_INFO(req->req_info, pp); >++} >++#endif >+ """ >+--- src/_cffi_src/openssl/x509_vfy.py.orig 2017-11-30 01:53:32 UTC >++++ src/_cffi_src/openssl/x509_vfy.py >+@@ -257,6 +257,20 @@ void (*X509_VERIFY_PARAM_set_hostflags)( >+ unsigned int) = NULL; >+ #endif >+ >++#if CRYPTOGRAPHY_OPENSSL_102_OR_GREATER && CRYPTOGRAPHY_IS_LIBRESSL >++static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0; >++static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0; >++static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0; >++static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0; >++static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0; >++static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0; >++/* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately >++ below because it shows up in some earlier 3rd party OpenSSL packages. */ >++static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0; >++static const long X509_V_FLAG_SUITEB_192_LOS = 0; >++static const long X509_V_FLAG_SUITEB_128_LOS = 0; >++#endif >++ >+ /* OpenSSL 1.0.2+ or Solaris's backport */ >+ #ifdef X509_V_FLAG_PARTIAL_CHAIN >+ static const long Cryptography_HAS_X509_V_FLAG_PARTIAL_CHAIN = 1; >+@@ -297,7 +311,7 @@ X509 *X509_OBJECT_get0_X509(X509_OBJECT >+ } >+ #endif >+ >+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 >++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL >+ static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 0; >+ typedef void *X509_STORE_CTX_get_issuer_fn; >+ X509_STORE_CTX_get_issuer_fn (*X509_STORE_get_get_issuer)(X509_STORE *) = NULL; > >Property changes on: security/py-cryptography/files/patch-issue4210 >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=192933">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
koobs
:
maintainer-approval+
Actions:
View
|
Diff
Attachments on
bug 226906
:
191799
|
192331
|
192933
|
193350
|
193351
|
193887
|
193965
|
195386