FreeBSD Bugzilla – Attachment 233937 Details for
Bug 254853
security/py-cryptography: Update to 41.0.3
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
git diff for security/py-cryptography
file_254853.txt (text/plain), 14.73 KB, created by
Bernard Spil
on 2022-05-15 16:02:46 UTC
(
hide
)
Description:
git diff for security/py-cryptography
Filename:
MIME Type:
Creator:
Bernard Spil
Created:
2022-05-15 16:02:46 UTC
Size:
14.73 KB
patch
obsolete
>diff --git a/security/py-cryptography-vectors/Makefile b/security/py-cryptography-vectors/Makefile >index 6b8187dfa9d7..f2ad2095019d 100644 >--- a/security/py-cryptography-vectors/Makefile >+++ b/security/py-cryptography-vectors/Makefile >@@ -1,7 +1,7 @@ > # Created by: Po-Chuan Hsieh <sunpoet@FreeBSD.org> > > PORTNAME= cryptography-vectors >-PORTVERSION= 3.4.8 >+PORTVERSION= 37.0.2 > CATEGORIES= security python > MASTER_SITES= CHEESESHOP > PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} >diff --git a/security/py-cryptography-vectors/distinfo b/security/py-cryptography-vectors/distinfo >index 60e5faf5eea6..1e5b991b1b6f 100644 >--- a/security/py-cryptography-vectors/distinfo >+++ b/security/py-cryptography-vectors/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1632037228 >-SHA256 (cryptography_vectors-3.4.8.tar.gz) = 4c84410257993d3de058b44b777a49e1da2ae35ebea2970a360c7e3aa0f580f2 >-SIZE (cryptography_vectors-3.4.8.tar.gz) = 35168097 >+TIMESTAMP = 1652630231 >+SHA256 (cryptography_vectors-37.0.2.tar.gz) = 7c65d3de51756f418142df605417ec2c6e961c364f70cc8a103030889d5a3219 >+SIZE (cryptography_vectors-37.0.2.tar.gz) = 35240459 >diff --git a/security/py-cryptography/Makefile b/security/py-cryptography/Makefile >index c507387a8aa8..b123b453d13e 100644 >--- a/security/py-cryptography/Makefile >+++ b/security/py-cryptography/Makefile >@@ -1,7 +1,7 @@ > # Created by: Kubilay Kocak <koobs@FreeBSD.org> > > PORTNAME= cryptography >-PORTVERSION= 3.4.8 >+PORTVERSION= 37.0.2 > CATEGORIES= security python > MASTER_SITES= CHEESESHOP > PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} >@@ -9,43 +9,48 @@ PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} > MAINTAINER= sunpoet@FreeBSD.org > COMMENT= Cryptographic recipes and primitives for Python developers > >-LICENSE= APACHE20 BSD3CLAUSE >-LICENSE_COMB= dual >-LICENSE_FILE_APACHE20= ${WRKSRC}/LICENSE.APACHE >-LICENSE_FILE_BSD3CLAUSE=${WRKSRC}/LICENSE.BSD >+LICENSE= APACHE20 BSD3CLAUSE >+LICENSE_COMB= dual >+LICENSE_FILE_APACHE20= ${WRKSRC}/LICENSE.APACHE >+LICENSE_FILE_BSD3CLAUSE= ${WRKSRC}/LICENSE.BSD > > BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cffi>=1.12:devel/py-cffi@${PY_FLAVOR} >-RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cffi>=1.12:devel/py-cffi@${PY_FLAVOR} >-TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}hypothesis>=1.11.4:devel/py-hypothesis@${PY_FLAVOR} \ >- ${PYTHON_PKGNAMEPREFIX}iso8601>=0:devel/py-iso8601@${PY_FLAVOR} \ >- ${PYTHON_PKGNAMEPREFIX}pretend>=0:devel/py-pretend@${PY_FLAVOR} \ >- ${PYTHON_PKGNAMEPREFIX}pytest>=6.0,1:devel/py-pytest@${PY_FLAVOR} \ >- ${PYTHON_PKGNAMEPREFIX}pytest-cov>=0:devel/py-pytest-cov@${PY_FLAVOR} \ >- ${PYTHON_PKGNAMEPREFIX}pytest-subtests>=0:devel/py-pytest-subtests@${PY_FLAVOR} \ >- ${PYTHON_PKGNAMEPREFIX}pytest-xdist>=0,1:devel/py-pytest-xdist@${PY_FLAVOR} \ >- ${PYTHON_PKGNAMEPREFIX}pytz>=0,1:devel/py-pytz@${PY_FLAVOR} >- >-USES= compiler:env cpe python:3.6+ ssl >+RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cffi>=1.12:devel/py-cffi@${PY_FLAVOR} \ >+ ${PY_ENUM34} \ >+ ${PY_IPADDRESS} \ >+ ${PYTHON_PKGNAMEPREFIX}six>=1.4.1:devel/py-six@${PY_FLAVOR} >+TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cryptography-vectors>=${PORTVERSION}:security/py-cryptography-vectors@${PY_FLAVOR} \ >+ ${PYTHON_PKGNAMEPREFIX}hypothesis>=1.11.4:devel/py-hypothesis@${PY_FLAVOR} \ >+ ${PYTHON_PKGNAMEPREFIX}iso8601>0:devel/py-iso8601@${PY_FLAVOR} \ >+ ${PYTHON_PKGNAMEPREFIX}pretend>0:devel/py-pretend@${PY_FLAVOR} \ >+ ${PYTHON_PKGNAMEPREFIX}pytest>=3.6.0:devel/py-pytest@${PY_FLAVOR} \ >+ ${PYTHON_PKGNAMEPREFIX}pytz>0:devel/py-pytz@${PY_FLAVOR} >+ >+# Python 3.6-3.9 >+USES= cpe compiler:env python:3.6+ ssl >+CPE_VENDOR= ${PORTNAME}_project > USE_PYTHON= autoplist concurrent distutils > >+USE_GITHUB= yes >+GH_ACCOUNT= pyca >+ > CFLAGS+= -I${OPENSSLINC} > LDFLAGS+= -L${OPENSSLLIB} >-MAKE_ENV= CRYPTOGRAPHY_DONT_BUILD_RUST=1 > >-CPE_VENDOR= cryptography_project >+TEST_ENV= PYTHONPATH=${STAGEDIR}${PYTHONPREFIX_SITELIBDIR} > > .include <bsd.port.pre.mk> > > .if ${CHOSEN_COMPILER_TYPE} == gcc && ${COMPILER_VERSION} <= 42 > post-patch: >- @${REINPLACE_CMD} -e 's|"-Wno-error=sign-conversion"||' ${WRKSRC}/src/_cffi_src/build_openssl.py >+ @${REINPLACE_CMD} -e 's|"-Wno-error=sign-conversion"||' \ >+ ${WRKSRC}/src/_cffi_src/build_openssl.py > .endif > > post-install: >- ${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -name '*.so' -exec ${STRIP_CMD} {} + >+ ${STRIP_CMD} ${STAGEDIR}${PYTHON_SITELIBDIR}/cryptography/hazmat/bindings/*.so > > do-test: >-# cd ${WRKSRC} && ${SETENV} PYTHONPATH=${STAGEDIR}${PYTHON_SITELIBDIR} ${PYTHON_CMD} -m pytest -q -rs -v -o addopts= >- cd ${WRKSRC} && ${SETENV} ${PYTHON_CMD} -m pytest -q -rs -v -o addopts= >+ @cd ${WRKSRC} && ${SETENV} ${TEST_ENV} ${PYTHON_CMD} -m pytest -q -v -rs -o addopts= > > .include <bsd.port.post.mk> >diff --git a/security/py-cryptography/distinfo b/security/py-cryptography/distinfo >index cb800cc11b12..eb82b5dc3b2d 100644 >--- a/security/py-cryptography/distinfo >+++ b/security/py-cryptography/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1652122693 >-SHA256 (cryptography-3.4.8.tar.gz) = 94cc5ed4ceaefcbe5bf38c8fba6a21fc1d365bb8fb826ea1688e3370b2e24a1c >-SIZE (cryptography-3.4.8.tar.gz) = 546907 >+TIMESTAMP = 1652629594 >+SHA256 (pyca-cryptography-37.0.2_GH0.tar.gz) = 9fc6a3b4d86e5d41c4d101ff9413a8576bbf85d483464ee73880ce58dd41c9c9 >+SIZE (pyca-cryptography-37.0.2_GH0.tar.gz) = 35848783 >diff --git a/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988 b/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988 >deleted file mode 100644 >index deb9c6408832..000000000000 >--- a/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988 >+++ /dev/null >@@ -1,62 +0,0 @@ >-From 94590a9aecc9e5ef6fc8eda52bae43643a4c44bd Mon Sep 17 00:00:00 2001 >-From: Charlie Li <vishwin@users.noreply.github.com> >-Date: Mon, 19 Apr 2021 18:38:38 -0400 >-Subject: [PATCH] Fix build with LibreSSL 3.3.2 (#5988) >- >-* LibreSSL 3.3.2 supports SSL_OP_NO_DTLS* >- >-While here, bump CI >- >-* Fix preprocessor guards for LibreSSL's SSL_OP_NO_DTLS* >- >-DTLS_set_link_mtu and DTLS_get_link_min_mtu are not part of 3.3.2 >- >-* Switch to LESS_THAN context for LibreSSL 3.3.2 >- >-While here, fix indents >- >-* Remove extra C variable declaration >- >-The variable is not actually used from Python >---- >- .github/workflows/ci.yml | 2 +- >- src/_cffi_src/openssl/cryptography.py | 7 +++++++ >- src/_cffi_src/openssl/ssl.py | 2 ++ >- 3 files changed, 10 insertions(+), 1 deletion(-) >- >-diff --git src/_cffi_src/openssl/cryptography.py src/_cffi_src/openssl/cryptography.py >-index e2b5a132..b9c7a793 100644 >---- src/_cffi_src/openssl/cryptography.py >-+++ src/_cffi_src/openssl/cryptography.py >-@@ -32,6 +32,13 @@ INCLUDES = """ >- #include <Winsock2.h> >- #endif >- >-+#if CRYPTOGRAPHY_IS_LIBRESSL >-+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 \ >-+ (LIBRESSL_VERSION_NUMBER < 0x3030200f) >-+#else >-+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 (0) >-+#endif >-+ >- #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \ >- (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL) >- >-diff --git src/_cffi_src/openssl/ssl.py src/_cffi_src/openssl/ssl.py >-index 11a7d63a..081ef041 100644 >---- src/_cffi_src/openssl/ssl.py >-+++ src/_cffi_src/openssl/ssl.py >-@@ -586,8 +586,10 @@ static const long TLS_ST_OK = 0; >- #endif >- >- #if CRYPTOGRAPHY_IS_LIBRESSL >-+#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 >- static const long SSL_OP_NO_DTLSv1 = 0; >- static const long SSL_OP_NO_DTLSv1_2 = 0; >-+#endif >- long (*DTLS_set_link_mtu)(SSL *, long) = NULL; >- long (*DTLS_get_link_min_mtu)(SSL *) = NULL; >- #endif >--- >-2.31.1 >- >diff --git a/security/py-cryptography/files/patch-Support-LibreSSL-3.4.0-6360 b/security/py-cryptography/files/patch-Support-LibreSSL-3.4.0-6360 >deleted file mode 100644 >index a8bb6dc6da43..000000000000 >--- a/security/py-cryptography/files/patch-Support-LibreSSL-3.4.0-6360 >+++ /dev/null >@@ -1,98 +0,0 @@ >-From 7a341a5d3cb9380e77b0241b5198373ab6fc355e Mon Sep 17 00:00:00 2001 >-From: Charlie Li <vishwin@users.noreply.github.com> >-Date: Sun, 3 Oct 2021 00:20:31 -0400 >-Subject: [PATCH] Support LibreSSL 3.4.0 (#6360) >- >-* Add LibreSSL 3.4.0 to CI >- >-* Add a LibreSSL 3.4.0 guard >- >-Since LibreSSL 3.4.0 makes most of the TLSv1.3 API available, redefine CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 to LibreSSL versions below 3.4.0. >- >-* DTLS_get_data_mtu does not exist in LibreSSL >- >-* Only EVP_Digest{Sign,Verify} exist in LibreSSL 3.4.0+ >- >-* SSL_CTX_{set,get}_keylog_callback does not exist in LibreSSL >- >-* Do not pollute CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 with LibreSSL >- >-While LibreSSL 3.4.0 supports more of TLSv1.3 API, the guard redefinition caused the X448 tests to run when not intended. >---- >- .github/workflows/ci.yml | 6 ++++-- >- src/_cffi_src/openssl/cryptography.py | 3 +++ >- src/_cffi_src/openssl/evp.py | 15 ++++++++++----- >- src/_cffi_src/openssl/ssl.py | 3 ++- >- 4 files changed, 19 insertions(+), 8 deletions(-) >- >-diff --git src/_cffi_src/openssl/cryptography.py src/_cffi_src/openssl/cryptography.py >-index 878d22d8..821ddc9f 100644 >---- src/_cffi_src/openssl/cryptography.py >-+++ src/_cffi_src/openssl/cryptography.py >-@@ -36,8 +36,11 @@ INCLUDES = """ >- #if CRYPTOGRAPHY_IS_LIBRESSL >- #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 \ >- (LIBRESSL_VERSION_NUMBER < 0x3030200f) >-+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 \ >-+ (LIBRESSL_VERSION_NUMBER < 0x3040000f) >- #else >- #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 (0) >-+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 (0) >- #endif >- >- #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \ >-diff --git src/_cffi_src/openssl/evp.py src/_cffi_src/openssl/evp.py >-index ab7cfeb3..cad3339a 100644 >---- src/_cffi_src/openssl/evp.py >-+++ src/_cffi_src/openssl/evp.py >-@@ -203,15 +203,21 @@ int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, const unsigned char *, >- size_t) = NULL; >- #endif >- >--#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 >-+#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 || \ >-+ (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL) >- static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 0; >--static const long Cryptography_HAS_RAW_KEY = 0; >--static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0; >--int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL; >- int (*EVP_DigestSign)(EVP_MD_CTX *, unsigned char *, size_t *, >- const unsigned char *tbs, size_t) = NULL; >- int (*EVP_DigestVerify)(EVP_MD_CTX *, const unsigned char *, size_t, >- const unsigned char *, size_t) = NULL; >-+#else >-+static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1; >-+#endif >-+ >-+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 >-+static const long Cryptography_HAS_RAW_KEY = 0; >-+static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0; >-+int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL; >- EVP_PKEY *(*EVP_PKEY_new_raw_private_key)(int, ENGINE *, const unsigned char *, >- size_t) = NULL; >- EVP_PKEY *(*EVP_PKEY_new_raw_public_key)(int, ENGINE *, const unsigned char *, >-@@ -221,7 +227,6 @@ int (*EVP_PKEY_get_raw_private_key)(const EVP_PKEY *, unsigned char *, >- int (*EVP_PKEY_get_raw_public_key)(const EVP_PKEY *, unsigned char *, >- size_t *) = NULL; >- #else >--static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1; >- static const long Cryptography_HAS_RAW_KEY = 1; >- static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 1; >- #endif >-diff --git src/_cffi_src/openssl/ssl.py src/_cffi_src/openssl/ssl.py >-index ca275e91..0830a463 100644 >---- src/_cffi_src/openssl/ssl.py >-+++ src/_cffi_src/openssl/ssl.py >-@@ -678,7 +678,8 @@ int (*SSL_set_tlsext_use_srtp)(SSL *, const char *) = NULL; >- SRTP_PROTECTION_PROFILE * (*SSL_get_selected_srtp_profile)(SSL *) = NULL; >- #endif >- >--#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 >-+#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 || \ >-+ (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL) >- static const long Cryptography_HAS_TLSv1_3 = 0; >- static const long SSL_OP_NO_TLSv1_3 = 0; >- static const long SSL_VERIFY_POST_HANDSHAKE = 0; >--- >-2.32.0 >- >diff --git a/security/py-cryptography/files/patch-setup.py b/security/py-cryptography/files/patch-setup.py >index 7e15e74dffd4..021f82fc2643 100644 >--- a/security/py-cryptography/files/patch-setup.py >+++ b/security/py-cryptography/files/patch-setup.py >@@ -1,8 +1,8 @@ >---- setup.py.orig 2021-03-25 17:19:57 UTC >+--- setup.py.orig 2022-03-15 21:36:12 UTC > +++ setup.py > @@ -10,23 +10,7 @@ import sys > >- from setuptools import find_packages, setup >+ from setuptools import setup > > -try: > - from setuptools_rust import RustExtension >@@ -24,32 +24,33 @@ > base_dir = os.path.dirname(__file__) > src_dir = os.path.join(base_dir, "src") > >-@@ -41,9 +25,8 @@ with open(os.path.join(src_dir, "cryptography", "__abo >- >- # `install_requirements` and `setup_requirements` must be kept in sync with >- # `pyproject.toml` >--setuptools_rust = "setuptools-rust>=0.11.4" >- install_requirements = ["cffi>=1.12"] >--setup_requirements = install_requirements + [setuptools_rust] >-+setup_requirements = install_requirements >- >- if os.environ.get("CRYPTOGRAPHY_DONT_BUILD_RUST"): >- rust_extensions = [] >-@@ -129,9 +112,6 @@ try: >- "twine >= 1.12.0", >- "sphinxcontrib-spelling >= 4.0.1", >- ], >-- "sdist": [ >-- setuptools_rust, >-- ], >- "pep8test": [ >- "black", >- "flake8", >-@@ -149,7 +129,6 @@ try: >+@@ -40,20 +24,6 @@ try: >+ cffi_modules=[ > "src/_cffi_src/build_openssl.py:ffi", >- "src/_cffi_src/build_padding.py:ffi", > ], >-- rust_extensions=rust_extensions, >+- rust_extensions=[ >+- RustExtension( >+- "_rust", >+- "src/rust/Cargo.toml", >+- py_limited_api=True, >+- # Enable abi3 mode if we're not using PyPy. >+- features=( >+- [] >+- if platform.python_implementation() == "PyPy" >+- else ["pyo3/abi3-py36"] >+- ), >+- rust_version=">=1.41.0", >+- ) >+- ], > ) > except: # noqa: E722 > # Note: This is a bare exception that re-raises so that we don't interfere >+@@ -83,7 +53,7 @@ except: # noqa: E722 >+ ) >+ print(f" Python: {'.'.join(str(v) for v in sys.version_info[:3])}") >+ print(f" platform: {platform.platform()}") >+- for dist in ["pip", "setuptools", "setuptools_rust"]: >++ for dist in ["pip", "setuptools"]: >+ try: >+ version = pkg_resources.get_distribution(dist).version >+ except pkg_resources.DistributionNotFound:
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=233937">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
brnrd
:
maintainer-approval?
(
sunpoet
)
Actions:
View
|
Diff
Attachments on
bug 254853
:
223896
|
225623
| 233937 |
236907
|
237172
|
237314
|
239411
|
240799
|
240959
|
241170
|
243353
|
243623
|
244442