From 32f5155d9bb0f1bd6a2656cdb9497b18a9c378cb Mon Sep 17 00:00:00 2001 From: Rozhuk Ivan Date: Mon, 10 Oct 2022 01:32:34 +0300 Subject: [PATCH] security/py-cryptography: update to 38.0.1 + rust --- security/py-cryptography/Makefile | 83 ++++- security/py-cryptography/distinfo | 114 ++++++- .../py-cryptography/files/patch-libressl35 | 317 ------------------ security/py-cryptography/files/patch-setup.py | 55 --- 4 files changed, 188 insertions(+), 381 deletions(-) delete mode 100644 security/py-cryptography/files/patch-libressl35 delete mode 100644 security/py-cryptography/files/patch-setup.py diff --git a/security/py-cryptography/Makefile b/security/py-cryptography/Makefile index 8f06002fbf3c..bea51e7989ca 100644 --- a/security/py-cryptography/Makefile +++ b/security/py-cryptography/Makefile @@ -1,9 +1,7 @@ PORTNAME= cryptography -PORTVERSION= 3.4.8 -PORTREVISION= 1 +PORTVERSION= 38.0.1 PORTEPOCH= 1 CATEGORIES= security python -MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} MAINTAINER= sunpoet@FreeBSD.org @@ -15,24 +13,92 @@ LICENSE_COMB= dual LICENSE_FILE_APACHE20= ${WRKSRC}/LICENSE.APACHE LICENSE_FILE_BSD3CLAUSE=${WRKSRC}/LICENSE.BSD -BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cffi>=1.12:devel/py-cffi@${PY_FLAVOR} +BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cffi>=1.12:devel/py-cffi@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}setuptools-rust>=1.4.0:devel/py-setuptools-rust@${PY_FLAVOR} RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cffi>=1.12:devel/py-cffi@${PY_FLAVOR} TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cryptography-vectors>=${PORTVERSION}:security/py-cryptography-vectors@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}hypothesis>=1.11.4:devel/py-hypothesis@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}iso8601>=0:devel/py-iso8601@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pretend>=0:devel/py-pretend@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}pytest-benchmark>=0:devel/py-pytest-benchmark@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pytest-cov>=0:devel/py-pytest-cov@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pytest-subtests>=0:devel/py-pytest-subtests@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pytest-xdist>=0,1:devel/py-pytest-xdist@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pytz>=0,1:devel/py-pytz@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}sqlite3>=0:databases/py-sqlite3@${PY_FLAVOR} -USES= compiler:env cpe python:3.6+ ssl +USES= cargo compiler:env cpe python:3.6+ ssl USE_PYTHON= autoplist concurrent distutils pytest +USE_GITHUB= yes +GH_ACCOUNT= pyca + +CARGO_CRATES= Inflector-0.11.4 \ + aliasable-0.1.3 \ + android_system_properties-0.1.5 \ + asn1-0.12.2 \ + asn1_derive-0.12.2 \ + autocfg-1.1.0 \ + base64-0.13.0 \ + bitflags-1.3.2 \ + bumpalo-3.10.0 \ + cfg-if-1.0.0 \ + chrono-0.4.22 \ + core-foundation-sys-0.8.3 \ + iana-time-zone-0.1.47 \ + indoc-0.3.6 \ + indoc-impl-0.3.6 \ + instant-0.1.12 \ + js-sys-0.3.59 \ + libc-0.2.132 \ + lock_api-0.4.8 \ + log-0.4.17 \ + num-integer-0.1.45 \ + num-traits-0.2.15 \ + once_cell-1.14.0 \ + ouroboros-0.15.4 \ + ouroboros_macro-0.15.4 \ + parking_lot-0.11.2 \ + parking_lot_core-0.8.5 \ + paste-0.1.18 \ + paste-impl-0.1.18 \ + pem-1.1.0 \ + proc-macro-error-1.0.4 \ + proc-macro-error-attr-1.0.4 \ + proc-macro-hack-0.5.19 \ + proc-macro2-1.0.43 \ + pyo3-0.15.2 \ + pyo3-build-config-0.15.2 \ + pyo3-macros-0.15.2 \ + pyo3-macros-backend-0.15.2 \ + quote-1.0.21 \ + redox_syscall-0.2.16 \ + scopeguard-1.1.0 \ + smallvec-1.9.0 \ + syn-1.0.99 \ + unicode-ident-1.0.3 \ + unindent-0.1.10 \ + version_check-0.9.4 \ + wasm-bindgen-0.2.82 \ + wasm-bindgen-backend-0.2.82 \ + wasm-bindgen-macro-0.2.82 \ + wasm-bindgen-macro-support-0.2.82 \ + wasm-bindgen-shared-0.2.82 \ + winapi-0.3.9 \ + winapi-i686-pc-windows-gnu-0.4.0 \ + winapi-x86_64-pc-windows-gnu-0.4.0 + +CARGO_CARGOTOML= ${WRKSRC}/src/rust/Cargo.toml +CARGO_CARGOLOCK= ${WRKSRC}/src/rust/Cargo.lock +CARGO_BUILD= no +CARGO_INSTALL= no +CARGO_TEST= no +CARGO_TARGET_DIR=${WRKSRC}/target +MAKE_ENV= ${CARGO_ENV} +BINARY_ALIAS= python3=${PYTHON_CMD} + CFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} -MAKE_ENV= CRYPTOGRAPHY_DONT_BUILD_RUST=1 TEST_ENV= PYTHONPATH=${STAGEDIR}${PYTHON_SITELIBDIR} CPE_VENDOR= cryptography_project @@ -46,5 +112,10 @@ post-patch: post-install: ${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -name '*.so' -exec ${STRIP_CMD} {} + + # Regenerate .PLIST.pymodtemp to get all installed files from + # ${STAGEDIR}. + @${FIND} ${STAGEDIR} -type f -o -type l | \ + ${SORT} | ${SED} -e 's|${STAGEDIR}||' \ + > ${WRKDIR}/.PLIST.pymodtmp .include diff --git a/security/py-cryptography/distinfo b/security/py-cryptography/distinfo index cb800cc11b12..39ee936323b4 100644 --- a/security/py-cryptography/distinfo +++ b/security/py-cryptography/distinfo @@ -1,3 +1,111 @@ -TIMESTAMP = 1652122693 -SHA256 (cryptography-3.4.8.tar.gz) = 94cc5ed4ceaefcbe5bf38c8fba6a21fc1d365bb8fb826ea1688e3370b2e24a1c -SIZE (cryptography-3.4.8.tar.gz) = 546907 +TIMESTAMP = 1665354485 +SHA256 (rust/crates/Inflector-0.11.4.crate) = fe438c63458706e03479442743baae6c88256498e6431708f6dfc520a26515d3 +SIZE (rust/crates/Inflector-0.11.4.crate) = 17438 +SHA256 (rust/crates/aliasable-0.1.3.crate) = 250f629c0161ad8107cf89319e990051fae62832fd343083bea452d93e2205fd +SIZE (rust/crates/aliasable-0.1.3.crate) = 6169 +SHA256 (rust/crates/android_system_properties-0.1.5.crate) = 819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311 +SIZE (rust/crates/android_system_properties-0.1.5.crate) = 5243 +SHA256 (rust/crates/asn1-0.12.2.crate) = 22c27c85cd71c1bf4373c7c1aa752b73d2df799277c0930af16fffbf3444f210 +SIZE (rust/crates/asn1-0.12.2.crate) = 33145 +SHA256 (rust/crates/asn1_derive-0.12.2.crate) = d48d1854a01241e8d22f8f5ae4e2dc332f66c5946e1772f5576886d83e18e1b7 +SIZE (rust/crates/asn1_derive-0.12.2.crate) = 4914 +SHA256 (rust/crates/autocfg-1.1.0.crate) = d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa +SIZE (rust/crates/autocfg-1.1.0.crate) = 13272 +SHA256 (rust/crates/base64-0.13.0.crate) = 904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd +SIZE (rust/crates/base64-0.13.0.crate) = 62070 +SHA256 (rust/crates/bitflags-1.3.2.crate) = bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a +SIZE (rust/crates/bitflags-1.3.2.crate) = 23021 +SHA256 (rust/crates/bumpalo-3.10.0.crate) = 37ccbd214614c6783386c1af30caf03192f17891059cecc394b4fb119e363de3 +SIZE (rust/crates/bumpalo-3.10.0.crate) = 78915 +SHA256 (rust/crates/cfg-if-1.0.0.crate) = baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd +SIZE (rust/crates/cfg-if-1.0.0.crate) = 7934 +SHA256 (rust/crates/chrono-0.4.22.crate) = bfd4d1b31faaa3a89d7934dbded3111da0d2ef28e3ebccdb4f0179f5929d1ef1 +SIZE (rust/crates/chrono-0.4.22.crate) = 185570 +SHA256 (rust/crates/core-foundation-sys-0.8.3.crate) = 5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc +SIZE (rust/crates/core-foundation-sys-0.8.3.crate) = 17519 +SHA256 (rust/crates/iana-time-zone-0.1.47.crate) = 4c495f162af0bf17656d0014a0eded5f3cd2f365fdd204548c2869db89359dc7 +SIZE (rust/crates/iana-time-zone-0.1.47.crate) = 16974 +SHA256 (rust/crates/indoc-0.3.6.crate) = 47741a8bc60fb26eb8d6e0238bbb26d8575ff623fdc97b1a2c00c050b9684ed8 +SIZE (rust/crates/indoc-0.3.6.crate) = 9663 +SHA256 (rust/crates/indoc-impl-0.3.6.crate) = ce046d161f000fffde5f432a0d034d0341dc152643b2598ed5bfce44c4f3a8f0 +SIZE (rust/crates/indoc-impl-0.3.6.crate) = 7933 +SHA256 (rust/crates/instant-0.1.12.crate) = 7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c +SIZE (rust/crates/instant-0.1.12.crate) = 6128 +SHA256 (rust/crates/js-sys-0.3.59.crate) = 258451ab10b34f8af53416d1fdab72c22e805f0c92a1136d59470ec0b11138b2 +SIZE (rust/crates/js-sys-0.3.59.crate) = 78849 +SHA256 (rust/crates/libc-0.2.132.crate) = 8371e4e5341c3a96db127eb2465ac681ced4c433e01dd0e938adbef26ba93ba5 +SIZE (rust/crates/libc-0.2.132.crate) = 595317 +SHA256 (rust/crates/lock_api-0.4.8.crate) = 9f80bf5aacaf25cbfc8210d1cfb718f2bf3b11c4c54e5afe36c236853a8ec390 +SIZE (rust/crates/lock_api-0.4.8.crate) = 25677 +SHA256 (rust/crates/log-0.4.17.crate) = abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e +SIZE (rust/crates/log-0.4.17.crate) = 38028 +SHA256 (rust/crates/num-integer-0.1.45.crate) = 225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9 +SIZE (rust/crates/num-integer-0.1.45.crate) = 22529 +SHA256 (rust/crates/num-traits-0.2.15.crate) = 578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd +SIZE (rust/crates/num-traits-0.2.15.crate) = 49262 +SHA256 (rust/crates/once_cell-1.14.0.crate) = 2f7254b99e31cad77da24b08ebf628882739a608578bb1bcdfc1f9c21260d7c0 +SIZE (rust/crates/once_cell-1.14.0.crate) = 31614 +SHA256 (rust/crates/ouroboros-0.15.4.crate) = 7f56a2b0aa5fc88687aaf63e85a7974422790ce3419a2e1a15870f8a55227822 +SIZE (rust/crates/ouroboros-0.15.4.crate) = 11179 +SHA256 (rust/crates/ouroboros_macro-0.15.4.crate) = 6c40641e27d0eb38cae3dee081d920104d2db47a8e853c1a592ef68d33f5ebf4 +SIZE (rust/crates/ouroboros_macro-0.15.4.crate) = 20732 +SHA256 (rust/crates/parking_lot-0.11.2.crate) = 7d17b78036a60663b797adeaee46f5c9dfebb86948d1255007a1d6be0271ff99 +SIZE (rust/crates/parking_lot-0.11.2.crate) = 39869 +SHA256 (rust/crates/parking_lot_core-0.8.5.crate) = d76e8e1493bcac0d2766c42737f34458f1c8c50c0d23bcb24ea953affb273216 +SIZE (rust/crates/parking_lot_core-0.8.5.crate) = 32466 +SHA256 (rust/crates/paste-0.1.18.crate) = 45ca20c77d80be666aef2b45486da86238fabe33e38306bd3118fe4af33fa880 +SIZE (rust/crates/paste-0.1.18.crate) = 12259 +SHA256 (rust/crates/paste-impl-0.1.18.crate) = d95a7db200b97ef370c8e6de0088252f7e0dfff7d047a28528e47456c0fc98b6 +SIZE (rust/crates/paste-impl-0.1.18.crate) = 9451 +SHA256 (rust/crates/pem-1.1.0.crate) = 03c64931a1a212348ec4f3b4362585eca7159d0d09cbdf4a7f74f02173596fd4 +SIZE (rust/crates/pem-1.1.0.crate) = 10805 +SHA256 (rust/crates/proc-macro-error-1.0.4.crate) = da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c +SIZE (rust/crates/proc-macro-error-1.0.4.crate) = 25293 +SHA256 (rust/crates/proc-macro-error-attr-1.0.4.crate) = a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869 +SIZE (rust/crates/proc-macro-error-attr-1.0.4.crate) = 7971 +SHA256 (rust/crates/proc-macro-hack-0.5.19.crate) = dbf0c48bc1d91375ae5c3cd81e3722dff1abcf81a30960240640d223f59fe0e5 +SIZE (rust/crates/proc-macro-hack-0.5.19.crate) = 15556 +SHA256 (rust/crates/proc-macro2-1.0.43.crate) = 0a2ca2c61bc9f3d74d2886294ab7b9853abd9c1ad903a3ac7815c58989bb7bab +SIZE (rust/crates/proc-macro2-1.0.43.crate) = 41512 +SHA256 (rust/crates/pyo3-0.15.2.crate) = d41d50a7271e08c7c8a54cd24af5d62f73ee3a6f6a314215281ebdec421d5752 +SIZE (rust/crates/pyo3-0.15.2.crate) = 371382 +SHA256 (rust/crates/pyo3-build-config-0.15.2.crate) = 779239fc40b8e18bc8416d3a37d280ca9b9fb04bda54b98037bb6748595c2410 +SIZE (rust/crates/pyo3-build-config-0.15.2.crate) = 22235 +SHA256 (rust/crates/pyo3-macros-0.15.2.crate) = 00b247e8c664be87998d8628e86f282c25066165f1f8dda66100c48202fdb93a +SIZE (rust/crates/pyo3-macros-0.15.2.crate) = 7596 +SHA256 (rust/crates/pyo3-macros-backend-0.15.2.crate) = 5a8c2812c412e00e641d99eeb79dd478317d981d938aa60325dfa7157b607095 +SIZE (rust/crates/pyo3-macros-backend-0.15.2.crate) = 46112 +SHA256 (rust/crates/quote-1.0.21.crate) = bbe448f377a7d6961e30f5955f9b8d106c3f5e449d493ee1b125c1d43c2b5179 +SIZE (rust/crates/quote-1.0.21.crate) = 28030 +SHA256 (rust/crates/redox_syscall-0.2.16.crate) = fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a +SIZE (rust/crates/redox_syscall-0.2.16.crate) = 24012 +SHA256 (rust/crates/scopeguard-1.1.0.crate) = d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd +SIZE (rust/crates/scopeguard-1.1.0.crate) = 11470 +SHA256 (rust/crates/smallvec-1.9.0.crate) = 2fd0db749597d91ff862fd1d55ea87f7855a744a8425a64695b6fca237d1dad1 +SIZE (rust/crates/smallvec-1.9.0.crate) = 28396 +SHA256 (rust/crates/syn-1.0.99.crate) = 58dbef6ec655055e20b86b15a8cc6d439cca19b667537ac6a1369572d151ab13 +SIZE (rust/crates/syn-1.0.99.crate) = 236084 +SHA256 (rust/crates/unicode-ident-1.0.3.crate) = c4f5b37a154999a8f3f98cc23a628d850e154479cd94decf3414696e12e31aaf +SIZE (rust/crates/unicode-ident-1.0.3.crate) = 35031 +SHA256 (rust/crates/unindent-0.1.10.crate) = 58ee9362deb4a96cef4d437d1ad49cffc9b9e92d202b6995674e928ce684f112 +SIZE (rust/crates/unindent-0.1.10.crate) = 7703 +SHA256 (rust/crates/version_check-0.9.4.crate) = 49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f +SIZE (rust/crates/version_check-0.9.4.crate) = 14895 +SHA256 (rust/crates/wasm-bindgen-0.2.82.crate) = fc7652e3f6c4706c8d9cd54832c4a4ccb9b5336e2c3bd154d5cccfbf1c1f5f7d +SIZE (rust/crates/wasm-bindgen-0.2.82.crate) = 166376 +SHA256 (rust/crates/wasm-bindgen-backend-0.2.82.crate) = 662cd44805586bd52971b9586b1df85cdbbd9112e4ef4d8f41559c334dc6ac3f +SIZE (rust/crates/wasm-bindgen-backend-0.2.82.crate) = 25764 +SHA256 (rust/crates/wasm-bindgen-macro-0.2.82.crate) = b260f13d3012071dfb1512849c033b1925038373aea48ced3012c09df952c602 +SIZE (rust/crates/wasm-bindgen-macro-0.2.82.crate) = 11808 +SHA256 (rust/crates/wasm-bindgen-macro-support-0.2.82.crate) = 5be8e654bdd9b79216c2929ab90721aa82faf65c48cdf08bdc4e7f51357b80da +SIZE (rust/crates/wasm-bindgen-macro-support-0.2.82.crate) = 18529 +SHA256 (rust/crates/wasm-bindgen-shared-0.2.82.crate) = 6598dd0bd3c7d51095ff6531a5b23e02acdc81804e30d8f07afb77b7215a140a +SIZE (rust/crates/wasm-bindgen-shared-0.2.82.crate) = 7197 +SHA256 (rust/crates/winapi-0.3.9.crate) = 5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419 +SIZE (rust/crates/winapi-0.3.9.crate) = 1200382 +SHA256 (rust/crates/winapi-i686-pc-windows-gnu-0.4.0.crate) = ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6 +SIZE (rust/crates/winapi-i686-pc-windows-gnu-0.4.0.crate) = 2918815 +SHA256 (rust/crates/winapi-x86_64-pc-windows-gnu-0.4.0.crate) = 712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f +SIZE (rust/crates/winapi-x86_64-pc-windows-gnu-0.4.0.crate) = 2947998 +SHA256 (pyca-cryptography-38.0.1_GH0.tar.gz) = 4d2e2b3192cd3767bdb68c22dd40c07a1deb209a05daee21df74fbf2df8bfbed +SIZE (pyca-cryptography-38.0.1_GH0.tar.gz) = 35900362 diff --git a/security/py-cryptography/files/patch-libressl35 b/security/py-cryptography/files/patch-libressl35 deleted file mode 100644 index 84c9f44a3350..000000000000 --- a/security/py-cryptography/files/patch-libressl35 +++ /dev/null @@ -1,317 +0,0 @@ ---- src/_cffi_src/openssl/cryptography.py.orig 2022-10-17 10:52:36 UTC -+++ src/_cffi_src/openssl/cryptography.py -@@ -33,17 +33,17 @@ INCLUDES = """ - #endif - - #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \ -- (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL) -+ OPENSSL_VERSION_NUMBER >= 0x1010006f - - #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \ -- (OPENSSL_VERSION_NUMBER < 0x101000af || CRYPTOGRAPHY_IS_LIBRESSL) -+ OPENSSL_VERSION_NUMBER < 0x101000af - #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 \ -- (OPENSSL_VERSION_NUMBER < 0x10101000 || CRYPTOGRAPHY_IS_LIBRESSL) -+ OPENSSL_VERSION_NUMBER < 0x10101000 - #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B \ -- (OPENSSL_VERSION_NUMBER < 0x10101020 || CRYPTOGRAPHY_IS_LIBRESSL) -+ OPENSSL_VERSION_NUMBER < 0x10101020 - #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111D \ -- (OPENSSL_VERSION_NUMBER < 0x10101040 || CRYPTOGRAPHY_IS_LIBRESSL) --#if (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111D && !CRYPTOGRAPHY_IS_LIBRESSL && \ -+ OPENSSL_VERSION_NUMBER < 0x10101040 -+#if (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111D && \ - !defined(OPENSSL_NO_ENGINE)) || defined(USE_OSRANDOM_RNG_FOR_TESTING) - #define CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE 1 - #else ---- src/_cffi_src/openssl/dh.py.orig 2022-10-17 11:10:57 UTC -+++ src/_cffi_src/openssl/dh.py -@@ -37,117 +37,9 @@ int Cryptography_i2d_DHxparams_bio(BIO *bp, DH *x); - """ - - CUSTOMIZATIONS = """ --#if CRYPTOGRAPHY_IS_LIBRESSL --#ifndef DH_CHECK_Q_NOT_PRIME --#define DH_CHECK_Q_NOT_PRIME 0x10 --#endif -- --#ifndef DH_CHECK_INVALID_Q_VALUE --#define DH_CHECK_INVALID_Q_VALUE 0x20 --#endif -- --#ifndef DH_CHECK_INVALID_J_VALUE --#define DH_CHECK_INVALID_J_VALUE 0x40 --#endif -- --/* DH_check implementation taken from OpenSSL 1.1.0pre6 */ -- --/*- -- * Check that p is a safe prime and -- * if g is 2, 3 or 5, check that it is a suitable generator -- * where -- * for 2, p mod 24 == 11 -- * for 3, p mod 12 == 5 -- * for 5, p mod 10 == 3 or 7 -- * should hold. -- */ -- --int Cryptography_DH_check(const DH *dh, int *ret) --{ -- int ok = 0, r; -- BN_CTX *ctx = NULL; -- BN_ULONG l; -- BIGNUM *t1 = NULL, *t2 = NULL; -- -- *ret = 0; -- ctx = BN_CTX_new(); -- if (ctx == NULL) -- goto err; -- BN_CTX_start(ctx); -- t1 = BN_CTX_get(ctx); -- if (t1 == NULL) -- goto err; -- t2 = BN_CTX_get(ctx); -- if (t2 == NULL) -- goto err; -- -- if (dh->q) { -- if (BN_cmp(dh->g, BN_value_one()) <= 0) -- *ret |= DH_NOT_SUITABLE_GENERATOR; -- else if (BN_cmp(dh->g, dh->p) >= 0) -- *ret |= DH_NOT_SUITABLE_GENERATOR; -- else { -- /* Check g^q == 1 mod p */ -- if (!BN_mod_exp(t1, dh->g, dh->q, dh->p, ctx)) -- goto err; -- if (!BN_is_one(t1)) -- *ret |= DH_NOT_SUITABLE_GENERATOR; -- } -- r = BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL); -- if (r < 0) -- goto err; -- if (!r) -- *ret |= DH_CHECK_Q_NOT_PRIME; -- /* Check p == 1 mod q i.e. q divides p - 1 */ -- if (!BN_div(t1, t2, dh->p, dh->q, ctx)) -- goto err; -- if (!BN_is_one(t2)) -- *ret |= DH_CHECK_INVALID_Q_VALUE; -- if (dh->j && BN_cmp(dh->j, t1)) -- *ret |= DH_CHECK_INVALID_J_VALUE; -- -- } else if (BN_is_word(dh->g, DH_GENERATOR_2)) { -- l = BN_mod_word(dh->p, 24); -- if (l == (BN_ULONG)-1) -- goto err; -- if (l != 11) -- *ret |= DH_NOT_SUITABLE_GENERATOR; -- } else if (BN_is_word(dh->g, DH_GENERATOR_5)) { -- l = BN_mod_word(dh->p, 10); -- if (l == (BN_ULONG)-1) -- goto err; -- if ((l != 3) && (l != 7)) -- *ret |= DH_NOT_SUITABLE_GENERATOR; -- } else -- *ret |= DH_UNABLE_TO_CHECK_GENERATOR; -- -- r = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL); -- if (r < 0) -- goto err; -- if (!r) -- *ret |= DH_CHECK_P_NOT_PRIME; -- else if (!dh->q) { -- if (!BN_rshift1(t1, dh->p)) -- goto err; -- r = BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL); -- if (r < 0) -- goto err; -- if (!r) -- *ret |= DH_CHECK_P_NOT_SAFE_PRIME; -- } -- ok = 1; -- err: -- if (ctx != NULL) { -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -- } -- return (ok); --} --#else - int Cryptography_DH_check(const DH *dh, int *ret) { - return DH_check(dh, ret); - } --#endif - - /* These functions were added in OpenSSL 1.1.0f commit d0c50e80a8 */ - /* Define our own to simplify support across all versions. */ ---- src/_cffi_src/openssl/evp.py.orig 2023-02-24 07:28:50 UTC -+++ src/_cffi_src/openssl/evp.py -@@ -203,7 +203,20 @@ int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, cons - size_t) = NULL; - #endif - --#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 -+#if CRYPTOGRAPHY_IS_LIBRESSL -+static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1; -+static const long Cryptography_HAS_RAW_KEY = 0; -+static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0; -+int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL; -+EVP_PKEY *(*EVP_PKEY_new_raw_private_key)(int, ENGINE *, const unsigned char *, -+ size_t) = NULL; -+EVP_PKEY *(*EVP_PKEY_new_raw_public_key)(int, ENGINE *, const unsigned char *, -+ size_t) = NULL; -+int (*EVP_PKEY_get_raw_private_key)(const EVP_PKEY *, unsigned char *, -+ size_t *) = NULL; -+int (*EVP_PKEY_get_raw_public_key)(const EVP_PKEY *, unsigned char *, -+ size_t *) = NULL; -+#elif CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 - static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 0; - static const long Cryptography_HAS_RAW_KEY = 0; - static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0; ---- src/_cffi_src/openssl/fips.py.orig 2022-10-17 11:12:47 UTC -+++ src/_cffi_src/openssl/fips.py -@@ -17,11 +17,5 @@ int FIPS_mode(void); - """ - - CUSTOMIZATIONS = """ --#if CRYPTOGRAPHY_IS_LIBRESSL --static const long Cryptography_HAS_FIPS = 0; --int (*FIPS_mode_set)(int) = NULL; --int (*FIPS_mode)(void) = NULL; --#else - static const long Cryptography_HAS_FIPS = 1; --#endif - """ ---- src/_cffi_src/openssl/ocsp.py.orig 2022-10-17 11:14:50 UTC -+++ src/_cffi_src/openssl/ocsp.py -@@ -77,7 +77,6 @@ int i2d_OCSP_RESPDATA(OCSP_RESPDATA *, unsigned char * - - CUSTOMIZATIONS = """ - #if ( \ -- !CRYPTOGRAPHY_IS_LIBRESSL && \ - CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \ - ) - /* These structs come from ocsp_lcl.h and are needed to de-opaque the struct -@@ -104,62 +103,15 @@ struct ocsp_basic_response_st { - }; - #endif - --#if CRYPTOGRAPHY_IS_LIBRESSL --/* These functions are all taken from ocsp_cl.c in OpenSSL 1.1.0 */ --const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single) --{ -- return single->certId; --} --const Cryptography_STACK_OF_X509 *OCSP_resp_get0_certs( -- const OCSP_BASICRESP *bs) --{ -- return bs->certs; --} --int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, -- const ASN1_OCTET_STRING **pid, -- const X509_NAME **pname) --{ -- const OCSP_RESPID *rid = bs->tbsResponseData->responderId; -- -- if (rid->type == V_OCSP_RESPID_NAME) { -- *pname = rid->value.byName; -- *pid = NULL; -- } else if (rid->type == V_OCSP_RESPID_KEY) { -- *pid = rid->value.byKey; -- *pname = NULL; -- } else { -- return 0; -- } -- return 1; --} --const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at( -- const OCSP_BASICRESP* bs) --{ -- return bs->tbsResponseData->producedAt; --} --const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs) --{ -- return bs->signature; --} --#endif -- - #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J - const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs) - { --#if CRYPTOGRAPHY_IS_LIBRESSL -- return bs->signatureAlgorithm; --#else - return &bs->signatureAlgorithm; --#endif - } - - const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs) - { --#if CRYPTOGRAPHY_IS_LIBRESSL -- return bs->tbsResponseData; --#else - return &bs->tbsResponseData; --#endif - } - #endif - """ ---- src/_cffi_src/openssl/ssl.py.orig 2022-10-17 11:17:08 UTC -+++ src/_cffi_src/openssl/ssl.py -@@ -515,12 +515,7 @@ CUSTOMIZATIONS = """ - // users have upgraded. PersistentlyDeprecated2020 - static const long Cryptography_HAS_TLSEXT_HOSTNAME = 1; - --#if CRYPTOGRAPHY_IS_LIBRESSL --static const long Cryptography_HAS_VERIFIED_CHAIN = 0; --Cryptography_STACK_OF_X509 *(*SSL_get0_verified_chain)(const SSL *) = NULL; --#else - static const long Cryptography_HAS_VERIFIED_CHAIN = 1; --#endif - - #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 - static const long Cryptography_HAS_KEYLOG = 0; -@@ -586,8 +581,6 @@ static const long Cryptography_HAS_TLS_ST = 1; - #endif - - #if CRYPTOGRAPHY_IS_LIBRESSL --static const long SSL_OP_NO_DTLSv1 = 0; --static const long SSL_OP_NO_DTLSv1_2 = 0; - long (*DTLS_set_link_mtu)(SSL *, long) = NULL; - long (*DTLS_get_link_min_mtu)(SSL *) = NULL; - #endif ---- src/_cffi_src/openssl/x509.py.orig 2022-10-17 11:26:23 UTC -+++ src/_cffi_src/openssl/x509.py -@@ -276,33 +276,8 @@ void X509_REQ_get0_signature(const X509_REQ *, const A - """ - - CUSTOMIZATIONS = """ --#if CRYPTOGRAPHY_IS_LIBRESSL --int i2d_re_X509_tbs(X509 *x, unsigned char **pp) --{ -- /* in 1.0.2+ this function also sets x->cert_info->enc.modified = 1 -- but older OpenSSLs don't have the enc ASN1_ENCODING member in the -- X509 struct. Setting modified to 1 marks the encoding -- (x->cert_info->enc.enc) as invalid, but since the entire struct isn't -- present we don't care. */ -- return i2d_X509_CINF(x->cert_info, pp); --} --#endif -- - /* Being kept around for pyOpenSSL */ - X509_REVOKED *Cryptography_X509_REVOKED_dup(X509_REVOKED *rev) { - return X509_REVOKED_dup(rev); - } --/* Added in 1.1.0 but we need it in all versions now due to the great -- opaquing. */ --#if CRYPTOGRAPHY_IS_LIBRESSL --int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) --{ -- req->req_info->enc.modified = 1; -- return i2d_X509_REQ_INFO(req->req_info, pp); --} --int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) { -- crl->crl->enc.modified = 1; -- return i2d_X509_CRL_INFO(crl->crl, pp); --} --#endif - """ diff --git a/security/py-cryptography/files/patch-setup.py b/security/py-cryptography/files/patch-setup.py deleted file mode 100644 index 7e15e74dffd4..000000000000 --- a/security/py-cryptography/files/patch-setup.py +++ /dev/null @@ -1,55 +0,0 @@ ---- setup.py.orig 2021-03-25 17:19:57 UTC -+++ setup.py -@@ -10,23 +10,7 @@ import sys - - from setuptools import find_packages, setup - --try: -- from setuptools_rust import RustExtension --except ImportError: -- print( -- """ -- =============================DEBUG ASSISTANCE========================== -- If you are seeing an error here please try the following to -- successfully install cryptography: - -- Upgrade to the latest pip and try again. This will fix errors for most -- users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip -- =============================DEBUG ASSISTANCE========================== -- """ -- ) -- raise -- -- - base_dir = os.path.dirname(__file__) - src_dir = os.path.join(base_dir, "src") - -@@ -41,9 +25,8 @@ with open(os.path.join(src_dir, "cryptography", "__abo - - # `install_requirements` and `setup_requirements` must be kept in sync with - # `pyproject.toml` --setuptools_rust = "setuptools-rust>=0.11.4" - install_requirements = ["cffi>=1.12"] --setup_requirements = install_requirements + [setuptools_rust] -+setup_requirements = install_requirements - - if os.environ.get("CRYPTOGRAPHY_DONT_BUILD_RUST"): - rust_extensions = [] -@@ -129,9 +112,6 @@ try: - "twine >= 1.12.0", - "sphinxcontrib-spelling >= 4.0.1", - ], -- "sdist": [ -- setuptools_rust, -- ], - "pep8test": [ - "black", - "flake8", -@@ -149,7 +129,6 @@ try: - "src/_cffi_src/build_openssl.py:ffi", - "src/_cffi_src/build_padding.py:ffi", - ], -- rust_extensions=rust_extensions, - ) - except: # noqa: E722 - # Note: This is a bare exception that re-raises so that we don't interfere