Bug 237006 - security/py-openssl: update to 19.0.0
Summary: security/py-openssl: update to 19.0.0
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Kai Knoblich
URL: https://github.com/pyca/pyopenssl/blo...
Keywords:
Depends on: 239540
Blocks:
  Show dependency treegraph
 
Reported: 2019-04-04 07:39 UTC by timp87
Modified: 2019-08-06 10:20 UTC (History)
2 users (show)

See Also:
sbz: maintainer-feedback+


Attachments
port patch (967 bytes, patch)
2019-04-04 07:39 UTC, timp87
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description timp87 2019-04-04 07:39:37 UTC
Created attachment 203369 [details]
port patch

Update security/py-openssl to 19.0.0
Changelog https://pyopenssl.org/en/stable/changelog.html
Comment 1 Kai Knoblich freebsd_committer 2019-07-03 06:11:38 UTC
Take this PR due maintainer timeout.
Comment 2 Sofian Brabez freebsd_committer 2019-07-03 20:52:41 UTC
Hi Kai,

Patch LGTM. Approved. You can commit it, thanks!
Comment 3 Kai Knoblich freebsd_committer 2019-07-30 19:23:54 UTC
(In reply to Sofian Brabez from comment #2)

Hi Sofian, thank you for the approval and thanks to timp87@gmail.com for submitting the patch. Here's a list of ports that depends on security/py-openssl (just for the record):

audio/py-gmusicapi: N/A  ->  Not defined anywhere
databases/py-riak: >=0.14  ->  setup.py
devel/py-aiortc: N/A  ->  Given as 'pyopenssl' in setup.py
devel/py-epsilon: >=0.13  ->  setup.py
devel/py-foolscap: N/A  ->  Given as 'pyOpenSSL' in setup.py
finance/py-stripe: N/A  ->  For Python 2.7 only due requests[security] in setup.py
finance/trytond28: N/A  ->  Not defined anywhere but required in the sources
ftp/py-pyftpdlib: N/A  ->  Given as 'PyOpenSSL' in setup.py
misc/py-glance: >=16.2.0  ->  requirements.txt
misc/veles: N/A  ->  Given as 'PyOpenSSL' in python/requirements.txt
multimedia/syncplay: N/A  ->  Not defined anywhere but required in the sources
multimedia/tautulli: N/A  ->  Not defined anywhere but required in the sources
net-im/gajim: >=0.12  ->  Given in setup.cfg
net-im/proxy65: N/A  ->  Not defined anywhere, only referenced in the Readme
net-im/py-matrix-synapse: >=  ->  synapse/python_requirements.py
net-im/py-nbxmpp: N/A  ->  Not defined anywhere but required in the sources
net-p2p/couchpotato: N/A  ->  No specific version defined but required in the sources
net-p2p/deluge-cli: N/A  ->  No specific version defined but required in the sources
net-p2p/py-vertex: >=0.13  ->  setup.py
net/py-ldaptor: N/A  ->  No specific version defined but required in the sources
net/py-ndg_httpsclient: N/A  ->  Given as 'PyOpenSSL' in setup.py
net/py-netlib: >=0.12  ->  setup.py
net/py-python-glanceclient: >=16.2.0  ->  requirements.txt
net/py-ripe.atlas.tools: >=0.13  ->  setup.py
net/py-urllib3: >=0.14  ->  setup.py
security/cowrie: N/A  ->  Given as 'pyopenssl' in setup.py
security/py-acme: >=0.13.1  ->  setup.py
security/py-certbot: N/A  ->  Noted in setup.py
security/py-certbot-nginx: N/A  ->  Given as 'PyOpenSSL' in setup.py
security/py-gpsoauth: N/A  ->  No specific version defined anywhere and might not be required
security/py-josepy: >=0.13  ->  setup.py
security/py-pyelliptic: N/A  ->  No specific version defined but required in the sources
security/py-pysaml2: N/A  ->  No specific version defined but required in the sources
security/py-requests-credssp: >=16.0.0  ->  setup.py
security/py-sslstrip: >=0  ->  No specific version defined but required in the sources
security/py-trustme: >=19.0.0  ->  test-requirements.txt
security/py-yubikey-manager: N/A  ->  Given as 'pyopenssl' in setup.py
security/spike-proxy: N/A  ->  No specific version defined but required in the sources
security/w3af: N/A  ->  No specific version defined but required in the sources
sysutils/py-azure-cli-appservice: N/A  ->  Given as 'pyOpenSSL' in setup.py
sysutils/py-azure-cli-core: >=17.1.0  ->  setup.py
sysutils/py-azure-cli-dms: N/A  ->  Given as 'pyOpenSSL' in setup.py
sysutils/py-azure-cli-iot: N/A  ->  Given as 'pyOpenSSL' in setup.py
sysutils/py-azure-cli-keyvault: N/A  ->  Given as 'pyOpenSSL' in setup.py
sysutils/py-azure-cli-servicefabric: N/A  ->  Given as 'pyOpenSSL' in setup.py
www/butterfly: N/A  ->  Given as 'pyOpenSSL' in setup.py
www/calendarserver: >=0.15.1  ->  setup.py
www/mitmproxy: >=17.5,<18.1  ->  setup.py (builds fine but gives errors at runtime as expected)
www/py-autobahn: >=16.2.0  ->  setup.py
www/py-google-api-python-client: N/A  ->  No specific version defined but required in the sources
www/py-scrapy: N/A  ->  Given as 'pyOpenSSL' in setup.py
www/py-treq: N/A  ->  No specific version defined but required in the sources
www/py-werkzeug: N/A  ->  No specific version defined but required in the sources
www/searx: ==18.0.0  ->  requirements.txt, patched out to ">=" to remove the hard limit (no action required)

One port, www/mitmproxy, needs to be patched before security/py-openssl 19.0.0 can land. 

The following ports of the list from above make explicit use of the "X509Store.add_cert" function that has changed slightly in 19.0.0. It produces no longer an error if a duplicate cert is added to the cert store:

- net-im/gajim
- net-im/py-nbxmpp
- security/py-trustme
- www/mitmproxy

As far I can see from the sources this shouldn't lead to any problems during runtime.
Comment 4 commit-hook freebsd_committer 2019-08-05 09:11:36 UTC
A commit references this bug:

Author: kai
Date: Mon Aug  5 09:11:11 UTC 2019
New revision: 508146
URL: https://svnweb.freebsd.org/changeset/ports/508146

Log:
  security/py-openssl: Update to 19.0.0

  While I'm here:
  * Improve the "do-test" target to easen future QA and add the required
    dependencies for it.
  * Sort variables a bit according to the PHB to pet portclippy/portlint.

  Changelog:

  Backward-incompatible changes:

  * X509Store.add_cert no longer raises an error if one add a duplicate cert

  * pyOpenSSL now works with OpenSSL 1.1.1
  * pyOpenSSL now handles NUL bytes in X509Name.get_components()

  PR:		237006
  Submitted by:	timp87@gmail.com (based on)
  Approved by:	sbz (maintainer)

Changes:
  head/security/py-openssl/Makefile
  head/security/py-openssl/distinfo
Comment 5 Kai Knoblich freebsd_committer 2019-08-05 09:21:00 UTC
Committed, thank you both for the patch and the approval!

Just for the record, here are the test results from "make test":

11.2-, 11.3-, 12.0-RELEASE, 13.0-CURRENT@r349352 amd64:
- py36: 483 passed, 14 skipped, 2 deselected, 20 warnings
- py27: 496 passed, 1 skipped, 2 deselected, 17 warnings

11.2-, 11.3-, 12.0-RELEASE, 13.0-CURRENT@r349352 i386:
- py36: 482 passed, 15 skipped, 2 deselected, 20 warnings
- py27: 495 passed, 2 skipped, 2 deselected, 17 warnings
Comment 6 commit-hook freebsd_committer 2019-08-06 10:20:11 UTC
A commit references this bug:

Author: kai
Date: Tue Aug  6 10:19:32 UTC 2019
New revision: 508245
URL: https://svnweb.freebsd.org/changeset/ports/508245

Log:
  MFH: r508128 r508146

  [NEW PORT] devel/py-flaky

  * Merge devel/py-flaky to 2019Q3 to cover the TEST_DEPENDS for
    security/py-openssl.

  security/py-openssl: Update to 19.0.0

  While I'm here:
  * Improve the "do-test" target to easen future QA and add the required
    dependencies for it.
  * Sort variables a bit according to the PHB to pet portclippy/portlint.

  Changelog:

  Backward-incompatible changes:

  * X509Store.add_cert no longer raises an error if one add a duplicate cert
  * pyOpenSSL now works with OpenSSL 1.1.1
  * pyOpenSSL now handles NUL bytes in X509Name.get_components()

  PR:		237006
  Submitted by:	timp87@gmail.com (based on)
  Approved by:	sbz (maintainer)
  Approved by:	ports-secteam (joneum)

Changes:
_U  branches/2019Q3/
  branches/2019Q3/devel/Makefile
  branches/2019Q3/devel/py-flaky/
  branches/2019Q3/security/py-openssl/Makefile
  branches/2019Q3/security/py-openssl/distinfo