mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-26 05:02:18 +00:00
security/py-cryptography: Update to 0.7.2, Fix LibreSSL
- Update to 0.7.2
- Update BUILD_DEPENDS and TEST_DEPENDS
- Patch upstream sources to fix LibreSSL:
* Remove EGD (Perl Entropy Gathering Daemon) support. This hasn't
been needed on FreeBSD since FreeBSD 4.2
* Disable compression conditionally using OPENSSL_NO_COMP
* Check features, not version for x509_vfy
[1] https://github.com/pyca/cryptography/issues/928
PR: 196827
Submitted by: Bernard Spil <spil.oss gmail com>
This commit is contained in:
Kubilay Kocak
parent
1168607386
commit
43650faa38
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=377287
@ -2,7 +2,7 @@
|
||||
# $FreeBSD$
|
||||
|
||||
PORTNAME= cryptography
|
||||
PORTVERSION= 0.5.4
|
||||
PORTVERSION= 0.7.2
|
||||
CATEGORIES= security python
|
||||
MASTER_SITES= CHEESESHOP
|
||||
PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}
|
||||
@ -14,10 +14,12 @@ LICENSE= APACHE20
|
||||
LICENSE_FILE= ${WRKSRC}/LICENSE
|
||||
|
||||
BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cffi>=0.8:${PORTSDIR}/devel/py-cffi \
|
||||
${PYTHON_PKGNAMEPREFIX}six>=1.4.1:${PORTSDIR}/devel/py-six
|
||||
${PYTHON_PKGNAMEPREFIX}six>=1.4.1:${PORTSDIR}/devel/py-six \
|
||||
${PYTHON_PKGNAMEPREFIX}asn1>0:${PORTSDIR}/devel/py-asn1
|
||||
|
||||
RUN_DEPENDS:= ${BUILD_DEPENDS}
|
||||
TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}pytest>0:${PORTSDIR}/devel/py-pytest \
|
||||
${PYTHON_PKGNAMEPREFIX}asn1>0:${PORTSDIR}/devel/py-asn1
|
||||
${PYTHON_PKGNAMEPREFIX}iso8601>0:${PORTSDIR}/devel/py-iso8601
|
||||
|
||||
USES= python
|
||||
USE_OPENSSL= yes
|
||||
@ -26,7 +28,13 @@ USE_PYTHON= autoplist distutils
|
||||
CFLAGS+= -I${OPENSSLINC}
|
||||
LDFLAGS+= -L${OPENSSLLIB}
|
||||
|
||||
regression-test: build
|
||||
@cd ${WRKSRC} && ${PYTHON_CMD} ${PYSETUP} test
|
||||
.include <bsd.port.pre.mk>
|
||||
|
||||
.include <bsd.port.mk>
|
||||
.if ${PYTHON_REL} < 340
|
||||
BUILD_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}enum34>0:${PORTSDIR}/devel/py-enum34
|
||||
.endif
|
||||
|
||||
regression-test: build
|
||||
@cd ${WRKSRC} && ${PYTHON_CMD} ${PYDISTUTILS_SETUP} test
|
||||
|
||||
.include <bsd.port.post.mk>
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
SHA256 (cryptography-0.5.4.tar.gz) = 5675999f3744cbc32a60cb0bba64de21405abced32ce19655212612262dd270d
|
||||
SIZE (cryptography-0.5.4.tar.gz) = 320104
|
||||
SHA256 (cryptography-0.7.2.tar.gz) = fab7fcdde360ec6614442d0321dcd0eff5e43544cb30d975e9d75a914a4cdf78
|
||||
SIZE (cryptography-0.7.2.tar.gz) = 247477
|
||||
|
||||
@ -0,0 +1,10 @@
|
||||
--- src/cryptography/hazmat/bindings/openssl/engine.py.orig 2015-01-16 13:26:59 UTC
|
||||
+++ src/cryptography/hazmat/bindings/openssl/engine.py
|
||||
@@ -49,7 +49,6 @@ int ENGINE_init(ENGINE *);
|
||||
int ENGINE_finish(ENGINE *);
|
||||
void ENGINE_load_openssl(void);
|
||||
void ENGINE_load_dynamic(void);
|
||||
-void ENGINE_load_cryptodev(void);
|
||||
void ENGINE_load_builtin_engines(void);
|
||||
void ENGINE_cleanup(void);
|
||||
ENGINE *ENGINE_get_default_RSA(void);
|
||||
@ -0,0 +1,12 @@
|
||||
--- src/cryptography/hazmat/bindings/openssl/rand.py.orig 2015-01-16 13:26:59 UTC
|
||||
+++ src/cryptography/hazmat/bindings/openssl/rand.py
|
||||
@@ -16,9 +16,6 @@ void ERR_load_RAND_strings(void);
|
||||
void RAND_seed(const void *, int);
|
||||
void RAND_add(const void *, int, double);
|
||||
int RAND_status(void);
|
||||
-int RAND_egd(const char *);
|
||||
-int RAND_egd_bytes(const char *, int);
|
||||
-int RAND_query_egd_bytes(const char *, unsigned char *, int);
|
||||
const char *RAND_file_name(char *, size_t);
|
||||
int RAND_load_file(const char *, long);
|
||||
int RAND_write_file(const char *);
|
||||
@ -0,0 +1,30 @@
|
||||
--- src/cryptography/hazmat/bindings/openssl/ssl.py.orig 2015-01-16 13:26:59 UTC
|
||||
+++ src/cryptography/hazmat/bindings/openssl/ssl.py
|
||||
@@ -189,10 +189,6 @@ int SSL_shutdown(SSL *);
|
||||
const char *SSL_get_cipher_list(const SSL *, int);
|
||||
Cryptography_STACK_OF_SSL_CIPHER *SSL_get_ciphers(const SSL *);
|
||||
|
||||
-const COMP_METHOD *SSL_get_current_compression(SSL *);
|
||||
-const COMP_METHOD *SSL_get_current_expansion(SSL *);
|
||||
-const char *SSL_COMP_get_name(const COMP_METHOD *);
|
||||
-
|
||||
/* context */
|
||||
void SSL_CTX_free(SSL_CTX *);
|
||||
long SSL_CTX_set_timeout(SSL_CTX *, long);
|
||||
@@ -415,6 +411,16 @@ static const long Cryptography_HAS_RELEA
|
||||
const long SSL_MODE_RELEASE_BUFFERS = 0;
|
||||
#endif
|
||||
|
||||
+#ifndef OPENSSL_NO_COMP
|
||||
+const COMP_METHOD *SSL_get_current_compression(SSL *s);
|
||||
+const COMP_METHOD *SSL_get_current_expansion(SSL *s);
|
||||
+const char *SSL_COMP_get_name(const COMP_METHOD *comp);
|
||||
+#else
|
||||
+const void *SSL_get_current_compression(SSL *s);
|
||||
+const void *SSL_get_current_expansion(SSL *s);
|
||||
+const char *SSL_COMP_get_name(const void *comp);
|
||||
+#endif
|
||||
+
|
||||
#ifdef SSL_OP_NO_COMPRESSION
|
||||
static const long Cryptography_HAS_OP_NO_COMPRESSION = 1;
|
||||
#else
|
||||
@ -0,0 +1,20 @@
|
||||
--- src/cryptography/hazmat/bindings/openssl/x509_vfy.py.orig 2015-01-16 13:26:59 UTC
|
||||
+++ src/cryptography/hazmat/bindings/openssl/x509_vfy.py
|
||||
@@ -191,7 +191,7 @@ int X509_VERIFY_PARAM_set1_ip_asc(X509_V
|
||||
|
||||
CUSTOMIZATIONS = """
|
||||
/* OpenSSL 1.0.2+ verification error codes */
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
+#if X509_V_ERR_EMAIL_MISMATCH
|
||||
static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 1;
|
||||
#else
|
||||
static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 0;
|
||||
@@ -207,7 +207,7 @@ static const long X509_V_ERR_IP_ADDRESS_
|
||||
#endif
|
||||
|
||||
/* OpenSSL 1.0.2+ verification parameters */
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
+#if X509_V_FLAG_PARTIAL_CHAIN
|
||||
static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1;
|
||||
#else
|
||||
static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 0;
|
||||
Loading…
Reference in New Issue
Block a user