svn commit: r428138 - head/security/py-cryptography
Mathieu Arnold
mat at FreeBSD.org
Fri Dec 9 10:12:38 UTC 2016
Le 08/12/2016 à 18:07, Mark Felder a écrit :
> Author: feld
> Date: Thu Dec 8 17:07:22 2016
> New Revision: 428138
> URL: https://svnweb.freebsd.org/changeset/ports/428138
>
> Log:
> security/py-pycryptography: Fix build on FreeBSD 9.3
>
> Modern py-cryptography requires a more modern OpenSSL. This switch to
> requiring OpenSSL from ports is a disruptive change, but it will protect
> these users from the recently patched vulnerabilites.
>
> Support for OpenSSL 0.9.8 was removed in pycryptography as of version 1.4.
> The last release to support OpenSSL 0.9.8 was 1.3.4 which is still
> vulnerable to the HDKF key generation bug. It appears that version 1.4
> did build successfully on FreeBSD 9.3, but upstream had abandoned
> support for OpenSSL 0.9.8 at that point so it is unclear if it was fully
> functional.
>
> PR: 214915
> MFH: 2016Q4
>
> Modified:
> head/security/py-cryptography/Makefile
>
> Modified: head/security/py-cryptography/Makefile
> ==============================================================================
> --- head/security/py-cryptography/Makefile Thu Dec 8 17:05:45 2016 (r428137)
> +++ head/security/py-cryptography/Makefile Thu Dec 8 17:07:22 2016 (r428138)
> @@ -27,6 +27,11 @@ USE_PYTHON= autoplist distutils
> CFLAGS+= -I${OPENSSLINC}
> LDFLAGS+= -L${OPENSSLLIB}
>
> +# Modern py-cyptography requires newer OpenSSL
> +.if ${OSVERSION} < 1000000
> +WITH_OPENSSL_PORT= yes
> +.endif
> +
The correct fix is:
.if ${OSVERSION} < 1000000 && ${SSL_DEFAULT:Mbase}
IGNORE= Needs a more recent OpenSSL
.endif
--
Mathieu Arnold
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/svn-ports-all/attachments/20161209/866e0742/attachment.sig>
More information about the svn-ports-all
mailing list