svn commit: r500082 - head/security/py-cryptography/files

Kubilay Kocak koobs at FreeBSD.org
Fri Apr 26 05:13:28 UTC 2019 

Author: koobs
Date: Fri Apr 26 05:13:26 2019
New Revision: 500082
URL: https://svnweb.freebsd.org/changeset/ports/500082

Log:
  security/py-cryptography: Fix build with libressl 2.9.1
  
  Backport upstream pull request #4855 by Charlie Li <ml+freebsd vishwin info>
  
  PR:		237487
  Submitted by:	Maciej Pasternacki <maciej pasternacki. net> (v1)
  Submitted by:	gahr (v2)
  Reported by:	Simeon Simeonov <sgs pichove org>
  Obtained from:	https://github.com/pyca/cryptography/pull/4855
  Tested by:	gahr (all USES=ssl versions), many

Added:
  head/security/py-cryptography/files/
  head/security/py-cryptography/files/patch-PR4855   (contents, props changed)

Added: head/security/py-cryptography/files/patch-PR4855
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/py-cryptography/files/patch-PR4855	Fri Apr 26 05:13:26 2019	(r500082)
@@ -0,0 +1,49 @@
+# security/py-cryptography fails to build with libressl-2.9.1
+# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237487
+# Use generic DTLS functions added in LibreSSL 2.9.1
+# https://github.com/pyca/cryptography/pull/4855
+
+index 4124dcb879..ac32fdffde 100644
+--- src/_cffi_src/openssl/cryptography.py.orig
++++ src/_cffi_src/openssl/cryptography.py
+@@ -38,9 +38,12 @@
+     (LIBRESSL_VERSION_NUMBER >= 0x2070000f)
+ #define CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER \
+     (LIBRESSL_VERSION_NUMBER >= 0x2080000f)
++#define CRYPTOGRAPHY_LIBRESSL_291_OR_GREATER \
++    (LIBRESSL_VERSION_NUMBER >= 0x2090100f)
+ #else
+ #define CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER (0)
+ #define CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER (0)
++#define CRYPTOGRAPHY_LIBRESSL_291_OR_GREATER (0)
+ #endif
+ 
+ #define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER \
+diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py
+index 92fd1e3ec8..da21f3ce90 100644
+--- src/_cffi_src/openssl/ssl.py.orig
++++ src/_cffi_src/openssl/ssl.py
+@@ -719,17 +719,20 @@
+ static const long TLS_ST_OK = 0;
+ #endif
+ 
+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102
++/* LibreSSL 2.9.1 added only the DTLS_*_method functions */
++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_LIBRESSL_291_OR_GREATER
+ static const long Cryptography_HAS_GENERIC_DTLS_METHOD = 0;
+ const SSL_METHOD *(*DTLS_method)(void) = NULL;
+ const SSL_METHOD *(*DTLS_server_method)(void) = NULL;
+ const SSL_METHOD *(*DTLS_client_method)(void) = NULL;
++#else
++static const long Cryptography_HAS_GENERIC_DTLS_METHOD = 1;
++#endif
++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102
+ static const long SSL_OP_NO_DTLSv1 = 0;
+ static const long SSL_OP_NO_DTLSv1_2 = 0;
+ long (*DTLS_set_link_mtu)(SSL *, long) = NULL;
+ long (*DTLS_get_link_min_mtu)(SSL *) = NULL;
+-#else
+-static const long Cryptography_HAS_GENERIC_DTLS_METHOD = 1;
+ #endif
+ 
+ static const long Cryptography_HAS_DTLS = 1;

More information about the svn-ports-all mailing list