git: f5711e95bcd1 - main - security/py-cryptography: Update to 38.0.1
Date: Sun, 09 Oct 2022 15:40:07 UTC
The branch main has been updated by sunpoet:
URL: https://cgit.FreeBSD.org/ports/commit/?id=f5711e95bcd17b154bdd697cb3f1650a788fdf3c
commit f5711e95bcd17b154bdd697cb3f1650a788fdf3c
Author: Po-Chuan Hsieh <sunpoet@FreeBSD.org>
AuthorDate: 2022-10-09 15:32:23 +0000
Commit: Po-Chuan Hsieh <sunpoet@FreeBSD.org>
CommitDate: 2022-10-09 15:37:58 +0000
security/py-cryptography: Update to 38.0.1
Changes: https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst
https://cryptography.io/en/latest/changelog/
---
security/py-cryptography/Makefile | 7 +-
security/py-cryptography/distinfo | 6 +-
.../files/patch-Fix-build-with-LibreSSL-3.3.2-5988 | 62 --------------
.../files/patch-Support-LibreSSL-3.4.0-6360 | 98 ----------------------
security/py-cryptography/files/patch-setup.py | 57 ++++++-------
5 files changed, 36 insertions(+), 194 deletions(-)
diff --git a/security/py-cryptography/Makefile b/security/py-cryptography/Makefile
index a7fb0e3e71ae..e916d5950eb6 100644
--- a/security/py-cryptography/Makefile
+++ b/security/py-cryptography/Makefile
@@ -1,5 +1,5 @@
PORTNAME= cryptography
-PORTVERSION= 3.4.8
+PORTVERSION= 38.0.1
CATEGORIES= security python
MASTER_SITES= CHEESESHOP
PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}
@@ -19,6 +19,7 @@ TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cryptography-vectors>=${PORTVERSION}:securi
${PYTHON_PKGNAMEPREFIX}hypothesis>=1.11.4:devel/py-hypothesis@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}iso8601>=0:devel/py-iso8601@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}pretend>=0:devel/py-pretend@${PY_FLAVOR} \
+ ${PYTHON_PKGNAMEPREFIX}pytest-benchmark>=0:devel/py-pytest-benchmark@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}pytest-cov>=0:devel/py-pytest-cov@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}pytest-subtests>=0:devel/py-pytest-subtests@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}pytest-xdist>=0,1:devel/py-pytest-xdist@${PY_FLAVOR} \
@@ -30,15 +31,15 @@ USE_PYTHON= autoplist concurrent distutils pytest
CFLAGS+= -I${OPENSSLINC}
LDFLAGS+= -L${OPENSSLLIB}
-MAKE_ENV= CRYPTOGRAPHY_DONT_BUILD_RUST=1
TEST_ENV= PYTHONPATH=${STAGEDIR}${PYTHON_SITELIBDIR}
CPE_VENDOR= cryptography_project
.include <bsd.port.pre.mk>
-.if ${CHOSEN_COMPILER_TYPE} == gcc && ${COMPILER_VERSION} <= 42
post-patch:
+ @${RM} -r ${WRKSRC}/src/rust/
+.if ${CHOSEN_COMPILER_TYPE} == gcc && ${COMPILER_VERSION} <= 42
@${REINPLACE_CMD} -e 's|"-Wno-error=sign-conversion"||' ${WRKSRC}/src/_cffi_src/build_openssl.py
.endif
diff --git a/security/py-cryptography/distinfo b/security/py-cryptography/distinfo
index cb800cc11b12..060da2afdcf9 100644
--- a/security/py-cryptography/distinfo
+++ b/security/py-cryptography/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1652122693
-SHA256 (cryptography-3.4.8.tar.gz) = 94cc5ed4ceaefcbe5bf38c8fba6a21fc1d365bb8fb826ea1688e3370b2e24a1c
-SIZE (cryptography-3.4.8.tar.gz) = 546907
+TIMESTAMP = 1665073152
+SHA256 (cryptography-38.0.1.tar.gz) = 1db3d807a14931fa317f96435695d9ec386be7b84b618cc61cfa5d08b0ae33d7
+SIZE (cryptography-38.0.1.tar.gz) = 599412
diff --git a/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988 b/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988
deleted file mode 100644
index deb9c6408832..000000000000
--- a/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988
+++ /dev/null
@@ -1,62 +0,0 @@
-From 94590a9aecc9e5ef6fc8eda52bae43643a4c44bd Mon Sep 17 00:00:00 2001
-From: Charlie Li <vishwin@users.noreply.github.com>
-Date: Mon, 19 Apr 2021 18:38:38 -0400
-Subject: [PATCH] Fix build with LibreSSL 3.3.2 (#5988)
-
-* LibreSSL 3.3.2 supports SSL_OP_NO_DTLS*
-
-While here, bump CI
-
-* Fix preprocessor guards for LibreSSL's SSL_OP_NO_DTLS*
-
-DTLS_set_link_mtu and DTLS_get_link_min_mtu are not part of 3.3.2
-
-* Switch to LESS_THAN context for LibreSSL 3.3.2
-
-While here, fix indents
-
-* Remove extra C variable declaration
-
-The variable is not actually used from Python
----
- .github/workflows/ci.yml | 2 +-
- src/_cffi_src/openssl/cryptography.py | 7 +++++++
- src/_cffi_src/openssl/ssl.py | 2 ++
- 3 files changed, 10 insertions(+), 1 deletion(-)
-
-diff --git src/_cffi_src/openssl/cryptography.py src/_cffi_src/openssl/cryptography.py
-index e2b5a132..b9c7a793 100644
---- src/_cffi_src/openssl/cryptography.py
-+++ src/_cffi_src/openssl/cryptography.py
-@@ -32,6 +32,13 @@ INCLUDES = """
- #include <Winsock2.h>
- #endif
-
-+#if CRYPTOGRAPHY_IS_LIBRESSL
-+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 \
-+ (LIBRESSL_VERSION_NUMBER < 0x3030200f)
-+#else
-+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 (0)
-+#endif
-+
- #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \
- (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL)
-
-diff --git src/_cffi_src/openssl/ssl.py src/_cffi_src/openssl/ssl.py
-index 11a7d63a..081ef041 100644
---- src/_cffi_src/openssl/ssl.py
-+++ src/_cffi_src/openssl/ssl.py
-@@ -586,8 +586,10 @@ static const long TLS_ST_OK = 0;
- #endif
-
- #if CRYPTOGRAPHY_IS_LIBRESSL
-+#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332
- static const long SSL_OP_NO_DTLSv1 = 0;
- static const long SSL_OP_NO_DTLSv1_2 = 0;
-+#endif
- long (*DTLS_set_link_mtu)(SSL *, long) = NULL;
- long (*DTLS_get_link_min_mtu)(SSL *) = NULL;
- #endif
---
-2.31.1
-
diff --git a/security/py-cryptography/files/patch-Support-LibreSSL-3.4.0-6360 b/security/py-cryptography/files/patch-Support-LibreSSL-3.4.0-6360
deleted file mode 100644
index a8bb6dc6da43..000000000000
--- a/security/py-cryptography/files/patch-Support-LibreSSL-3.4.0-6360
+++ /dev/null
@@ -1,98 +0,0 @@
-From 7a341a5d3cb9380e77b0241b5198373ab6fc355e Mon Sep 17 00:00:00 2001
-From: Charlie Li <vishwin@users.noreply.github.com>
-Date: Sun, 3 Oct 2021 00:20:31 -0400
-Subject: [PATCH] Support LibreSSL 3.4.0 (#6360)
-
-* Add LibreSSL 3.4.0 to CI
-
-* Add a LibreSSL 3.4.0 guard
-
-Since LibreSSL 3.4.0 makes most of the TLSv1.3 API available, redefine CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 to LibreSSL versions below 3.4.0.
-
-* DTLS_get_data_mtu does not exist in LibreSSL
-
-* Only EVP_Digest{Sign,Verify} exist in LibreSSL 3.4.0+
-
-* SSL_CTX_{set,get}_keylog_callback does not exist in LibreSSL
-
-* Do not pollute CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 with LibreSSL
-
-While LibreSSL 3.4.0 supports more of TLSv1.3 API, the guard redefinition caused the X448 tests to run when not intended.
----
- .github/workflows/ci.yml | 6 ++++--
- src/_cffi_src/openssl/cryptography.py | 3 +++
- src/_cffi_src/openssl/evp.py | 15 ++++++++++-----
- src/_cffi_src/openssl/ssl.py | 3 ++-
- 4 files changed, 19 insertions(+), 8 deletions(-)
-
-diff --git src/_cffi_src/openssl/cryptography.py src/_cffi_src/openssl/cryptography.py
-index 878d22d8..821ddc9f 100644
---- src/_cffi_src/openssl/cryptography.py
-+++ src/_cffi_src/openssl/cryptography.py
-@@ -36,8 +36,11 @@ INCLUDES = """
- #if CRYPTOGRAPHY_IS_LIBRESSL
- #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 \
- (LIBRESSL_VERSION_NUMBER < 0x3030200f)
-+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 \
-+ (LIBRESSL_VERSION_NUMBER < 0x3040000f)
- #else
- #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 (0)
-+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 (0)
- #endif
-
- #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \
-diff --git src/_cffi_src/openssl/evp.py src/_cffi_src/openssl/evp.py
-index ab7cfeb3..cad3339a 100644
---- src/_cffi_src/openssl/evp.py
-+++ src/_cffi_src/openssl/evp.py
-@@ -203,15 +203,21 @@ int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, const unsigned char *,
- size_t) = NULL;
- #endif
-
--#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
-+#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 || \
-+ (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL)
- static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 0;
--static const long Cryptography_HAS_RAW_KEY = 0;
--static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0;
--int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL;
- int (*EVP_DigestSign)(EVP_MD_CTX *, unsigned char *, size_t *,
- const unsigned char *tbs, size_t) = NULL;
- int (*EVP_DigestVerify)(EVP_MD_CTX *, const unsigned char *, size_t,
- const unsigned char *, size_t) = NULL;
-+#else
-+static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1;
-+#endif
-+
-+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
-+static const long Cryptography_HAS_RAW_KEY = 0;
-+static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0;
-+int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL;
- EVP_PKEY *(*EVP_PKEY_new_raw_private_key)(int, ENGINE *, const unsigned char *,
- size_t) = NULL;
- EVP_PKEY *(*EVP_PKEY_new_raw_public_key)(int, ENGINE *, const unsigned char *,
-@@ -221,7 +227,6 @@ int (*EVP_PKEY_get_raw_private_key)(const EVP_PKEY *, unsigned char *,
- int (*EVP_PKEY_get_raw_public_key)(const EVP_PKEY *, unsigned char *,
- size_t *) = NULL;
- #else
--static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1;
- static const long Cryptography_HAS_RAW_KEY = 1;
- static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 1;
- #endif
-diff --git src/_cffi_src/openssl/ssl.py src/_cffi_src/openssl/ssl.py
-index ca275e91..0830a463 100644
---- src/_cffi_src/openssl/ssl.py
-+++ src/_cffi_src/openssl/ssl.py
-@@ -678,7 +678,8 @@ int (*SSL_set_tlsext_use_srtp)(SSL *, const char *) = NULL;
- SRTP_PROTECTION_PROFILE * (*SSL_get_selected_srtp_profile)(SSL *) = NULL;
- #endif
-
--#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
-+#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 || \
-+ (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL)
- static const long Cryptography_HAS_TLSv1_3 = 0;
- static const long SSL_OP_NO_TLSv1_3 = 0;
- static const long SSL_VERIFY_POST_HANDSHAKE = 0;
---
-2.32.0
-
diff --git a/security/py-cryptography/files/patch-setup.py b/security/py-cryptography/files/patch-setup.py
index 7e15e74dffd4..b0cfd33df0bc 100644
--- a/security/py-cryptography/files/patch-setup.py
+++ b/security/py-cryptography/files/patch-setup.py
@@ -1,8 +1,8 @@
---- setup.py.orig 2021-03-25 17:19:57 UTC
+--- setup.py.orig 2022-09-07 12:20:58 UTC
+++ setup.py
-@@ -10,23 +10,7 @@ import sys
+@@ -13,23 +13,6 @@ import sys
- from setuptools import find_packages, setup
+ from setuptools import setup
-try:
- from setuptools_rust import RustExtension
@@ -12,7 +12,7 @@
- =============================DEBUG ASSISTANCE==========================
- If you are seeing an error here please try the following to
- successfully install cryptography:
-
+-
- Upgrade to the latest pip and try again. This will fix errors for most
- users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip
- =============================DEBUG ASSISTANCE==========================
@@ -24,32 +24,33 @@
base_dir = os.path.dirname(__file__)
src_dir = os.path.join(base_dir, "src")
-@@ -41,9 +25,8 @@ with open(os.path.join(src_dir, "cryptography", "__abo
-
- # `install_requirements` and `setup_requirements` must be kept in sync with
- # `pyproject.toml`
--setuptools_rust = "setuptools-rust>=0.11.4"
- install_requirements = ["cffi>=1.12"]
--setup_requirements = install_requirements + [setuptools_rust]
-+setup_requirements = install_requirements
-
- if os.environ.get("CRYPTOGRAPHY_DONT_BUILD_RUST"):
- rust_extensions = []
-@@ -129,9 +112,6 @@ try:
- "twine >= 1.12.0",
- "sphinxcontrib-spelling >= 4.0.1",
- ],
-- "sdist": [
-- setuptools_rust,
-- ],
- "pep8test": [
- "black",
- "flake8",
-@@ -149,7 +129,6 @@ try:
+@@ -43,20 +26,6 @@ try:
+ cffi_modules=[
"src/_cffi_src/build_openssl.py:ffi",
- "src/_cffi_src/build_padding.py:ffi",
],
-- rust_extensions=rust_extensions,
+- rust_extensions=[
+- RustExtension(
+- "cryptography.hazmat.bindings._rust",
+- "src/rust/Cargo.toml",
+- py_limited_api=True,
+- # Enable abi3 mode if we're not using PyPy.
+- features=(
+- []
+- if platform.python_implementation() == "PyPy"
+- else ["pyo3/abi3-py36"]
+- ),
+- rust_version=">=1.48.0",
+- )
+- ],
)
except: # noqa: E722
# Note: This is a bare exception that re-raises so that we don't interfere
+@@ -86,7 +55,7 @@ except: # noqa: E722
+ )
+ print(f" Python: {'.'.join(str(v) for v in sys.version_info[:3])}")
+ print(f" platform: {platform.platform()}")
+- for dist in ["pip", "setuptools", "setuptools_rust"]:
++ for dist in ["pip", "setuptools"]:
+ try:
+ version = pkg_resources.get_distribution(dist).version
+ except pkg_resources.DistributionNotFound: