From nobody Sun Oct 09 15:40:07 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MlmT40d8Fz4dwLw; Sun, 9 Oct 2022 15:40:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4MlmT372jLz3h7Z; Sun, 9 Oct 2022 15:40:07 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1665330008; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rmgYmk8scPgK+k6+aquSyMYlnvG+6KXVZE4etdFfneM=; b=jj3hQ3p/a7vmyrHGbrcn3T+pV4GT6fY5o6/0Xw7b1qxEpaihkQVY2j2cTlKtDwfgumoCQK 3rszqV6o2QJwuLXWRYhN4wFqZduZqM5d0lchv6rDLlA7/71HTS/1DdM0DKG7cRQYQScdOg dbOnHw8zizQc6QDYaycaNwW0PQiKEKCzvuUK+0iMlz9uwb2n38shkZKiBI+4C2JyhE+5v8 bpNGaKd+LZ0X/R1vxzkGZXJuFvez3Q30bPieQRB0/uVHZMSfi+kVSDp1BGHb8QueBt6oTc 76TKSUrGw9BPsSNhTPUYJ0XG7Bx+ISEoRK+H5m1aN6huC38a0VOOo17UDH/kMA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4MlmT368KTzKJ4; Sun, 9 Oct 2022 15:40:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 299Fe7gM046033; Sun, 9 Oct 2022 15:40:07 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 299Fe7pQ046030; Sun, 9 Oct 2022 15:40:07 GMT (envelope-from git) Date: Sun, 9 Oct 2022 15:40:07 GMT Message-Id: <202210091540.299Fe7pQ046030@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Po-Chuan Hsieh Subject: git: f5711e95bcd1 - main - security/py-cryptography: Update to 38.0.1 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: sunpoet X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f5711e95bcd17b154bdd697cb3f1650a788fdf3c Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1665330008; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rmgYmk8scPgK+k6+aquSyMYlnvG+6KXVZE4etdFfneM=; b=bDpewOnBEW6tOXJxbNS9B929T3RhD2rWwZzO47ZbkKBUUsOmDNx0X6B5w8r0Y8bYmHtBXt 59BB7EbFmz87jVNVOfpP1UR65GkzDyDrARi3rsbzpen1d7lkEhzDUXhRr04ohFwsC3XJp2 ftymKNHd/xzVTeI3y+sAkJYSrqLu41CWYRL34aHzjI6MZpuvUwkXBqgmKF5R29qVGzO5U6 JzS4ud79pPlSg2ft3V0A82bPzQXE6up1Ddw28zlj0xYqAIqfIiTbFinTxx3XCQBZwgHU5P Rj+nGq7yIu8Moo2G6eWOA0dTnZQoK7BDzp/E4shR8iRgr69shdBvFJPe/S3PpQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1665330008; a=rsa-sha256; cv=none; b=KOeKtMl+Lk/IsWGN6852myvjcwVbCjV2rbPHxWBxus2O3AG2Mu/wfpCXnfXlhpfKCjFQjL du7XNSL2KSUZoXqQn7wg9wmWZaIBCHc6JBZu31Jucq3gu9uIINzpg14rqq17hnPN+TLSUn 6wZKmXAW6XkqUbvWV75TBqbUC+7aWnHcf+2YzQ0Yu88YUjDWyvaq3mJBxdQBu9GdqDwLCe eX9FrE7zr0u+0jubuQ+zF9yP3pVpzJRp9yux74Mwtl7PM29NgEjZbTVOQ4ElyL4CttHUEx VW1n6MZxpul0ssPbT/5oIH505eKjNmkIO8tA0AFNMY2fHX6ibvxzCbhZNkev0A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by sunpoet: URL: https://cgit.FreeBSD.org/ports/commit/?id=f5711e95bcd17b154bdd697cb3f1650a788fdf3c commit f5711e95bcd17b154bdd697cb3f1650a788fdf3c Author: Po-Chuan Hsieh AuthorDate: 2022-10-09 15:32:23 +0000 Commit: Po-Chuan Hsieh CommitDate: 2022-10-09 15:37:58 +0000 security/py-cryptography: Update to 38.0.1 Changes: https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst https://cryptography.io/en/latest/changelog/ --- security/py-cryptography/Makefile | 7 +- security/py-cryptography/distinfo | 6 +- .../files/patch-Fix-build-with-LibreSSL-3.3.2-5988 | 62 -------------- .../files/patch-Support-LibreSSL-3.4.0-6360 | 98 ---------------------- security/py-cryptography/files/patch-setup.py | 57 ++++++------- 5 files changed, 36 insertions(+), 194 deletions(-) diff --git a/security/py-cryptography/Makefile b/security/py-cryptography/Makefile index a7fb0e3e71ae..e916d5950eb6 100644 --- a/security/py-cryptography/Makefile +++ b/security/py-cryptography/Makefile @@ -1,5 +1,5 @@ PORTNAME= cryptography -PORTVERSION= 3.4.8 +PORTVERSION= 38.0.1 CATEGORIES= security python MASTER_SITES= CHEESESHOP PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -19,6 +19,7 @@ TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cryptography-vectors>=${PORTVERSION}:securi ${PYTHON_PKGNAMEPREFIX}hypothesis>=1.11.4:devel/py-hypothesis@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}iso8601>=0:devel/py-iso8601@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pretend>=0:devel/py-pretend@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}pytest-benchmark>=0:devel/py-pytest-benchmark@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pytest-cov>=0:devel/py-pytest-cov@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pytest-subtests>=0:devel/py-pytest-subtests@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pytest-xdist>=0,1:devel/py-pytest-xdist@${PY_FLAVOR} \ @@ -30,15 +31,15 @@ USE_PYTHON= autoplist concurrent distutils pytest CFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} -MAKE_ENV= CRYPTOGRAPHY_DONT_BUILD_RUST=1 TEST_ENV= PYTHONPATH=${STAGEDIR}${PYTHON_SITELIBDIR} CPE_VENDOR= cryptography_project .include -.if ${CHOSEN_COMPILER_TYPE} == gcc && ${COMPILER_VERSION} <= 42 post-patch: + @${RM} -r ${WRKSRC}/src/rust/ +.if ${CHOSEN_COMPILER_TYPE} == gcc && ${COMPILER_VERSION} <= 42 @${REINPLACE_CMD} -e 's|"-Wno-error=sign-conversion"||' ${WRKSRC}/src/_cffi_src/build_openssl.py .endif diff --git a/security/py-cryptography/distinfo b/security/py-cryptography/distinfo index cb800cc11b12..060da2afdcf9 100644 --- a/security/py-cryptography/distinfo +++ b/security/py-cryptography/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1652122693 -SHA256 (cryptography-3.4.8.tar.gz) = 94cc5ed4ceaefcbe5bf38c8fba6a21fc1d365bb8fb826ea1688e3370b2e24a1c -SIZE (cryptography-3.4.8.tar.gz) = 546907 +TIMESTAMP = 1665073152 +SHA256 (cryptography-38.0.1.tar.gz) = 1db3d807a14931fa317f96435695d9ec386be7b84b618cc61cfa5d08b0ae33d7 +SIZE (cryptography-38.0.1.tar.gz) = 599412 diff --git a/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988 b/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988 deleted file mode 100644 index deb9c6408832..000000000000 --- a/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988 +++ /dev/null @@ -1,62 +0,0 @@ -From 94590a9aecc9e5ef6fc8eda52bae43643a4c44bd Mon Sep 17 00:00:00 2001 -From: Charlie Li -Date: Mon, 19 Apr 2021 18:38:38 -0400 -Subject: [PATCH] Fix build with LibreSSL 3.3.2 (#5988) - -* LibreSSL 3.3.2 supports SSL_OP_NO_DTLS* - -While here, bump CI - -* Fix preprocessor guards for LibreSSL's SSL_OP_NO_DTLS* - -DTLS_set_link_mtu and DTLS_get_link_min_mtu are not part of 3.3.2 - -* Switch to LESS_THAN context for LibreSSL 3.3.2 - -While here, fix indents - -* Remove extra C variable declaration - -The variable is not actually used from Python ---- - .github/workflows/ci.yml | 2 +- - src/_cffi_src/openssl/cryptography.py | 7 +++++++ - src/_cffi_src/openssl/ssl.py | 2 ++ - 3 files changed, 10 insertions(+), 1 deletion(-) - -diff --git src/_cffi_src/openssl/cryptography.py src/_cffi_src/openssl/cryptography.py -index e2b5a132..b9c7a793 100644 ---- src/_cffi_src/openssl/cryptography.py -+++ src/_cffi_src/openssl/cryptography.py -@@ -32,6 +32,13 @@ INCLUDES = """ - #include - #endif - -+#if CRYPTOGRAPHY_IS_LIBRESSL -+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 \ -+ (LIBRESSL_VERSION_NUMBER < 0x3030200f) -+#else -+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 (0) -+#endif -+ - #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \ - (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL) - -diff --git src/_cffi_src/openssl/ssl.py src/_cffi_src/openssl/ssl.py -index 11a7d63a..081ef041 100644 ---- src/_cffi_src/openssl/ssl.py -+++ src/_cffi_src/openssl/ssl.py -@@ -586,8 +586,10 @@ static const long TLS_ST_OK = 0; - #endif - - #if CRYPTOGRAPHY_IS_LIBRESSL -+#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 - static const long SSL_OP_NO_DTLSv1 = 0; - static const long SSL_OP_NO_DTLSv1_2 = 0; -+#endif - long (*DTLS_set_link_mtu)(SSL *, long) = NULL; - long (*DTLS_get_link_min_mtu)(SSL *) = NULL; - #endif --- -2.31.1 - diff --git a/security/py-cryptography/files/patch-Support-LibreSSL-3.4.0-6360 b/security/py-cryptography/files/patch-Support-LibreSSL-3.4.0-6360 deleted file mode 100644 index a8bb6dc6da43..000000000000 --- a/security/py-cryptography/files/patch-Support-LibreSSL-3.4.0-6360 +++ /dev/null @@ -1,98 +0,0 @@ -From 7a341a5d3cb9380e77b0241b5198373ab6fc355e Mon Sep 17 00:00:00 2001 -From: Charlie Li -Date: Sun, 3 Oct 2021 00:20:31 -0400 -Subject: [PATCH] Support LibreSSL 3.4.0 (#6360) - -* Add LibreSSL 3.4.0 to CI - -* Add a LibreSSL 3.4.0 guard - -Since LibreSSL 3.4.0 makes most of the TLSv1.3 API available, redefine CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 to LibreSSL versions below 3.4.0. - -* DTLS_get_data_mtu does not exist in LibreSSL - -* Only EVP_Digest{Sign,Verify} exist in LibreSSL 3.4.0+ - -* SSL_CTX_{set,get}_keylog_callback does not exist in LibreSSL - -* Do not pollute CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 with LibreSSL - -While LibreSSL 3.4.0 supports more of TLSv1.3 API, the guard redefinition caused the X448 tests to run when not intended. ---- - .github/workflows/ci.yml | 6 ++++-- - src/_cffi_src/openssl/cryptography.py | 3 +++ - src/_cffi_src/openssl/evp.py | 15 ++++++++++----- - src/_cffi_src/openssl/ssl.py | 3 ++- - 4 files changed, 19 insertions(+), 8 deletions(-) - -diff --git src/_cffi_src/openssl/cryptography.py src/_cffi_src/openssl/cryptography.py -index 878d22d8..821ddc9f 100644 ---- src/_cffi_src/openssl/cryptography.py -+++ src/_cffi_src/openssl/cryptography.py -@@ -36,8 +36,11 @@ INCLUDES = """ - #if CRYPTOGRAPHY_IS_LIBRESSL - #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 \ - (LIBRESSL_VERSION_NUMBER < 0x3030200f) -+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 \ -+ (LIBRESSL_VERSION_NUMBER < 0x3040000f) - #else - #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 (0) -+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 (0) - #endif - - #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \ -diff --git src/_cffi_src/openssl/evp.py src/_cffi_src/openssl/evp.py -index ab7cfeb3..cad3339a 100644 ---- src/_cffi_src/openssl/evp.py -+++ src/_cffi_src/openssl/evp.py -@@ -203,15 +203,21 @@ int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, const unsigned char *, - size_t) = NULL; - #endif - --#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 -+#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 || \ -+ (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL) - static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 0; --static const long Cryptography_HAS_RAW_KEY = 0; --static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0; --int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL; - int (*EVP_DigestSign)(EVP_MD_CTX *, unsigned char *, size_t *, - const unsigned char *tbs, size_t) = NULL; - int (*EVP_DigestVerify)(EVP_MD_CTX *, const unsigned char *, size_t, - const unsigned char *, size_t) = NULL; -+#else -+static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1; -+#endif -+ -+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 -+static const long Cryptography_HAS_RAW_KEY = 0; -+static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0; -+int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL; - EVP_PKEY *(*EVP_PKEY_new_raw_private_key)(int, ENGINE *, const unsigned char *, - size_t) = NULL; - EVP_PKEY *(*EVP_PKEY_new_raw_public_key)(int, ENGINE *, const unsigned char *, -@@ -221,7 +227,6 @@ int (*EVP_PKEY_get_raw_private_key)(const EVP_PKEY *, unsigned char *, - int (*EVP_PKEY_get_raw_public_key)(const EVP_PKEY *, unsigned char *, - size_t *) = NULL; - #else --static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1; - static const long Cryptography_HAS_RAW_KEY = 1; - static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 1; - #endif -diff --git src/_cffi_src/openssl/ssl.py src/_cffi_src/openssl/ssl.py -index ca275e91..0830a463 100644 ---- src/_cffi_src/openssl/ssl.py -+++ src/_cffi_src/openssl/ssl.py -@@ -678,7 +678,8 @@ int (*SSL_set_tlsext_use_srtp)(SSL *, const char *) = NULL; - SRTP_PROTECTION_PROFILE * (*SSL_get_selected_srtp_profile)(SSL *) = NULL; - #endif - --#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 -+#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 || \ -+ (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL) - static const long Cryptography_HAS_TLSv1_3 = 0; - static const long SSL_OP_NO_TLSv1_3 = 0; - static const long SSL_VERIFY_POST_HANDSHAKE = 0; --- -2.32.0 - diff --git a/security/py-cryptography/files/patch-setup.py b/security/py-cryptography/files/patch-setup.py index 7e15e74dffd4..b0cfd33df0bc 100644 --- a/security/py-cryptography/files/patch-setup.py +++ b/security/py-cryptography/files/patch-setup.py @@ -1,8 +1,8 @@ ---- setup.py.orig 2021-03-25 17:19:57 UTC +--- setup.py.orig 2022-09-07 12:20:58 UTC +++ setup.py -@@ -10,23 +10,7 @@ import sys +@@ -13,23 +13,6 @@ import sys - from setuptools import find_packages, setup + from setuptools import setup -try: - from setuptools_rust import RustExtension @@ -12,7 +12,7 @@ - =============================DEBUG ASSISTANCE========================== - If you are seeing an error here please try the following to - successfully install cryptography: - +- - Upgrade to the latest pip and try again. This will fix errors for most - users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip - =============================DEBUG ASSISTANCE========================== @@ -24,32 +24,33 @@ base_dir = os.path.dirname(__file__) src_dir = os.path.join(base_dir, "src") -@@ -41,9 +25,8 @@ with open(os.path.join(src_dir, "cryptography", "__abo - - # `install_requirements` and `setup_requirements` must be kept in sync with - # `pyproject.toml` --setuptools_rust = "setuptools-rust>=0.11.4" - install_requirements = ["cffi>=1.12"] --setup_requirements = install_requirements + [setuptools_rust] -+setup_requirements = install_requirements - - if os.environ.get("CRYPTOGRAPHY_DONT_BUILD_RUST"): - rust_extensions = [] -@@ -129,9 +112,6 @@ try: - "twine >= 1.12.0", - "sphinxcontrib-spelling >= 4.0.1", - ], -- "sdist": [ -- setuptools_rust, -- ], - "pep8test": [ - "black", - "flake8", -@@ -149,7 +129,6 @@ try: +@@ -43,20 +26,6 @@ try: + cffi_modules=[ "src/_cffi_src/build_openssl.py:ffi", - "src/_cffi_src/build_padding.py:ffi", ], -- rust_extensions=rust_extensions, +- rust_extensions=[ +- RustExtension( +- "cryptography.hazmat.bindings._rust", +- "src/rust/Cargo.toml", +- py_limited_api=True, +- # Enable abi3 mode if we're not using PyPy. +- features=( +- [] +- if platform.python_implementation() == "PyPy" +- else ["pyo3/abi3-py36"] +- ), +- rust_version=">=1.48.0", +- ) +- ], ) except: # noqa: E722 # Note: This is a bare exception that re-raises so that we don't interfere +@@ -86,7 +55,7 @@ except: # noqa: E722 + ) + print(f" Python: {'.'.join(str(v) for v in sys.version_info[:3])}") + print(f" platform: {platform.platform()}") +- for dist in ["pip", "setuptools", "setuptools_rust"]: ++ for dist in ["pip", "setuptools"]: + try: + version = pkg_resources.get_distribution(dist).version + except pkg_resources.DistributionNotFound: