git: ed4bec1e0139 - main - security/py-cryptography: revert Update to 38.0.1
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 14 Oct 2022 13:45:38 UTC
The branch main has been updated by tcberner:
URL: https://cgit.FreeBSD.org/ports/commit/?id=ed4bec1e01390965296c2f510e87de9ccf8cef63
commit ed4bec1e01390965296c2f510e87de9ccf8cef63
Author: Tobias C. Berner <tcberner@FreeBSD.org>
AuthorDate: 2022-10-14 13:38:20 +0000
Commit: Tobias C. Berner <tcberner@FreeBSD.org>
CommitDate: 2022-10-14 13:45:24 +0000
security/py-cryptography: revert Update to 38.0.1
This reverts commit f5711e95bcd17b154bdd697cb3f1650a788fdf3c.
Revert due to multiple breakage reports.
---
security/py-cryptography/Makefile | 8 +-
security/py-cryptography/distinfo | 6 +-
.../files/patch-Fix-build-with-LibreSSL-3.3.2-5988 | 62 ++++++++++++++
.../files/patch-Support-LibreSSL-3.4.0-6360 | 98 ++++++++++++++++++++++
security/py-cryptography/files/patch-setup.py | 57 +++++++------
5 files changed, 195 insertions(+), 36 deletions(-)
diff --git a/security/py-cryptography/Makefile b/security/py-cryptography/Makefile
index e916d5950eb6..d46db25e295f 100644
--- a/security/py-cryptography/Makefile
+++ b/security/py-cryptography/Makefile
@@ -1,5 +1,6 @@
PORTNAME= cryptography
-PORTVERSION= 38.0.1
+PORTVERSION= 3.4.8
+PORTEPOCH= 1
CATEGORIES= security python
MASTER_SITES= CHEESESHOP
PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}
@@ -19,7 +20,6 @@ TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cryptography-vectors>=${PORTVERSION}:securi
${PYTHON_PKGNAMEPREFIX}hypothesis>=1.11.4:devel/py-hypothesis@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}iso8601>=0:devel/py-iso8601@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}pretend>=0:devel/py-pretend@${PY_FLAVOR} \
- ${PYTHON_PKGNAMEPREFIX}pytest-benchmark>=0:devel/py-pytest-benchmark@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}pytest-cov>=0:devel/py-pytest-cov@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}pytest-subtests>=0:devel/py-pytest-subtests@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}pytest-xdist>=0,1:devel/py-pytest-xdist@${PY_FLAVOR} \
@@ -31,15 +31,15 @@ USE_PYTHON= autoplist concurrent distutils pytest
CFLAGS+= -I${OPENSSLINC}
LDFLAGS+= -L${OPENSSLLIB}
+MAKE_ENV= CRYPTOGRAPHY_DONT_BUILD_RUST=1
TEST_ENV= PYTHONPATH=${STAGEDIR}${PYTHON_SITELIBDIR}
CPE_VENDOR= cryptography_project
.include <bsd.port.pre.mk>
-post-patch:
- @${RM} -r ${WRKSRC}/src/rust/
.if ${CHOSEN_COMPILER_TYPE} == gcc && ${COMPILER_VERSION} <= 42
+post-patch:
@${REINPLACE_CMD} -e 's|"-Wno-error=sign-conversion"||' ${WRKSRC}/src/_cffi_src/build_openssl.py
.endif
diff --git a/security/py-cryptography/distinfo b/security/py-cryptography/distinfo
index 060da2afdcf9..cb800cc11b12 100644
--- a/security/py-cryptography/distinfo
+++ b/security/py-cryptography/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1665073152
-SHA256 (cryptography-38.0.1.tar.gz) = 1db3d807a14931fa317f96435695d9ec386be7b84b618cc61cfa5d08b0ae33d7
-SIZE (cryptography-38.0.1.tar.gz) = 599412
+TIMESTAMP = 1652122693
+SHA256 (cryptography-3.4.8.tar.gz) = 94cc5ed4ceaefcbe5bf38c8fba6a21fc1d365bb8fb826ea1688e3370b2e24a1c
+SIZE (cryptography-3.4.8.tar.gz) = 546907
diff --git a/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988 b/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988
new file mode 100644
index 000000000000..deb9c6408832
--- /dev/null
+++ b/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988
@@ -0,0 +1,62 @@
+From 94590a9aecc9e5ef6fc8eda52bae43643a4c44bd Mon Sep 17 00:00:00 2001
+From: Charlie Li <vishwin@users.noreply.github.com>
+Date: Mon, 19 Apr 2021 18:38:38 -0400
+Subject: [PATCH] Fix build with LibreSSL 3.3.2 (#5988)
+
+* LibreSSL 3.3.2 supports SSL_OP_NO_DTLS*
+
+While here, bump CI
+
+* Fix preprocessor guards for LibreSSL's SSL_OP_NO_DTLS*
+
+DTLS_set_link_mtu and DTLS_get_link_min_mtu are not part of 3.3.2
+
+* Switch to LESS_THAN context for LibreSSL 3.3.2
+
+While here, fix indents
+
+* Remove extra C variable declaration
+
+The variable is not actually used from Python
+---
+ .github/workflows/ci.yml | 2 +-
+ src/_cffi_src/openssl/cryptography.py | 7 +++++++
+ src/_cffi_src/openssl/ssl.py | 2 ++
+ 3 files changed, 10 insertions(+), 1 deletion(-)
+
+diff --git src/_cffi_src/openssl/cryptography.py src/_cffi_src/openssl/cryptography.py
+index e2b5a132..b9c7a793 100644
+--- src/_cffi_src/openssl/cryptography.py
++++ src/_cffi_src/openssl/cryptography.py
+@@ -32,6 +32,13 @@ INCLUDES = """
+ #include <Winsock2.h>
+ #endif
+
++#if CRYPTOGRAPHY_IS_LIBRESSL
++#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 \
++ (LIBRESSL_VERSION_NUMBER < 0x3030200f)
++#else
++#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 (0)
++#endif
++
+ #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \
+ (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL)
+
+diff --git src/_cffi_src/openssl/ssl.py src/_cffi_src/openssl/ssl.py
+index 11a7d63a..081ef041 100644
+--- src/_cffi_src/openssl/ssl.py
++++ src/_cffi_src/openssl/ssl.py
+@@ -586,8 +586,10 @@ static const long TLS_ST_OK = 0;
+ #endif
+
+ #if CRYPTOGRAPHY_IS_LIBRESSL
++#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332
+ static const long SSL_OP_NO_DTLSv1 = 0;
+ static const long SSL_OP_NO_DTLSv1_2 = 0;
++#endif
+ long (*DTLS_set_link_mtu)(SSL *, long) = NULL;
+ long (*DTLS_get_link_min_mtu)(SSL *) = NULL;
+ #endif
+--
+2.31.1
+
diff --git a/security/py-cryptography/files/patch-Support-LibreSSL-3.4.0-6360 b/security/py-cryptography/files/patch-Support-LibreSSL-3.4.0-6360
new file mode 100644
index 000000000000..a8bb6dc6da43
--- /dev/null
+++ b/security/py-cryptography/files/patch-Support-LibreSSL-3.4.0-6360
@@ -0,0 +1,98 @@
+From 7a341a5d3cb9380e77b0241b5198373ab6fc355e Mon Sep 17 00:00:00 2001
+From: Charlie Li <vishwin@users.noreply.github.com>
+Date: Sun, 3 Oct 2021 00:20:31 -0400
+Subject: [PATCH] Support LibreSSL 3.4.0 (#6360)
+
+* Add LibreSSL 3.4.0 to CI
+
+* Add a LibreSSL 3.4.0 guard
+
+Since LibreSSL 3.4.0 makes most of the TLSv1.3 API available, redefine CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 to LibreSSL versions below 3.4.0.
+
+* DTLS_get_data_mtu does not exist in LibreSSL
+
+* Only EVP_Digest{Sign,Verify} exist in LibreSSL 3.4.0+
+
+* SSL_CTX_{set,get}_keylog_callback does not exist in LibreSSL
+
+* Do not pollute CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 with LibreSSL
+
+While LibreSSL 3.4.0 supports more of TLSv1.3 API, the guard redefinition caused the X448 tests to run when not intended.
+---
+ .github/workflows/ci.yml | 6 ++++--
+ src/_cffi_src/openssl/cryptography.py | 3 +++
+ src/_cffi_src/openssl/evp.py | 15 ++++++++++-----
+ src/_cffi_src/openssl/ssl.py | 3 ++-
+ 4 files changed, 19 insertions(+), 8 deletions(-)
+
+diff --git src/_cffi_src/openssl/cryptography.py src/_cffi_src/openssl/cryptography.py
+index 878d22d8..821ddc9f 100644
+--- src/_cffi_src/openssl/cryptography.py
++++ src/_cffi_src/openssl/cryptography.py
+@@ -36,8 +36,11 @@ INCLUDES = """
+ #if CRYPTOGRAPHY_IS_LIBRESSL
+ #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 \
+ (LIBRESSL_VERSION_NUMBER < 0x3030200f)
++#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 \
++ (LIBRESSL_VERSION_NUMBER < 0x3040000f)
+ #else
+ #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 (0)
++#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 (0)
+ #endif
+
+ #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \
+diff --git src/_cffi_src/openssl/evp.py src/_cffi_src/openssl/evp.py
+index ab7cfeb3..cad3339a 100644
+--- src/_cffi_src/openssl/evp.py
++++ src/_cffi_src/openssl/evp.py
+@@ -203,15 +203,21 @@ int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, const unsigned char *,
+ size_t) = NULL;
+ #endif
+
+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
++#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 || \
++ (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL)
+ static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 0;
+-static const long Cryptography_HAS_RAW_KEY = 0;
+-static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0;
+-int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL;
+ int (*EVP_DigestSign)(EVP_MD_CTX *, unsigned char *, size_t *,
+ const unsigned char *tbs, size_t) = NULL;
+ int (*EVP_DigestVerify)(EVP_MD_CTX *, const unsigned char *, size_t,
+ const unsigned char *, size_t) = NULL;
++#else
++static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1;
++#endif
++
++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
++static const long Cryptography_HAS_RAW_KEY = 0;
++static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0;
++int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL;
+ EVP_PKEY *(*EVP_PKEY_new_raw_private_key)(int, ENGINE *, const unsigned char *,
+ size_t) = NULL;
+ EVP_PKEY *(*EVP_PKEY_new_raw_public_key)(int, ENGINE *, const unsigned char *,
+@@ -221,7 +227,6 @@ int (*EVP_PKEY_get_raw_private_key)(const EVP_PKEY *, unsigned char *,
+ int (*EVP_PKEY_get_raw_public_key)(const EVP_PKEY *, unsigned char *,
+ size_t *) = NULL;
+ #else
+-static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1;
+ static const long Cryptography_HAS_RAW_KEY = 1;
+ static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 1;
+ #endif
+diff --git src/_cffi_src/openssl/ssl.py src/_cffi_src/openssl/ssl.py
+index ca275e91..0830a463 100644
+--- src/_cffi_src/openssl/ssl.py
++++ src/_cffi_src/openssl/ssl.py
+@@ -678,7 +678,8 @@ int (*SSL_set_tlsext_use_srtp)(SSL *, const char *) = NULL;
+ SRTP_PROTECTION_PROFILE * (*SSL_get_selected_srtp_profile)(SSL *) = NULL;
+ #endif
+
+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
++#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 || \
++ (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL)
+ static const long Cryptography_HAS_TLSv1_3 = 0;
+ static const long SSL_OP_NO_TLSv1_3 = 0;
+ static const long SSL_VERIFY_POST_HANDSHAKE = 0;
+--
+2.32.0
+
diff --git a/security/py-cryptography/files/patch-setup.py b/security/py-cryptography/files/patch-setup.py
index b0cfd33df0bc..7e15e74dffd4 100644
--- a/security/py-cryptography/files/patch-setup.py
+++ b/security/py-cryptography/files/patch-setup.py
@@ -1,8 +1,8 @@
---- setup.py.orig 2022-09-07 12:20:58 UTC
+--- setup.py.orig 2021-03-25 17:19:57 UTC
+++ setup.py
-@@ -13,23 +13,6 @@ import sys
+@@ -10,23 +10,7 @@ import sys
- from setuptools import setup
+ from setuptools import find_packages, setup
-try:
- from setuptools_rust import RustExtension
@@ -12,7 +12,7 @@
- =============================DEBUG ASSISTANCE==========================
- If you are seeing an error here please try the following to
- successfully install cryptography:
--
+
- Upgrade to the latest pip and try again. This will fix errors for most
- users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip
- =============================DEBUG ASSISTANCE==========================
@@ -24,33 +24,32 @@
base_dir = os.path.dirname(__file__)
src_dir = os.path.join(base_dir, "src")
-@@ -43,20 +26,6 @@ try:
- cffi_modules=[
+@@ -41,9 +25,8 @@ with open(os.path.join(src_dir, "cryptography", "__abo
+
+ # `install_requirements` and `setup_requirements` must be kept in sync with
+ # `pyproject.toml`
+-setuptools_rust = "setuptools-rust>=0.11.4"
+ install_requirements = ["cffi>=1.12"]
+-setup_requirements = install_requirements + [setuptools_rust]
++setup_requirements = install_requirements
+
+ if os.environ.get("CRYPTOGRAPHY_DONT_BUILD_RUST"):
+ rust_extensions = []
+@@ -129,9 +112,6 @@ try:
+ "twine >= 1.12.0",
+ "sphinxcontrib-spelling >= 4.0.1",
+ ],
+- "sdist": [
+- setuptools_rust,
+- ],
+ "pep8test": [
+ "black",
+ "flake8",
+@@ -149,7 +129,6 @@ try:
"src/_cffi_src/build_openssl.py:ffi",
+ "src/_cffi_src/build_padding.py:ffi",
],
-- rust_extensions=[
-- RustExtension(
-- "cryptography.hazmat.bindings._rust",
-- "src/rust/Cargo.toml",
-- py_limited_api=True,
-- # Enable abi3 mode if we're not using PyPy.
-- features=(
-- []
-- if platform.python_implementation() == "PyPy"
-- else ["pyo3/abi3-py36"]
-- ),
-- rust_version=">=1.48.0",
-- )
-- ],
+- rust_extensions=rust_extensions,
)
except: # noqa: E722
# Note: This is a bare exception that re-raises so that we don't interfere
-@@ -86,7 +55,7 @@ except: # noqa: E722
- )
- print(f" Python: {'.'.join(str(v) for v in sys.version_info[:3])}")
- print(f" platform: {platform.platform()}")
-- for dist in ["pip", "setuptools", "setuptools_rust"]:
-+ for dist in ["pip", "setuptools"]:
- try:
- version = pkg_resources.get_distribution(dist).version
- except pkg_resources.DistributionNotFound: