svn commit: r428138 - head/security/py-cryptography
Mathieu Arnold
mat at FreeBSD.org
Fri Dec 9 14:27:13 UTC 2016
Le 09/12/2016 à 15:19, Mark Felder a écrit :
>
> On Fri, Dec 9, 2016, at 04:12, Mathieu Arnold wrote:
>> Le 08/12/2016 à 18:07, Mark Felder a écrit :
>>> Author: feld
>>> Date: Thu Dec 8 17:07:22 2016
>>> New Revision: 428138
>>> URL: https://svnweb.freebsd.org/changeset/ports/428138
>>>
>>> Log:
>>> security/py-pycryptography: Fix build on FreeBSD 9.3
>>>
>>> Modern py-cryptography requires a more modern OpenSSL. This switch to
>>> requiring OpenSSL from ports is a disruptive change, but it will protect
>>> these users from the recently patched vulnerabilites.
>>>
>>> Support for OpenSSL 0.9.8 was removed in pycryptography as of version 1.4.
>>> The last release to support OpenSSL 0.9.8 was 1.3.4 which is still
>>> vulnerable to the HDKF key generation bug. It appears that version 1.4
>>> did build successfully on FreeBSD 9.3, but upstream had abandoned
>>> support for OpenSSL 0.9.8 at that point so it is unclear if it was fully
>>> functional.
>>>
>>> PR: 214915
>>> MFH: 2016Q4
>>>
>>> Modified:
>>> head/security/py-cryptography/Makefile
>>>
>>> Modified: head/security/py-cryptography/Makefile
>>> ==============================================================================
>>> --- head/security/py-cryptography/Makefile Thu Dec 8 17:05:45 2016 (r428137)
>>> +++ head/security/py-cryptography/Makefile Thu Dec 8 17:07:22 2016 (r428138)
>>> @@ -27,6 +27,11 @@ USE_PYTHON= autoplist distutils
>>> CFLAGS+= -I${OPENSSLINC}
>>> LDFLAGS+= -L${OPENSSLLIB}
>>>
>>> +# Modern py-cyptography requires newer OpenSSL
>>> +.if ${OSVERSION} < 1000000
>>> +WITH_OPENSSL_PORT= yes
>>> +.endif
>>> +
>> The correct fix is:
>>
>> .if ${OSVERSION} < 1000000 && ${SSL_DEFAULT:Mbase}
>> IGNORE= Needs a more recent OpenSSL
>> .endif
>>
> I was trying to avoid doing that because this means we won't have
> packages on our mirrors for 9.3-RELEASE users. :(
It is not really a choice, either you don't have a package, or you have
packages that are half linked with base openssl and half with ports
openssl, which will end up doing at best core dumps.
--
Mathieu Arnold
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/svn-ports-head/attachments/20161209/4e5ff036/attachment.sig>
More information about the svn-ports-head
mailing list