From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 5AB4A1382C5 for ; Fri, 13 Apr 2018 01:07:45 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 77B77E09A6; Fri, 13 Apr 2018 01:07:44 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 3FE7AE09A6 for ; Fri, 13 Apr 2018 01:07:42 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 82B0A335C74 for ; Fri, 13 Apr 2018 01:07:41 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id E03E9275 for ; Fri, 13 Apr 2018 01:07:39 +0000 (UTC) From: "Aaron Bauman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Aaron Bauman" Message-ID: <1523581647.079600f41f80b96f77ca942cd2e270c022330deb.bman@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: dev-python/cryptography/, dev-python/cryptography/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: dev-python/cryptography/cryptography-1.7.1-r1.ebuild dev-python/cryptography/cryptography-2.0.2-r1.ebuild dev-python/cryptography/cryptography-2.1.4-r1.ebuild dev-python/cryptography/files/cryptography-1.7.1-libressl251.patch dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509.patch dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509_vfy.patch X-VCS-Directories: dev-python/cryptography/ dev-python/cryptography/files/ X-VCS-Committer: bman X-VCS-Committer-Name: Aaron Bauman X-VCS-Revision: 079600f41f80b96f77ca942cd2e270c022330deb X-VCS-Branch: master Date: Fri, 13 Apr 2018 01:07:39 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: f8193ce5-4fd1-48c1-a415-633d476d3621 X-Archives-Hash: 24b0598150dd084e9db04acc0749ee52 commit: 079600f41f80b96f77ca942cd2e270c022330deb Author: Aaron Bauman gentoo org> AuthorDate: Fri Apr 13 01:07:11 2018 +0000 Commit: Aaron Bauman gentoo org> CommitDate: Fri Apr 13 01:07:27 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=079600f4 dev-python/cryptography: fix building with LibreSSL These patches fix building against >dev-libs/libressl-2.5 for all versions of dev-python/cryptography. Closes: https://bugs.gentoo.org/651168 Package-Manager: Portage-2.3.28, Repoman-2.3.9 ....0.2-r1.ebuild => cryptography-1.7.1-r1.ebuild} | 25 ++++---- .../cryptography/cryptography-2.0.2-r1.ebuild | 4 +- ....0.2-r1.ebuild => cryptography-2.1.4-r1.ebuild} | 25 ++++++-- .../files/cryptography-1.7.1-libressl251.patch | 17 +++++ .../cryptography-2.1.4-libressl-2.7-x509.patch | 23 +++++++ .../cryptography-2.1.4-libressl-2.7-x509_vfy.patch | 73 ++++++++++++++++++++++ 6 files changed, 149 insertions(+), 18 deletions(-) diff --git a/dev-python/cryptography/cryptography-2.0.2-r1.ebuild b/dev-python/cryptography/cryptography-1.7.1-r1.ebuild similarity index 66% copy from dev-python/cryptography/cryptography-2.0.2-r1.ebuild copy to dev-python/cryptography/cryptography-1.7.1-r1.ebuild index e1a1c26f4aa..c6928ab74a3 100644 --- a/dev-python/cryptography/cryptography-2.0.2-r1.ebuild +++ b/dev-python/cryptography/cryptography-1.7.1-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2017 Gentoo Foundation +# Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 EAPI=6 @@ -6,7 +6,7 @@ EAPI=6 PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy{,3} ) PYTHON_REQ_USE="threads(+)" -inherit distutils-r1 flag-o-matic +inherit distutils-r1 DESCRIPTION="Library providing cryptographic recipes and primitives" HOMEPAGE="https://github.com/pyca/cryptography/ https://pypi.python.org/pypi/cryptography/" @@ -14,18 +14,19 @@ SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" LICENSE="|| ( Apache-2.0 BSD )" SLOT="0" -KEYWORDS="amd64 arm arm64 hppa ia64 ~mips ppc ppc64 x86" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux" IUSE="libressl test" RDEPEND=" - !libressl? ( >=dev-libs/openssl-1.0.2:0=[-bindist(-)] ) - libressl? ( dev-libs/libressl ) - $(python_gen_cond_dep '>=dev-python/cffi-1.7:=[${PYTHON_USEDEP}]' 'python*') - $(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 pypy{,3}) - >=dev-python/idna-2.1[${PYTHON_USEDEP}] - >=dev-python/asn1crypto-0.21.0[${PYTHON_USEDEP}] + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + $(python_gen_cond_dep '>=dev-python/cffi-1.4.1:=[${PYTHON_USEDEP}]' 'python*') + $(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 python3_3 pypy{,3}) + >=dev-python/idna-2.0[${PYTHON_USEDEP}] + >=dev-python/pyasn1-0.1.8[${PYTHON_USEDEP}] dev-python/setuptools[${PYTHON_USEDEP}] >=dev-python/six-1.4.1[${PYTHON_USEDEP}] + $(python_gen_cond_dep '>=virtual/pypy-2.6.0' pypy ) virtual/python-ipaddress[${PYTHON_USEDEP}] " DEPEND="${RDEPEND} @@ -42,10 +43,10 @@ DEPEND="${RDEPEND} DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst ) -python_configure_all() { - append-cflags $(test-flags-CC -pthread) -} +PATCHES=( "${FILESDIR}"/${P}-libressl251.patch ) python_test() { + distutils_install_for_testing + py.test -v -v -x || die "Tests fail with ${EPYTHON}" } diff --git a/dev-python/cryptography/cryptography-2.0.2-r1.ebuild b/dev-python/cryptography/cryptography-2.0.2-r1.ebuild index e1a1c26f4aa..57b42e13bd3 100644 --- a/dev-python/cryptography/cryptography-2.0.2-r1.ebuild +++ b/dev-python/cryptography/cryptography-2.0.2-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2017 Gentoo Foundation +# Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 EAPI=6 @@ -19,7 +19,7 @@ IUSE="libressl test" RDEPEND=" !libressl? ( >=dev-libs/openssl-1.0.2:0=[-bindist(-)] ) - libressl? ( dev-libs/libressl ) + libressl? ( dev-libs/libressl:0= ) $(python_gen_cond_dep '>=dev-python/cffi-1.7:=[${PYTHON_USEDEP}]' 'python*') $(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 pypy{,3}) >=dev-python/idna-2.1[${PYTHON_USEDEP}] diff --git a/dev-python/cryptography/cryptography-2.0.2-r1.ebuild b/dev-python/cryptography/cryptography-2.1.4-r1.ebuild similarity index 65% copy from dev-python/cryptography/cryptography-2.0.2-r1.ebuild copy to dev-python/cryptography/cryptography-2.1.4-r1.ebuild index e1a1c26f4aa..27a23caab64 100644 --- a/dev-python/cryptography/cryptography-2.0.2-r1.ebuild +++ b/dev-python/cryptography/cryptography-2.1.4-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2017 Gentoo Foundation +# Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 EAPI=6 @@ -14,12 +14,24 @@ SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" LICENSE="|| ( Apache-2.0 BSD )" SLOT="0" -KEYWORDS="amd64 arm arm64 hppa ia64 ~mips ppc ppc64 x86" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~amd64-linux ~x86-linux ~x64-macos ~x64-solaris" IUSE="libressl test" +# the openssl 1.0.2l-r1 needs to be updated again :( +# It'd theb be able to go into the || section again +#=dev-libs/openssl-1.0.2l-r1:0 +# the following is the original section, disallowing bindist entirely +#!libressl? ( >=dev-libs/openssl-1.0.2:0=[-bindist(-)] ) RDEPEND=" - !libressl? ( >=dev-libs/openssl-1.0.2:0=[-bindist(-)] ) - libressl? ( dev-libs/libressl ) + !libressl? ( + dev-libs/openssl:0= ( + || ( + dev-libs/openssl:0[-bindist(-)] + >=dev-libs/openssl-1.1.0g-r1:0 + ) + ) + ) + libressl? ( dev-libs/libressl:0= ) $(python_gen_cond_dep '>=dev-python/cffi-1.7:=[${PYTHON_USEDEP}]' 'python*') $(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 pypy{,3}) >=dev-python/idna-2.1[${PYTHON_USEDEP}] @@ -42,6 +54,11 @@ DEPEND="${RDEPEND} DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst ) +PATCHES=( + "${FILESDIR}"/${PN}-2.1.4-libressl-2.7-x509.patch + "${FILESDIR}"/${PN}-2.1.4-libressl-2.7-x509_vfy.patch +) + python_configure_all() { append-cflags $(test-flags-CC -pthread) } diff --git a/dev-python/cryptography/files/cryptography-1.7.1-libressl251.patch b/dev-python/cryptography/files/cryptography-1.7.1-libressl251.patch new file mode 100644 index 00000000000..a23ed7658f8 --- /dev/null +++ b/dev-python/cryptography/files/cryptography-1.7.1-libressl251.patch @@ -0,0 +1,17 @@ +diff -Naur cryptography-1.7.1.orig/src/_cffi_src/openssl/x509_vfy.py cryptography-1.7.1/src/_cffi_src/openssl/x509_vfy.py +--- cryptography-1.7.1.orig/src/_cffi_src/openssl/x509_vfy.py 2017-02-01 12:29:59.080728417 -0800 ++++ cryptography-1.7.1/src/_cffi_src/openssl/x509_vfy.py 2017-02-01 12:31:48.017895844 -0800 +@@ -221,10 +221,13 @@ + static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0; + static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0; + static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0; ++#if !CRYPTOGRAPHY_OPENSSL_102BETA2_OR_GREATER || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2050100fL) + static const long X509_V_ERR_HOSTNAME_MISMATCH = 0; + static const long X509_V_ERR_EMAIL_MISMATCH = 0; + static const long X509_V_ERR_IP_ADDRESS_MISMATCH = 0; ++#endif + #endif + + /* OpenSSL 1.0.2beta2+ verification parameters */ + #if CRYPTOGRAPHY_OPENSSL_102BETA2_OR_GREATER && \ diff --git a/dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509.patch b/dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509.patch new file mode 100644 index 00000000000..9a14d460601 --- /dev/null +++ b/dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509.patch @@ -0,0 +1,23 @@ +diff -ur a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py +--- a/src/_cffi_src/openssl/x509.py 2017-07-27 05:11:29.000000000 +0200 ++++ b/src/_cffi_src/openssl/x509.py 2018-03-23 10:28:00.387774214 +0100 +@@ -254,8 +254,7 @@ + + const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *); + +-/* in 1.1.0 becomes const ASN1_BIT_STRING, const X509_ALGOR */ +-void X509_get0_signature(ASN1_BIT_STRING **, X509_ALGOR **, X509 *); ++void X509_get0_signature(const ASN1_BIT_STRING **, const X509_ALGOR **, const X509 *); + + long X509_get_version(X509 *); + +@@ -338,7 +337,8 @@ + CUSTOMIZATIONS = """ + /* Added in 1.0.2 beta but we need it in all versions now due to the great + opaquing. */ +-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 ++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && \ ++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) + /* from x509/x_x509.c version 1.0.2 */ + void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, + const X509 *x) diff --git a/dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509_vfy.patch b/dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509_vfy.patch new file mode 100644 index 00000000000..a1c93cf0c66 --- /dev/null +++ b/dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509_vfy.patch @@ -0,0 +1,73 @@ +$OpenBSD: patch-src__cffi_src_openssl_x509_vfy_py,v 1.7 2018/02/22 18:49:16 sthen Exp $ + +--- a/src/_cffi_src/openssl/x509_vfy.py ++++ b/src/_cffi_src/openssl/x509_vfy.py +@@ -204,7 +204,7 @@ int sk_X509_OBJECT_num(Cryptography_STACK_OF_X509_OBJE + X509_OBJECT *sk_X509_OBJECT_value(Cryptography_STACK_OF_X509_OBJECT *, int); + X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *); + Cryptography_STACK_OF_X509_OBJECT *X509_STORE_get0_objects(X509_STORE *); +-X509 *X509_OBJECT_get0_X509(X509_OBJECT *); ++X509 *X509_OBJECT_get0_X509(const X509_OBJECT *); + int X509_OBJECT_get_type(const X509_OBJECT *); + + /* added in 1.1.0 */ +@@ -220,14 +220,11 @@ static const long Cryptography_HAS_102_VERIFICATION_ER + static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1; + #else + static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 0; ++#if LIBRESSL_VERSION_NUMBER >= 0x2070000fL ++static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1; ++#else + static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 0; + +-static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0; +-static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0; +-static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0; +-static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0; +-static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0; +-static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0; + /* These 3 defines are unavailable in LibreSSL 2.5.x, but may be added + in the future... */ + #ifndef X509_V_ERR_HOSTNAME_MISMATCH +@@ -240,12 +237,6 @@ static const long X509_V_ERR_EMAIL_MISMATCH = 0; + static const long X509_V_ERR_IP_ADDRESS_MISMATCH = 0; + #endif + +-/* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately +- below because it shows up in some earlier 3rd party OpenSSL packages. */ +-static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0; +-static const long X509_V_FLAG_SUITEB_192_LOS = 0; +-static const long X509_V_FLAG_SUITEB_128_LOS = 0; +- + int (*X509_VERIFY_PARAM_set1_host)(X509_VERIFY_PARAM *, const char *, + size_t) = NULL; + int (*X509_VERIFY_PARAM_set1_email)(X509_VERIFY_PARAM *, const char *, +@@ -257,6 +248,19 @@ void (*X509_VERIFY_PARAM_set_hostflags)(X509_VERIFY_PA + unsigned int) = NULL; + #endif + ++static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0; ++static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0; ++static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0; ++static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0; ++static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0; ++static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0; ++/* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately ++ below because it shows up in some earlier 3rd party OpenSSL packages. */ ++static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0; ++static const long X509_V_FLAG_SUITEB_192_LOS = 0; ++static const long X509_V_FLAG_SUITEB_128_LOS = 0; ++#endif ++ + /* OpenSSL 1.0.2+ or Solaris's backport */ + #ifdef X509_V_FLAG_PARTIAL_CHAIN + static const long Cryptography_HAS_X509_V_FLAG_PARTIAL_CHAIN = 1; +@@ -292,7 +296,7 @@ X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) + return ctx->cert; + } + +-X509 *X509_OBJECT_get0_X509(X509_OBJECT *x) { ++X509 *X509_OBJECT_get0_X509(const X509_OBJECT *x) { + return x->data.x509; + } + #endif