[gentoo-commits] repo/gentoo:master commit in: dev-python/m2crypto/files/, dev-python/m2crypto/

["Michał Górny" <mgorny@gentoo.org>]

commit:     79f541287308eb3fbe33c39fdea31d4d1c5b8205
Author:     Michał Górny <mgorny <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 12 12:22:12 2021 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Mon Apr 12 12:46:47 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=79f54128

dev-python/m2crypto: Backport OpenSSL fixes

Closes: https://bugs.gentoo.org/768495
Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>

 .../files/m2crypto-0.37.1-openssl-fixes.patch      | 76 ++++++++++++++++++++++
 dev-python/m2crypto/m2crypto-0.37.1-r1.ebuild      | 69 ++++++++++++++++++++
 2 files changed, 145 insertions(+)

diff --git a/dev-python/m2crypto/files/m2crypto-0.37.1-openssl-fixes.patch b/dev-python/m2crypto/files/m2crypto-0.37.1-openssl-fixes.patch
new file mode 100644
index 00000000000..c249f7adbb8
--- /dev/null
+++ b/dev-python/m2crypto/files/m2crypto-0.37.1-openssl-fixes.patch
@@ -0,0 +1,76 @@
+From 73fbd1e646f6bbf202d4418bae80eb9941fbf552 Mon Sep 17 00:00:00 2001
+From: Casey Deccio <casey@deccio.net>
+Date: Fri, 8 Jan 2021 12:43:09 -0700
+Subject: [PATCH] Allow verify_cb_* to be called with ok=True
+
+With https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58
+OpenSSL allowed verificaton to continue on UNABLE_TO_VERIFY_LEAF_SIGNATURE
+---
+ tests/test_ssl.py | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/tests/test_ssl.py b/tests/test_ssl.py
+index 92b6942..7a3271a 100644
+--- a/tests/test_ssl.py
++++ b/tests/test_ssl.py
+@@ -59,8 +59,13 @@ def allocate_srv_port():
+ 
+ 
+ def verify_cb_new_function(ok, store):
+-    assert not ok
+     err = store.get_error()
++    # If err is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, then instead of
++    # aborting, this callback is called to retrieve additional error
++    # information.  In this case, ok might not be False.
++    # See https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58
++    if err != m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
++        assert not ok
+     assert err in [m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
+                    m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
+                    m2.X509_V_ERR_CERT_UNTRUSTED,
+@@ -618,7 +623,12 @@ class MiscSSLClientTestCase(BaseSSLClientTestCase):
+ 
+     def verify_cb_old(self, ctx_ptr, x509_ptr, err, depth, ok):
+         try:
+-            self.assertFalse(ok)
++            # If err is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, then instead of
++            # aborting, this callback is called to retrieve additional error
++            # information.  In this case, ok might not be False.
++            # See https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58
++            if err != m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
++                self.assertFalse(ok)
+             self.assertIn(err,
+                           [m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
+                            m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
+-- 
+2.31.1
+
+From d06eaa88a5f491827733f32027c46de3557fbd05 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
+Date: Fri, 19 Feb 2021 15:53:02 +0100
+Subject: [PATCH] Use of RSA_SSLV23_PADDING has been deprecated.
+
+Fixes #293.
+---
+ tests/test_rsa.py | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/tests/test_rsa.py b/tests/test_rsa.py
+index 3de5016..7299785 100644
+--- a/tests/test_rsa.py
++++ b/tests/test_rsa.py
+@@ -124,11 +124,6 @@ class RSATestCase(unittest.TestCase):
+             ptxt = priv.private_decrypt(ctxt, p)
+             self.assertEqual(ptxt, self.data)
+ 
+-        # sslv23_padding
+-        ctxt = priv.public_encrypt(self.data, RSA.sslv23_padding)
+-        res = priv.private_decrypt(ctxt, RSA.sslv23_padding)
+-        self.assertEqual(res, self.data)
+-
+         # no_padding
+         with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
+             priv.public_encrypt(self.data, RSA.no_padding)
+-- 
+2.31.1
+

diff --git a/dev-python/m2crypto/m2crypto-0.37.1-r1.ebuild b/dev-python/m2crypto/m2crypto-0.37.1-r1.ebuild
new file mode 100644
index 00000000000..c650101f6d3
--- /dev/null
+++ b/dev-python/m2crypto/m2crypto-0.37.1-r1.ebuild
@@ -0,0 +1,69 @@
+# Copyright 2018-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{7..9} )
+PYTHON_REQ_USE="threads(+)"
+
+inherit distutils-r1 toolchain-funcs
+
+MY_PN="M2Crypto"
+DESCRIPTION="A Python crypto and SSL toolkit"
+HOMEPAGE="https://gitlab.com/m2crypto/m2crypto https://pypi.org/project/M2Crypto/"
+SRC_URI="mirror://pypi/${MY_PN:0:1}/${MY_PN}/${MY_PN}-${PV}.tar.gz"
+S="${WORKDIR}/${MY_PN}-${PV}"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-macos"
+IUSE="libressl test"
+RESTRICT="!test? ( test )"
+
+BDEPEND="
+	>=dev-lang/swig-2.0.9
+	test? ( dev-python/parameterized[${PYTHON_USEDEP}] )
+"
+RDEPEND="
+	!libressl? ( dev-libs/openssl:0= )
+	libressl? ( dev-libs/libressl:0= )
+"
+DEPEND="${RDEPEND}"
+
+PATCHES=(
+	"${FILESDIR}/${P}-openssl-fixes.patch"
+)
+
+swig_define() {
+	local x
+	for x; do
+		if tc-cpp-is-true "defined(${x})"; then
+			SWIG_FEATURES+=" -D${x}"
+		fi
+	done
+}
+
+src_prepare() {
+	# TODO
+	sed -e 's:test_server_simple_timeouts:_&:' \
+		-i tests/test_ssl.py || die
+	distutils-r1_src_prepare
+}
+
+python_compile() {
+	# setup.py looks at platform.machine() to determine swig options.
+	# For exotic ABIs, we need to give swig a hint.
+	local -x SWIG_FEATURES=
+
+	# https://bugs.gentoo.org/617946
+	swig_define __ILP32__
+
+	# https://bugs.gentoo.org/674112
+	swig_define __ARM_PCS_VFP
+
+	distutils-r1_python_compile --openssl="${ESYSROOT}"/usr
+}
+
+python_test() {
+	esetup.py test
+}