Date: Thu, 9 Jun 2022 23:20:43 GMT From: Po-Chuan Hsieh <sunpoet@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 232a658e49f8 - main - security/py-fido2: Update to 1.0.0 Message-ID: <202206092320.259NKh8C052523@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by sunpoet: URL: https://cgit.FreeBSD.org/ports/commit/?id=232a658e49f8a72efd8dcacfb50c930eed3bf0c9 commit 232a658e49f8a72efd8dcacfb50c930eed3bf0c9 Author: Po-Chuan Hsieh <sunpoet@FreeBSD.org> AuthorDate: 2022-06-09 23:12:37 +0000 Commit: Po-Chuan Hsieh <sunpoet@FreeBSD.org> CommitDate: 2022-06-09 23:16:15 +0000 security/py-fido2: Update to 1.0.0 Changes: https://github.com/Yubico/python-fido2/releases --- security/py-fido2/Makefile | 7 +- security/py-fido2/distinfo | 6 +- security/py-fido2/files/patch-fido2_hid_freebsd.py | 222 --------------------- 3 files changed, 6 insertions(+), 229 deletions(-) diff --git a/security/py-fido2/Makefile b/security/py-fido2/Makefile index a2176170c194..618df08a6230 100644 --- a/security/py-fido2/Makefile +++ b/security/py-fido2/Makefile @@ -1,6 +1,5 @@ PORTNAME= fido2 -PORTVERSION= 0.9.3 -PORTREVISION= 1 +PORTVERSION= 1.0.0 CATEGORIES= security python MASTER_SITES= CHEESESHOP PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -11,11 +10,11 @@ COMMENT= Provides library functionality for FIDO 2.0 LICENSE= BSD2CLAUSE LICENSE_FILE= ${WRKSRC}/COPYING -RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cryptography>=1.5:security/py-cryptography@${PY_FLAVOR} \ +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cryptography>=2.6<40:security/py-cryptography@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}six>=0:devel/py-six@${PY_FLAVOR} TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}mock>0:devel/py-mock@${PY_FLAVOR} -USES= python:3.6+ +USES= python:3.7+ USE_PYTHON= autoplist distutils unittest NO_ARCH= yes diff --git a/security/py-fido2/distinfo b/security/py-fido2/distinfo index eae663e9397e..04b2a986ff51 100644 --- a/security/py-fido2/distinfo +++ b/security/py-fido2/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1641046846 -SHA256 (fido2-0.9.3.tar.gz) = b45e89a6109cfcb7f1bb513776aa2d6408e95c4822f83a253918b944083466ec -SIZE (fido2-0.9.3.tar.gz) = 217894 +TIMESTAMP = 1654774136 +SHA256 (fido2-1.0.0.tar.gz) = 2509a4958b666d747fd5754dfa9357da2d81b52edc0ecff75b68cea939154c02 +SIZE (fido2-1.0.0.tar.gz) = 245631 diff --git a/security/py-fido2/files/patch-fido2_hid_freebsd.py b/security/py-fido2/files/patch-fido2_hid_freebsd.py deleted file mode 100644 index 78836b3c4d06..000000000000 --- a/security/py-fido2/files/patch-fido2_hid_freebsd.py +++ /dev/null @@ -1,222 +0,0 @@ -See https://github.com/Yubico/python-fido2/commit/2a202d0e19fdb7be ---- fido2/hid/freebsd.py.orig 2022-05-27 09:25:33 UTC -+++ fido2/hid/freebsd.py -@@ -15,19 +15,39 @@ - # Modified work Copyright 2020 Yubico AB. All Rights Reserved. - # This file, with modifications, is licensed under the above Apache License. - -+# FreeBSD HID driver. -+# -+# There are two options to access UHID on FreeBSD: -+# -+# hidraw(4) - New method, not enabled by default -+# on FreeBSD 13.x and earlier -+# uhid(4) - Classic method, default option on -+# FreeBSD 13.x and earlier -+# -+# uhid is available since FreeBSD 13 and can be activated by adding -+# `hw.usb.usbhid.enable="1"` to `/boot/loader.conf`. The actual kernel -+# module is loaded with `kldload hidraw`. - --from __future__ import absolute_import -+from __future__ import annotations - - from ctypes.util import find_library - import ctypes -+import fcntl - import glob - import re -+import struct - import os -+from array import array - - from .base import HidDescriptor, parse_report_descriptor, FileCtapHidConnection - - import logging -+import sys -+from typing import Dict, Optional, Set, Union - -+# Don't typecheck this file on Windows -+assert sys.platform != "win32" # nosec -+ - logger = logging.getLogger(__name__) - - -@@ -39,9 +59,17 @@ sernum_re = re.compile('sernum="([^"]+)') - - libc = ctypes.CDLL(find_library("c")) - -+# /usr/include/dev/usb/usb_ioctl.h - USB_GET_REPORT_DESC = 0xC0205515 - -+# /usr/include/dev/hid/hidraw.h> -+HIDIOCGRAWINFO = 0x40085520 -+HIDIOCGRDESC = 0x2000551F -+HIDIOCGRDESCSIZE = 0x4004551E -+HIDIOCGRAWNAME_128 = 0x40805521 -+HIDIOCGRAWUNIQ_64 = 0x40405525 - -+ - class usb_gen_descriptor(ctypes.Structure): - _fields_ = [ - ( -@@ -62,8 +90,17 @@ class usb_gen_descriptor(ctypes.Structure): - ] - - -+class HidrawCtapHidConnection(FileCtapHidConnection): -+ def write_packet(self, packet): -+ # Prepend the report ID -+ super(HidrawCtapHidConnection, self).write_packet(b"\0" + packet) -+ -+ - def open_connection(descriptor): -- return FileCtapHidConnection(descriptor) -+ if descriptor.path.find(devdir + "hidraw") == 0: -+ return HidrawCtapHidConnection(descriptor) -+ else: -+ return FileCtapHidConnection(descriptor) - - - def _get_report_data(fd, report_type): -@@ -71,7 +108,7 @@ def _get_report_data(fd, report_type): - desc = usb_gen_descriptor( - ugd_data=ctypes.addressof(data), - ugd_maxlen=ctypes.sizeof(data), -- report_type=report_type, -+ ugd_report_type=report_type, - ) - ret = libc.ioctl(fd, USB_GET_REPORT_DESC, ctypes.byref(desc)) - if ret != 0: -@@ -104,16 +141,16 @@ def _enumerate(): - if retval != 0: - continue - -- dev = {} -+ dev: Dict[str, Optional[Union[str, int]]] = {} - dev["name"] = uhid[len(devdir) :] - dev["path"] = uhid - - value = ovalue.value[: olen.value].decode() - m = vendor_re.search(value) -- dev["vendor_id"] = m.group(1) if m else None -+ dev["vendor_id"] = int(m.group(1), 16) if m else None - - m = product_re.search(value) -- dev["product_id"] = m.group(1) if m else None -+ dev["product_id"] = int(m.group(1), 16) if m else None - - m = sernum_re.search(value) - dev["serial_number"] = m.group(1) if m else None -@@ -126,7 +163,49 @@ def _enumerate(): - yield dev - - -+def get_hidraw_descriptor(path): -+ with open(path, "rb") as f: -+ # Read VID, PID -+ buf = array("B", [0] * (4 + 2 + 2)) -+ fcntl.ioctl(f, HIDIOCGRAWINFO, buf, True) -+ _, vid, pid = struct.unpack("<IHH", buf) -+ -+ # FreeBSD's hidraw(4) does not return string length for -+ # HIDIOCGRAWNAME and HIDIOCGRAWUNIQ, see https://reviews.freebsd.org/D35233 -+ -+ # Read product -+ buf = array("B", [0] * 129) -+ fcntl.ioctl(f, HIDIOCGRAWNAME_128, buf, True) -+ length = buf.index(0) + 1 # emulate ioctl return value -+ name = bytearray(buf[: (length - 1)]).decode("utf-8") if length > 1 else None -+ -+ # Read unique ID -+ try: -+ buf = array("B", [0] * 65) -+ fcntl.ioctl(f, HIDIOCGRAWUNIQ_64, buf, True) -+ length = buf.index(0) + 1 # emulate ioctl return value -+ serial = ( -+ bytearray(buf[: (length - 1)]).decode("utf-8") if length > 1 else None -+ ) -+ except OSError: -+ serial = None -+ -+ # Read report descriptor -+ buf = array("B", [0] * 4) -+ fcntl.ioctl(f, HIDIOCGRDESCSIZE, buf, True) -+ size = struct.unpack("<I", buf)[0] -+ buf += array("B", [0] * size) -+ fcntl.ioctl(f, HIDIOCGRDESC, buf, True) -+ -+ data = bytearray(buf[4:]) -+ max_in_size, max_out_size = parse_report_descriptor(data) -+ return HidDescriptor(path, vid, pid, max_in_size, max_out_size, name, serial) -+ -+ - def get_descriptor(path): -+ if path.find(devdir + "hidraw") == 0: -+ return get_hidraw_descriptor(path) -+ - for dev in _enumerate(): - if dev["path"] == path: - vid = dev["vendor_id"] -@@ -137,21 +216,50 @@ def get_descriptor(path): - raise ValueError("Device not found") - - -+# Cache for continuously failing devices -+_failed_cache: Set[str] = set() -+ -+ - def list_descriptors(): -+ stale = set(_failed_cache) - descriptors = [] -- for dev in _enumerate(): -+ for hidraw in glob.glob(devdir + "hidraw?*"): -+ stale.discard(hidraw) - try: -- name = dev["product_desc"] or None -- serial = (dev["serial_number"] if "serial_number" in dev else None) or None -- descriptors.append( -- _read_descriptor( -- dev["vendor_id"], dev["product_id"], name, serial, dev["path"], -- ) -- ) -- logger.debug("Found CTAP device: %s", dev["path"]) -+ descriptors.append(get_descriptor(hidraw)) - except ValueError: - pass # Not a CTAP device, ignore -- except Exception as e: -- logger.debug("Failed opening HID device", exc_info=e) -+ except Exception: -+ if hidraw not in _failed_cache: -+ logger.debug("Failed opening device %s", hidraw, exc_info=True) -+ _failed_cache.add(hidraw) -+ -+ if not descriptors: -+ for dev in _enumerate(): -+ path = dev["path"] -+ stale.discard(path) -+ try: -+ name = dev["product_desc"] or None -+ serial = ( -+ dev["serial_number"] if "serial_number" in dev else None -+ ) or None -+ descriptors.append( -+ _read_descriptor( -+ dev["vendor_id"], -+ dev["product_id"], -+ name, -+ serial, -+ path, -+ ) -+ ) -+ except ValueError: -+ pass # Not a CTAP device, ignore -+ except Exception: -+ if path not in _failed_cache: -+ logger.debug("Failed opening HID device %s", path, exc_info=True) -+ _failed_cache.add(path) -+ -+ # Remove entries from the cache that were not seen -+ _failed_cache.difference_update(stale) - - return descriptors
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202206092320.259NKh8C052523>