Date: Mon, 27 Mar 2023 22:04:17 +0800 From: Po-Chuan Hsieh <sunpoet@sunpoet.net> To: Felix Palmen <zirias@freebsd.org> Cc: ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Subject: Re: git: f482d5d27c1a - main - security/py-cryptography: Fix runtime /w libressl Message-ID: <CAMHz58TwvdzawnL%2B5sXfLcidTerWpAXbs3YDQz%2BR-=tE6Amh4w@mail.gmail.com> In-Reply-To: <202303120848.32C8mSj4066479@gitrepo.freebsd.org> References: <202303120848.32C8mSj4066479@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--0000000000003e79f605f7e23a81 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sun, Mar 12, 2023 at 4:48=E2=80=AFPM Felix Palmen <zirias@freebsd.org> w= rote: > The branch main has been updated by zirias: > > URL: > https://cgit.FreeBSD.org/ports/commit/?id=3Df482d5d27c1afbbc3b9ed65d31c7e= ba92fe04393 > > commit f482d5d27c1afbbc3b9ed65d31c7eba92fe04393 > Author: Felix Palmen <zirias@FreeBSD.org> > AuthorDate: 2023-02-25 06:52:40 +0000 > Commit: Felix Palmen <zirias@FreeBSD.org> > CommitDate: 2023-03-12 08:47:06 +0000 > > security/py-cryptography: Fix runtime /w libressl > > When built with LibreSSL, a few symbols were missing, so consumers > failed at runtime. > > PR: 269705 > Approved by: sunpoet (maintainer, timeout) > To be clear, there is no maintainer timeout on Phabricator. And I'm OK with LibreSSL fixes. > Approved by: tcberner (mentor, implicit: libressl) > Differential Revision: https://reviews.freebsd.org/D38765 > --- > security/py-cryptography/Makefile | 1 + > security/py-cryptography/files/patch-libressl35 | 41 > ++++++++++++++++++------- > 2 files changed, 31 insertions(+), 11 deletions(-) > > diff --git a/security/py-cryptography/Makefile > b/security/py-cryptography/Makefile > index 64b8cb08caea..8f06002fbf3c 100644 > --- a/security/py-cryptography/Makefile > +++ b/security/py-cryptography/Makefile > @@ -1,5 +1,6 @@ > PORTNAME=3D cryptography > PORTVERSION=3D 3.4.8 > +PORTREVISION=3D 1 > PORTEPOCH=3D 1 > CATEGORIES=3D security python > MASTER_SITES=3D PYPI > diff --git a/security/py-cryptography/files/patch-libressl35 > b/security/py-cryptography/files/patch-libressl35 > index d0b7d798dc7a..84c9f44a3350 100644 > --- a/security/py-cryptography/files/patch-libressl35 > +++ b/security/py-cryptography/files/patch-libressl35 > @@ -144,6 +144,30 @@ > > /* These functions were added in OpenSSL 1.1.0f commit d0c50e80a8 */ > /* Define our own to simplify support across all versions. */ > +--- src/_cffi_src/openssl/evp.py.orig 2023-02-24 07:28:50 UTC > ++++ src/_cffi_src/openssl/evp.py > +@@ -203,7 +203,20 @@ int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, > cons > + size_t) =3D NULL; > + #endif > + > +-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 > ++#if CRYPTOGRAPHY_IS_LIBRESSL > ++static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY =3D 1= ; > ++static const long Cryptography_HAS_RAW_KEY =3D 0; > ++static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF =3D 0; > ++int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) =3D NU= LL; > ++EVP_PKEY *(*EVP_PKEY_new_raw_private_key)(int, ENGINE *, const unsigned > char *, > ++ size_t) =3D NULL; > ++EVP_PKEY *(*EVP_PKEY_new_raw_public_key)(int, ENGINE *, const unsigned > char *, > ++ size_t) =3D NULL; > ++int (*EVP_PKEY_get_raw_private_key)(const EVP_PKEY *, unsigned char *, > ++ size_t *) =3D NULL; > ++int (*EVP_PKEY_get_raw_public_key)(const EVP_PKEY *, unsigned char *, > ++ size_t *) =3D NULL; > ++#elif CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 > + static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY =3D 0= ; > + static const long Cryptography_HAS_RAW_KEY =3D 0; > + static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF =3D 0; > --- src/_cffi_src/openssl/fips.py.orig 2022-10-17 11:12:47 UTC > +++ src/_cffi_src/openssl/fips.py > @@ -17,11 +17,5 @@ int FIPS_mode(void); > @@ -246,20 +270,15 @@ > > #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 > static const long Cryptography_HAS_KEYLOG =3D 0; > -@@ -583,13 +578,6 @@ static const long Cryptography_HAS_TLS_ST =3D 1; > - static const long Cryptography_HAS_TLS_ST =3D 0; > - static const long TLS_ST_BEFORE =3D 0; > - static const long TLS_ST_OK =3D 0; > --#endif > -- > --#if CRYPTOGRAPHY_IS_LIBRESSL > +@@ -586,8 +581,6 @@ static const long Cryptography_HAS_TLS_ST =3D 1; > + #endif > + > + #if CRYPTOGRAPHY_IS_LIBRESSL > -static const long SSL_OP_NO_DTLSv1 =3D 0; > -static const long SSL_OP_NO_DTLSv1_2 =3D 0; > --long (*DTLS_set_link_mtu)(SSL *, long) =3D NULL; > --long (*DTLS_get_link_min_mtu)(SSL *) =3D NULL; > + long (*DTLS_set_link_mtu)(SSL *, long) =3D NULL; > + long (*DTLS_get_link_min_mtu)(SSL *) =3D NULL; > #endif > - > - static const long Cryptography_HAS_DTLS =3D 1; > --- src/_cffi_src/openssl/x509.py.orig 2022-10-17 11:26:23 UTC > +++ src/_cffi_src/openssl/x509.py > @@ -276,33 +276,8 @@ void X509_REQ_get0_signature(const X509_REQ *, cons= t > A > > --0000000000003e79f605f7e23a81 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div dir=3D"ltr">On Sun, Mar 12, 2023 at 4:48=E2=80=AFPM F= elix Palmen <<a href=3D"mailto:zirias@freebsd.org" target=3D"_blank">zir= ias@freebsd.org</a>> wrote:<br></div><div class=3D"gmail_quote"><blockqu= ote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px= solid rgb(204,204,204);padding-left:1ex">The branch main has been updated = by zirias:<br> <br> URL: <a href=3D"https://cgit.FreeBSD.org/ports/commit/?id=3Df482d5d27c1afbb= c3b9ed65d31c7eba92fe04393" rel=3D"noreferrer" target=3D"_blank">https://cgi= t.FreeBSD.org/ports/commit/?id=3Df482d5d27c1afbbc3b9ed65d31c7eba92fe04393</= a><br> <br> commit f482d5d27c1afbbc3b9ed65d31c7eba92fe04393<br> Author:=C2=A0 =C2=A0 =C2=A0Felix Palmen <zirias@FreeBSD.org><br> AuthorDate: 2023-02-25 06:52:40 +0000<br> Commit:=C2=A0 =C2=A0 =C2=A0Felix Palmen <zirias@FreeBSD.org><br> CommitDate: 2023-03-12 08:47:06 +0000<br> <br> =C2=A0 =C2=A0 security/py-cryptography: Fix runtime /w libressl<br> <br> =C2=A0 =C2=A0 When built with LibreSSL, a few symbols were missing, so cons= umers<br> =C2=A0 =C2=A0 failed at runtime.<br> <br> =C2=A0 =C2=A0 PR:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0269705<br> =C2=A0 =C2=A0 Approved by:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 sunpoet= (maintainer, timeout)<br></blockquote><div><br></div><div>To be clear, the= re is no maintainer timeout on Phabricator.</div><div>And I'm OK with L= ibreSSL fixes.</div><div>=C2=A0</div><blockquote class=3D"gmail_quote" styl= e=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);paddin= g-left:1ex"> =C2=A0 =C2=A0 Approved by:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 tcberne= r (mentor, implicit: libressl)<br> =C2=A0 =C2=A0 Differential Revision:=C2=A0 <a href=3D"https://reviews.freeb= sd.org/D38765" rel=3D"noreferrer" target=3D"_blank">https://reviews.freebsd= .org/D38765</a><br> ---<br> =C2=A0security/py-cryptography/Makefile=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0|=C2=A0 1 +<br> =C2=A0security/py-cryptography/files/patch-libressl35 | 41 ++++++++++++++++= ++-------<br> =C2=A02 files changed, 31 insertions(+), 11 deletions(-)<br> <br> diff --git a/security/py-cryptography/Makefile b/security/py-cryptography/M= akefile<br> index 64b8cb08caea..8f06002fbf3c 100644<br> --- a/security/py-cryptography/Makefile<br> +++ b/security/py-cryptography/Makefile<br> @@ -1,5 +1,6 @@<br> =C2=A0PORTNAME=3D=C2=A0 =C2=A0 =C2=A0 cryptography<br> =C2=A0PORTVERSION=3D=C2=A0 =C2=A03.4.8<br> +PORTREVISION=3D=C2=A0 1<br> =C2=A0PORTEPOCH=3D=C2=A0 =C2=A0 =C2=A01<br> =C2=A0CATEGORIES=3D=C2=A0 =C2=A0 security python<br> =C2=A0MASTER_SITES=3D=C2=A0 PYPI<br> diff --git a/security/py-cryptography/files/patch-libressl35 b/security/py-= cryptography/files/patch-libressl35<br> index d0b7d798dc7a..84c9f44a3350 100644<br> --- a/security/py-cryptography/files/patch-libressl35<br> +++ b/security/py-cryptography/files/patch-libressl35<br> @@ -144,6 +144,30 @@<br> <br> =C2=A0 /* These functions were added in OpenSSL 1.1.0f commit d0c50e80a8 */= <br> =C2=A0 /* Define our own to simplify support across all versions. */<br> +--- src/_cffi_src/openssl/evp.py.orig=C2=A0 2023-02-24 07:28:50 UTC<br> ++++ src/_cffi_src/openssl/evp.py<br> +@@ -203,7 +203,20 @@ int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, con= s<br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0size_t) = =3D NULL;<br> + #endif<br> + <br> +-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111<br> ++#if CRYPTOGRAPHY_IS_LIBRESSL<br> ++static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY =3D 1;<= br> ++static const long Cryptography_HAS_RAW_KEY =3D 0;<br> ++static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF =3D 0;<br> ++int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) =3D NULL= ;<br> ++EVP_PKEY *(*EVP_PKEY_new_raw_private_key)(int, ENGINE *, const unsigned c= har *,<br> ++=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0size_t) = =3D NULL;<br> ++EVP_PKEY *(*EVP_PKEY_new_raw_public_key)(int, ENGINE *, const unsigned ch= ar *,<br> ++=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 size_t) =3D NUL= L;<br> ++int (*EVP_PKEY_get_raw_private_key)(const EVP_PKEY *, unsigned char *,<br= > ++=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 size_t *) =3D NULL;<br= > ++int (*EVP_PKEY_get_raw_public_key)(const EVP_PKEY *, unsigned char *,<br> ++=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0size_t *) =3D NULL;<br> ++#elif CRYPTOGRAPHY_OPENSSL_LESS_THAN_111<br> + static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY =3D 0;<= br> + static const long Cryptography_HAS_RAW_KEY =3D 0;<br> + static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF =3D 0;<br> =C2=A0--- src/_cffi_src/openssl/fips.py.orig 2022-10-17 11:12:47 UTC<br> =C2=A0+++ src/_cffi_src/openssl/fips.py<br> =C2=A0@@ -17,11 +17,5 @@ int FIPS_mode(void);<br> @@ -246,20 +270,15 @@<br> <br> =C2=A0 #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111<br> =C2=A0 static const long Cryptography_HAS_KEYLOG =3D 0;<br> -@@ -583,13 +578,6 @@ static const long Cryptography_HAS_TLS_ST =3D 1;<br> - static const long Cryptography_HAS_TLS_ST =3D 0;<br> - static const long TLS_ST_BEFORE =3D 0;<br> - static const long TLS_ST_OK =3D 0;<br> --#endif<br> --<br> --#if CRYPTOGRAPHY_IS_LIBRESSL<br> +@@ -586,8 +581,6 @@ static const long Cryptography_HAS_TLS_ST =3D 1;<br> + #endif<br> + <br> + #if CRYPTOGRAPHY_IS_LIBRESSL<br> =C2=A0-static const long SSL_OP_NO_DTLSv1 =3D 0;<br> =C2=A0-static const long SSL_OP_NO_DTLSv1_2 =3D 0;<br> --long (*DTLS_set_link_mtu)(SSL *, long) =3D NULL;<br> --long (*DTLS_get_link_min_mtu)(SSL *) =3D NULL;<br> + long (*DTLS_set_link_mtu)(SSL *, long) =3D NULL;<br> + long (*DTLS_get_link_min_mtu)(SSL *) =3D NULL;<br> =C2=A0 #endif<br> - <br> - static const long Cryptography_HAS_DTLS =3D 1;<br> =C2=A0--- src/_cffi_src/openssl/x509.py.orig 2022-10-17 11:26:23 UTC<br> =C2=A0+++ src/_cffi_src/openssl/x509.py<br> =C2=A0@@ -276,33 +276,8 @@ void X509_REQ_get0_signature(const X509_REQ *, c= onst A<br> <br> </blockquote></div></div> --0000000000003e79f605f7e23a81--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAMHz58TwvdzawnL%2B5sXfLcidTerWpAXbs3YDQz%2BR-=tE6Amh4w>