From owner-svn-ports-head@freebsd.org Thu Dec 8 17:07:24 2016 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2FB53C6DCD7; Thu, 8 Dec 2016 17:07:24 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EE4551398; Thu, 8 Dec 2016 17:07:23 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id uB8H7NMt058922; Thu, 8 Dec 2016 17:07:23 GMT (envelope-from feld@FreeBSD.org) Received: (from feld@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id uB8H7Ntk058921; Thu, 8 Dec 2016 17:07:23 GMT (envelope-from feld@FreeBSD.org) Message-Id: <201612081707.uB8H7Ntk058921@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: feld set sender to feld@FreeBSD.org using -f From: Mark Felder Date: Thu, 8 Dec 2016 17:07:23 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r428138 - head/security/py-cryptography X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2016 17:07:24 -0000 Author: feld Date: Thu Dec 8 17:07:22 2016 New Revision: 428138 URL: https://svnweb.freebsd.org/changeset/ports/428138 Log: security/py-pycryptography: Fix build on FreeBSD 9.3 Modern py-cryptography requires a more modern OpenSSL. This switch to requiring OpenSSL from ports is a disruptive change, but it will protect these users from the recently patched vulnerabilites. Support for OpenSSL 0.9.8 was removed in pycryptography as of version 1.4. The last release to support OpenSSL 0.9.8 was 1.3.4 which is still vulnerable to the HDKF key generation bug. It appears that version 1.4 did build successfully on FreeBSD 9.3, but upstream had abandoned support for OpenSSL 0.9.8 at that point so it is unclear if it was fully functional. PR: 214915 MFH: 2016Q4 Modified: head/security/py-cryptography/Makefile Modified: head/security/py-cryptography/Makefile ============================================================================== --- head/security/py-cryptography/Makefile Thu Dec 8 17:05:45 2016 (r428137) +++ head/security/py-cryptography/Makefile Thu Dec 8 17:07:22 2016 (r428138) @@ -27,6 +27,11 @@ USE_PYTHON= autoplist distutils CFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} +# Modern py-cyptography requires newer OpenSSL +.if ${OSVERSION} < 1000000 +WITH_OPENSSL_PORT= yes +.endif + .include .if ${PYTHON_REL} < 3300