From owner-svn-ports-head@freebsd.org Thu Feb 25 13:32:27 2021 Return-Path: Delivered-To: svn-ports-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 046CB563435; Thu, 25 Feb 2021 13:32:27 +0000 (UTC) (envelope-from fluffy@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DmYcV6mspz4k9r; Thu, 25 Feb 2021 13:32:26 +0000 (UTC) (envelope-from fluffy@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DB7891863D; Thu, 25 Feb 2021 13:32:26 +0000 (UTC) (envelope-from fluffy@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 11PDWQe2091161; Thu, 25 Feb 2021 13:32:26 GMT (envelope-from fluffy@FreeBSD.org) Received: (from fluffy@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 11PDWPTr091156; Thu, 25 Feb 2021 13:32:25 GMT (envelope-from fluffy@FreeBSD.org) Message-Id: <202102251332.11PDWPTr091156@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: fluffy set sender to fluffy@FreeBSD.org using -f From: Dima Panov Date: Thu, 25 Feb 2021 13:32:25 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r566534 - in head/security: py-cryptography py-openssl X-SVN-Group: ports-head X-SVN-Commit-Author: fluffy X-SVN-Commit-Paths: in head/security: py-cryptography py-openssl X-SVN-Commit-Revision: 566534 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Feb 2021 13:32:27 -0000 Author: fluffy Date: Thu Feb 25 13:32:25 2021 New Revision: 566534 URL: https://svnweb.freebsd.org/changeset/ports/566534 Log: security/py-openssl: unbreak run for consumers Partially revert r566075 to previous py-openssl release only for ${OSVERSION} < 1200085 and base OpenSSL 1.0.2 with PORTEPOCH bump This step is needed because since 20.0 release py-openssl have dropped off support for openssl < 1.1.0 which still in base fo FreeBSD 11.4+ branch Due to dependency on recent cryptography, bump py-cryptography to 3.3.2 release under same conditions as py-openssl. 3.3.2 was last release which not requred Rust to build With hat: ports-secteam Pointy hat to: sbz (for skip dependencies verification and no reaction to complains) Reported by: many via ML Modified: head/security/py-cryptography/Makefile head/security/py-cryptography/distinfo head/security/py-openssl/Makefile head/security/py-openssl/distinfo Modified: head/security/py-cryptography/Makefile ============================================================================== --- head/security/py-cryptography/Makefile Thu Feb 25 12:51:30 2021 (r566533) +++ head/security/py-cryptography/Makefile Thu Feb 25 13:32:25 2021 (r566534) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= cryptography -PORTVERSION= 2.9.2 +PORTVERSION= 3.3.2 CATEGORIES= security python MASTER_SITES= CHEESESHOP PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -43,10 +43,14 @@ TEST_ENV= PYTHONPATH=${STAGEDIR}${PYTHONPREFIX_SITELIB # This has been fixed in 3.0-23-g241f8450 of security/py-cryptography and to be # clear: It isn't a security fix but rather a workaround to handle unnamed but # really named curves with OpenSSL 1.0.2t/u . + +# We need to keep old py-cryptography and py-openssl for 11.x release +# due to outdated OpenSSL version in base .if ${OPSYS} == FreeBSD && ${SSL_DEFAULT} == "base" . if ${OSVERSION} >= 1103500 && ${OSVERSION} < 1200085 # 1103500 352193 2019-09-10 11.3-STABLE got OpenSSL 1.0.2t # 1200085 339270 2018-10-19 12.0-STABLE got OpenSSL 1.1.1 +PORTVERSION= 2.9.2 EXTRA_PATCHES= ${PATCHDIR}/openssl102u . endif .endif Modified: head/security/py-cryptography/distinfo ============================================================================== --- head/security/py-cryptography/distinfo Thu Feb 25 12:51:30 2021 (r566533) +++ head/security/py-cryptography/distinfo Thu Feb 25 13:32:25 2021 (r566534) @@ -1,3 +1,5 @@ -TIMESTAMP = 1596263213 +TIMESTAMP = 1614253508 SHA256 (cryptography-2.9.2.tar.gz) = a0c30272fb4ddda5f5ffc1089d7405b7a71b0b0f51993cb4e5dbb4590b2fc229 SIZE (cryptography-2.9.2.tar.gz) = 517571 +SHA256 (cryptography-3.3.2.tar.gz) = 5a60d3780149e13b7a6ff7ad6526b38846354d11a15e21068e57073e29e19bed +SIZE (cryptography-3.3.2.tar.gz) = 539883 Modified: head/security/py-openssl/Makefile ============================================================================== --- head/security/py-openssl/Makefile Thu Feb 25 12:51:30 2021 (r566533) +++ head/security/py-openssl/Makefile Thu Feb 25 13:32:25 2021 (r566534) @@ -29,6 +29,21 @@ NO_ARCH= yes CPE_VENDOR= jean-paul_calderone CPE_PRODUCT= py${PORTNAME} +# Use options.mk to use OSVERSION and handle redefine PORTEPOCH +.include + +# We need to keep old py-cryptography and py-penssl for 11.x release +# due to outdated OpenSSL version in base +.if ${OPSYS} == FreeBSD && ${SSL_DEFAULT} == "base" +. if ${OSVERSION} >= 1103500 && ${OSVERSION} < 1200085 +# 1103500 352193 2019-09-10 11.3-STABLE got OpenSSL 1.0.2t +# 1200085 339270 2018-10-19 12.0-STABLE got OpenSSL 1.1.1 +#.sinclude "${.CURDIR}/Makefile.${OPSYS}-${OSREL:R}" +PORTVERSION= 19.1.0 +PORTEPOCH= 1 +. endif +.endif + # These tests will be skipped due the following reasons: # # * test_connect_refused: Avoid stalling in build environments that don't have Modified: head/security/py-openssl/distinfo ============================================================================== --- head/security/py-openssl/distinfo Thu Feb 25 12:51:30 2021 (r566533) +++ head/security/py-openssl/distinfo Thu Feb 25 13:32:25 2021 (r566534) @@ -1,3 +1,5 @@ TIMESTAMP = 1613747780 +SHA256 (pyOpenSSL-19.1.0.tar.gz) = 9a24494b2602aaf402be5c9e30a0b82d4a5c67528fe8fb475e3f3bc00dd69507 +SIZE (pyOpenSSL-19.1.0.tar.gz) = 160510 SHA256 (pyOpenSSL-20.0.1.tar.gz) = 4c231c759543ba02560fcd2480c48dcec4dae34c9da7d3747c508227e0624b51 SIZE (pyOpenSSL-20.0.1.tar.gz) = 173736