From owner-svn-ports-all@freebsd.org Thu Dec 8 17:08:56 2016 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AE03EC6DD98; Thu, 8 Dec 2016 17:08:56 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7D64E1569; Thu, 8 Dec 2016 17:08:56 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id uB8H8tOR059148; Thu, 8 Dec 2016 17:08:55 GMT (envelope-from feld@FreeBSD.org) Received: (from feld@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id uB8H8tlP059147; Thu, 8 Dec 2016 17:08:55 GMT (envelope-from feld@FreeBSD.org) Message-Id: <201612081708.uB8H8tlP059147@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: feld set sender to feld@FreeBSD.org using -f From: Mark Felder Date: Thu, 8 Dec 2016 17:08:55 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r428139 - branches/2016Q4/security/py-cryptography X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2016 17:08:56 -0000 Author: feld Date: Thu Dec 8 17:08:55 2016 New Revision: 428139 URL: https://svnweb.freebsd.org/changeset/ports/428139 Log: MFH: r428138 security/py-pycryptography: Fix build on FreeBSD 9.3 Modern py-cryptography requires a more modern OpenSSL. This switch to requiring OpenSSL from ports is a disruptive change, but it will protect these users from the recently patched vulnerabilites. Support for OpenSSL 0.9.8 was removed in pycryptography as of version 1.4. The last release to support OpenSSL 0.9.8 was 1.3.4 which is still vulnerable to the HDKF key generation bug. It appears that version 1.4 did build successfully on FreeBSD 9.3, but upstream had abandoned support for OpenSSL 0.9.8 at that point so it is unclear if it was fully functional. PR: 214915 Approved by: ports-secteam (with hat) Modified: branches/2016Q4/security/py-cryptography/Makefile Directory Properties: branches/2016Q4/ (props changed) Modified: branches/2016Q4/security/py-cryptography/Makefile ============================================================================== --- branches/2016Q4/security/py-cryptography/Makefile Thu Dec 8 17:07:22 2016 (r428138) +++ branches/2016Q4/security/py-cryptography/Makefile Thu Dec 8 17:08:55 2016 (r428139) @@ -27,6 +27,11 @@ USE_PYTHON= autoplist distutils CFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} +# Modern py-cyptography requires newer OpenSSL +.if ${OSVERSION} < 1000000 +WITH_OPENSSL_PORT= yes +.endif + .include .if ${PYTHON_REL} < 3300