Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 12 Mar 2023 08:48:28 GMT
From:      Felix Palmen <zirias@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: f482d5d27c1a - main - security/py-cryptography: Fix runtime /w libressl
Message-ID:  <202303120848.32C8mSj4066479@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch main has been updated by zirias:

URL: https://cgit.FreeBSD.org/ports/commit/?id=f482d5d27c1afbbc3b9ed65d31c7eba92fe04393

commit f482d5d27c1afbbc3b9ed65d31c7eba92fe04393
Author:     Felix Palmen <zirias@FreeBSD.org>
AuthorDate: 2023-02-25 06:52:40 +0000
Commit:     Felix Palmen <zirias@FreeBSD.org>
CommitDate: 2023-03-12 08:47:06 +0000

    security/py-cryptography: Fix runtime /w libressl
    
    When built with LibreSSL, a few symbols were missing, so consumers
    failed at runtime.
    
    PR:                     269705
    Approved by:            sunpoet (maintainer, timeout)
    Approved by:            tcberner (mentor, implicit: libressl)
    Differential Revision:  https://reviews.freebsd.org/D38765
---
 security/py-cryptography/Makefile               |  1 +
 security/py-cryptography/files/patch-libressl35 | 41 ++++++++++++++++++-------
 2 files changed, 31 insertions(+), 11 deletions(-)

diff --git a/security/py-cryptography/Makefile b/security/py-cryptography/Makefile
index 64b8cb08caea..8f06002fbf3c 100644
--- a/security/py-cryptography/Makefile
+++ b/security/py-cryptography/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=	cryptography
 PORTVERSION=	3.4.8
+PORTREVISION=	1
 PORTEPOCH=	1
 CATEGORIES=	security python
 MASTER_SITES=	PYPI
diff --git a/security/py-cryptography/files/patch-libressl35 b/security/py-cryptography/files/patch-libressl35
index d0b7d798dc7a..84c9f44a3350 100644
--- a/security/py-cryptography/files/patch-libressl35
+++ b/security/py-cryptography/files/patch-libressl35
@@ -144,6 +144,30 @@
  
  /* These functions were added in OpenSSL 1.1.0f commit d0c50e80a8 */
  /* Define our own to simplify support across all versions. */
+--- src/_cffi_src/openssl/evp.py.orig	2023-02-24 07:28:50 UTC
++++ src/_cffi_src/openssl/evp.py
+@@ -203,7 +203,20 @@ int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, cons
+                                       size_t) = NULL;
+ #endif
+ 
+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
++#if CRYPTOGRAPHY_IS_LIBRESSL
++static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1;
++static const long Cryptography_HAS_RAW_KEY = 0;
++static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0;
++int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL;
++EVP_PKEY *(*EVP_PKEY_new_raw_private_key)(int, ENGINE *, const unsigned char *,
++                                       size_t) = NULL;
++EVP_PKEY *(*EVP_PKEY_new_raw_public_key)(int, ENGINE *, const unsigned char *,
++                                      size_t) = NULL;
++int (*EVP_PKEY_get_raw_private_key)(const EVP_PKEY *, unsigned char *,
++                                    size_t *) = NULL;
++int (*EVP_PKEY_get_raw_public_key)(const EVP_PKEY *, unsigned char *,
++                                   size_t *) = NULL;
++#elif CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
+ static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 0;
+ static const long Cryptography_HAS_RAW_KEY = 0;
+ static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0;
 --- src/_cffi_src/openssl/fips.py.orig	2022-10-17 11:12:47 UTC
 +++ src/_cffi_src/openssl/fips.py
 @@ -17,11 +17,5 @@ int FIPS_mode(void);
@@ -246,20 +270,15 @@
  
  #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
  static const long Cryptography_HAS_KEYLOG = 0;
-@@ -583,13 +578,6 @@ static const long Cryptography_HAS_TLS_ST = 1;
- static const long Cryptography_HAS_TLS_ST = 0;
- static const long TLS_ST_BEFORE = 0;
- static const long TLS_ST_OK = 0;
--#endif
--
--#if CRYPTOGRAPHY_IS_LIBRESSL
+@@ -586,8 +581,6 @@ static const long Cryptography_HAS_TLS_ST = 1;
+ #endif
+ 
+ #if CRYPTOGRAPHY_IS_LIBRESSL
 -static const long SSL_OP_NO_DTLSv1 = 0;
 -static const long SSL_OP_NO_DTLSv1_2 = 0;
--long (*DTLS_set_link_mtu)(SSL *, long) = NULL;
--long (*DTLS_get_link_min_mtu)(SSL *) = NULL;
+ long (*DTLS_set_link_mtu)(SSL *, long) = NULL;
+ long (*DTLS_get_link_min_mtu)(SSL *) = NULL;
  #endif
- 
- static const long Cryptography_HAS_DTLS = 1;
 --- src/_cffi_src/openssl/x509.py.orig	2022-10-17 11:26:23 UTC
 +++ src/_cffi_src/openssl/x509.py
 @@ -276,33 +276,8 @@ void X509_REQ_get0_signature(const X509_REQ *, const A



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202303120848.32C8mSj4066479>