From nobody Fri Oct 14 13:45:38 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Mpnhf71hTz4fVZq; Fri, 14 Oct 2022 13:45:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Mpnhf6QJyz40Rg; Fri, 14 Oct 2022 13:45:38 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1665755138; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=83lLxnYEVOvf9JQGybOWlMKUmbyBgi3meYX1bzFCCww=; b=kPShEyQ0LWU4lVnPc9KzdF0CRvg0idtrpWM8San6QCgnWYnbkGGn4yFAAT09/5ZwHx/kNK zeRF0uJZU0JZetoO0QKhSXXz09SZ7si8QkYlNsb2S3p5yFp6HGItmnfPYLjkzc8Nx6ee7l 2pX4fVLN0Rel63GBBCvH+v35ryv6F48dIVUQhQ9uijAHj91ZPxRBJArNRcncZ0JBXMFR3S ymx700cJ4KS4zQnpMv7oCru4XDITTBhaS9TqMW4E0cAjf+C7uDDCr50SUK9nCKHTwL+UH7 Ytp5wDXKPRJb8nkm2SDuw/rQn4u5MrLBIbu89kZc+rCbfOKGJy+KyWfOi+F2JA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Mpnhf5RP5zndr; Fri, 14 Oct 2022 13:45:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 29EDjc1G064438; Fri, 14 Oct 2022 13:45:38 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 29EDjcYs064437; Fri, 14 Oct 2022 13:45:38 GMT (envelope-from git) Date: Fri, 14 Oct 2022 13:45:38 GMT Message-Id: <202210141345.29EDjcYs064437@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: "Tobias C. Berner" Subject: git: ed4bec1e0139 - main - security/py-cryptography: revert Update to 38.0.1 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tcberner X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: ed4bec1e01390965296c2f510e87de9ccf8cef63 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1665755138; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=83lLxnYEVOvf9JQGybOWlMKUmbyBgi3meYX1bzFCCww=; b=r0uGFIqazpaBpBwKXW7MFRrSd8t2ZSPdrPzjRZR4LbUwXOcxDoRqEyi2wJzpeoZW9mn6Fz rMExF/B5cC2nMHlLXhxaRWGmACzlcc5tkscjfSzCzNRMEe0sWeFbRajtgVorfaLpAFC8FA WtkeuO9xlcBcpBpxnQwK6Qpsj6X227zErFG4EKwARLDpTS37xvxKTUhJritWEwkIHohNtF zTJjSlDn4ukXp8JcDmNv4es9AivjbUGF+byZhLlcLg+pK4I+HNoiMEl5lss0i76S5CpE5x fkYfEQWHA/kc795SU6c+2Vi4nVIoLQR0jwTjZEsx4r8hSpyTsCAgiMXPJovWzw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1665755138; a=rsa-sha256; cv=none; b=x7WtIvqH5KyrmWuREyUOXHj/3cCfyi7wed7Z58AVcZEQNTH7qPLS+GyDHzTMM5FaO3o+44 pHWPZKxEbVcalShQP6dNHzXlZftqbKQCEvjkqaK8c73V/wa+ioinN+LK5OV1sVyB/s6Cjm XiAmU/KA49zFKETGjLmehGmJI9900C/znTyT8mrvGMmw1vh9m8qZLZPlCgRssr21ECmZO9 hXcfOLZK8/k7G2go1TEF0JGYRauLN7u94bUnovo5hLdtSJ36djnnNAepLqGfMucsvyq+yR rIpl3UT0VAqjAGUZNnwkthl0ENC+TllUsSdfBuHoxtGY8tKpMS4vLCItrVOpqw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by tcberner: URL: https://cgit.FreeBSD.org/ports/commit/?id=ed4bec1e01390965296c2f510e87de9ccf8cef63 commit ed4bec1e01390965296c2f510e87de9ccf8cef63 Author: Tobias C. Berner AuthorDate: 2022-10-14 13:38:20 +0000 Commit: Tobias C. Berner CommitDate: 2022-10-14 13:45:24 +0000 security/py-cryptography: revert Update to 38.0.1 This reverts commit f5711e95bcd17b154bdd697cb3f1650a788fdf3c. Revert due to multiple breakage reports. --- security/py-cryptography/Makefile | 8 +- security/py-cryptography/distinfo | 6 +- .../files/patch-Fix-build-with-LibreSSL-3.3.2-5988 | 62 ++++++++++++++ .../files/patch-Support-LibreSSL-3.4.0-6360 | 98 ++++++++++++++++++++++ security/py-cryptography/files/patch-setup.py | 57 +++++++------ 5 files changed, 195 insertions(+), 36 deletions(-) diff --git a/security/py-cryptography/Makefile b/security/py-cryptography/Makefile index e916d5950eb6..d46db25e295f 100644 --- a/security/py-cryptography/Makefile +++ b/security/py-cryptography/Makefile @@ -1,5 +1,6 @@ PORTNAME= cryptography -PORTVERSION= 38.0.1 +PORTVERSION= 3.4.8 +PORTEPOCH= 1 CATEGORIES= security python MASTER_SITES= CHEESESHOP PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -19,7 +20,6 @@ TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cryptography-vectors>=${PORTVERSION}:securi ${PYTHON_PKGNAMEPREFIX}hypothesis>=1.11.4:devel/py-hypothesis@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}iso8601>=0:devel/py-iso8601@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pretend>=0:devel/py-pretend@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}pytest-benchmark>=0:devel/py-pytest-benchmark@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pytest-cov>=0:devel/py-pytest-cov@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pytest-subtests>=0:devel/py-pytest-subtests@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pytest-xdist>=0,1:devel/py-pytest-xdist@${PY_FLAVOR} \ @@ -31,15 +31,15 @@ USE_PYTHON= autoplist concurrent distutils pytest CFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} +MAKE_ENV= CRYPTOGRAPHY_DONT_BUILD_RUST=1 TEST_ENV= PYTHONPATH=${STAGEDIR}${PYTHON_SITELIBDIR} CPE_VENDOR= cryptography_project .include -post-patch: - @${RM} -r ${WRKSRC}/src/rust/ .if ${CHOSEN_COMPILER_TYPE} == gcc && ${COMPILER_VERSION} <= 42 +post-patch: @${REINPLACE_CMD} -e 's|"-Wno-error=sign-conversion"||' ${WRKSRC}/src/_cffi_src/build_openssl.py .endif diff --git a/security/py-cryptography/distinfo b/security/py-cryptography/distinfo index 060da2afdcf9..cb800cc11b12 100644 --- a/security/py-cryptography/distinfo +++ b/security/py-cryptography/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1665073152 -SHA256 (cryptography-38.0.1.tar.gz) = 1db3d807a14931fa317f96435695d9ec386be7b84b618cc61cfa5d08b0ae33d7 -SIZE (cryptography-38.0.1.tar.gz) = 599412 +TIMESTAMP = 1652122693 +SHA256 (cryptography-3.4.8.tar.gz) = 94cc5ed4ceaefcbe5bf38c8fba6a21fc1d365bb8fb826ea1688e3370b2e24a1c +SIZE (cryptography-3.4.8.tar.gz) = 546907 diff --git a/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988 b/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988 new file mode 100644 index 000000000000..deb9c6408832 --- /dev/null +++ b/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988 @@ -0,0 +1,62 @@ +From 94590a9aecc9e5ef6fc8eda52bae43643a4c44bd Mon Sep 17 00:00:00 2001 +From: Charlie Li +Date: Mon, 19 Apr 2021 18:38:38 -0400 +Subject: [PATCH] Fix build with LibreSSL 3.3.2 (#5988) + +* LibreSSL 3.3.2 supports SSL_OP_NO_DTLS* + +While here, bump CI + +* Fix preprocessor guards for LibreSSL's SSL_OP_NO_DTLS* + +DTLS_set_link_mtu and DTLS_get_link_min_mtu are not part of 3.3.2 + +* Switch to LESS_THAN context for LibreSSL 3.3.2 + +While here, fix indents + +* Remove extra C variable declaration + +The variable is not actually used from Python +--- + .github/workflows/ci.yml | 2 +- + src/_cffi_src/openssl/cryptography.py | 7 +++++++ + src/_cffi_src/openssl/ssl.py | 2 ++ + 3 files changed, 10 insertions(+), 1 deletion(-) + +diff --git src/_cffi_src/openssl/cryptography.py src/_cffi_src/openssl/cryptography.py +index e2b5a132..b9c7a793 100644 +--- src/_cffi_src/openssl/cryptography.py ++++ src/_cffi_src/openssl/cryptography.py +@@ -32,6 +32,13 @@ INCLUDES = """ + #include + #endif + ++#if CRYPTOGRAPHY_IS_LIBRESSL ++#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 \ ++ (LIBRESSL_VERSION_NUMBER < 0x3030200f) ++#else ++#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 (0) ++#endif ++ + #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \ + (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL) + +diff --git src/_cffi_src/openssl/ssl.py src/_cffi_src/openssl/ssl.py +index 11a7d63a..081ef041 100644 +--- src/_cffi_src/openssl/ssl.py ++++ src/_cffi_src/openssl/ssl.py +@@ -586,8 +586,10 @@ static const long TLS_ST_OK = 0; + #endif + + #if CRYPTOGRAPHY_IS_LIBRESSL ++#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 + static const long SSL_OP_NO_DTLSv1 = 0; + static const long SSL_OP_NO_DTLSv1_2 = 0; ++#endif + long (*DTLS_set_link_mtu)(SSL *, long) = NULL; + long (*DTLS_get_link_min_mtu)(SSL *) = NULL; + #endif +-- +2.31.1 + diff --git a/security/py-cryptography/files/patch-Support-LibreSSL-3.4.0-6360 b/security/py-cryptography/files/patch-Support-LibreSSL-3.4.0-6360 new file mode 100644 index 000000000000..a8bb6dc6da43 --- /dev/null +++ b/security/py-cryptography/files/patch-Support-LibreSSL-3.4.0-6360 @@ -0,0 +1,98 @@ +From 7a341a5d3cb9380e77b0241b5198373ab6fc355e Mon Sep 17 00:00:00 2001 +From: Charlie Li +Date: Sun, 3 Oct 2021 00:20:31 -0400 +Subject: [PATCH] Support LibreSSL 3.4.0 (#6360) + +* Add LibreSSL 3.4.0 to CI + +* Add a LibreSSL 3.4.0 guard + +Since LibreSSL 3.4.0 makes most of the TLSv1.3 API available, redefine CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 to LibreSSL versions below 3.4.0. + +* DTLS_get_data_mtu does not exist in LibreSSL + +* Only EVP_Digest{Sign,Verify} exist in LibreSSL 3.4.0+ + +* SSL_CTX_{set,get}_keylog_callback does not exist in LibreSSL + +* Do not pollute CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 with LibreSSL + +While LibreSSL 3.4.0 supports more of TLSv1.3 API, the guard redefinition caused the X448 tests to run when not intended. +--- + .github/workflows/ci.yml | 6 ++++-- + src/_cffi_src/openssl/cryptography.py | 3 +++ + src/_cffi_src/openssl/evp.py | 15 ++++++++++----- + src/_cffi_src/openssl/ssl.py | 3 ++- + 4 files changed, 19 insertions(+), 8 deletions(-) + +diff --git src/_cffi_src/openssl/cryptography.py src/_cffi_src/openssl/cryptography.py +index 878d22d8..821ddc9f 100644 +--- src/_cffi_src/openssl/cryptography.py ++++ src/_cffi_src/openssl/cryptography.py +@@ -36,8 +36,11 @@ INCLUDES = """ + #if CRYPTOGRAPHY_IS_LIBRESSL + #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 \ + (LIBRESSL_VERSION_NUMBER < 0x3030200f) ++#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 \ ++ (LIBRESSL_VERSION_NUMBER < 0x3040000f) + #else + #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 (0) ++#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 (0) + #endif + + #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \ +diff --git src/_cffi_src/openssl/evp.py src/_cffi_src/openssl/evp.py +index ab7cfeb3..cad3339a 100644 +--- src/_cffi_src/openssl/evp.py ++++ src/_cffi_src/openssl/evp.py +@@ -203,15 +203,21 @@ int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, const unsigned char *, + size_t) = NULL; + #endif + +-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 ++#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 || \ ++ (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL) + static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 0; +-static const long Cryptography_HAS_RAW_KEY = 0; +-static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0; +-int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL; + int (*EVP_DigestSign)(EVP_MD_CTX *, unsigned char *, size_t *, + const unsigned char *tbs, size_t) = NULL; + int (*EVP_DigestVerify)(EVP_MD_CTX *, const unsigned char *, size_t, + const unsigned char *, size_t) = NULL; ++#else ++static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1; ++#endif ++ ++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 ++static const long Cryptography_HAS_RAW_KEY = 0; ++static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0; ++int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL; + EVP_PKEY *(*EVP_PKEY_new_raw_private_key)(int, ENGINE *, const unsigned char *, + size_t) = NULL; + EVP_PKEY *(*EVP_PKEY_new_raw_public_key)(int, ENGINE *, const unsigned char *, +@@ -221,7 +227,6 @@ int (*EVP_PKEY_get_raw_private_key)(const EVP_PKEY *, unsigned char *, + int (*EVP_PKEY_get_raw_public_key)(const EVP_PKEY *, unsigned char *, + size_t *) = NULL; + #else +-static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1; + static const long Cryptography_HAS_RAW_KEY = 1; + static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 1; + #endif +diff --git src/_cffi_src/openssl/ssl.py src/_cffi_src/openssl/ssl.py +index ca275e91..0830a463 100644 +--- src/_cffi_src/openssl/ssl.py ++++ src/_cffi_src/openssl/ssl.py +@@ -678,7 +678,8 @@ int (*SSL_set_tlsext_use_srtp)(SSL *, const char *) = NULL; + SRTP_PROTECTION_PROFILE * (*SSL_get_selected_srtp_profile)(SSL *) = NULL; + #endif + +-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 ++#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 || \ ++ (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL) + static const long Cryptography_HAS_TLSv1_3 = 0; + static const long SSL_OP_NO_TLSv1_3 = 0; + static const long SSL_VERIFY_POST_HANDSHAKE = 0; +-- +2.32.0 + diff --git a/security/py-cryptography/files/patch-setup.py b/security/py-cryptography/files/patch-setup.py index b0cfd33df0bc..7e15e74dffd4 100644 --- a/security/py-cryptography/files/patch-setup.py +++ b/security/py-cryptography/files/patch-setup.py @@ -1,8 +1,8 @@ ---- setup.py.orig 2022-09-07 12:20:58 UTC +--- setup.py.orig 2021-03-25 17:19:57 UTC +++ setup.py -@@ -13,23 +13,6 @@ import sys +@@ -10,23 +10,7 @@ import sys - from setuptools import setup + from setuptools import find_packages, setup -try: - from setuptools_rust import RustExtension @@ -12,7 +12,7 @@ - =============================DEBUG ASSISTANCE========================== - If you are seeing an error here please try the following to - successfully install cryptography: -- + - Upgrade to the latest pip and try again. This will fix errors for most - users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip - =============================DEBUG ASSISTANCE========================== @@ -24,33 +24,32 @@ base_dir = os.path.dirname(__file__) src_dir = os.path.join(base_dir, "src") -@@ -43,20 +26,6 @@ try: - cffi_modules=[ +@@ -41,9 +25,8 @@ with open(os.path.join(src_dir, "cryptography", "__abo + + # `install_requirements` and `setup_requirements` must be kept in sync with + # `pyproject.toml` +-setuptools_rust = "setuptools-rust>=0.11.4" + install_requirements = ["cffi>=1.12"] +-setup_requirements = install_requirements + [setuptools_rust] ++setup_requirements = install_requirements + + if os.environ.get("CRYPTOGRAPHY_DONT_BUILD_RUST"): + rust_extensions = [] +@@ -129,9 +112,6 @@ try: + "twine >= 1.12.0", + "sphinxcontrib-spelling >= 4.0.1", + ], +- "sdist": [ +- setuptools_rust, +- ], + "pep8test": [ + "black", + "flake8", +@@ -149,7 +129,6 @@ try: "src/_cffi_src/build_openssl.py:ffi", + "src/_cffi_src/build_padding.py:ffi", ], -- rust_extensions=[ -- RustExtension( -- "cryptography.hazmat.bindings._rust", -- "src/rust/Cargo.toml", -- py_limited_api=True, -- # Enable abi3 mode if we're not using PyPy. -- features=( -- [] -- if platform.python_implementation() == "PyPy" -- else ["pyo3/abi3-py36"] -- ), -- rust_version=">=1.48.0", -- ) -- ], +- rust_extensions=rust_extensions, ) except: # noqa: E722 # Note: This is a bare exception that re-raises so that we don't interfere -@@ -86,7 +55,7 @@ except: # noqa: E722 - ) - print(f" Python: {'.'.join(str(v) for v in sys.version_info[:3])}") - print(f" platform: {platform.platform()}") -- for dist in ["pip", "setuptools", "setuptools_rust"]: -+ for dist in ["pip", "setuptools"]: - try: - version = pkg_resources.get_distribution(dist).version - except pkg_resources.DistributionNotFound: