From nobody Mon Mar 27 14:04:17 2023 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PlZMG5Zjgz41ZZk for ; Mon, 27 Mar 2023 14:04:58 +0000 (UTC) (envelope-from sunpoet@sunpoet.net) Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PlZMD3NThz3xPg for ; Mon, 27 Mar 2023 14:04:56 +0000 (UTC) (envelope-from sunpoet@sunpoet.net) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sunpoet.net header.s=google header.b="An/u68Ha"; spf=pass (mx1.freebsd.org: domain of sunpoet@sunpoet.net designates 2a00:1450:4864:20::530 as permitted sender) smtp.mailfrom=sunpoet@sunpoet.net; dmarc=none Received: by mail-ed1-x530.google.com with SMTP id h8so36674564ede.8 for ; Mon, 27 Mar 2023 07:04:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sunpoet.net; s=google; t=1679925895; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=9+if7vJNHW7U/JFIrZChjFmealA7/5JewslPbcpPW10=; b=An/u68HaRBhmtg+nd5k4n4HGn6upetS7z0xXgm1ylKPSgoX5htcmD50j0wnPu0x3PI kzoxUkzibr5P/wRTGw4KuAxUn1lWX3444pp6++gXvy0uACz3PwP1B7Gf9vlPkG3g7o62 inLxf16WTPV7FlnHb9XBOHFjJIhEYokVrRObLsPyMCiSqH9MZ9bzu+WzvEkUbt5Mr5FO wYMnHb6ApWxdG6pPMyWF3e/sDmJIsuU+3iqx8OkhVN5OXjXQ7+d4o7IY4N3GaVc5Xs/d Fro+ZL6L2X3ofrxxdFpQNxBh0+CKqQJ39LXJF1IpywAaKnDFhabxY/4gekPCzTDae9TP t1QA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679925895; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=9+if7vJNHW7U/JFIrZChjFmealA7/5JewslPbcpPW10=; b=y87xjJARTx9DaU2gDofvAOZfHBwwpYrVACgCI0X/9kxxIbkiEZd+nJ4rO+IK22nOmS Y1HTw5AurrkYMDGITaOr5nNHYeuAEnfgkdQNUurEFixpMVtB1MZ78dX/8oxpQweRx/yN AUx/aCufYh6j6y8nRXAHUawTpCYu3O1/QjP8Fq2YdRNPQFYAPK7+3X121vCLE3zzCHzQ KCTMNAy3yIOSuk41eRZu35YyRmGV9WiwHMpWu1b75V/3eYghWQ1/ntWtYiHUmSot27XK 3ZbwQqP/V+kpA5eM9MTA0MPaLFmnTiCdsGqMi0Q7j5ZvjsDucyQWs6iEOYm2ZW/BxbpK dbCw== X-Gm-Message-State: AAQBX9dI8DjXXcxGDE1pG1tFr5VlsR20i5mLFDUzZ+3ueWAapAEpZYbo bOllNB2wCciolkEaGJSfbX0d4RcG0g95aus6JzLPPg== X-Google-Smtp-Source: AKy350azprnOwyLZbGxl8zHMVZzs5wsI1yXYC7ZJ9yjlV5veL1RD+xwlsJXZgDw2jQrPIhSOu6PfOwQ8Z7/MUK3SmmQ= X-Received: by 2002:a17:907:2c46:b0:8b1:7de9:b39b with SMTP id hf6-20020a1709072c4600b008b17de9b39bmr6228983ejc.1.1679925895390; Mon, 27 Mar 2023 07:04:55 -0700 (PDT) List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 References: <202303120848.32C8mSj4066479@gitrepo.freebsd.org> In-Reply-To: <202303120848.32C8mSj4066479@gitrepo.freebsd.org> From: Po-Chuan Hsieh Date: Mon, 27 Mar 2023 22:04:17 +0800 Message-ID: Subject: Re: git: f482d5d27c1a - main - security/py-cryptography: Fix runtime /w libressl To: Felix Palmen Cc: ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Content-Type: multipart/alternative; boundary="0000000000003e79f605f7e23a81" X-Spamd-Result: default: False [-3.48 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.98)[-0.980]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; R_DKIM_ALLOW(-0.20)[sunpoet.net:s=google]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::530:from]; ARC_NA(0.00)[]; MLMMJ_DEST(0.00)[dev-commits-ports-main@freebsd.org]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; DKIM_TRACE(0.00)[sunpoet.net:+]; DMARC_NA(0.00)[sunpoet.net]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; FROM_HAS_DN(0.00)[]; FREEFALL_USER(0.00)[sunpoet]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; PREVIOUSLY_DELIVERED(0.00)[dev-commits-ports-main@freebsd.org]; TO_DN_SOME(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-Rspamd-Queue-Id: 4PlZMD3NThz3xPg X-Spamd-Bar: --- X-ThisMailContainsUnwantedMimeParts: N --0000000000003e79f605f7e23a81 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sun, Mar 12, 2023 at 4:48=E2=80=AFPM Felix Palmen w= rote: > The branch main has been updated by zirias: > > URL: > https://cgit.FreeBSD.org/ports/commit/?id=3Df482d5d27c1afbbc3b9ed65d31c7e= ba92fe04393 > > commit f482d5d27c1afbbc3b9ed65d31c7eba92fe04393 > Author: Felix Palmen > AuthorDate: 2023-02-25 06:52:40 +0000 > Commit: Felix Palmen > CommitDate: 2023-03-12 08:47:06 +0000 > > security/py-cryptography: Fix runtime /w libressl > > When built with LibreSSL, a few symbols were missing, so consumers > failed at runtime. > > PR: 269705 > Approved by: sunpoet (maintainer, timeout) > To be clear, there is no maintainer timeout on Phabricator. And I'm OK with LibreSSL fixes. > Approved by: tcberner (mentor, implicit: libressl) > Differential Revision: https://reviews.freebsd.org/D38765 > --- > security/py-cryptography/Makefile | 1 + > security/py-cryptography/files/patch-libressl35 | 41 > ++++++++++++++++++------- > 2 files changed, 31 insertions(+), 11 deletions(-) > > diff --git a/security/py-cryptography/Makefile > b/security/py-cryptography/Makefile > index 64b8cb08caea..8f06002fbf3c 100644 > --- a/security/py-cryptography/Makefile > +++ b/security/py-cryptography/Makefile > @@ -1,5 +1,6 @@ > PORTNAME=3D cryptography > PORTVERSION=3D 3.4.8 > +PORTREVISION=3D 1 > PORTEPOCH=3D 1 > CATEGORIES=3D security python > MASTER_SITES=3D PYPI > diff --git a/security/py-cryptography/files/patch-libressl35 > b/security/py-cryptography/files/patch-libressl35 > index d0b7d798dc7a..84c9f44a3350 100644 > --- a/security/py-cryptography/files/patch-libressl35 > +++ b/security/py-cryptography/files/patch-libressl35 > @@ -144,6 +144,30 @@ > > /* These functions were added in OpenSSL 1.1.0f commit d0c50e80a8 */ > /* Define our own to simplify support across all versions. */ > +--- src/_cffi_src/openssl/evp.py.orig 2023-02-24 07:28:50 UTC > ++++ src/_cffi_src/openssl/evp.py > +@@ -203,7 +203,20 @@ int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, > cons > + size_t) =3D NULL; > + #endif > + > +-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 > ++#if CRYPTOGRAPHY_IS_LIBRESSL > ++static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY =3D 1= ; > ++static const long Cryptography_HAS_RAW_KEY =3D 0; > ++static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF =3D 0; > ++int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) =3D NU= LL; > ++EVP_PKEY *(*EVP_PKEY_new_raw_private_key)(int, ENGINE *, const unsigned > char *, > ++ size_t) =3D NULL; > ++EVP_PKEY *(*EVP_PKEY_new_raw_public_key)(int, ENGINE *, const unsigned > char *, > ++ size_t) =3D NULL; > ++int (*EVP_PKEY_get_raw_private_key)(const EVP_PKEY *, unsigned char *, > ++ size_t *) =3D NULL; > ++int (*EVP_PKEY_get_raw_public_key)(const EVP_PKEY *, unsigned char *, > ++ size_t *) =3D NULL; > ++#elif CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 > + static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY =3D 0= ; > + static const long Cryptography_HAS_RAW_KEY =3D 0; > + static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF =3D 0; > --- src/_cffi_src/openssl/fips.py.orig 2022-10-17 11:12:47 UTC > +++ src/_cffi_src/openssl/fips.py > @@ -17,11 +17,5 @@ int FIPS_mode(void); > @@ -246,20 +270,15 @@ > > #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 > static const long Cryptography_HAS_KEYLOG =3D 0; > -@@ -583,13 +578,6 @@ static const long Cryptography_HAS_TLS_ST =3D 1; > - static const long Cryptography_HAS_TLS_ST =3D 0; > - static const long TLS_ST_BEFORE =3D 0; > - static const long TLS_ST_OK =3D 0; > --#endif > -- > --#if CRYPTOGRAPHY_IS_LIBRESSL > +@@ -586,8 +581,6 @@ static const long Cryptography_HAS_TLS_ST =3D 1; > + #endif > + > + #if CRYPTOGRAPHY_IS_LIBRESSL > -static const long SSL_OP_NO_DTLSv1 =3D 0; > -static const long SSL_OP_NO_DTLSv1_2 =3D 0; > --long (*DTLS_set_link_mtu)(SSL *, long) =3D NULL; > --long (*DTLS_get_link_min_mtu)(SSL *) =3D NULL; > + long (*DTLS_set_link_mtu)(SSL *, long) =3D NULL; > + long (*DTLS_get_link_min_mtu)(SSL *) =3D NULL; > #endif > - > - static const long Cryptography_HAS_DTLS =3D 1; > --- src/_cffi_src/openssl/x509.py.orig 2022-10-17 11:26:23 UTC > +++ src/_cffi_src/openssl/x509.py > @@ -276,33 +276,8 @@ void X509_REQ_get0_signature(const X509_REQ *, cons= t > A > > --0000000000003e79f605f7e23a81 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Sun, Mar 12, 2023 at 4:48=E2=80=AFPM F= elix Palmen <zir= ias@freebsd.org> wrote:
The branch main has been updated = by zirias:

URL: https://cgi= t.FreeBSD.org/ports/commit/?id=3Df482d5d27c1afbbc3b9ed65d31c7eba92fe04393

commit f482d5d27c1afbbc3b9ed65d31c7eba92fe04393
Author:=C2=A0 =C2=A0 =C2=A0Felix Palmen <zirias@FreeBSD.org>
AuthorDate: 2023-02-25 06:52:40 +0000
Commit:=C2=A0 =C2=A0 =C2=A0Felix Palmen <zirias@FreeBSD.org>
CommitDate: 2023-03-12 08:47:06 +0000

=C2=A0 =C2=A0 security/py-cryptography: Fix runtime /w libressl

=C2=A0 =C2=A0 When built with LibreSSL, a few symbols were missing, so cons= umers
=C2=A0 =C2=A0 failed at runtime.

=C2=A0 =C2=A0 PR:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0269705
=C2=A0 =C2=A0 Approved by:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 sunpoet= (maintainer, timeout)

To be clear, the= re is no maintainer timeout on Phabricator.
And I'm OK with L= ibreSSL fixes.
=C2=A0
=C2=A0 =C2=A0 Approved by:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 tcberne= r (mentor, implicit: libressl)
=C2=A0 =C2=A0 Differential Revision:=C2=A0
https://reviews.freebsd= .org/D38765
---
=C2=A0security/py-cryptography/Makefile=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0|=C2=A0 1 +
=C2=A0security/py-cryptography/files/patch-libressl35 | 41 ++++++++++++++++= ++-------
=C2=A02 files changed, 31 insertions(+), 11 deletions(-)

diff --git a/security/py-cryptography/Makefile b/security/py-cryptography/M= akefile
index 64b8cb08caea..8f06002fbf3c 100644
--- a/security/py-cryptography/Makefile
+++ b/security/py-cryptography/Makefile
@@ -1,5 +1,6 @@
=C2=A0PORTNAME=3D=C2=A0 =C2=A0 =C2=A0 cryptography
=C2=A0PORTVERSION=3D=C2=A0 =C2=A03.4.8
+PORTREVISION=3D=C2=A0 1
=C2=A0PORTEPOCH=3D=C2=A0 =C2=A0 =C2=A01
=C2=A0CATEGORIES=3D=C2=A0 =C2=A0 security python
=C2=A0MASTER_SITES=3D=C2=A0 PYPI
diff --git a/security/py-cryptography/files/patch-libressl35 b/security/py-= cryptography/files/patch-libressl35
index d0b7d798dc7a..84c9f44a3350 100644
--- a/security/py-cryptography/files/patch-libressl35
+++ b/security/py-cryptography/files/patch-libressl35
@@ -144,6 +144,30 @@

=C2=A0 /* These functions were added in OpenSSL 1.1.0f commit d0c50e80a8 */=
=C2=A0 /* Define our own to simplify support across all versions. */
+--- src/_cffi_src/openssl/evp.py.orig=C2=A0 2023-02-24 07:28:50 UTC
++++ src/_cffi_src/openssl/evp.py
+@@ -203,7 +203,20 @@ int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, con= s
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0size_t) = =3D NULL;
+ #endif
+
+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
++#if CRYPTOGRAPHY_IS_LIBRESSL
++static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY =3D 1;<= br> ++static const long Cryptography_HAS_RAW_KEY =3D 0;
++static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF =3D 0;
++int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) =3D NULL= ;
++EVP_PKEY *(*EVP_PKEY_new_raw_private_key)(int, ENGINE *, const unsigned c= har *,
++=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0size_t) = =3D NULL;
++EVP_PKEY *(*EVP_PKEY_new_raw_public_key)(int, ENGINE *, const unsigned ch= ar *,
++=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 size_t) =3D NUL= L;
++int (*EVP_PKEY_get_raw_private_key)(const EVP_PKEY *, unsigned char *, ++=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 size_t *) =3D NULL; ++int (*EVP_PKEY_get_raw_public_key)(const EVP_PKEY *, unsigned char *,
++=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0size_t *) =3D NULL;
++#elif CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
+ static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY =3D 0;<= br> + static const long Cryptography_HAS_RAW_KEY =3D 0;
+ static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF =3D 0;
=C2=A0--- src/_cffi_src/openssl/fips.py.orig 2022-10-17 11:12:47 UTC
=C2=A0+++ src/_cffi_src/openssl/fips.py
=C2=A0@@ -17,11 +17,5 @@ int FIPS_mode(void);
@@ -246,20 +270,15 @@

=C2=A0 #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
=C2=A0 static const long Cryptography_HAS_KEYLOG =3D 0;
-@@ -583,13 +578,6 @@ static const long Cryptography_HAS_TLS_ST =3D 1;
- static const long Cryptography_HAS_TLS_ST =3D 0;
- static const long TLS_ST_BEFORE =3D 0;
- static const long TLS_ST_OK =3D 0;
--#endif
--
--#if CRYPTOGRAPHY_IS_LIBRESSL
+@@ -586,8 +581,6 @@ static const long Cryptography_HAS_TLS_ST =3D 1;
+ #endif
+
+ #if CRYPTOGRAPHY_IS_LIBRESSL
=C2=A0-static const long SSL_OP_NO_DTLSv1 =3D 0;
=C2=A0-static const long SSL_OP_NO_DTLSv1_2 =3D 0;
--long (*DTLS_set_link_mtu)(SSL *, long) =3D NULL;
--long (*DTLS_get_link_min_mtu)(SSL *) =3D NULL;
+ long (*DTLS_set_link_mtu)(SSL *, long) =3D NULL;
+ long (*DTLS_get_link_min_mtu)(SSL *) =3D NULL;
=C2=A0 #endif
-
- static const long Cryptography_HAS_DTLS =3D 1;
=C2=A0--- src/_cffi_src/openssl/x509.py.orig 2022-10-17 11:26:23 UTC
=C2=A0+++ src/_cffi_src/openssl/x509.py
=C2=A0@@ -276,33 +276,8 @@ void X509_REQ_get0_signature(const X509_REQ *, c= onst A

--0000000000003e79f605f7e23a81--