svn commit: r428138 - head/security/py-cryptography
Mark Felder
feld at FreeBSD.org
Fri Dec 9 14:19:09 UTC 2016
On Fri, Dec 9, 2016, at 04:12, Mathieu Arnold wrote:
> Le 08/12/2016 à 18:07, Mark Felder a écrit :
> > Author: feld
> > Date: Thu Dec 8 17:07:22 2016
> > New Revision: 428138
> > URL: https://svnweb.freebsd.org/changeset/ports/428138
> >
> > Log:
> > security/py-pycryptography: Fix build on FreeBSD 9.3
> >
> > Modern py-cryptography requires a more modern OpenSSL. This switch to
> > requiring OpenSSL from ports is a disruptive change, but it will protect
> > these users from the recently patched vulnerabilites.
> >
> > Support for OpenSSL 0.9.8 was removed in pycryptography as of version 1.4.
> > The last release to support OpenSSL 0.9.8 was 1.3.4 which is still
> > vulnerable to the HDKF key generation bug. It appears that version 1.4
> > did build successfully on FreeBSD 9.3, but upstream had abandoned
> > support for OpenSSL 0.9.8 at that point so it is unclear if it was fully
> > functional.
> >
> > PR: 214915
> > MFH: 2016Q4
> >
> > Modified:
> > head/security/py-cryptography/Makefile
> >
> > Modified: head/security/py-cryptography/Makefile
> > ==============================================================================
> > --- head/security/py-cryptography/Makefile Thu Dec 8 17:05:45 2016 (r428137)
> > +++ head/security/py-cryptography/Makefile Thu Dec 8 17:07:22 2016 (r428138)
> > @@ -27,6 +27,11 @@ USE_PYTHON= autoplist distutils
> > CFLAGS+= -I${OPENSSLINC}
> > LDFLAGS+= -L${OPENSSLLIB}
> >
> > +# Modern py-cyptography requires newer OpenSSL
> > +.if ${OSVERSION} < 1000000
> > +WITH_OPENSSL_PORT= yes
> > +.endif
> > +
>
> The correct fix is:
>
> .if ${OSVERSION} < 1000000 && ${SSL_DEFAULT:Mbase}
> IGNORE= Needs a more recent OpenSSL
> .endif
>
I was trying to avoid doing that because this means we won't have
packages on our mirrors for 9.3-RELEASE users. :(
--
Mark Felder
ports-secteam member
feld at FreeBSD.org
More information about the svn-ports-all
mailing list