From deceba4e69fad2ee20a9deff6fba3f14ed051a34 Mon Sep 17 00:00:00 2001 From: Enno Boland Date: Mon, 23 Apr 2018 20:35:52 +0200 Subject: [PATCH] python-cryptography: fix libressl-2.7 --- .../patch-src__cffi_src_openssl_x509_py.patch | 37 ++++++++++ ...ch-src__cffi_src_openssl_x509_vfy_py.patch | 74 +++++++++++++++++++ srcpkgs/python-cryptography/template | 2 +- 3 files changed, 112 insertions(+), 1 deletion(-) create mode 100644 srcpkgs/python-cryptography/patches/patch-src__cffi_src_openssl_x509_py.patch create mode 100644 srcpkgs/python-cryptography/patches/patch-src__cffi_src_openssl_x509_vfy_py.patch diff --git a/srcpkgs/python-cryptography/patches/patch-src__cffi_src_openssl_x509_py.patch b/srcpkgs/python-cryptography/patches/patch-src__cffi_src_openssl_x509_py.patch new file mode 100644 index 0000000000..b30e39ff22 --- /dev/null +++ b/srcpkgs/python-cryptography/patches/patch-src__cffi_src_openssl_x509_py.patch @@ -0,0 +1,37 @@ +$OpenBSD: patch-src__cffi_src_openssl_x509_py,v 1.2 2018/04/23 13:06:47 sthen Exp $ + +Index: src/_cffi_src/openssl/x509.py +--- src/_cffi_src/openssl/x509.py.orig ++++ src/_cffi_src/openssl/x509.py +@@ -256,8 +256,7 @@ int X509_get_signature_nid(const X509 *); + + const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *); + +-/* in 1.1.0 becomes const ASN1_BIT_STRING, const X509_ALGOR */ +-void X509_get0_signature(ASN1_BIT_STRING **, X509_ALGOR **, X509 *); ++void X509_get0_signature(const ASN1_BIT_STRING **, const X509_ALGOR **, const X509 *); + + long X509_get_version(X509 *); + +@@ -340,7 +339,8 @@ void X509_REQ_get0_signature(const X509_REQ *, const A + CUSTOMIZATIONS = """ + /* Added in 1.0.2 beta but we need it in all versions now due to the great + opaquing. */ +-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 ++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && \ ++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) + /* from x509/x_x509.c version 1.0.2 */ + void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, + const X509 *x) +@@ -388,9 +388,11 @@ X509_REVOKED *Cryptography_X509_REVOKED_dup(X509_REVOK + opaquing. */ + #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 + ++#if (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) + int X509_up_ref(X509 *x) { + return CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + } ++#endif + + const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x) + { diff --git a/srcpkgs/python-cryptography/patches/patch-src__cffi_src_openssl_x509_vfy_py.patch b/srcpkgs/python-cryptography/patches/patch-src__cffi_src_openssl_x509_vfy_py.patch new file mode 100644 index 0000000000..24a35f5c62 --- /dev/null +++ b/srcpkgs/python-cryptography/patches/patch-src__cffi_src_openssl_x509_vfy_py.patch @@ -0,0 +1,74 @@ +$OpenBSD: patch-src__cffi_src_openssl_x509_vfy_py,v 1.7 2018/02/22 18:49:16 sthen Exp $ + +Index: src/_cffi_src/openssl/x509_vfy.py +--- src/_cffi_src/openssl/x509_vfy.py.orig ++++ src/_cffi_src/openssl/x509_vfy.py +@@ -204,7 +204,7 @@ int sk_X509_OBJECT_num(Cryptography_STACK_OF_X509_OBJE + X509_OBJECT *sk_X509_OBJECT_value(Cryptography_STACK_OF_X509_OBJECT *, int); + X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *); + Cryptography_STACK_OF_X509_OBJECT *X509_STORE_get0_objects(X509_STORE *); +-X509 *X509_OBJECT_get0_X509(X509_OBJECT *); ++X509 *X509_OBJECT_get0_X509(const X509_OBJECT *); + int X509_OBJECT_get_type(const X509_OBJECT *); + + /* added in 1.1.0 */ +@@ -220,14 +220,11 @@ static const long Cryptography_HAS_102_VERIFICATION_ER + static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1; + #else + static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 0; ++#if LIBRESSL_VERSION_NUMBER >= 0x2070000fL ++static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1; ++#else + static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 0; + +-static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0; +-static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0; +-static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0; +-static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0; +-static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0; +-static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0; + /* These 3 defines are unavailable in LibreSSL 2.5.x, but may be added + in the future... */ + #ifndef X509_V_ERR_HOSTNAME_MISMATCH +@@ -240,12 +237,6 @@ static const long X509_V_ERR_EMAIL_MISMATCH = 0; + static const long X509_V_ERR_IP_ADDRESS_MISMATCH = 0; + #endif + +-/* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately +- below because it shows up in some earlier 3rd party OpenSSL packages. */ +-static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0; +-static const long X509_V_FLAG_SUITEB_192_LOS = 0; +-static const long X509_V_FLAG_SUITEB_128_LOS = 0; +- + int (*X509_VERIFY_PARAM_set1_host)(X509_VERIFY_PARAM *, const char *, + size_t) = NULL; + int (*X509_VERIFY_PARAM_set1_email)(X509_VERIFY_PARAM *, const char *, +@@ -257,6 +248,19 @@ void (*X509_VERIFY_PARAM_set_hostflags)(X509_VERIFY_PA + unsigned int) = NULL; + #endif + ++static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0; ++static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0; ++static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0; ++static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0; ++static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0; ++static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0; ++/* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately ++ below because it shows up in some earlier 3rd party OpenSSL packages. */ ++static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0; ++static const long X509_V_FLAG_SUITEB_192_LOS = 0; ++static const long X509_V_FLAG_SUITEB_128_LOS = 0; ++#endif ++ + /* OpenSSL 1.0.2+ or Solaris's backport */ + #ifdef X509_V_FLAG_PARTIAL_CHAIN + static const long Cryptography_HAS_X509_V_FLAG_PARTIAL_CHAIN = 1; +@@ -292,7 +296,7 @@ X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) + return ctx->cert; + } + +-X509 *X509_OBJECT_get0_X509(X509_OBJECT *x) { ++X509 *X509_OBJECT_get0_X509(const X509_OBJECT *x) { + return x->data.x509; + } + #endif diff --git a/srcpkgs/python-cryptography/template b/srcpkgs/python-cryptography/template index bc78883d71..bae5d0825a 100644 --- a/srcpkgs/python-cryptography/template +++ b/srcpkgs/python-cryptography/template @@ -1,7 +1,7 @@ # Template file for 'python-cryptography' pkgname=python-cryptography version=2.2.2 -revision=1 +revision=2 wrksrc="cryptography-${version}" build_style=python-module hostmakedepends="python-setuptools python3-setuptools libressl-devel