onkelbeh/HomeAssistantRepository
4
7
Fork 10
Code Issues 38 Pull Requests 1 Releases 411 Wiki Activity

remove dev-python/cryptography

Browse Source
This commit is contained in:
Andreas Billmeier 2020-02-01 09:49:55 +01:00
parent 885e791171
commit 5b7882aea1
Signed by: onkelbeh
GPG Key ID: E6DB12C8C550F3C0
11 changed files with 1 additions and 481 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.txt
View File

@ -16,6 +16,7 @@
* fix numpy-1.17.4.ebuild file perms
* remove herd tag from dev-python/elgato/metadata.xml
* remove bad email from dev-python/hkdf/metadata.xml
* remove dev-python/cryptography, godd verion in main repo now
2020-01-31 homeassistant-0.105.0.beta2
* update s3transfer-0.2.1

12
dev-python/cryptography/Manifest
View File

@ -1,12 +0,0 @@
AUX CVE-2018-10903.patch 3641 BLAKE2B a426705cfcbc9ba4e3ffd662610b7a27c7afe52dff71d1c7248c03524369faa763196eb018b7ea94b8ac87cc5cb5dd5bf172f5cdedadb54be62dbe4e0819ed82 SHA512 94c56586ae1649b29959d855235af8e84bc9dd927b412e0e0a62cb47bb52580a919bacefe4be6d0b75318be05afccb950dbff3d7f6ec1cb44c111a4bbc2e6a99
AUX cryptography-1.7.1-libressl251.patch 948 BLAKE2B cfb192c89d714093f366a75245911de165a3cab7062737df7b949a928927a5b6f0000b9fa7efa416798c62c803b406b14d2888afef87f8e63759fd3ff74c8da9 SHA512 5660bd82498ec2bd17ad4dcbd8d3ffd8a2a1364dc5584736e4cff278bbeb4644138336385fa2bc16261fe4712481c6cffba227aaa09c841df3081709f8ec7187
AUX cryptography-2.1.4-libressl-2.7-x509.patch 1005 BLAKE2B 9c01fe0f9c3c8c598388db68f68470b953b4a8e79dba8c1d3c6ce56486a93f340101a58db8771fa1adeaabe430d78acbb6723da597b8b114416d676022b989d4 SHA512 fc58993b3dc86990194e03c7cc4554d83260b243913d77b3743fe1f9fd0d21985ee849c6b7f7fc158c48b75505e8e8a9adf090b9c7ba40e12b09b3c020e50afe
AUX cryptography-2.1.4-libressl-2.7-x509_vfy.patch 3419 BLAKE2B 89642459484d42958aec818c4196eff35991ba415c76ee1f43c0765b1a9687c6b405f31322227eb132309439aa8d7ee5ed6df7ed07f640e4eea21c6e97fde858 SHA512 e941b89924d68b1d1dfe8e64a4f7ae363ccb53fd232a3853d9ddba0a7aed1dc27fb8d699e9197bdd7ff0b1780c1f12edd2edd4133f08e2f7f13348b170985a4c
DIST cryptography-2.3.1.tar.gz 449577 BLAKE2B 66a94f68a6f5c14ff1e3316ea740bda8c34135bc4614a6a36880d4970d54cb72d69374555a6a89dd9a6794e35feed8fc4598ad071cce33b9515da1ada4c38d53 SHA512 384581238b5669dbf31fd1b1385ec2ff9c6d76e2b7612efb15f255e17a11a38474f84668e62ceaa39a146260f46cac743575c0a8ffedc1e40c7b2f90d7cb00b1
DIST cryptography-2.5.tar.gz 487694 BLAKE2B 9502e7b7987ee0101ad8e5fcd09208034222a7f20b6b3bc3126c8b59081c9d8ecf872985d5fca191fc132dd6759afd4d11c0e0d39268627f35990c005a2095d3 SHA512 5e8f8818fcaa8143526006b027107b8afbdc925d40c846701e65b2c7ee02235b7e0918246515520ef2030b1c87bb157d0d403c28ad68c31459d677af7e2d0b3f
DIST cryptography-2.8.tar.gz 504516 BLAKE2B 3a853bf59a752acee9e9607f3f35f3815701c6068a1ffa5b6604ec648a31a5d4e31f13a1b19f3156c703313800242d8b06dd71a54a4eb0cc68481dea894002f3 SHA512 bf3ca44123c693b0602be19445925f9efebd46c469909e47b7907d57141fb6bd99268c33e1fe3f42a08ab8b4edd4f98f21b6a682f530352313334dfd31ba91e7
EBUILD cryptography-2.3.1.ebuild 2040 BLAKE2B bd981a72b14280a94d289bb904aed44d674fafbe5366212ff08eec6d0acc81cb9d16f7040baeeeab4830024a87efd0ee9e9c2354ff0ab17f54e8a884cc942a9e SHA512 dc846ff16b6825e455c18011a610a0a3ecc2cb1921d87847a60a0a4abd56e93a04aff69519c6d600cb2366111b8c678639329eff320acc495ecf84b6c2004b56
EBUILD cryptography-2.5.ebuild 2040 BLAKE2B bd981a72b14280a94d289bb904aed44d674fafbe5366212ff08eec6d0acc81cb9d16f7040baeeeab4830024a87efd0ee9e9c2354ff0ab17f54e8a884cc942a9e SHA512 dc846ff16b6825e455c18011a610a0a3ecc2cb1921d87847a60a0a4abd56e93a04aff69519c6d600cb2366111b8c678639329eff320acc495ecf84b6c2004b56
EBUILD cryptography-2.8-r1.ebuild 2041 BLAKE2B 1a08b88b345149be726949cb7723ca43186d033981eac449b3275a0628d978b62ee8b566b6f958cb4c5cab68518def1d3e6dcb917256e0c583d43d70e9fdb4c0 SHA512 66a6680a2ad64abe5b86eb23471b49c7809d9c88da98912ee2f323b968ce2a21f14def826b82c0bb6039a112e73428d0faaa446bc93569c34ff70368d81e3e38
EBUILD cryptography-2.8.ebuild 2058 BLAKE2B 3a5000ffd96964dc4bea9959e2dc25b52896f598ba755729d7e7ade2c5e2fd48a17f00bdd578cc49f1fb7d05438d0a7fbf7cafdd7189d053ddb1477ce71b6149 SHA512 eb5e6f73a0dee71b3165ebbc95e6efe90f9e2b0f0cb2a239dbe6748fd0b1d8b6fe05a1da375d22957081dd18e10ef4040d1480059fdf014e7701a0abc12e5398
MISC metadata.xml 578 BLAKE2B 3c1a81872702db0c1ba4eed2db90437d3140ba2b95ef96cdf73bd6d3573bd64300e399c764f2e8d5cf90dc5ac748b8879eb84f2a948f15f4eeca87e6b190bd5c SHA512 f0e6913f4d29974c2451e92a0ee3fe9e1b6e166ec187b2c9898c54e31f01d8274c368ff924e59f29bf131119b318c4e61ccfb3233a5721cd31e64c280db3c59e

67
dev-python/cryptography/cryptography-2.3.1.ebuild
View File

@ -1,67 +0,0 @@
# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=6
PYTHON_COMPAT=( python2_7 python3_{4,5,6,7} pypy{,3} )
PYTHON_REQ_USE="threads(+)"
inherit distutils-r1 flag-o-matic
DESCRIPTION="Library providing cryptographic recipes and primitives"
HOMEPAGE="https://github.com/pyca/cryptography/ https://pypi.org/project/cryptography/"
SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
LICENSE="|| ( Apache-2.0 BSD )"
SLOT="0"
KEYWORDS="~amd64 ~x86 ~amd64-linux ~x86-linux"
IUSE="libressl test"
# the openssl 1.0.2l-r1 needs to be updated again :(
# It'd theb be able to go into the || section again
#=dev-libs/openssl-1.0.2l-r1:0
# the following is the original section, disallowing bindist entirely
#!libressl? ( >=dev-libs/openssl-1.0.2:0=[-bindist(-)] )
RDEPEND="
!libressl? (
dev-libs/openssl:0= (
|| (
dev-libs/openssl:0[-bindist(-)]
>=dev-libs/openssl-1.0.2o-r6:0
)
)
)
libressl? ( dev-libs/libressl:0= )
$(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 pypy{,3})
>=dev-python/idna-2.1[${PYTHON_USEDEP}]
>=dev-python/asn1crypto-0.21.0[${PYTHON_USEDEP}]
dev-python/setuptools[${PYTHON_USEDEP}]
>=dev-python/six-1.4.1[${PYTHON_USEDEP}]
virtual/python-ipaddress[${PYTHON_USEDEP}]
"
DEPEND="${RDEPEND}
>=dev-python/setuptools-1.0[${PYTHON_USEDEP}]
$(python_gen_cond_dep '>=dev-python/cffi-1.7:=[${PYTHON_USEDEP}]' 'python*')
$(python_gen_cond_dep '!~dev-python/cffi-1.11.3[${PYTHON_USEDEP}]' 'python*')
test? (
~dev-python/cryptography-vectors-${PV}[${PYTHON_USEDEP}]
dev-python/hypothesis[${PYTHON_USEDEP}]
dev-python/iso8601[${PYTHON_USEDEP}]
dev-python/pretend[${PYTHON_USEDEP}]
dev-python/pyasn1-modules[${PYTHON_USEDEP}]
>=dev-python/pytest-2.9.0[${PYTHON_USEDEP}]
dev-python/pytz[${PYTHON_USEDEP}]
)"
DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst )
PATCHES=(
)
python_configure_all() {
append-cflags $(test-flags-CC -pthread)
}
python_test() {
py.test -v -v -x || die "Tests fail with ${EPYTHON}"
}

67
dev-python/cryptography/cryptography-2.5.ebuild
View File

@ -1,67 +0,0 @@
# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=6
PYTHON_COMPAT=( python2_7 python3_{4,5,6,7} pypy{,3} )
PYTHON_REQ_USE="threads(+)"
inherit distutils-r1 flag-o-matic
DESCRIPTION="Library providing cryptographic recipes and primitives"
HOMEPAGE="https://github.com/pyca/cryptography/ https://pypi.org/project/cryptography/"
SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
LICENSE="|| ( Apache-2.0 BSD )"
SLOT="0"
KEYWORDS="~amd64 ~x86 ~amd64-linux ~x86-linux"
IUSE="libressl test"
# the openssl 1.0.2l-r1 needs to be updated again :(
# It'd theb be able to go into the || section again
#=dev-libs/openssl-1.0.2l-r1:0
# the following is the original section, disallowing bindist entirely
#!libressl? ( >=dev-libs/openssl-1.0.2:0=[-bindist(-)] )
RDEPEND="
!libressl? (
dev-libs/openssl:0= (
|| (
dev-libs/openssl:0[-bindist(-)]
>=dev-libs/openssl-1.0.2o-r6:0
)
)
)
libressl? ( dev-libs/libressl:0= )
$(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 pypy{,3})
>=dev-python/idna-2.1[${PYTHON_USEDEP}]
>=dev-python/asn1crypto-0.21.0[${PYTHON_USEDEP}]
dev-python/setuptools[${PYTHON_USEDEP}]
>=dev-python/six-1.4.1[${PYTHON_USEDEP}]
virtual/python-ipaddress[${PYTHON_USEDEP}]
"
DEPEND="${RDEPEND}
>=dev-python/setuptools-1.0[${PYTHON_USEDEP}]
$(python_gen_cond_dep '>=dev-python/cffi-1.7:=[${PYTHON_USEDEP}]' 'python*')
$(python_gen_cond_dep '!~dev-python/cffi-1.11.3[${PYTHON_USEDEP}]' 'python*')
test? (
~dev-python/cryptography-vectors-${PV}[${PYTHON_USEDEP}]
dev-python/hypothesis[${PYTHON_USEDEP}]
dev-python/iso8601[${PYTHON_USEDEP}]
dev-python/pretend[${PYTHON_USEDEP}]
dev-python/pyasn1-modules[${PYTHON_USEDEP}]
>=dev-python/pytest-2.9.0[${PYTHON_USEDEP}]
dev-python/pytz[${PYTHON_USEDEP}]
)"
DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst )
PATCHES=(
)
python_configure_all() {
append-cflags $(test-flags-CC -pthread)
}
python_test() {
py.test -v -v -x || die "Tests fail with ${EPYTHON}"
}

65
dev-python/cryptography/cryptography-2.8-r1.ebuild
View File

@ -1,65 +0,0 @@
# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="6"
PYTHON_COMPAT=( python3_{6,7} )
PYTHON_REQ_USE="threads(+)"
inherit distutils-r1 flag-o-matic
DESCRIPTION="Library providing cryptographic recipes and primitives"
HOMEPAGE="https://github.com/pyca/cryptography/ https://pypi.org/project/cryptography/"
SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
LICENSE="|| ( Apache-2.0 BSD )"
SLOT="0"
KEYWORDS="~amd64 ~x86 ~amd64-linux ~x86-linux"
IUSE="idna libressl test"
# the openssl 1.0.2l-r1 needs to be updated again :(
# It'd theb be able to go into the || section again
#=dev-libs/openssl-1.0.2l-r1:0
# the following is the original section, disallowing bindist entirely
#!libressl? ( >=dev-libs/openssl-1.0.2:0=[-bindist(-)] )
RDEPEND="
!libressl? (
dev-libs/openssl:0= (
|| (
dev-libs/openssl:0[-bindist(-)]
>=dev-libs/openssl-1.0.2o-r6:0
)
)
)
idna? ( >=dev-python/idna-2.1[${PYTHON_USEDEP}] )
libressl? ( dev-libs/libressl:0= )
>=dev-python/asn1crypto-0.21.0[${PYTHON_USEDEP}]
dev-python/setuptools[${PYTHON_USEDEP}]
>=dev-python/six-1.4.1[${PYTHON_USEDEP}]
virtual/python-enum34[${PYTHON_USEDEP}]
virtual/python-ipaddress[${PYTHON_USEDEP}]
"
DEPEND="${RDEPEND}
>=dev-python/setuptools-1.0[${PYTHON_USEDEP}]
$(python_gen_cond_dep '>=dev-python/cffi-1.8:=[${PYTHON_USEDEP}]' 'python*')
$(python_gen_cond_dep '!~dev-python/cffi-1.11.3[${PYTHON_USEDEP}]' 'python*')
test? (
~dev-python/cryptography-vectors-${PV}[${PYTHON_USEDEP}]
dev-python/pretend[${PYTHON_USEDEP}]
dev-python/iso8601[${PYTHON_USEDEP}]
dev-python/pytz[${PYTHON_USEDEP}]
>=dev-python/hypothesis-1.11.4[${PYTHON_USEDEP}]
!~dev-python/hypothesis-3.79.2[${PYTHON_USEDEP}]
dev-python/pyasn1-modules[${PYTHON_USEDEP}]
>=dev-python/pytest-2.9.0[${PYTHON_USEDEP}]
)"
DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst )
python_configure_all() {
append-cflags $(test-flags-CC -pthread)
}
python_test() {
py.test -v -v -x || die "Tests fail with ${EPYTHON}"
}

65
dev-python/cryptography/cryptography-2.8.ebuild
View File

@ -1,65 +0,0 @@
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=6
PYTHON_COMPAT=( python2_7 python3_{6,7,8} )
PYTHON_REQ_USE="threads(+)"
inherit distutils-r1 flag-o-matic
DESCRIPTION="Library providing cryptographic recipes and primitives"
HOMEPAGE="https://github.com/pyca/cryptography/ https://pypi.org/project/cryptography/"
SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
LICENSE="|| ( Apache-2.0 BSD )"
SLOT="0"
KEYWORDS="~amd64 ~x86 ~amd64-linux ~x86-linux ~arm64"
IUSE="idna libressl test"
# the openssl 1.0.2l-r1 needs to be updated again :(
# It'd theb be able to go into the || section again
#=dev-libs/openssl-1.0.2l-r1:0
# the following is the original section, disallowing bindist entirely
#!libressl? ( >=dev-libs/openssl-1.0.2:0=[-bindist(-)] )
RDEPEND="
!libressl? (
dev-libs/openssl:0= (
|| (
dev-libs/openssl:0[-bindist(-)]
>=dev-libs/openssl-1.0.2o-r6:0
)
)
)
idna? ( >=dev-python/idna-2.1[${PYTHON_USEDEP}] )
libressl? ( dev-libs/libressl:0= )
>=dev-python/asn1crypto-0.21.0[${PYTHON_USEDEP}]
dev-python/setuptools[${PYTHON_USEDEP}]
>=dev-python/six-1.4.1[${PYTHON_USEDEP}]
virtual/python-enum34[${PYTHON_USEDEP}]
virtual/python-ipaddress[${PYTHON_USEDEP}]
"
DEPEND="${RDEPEND}
>=dev-python/setuptools-1.0[${PYTHON_USEDEP}]
$(python_gen_cond_dep '>=dev-python/cffi-1.8:=[${PYTHON_USEDEP}]' 'python*')
$(python_gen_cond_dep '!~dev-python/cffi-1.11.3[${PYTHON_USEDEP}]' 'python*')
test? (
~dev-python/cryptography-vectors-${PV}[${PYTHON_USEDEP}]
dev-python/pretend[${PYTHON_USEDEP}]
dev-python/iso8601[${PYTHON_USEDEP}]
dev-python/pytz[${PYTHON_USEDEP}]
>=dev-python/hypothesis-1.11.4[${PYTHON_USEDEP}]
!~dev-python/hypothesis-3.79.2[${PYTHON_USEDEP}]
dev-python/pyasn1-modules[${PYTHON_USEDEP}]
>=dev-python/pytest-2.9.0[${PYTHON_USEDEP}]
)"
DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst )
python_configure_all() {
append-cflags $(test-flags-CC -pthread)
}
python_test() {
py.test -v -v -x || die "Tests fail with ${EPYTHON}"
}

76
dev-python/cryptography/files/CVE-2018-10903.patch
View File

@ -1,76 +0,0 @@
From 688e0f673bfbf43fa898994326c6877f00ab19ef Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Tue, 17 Jul 2018 10:47:57 +0800
Subject: [PATCH] disallow implicit tag truncation with finalize_with_tag
---
docs/hazmat/primitives/symmetric-encryption.rst | 1 +
src/cryptography/hazmat/backends/openssl/ciphers.py | 5 +++++
src/cryptography/hazmat/primitives/ciphers/modes.py | 1 +
tests/hazmat/primitives/test_aes.py | 16 ++++++++++++++++
5 files changed, 28 insertions(+)
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index 5ebcca754..5b6000902 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst
@@ -670,6 +670,7 @@ Interfaces
:raises ValueError: This is raised when the data provided isn't
a multiple of the algorithm's block size, if ``min_tag_length`` is
less than 4, or if ``len(tag) < min_tag_length``.
+ ``min_tag_length`` is an argument to the ``GCM`` constructor.
:raises NotImplementedError: This is raised if the version of the
OpenSSL backend used is 1.0.1 or earlier.
diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py
index 462ffea25..e0ee06ee2 100644
--- a/src/cryptography/hazmat/backends/openssl/ciphers.py
+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
@@ -199,6 +199,11 @@ def finalize_with_tag(self, tag):
"finalize_with_tag requires OpenSSL >= 1.0.2. To use this "
"method please update OpenSSL"
)
+ if len(tag) < self._mode._min_tag_length:
+ raise ValueError(
+ "Authentication tag must be {0} bytes or longer.".format(
+ self._mode._min_tag_length)
+ )
res = self._backend._lib.EVP_CIPHER_CTX_ctrl(
self._ctx, self._backend._lib.EVP_CTRL_AEAD_SET_TAG,
len(tag), tag
diff --git a/src/cryptography/hazmat/primitives/ciphers/modes.py b/src/cryptography/hazmat/primitives/ciphers/modes.py
index 598dfaa4a..543015fef 100644
--- a/src/cryptography/hazmat/primitives/ciphers/modes.py
+++ b/src/cryptography/hazmat/primitives/ciphers/modes.py
@@ -220,6 +220,7 @@ def __init__(self, initialization_vector, tag=None, min_tag_length=16):
min_tag_length)
)
self._tag = tag
+ self._min_tag_length = min_tag_length
tag = utils.read_only_property("_tag")
initialization_vector = utils.read_only_property("_initialization_vector")
diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py
index d6f83ebc2..4ceccf155 100644
--- a/tests/hazmat/primitives/test_aes.py
+++ b/tests/hazmat/primitives/test_aes.py
@@ -439,3 +439,19 @@ def test_gcm_tag_decrypt_finalize(self, backend):
decryptor.finalize()
else:
decryptor.finalize_with_tag(tag)
+
+ @pytest.mark.supported(
+ only_if=lambda backend: (
+ not backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 or
+ backend._lib.CRYPTOGRAPHY_IS_LIBRESSL
+ ),
+ skip_message="Not supported on OpenSSL 1.0.1",
+ )
+ def test_gcm_tag_decrypt_finalize_tag_length(self, backend):
+ decryptor = base.Cipher(
+ algorithms.AES(b"0" * 16),
+ modes.GCM(b"0" * 12),
+ backend=backend
+ ).decryptor()
+ with pytest.raises(ValueError):
+ decryptor.finalize_with_tag(b"tagtooshort")

17
dev-python/cryptography/files/cryptography-1.7.1-libressl251.patch
View File

@ -1,17 +0,0 @@
diff -Naur cryptography-1.7.1.orig/src/_cffi_src/openssl/x509_vfy.py cryptography-1.7.1/src/_cffi_src/openssl/x509_vfy.py
--- cryptography-1.7.1.orig/src/_cffi_src/openssl/x509_vfy.py 2017-02-01 12:29:59.080728417 -0800
+++ cryptography-1.7.1/src/_cffi_src/openssl/x509_vfy.py 2017-02-01 12:31:48.017895844 -0800
@@ -221,10 +221,13 @@
static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0;
static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0;
static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0;
+#if !CRYPTOGRAPHY_OPENSSL_102BETA2_OR_GREATER || \
+ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2050100fL)
static const long X509_V_ERR_HOSTNAME_MISMATCH = 0;
static const long X509_V_ERR_EMAIL_MISMATCH = 0;
static const long X509_V_ERR_IP_ADDRESS_MISMATCH = 0;
+#endif
#endif
/* OpenSSL 1.0.2beta2+ verification parameters */
#if CRYPTOGRAPHY_OPENSSL_102BETA2_OR_GREATER && \

23
dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509.patch
View File

@ -1,23 +0,0 @@
diff -ur a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py
--- a/src/_cffi_src/openssl/x509.py 2017-07-27 05:11:29.000000000 +0200
+++ b/src/_cffi_src/openssl/x509.py 2018-03-23 10:28:00.387774214 +0100
@@ -254,8 +254,7 @@
const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *);
-/* in 1.1.0 becomes const ASN1_BIT_STRING, const X509_ALGOR */
-void X509_get0_signature(ASN1_BIT_STRING **, X509_ALGOR **, X509 *);
+void X509_get0_signature(const ASN1_BIT_STRING **, const X509_ALGOR **, const X509 *);
long X509_get_version(X509 *);
@@ -338,7 +337,8 @@
CUSTOMIZATIONS = """
/* Added in 1.0.2 beta but we need it in all versions now due to the great
opaquing. */
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && \
+ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
/* from x509/x_x509.c version 1.0.2 */
void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
const X509 *x)

73
dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509_vfy.patch
View File

@ -1,73 +0,0 @@
$OpenBSD: patch-src__cffi_src_openssl_x509_vfy_py,v 1.7 2018/02/22 18:49:16 sthen Exp $
--- a/src/_cffi_src/openssl/x509_vfy.py
+++ b/src/_cffi_src/openssl/x509_vfy.py
@@ -204,7 +204,7 @@ int sk_X509_OBJECT_num(Cryptography_STACK_OF_X509_OBJE
X509_OBJECT *sk_X509_OBJECT_value(Cryptography_STACK_OF_X509_OBJECT *, int);
X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *);
Cryptography_STACK_OF_X509_OBJECT *X509_STORE_get0_objects(X509_STORE *);
-X509 *X509_OBJECT_get0_X509(X509_OBJECT *);
+X509 *X509_OBJECT_get0_X509(const X509_OBJECT *);
int X509_OBJECT_get_type(const X509_OBJECT *);
/* added in 1.1.0 */
@@ -220,14 +220,11 @@ static const long Cryptography_HAS_102_VERIFICATION_ER
static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1;
#else
static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 0;
+#if LIBRESSL_VERSION_NUMBER >= 0x2070000fL
+static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1;
+#else
static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 0;
-static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0;
-static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0;
-static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0;
-static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0;
-static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0;
-static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0;
/* These 3 defines are unavailable in LibreSSL 2.5.x, but may be added
in the future... */
#ifndef X509_V_ERR_HOSTNAME_MISMATCH
@@ -240,12 +237,6 @@ static const long X509_V_ERR_EMAIL_MISMATCH = 0;
static const long X509_V_ERR_IP_ADDRESS_MISMATCH = 0;
#endif
-/* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately
- below because it shows up in some earlier 3rd party OpenSSL packages. */
-static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0;
-static const long X509_V_FLAG_SUITEB_192_LOS = 0;
-static const long X509_V_FLAG_SUITEB_128_LOS = 0;
-
int (*X509_VERIFY_PARAM_set1_host)(X509_VERIFY_PARAM *, const char *,
size_t) = NULL;
int (*X509_VERIFY_PARAM_set1_email)(X509_VERIFY_PARAM *, const char *,
@@ -257,6 +248,19 @@ void (*X509_VERIFY_PARAM_set_hostflags)(X509_VERIFY_PA
unsigned int) = NULL;
#endif
+static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0;
+static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0;
+static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0;
+static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0;
+static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0;
+static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0;
+/* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately
+ below because it shows up in some earlier 3rd party OpenSSL packages. */
+static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0;
+static const long X509_V_FLAG_SUITEB_192_LOS = 0;
+static const long X509_V_FLAG_SUITEB_128_LOS = 0;
+#endif
+
/* OpenSSL 1.0.2+ or Solaris's backport */
#ifdef X509_V_FLAG_PARTIAL_CHAIN
static const long Cryptography_HAS_X509_V_FLAG_PARTIAL_CHAIN = 1;
@@ -292,7 +296,7 @@ X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
return ctx->cert;
}
-X509 *X509_OBJECT_get0_X509(X509_OBJECT *x) {
+X509 *X509_OBJECT_get0_X509(const X509_OBJECT *x) {
return x->data.x509;
}
#endif

16
dev-python/cryptography/metadata.xml
View File

@ -1,16 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>b@edevau.net</email>
<name>Andreas Billmeier</name>
<upstream>
<remote-id type="pypi">cryptography</remote-id>
<remote-id type="github">pyca/cryptography</remote-id>
</upstream>
</maintainer>
<use>
<flag name="idna">enable support for the old, deprecated IDNA specification (RFC 3490)</flag>
<flag name="libressl">use libressl instead of openssl</flag>
</use>
</pkgmetadata>