Index: security/py-cryptography-vectors/Makefile =================================================================== --- security/py-cryptography-vectors/Makefile +++ security/py-cryptography-vectors/Makefile @@ -1,5 +1,5 @@ PORTNAME= cryptography-vectors -PORTVERSION= 38.0.1 +PORTVERSION= 41.0.2 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -15,7 +15,7 @@ LICENSE_FILE_BSD3CLAUSE=${WRKSRC}/LICENSE.BSD USES= python -USE_PYTHON= autoplist concurrent distutils +USE_PYTHON= autoplist concurrent pep517 NO_ARCH= yes Index: security/py-cryptography-vectors/distinfo =================================================================== --- security/py-cryptography-vectors/distinfo +++ security/py-cryptography-vectors/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1665073154 -SHA256 (cryptography_vectors-38.0.1.tar.gz) = 0431fd107c1fbad0377704a7051945b3b391169fddc4f6fa0bd4edc6b6e235dd -SIZE (cryptography_vectors-38.0.1.tar.gz) = 35273681 +TIMESTAMP = 1691200362 +SHA256 (cryptography_vectors-41.0.2.tar.gz) = 028dff94a8522ca818b11295ff12df55f348f33a193c0597ddfe8239e53d1582 +SIZE (cryptography_vectors-41.0.2.tar.gz) = 35288224 Index: security/py-cryptography/Makefile =================================================================== --- security/py-cryptography/Makefile +++ security/py-cryptography/Makefile @@ -1,10 +1,10 @@ PORTNAME= cryptography -PORTVERSION= 3.4.8 -PORTREVISION= 1 +PORTVERSION= 41.0.2 PORTEPOCH= 1 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} +DISTFILES= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= sunpoet@FreeBSD.org COMMENT= Cryptographic recipes and primitives for Python developers @@ -21,30 +21,29 @@ ${PYTHON_PKGNAMEPREFIX}hypothesis>=1.11.4:devel/py-hypothesis@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}iso8601>=0:devel/py-iso8601@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pretend>=0:devel/py-pretend@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}pytest-benchmark>=0:devel/py-pytest-benchmark@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pytest-cov>=0:devel/py-pytest-cov@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pytest-subtests>=0:devel/py-pytest-subtests@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pytest-xdist>=0,1:devel/py-pytest-xdist@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pytz>=0,1:devel/py-pytz@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}sqlite3>=0:databases/py-sqlite3@${PY_FLAVOR} -USES= compiler:env cpe python ssl -USE_PYTHON= autoplist concurrent distutils pytest +USES= cargo compiler:env cpe python ssl +USE_PYTHON= autoplist concurrent pep517 pytest + +CARGO_BUILD= no +CARGO_BUILDDEP= any-version +CARGO_CARGOTOML=${WRKSRC}/src/rust/Cargo.toml +CARGO_INSTALL= no +CARGO_TEST= no CFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} -MAKE_ENV= CRYPTOGRAPHY_DONT_BUILD_RUST=1 TEST_ENV= PYTHONPATH=${STAGEDIR}${PYTHON_SITELIBDIR} CPE_VENDOR= cryptography_project -.include - -.if ${CHOSEN_COMPILER_TYPE} == gcc && ${COMPILER_VERSION} <= 42 -post-patch: - @${REINPLACE_CMD} -e 's|"-Wno-error=sign-conversion"||' ${WRKSRC}/src/_cffi_src/build_openssl.py -.endif - post-install: ${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -name '*.so' -exec ${STRIP_CMD} {} + -.include +.include Index: security/py-cryptography/Makefile.crates =================================================================== --- /dev/null +++ security/py-cryptography/Makefile.crates @@ -0,0 +1,53 @@ +CARGO_CRATES= Inflector-0.11.4 \ + aliasable-0.1.3 \ + asn1-0.15.2 \ + asn1_derive-0.15.2 \ + autocfg-1.1.0 \ + base64-0.13.1 \ + bitflags-1.3.2 \ + cc-1.0.79 \ + cfg-if-1.0.0 \ + foreign-types-0.3.2 \ + foreign-types-shared-0.1.1 \ + indoc-1.0.9 \ + libc-0.2.144 \ + lock_api-0.4.9 \ + memoffset-0.8.0 \ + once_cell-1.17.2 \ + openssl-0.10.54 \ + openssl-macros-0.1.1 \ + openssl-sys-0.9.88 \ + ouroboros-0.15.6 \ + ouroboros_macro-0.15.6 \ + parking_lot-0.12.1 \ + parking_lot_core-0.9.7 \ + pem-1.1.1 \ + pkg-config-0.3.27 \ + proc-macro-error-1.0.4 \ + proc-macro-error-attr-1.0.4 \ + proc-macro2-1.0.64 \ + pyo3-0.18.3 \ + pyo3-build-config-0.18.3 \ + pyo3-ffi-0.18.3 \ + pyo3-macros-0.18.3 \ + pyo3-macros-backend-0.18.3 \ + quote-1.0.28 \ + redox_syscall-0.2.16 \ + scopeguard-1.1.0 \ + smallvec-1.10.0 \ + syn-1.0.109 \ + syn-2.0.18 \ + target-lexicon-0.12.7 \ + unicode-ident-1.0.9 \ + unindent-0.1.11 \ + vcpkg-0.2.15 \ + version_check-0.9.4 \ + windows-sys-0.45.0 \ + windows-targets-0.42.2 \ + windows_aarch64_gnullvm-0.42.2 \ + windows_aarch64_msvc-0.42.2 \ + windows_i686_gnu-0.42.2 \ + windows_i686_msvc-0.42.2 \ + windows_x86_64_gnu-0.42.2 \ + windows_x86_64_gnullvm-0.42.2 \ + windows_x86_64_msvc-0.42.2 Index: security/py-cryptography/distinfo =================================================================== --- security/py-cryptography/distinfo +++ security/py-cryptography/distinfo @@ -1,3 +1,109 @@ -TIMESTAMP = 1652122693 -SHA256 (cryptography-3.4.8.tar.gz) = 94cc5ed4ceaefcbe5bf38c8fba6a21fc1d365bb8fb826ea1688e3370b2e24a1c -SIZE (cryptography-3.4.8.tar.gz) = 546907 +TIMESTAMP = 1691202084 +SHA256 (cryptography-41.0.2.tar.gz) = 7d230bf856164de164ecb615ccc14c7fc6de6906ddd5b491f3af90d3514c925c +SIZE (cryptography-41.0.2.tar.gz) = 630080 +SHA256 (rust/crates/Inflector-0.11.4.crate) = fe438c63458706e03479442743baae6c88256498e6431708f6dfc520a26515d3 +SIZE (rust/crates/Inflector-0.11.4.crate) = 17438 +SHA256 (rust/crates/aliasable-0.1.3.crate) = 250f629c0161ad8107cf89319e990051fae62832fd343083bea452d93e2205fd +SIZE (rust/crates/aliasable-0.1.3.crate) = 6169 +SHA256 (rust/crates/asn1-0.15.2.crate) = 28c19b9324de5b815b6487e0f8098312791b09de0dbf3d5c2db1fe2d95bab973 +SIZE (rust/crates/asn1-0.15.2.crate) = 34002 +SHA256 (rust/crates/asn1_derive-0.15.2.crate) = a045c3ccad89f244a86bd1e6cf1a7bf645296e7692698b056399b6efd4639407 +SIZE (rust/crates/asn1_derive-0.15.2.crate) = 6096 +SHA256 (rust/crates/autocfg-1.1.0.crate) = d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa +SIZE (rust/crates/autocfg-1.1.0.crate) = 13272 +SHA256 (rust/crates/base64-0.13.1.crate) = 9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8 +SIZE (rust/crates/base64-0.13.1.crate) = 61002 +SHA256 (rust/crates/bitflags-1.3.2.crate) = bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a +SIZE (rust/crates/bitflags-1.3.2.crate) = 23021 +SHA256 (rust/crates/cc-1.0.79.crate) = 50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f +SIZE (rust/crates/cc-1.0.79.crate) = 62624 +SHA256 (rust/crates/cfg-if-1.0.0.crate) = baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd +SIZE (rust/crates/cfg-if-1.0.0.crate) = 7934 +SHA256 (rust/crates/foreign-types-0.3.2.crate) = f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1 +SIZE (rust/crates/foreign-types-0.3.2.crate) = 7504 +SHA256 (rust/crates/foreign-types-shared-0.1.1.crate) = 00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b +SIZE (rust/crates/foreign-types-shared-0.1.1.crate) = 5672 +SHA256 (rust/crates/indoc-1.0.9.crate) = bfa799dd5ed20a7e349f3b4639aa80d74549c81716d9ec4f994c9b5815598306 +SIZE (rust/crates/indoc-1.0.9.crate) = 13475 +SHA256 (rust/crates/libc-0.2.144.crate) = 2b00cc1c228a6782d0f076e7b232802e0c5689d41bb5df366f2a6b6621cfdfe1 +SIZE (rust/crates/libc-0.2.144.crate) = 682092 +SHA256 (rust/crates/lock_api-0.4.9.crate) = 435011366fe56583b16cf956f9df0095b405b82d76425bc8981c0e22e60ec4df +SIZE (rust/crates/lock_api-0.4.9.crate) = 25685 +SHA256 (rust/crates/memoffset-0.8.0.crate) = d61c719bcfbcf5d62b3a09efa6088de8c54bc0bfcd3ea7ae39fcc186108b8de1 +SIZE (rust/crates/memoffset-0.8.0.crate) = 8912 +SHA256 (rust/crates/once_cell-1.17.2.crate) = 9670a07f94779e00908f3e686eab508878ebb390ba6e604d3a284c00e8d0487b +SIZE (rust/crates/once_cell-1.17.2.crate) = 33335 +SHA256 (rust/crates/openssl-0.10.54.crate) = 69b3f656a17a6cbc115b5c7a40c616947d213ba182135b014d6051b73ab6f019 +SIZE (rust/crates/openssl-0.10.54.crate) = 258266 +SHA256 (rust/crates/openssl-macros-0.1.1.crate) = a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c +SIZE (rust/crates/openssl-macros-0.1.1.crate) = 5601 +SHA256 (rust/crates/openssl-sys-0.9.88.crate) = c2ce0f250f34a308dcfdbb351f511359857d4ed2134ba715a4eadd46e1ffd617 +SIZE (rust/crates/openssl-sys-0.9.88.crate) = 66011 +SHA256 (rust/crates/ouroboros-0.15.6.crate) = e1358bd1558bd2a083fed428ffeda486fbfb323e698cdda7794259d592ca72db +SIZE (rust/crates/ouroboros-0.15.6.crate) = 11257 +SHA256 (rust/crates/ouroboros_macro-0.15.6.crate) = 5f7d21ccd03305a674437ee1248f3ab5d4b1db095cf1caf49f1713ddf61956b7 +SIZE (rust/crates/ouroboros_macro-0.15.6.crate) = 20751 +SHA256 (rust/crates/parking_lot-0.12.1.crate) = 3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f +SIZE (rust/crates/parking_lot-0.12.1.crate) = 40967 +SHA256 (rust/crates/parking_lot_core-0.9.7.crate) = 9069cbb9f99e3a5083476ccb29ceb1de18b9118cafa53e90c9551235de2b9521 +SIZE (rust/crates/parking_lot_core-0.9.7.crate) = 32412 +SHA256 (rust/crates/pem-1.1.1.crate) = a8835c273a76a90455d7344889b0964598e3316e2a79ede8e36f16bdcf2228b8 +SIZE (rust/crates/pem-1.1.1.crate) = 11352 +SHA256 (rust/crates/pkg-config-0.3.27.crate) = 26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964 +SIZE (rust/crates/pkg-config-0.3.27.crate) = 18838 +SHA256 (rust/crates/proc-macro-error-1.0.4.crate) = da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c +SIZE (rust/crates/proc-macro-error-1.0.4.crate) = 25293 +SHA256 (rust/crates/proc-macro-error-attr-1.0.4.crate) = a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869 +SIZE (rust/crates/proc-macro-error-attr-1.0.4.crate) = 7971 +SHA256 (rust/crates/proc-macro2-1.0.64.crate) = 78803b62cbf1f46fde80d7c0e803111524b9877184cfe7c3033659490ac7a7da +SIZE (rust/crates/proc-macro2-1.0.64.crate) = 44848 +SHA256 (rust/crates/pyo3-0.18.3.crate) = e3b1ac5b3731ba34fdaa9785f8d74d17448cd18f30cf19e0c7e7b1fdb5272109 +SIZE (rust/crates/pyo3-0.18.3.crate) = 420236 +SHA256 (rust/crates/pyo3-build-config-0.18.3.crate) = 9cb946f5ac61bb61a5014924910d936ebd2b23b705f7a4a3c40b05c720b079a3 +SIZE (rust/crates/pyo3-build-config-0.18.3.crate) = 29137 +SHA256 (rust/crates/pyo3-ffi-0.18.3.crate) = fd4d7c5337821916ea2a1d21d1092e8443cf34879e53a0ac653fbb98f44ff65c +SIZE (rust/crates/pyo3-ffi-0.18.3.crate) = 64474 +SHA256 (rust/crates/pyo3-macros-0.18.3.crate) = a9d39c55dab3fc5a4b25bbd1ac10a2da452c4aca13bb450f22818a002e29648d +SIZE (rust/crates/pyo3-macros-0.18.3.crate) = 7175 +SHA256 (rust/crates/pyo3-macros-backend-0.18.3.crate) = 97daff08a4c48320587b5224cc98d609e3c27b6d437315bd40b605c98eeb5918 +SIZE (rust/crates/pyo3-macros-backend-0.18.3.crate) = 48922 +SHA256 (rust/crates/quote-1.0.28.crate) = 1b9ab9c7eadfd8df19006f1cf1a4aed13540ed5cbc047010ece5826e10825488 +SIZE (rust/crates/quote-1.0.28.crate) = 28382 +SHA256 (rust/crates/redox_syscall-0.2.16.crate) = fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a +SIZE (rust/crates/redox_syscall-0.2.16.crate) = 24012 +SHA256 (rust/crates/scopeguard-1.1.0.crate) = d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd +SIZE (rust/crates/scopeguard-1.1.0.crate) = 11470 +SHA256 (rust/crates/smallvec-1.10.0.crate) = a507befe795404456341dfab10cef66ead4c041f62b8b11bbb92bffe5d0953e0 +SIZE (rust/crates/smallvec-1.10.0.crate) = 31564 +SHA256 (rust/crates/syn-1.0.109.crate) = 72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237 +SIZE (rust/crates/syn-1.0.109.crate) = 237611 +SHA256 (rust/crates/syn-2.0.18.crate) = 32d41677bcbe24c20c52e7c70b0d8db04134c5d1066bf98662e2871ad200ea3e +SIZE (rust/crates/syn-2.0.18.crate) = 240648 +SHA256 (rust/crates/target-lexicon-0.12.7.crate) = fd1ba337640d60c3e96bc6f0638a939b9c9a7f2c316a1598c279828b3d1dc8c5 +SIZE (rust/crates/target-lexicon-0.12.7.crate) = 24402 +SHA256 (rust/crates/unicode-ident-1.0.9.crate) = b15811caf2415fb889178633e7724bad2509101cde276048e013b9def5e51fa0 +SIZE (rust/crates/unicode-ident-1.0.9.crate) = 41978 +SHA256 (rust/crates/unindent-0.1.11.crate) = e1766d682d402817b5ac4490b3c3002d91dfa0d22812f341609f97b08757359c +SIZE (rust/crates/unindent-0.1.11.crate) = 7700 +SHA256 (rust/crates/vcpkg-0.2.15.crate) = accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426 +SIZE (rust/crates/vcpkg-0.2.15.crate) = 228735 +SHA256 (rust/crates/version_check-0.9.4.crate) = 49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f +SIZE (rust/crates/version_check-0.9.4.crate) = 14895 +SHA256 (rust/crates/windows-sys-0.45.0.crate) = 75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0 +SIZE (rust/crates/windows-sys-0.45.0.crate) = 2568659 +SHA256 (rust/crates/windows-targets-0.42.2.crate) = 8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071 +SIZE (rust/crates/windows-targets-0.42.2.crate) = 5492 +SHA256 (rust/crates/windows_aarch64_gnullvm-0.42.2.crate) = 597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8 +SIZE (rust/crates/windows_aarch64_gnullvm-0.42.2.crate) = 364071 +SHA256 (rust/crates/windows_aarch64_msvc-0.42.2.crate) = e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43 +SIZE (rust/crates/windows_aarch64_msvc-0.42.2.crate) = 666981 +SHA256 (rust/crates/windows_i686_gnu-0.42.2.crate) = c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f +SIZE (rust/crates/windows_i686_gnu-0.42.2.crate) = 736236 +SHA256 (rust/crates/windows_i686_msvc-0.42.2.crate) = 44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060 +SIZE (rust/crates/windows_i686_msvc-0.42.2.crate) = 724951 +SHA256 (rust/crates/windows_x86_64_gnu-0.42.2.crate) = 8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36 +SIZE (rust/crates/windows_x86_64_gnu-0.42.2.crate) = 699373 +SHA256 (rust/crates/windows_x86_64_gnullvm-0.42.2.crate) = 26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3 +SIZE (rust/crates/windows_x86_64_gnullvm-0.42.2.crate) = 364068 +SHA256 (rust/crates/windows_x86_64_msvc-0.42.2.crate) = 9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0 +SIZE (rust/crates/windows_x86_64_msvc-0.42.2.crate) = 666936 Index: security/py-cryptography/files/patch-libressl =================================================================== --- security/py-cryptography/files/patch-libressl +++ /dev/null @@ -1,316 +0,0 @@ ---- src/_cffi_src/openssl/crypto.py.orig 2023-03-22 07:29:15 UTC -+++ src/_cffi_src/openssl/crypto.py -@@ -74,11 +74,8 @@ CUSTOMIZATIONS = """ - # define OPENSSL_DIR SSLEAY_DIR - #endif - -+static const long Cryptography_HAS_OPENSSL_CLEANUP = 1; - #if CRYPTOGRAPHY_IS_LIBRESSL --static const long Cryptography_HAS_OPENSSL_CLEANUP = 0; -- --void (*OPENSSL_cleanup)(void) = NULL; -- - /* This function has a significantly different signature pre-1.1.0. since it is - * for testing only, we don't bother to expose it on older OpenSSLs. - */ -@@ -89,7 +86,6 @@ int (*Cryptography_CRYPTO_set_mem_functions)( - void (*)(void *, const char *, int)) = NULL; - - #else --static const long Cryptography_HAS_OPENSSL_CLEANUP = 1; - static const long Cryptography_HAS_MEM_FUNCTIONS = 1; - - int Cryptography_CRYPTO_set_mem_functions( ---- src/_cffi_src/openssl/cryptography.py.orig 2021-08-24 17:17:17 UTC -+++ src/_cffi_src/openssl/cryptography.py -@@ -33,17 +33,17 @@ INCLUDES = """ - #endif - - #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \ -- (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL) -+ OPENSSL_VERSION_NUMBER >= 0x1010006f - - #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \ -- (OPENSSL_VERSION_NUMBER < 0x101000af || CRYPTOGRAPHY_IS_LIBRESSL) -+ OPENSSL_VERSION_NUMBER < 0x101000af - #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 \ -- (OPENSSL_VERSION_NUMBER < 0x10101000 || CRYPTOGRAPHY_IS_LIBRESSL) -+ OPENSSL_VERSION_NUMBER < 0x10101000 - #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B \ -- (OPENSSL_VERSION_NUMBER < 0x10101020 || CRYPTOGRAPHY_IS_LIBRESSL) -+ OPENSSL_VERSION_NUMBER < 0x10101020 - #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111D \ -- (OPENSSL_VERSION_NUMBER < 0x10101040 || CRYPTOGRAPHY_IS_LIBRESSL) --#if (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111D && !CRYPTOGRAPHY_IS_LIBRESSL && \ -+ OPENSSL_VERSION_NUMBER < 0x10101040 -+#if (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111D && \ - !defined(OPENSSL_NO_ENGINE)) || defined(USE_OSRANDOM_RNG_FOR_TESTING) - #define CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE 1 - #else ---- src/_cffi_src/openssl/dh.py.orig 2021-08-24 17:17:17 UTC -+++ src/_cffi_src/openssl/dh.py -@@ -37,117 +37,9 @@ int Cryptography_i2d_DHxparams_bio(BIO *bp, DH *x); - """ - - CUSTOMIZATIONS = """ --#if CRYPTOGRAPHY_IS_LIBRESSL --#ifndef DH_CHECK_Q_NOT_PRIME --#define DH_CHECK_Q_NOT_PRIME 0x10 --#endif -- --#ifndef DH_CHECK_INVALID_Q_VALUE --#define DH_CHECK_INVALID_Q_VALUE 0x20 --#endif -- --#ifndef DH_CHECK_INVALID_J_VALUE --#define DH_CHECK_INVALID_J_VALUE 0x40 --#endif -- --/* DH_check implementation taken from OpenSSL 1.1.0pre6 */ -- --/*- -- * Check that p is a safe prime and -- * if g is 2, 3 or 5, check that it is a suitable generator -- * where -- * for 2, p mod 24 == 11 -- * for 3, p mod 12 == 5 -- * for 5, p mod 10 == 3 or 7 -- * should hold. -- */ -- --int Cryptography_DH_check(const DH *dh, int *ret) --{ -- int ok = 0, r; -- BN_CTX *ctx = NULL; -- BN_ULONG l; -- BIGNUM *t1 = NULL, *t2 = NULL; -- -- *ret = 0; -- ctx = BN_CTX_new(); -- if (ctx == NULL) -- goto err; -- BN_CTX_start(ctx); -- t1 = BN_CTX_get(ctx); -- if (t1 == NULL) -- goto err; -- t2 = BN_CTX_get(ctx); -- if (t2 == NULL) -- goto err; -- -- if (dh->q) { -- if (BN_cmp(dh->g, BN_value_one()) <= 0) -- *ret |= DH_NOT_SUITABLE_GENERATOR; -- else if (BN_cmp(dh->g, dh->p) >= 0) -- *ret |= DH_NOT_SUITABLE_GENERATOR; -- else { -- /* Check g^q == 1 mod p */ -- if (!BN_mod_exp(t1, dh->g, dh->q, dh->p, ctx)) -- goto err; -- if (!BN_is_one(t1)) -- *ret |= DH_NOT_SUITABLE_GENERATOR; -- } -- r = BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL); -- if (r < 0) -- goto err; -- if (!r) -- *ret |= DH_CHECK_Q_NOT_PRIME; -- /* Check p == 1 mod q i.e. q divides p - 1 */ -- if (!BN_div(t1, t2, dh->p, dh->q, ctx)) -- goto err; -- if (!BN_is_one(t2)) -- *ret |= DH_CHECK_INVALID_Q_VALUE; -- if (dh->j && BN_cmp(dh->j, t1)) -- *ret |= DH_CHECK_INVALID_J_VALUE; -- -- } else if (BN_is_word(dh->g, DH_GENERATOR_2)) { -- l = BN_mod_word(dh->p, 24); -- if (l == (BN_ULONG)-1) -- goto err; -- if (l != 11) -- *ret |= DH_NOT_SUITABLE_GENERATOR; -- } else if (BN_is_word(dh->g, DH_GENERATOR_5)) { -- l = BN_mod_word(dh->p, 10); -- if (l == (BN_ULONG)-1) -- goto err; -- if ((l != 3) && (l != 7)) -- *ret |= DH_NOT_SUITABLE_GENERATOR; -- } else -- *ret |= DH_UNABLE_TO_CHECK_GENERATOR; -- -- r = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL); -- if (r < 0) -- goto err; -- if (!r) -- *ret |= DH_CHECK_P_NOT_PRIME; -- else if (!dh->q) { -- if (!BN_rshift1(t1, dh->p)) -- goto err; -- r = BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL); -- if (r < 0) -- goto err; -- if (!r) -- *ret |= DH_CHECK_P_NOT_SAFE_PRIME; -- } -- ok = 1; -- err: -- if (ctx != NULL) { -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -- } -- return (ok); --} --#else - int Cryptography_DH_check(const DH *dh, int *ret) { - return DH_check(dh, ret); - } --#endif - - /* These functions were added in OpenSSL 1.1.0f commit d0c50e80a8 */ - /* Define our own to simplify support across all versions. */ ---- src/_cffi_src/openssl/fips.py.orig 2021-08-24 17:17:17 UTC -+++ src/_cffi_src/openssl/fips.py -@@ -17,11 +17,5 @@ int FIPS_mode(void); - """ - - CUSTOMIZATIONS = """ --#if CRYPTOGRAPHY_IS_LIBRESSL --static const long Cryptography_HAS_FIPS = 0; --int (*FIPS_mode_set)(int) = NULL; --int (*FIPS_mode)(void) = NULL; --#else - static const long Cryptography_HAS_FIPS = 1; --#endif - """ ---- src/_cffi_src/openssl/ocsp.py.orig 2021-08-24 17:17:17 UTC -+++ src/_cffi_src/openssl/ocsp.py -@@ -77,7 +77,6 @@ int i2d_OCSP_RESPDATA(OCSP_RESPDATA *, unsigned char * - - CUSTOMIZATIONS = """ - #if ( \ -- !CRYPTOGRAPHY_IS_LIBRESSL && \ - CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \ - ) - /* These structs come from ocsp_lcl.h and are needed to de-opaque the struct -@@ -104,62 +103,15 @@ struct ocsp_basic_response_st { - }; - #endif - --#if CRYPTOGRAPHY_IS_LIBRESSL --/* These functions are all taken from ocsp_cl.c in OpenSSL 1.1.0 */ --const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single) --{ -- return single->certId; --} --const Cryptography_STACK_OF_X509 *OCSP_resp_get0_certs( -- const OCSP_BASICRESP *bs) --{ -- return bs->certs; --} --int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, -- const ASN1_OCTET_STRING **pid, -- const X509_NAME **pname) --{ -- const OCSP_RESPID *rid = bs->tbsResponseData->responderId; -- -- if (rid->type == V_OCSP_RESPID_NAME) { -- *pname = rid->value.byName; -- *pid = NULL; -- } else if (rid->type == V_OCSP_RESPID_KEY) { -- *pid = rid->value.byKey; -- *pname = NULL; -- } else { -- return 0; -- } -- return 1; --} --const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at( -- const OCSP_BASICRESP* bs) --{ -- return bs->tbsResponseData->producedAt; --} --const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs) --{ -- return bs->signature; --} --#endif -- - #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J - const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs) - { --#if CRYPTOGRAPHY_IS_LIBRESSL -- return bs->signatureAlgorithm; --#else - return &bs->signatureAlgorithm; --#endif - } - - const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs) - { --#if CRYPTOGRAPHY_IS_LIBRESSL -- return bs->tbsResponseData; --#else - return &bs->tbsResponseData; --#endif - } - #endif - """ ---- src/_cffi_src/openssl/ssl.py.orig 2021-08-24 17:17:17 UTC -+++ src/_cffi_src/openssl/ssl.py -@@ -515,12 +515,7 @@ CUSTOMIZATIONS = """ - // users have upgraded. PersistentlyDeprecated2020 - static const long Cryptography_HAS_TLSEXT_HOSTNAME = 1; - --#if CRYPTOGRAPHY_IS_LIBRESSL --static const long Cryptography_HAS_VERIFIED_CHAIN = 0; --Cryptography_STACK_OF_X509 *(*SSL_get0_verified_chain)(const SSL *) = NULL; --#else - static const long Cryptography_HAS_VERIFIED_CHAIN = 1; --#endif - - #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 - static const long Cryptography_HAS_KEYLOG = 0; -@@ -586,8 +581,6 @@ static const long TLS_ST_OK = 0; - #endif - - #if CRYPTOGRAPHY_IS_LIBRESSL --static const long SSL_OP_NO_DTLSv1 = 0; --static const long SSL_OP_NO_DTLSv1_2 = 0; - long (*DTLS_set_link_mtu)(SSL *, long) = NULL; - long (*DTLS_get_link_min_mtu)(SSL *) = NULL; - #endif ---- src/_cffi_src/openssl/x509.py.orig 2021-08-24 17:02:37 UTC -+++ src/_cffi_src/openssl/x509.py -@@ -276,33 +276,8 @@ void X509_REQ_get0_signature(const X509_REQ *, const A - """ - - CUSTOMIZATIONS = """ --#if CRYPTOGRAPHY_IS_LIBRESSL --int i2d_re_X509_tbs(X509 *x, unsigned char **pp) --{ -- /* in 1.0.2+ this function also sets x->cert_info->enc.modified = 1 -- but older OpenSSLs don't have the enc ASN1_ENCODING member in the -- X509 struct. Setting modified to 1 marks the encoding -- (x->cert_info->enc.enc) as invalid, but since the entire struct isn't -- present we don't care. */ -- return i2d_X509_CINF(x->cert_info, pp); --} --#endif -- - /* Being kept around for pyOpenSSL */ - X509_REVOKED *Cryptography_X509_REVOKED_dup(X509_REVOKED *rev) { - return X509_REVOKED_dup(rev); - } --/* Added in 1.1.0 but we need it in all versions now due to the great -- opaquing. */ --#if CRYPTOGRAPHY_IS_LIBRESSL --int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) --{ -- req->req_info->enc.modified = 1; -- return i2d_X509_REQ_INFO(req->req_info, pp); --} --int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) { -- crl->crl->enc.modified = 1; -- return i2d_X509_CRL_INFO(crl->crl, pp); --} --#endif - """ Index: security/py-cryptography/files/patch-setup.py =================================================================== --- security/py-cryptography/files/patch-setup.py +++ /dev/null @@ -1,55 +0,0 @@ ---- setup.py.orig 2021-03-25 17:19:57 UTC -+++ setup.py -@@ -10,23 +10,7 @@ import sys - - from setuptools import find_packages, setup - --try: -- from setuptools_rust import RustExtension --except ImportError: -- print( -- """ -- =============================DEBUG ASSISTANCE========================== -- If you are seeing an error here please try the following to -- successfully install cryptography: - -- Upgrade to the latest pip and try again. This will fix errors for most -- users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip -- =============================DEBUG ASSISTANCE========================== -- """ -- ) -- raise -- -- - base_dir = os.path.dirname(__file__) - src_dir = os.path.join(base_dir, "src") - -@@ -41,9 +25,8 @@ with open(os.path.join(src_dir, "cryptography", "__abo - - # `install_requirements` and `setup_requirements` must be kept in sync with - # `pyproject.toml` --setuptools_rust = "setuptools-rust>=0.11.4" - install_requirements = ["cffi>=1.12"] --setup_requirements = install_requirements + [setuptools_rust] -+setup_requirements = install_requirements - - if os.environ.get("CRYPTOGRAPHY_DONT_BUILD_RUST"): - rust_extensions = [] -@@ -129,9 +112,6 @@ try: - "twine >= 1.12.0", - "sphinxcontrib-spelling >= 4.0.1", - ], -- "sdist": [ -- setuptools_rust, -- ], - "pep8test": [ - "black", - "flake8", -@@ -149,7 +129,6 @@ try: - "src/_cffi_src/build_openssl.py:ffi", - "src/_cffi_src/build_padding.py:ffi", - ], -- rust_extensions=rust_extensions, - ) - except: # noqa: E722 - # Note: This is a bare exception that re-raises so that we don't interfere