fix following more libressl additions. getting rather dirty but not much

point cleaning up until we get further with additions. (also some of the cffi parts can't cope with ifdefs, blearghh).
2018-02-18 13:44:41 +00:00 · 2018-02-18 13:44:41 +00:00 · 0149ea6d10
commit 0149ea6d10
parent 758d9b454a
3 changed files with 41 additions and 3 deletions
--- a/security/py-cryptography/Makefile
+++ b/security/py-cryptography/Makefile
@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.23 2018/02/12 14:39:46 sthen Exp $
+# $OpenBSD: Makefile,v 1.24 2018/02/18 13:44:41 sthen Exp $

 COMMENT=	cryptographic recipes and primitives for Python

 MODPY_EGG_VERSION=	2.1.4
+REVISION=	0
 DISTNAME=	cryptography-${MODPY_EGG_VERSION}
 PKGNAME=	${MODPY_PY_PREFIX}${DISTNAME}
 CATEGORIES=	security devel
--- a/security/py-cryptography/patches/patch-src__cffi_src_openssl_x509_py
+++ b/security/py-cryptography/patches/patch-src__cffi_src_openssl_x509_py
@ -0,0 +1,37 @@
+$OpenBSD: patch-src__cffi_src_openssl_x509_py,v 1.1 2018/02/18 13:44:41 sthen Exp $
+
+Index: src/_cffi_src/openssl/x509.py
+--- src/_cffi_src/openssl/x509.py.orig
+++ src/_cffi_src/openssl/x509.py
+@@ -255,8 +255,7 @@ int X509_get_signature_nid(const X509 *);
+ 
+ const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *);
+ 
+-/* in 1.1.0 becomes const ASN1_BIT_STRING, const X509_ALGOR */
+-void X509_get0_signature(ASN1_BIT_STRING **, X509_ALGOR **, X509 *);
+void X509_get0_signature(const ASN1_BIT_STRING **, const X509_ALGOR **, const X509 *);
+ 
+ long X509_get_version(X509 *);
+ 
+@@ -339,7 +338,8 @@ void X509_REQ_get0_signature(const X509_REQ *, const A
+ CUSTOMIZATIONS = """
+ /* Added in 1.0.2 beta but we need it in all versions now due to the great
+    opaquing. */
+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && \
+    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+ /* from x509/x_x509.c version 1.0.2 */
+ void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
+                          const X509 *x)
+@@ -383,9 +383,11 @@ X509_REVOKED *Cryptography_X509_REVOKED_dup(X509_REVOK
+    opaquing. */
+ #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
+ 
+#if (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+ int X509_up_ref(X509 *x) {
+    return CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+ }
+#endif
+ 
+ const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
+ {
--- a/security/py-cryptography/patches/patch-src__cffi_src_openssl_x509_vfy_py
+++ b/security/py-cryptography/patches/patch-src__cffi_src_openssl_x509_vfy_py
@ -1,4 +1,4 @@
-$OpenBSD: patch-src__cffi_src_openssl_x509_vfy_py,v 1.5 2018/02/11 00:11:51 sthen Exp $
+$OpenBSD: patch-src__cffi_src_openssl_x509_vfy_py,v 1.6 2018/02/18 13:44:41 sthen Exp $

 Index: src/_cffi_src/openssl/x509_vfy.py
 --- src/_cffi_src/openssl/x509_vfy.py.orig
@ -7,7 +7,7 @@ Index: src/_cffi_src/openssl/x509_vfy.py
 static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1;
 #else
 static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 0;
-+#if LIBRESSL_VERSION_NUMBER >= 0x2070000fL    /* XXX verification functions added 2018/02/09, this should be one higher version */
+#if LIBRESSL_VERSION_NUMBER >= 0x2070000fL
 +static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1;
 +#else
 static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 0;