diff --git a/security/py-cryptography/Makefile b/security/py-cryptography/Makefile index a7a3e6f4d4e..c476077337f 100644 --- a/security/py-cryptography/Makefile +++ b/security/py-cryptography/Makefile @@ -1,8 +1,9 @@ -# $OpenBSD: Makefile,v 1.23 2018/02/12 14:39:46 sthen Exp $ +# $OpenBSD: Makefile,v 1.24 2018/02/18 13:44:41 sthen Exp $ COMMENT= cryptographic recipes and primitives for Python MODPY_EGG_VERSION= 2.1.4 +REVISION= 0 DISTNAME= cryptography-${MODPY_EGG_VERSION} PKGNAME= ${MODPY_PY_PREFIX}${DISTNAME} CATEGORIES= security devel diff --git a/security/py-cryptography/patches/patch-src__cffi_src_openssl_x509_py b/security/py-cryptography/patches/patch-src__cffi_src_openssl_x509_py new file mode 100644 index 00000000000..543790fa989 --- /dev/null +++ b/security/py-cryptography/patches/patch-src__cffi_src_openssl_x509_py @@ -0,0 +1,37 @@ +$OpenBSD: patch-src__cffi_src_openssl_x509_py,v 1.1 2018/02/18 13:44:41 sthen Exp $ + +Index: src/_cffi_src/openssl/x509.py +--- src/_cffi_src/openssl/x509.py.orig ++++ src/_cffi_src/openssl/x509.py +@@ -255,8 +255,7 @@ int X509_get_signature_nid(const X509 *); + + const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *); + +-/* in 1.1.0 becomes const ASN1_BIT_STRING, const X509_ALGOR */ +-void X509_get0_signature(ASN1_BIT_STRING **, X509_ALGOR **, X509 *); ++void X509_get0_signature(const ASN1_BIT_STRING **, const X509_ALGOR **, const X509 *); + + long X509_get_version(X509 *); + +@@ -339,7 +338,8 @@ void X509_REQ_get0_signature(const X509_REQ *, const A + CUSTOMIZATIONS = """ + /* Added in 1.0.2 beta but we need it in all versions now due to the great + opaquing. */ +-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 ++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && \ ++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) + /* from x509/x_x509.c version 1.0.2 */ + void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, + const X509 *x) +@@ -383,9 +383,11 @@ X509_REVOKED *Cryptography_X509_REVOKED_dup(X509_REVOK + opaquing. */ + #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 + ++#if (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) + int X509_up_ref(X509 *x) { + return CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + } ++#endif + + const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x) + { diff --git a/security/py-cryptography/patches/patch-src__cffi_src_openssl_x509_vfy_py b/security/py-cryptography/patches/patch-src__cffi_src_openssl_x509_vfy_py index e398dfd8c62..a9cebe57b3d 100644 --- a/security/py-cryptography/patches/patch-src__cffi_src_openssl_x509_vfy_py +++ b/security/py-cryptography/patches/patch-src__cffi_src_openssl_x509_vfy_py @@ -1,4 +1,4 @@ -$OpenBSD: patch-src__cffi_src_openssl_x509_vfy_py,v 1.5 2018/02/11 00:11:51 sthen Exp $ +$OpenBSD: patch-src__cffi_src_openssl_x509_vfy_py,v 1.6 2018/02/18 13:44:41 sthen Exp $ Index: src/_cffi_src/openssl/x509_vfy.py --- src/_cffi_src/openssl/x509_vfy.py.orig @@ -7,7 +7,7 @@ Index: src/_cffi_src/openssl/x509_vfy.py static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1; #else static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 0; -+#if LIBRESSL_VERSION_NUMBER >= 0x2070000fL /* XXX verification functions added 2018/02/09, this should be one higher version */ ++#if LIBRESSL_VERSION_NUMBER >= 0x2070000fL +static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1; +#else static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 0;