aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorQuentin Retornaz <caseoffr@outlook.com>2018-04-02 20:26:56 +0200
committerAnthony G. Basile <blueness@gentoo.org>2018-04-02 15:31:41 -0400
commit6901248a0798fccecce7b488349955892b5df0cb (patch)
tree82512914ef687d06a5a8533052f2eed2a647b60e /dev-python
parentadd support for libressl 2.7.x #651172 (diff)
downloadlibressl-6901248a0798fccecce7b488349955892b5df0cb.tar.gz
libressl-6901248a0798fccecce7b488349955892b5df0cb.tar.bz2
libressl-6901248a0798fccecce7b488349955892b5df0cb.zip
add support for libressl 2.7.x #651168
Diffstat (limited to 'dev-python')
-rw-r--r--dev-python/cryptography/Manifest1
-rw-r--r--dev-python/cryptography/cryptography-2.1.4.ebuild68
-rw-r--r--dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509.patch23
-rw-r--r--dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509_vfy.patch73
4 files changed, 165 insertions, 0 deletions
diff --git a/dev-python/cryptography/Manifest b/dev-python/cryptography/Manifest
index 3a1afb1..44ea6ed 100644
--- a/dev-python/cryptography/Manifest
+++ b/dev-python/cryptography/Manifest
@@ -1,2 +1,3 @@
DIST cryptography-1.7.1.tar.gz 420673 SHA256 953fef7d40a49a795f4d955c5ce4338abcec5dea822ed0414ed30348303fdb4c SHA512 fb88b0ee9e314526fcdbb6d35da409b7335c7408a69d2350c58379471d2b9d76021010955629cf776d26312f22d4f8aa3f135955a19dfbff9d602176c9bbfd40 WHIRLPOOL 24b705889b95b568000600662ec82e3f5571582525db3571f3285b99f985b0a21eefd14dccc577700bc082891f7d3c563ac78a8bfd8d810da3ff38914ae5a86d
DIST cryptography-1.8.1.tar.gz 423560 SHA256 323524312bb467565ebca7e50c8ae5e9674e544951d28a2904a50012a8828190 SHA512 273c8ca4ad6c9d1151a8a731d148d02e619e14e37df25dc26030b0a90f895b88fbf4d3e320aec5ea7af4a8fcc58f720c61f48968f912c69156d4e0e794743345 WHIRLPOOL ff760c9dc7dfbba355afde726a9154bcf45102e135b95b431aab5ac34c8003edccafa646b51ca02296aa55f244b0ff752d8d1b775cb76a1c9f15d347d505e8ce
+DIST cryptography-2.1.4.tar.gz 441557 BLAKE2B 66aa07930ee54469328977e27096e65b7a333b38b71828c71cb7891b489ef7af60f5e5590f67b43d5e63dc2279d9ca1ba036879f3145264f7639d65000958b50 SHA512 f749cb4384badc174a842514e5a4fee2ed01ab9c716799d8d9d5301f6d2d97b6c41deb9e425f48928b639fa34bef8c05529ed7e5b777ef5ca75c244f8fda8fd4
diff --git a/dev-python/cryptography/cryptography-2.1.4.ebuild b/dev-python/cryptography/cryptography-2.1.4.ebuild
new file mode 100644
index 0000000..6cb6ea3
--- /dev/null
+++ b/dev-python/cryptography/cryptography-2.1.4.ebuild
@@ -0,0 +1,68 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy{,3} )
+PYTHON_REQ_USE="threads(+)"
+
+inherit distutils-r1 flag-o-matic
+
+DESCRIPTION="Library providing cryptographic recipes and primitives"
+HOMEPAGE="https://github.com/pyca/cryptography/ https://pypi.python.org/pypi/cryptography/"
+SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
+
+LICENSE="|| ( Apache-2.0 BSD )"
+SLOT="0"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~amd64-linux ~x86-linux ~x64-solaris"
+IUSE="libressl test"
+
+# the openssl 1.0.2l-r1 needs to be updated again :(
+# It'd theb be able to go into the || section again
+#=dev-libs/openssl-1.0.2l-r1:0
+# the following is the original section, disallowing bindist entirely
+#!libressl? ( >=dev-libs/openssl-1.0.2:0=[-bindist(-)] )
+RDEPEND="
+ !libressl? (
+ dev-libs/openssl:0= (
+ || (
+ dev-libs/openssl:0[-bindist(-)]
+ >=dev-libs/openssl-1.1.0g-r1:0
+ )
+ )
+ )
+ libressl? ( dev-libs/libressl )
+ $(python_gen_cond_dep '>=dev-python/cffi-1.7:=[${PYTHON_USEDEP}]' 'python*')
+ $(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 pypy{,3})
+ >=dev-python/idna-2.1[${PYTHON_USEDEP}]
+ >=dev-python/asn1crypto-0.21.0[${PYTHON_USEDEP}]
+ dev-python/setuptools[${PYTHON_USEDEP}]
+ >=dev-python/six-1.4.1[${PYTHON_USEDEP}]
+ virtual/python-ipaddress[${PYTHON_USEDEP}]
+ "
+DEPEND="${RDEPEND}
+ >=dev-python/setuptools-1.0[${PYTHON_USEDEP}]
+ test? (
+ ~dev-python/cryptography-vectors-${PV}[${PYTHON_USEDEP}]
+ dev-python/hypothesis[${PYTHON_USEDEP}]
+ dev-python/iso8601[${PYTHON_USEDEP}]
+ dev-python/pretend[${PYTHON_USEDEP}]
+ dev-python/pyasn1-modules[${PYTHON_USEDEP}]
+ >=dev-python/pytest-2.9.0[${PYTHON_USEDEP}]
+ dev-python/pytz[${PYTHON_USEDEP}]
+ )"
+
+DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst )
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.1.4-libressl-2.7-x509.patch
+ "${FILESDIR}"/${PN}-2.1.4-libressl-2.7-x509_vfy.patch
+)
+
+python_configure_all() {
+ append-cflags $(test-flags-CC -pthread)
+}
+
+python_test() {
+ py.test -v -v -x || die "Tests fail with ${EPYTHON}"
+}
diff --git a/dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509.patch b/dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509.patch
new file mode 100644
index 0000000..9a14d46
--- /dev/null
+++ b/dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509.patch
@@ -0,0 +1,23 @@
+diff -ur a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py
+--- a/src/_cffi_src/openssl/x509.py 2017-07-27 05:11:29.000000000 +0200
++++ b/src/_cffi_src/openssl/x509.py 2018-03-23 10:28:00.387774214 +0100
+@@ -254,8 +254,7 @@
+
+ const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *);
+
+-/* in 1.1.0 becomes const ASN1_BIT_STRING, const X509_ALGOR */
+-void X509_get0_signature(ASN1_BIT_STRING **, X509_ALGOR **, X509 *);
++void X509_get0_signature(const ASN1_BIT_STRING **, const X509_ALGOR **, const X509 *);
+
+ long X509_get_version(X509 *);
+
+@@ -338,7 +337,8 @@
+ CUSTOMIZATIONS = """
+ /* Added in 1.0.2 beta but we need it in all versions now due to the great
+ opaquing. */
+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102
++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && \
++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+ /* from x509/x_x509.c version 1.0.2 */
+ void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
+ const X509 *x)
diff --git a/dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509_vfy.patch b/dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509_vfy.patch
new file mode 100644
index 0000000..a1c93cf
--- /dev/null
+++ b/dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509_vfy.patch
@@ -0,0 +1,73 @@
+$OpenBSD: patch-src__cffi_src_openssl_x509_vfy_py,v 1.7 2018/02/22 18:49:16 sthen Exp $
+
+--- a/src/_cffi_src/openssl/x509_vfy.py
++++ b/src/_cffi_src/openssl/x509_vfy.py
+@@ -204,7 +204,7 @@ int sk_X509_OBJECT_num(Cryptography_STACK_OF_X509_OBJE
+ X509_OBJECT *sk_X509_OBJECT_value(Cryptography_STACK_OF_X509_OBJECT *, int);
+ X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *);
+ Cryptography_STACK_OF_X509_OBJECT *X509_STORE_get0_objects(X509_STORE *);
+-X509 *X509_OBJECT_get0_X509(X509_OBJECT *);
++X509 *X509_OBJECT_get0_X509(const X509_OBJECT *);
+ int X509_OBJECT_get_type(const X509_OBJECT *);
+
+ /* added in 1.1.0 */
+@@ -220,14 +220,11 @@ static const long Cryptography_HAS_102_VERIFICATION_ER
+ static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1;
+ #else
+ static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 0;
++#if LIBRESSL_VERSION_NUMBER >= 0x2070000fL
++static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1;
++#else
+ static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 0;
+
+-static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0;
+-static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0;
+-static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0;
+-static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0;
+-static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0;
+-static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0;
+ /* These 3 defines are unavailable in LibreSSL 2.5.x, but may be added
+ in the future... */
+ #ifndef X509_V_ERR_HOSTNAME_MISMATCH
+@@ -240,12 +237,6 @@ static const long X509_V_ERR_EMAIL_MISMATCH = 0;
+ static const long X509_V_ERR_IP_ADDRESS_MISMATCH = 0;
+ #endif
+
+-/* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately
+- below because it shows up in some earlier 3rd party OpenSSL packages. */
+-static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0;
+-static const long X509_V_FLAG_SUITEB_192_LOS = 0;
+-static const long X509_V_FLAG_SUITEB_128_LOS = 0;
+-
+ int (*X509_VERIFY_PARAM_set1_host)(X509_VERIFY_PARAM *, const char *,
+ size_t) = NULL;
+ int (*X509_VERIFY_PARAM_set1_email)(X509_VERIFY_PARAM *, const char *,
+@@ -257,6 +248,19 @@ void (*X509_VERIFY_PARAM_set_hostflags)(X509_VERIFY_PA
+ unsigned int) = NULL;
+ #endif
+
++static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0;
++static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0;
++static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0;
++static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0;
++static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0;
++static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0;
++/* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately
++ below because it shows up in some earlier 3rd party OpenSSL packages. */
++static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0;
++static const long X509_V_FLAG_SUITEB_192_LOS = 0;
++static const long X509_V_FLAG_SUITEB_128_LOS = 0;
++#endif
++
+ /* OpenSSL 1.0.2+ or Solaris's backport */
+ #ifdef X509_V_FLAG_PARTIAL_CHAIN
+ static const long Cryptography_HAS_X509_V_FLAG_PARTIAL_CHAIN = 1;
+@@ -292,7 +296,7 @@ X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
+ return ctx->cert;
+ }
+
+-X509 *X509_OBJECT_get0_X509(X509_OBJECT *x) {
++X509 *X509_OBJECT_get0_X509(const X509_OBJECT *x) {
+ return x->data.x509;
+ }
+ #endif