summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAaron Bauman <bman@gentoo.org>2018-04-12 21:07:11 -0400
committerAaron Bauman <bman@gentoo.org>2018-04-12 21:07:27 -0400
commit079600f41f80b96f77ca942cd2e270c022330deb (patch)
tree29536eb631d32e1c1d13ddf6371907b5b63fe73c /dev-python/cryptography/files
parentsys-cluster/kube-proxy: Version bump to 1.10.1 (diff)
downloadgentoo-079600f41f80b96f77ca942cd2e270c022330deb.tar.gz
gentoo-079600f41f80b96f77ca942cd2e270c022330deb.tar.bz2
gentoo-079600f41f80b96f77ca942cd2e270c022330deb.zip
dev-python/cryptography: fix building with LibreSSL
These patches fix building against >dev-libs/libressl-2.5 for all versions of dev-python/cryptography. Closes: https://bugs.gentoo.org/651168 Package-Manager: Portage-2.3.28, Repoman-2.3.9
Diffstat (limited to 'dev-python/cryptography/files')
-rw-r--r--dev-python/cryptography/files/cryptography-1.7.1-libressl251.patch17
-rw-r--r--dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509.patch23
-rw-r--r--dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509_vfy.patch73
3 files changed, 113 insertions, 0 deletions
diff --git a/dev-python/cryptography/files/cryptography-1.7.1-libressl251.patch b/dev-python/cryptography/files/cryptography-1.7.1-libressl251.patch
new file mode 100644
index 000000000000..a23ed7658f83
--- /dev/null
+++ b/dev-python/cryptography/files/cryptography-1.7.1-libressl251.patch
@@ -0,0 +1,17 @@
+diff -Naur cryptography-1.7.1.orig/src/_cffi_src/openssl/x509_vfy.py cryptography-1.7.1/src/_cffi_src/openssl/x509_vfy.py
+--- cryptography-1.7.1.orig/src/_cffi_src/openssl/x509_vfy.py 2017-02-01 12:29:59.080728417 -0800
++++ cryptography-1.7.1/src/_cffi_src/openssl/x509_vfy.py 2017-02-01 12:31:48.017895844 -0800
+@@ -221,10 +221,13 @@
+ static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0;
+ static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0;
+ static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0;
++#if !CRYPTOGRAPHY_OPENSSL_102BETA2_OR_GREATER || \
++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2050100fL)
+ static const long X509_V_ERR_HOSTNAME_MISMATCH = 0;
+ static const long X509_V_ERR_EMAIL_MISMATCH = 0;
+ static const long X509_V_ERR_IP_ADDRESS_MISMATCH = 0;
++#endif
+ #endif
+
+ /* OpenSSL 1.0.2beta2+ verification parameters */
+ #if CRYPTOGRAPHY_OPENSSL_102BETA2_OR_GREATER && \
diff --git a/dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509.patch b/dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509.patch
new file mode 100644
index 000000000000..9a14d4606019
--- /dev/null
+++ b/dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509.patch
@@ -0,0 +1,23 @@
+diff -ur a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py
+--- a/src/_cffi_src/openssl/x509.py 2017-07-27 05:11:29.000000000 +0200
++++ b/src/_cffi_src/openssl/x509.py 2018-03-23 10:28:00.387774214 +0100
+@@ -254,8 +254,7 @@
+
+ const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *);
+
+-/* in 1.1.0 becomes const ASN1_BIT_STRING, const X509_ALGOR */
+-void X509_get0_signature(ASN1_BIT_STRING **, X509_ALGOR **, X509 *);
++void X509_get0_signature(const ASN1_BIT_STRING **, const X509_ALGOR **, const X509 *);
+
+ long X509_get_version(X509 *);
+
+@@ -338,7 +337,8 @@
+ CUSTOMIZATIONS = """
+ /* Added in 1.0.2 beta but we need it in all versions now due to the great
+ opaquing. */
+-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102
++#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && \
++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+ /* from x509/x_x509.c version 1.0.2 */
+ void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
+ const X509 *x)
diff --git a/dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509_vfy.patch b/dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509_vfy.patch
new file mode 100644
index 000000000000..a1c93cf0c66e
--- /dev/null
+++ b/dev-python/cryptography/files/cryptography-2.1.4-libressl-2.7-x509_vfy.patch
@@ -0,0 +1,73 @@
+$OpenBSD: patch-src__cffi_src_openssl_x509_vfy_py,v 1.7 2018/02/22 18:49:16 sthen Exp $
+
+--- a/src/_cffi_src/openssl/x509_vfy.py
++++ b/src/_cffi_src/openssl/x509_vfy.py
+@@ -204,7 +204,7 @@ int sk_X509_OBJECT_num(Cryptography_STACK_OF_X509_OBJE
+ X509_OBJECT *sk_X509_OBJECT_value(Cryptography_STACK_OF_X509_OBJECT *, int);
+ X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *);
+ Cryptography_STACK_OF_X509_OBJECT *X509_STORE_get0_objects(X509_STORE *);
+-X509 *X509_OBJECT_get0_X509(X509_OBJECT *);
++X509 *X509_OBJECT_get0_X509(const X509_OBJECT *);
+ int X509_OBJECT_get_type(const X509_OBJECT *);
+
+ /* added in 1.1.0 */
+@@ -220,14 +220,11 @@ static const long Cryptography_HAS_102_VERIFICATION_ER
+ static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1;
+ #else
+ static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 0;
++#if LIBRESSL_VERSION_NUMBER >= 0x2070000fL
++static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1;
++#else
+ static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 0;
+
+-static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0;
+-static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0;
+-static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0;
+-static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0;
+-static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0;
+-static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0;
+ /* These 3 defines are unavailable in LibreSSL 2.5.x, but may be added
+ in the future... */
+ #ifndef X509_V_ERR_HOSTNAME_MISMATCH
+@@ -240,12 +237,6 @@ static const long X509_V_ERR_EMAIL_MISMATCH = 0;
+ static const long X509_V_ERR_IP_ADDRESS_MISMATCH = 0;
+ #endif
+
+-/* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately
+- below because it shows up in some earlier 3rd party OpenSSL packages. */
+-static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0;
+-static const long X509_V_FLAG_SUITEB_192_LOS = 0;
+-static const long X509_V_FLAG_SUITEB_128_LOS = 0;
+-
+ int (*X509_VERIFY_PARAM_set1_host)(X509_VERIFY_PARAM *, const char *,
+ size_t) = NULL;
+ int (*X509_VERIFY_PARAM_set1_email)(X509_VERIFY_PARAM *, const char *,
+@@ -257,6 +248,19 @@ void (*X509_VERIFY_PARAM_set_hostflags)(X509_VERIFY_PA
+ unsigned int) = NULL;
+ #endif
+
++static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0;
++static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0;
++static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0;
++static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0;
++static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0;
++static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0;
++/* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately
++ below because it shows up in some earlier 3rd party OpenSSL packages. */
++static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0;
++static const long X509_V_FLAG_SUITEB_192_LOS = 0;
++static const long X509_V_FLAG_SUITEB_128_LOS = 0;
++#endif
++
+ /* OpenSSL 1.0.2+ or Solaris's backport */
+ #ifdef X509_V_FLAG_PARTIAL_CHAIN
+ static const long Cryptography_HAS_X509_V_FLAG_PARTIAL_CHAIN = 1;
+@@ -292,7 +296,7 @@ X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
+ return ctx->cert;
+ }
+
+-X509 *X509_OBJECT_get0_X509(X509_OBJECT *x) {
++X509 *X509_OBJECT_get0_X509(const X509_OBJECT *x) {
+ return x->data.x509;
+ }
+ #endif