mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-08-05 05:17:07 +02:00
main/py-cryptography: rebuild against libressl-2.7
This commit is contained in:
Natanael Copa
parent
584933be2c
commit
20eb8b00b1
@ -3,7 +3,7 @@
|
||||
pkgname=py-cryptography
|
||||
_pkgname=${pkgname#py-}
|
||||
pkgver=2.1.4
|
||||
pkgrel=0
|
||||
pkgrel=1
|
||||
pkgdesc="A package which provides cryptographic recipes and primitives"
|
||||
url="https://pypi.python.org/pypi/cryptography"
|
||||
arch="all"
|
||||
@ -11,7 +11,8 @@ license="Apache-2.0"
|
||||
depends="py-cffi py-idna py-asn1crypto py-six"
|
||||
makedepends="python2-dev python3-dev py-setuptools libffi-dev libressl-dev"
|
||||
subpackages="py3-$_pkgname:_py3 py2-$_pkgname:_py2"
|
||||
source="https://files.pythonhosted.org/packages/source/${_pkgname:0:1}/$_pkgname/$_pkgname-$pkgver.tar.gz"
|
||||
source="https://files.pythonhosted.org/packages/source/${_pkgname:0:1}/$_pkgname/$_pkgname-$pkgver.tar.gz
|
||||
libressl-2.7.patch"
|
||||
builddir="$srcdir/$_pkgname-$pkgver"
|
||||
|
||||
build() {
|
||||
@ -51,4 +52,5 @@ _py3() {
|
||||
_py python3
|
||||
}
|
||||
|
||||
sha512sums="f749cb4384badc174a842514e5a4fee2ed01ab9c716799d8d9d5301f6d2d97b6c41deb9e425f48928b639fa34bef8c05529ed7e5b777ef5ca75c244f8fda8fd4 cryptography-2.1.4.tar.gz"
|
||||
sha512sums="f749cb4384badc174a842514e5a4fee2ed01ab9c716799d8d9d5301f6d2d97b6c41deb9e425f48928b639fa34bef8c05529ed7e5b777ef5ca75c244f8fda8fd4 cryptography-2.1.4.tar.gz
|
||||
71a6d8c30a98b2072c9f39aea1244b44ab235c324f1bc73e15dcacf3eb323940e67d6555e9b74bed4205bc62a604e68142f0e7418cf4310364fd9ec0fb195b2d libressl-2.7.patch"
|
||||
|
||||
111
main/py-cryptography/libressl-2.7.patch
Normal file
111
main/py-cryptography/libressl-2.7.patch
Normal file
@ -0,0 +1,111 @@
|
||||
$OpenBSD: patch-src__cffi_src_openssl_x509_py,v 1.1 2018/02/18 13:44:41 sthen Exp $
|
||||
|
||||
Index: src/_cffi_src/openssl/x509.py
|
||||
--- a/src/_cffi_src/openssl/x509.py.orig
|
||||
+++ b/src/_cffi_src/openssl/x509.py
|
||||
@@ -255,8 +255,7 @@ int X509_get_signature_nid(const X509 *);
|
||||
|
||||
const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *);
|
||||
|
||||
-/* in 1.1.0 becomes const ASN1_BIT_STRING, const X509_ALGOR */
|
||||
-void X509_get0_signature(ASN1_BIT_STRING **, X509_ALGOR **, X509 *);
|
||||
+void X509_get0_signature(const ASN1_BIT_STRING **, const X509_ALGOR **, const X509 *);
|
||||
|
||||
long X509_get_version(X509 *);
|
||||
|
||||
@@ -339,7 +338,8 @@ void X509_REQ_get0_signature(const X509_REQ *, const A
|
||||
CUSTOMIZATIONS = """
|
||||
/* Added in 1.0.2 beta but we need it in all versions now due to the great
|
||||
opaquing. */
|
||||
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102
|
||||
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && \
|
||||
+ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
||||
/* from x509/x_x509.c version 1.0.2 */
|
||||
void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
|
||||
const X509 *x)
|
||||
@@ -383,9 +383,11 @@ X509_REVOKED *Cryptography_X509_REVOKED_dup(X509_REVOK
|
||||
opaquing. */
|
||||
#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
|
||||
|
||||
+#if (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
||||
int X509_up_ref(X509 *x) {
|
||||
return CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
|
||||
}
|
||||
+#endif
|
||||
|
||||
const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
|
||||
{
|
||||
$OpenBSD: patch-src__cffi_src_openssl_x509_vfy_py,v 1.7 2018/02/22 18:49:16 sthen Exp $
|
||||
|
||||
Index: src/_cffi_src/openssl/x509_vfy.py
|
||||
--- a/src/_cffi_src/openssl/x509_vfy.py.orig
|
||||
+++ b/src/_cffi_src/openssl/x509_vfy.py
|
||||
@@ -204,7 +204,7 @@ int sk_X509_OBJECT_num(Cryptography_STACK_OF_X509_OBJE
|
||||
X509_OBJECT *sk_X509_OBJECT_value(Cryptography_STACK_OF_X509_OBJECT *, int);
|
||||
X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *);
|
||||
Cryptography_STACK_OF_X509_OBJECT *X509_STORE_get0_objects(X509_STORE *);
|
||||
-X509 *X509_OBJECT_get0_X509(X509_OBJECT *);
|
||||
+X509 *X509_OBJECT_get0_X509(const X509_OBJECT *);
|
||||
int X509_OBJECT_get_type(const X509_OBJECT *);
|
||||
|
||||
/* added in 1.1.0 */
|
||||
@@ -220,14 +220,11 @@ static const long Cryptography_HAS_102_VERIFICATION_ER
|
||||
static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1;
|
||||
#else
|
||||
static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 0;
|
||||
+#if LIBRESSL_VERSION_NUMBER >= 0x2070000fL
|
||||
+static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1;
|
||||
+#else
|
||||
static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 0;
|
||||
|
||||
-static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0;
|
||||
-static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0;
|
||||
-static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0;
|
||||
-static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0;
|
||||
-static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0;
|
||||
-static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0;
|
||||
/* These 3 defines are unavailable in LibreSSL 2.5.x, but may be added
|
||||
in the future... */
|
||||
#ifndef X509_V_ERR_HOSTNAME_MISMATCH
|
||||
@@ -240,12 +237,6 @@ static const long X509_V_ERR_EMAIL_MISMATCH = 0;
|
||||
static const long X509_V_ERR_IP_ADDRESS_MISMATCH = 0;
|
||||
#endif
|
||||
|
||||
-/* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately
|
||||
- below because it shows up in some earlier 3rd party OpenSSL packages. */
|
||||
-static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0;
|
||||
-static const long X509_V_FLAG_SUITEB_192_LOS = 0;
|
||||
-static const long X509_V_FLAG_SUITEB_128_LOS = 0;
|
||||
-
|
||||
int (*X509_VERIFY_PARAM_set1_host)(X509_VERIFY_PARAM *, const char *,
|
||||
size_t) = NULL;
|
||||
int (*X509_VERIFY_PARAM_set1_email)(X509_VERIFY_PARAM *, const char *,
|
||||
@@ -257,6 +248,19 @@ void (*X509_VERIFY_PARAM_set_hostflags)(X509_VERIFY_PA
|
||||
unsigned int) = NULL;
|
||||
#endif
|
||||
|
||||
+static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0;
|
||||
+static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0;
|
||||
+static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0;
|
||||
+static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0;
|
||||
+static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0;
|
||||
+static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0;
|
||||
+/* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately
|
||||
+ below because it shows up in some earlier 3rd party OpenSSL packages. */
|
||||
+static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0;
|
||||
+static const long X509_V_FLAG_SUITEB_192_LOS = 0;
|
||||
+static const long X509_V_FLAG_SUITEB_128_LOS = 0;
|
||||
+#endif
|
||||
+
|
||||
/* OpenSSL 1.0.2+ or Solaris's backport */
|
||||
#ifdef X509_V_FLAG_PARTIAL_CHAIN
|
||||
static const long Cryptography_HAS_X509_V_FLAG_PARTIAL_CHAIN = 1;
|
||||
@@ -292,7 +296,7 @@ X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
|
||||
return ctx->cert;
|
||||
}
|
||||
|
||||
-X509 *X509_OBJECT_get0_X509(X509_OBJECT *x) {
|
||||
+X509 *X509_OBJECT_get0_X509(const X509_OBJECT *x) {
|
||||
return x->data.x509;
|
||||
}
|
||||
#endif
|
||||
Loading…
Reference in New Issue
Block a user