Browse Source

python-cryptography: bump to version 3.4.7

Dropped patches:
  0004-Replace-EVP_CIPHER_CTX_cleanup-with-EVP_CIPHER_CTX_r.patch
  0005-Switch-get_-Update-APIs-to-get0.patch

Reworked patches:
  0001-Add-new-ASN1_STRING_get0_data-API.patch
  0006-Add-X509_STORE_CTX_trusted_stack-compatibility-macro.patch
These 2 require that we keep only the CUSTOMIZATIONS stuff for now. Maybe
later we can drop this.

Ran 'make package/python-cryptography/refresh'.

Added patch:
  0004-disable-rust.patch
upstream did a sloppy job with the CRYPTOGRAPHY_DONT_BUILD_RUST logic; we
need to patch it, to make sure the setuptools-rust isn't installed.
We may need to carry this patch in our tree for a bit longer than upstream,
because in newer versions, CRYPTOGRAPHY_DONT_BUILD_RUST logic gets removed.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
lilik-openwrt-22.03
Alexandru Ardelean 4 years ago
committed by Hannu Nyman
parent
commit
01d1b4581e
9 changed files with 36 additions and 197 deletions
  1. +2
    -2
      lang/python/python-cryptography/Makefile
  2. +1
    -9
      lang/python/python-cryptography/patches/0001-Add-new-ASN1_STRING_get0_data-API.patch
  3. +4
    -4
      lang/python/python-cryptography/patches/0002-Add-compatibility-for-X509_STORE_set_get_issuer.patch
  4. +4
    -4
      lang/python/python-cryptography/patches/0003-Add-compatibility-for-deprecated-TLS-methods.patch
  5. +0
    -42
      lang/python/python-cryptography/patches/0004-Replace-EVP_CIPHER_CTX_cleanup-with-EVP_CIPHER_CTX_r.patch
  6. +20
    -0
      lang/python/python-cryptography/patches/0004-disable-rust.patch
  7. +0
    -117
      lang/python/python-cryptography/patches/0005-Switch-get_-Update-APIs-to-get0.patch
  8. +1
    -15
      lang/python/python-cryptography/patches/0006-Add-X509_STORE_CTX_trusted_stack-compatibility-macro.patch
  9. +4
    -4
      lang/python/python-cryptography/patches/0007-Add-defines-for-totally-deprecated-functions.patch

+ 2
- 2
lang/python/python-cryptography/Makefile View File

@ -8,11 +8,11 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=python-cryptography
PKG_VERSION:=3.3.2
PKG_VERSION:=3.4.7
PKG_RELEASE:=1
PYPI_NAME:=cryptography
PKG_HASH:=5a60d3780149e13b7a6ff7ad6526b38846354d11a15e21068e57073e29e19bed
PKG_HASH:=3d10de8116d25649631977cb37da6cbdd2d6fa0e0281d014a5b7d337255ca713
PKG_LICENSE:=Apache-2.0 BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE.APACHE LICENSE.BSD


+ 1
- 9
lang/python/python-cryptography/patches/0001-Add-new-ASN1_STRING_get0_data-API.patch View File

@ -10,15 +10,7 @@ Introduced with OpenSSL 1.1
--- a/src/_cffi_src/openssl/asn1.py
+++ b/src/_cffi_src/openssl/asn1.py
@@ -45,6 +45,7 @@ void ASN1_OBJECT_free(ASN1_OBJECT *);
/* ASN1 STRING */
unsigned char *ASN1_STRING_data(ASN1_STRING *);
+const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *);
int ASN1_STRING_set(ASN1_STRING *, const void *, int);
/* ASN1 OCTET STRING */
@@ -105,4 +106,7 @@ ASN1_NULL *ASN1_NULL_new(void);
@@ -105,4 +105,7 @@ ASN1_NULL *ASN1_NULL_new(void);
"""
CUSTOMIZATIONS = """


+ 4
- 4
lang/python/python-cryptography/patches/0002-Add-compatibility-for-X509_STORE_set_get_issuer.patch View File

@ -11,7 +11,7 @@ Deprecated under OpenSSL 1.1.
--- a/src/_cffi_src/openssl/x509_vfy.py
+++ b/src/_cffi_src/openssl/x509_vfy.py
@@ -22,6 +22,7 @@ TYPES = """
@@ -21,6 +21,7 @@ TYPES = """
static const long Cryptography_HAS_102_VERIFICATION;
static const long Cryptography_HAS_110_VERIFICATION_PARAMS;
static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER;
@ -19,7 +19,7 @@ Deprecated under OpenSSL 1.1.
typedef ... Cryptography_STACK_OF_ASN1_OBJECT;
typedef ... Cryptography_STACK_OF_X509_OBJECT;
@@ -252,4 +253,11 @@ void (*X509_STORE_set_get_issuer)(X509_S
@@ -257,4 +258,11 @@ void (*X509_STORE_set_get_issuer)(X509_S
#else
static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 1;
#endif
@ -33,7 +33,7 @@ Deprecated under OpenSSL 1.1.
"""
--- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
@@ -270,6 +270,11 @@ def cryptography_has_get_proto_version()
@@ -269,6 +269,11 @@ def cryptography_has_get_proto_version()
"SSL_get_max_proto_version",
]
@ -45,7 +45,7 @@ Deprecated under OpenSSL 1.1.
# This is a mapping of
# {condition: function-returning-names-dependent-on-that-condition} so we can
@@ -319,4 +324,7 @@ CONDITIONAL_NAMES = {
@@ -318,4 +323,7 @@ CONDITIONAL_NAMES = {
"Cryptography_HAS_VERIFIED_CHAIN": cryptography_has_verified_chain,
"Cryptography_HAS_SRTP": cryptography_has_srtp,
"Cryptography_HAS_GET_PROTO_VERSION": cryptography_has_get_proto_version,


+ 4
- 4
lang/python/python-cryptography/patches/0003-Add-compatibility-for-deprecated-TLS-methods.patch View File

@ -10,7 +10,7 @@ Subject: [PATCH 3/7] Add compatibility for deprecated TLS methods
--- a/src/_cffi_src/openssl/ssl.py
+++ b/src/_cffi_src/openssl/ssl.py
@@ -14,12 +14,14 @@ TYPES = """
@@ -13,12 +13,14 @@ TYPES = """
static const long Cryptography_HAS_SSL_ST;
static const long Cryptography_HAS_TLS_ST;
static const long Cryptography_HAS_SSL3_METHOD;
@ -27,7 +27,7 @@ Subject: [PATCH 3/7] Add compatibility for deprecated TLS methods
static const long Cryptography_HAS_SIGALGS;
static const long Cryptography_HAS_PSK;
static const long Cryptography_HAS_VERIFIED_CHAIN;
@@ -543,8 +545,43 @@ static const long Cryptography_HAS_SSL3_
@@ -548,8 +550,43 @@ static const long Cryptography_HAS_SSL3_
static const long Cryptography_HAS_RELEASE_BUFFERS = 1;
static const long Cryptography_HAS_OP_NO_COMPRESSION = 1;
@ -75,7 +75,7 @@ Subject: [PATCH 3/7] Add compatibility for deprecated TLS methods
static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1;
--- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
@@ -33,6 +33,38 @@ def cryptography_has_ssl3_method():
@@ -31,6 +31,38 @@ def cryptography_has_ssl3_method():
]
@ -114,7 +114,7 @@ Subject: [PATCH 3/7] Add compatibility for deprecated TLS methods
def cryptography_has_102_verification():
return [
"X509_V_ERR_SUITE_B_INVALID_VERSION",
@@ -286,6 +318,10 @@ CONDITIONAL_NAMES = {
@@ -285,6 +317,10 @@ CONDITIONAL_NAMES = {
"Cryptography_HAS_RSA_OAEP_MD": cryptography_has_rsa_oaep_md,
"Cryptography_HAS_RSA_OAEP_LABEL": cryptography_has_rsa_oaep_label,
"Cryptography_HAS_SSL3_METHOD": cryptography_has_ssl3_method,


+ 0
- 42
lang/python/python-cryptography/patches/0004-Replace-EVP_CIPHER_CTX_cleanup-with-EVP_CIPHER_CTX_r.patch View File

@ -1,42 +0,0 @@
From 008e299aaf32af0b93eede649c6942af93b1c11e Mon Sep 17 00:00:00 2001
From: Rosen Penev <rosenp@gmail.com>
Date: Sat, 15 Jun 2019 17:49:25 -0700
Subject: [PATCH 4/7] Replace EVP_CIPHER_CTX_cleanup with EVP_CIPHER_CTX_reset
Deprecated in OpenSSL 1.1
---
src/_cffi_src/openssl/evp.py | 6 ++++++
src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
--- a/src/_cffi_src/openssl/evp.py
+++ b/src/_cffi_src/openssl/evp.py
@@ -48,6 +48,7 @@ int EVP_CipherUpdate(EVP_CIPHER_CTX *, u
const unsigned char *, int);
int EVP_CipherFinal_ex(EVP_CIPHER_CTX *, unsigned char *, int *);
int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
+int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *);
EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *);
int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *, int);
@@ -269,4 +270,9 @@ static const long Cryptography_HAS_EVP_D
#ifndef EVP_PKEY_POLY1305
#define EVP_PKEY_POLY1305 NID_poly1305
#endif
+
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+#define EVP_CIPHER_CTX_cleanup EVP_CIPHER_CTX_reset
+#define OpenSSL_add_all_algorithms() do {} while(0)
+#endif
"""
--- a/src/cryptography/hazmat/backends/openssl/ciphers.py
+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
@@ -199,7 +199,7 @@ class _CipherContext(object):
self._backend.openssl_assert(res != 0)
self._tag = self._backend._ffi.buffer(tag_buf)[:]
- res = self._backend._lib.EVP_CIPHER_CTX_cleanup(self._ctx)
+ res = self._backend._lib.EVP_CIPHER_CTX_reset(self._ctx)
self._backend.openssl_assert(res == 1)
return self._backend._ffi.buffer(buf)[: outlen[0]]

+ 20
- 0
lang/python/python-cryptography/patches/0004-disable-rust.patch View File

@ -0,0 +1,20 @@
--- a/setup.py
+++ b/setup.py
@@ -11,7 +11,7 @@ import sys
from setuptools import find_packages, setup
try:
- from setuptools_rust import RustExtension
+ pass
except ImportError:
print(
"""
@@ -45,7 +45,7 @@ setuptools_rust = "setuptools-rust>=0.11
install_requirements = ["cffi>=1.12"]
setup_requirements = install_requirements + [setuptools_rust]
-if os.environ.get("CRYPTOGRAPHY_DONT_BUILD_RUST"):
+if True:
rust_extensions = []
else:
rust_extensions = [

+ 0
- 117
lang/python/python-cryptography/patches/0005-Switch-get_-Update-APIs-to-get0.patch View File

@ -1,117 +0,0 @@
From 339e0ab364ca931435c0ad134dc6047eb6974540 Mon Sep 17 00:00:00 2001
From: Rosen Penev <rosenp@gmail.com>
Date: Sat, 15 Jun 2019 18:47:46 -0700
Subject: [PATCH 5/7] Switch get_*Update APIs to get0
Deprecated in 1.1
---
src/_cffi_src/openssl/x509.py | 27 ++++++++++++++++---
.../hazmat/backends/openssl/backend.py | 4 +--
.../hazmat/backends/openssl/x509.py | 8 +++---
3 files changed, 29 insertions(+), 10 deletions(-)
--- a/src/_cffi_src/openssl/x509.py
+++ b/src/_cffi_src/openssl/x509.py
@@ -202,8 +202,10 @@ long X509_get_version(X509 *);
ASN1_TIME *X509_get_notBefore(X509 *);
ASN1_TIME *X509_get_notAfter(X509 *);
-ASN1_TIME *X509_getm_notBefore(X509 *);
-ASN1_TIME *X509_getm_notAfter(X509 *);
+ASN1_TIME *X509_getm_notBefore(const X509 *);
+ASN1_TIME *X509_getm_notAfter(const X509 *);
+const ASN1_TIME *X509_get0_notBefore(const X509 *);
+const ASN1_TIME *X509_get0_notAfter(const X509 *);
long X509_REQ_get_version(X509_REQ *);
X509_NAME *X509_REQ_get_subject_name(X509_REQ *);
@@ -235,6 +237,8 @@ X509_CRL *sk_X509_CRL_value(Cryptography
long X509_CRL_get_version(X509_CRL *);
ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *);
ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *);
+const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *);
+const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *);
X509_NAME *X509_CRL_get_issuer(X509_CRL *);
Cryptography_STACK_OF_X509_REVOKED *X509_CRL_get_REVOKED(X509_CRL *);
@@ -243,8 +247,11 @@ int X509_CRL_set_lastUpdate(X509_CRL *,
int X509_CRL_set_nextUpdate(X509_CRL *, ASN1_TIME *);
int X509_set_notBefore(X509 *, ASN1_TIME *);
int X509_set_notAfter(X509 *, ASN1_TIME *);
-int X509_set1_notBefore(X509 *, ASN1_TIME *);
-int X509_set1_notAfter(X509 *, ASN1_TIME *);
+
+int X509_CRL_set1_lastUpdate(X509_CRL *, const ASN1_TIME *);
+int X509_CRL_set1_nextUpdate(X509_CRL *, const ASN1_TIME *);
+int X509_set1_notBefore(X509 *, const ASN1_TIME *);
+int X509_set1_notAfter(X509 *, const ASN1_TIME *);
EC_KEY *d2i_EC_PUBKEY_bio(BIO *, EC_KEY **);
int i2d_EC_PUBKEY_bio(BIO *, EC_KEY *);
@@ -299,4 +306,16 @@ int i2d_re_X509_CRL_tbs(X509_CRL *crl, u
return i2d_X509_CRL_INFO(crl->crl, pp);
}
#endif
+
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+#define X509_get_notBefore X509_get0_notBefore
+#define X509_get_notAfter X509_get0_notAfter
+#define X509_set_notBefore X509_set1_notBefore
+#define X509_set_notAfter X509_set1_notAfter
+
+#define X509_CRL_get_lastUpdate X509_CRL_get0_lastUpdate
+#define X509_CRL_get_nextUpdate X509_CRL_get0_nextUpdate
+#define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
+#define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
+#endif
"""
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -1128,12 +1128,12 @@ class Backend(object):
# Set the last update time.
last_update = self._create_asn1_time(builder._last_update)
- res = self._lib.X509_CRL_set_lastUpdate(x509_crl, last_update)
+ res = self._lib.X509_CRL_set1_lastUpdate(x509_crl, last_update)
self.openssl_assert(res == 1)
# Set the next update time.
next_update = self._create_asn1_time(builder._next_update)
- res = self._lib.X509_CRL_set_nextUpdate(x509_crl, next_update)
+ res = self._lib.X509_CRL_set1_nextUpdate(x509_crl, next_update)
self.openssl_assert(res == 1)
# Add extensions.
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -86,12 +86,12 @@ class _Certificate(object):
@property
def not_valid_before(self):
- asn1_time = self._backend._lib.X509_getm_notBefore(self._x509)
+ asn1_time = self._backend._lib.X509_get0_notBefore(self._x509)
return _parse_asn1_time(self._backend, asn1_time)
@property
def not_valid_after(self):
- asn1_time = self._backend._lib.X509_getm_notAfter(self._x509)
+ asn1_time = self._backend._lib.X509_get0_notAfter(self._x509)
return _parse_asn1_time(self._backend, asn1_time)
@property
@@ -277,13 +277,13 @@ class _CertificateRevocationList(object)
@property
def next_update(self):
- nu = self._backend._lib.X509_CRL_get_nextUpdate(self._x509_crl)
+ nu = self._backend._lib.X509_CRL_get0_nextUpdate(self._x509_crl)
self._backend.openssl_assert(nu != self._backend._ffi.NULL)
return _parse_asn1_time(self._backend, nu)
@property
def last_update(self):
- lu = self._backend._lib.X509_CRL_get_lastUpdate(self._x509_crl)
+ lu = self._backend._lib.X509_CRL_get0_lastUpdate(self._x509_crl)
self._backend.openssl_assert(lu != self._backend._ffi.NULL)
return _parse_asn1_time(self._backend, lu)

+ 1
- 15
lang/python/python-cryptography/patches/0006-Add-X509_STORE_CTX_trusted_stack-compatibility-macro.patch View File

@ -12,21 +12,7 @@ Signed-off-by: Rosen Penev <rosenp@gmail.com>
--- a/src/_cffi_src/openssl/x509_vfy.py
+++ b/src/_cffi_src/openssl/x509_vfy.py
@@ -157,8 +157,12 @@ int X509_STORE_CTX_init(X509_STORE_CTX *
Cryptography_STACK_OF_X509 *);
void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *,
Cryptography_STACK_OF_X509 *);
+void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *,
+ Cryptography_STACK_OF_X509 *);
void X509_STORE_CTX_set_cert(X509_STORE_CTX *, X509 *);
-void X509_STORE_CTX_set_chain(X509_STORE_CTX *,Cryptography_STACK_OF_X509 *);
+void X509_STORE_CTX_set_chain(X509_STORE_CTX *, Cryptography_STACK_OF_X509 *);
+void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *,
+ Cryptography_STACK_OF_X509 *);
X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *);
void X509_STORE_CTX_set0_param(X509_STORE_CTX *, X509_VERIFY_PARAM *);
int X509_STORE_CTX_set_default(X509_STORE_CTX *, const char *);
@@ -260,4 +264,10 @@ static const long Cryptography_HAS_X509_
@@ -265,4 +265,10 @@ static const long Cryptography_HAS_X509_
#else
static const long Cryptography_HAS_X509_CB_ISSUER_CHECK = 1;
#endif


+ 4
- 4
lang/python/python-cryptography/patches/0007-Add-defines-for-totally-deprecated-functions.patch View File

@ -12,7 +12,7 @@ Subject: [PATCH 7/7] Add defines for totally deprecated functions
--- a/src/_cffi_src/openssl/conf.py
+++ b/src/_cffi_src/openssl/conf.py
@@ -18,4 +18,8 @@ void OPENSSL_no_config(void);
@@ -17,4 +17,8 @@ void OPENSSL_no_config(void);
"""
CUSTOMIZATIONS = """
@ -23,7 +23,7 @@ Subject: [PATCH 7/7] Add defines for totally deprecated functions
"""
--- a/src/_cffi_src/openssl/crypto.py
+++ b/src/_cffi_src/openssl/crypto.py
@@ -114,4 +114,8 @@ void *Cryptography_realloc_wrapper(void
@@ -113,4 +113,8 @@ void *Cryptography_realloc_wrapper(void
void Cryptography_free_wrapper(void *ptr, const char *path, int line) {
free(ptr);
}
@ -34,7 +34,7 @@ Subject: [PATCH 7/7] Add defines for totally deprecated functions
"""
--- a/src/_cffi_src/openssl/ecdh.py
+++ b/src/_cffi_src/openssl/ecdh.py
@@ -18,4 +18,7 @@ long SSL_CTX_set_ecdh_auto(SSL_CTX *, in
@@ -17,4 +17,7 @@ long SSL_CTX_set_ecdh_auto(SSL_CTX *, in
"""
CUSTOMIZATIONS = """
@ -44,7 +44,7 @@ Subject: [PATCH 7/7] Add defines for totally deprecated functions
"""
--- a/src/_cffi_src/openssl/ssl.py
+++ b/src/_cffi_src/openssl/ssl.py
@@ -739,4 +739,9 @@ long (*SSL_get_max_proto_version)(SSL *)
@@ -745,4 +745,9 @@ long (*SSL_get_max_proto_version)(SSL *)
#else
static const long Cryptography_HAS_GET_PROTO_VERSION = 1;
#endif


Loading…
Cancel
Save