diff --git a/lang/python/python-cryptography/Makefile b/lang/python/python-cryptography/Makefile index f0aa97ad2..9764208f4 100644 --- a/lang/python/python-cryptography/Makefile +++ b/lang/python/python-cryptography/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-cryptography -PKG_VERSION:=3.3.2 +PKG_VERSION:=3.4.7 PKG_RELEASE:=1 PYPI_NAME:=cryptography -PKG_HASH:=5a60d3780149e13b7a6ff7ad6526b38846354d11a15e21068e57073e29e19bed +PKG_HASH:=3d10de8116d25649631977cb37da6cbdd2d6fa0e0281d014a5b7d337255ca713 PKG_LICENSE:=Apache-2.0 BSD-3-Clause PKG_LICENSE_FILES:=LICENSE.APACHE LICENSE.BSD diff --git a/lang/python/python-cryptography/patches/0001-Add-new-ASN1_STRING_get0_data-API.patch b/lang/python/python-cryptography/patches/0001-Add-new-ASN1_STRING_get0_data-API.patch index 6b206b4ce..46adae82d 100644 --- a/lang/python/python-cryptography/patches/0001-Add-new-ASN1_STRING_get0_data-API.patch +++ b/lang/python/python-cryptography/patches/0001-Add-new-ASN1_STRING_get0_data-API.patch @@ -10,15 +10,7 @@ Introduced with OpenSSL 1.1 --- a/src/_cffi_src/openssl/asn1.py +++ b/src/_cffi_src/openssl/asn1.py -@@ -45,6 +45,7 @@ void ASN1_OBJECT_free(ASN1_OBJECT *); - - /* ASN1 STRING */ - unsigned char *ASN1_STRING_data(ASN1_STRING *); -+const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *); - int ASN1_STRING_set(ASN1_STRING *, const void *, int); - - /* ASN1 OCTET STRING */ -@@ -105,4 +106,7 @@ ASN1_NULL *ASN1_NULL_new(void); +@@ -105,4 +105,7 @@ ASN1_NULL *ASN1_NULL_new(void); """ CUSTOMIZATIONS = """ diff --git a/lang/python/python-cryptography/patches/0002-Add-compatibility-for-X509_STORE_set_get_issuer.patch b/lang/python/python-cryptography/patches/0002-Add-compatibility-for-X509_STORE_set_get_issuer.patch index dc31500b6..52f434095 100644 --- a/lang/python/python-cryptography/patches/0002-Add-compatibility-for-X509_STORE_set_get_issuer.patch +++ b/lang/python/python-cryptography/patches/0002-Add-compatibility-for-X509_STORE_set_get_issuer.patch @@ -11,7 +11,7 @@ Deprecated under OpenSSL 1.1. --- a/src/_cffi_src/openssl/x509_vfy.py +++ b/src/_cffi_src/openssl/x509_vfy.py -@@ -22,6 +22,7 @@ TYPES = """ +@@ -21,6 +21,7 @@ TYPES = """ static const long Cryptography_HAS_102_VERIFICATION; static const long Cryptography_HAS_110_VERIFICATION_PARAMS; static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER; @@ -19,7 +19,7 @@ Deprecated under OpenSSL 1.1. typedef ... Cryptography_STACK_OF_ASN1_OBJECT; typedef ... Cryptography_STACK_OF_X509_OBJECT; -@@ -252,4 +253,11 @@ void (*X509_STORE_set_get_issuer)(X509_S +@@ -257,4 +258,11 @@ void (*X509_STORE_set_get_issuer)(X509_S #else static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 1; #endif @@ -33,7 +33,7 @@ Deprecated under OpenSSL 1.1. """ --- a/src/cryptography/hazmat/bindings/openssl/_conditional.py +++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py -@@ -270,6 +270,11 @@ def cryptography_has_get_proto_version() +@@ -269,6 +269,11 @@ def cryptography_has_get_proto_version() "SSL_get_max_proto_version", ] @@ -45,7 +45,7 @@ Deprecated under OpenSSL 1.1. # This is a mapping of # {condition: function-returning-names-dependent-on-that-condition} so we can -@@ -319,4 +324,7 @@ CONDITIONAL_NAMES = { +@@ -318,4 +323,7 @@ CONDITIONAL_NAMES = { "Cryptography_HAS_VERIFIED_CHAIN": cryptography_has_verified_chain, "Cryptography_HAS_SRTP": cryptography_has_srtp, "Cryptography_HAS_GET_PROTO_VERSION": cryptography_has_get_proto_version, diff --git a/lang/python/python-cryptography/patches/0003-Add-compatibility-for-deprecated-TLS-methods.patch b/lang/python/python-cryptography/patches/0003-Add-compatibility-for-deprecated-TLS-methods.patch index ddad984d0..f30d1e92b 100644 --- a/lang/python/python-cryptography/patches/0003-Add-compatibility-for-deprecated-TLS-methods.patch +++ b/lang/python/python-cryptography/patches/0003-Add-compatibility-for-deprecated-TLS-methods.patch @@ -10,7 +10,7 @@ Subject: [PATCH 3/7] Add compatibility for deprecated TLS methods --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py -@@ -14,12 +14,14 @@ TYPES = """ +@@ -13,12 +13,14 @@ TYPES = """ static const long Cryptography_HAS_SSL_ST; static const long Cryptography_HAS_TLS_ST; static const long Cryptography_HAS_SSL3_METHOD; @@ -27,7 +27,7 @@ Subject: [PATCH 3/7] Add compatibility for deprecated TLS methods static const long Cryptography_HAS_SIGALGS; static const long Cryptography_HAS_PSK; static const long Cryptography_HAS_VERIFIED_CHAIN; -@@ -543,8 +545,43 @@ static const long Cryptography_HAS_SSL3_ +@@ -548,8 +550,43 @@ static const long Cryptography_HAS_SSL3_ static const long Cryptography_HAS_RELEASE_BUFFERS = 1; static const long Cryptography_HAS_OP_NO_COMPRESSION = 1; @@ -75,7 +75,7 @@ Subject: [PATCH 3/7] Add compatibility for deprecated TLS methods static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1; --- a/src/cryptography/hazmat/bindings/openssl/_conditional.py +++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py -@@ -33,6 +33,38 @@ def cryptography_has_ssl3_method(): +@@ -31,6 +31,38 @@ def cryptography_has_ssl3_method(): ] @@ -114,7 +114,7 @@ Subject: [PATCH 3/7] Add compatibility for deprecated TLS methods def cryptography_has_102_verification(): return [ "X509_V_ERR_SUITE_B_INVALID_VERSION", -@@ -286,6 +318,10 @@ CONDITIONAL_NAMES = { +@@ -285,6 +317,10 @@ CONDITIONAL_NAMES = { "Cryptography_HAS_RSA_OAEP_MD": cryptography_has_rsa_oaep_md, "Cryptography_HAS_RSA_OAEP_LABEL": cryptography_has_rsa_oaep_label, "Cryptography_HAS_SSL3_METHOD": cryptography_has_ssl3_method, diff --git a/lang/python/python-cryptography/patches/0004-Replace-EVP_CIPHER_CTX_cleanup-with-EVP_CIPHER_CTX_r.patch b/lang/python/python-cryptography/patches/0004-Replace-EVP_CIPHER_CTX_cleanup-with-EVP_CIPHER_CTX_r.patch deleted file mode 100644 index 79b84dc5b..000000000 --- a/lang/python/python-cryptography/patches/0004-Replace-EVP_CIPHER_CTX_cleanup-with-EVP_CIPHER_CTX_r.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 008e299aaf32af0b93eede649c6942af93b1c11e Mon Sep 17 00:00:00 2001 -From: Rosen Penev -Date: Sat, 15 Jun 2019 17:49:25 -0700 -Subject: [PATCH 4/7] Replace EVP_CIPHER_CTX_cleanup with EVP_CIPHER_CTX_reset - -Deprecated in OpenSSL 1.1 ---- - src/_cffi_src/openssl/evp.py | 6 ++++++ - src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +- - 2 files changed, 7 insertions(+), 1 deletion(-) - ---- a/src/_cffi_src/openssl/evp.py -+++ b/src/_cffi_src/openssl/evp.py -@@ -48,6 +48,7 @@ int EVP_CipherUpdate(EVP_CIPHER_CTX *, u - const unsigned char *, int); - int EVP_CipherFinal_ex(EVP_CIPHER_CTX *, unsigned char *, int *); - int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); -+int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *); - EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); - void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *); - int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *, int); -@@ -269,4 +270,9 @@ static const long Cryptography_HAS_EVP_D - #ifndef EVP_PKEY_POLY1305 - #define EVP_PKEY_POLY1305 NID_poly1305 - #endif -+ -+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL -+#define EVP_CIPHER_CTX_cleanup EVP_CIPHER_CTX_reset -+#define OpenSSL_add_all_algorithms() do {} while(0) -+#endif - """ ---- a/src/cryptography/hazmat/backends/openssl/ciphers.py -+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py -@@ -199,7 +199,7 @@ class _CipherContext(object): - self._backend.openssl_assert(res != 0) - self._tag = self._backend._ffi.buffer(tag_buf)[:] - -- res = self._backend._lib.EVP_CIPHER_CTX_cleanup(self._ctx) -+ res = self._backend._lib.EVP_CIPHER_CTX_reset(self._ctx) - self._backend.openssl_assert(res == 1) - return self._backend._ffi.buffer(buf)[: outlen[0]] - diff --git a/lang/python/python-cryptography/patches/0004-disable-rust.patch b/lang/python/python-cryptography/patches/0004-disable-rust.patch new file mode 100644 index 000000000..b005851cb --- /dev/null +++ b/lang/python/python-cryptography/patches/0004-disable-rust.patch @@ -0,0 +1,20 @@ +--- a/setup.py ++++ b/setup.py +@@ -11,7 +11,7 @@ import sys + from setuptools import find_packages, setup + + try: +- from setuptools_rust import RustExtension ++ pass + except ImportError: + print( + """ +@@ -45,7 +45,7 @@ setuptools_rust = "setuptools-rust>=0.11 + install_requirements = ["cffi>=1.12"] + setup_requirements = install_requirements + [setuptools_rust] + +-if os.environ.get("CRYPTOGRAPHY_DONT_BUILD_RUST"): ++if True: + rust_extensions = [] + else: + rust_extensions = [ diff --git a/lang/python/python-cryptography/patches/0005-Switch-get_-Update-APIs-to-get0.patch b/lang/python/python-cryptography/patches/0005-Switch-get_-Update-APIs-to-get0.patch deleted file mode 100644 index dd461959f..000000000 --- a/lang/python/python-cryptography/patches/0005-Switch-get_-Update-APIs-to-get0.patch +++ /dev/null @@ -1,117 +0,0 @@ -From 339e0ab364ca931435c0ad134dc6047eb6974540 Mon Sep 17 00:00:00 2001 -From: Rosen Penev -Date: Sat, 15 Jun 2019 18:47:46 -0700 -Subject: [PATCH 5/7] Switch get_*Update APIs to get0 - -Deprecated in 1.1 ---- - src/_cffi_src/openssl/x509.py | 27 ++++++++++++++++--- - .../hazmat/backends/openssl/backend.py | 4 +-- - .../hazmat/backends/openssl/x509.py | 8 +++--- - 3 files changed, 29 insertions(+), 10 deletions(-) - ---- a/src/_cffi_src/openssl/x509.py -+++ b/src/_cffi_src/openssl/x509.py -@@ -202,8 +202,10 @@ long X509_get_version(X509 *); - - ASN1_TIME *X509_get_notBefore(X509 *); - ASN1_TIME *X509_get_notAfter(X509 *); --ASN1_TIME *X509_getm_notBefore(X509 *); --ASN1_TIME *X509_getm_notAfter(X509 *); -+ASN1_TIME *X509_getm_notBefore(const X509 *); -+ASN1_TIME *X509_getm_notAfter(const X509 *); -+const ASN1_TIME *X509_get0_notBefore(const X509 *); -+const ASN1_TIME *X509_get0_notAfter(const X509 *); - - long X509_REQ_get_version(X509_REQ *); - X509_NAME *X509_REQ_get_subject_name(X509_REQ *); -@@ -235,6 +237,8 @@ X509_CRL *sk_X509_CRL_value(Cryptography - long X509_CRL_get_version(X509_CRL *); - ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *); - ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *); -+const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *); -+const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *); - X509_NAME *X509_CRL_get_issuer(X509_CRL *); - Cryptography_STACK_OF_X509_REVOKED *X509_CRL_get_REVOKED(X509_CRL *); - -@@ -243,8 +247,11 @@ int X509_CRL_set_lastUpdate(X509_CRL *, - int X509_CRL_set_nextUpdate(X509_CRL *, ASN1_TIME *); - int X509_set_notBefore(X509 *, ASN1_TIME *); - int X509_set_notAfter(X509 *, ASN1_TIME *); --int X509_set1_notBefore(X509 *, ASN1_TIME *); --int X509_set1_notAfter(X509 *, ASN1_TIME *); -+ -+int X509_CRL_set1_lastUpdate(X509_CRL *, const ASN1_TIME *); -+int X509_CRL_set1_nextUpdate(X509_CRL *, const ASN1_TIME *); -+int X509_set1_notBefore(X509 *, const ASN1_TIME *); -+int X509_set1_notAfter(X509 *, const ASN1_TIME *); - - EC_KEY *d2i_EC_PUBKEY_bio(BIO *, EC_KEY **); - int i2d_EC_PUBKEY_bio(BIO *, EC_KEY *); -@@ -299,4 +306,16 @@ int i2d_re_X509_CRL_tbs(X509_CRL *crl, u - return i2d_X509_CRL_INFO(crl->crl, pp); - } - #endif -+ -+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL -+#define X509_get_notBefore X509_get0_notBefore -+#define X509_get_notAfter X509_get0_notAfter -+#define X509_set_notBefore X509_set1_notBefore -+#define X509_set_notAfter X509_set1_notAfter -+ -+#define X509_CRL_get_lastUpdate X509_CRL_get0_lastUpdate -+#define X509_CRL_get_nextUpdate X509_CRL_get0_nextUpdate -+#define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate -+#define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate -+#endif - """ ---- a/src/cryptography/hazmat/backends/openssl/backend.py -+++ b/src/cryptography/hazmat/backends/openssl/backend.py -@@ -1128,12 +1128,12 @@ class Backend(object): - - # Set the last update time. - last_update = self._create_asn1_time(builder._last_update) -- res = self._lib.X509_CRL_set_lastUpdate(x509_crl, last_update) -+ res = self._lib.X509_CRL_set1_lastUpdate(x509_crl, last_update) - self.openssl_assert(res == 1) - - # Set the next update time. - next_update = self._create_asn1_time(builder._next_update) -- res = self._lib.X509_CRL_set_nextUpdate(x509_crl, next_update) -+ res = self._lib.X509_CRL_set1_nextUpdate(x509_crl, next_update) - self.openssl_assert(res == 1) - - # Add extensions. ---- a/src/cryptography/hazmat/backends/openssl/x509.py -+++ b/src/cryptography/hazmat/backends/openssl/x509.py -@@ -86,12 +86,12 @@ class _Certificate(object): - - @property - def not_valid_before(self): -- asn1_time = self._backend._lib.X509_getm_notBefore(self._x509) -+ asn1_time = self._backend._lib.X509_get0_notBefore(self._x509) - return _parse_asn1_time(self._backend, asn1_time) - - @property - def not_valid_after(self): -- asn1_time = self._backend._lib.X509_getm_notAfter(self._x509) -+ asn1_time = self._backend._lib.X509_get0_notAfter(self._x509) - return _parse_asn1_time(self._backend, asn1_time) - - @property -@@ -277,13 +277,13 @@ class _CertificateRevocationList(object) - - @property - def next_update(self): -- nu = self._backend._lib.X509_CRL_get_nextUpdate(self._x509_crl) -+ nu = self._backend._lib.X509_CRL_get0_nextUpdate(self._x509_crl) - self._backend.openssl_assert(nu != self._backend._ffi.NULL) - return _parse_asn1_time(self._backend, nu) - - @property - def last_update(self): -- lu = self._backend._lib.X509_CRL_get_lastUpdate(self._x509_crl) -+ lu = self._backend._lib.X509_CRL_get0_lastUpdate(self._x509_crl) - self._backend.openssl_assert(lu != self._backend._ffi.NULL) - return _parse_asn1_time(self._backend, lu) - diff --git a/lang/python/python-cryptography/patches/0006-Add-X509_STORE_CTX_trusted_stack-compatibility-macro.patch b/lang/python/python-cryptography/patches/0006-Add-X509_STORE_CTX_trusted_stack-compatibility-macro.patch index 2513fe6b7..d43abc6d6 100644 --- a/lang/python/python-cryptography/patches/0006-Add-X509_STORE_CTX_trusted_stack-compatibility-macro.patch +++ b/lang/python/python-cryptography/patches/0006-Add-X509_STORE_CTX_trusted_stack-compatibility-macro.patch @@ -12,21 +12,7 @@ Signed-off-by: Rosen Penev --- a/src/_cffi_src/openssl/x509_vfy.py +++ b/src/_cffi_src/openssl/x509_vfy.py -@@ -157,8 +157,12 @@ int X509_STORE_CTX_init(X509_STORE_CTX * - Cryptography_STACK_OF_X509 *); - void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *, - Cryptography_STACK_OF_X509 *); -+void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *, -+ Cryptography_STACK_OF_X509 *); - void X509_STORE_CTX_set_cert(X509_STORE_CTX *, X509 *); --void X509_STORE_CTX_set_chain(X509_STORE_CTX *,Cryptography_STACK_OF_X509 *); -+void X509_STORE_CTX_set_chain(X509_STORE_CTX *, Cryptography_STACK_OF_X509 *); -+void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *, -+ Cryptography_STACK_OF_X509 *); - X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *); - void X509_STORE_CTX_set0_param(X509_STORE_CTX *, X509_VERIFY_PARAM *); - int X509_STORE_CTX_set_default(X509_STORE_CTX *, const char *); -@@ -260,4 +264,10 @@ static const long Cryptography_HAS_X509_ +@@ -265,4 +265,10 @@ static const long Cryptography_HAS_X509_ #else static const long Cryptography_HAS_X509_CB_ISSUER_CHECK = 1; #endif diff --git a/lang/python/python-cryptography/patches/0007-Add-defines-for-totally-deprecated-functions.patch b/lang/python/python-cryptography/patches/0007-Add-defines-for-totally-deprecated-functions.patch index b2d4cb969..7aca62c8d 100644 --- a/lang/python/python-cryptography/patches/0007-Add-defines-for-totally-deprecated-functions.patch +++ b/lang/python/python-cryptography/patches/0007-Add-defines-for-totally-deprecated-functions.patch @@ -12,7 +12,7 @@ Subject: [PATCH 7/7] Add defines for totally deprecated functions --- a/src/_cffi_src/openssl/conf.py +++ b/src/_cffi_src/openssl/conf.py -@@ -18,4 +18,8 @@ void OPENSSL_no_config(void); +@@ -17,4 +17,8 @@ void OPENSSL_no_config(void); """ CUSTOMIZATIONS = """ @@ -23,7 +23,7 @@ Subject: [PATCH 7/7] Add defines for totally deprecated functions """ --- a/src/_cffi_src/openssl/crypto.py +++ b/src/_cffi_src/openssl/crypto.py -@@ -114,4 +114,8 @@ void *Cryptography_realloc_wrapper(void +@@ -113,4 +113,8 @@ void *Cryptography_realloc_wrapper(void void Cryptography_free_wrapper(void *ptr, const char *path, int line) { free(ptr); } @@ -34,7 +34,7 @@ Subject: [PATCH 7/7] Add defines for totally deprecated functions """ --- a/src/_cffi_src/openssl/ecdh.py +++ b/src/_cffi_src/openssl/ecdh.py -@@ -18,4 +18,7 @@ long SSL_CTX_set_ecdh_auto(SSL_CTX *, in +@@ -17,4 +17,7 @@ long SSL_CTX_set_ecdh_auto(SSL_CTX *, in """ CUSTOMIZATIONS = """ @@ -44,7 +44,7 @@ Subject: [PATCH 7/7] Add defines for totally deprecated functions """ --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py -@@ -739,4 +739,9 @@ long (*SSL_get_max_proto_version)(SSL *) +@@ -745,4 +745,9 @@ long (*SSL_get_max_proto_version)(SSL *) #else static const long Cryptography_HAS_GET_PROTO_VERSION = 1; #endif