commit: 78ab04ebd7ffef06162969506f70205272c41e75 Author: orbea <orbea <AT> riseup <DOT> net> AuthorDate: Sat Dec 25 18:00:55 2021 +0000 Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com> CommitDate: Sat Dec 25 23:57:08 2021 +0000 URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=78ab04eb
dev-python/m2crypto: Updated for 0.38.0 Fixes https://github.com/gentoo/libressl/issues/335 Uses OpenBSD patches. https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/security/py-M2Crypto/patches/ Signed-off-by: orbea <orbea <AT> riseup.net> Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com> dev-python/m2crypto/Manifest | 2 +- .../m2crypto/files/m2crypto-libressl-0.38.0.patch | 185 +++++++++++++++++++++ dev-python/m2crypto/m2crypto-0.38.0.ebuild | 67 ++++++++ 3 files changed, 253 insertions(+), 1 deletion(-) diff --git a/dev-python/m2crypto/Manifest b/dev-python/m2crypto/Manifest index 549be47..d57a141 100644 --- a/dev-python/m2crypto/Manifest +++ b/dev-python/m2crypto/Manifest @@ -1,3 +1,3 @@ -DIST M2Crypto-0.35.2.tar.gz 1117706 BLAKE2B efa15e023be7755b94c642bb23eade912edcbbb76bcdfed3414d27937cd705ec4c83069ca620fe20e58e126549ba7f98e84f6f8330b78133a8a8b953d18f467b SHA512 3608b29a8e7d0732a2359e35fcaae191447aa7c0211ca3d057eed6cee7f0819f5c1121e7d41caca8cdea3c7911f8c447ee475b1b3d125e8dc3adde2718a59f36 DIST M2Crypto-0.36.0.tar.gz 1127584 BLAKE2B 5cdbbb11ff67d4ddffb2853a72383f3c7f1e1aa53ab84166aeda4fbea1b0d7f506761bb07bf8cb5b36f94bdbeb2ea2b46e0693da8355f81b4bf5c4c1c1cc18b1 SHA512 5b7d6d10c943ff0e09e0e9748d5578e7e0f7659a73de4ba49481152bca05871aef2bfbb869e1636a7cebcf2dd8b9f67fb0d299a833d1d4ebd538031c35d7bca1 DIST M2Crypto-0.37.1.tar.gz 1247031 BLAKE2B 3628150b8da15d7356298b6e52e0d8fa7875921a184a0eba3a97eff0588c9e0fee340c92fd486919057d900d6e3b2b711174dde9761fe247848f92ac6434df0a SHA512 9a5e0220704b4897a9ca7efa4b3b57447b9175c52e8039a85bff7bb1a43b709c69f3c8b5903df461f8de39d3f8a20f9bf494df6f5882771846adfe2c03fbea9e +DIST M2Crypto-0.38.0.tar.gz 1241269 BLAKE2B 95433090e08ff72cd2b0779491dc38b89eca159b26812e763b5b8973e3d27249a96d5a2c983b59f414184f64beb8e455dc26979310378db89dd2081741d4d17d SHA512 b1e24e3101ce0dd9f17be4cabeddc2ec0f1228b270d74ef2fb38bae8807c5025b031d0743185f06370786a3dd5c3f42129720534dcff07ea4de3c727613f8d20 diff --git a/dev-python/m2crypto/files/m2crypto-libressl-0.38.0.patch b/dev-python/m2crypto/files/m2crypto-libressl-0.38.0.patch new file mode 100644 index 0000000..e3f67e3 --- /dev/null +++ b/dev-python/m2crypto/files/m2crypto-libressl-0.38.0.patch @@ -0,0 +1,185 @@ +$OpenBSD: patch-src_M2Crypto_BIO_py,v 1.1 2021/07/24 20:02:04 sthen Exp $ + +Partially revert https://gitlab.com/m2crypto/m2crypto/commit/738cd0bf3dc2ee619f598290d5bf4c2190987f16: + + * Fix BIO.File ... return type of BIO.readline() and close properly. + That is, flush BIO.File() before closing and close also underlying + system file. + +For Python 2 this results in: + +python2 -c "import M2Crypto; M2Crypto.BIO.openfile('/etc/ssl/cert.pem')" +Traceback (most recent call last): + File "<string>", line 1, in <module> + File "/usr/local/lib/python2.7/site-packages/M2Crypto/BIO.py", line 284, in openfile + return File(f) + File "/usr/local/lib/python2.7/site-packages/M2Crypto/BIO.py", line 239, in __init__ + pyfile.flush() +IOError: [Errno 9] Bad file descriptor + +https://gitlab.com/m2crypto/m2crypto/issues/211 + +Index: src/M2Crypto/BIO.py +--- a/src/M2Crypto/BIO.py.orig ++++ b/src/M2Crypto/BIO.py +@@ -235,8 +235,9 @@ class File(BIO): + # + # https://docs.python.org/3.3/c-api/file.html + # +- pyfile.flush() +- self.fname = pyfile.name ++ if six.PY3: ++ pyfile.flush() ++ self.fname = pyfile.name + self.pyfile = pyfile + # Be wary of https://github.com/openssl/openssl/pull/1925 + # BIO_new_fd is NEVER to be used before OpenSSL 1.1.1 +@@ -246,7 +247,8 @@ class File(BIO): + self.bio = m2.bio_new_pyfile(pyfile, m2.bio_noclose) + + self.close_pyfile = close_pyfile +- self.closed = False ++ if six.PY3: ++ self.closed = False + + def flush(self): + # type: () -> None +@@ -255,8 +257,9 @@ class File(BIO): + + def close(self): + # type: () -> None +- self.flush() +- super(File, self).close() ++ if six.PY3: ++ self.flush() ++ super(File, self).close() + if self.close_pyfile: + self.pyfile.close() + +$OpenBSD: patch-src_SWIG__lib11_compat_i,v 1.2 2021/10/07 22:32:54 tb Exp $ + +Provide CRYPTO_zalloc to fix build with LibreSSL + +Index: src/SWIG/_lib11_compat.i +--- a/src/SWIG/_lib11_compat.i.orig ++++ b/src/SWIG/_lib11_compat.i +@@ -8,7 +8,7 @@ + */ + + %{ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + + #include <string.h> + #include <openssl/engine.h> +@@ -24,6 +24,8 @@ static void *CRYPTO_zalloc(size_t num, const char *fil + return ret; + } + ++#endif ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + #include <openssl/bn.h> + + #ifndef BN_F_BN_GENCB_NEW +$OpenBSD: patch-src_SWIG__lib_i,v 1.2 2021/10/07 22:32:54 tb Exp $ + +Fix build with LibreSSL + +Index: src/SWIG/_lib.i +--- a/src/SWIG/_lib.i.orig ++++ b/src/SWIG/_lib.i +@@ -21,7 +21,7 @@ + + %{ + /* OpenSSL 1.0.2 copmatbility shim */ +-#if OPENSSL_VERSION_NUMBER < 0x10002000L ++#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) + typedef void (*OPENSSL_sk_freefunc)(void *); + typedef void *(*OPENSSL_sk_copyfunc)(const void *); + typedef struct stack_st OPENSSL_STACK; +$OpenBSD: patch-src_SWIG__threads_i,v 1.1 2021/07/24 20:02:04 sthen Exp $ + +Fix build with LibreSSL + +Index: src/SWIG/_threads.i +--- a/src/SWIG/_threads.i.orig ++++ b/src/SWIG/_threads.i +@@ -5,7 +5,7 @@ + #include <pythread.h> + #include <openssl/crypto.h> + +-#if defined(THREADING) && OPENSSL_VERSION_NUMBER < 0x10100000L ++#if defined(THREADING) && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + #define CRYPTO_num_locks() (CRYPTO_NUM_LOCKS) + static PyThread_type_lock lock_cs[CRYPTO_num_locks()]; + static long lock_count[CRYPTO_num_locks()]; +@@ -13,7 +13,7 @@ static int thread_mode = 0; + #endif + + void threading_locking_callback(int mode, int type, const char *file, int line) { +-#if defined(THREADING) && OPENSSL_VERSION_NUMBER < 0x10100000L ++#if defined(THREADING) && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + if (mode & CRYPTO_LOCK) { + PyThread_acquire_lock(lock_cs[type], WAIT_LOCK); + lock_count[type]++; +@@ -25,7 +25,7 @@ void threading_locking_callback(int mode, int type, co + } + + unsigned long threading_id_callback(void) { +-#if defined(THREADING) && OPENSSL_VERSION_NUMBER < 0x10100000L ++#if defined(THREADING) && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + return (unsigned long)PyThread_get_thread_ident(); + #else + return (unsigned long)0; +@@ -35,7 +35,7 @@ unsigned long threading_id_callback(void) { + + %inline %{ + void threading_init(void) { +-#if defined(THREADING) && OPENSSL_VERSION_NUMBER < 0x10100000L ++#if defined(THREADING) && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + int i; + if (!thread_mode) { + for (i=0; i<CRYPTO_num_locks(); i++) { +@@ -50,7 +50,7 @@ void threading_init(void) { + } + + void threading_cleanup(void) { +-#if defined(THREADING) && OPENSSL_VERSION_NUMBER < 0x10100000L ++#if defined(THREADING) && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + int i; + if (thread_mode) { + CRYPTO_set_locking_callback(NULL); +$OpenBSD: patch-SWIG__bio_i,v 1.4 2018/04/25 16:51:05 jasper Exp $ + +BIO_meth_new() and BIO_meth_free() are non-static in LibreSSL + +Index: SWIG/_bio.i +--- a/src/SWIG/_bio.i.orig ++++ a/src/SWIG/_bio.i +@@ -293,8 +293,12 @@ int bio_should_write(BIO* a) { + } + + /* Macros for things not defined before 1.1.0 */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L +-static BIO_METHOD * ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++ ++#if !defined(LIBRESSL_VERSION_NUMBER) ++static ++#endif ++BIO_METHOD * + BIO_meth_new( int type, const char *name ) + { + BIO_METHOD *method = malloc( sizeof(BIO_METHOD) ); +@@ -306,7 +310,10 @@ BIO_meth_new( int type, const char *name ) + return method; + } + +-static void ++#if !defined(LIBRESSL_VERSION_NUMBER) ++static ++#endif ++void + BIO_meth_free( BIO_METHOD *meth ) + { + if ( meth == NULL ) { diff --git a/dev-python/m2crypto/m2crypto-0.38.0.ebuild b/dev-python/m2crypto/m2crypto-0.38.0.ebuild new file mode 100644 index 0000000..481c395 --- /dev/null +++ b/dev-python/m2crypto/m2crypto-0.38.0.ebuild @@ -0,0 +1,67 @@ +# Copyright 2018-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{8..10} ) +PYTHON_REQ_USE="threads(+)" + +inherit distutils-r1 toolchain-funcs + +MY_PN="M2Crypto" +DESCRIPTION="A Python crypto and SSL toolkit" +HOMEPAGE="https://gitlab.com/m2crypto/m2crypto https://pypi.org/project/M2Crypto/"; +SRC_URI="mirror://pypi/${MY_PN:0:1}/${MY_PN}/${MY_PN}-${PV}.tar.gz" +S="${WORKDIR}/${MY_PN}-${PV}" + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-macos" +IUSE="test" +RESTRICT="!test? ( test )" + +BDEPEND=" + >=dev-lang/swig-2.0.9 + test? ( dev-python/parameterized[${PYTHON_USEDEP}] ) +" +RDEPEND=" + dev-libs/openssl:0= +" +DEPEND="${RDEPEND}" + +PATCHES=( + "${FILESDIR}/${PN}-libressl-0.38.0.patch" +) + +distutils_enable_tests setup.py + +swig_define() { + local x + for x; do + if tc-cpp-is-true "defined(${x})"; then + SWIG_FEATURES+=" -D${x}" + fi + done +} + +src_prepare() { + # relies on very exact clock behavior which apparently fails + # with inconvenient CONFIG_HZ* + sed -e 's:test_server_simple_timeouts:_&:' \ + -i tests/test_ssl.py || die + distutils-r1_src_prepare +} + +python_compile() { + # setup.py looks at platform.machine() to determine swig options. + # For exotic ABIs, we need to give swig a hint. + local -x SWIG_FEATURES= + + # https://bugs.gentoo.org/617946 + swig_define __ILP32__ + + # https://bugs.gentoo.org/674112 + swig_define __ARM_PCS_VFP + + distutils-r1_python_compile --openssl="${ESYSROOT}"/usr +}
