adding ports@ to cc
On 2023/05/18 06:49, orbea wrote:
> Hi,
>
> As you may be aware urllib3 has added code that checks that OpenSSL
> version string explicitly starts with "OpenSSL " breaking runtime with
> any other ssl implementations such as LibreSSL.
>
> https://github.com/urllib3/urllib3/blob/5dbc8e23488862aadab0706128d387af2f406b51/src/urllib3/__init__.py#L35
>
> After some discussion in on their Github issue tracker its been
> suggested to turn this into a warning instead, but a small number of
> the tests fail leaving them hesitant to follow through.
>
> https://github.com/urllib3/urllib3/issues/2168
>
> I posted my test results in the relevant PR.
>
> https://github.com/urllib3/urllib3/pull/3024#issuecomment-1546991435
>
> And upstream made a basic comment on what is failing here.
>
> https://github.com/urllib3/urllib3/pull/3024#issuecomment-1549555363
>
> However I have limited experience with python and understanding these
> tests is hard for me, is there anyone more capable and willing of
> helping as requested in the closed issue?
>
> https://github.com/urllib3/urllib3/issues/2168#issuecomment-1553027058
>
> I attached a small workaround patch, but it doesn't fix the tests.
> --- a/openssl-sys-0.9.83/build/main.rs.orig
> +++ b/openssl-sys-0.9.83/build/main.rs
> @@ -295,6 +295,7 @@
> (3, 6, _) => ('3', '6', 'x'),
> (3, 7, 0) => ('3', '7', '0'),
> (3, 7, 1) => ('3', '7', '1'),
> + (3, _, _) => ('3', 'x', 'x'),
> _ => version_error(),
> };
>
I just saw this too.
Probably easier to look into this on OpenBSD as cryptography doesn't
need touching.
Here is the main part of the PR in the form of a patch to the port,
tests are still running and it's time to go out for yoga class
so I'll send what I have in the hope it avoids anyone having to
duplicate work.
Tests make network conn's so disable any _pbuild PF blocks.
Index: Makefile
===================================================================
RCS file: /cvs/ports/www/py-urllib3/Makefile,v
retrieving revision 1.37
diff -u -p -r1.37 Makefile
--- Makefile 11 Mar 2023 11:24:09 -0000 1.37
+++ Makefile 18 May 2023 16:18:52 -0000
@@ -1,6 +1,6 @@
COMMENT= HTTP library for Python
-MODPY_EGG_VERSION= 1.26.15
+MODPY_EGG_VERSION= 2.0.2
DISTNAME= urllib3-${MODPY_EGG_VERSION}
PKGNAME= py-urllib3-${MODPY_EGG_VERSION}
@@ -16,9 +16,14 @@ FLAVOR= python3
MODPY_PI= Yes
MODPY_PYBUILD= setuptools
+MODPY_PYTEST_ARGS= -v # optional, displays test names rather than summary
-TEST_DEPENDS= devel/py-mock${MODPY_FLAVOR} \
+TEST_DEPENDS= devel/py-coverage${MODPY_FLAVOR} \
+ devel/py-freezegun${MODPY_FLAVOR} \
+ devel/py-test-timeout${MODPY_FLAVOR} \
net/py-socks${MODPY_FLAVOR} \
+ security/py-cryptography${MODPY_FLAVOR} \
+ security/py-openssl${MODPY_FLAVOR} \
sysutils/py-psutil${MODPY_FLAVOR} \
security/py-trustme${MODPY_FLAVOR} \
www/py-tornado${MODPY_FLAVOR}
Index: distinfo
===================================================================
RCS file: /cvs/ports/www/py-urllib3/distinfo,v
retrieving revision 1.25
diff -u -p -r1.25 distinfo
--- distinfo 11 Mar 2023 11:24:09 -0000 1.25
+++ distinfo 18 May 2023 16:18:52 -0000
@@ -1,2 +1,2 @@
-SHA256 (urllib3-1.26.15.tar.gz) = ijiHF7lHb5NKIUhOjI5hh1q2BkTSm5s54R5LncHGswU=
-SIZE (urllib3-1.26.15.tar.gz) = 301444
+SHA256 (urllib3-2.0.2.tar.gz) = YXF6EJXX4VXNtzese7L0MkqFih4uZGb20D/2MMpo08w=
+SIZE (urllib3-2.0.2.tar.gz) = 277703
Index: patches/patch-src_urllib3___init___py
===================================================================
RCS file: patches/patch-src_urllib3___init___py
diff -N patches/patch-src_urllib3___init___py
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_urllib3___init___py 18 May 2023 16:18:52 -0000
@@ -0,0 +1,32 @@
+from https://github.com/urllib3/urllib3/pull/3024
+
+Index: src/urllib3/__init__.py
+--- src/urllib3/__init__.py.orig
++++ src/urllib3/__init__.py
+@@ -30,17 +30,19 @@ try:
+ except ImportError:
+ pass
+ else:
+- # fmt: off
+- if (
+- not ssl.OPENSSL_VERSION.startswith("OpenSSL ")
+- or ssl.OPENSSL_VERSION_INFO < (1, 1, 1)
+- ): # Defensive:
++ if not ssl.OPENSSL_VERSION.startswith("OpenSSL "): # Defensive:
++ warnings.warn(
++ "urllib3 v2.0 only supports OpenSSL 1.1.1+, currently "
++ f"the 'ssl' module is compiled with {ssl.OPENSSL_VERSION!r}. "
++ "See: https://github.com/urllib3/urllib3/issues/3020";,
++ exceptions.NotOpenSSLWarning,
++ )
++ elif ssl.OPENSSL_VERSION_INFO < (1, 1, 1): # Defensive:
+ raise ImportError(
+ "urllib3 v2.0 only supports OpenSSL 1.1.1+, currently "
+- f"the 'ssl' module is compiled with {ssl.OPENSSL_VERSION}. "
++ f"the 'ssl' module is compiled with {ssl.OPENSSL_VERSION!r}. "
+ "See: https://github.com/urllib3/urllib3/issues/2168";
+ )
+- # fmt: on
+
+ # === NOTE TO REPACKAGERS AND VENDORS ===
+ # Please delete this block, this logic is only
Index: patches/patch-src_urllib3_exceptions_py
===================================================================
RCS file: patches/patch-src_urllib3_exceptions_py
diff -N patches/patch-src_urllib3_exceptions_py
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_urllib3_exceptions_py 18 May 2023 16:18:52 -0000
@@ -0,0 +1,16 @@
+from https://github.com/urllib3/urllib3/pull/3024
+
+Index: src/urllib3/exceptions.py
+--- src/urllib3/exceptions.py.orig
++++ src/urllib3/exceptions.py
+@@ -214,6 +214,10 @@ class InsecureRequestWarning(SecurityWarning):
+ """Warned when making an unverified HTTPS request."""
+
+
++class NotOpenSSLWarning(SecurityWarning):
++ """Warned when using unsupported SSL library"""
++
++
+ class SystemTimeWarning(SecurityWarning):
+ """Warned when system time is suspected to be wrong"""
+
