On 2017/01/03 10:49, Peter Hessler wrote: > Ugly patch to get py-cryptography loading again after the Symbol > massacre in libressl. (the #ifdef trick didn't work, so yolo) > > OK?
Slightly tweaked - this way (with the second ifdefs removed) I think it should cause things to break if/when libressl adds the rest of the VERIFY_PARAMS api so we can adjust the workaround. Index: Makefile =================================================================== RCS file: /cvs/ports/security/py-cryptography/Makefile,v retrieving revision 1.18 diff -u -p -r1.18 Makefile --- Makefile 3 Jan 2017 19:26:14 -0000 1.18 +++ Makefile 4 Jan 2017 19:33:24 -0000 @@ -6,7 +6,7 @@ MODPY_EGG_VERSION= 1.5.3 DISTNAME= cryptography-${MODPY_EGG_VERSION} PKGNAME= ${MODPY_PY_PREFIX}${DISTNAME} CATEGORIES= security devel -REVISION= 0 +REVISION= 1 HOMEPAGE= https://cryptography.io/ Index: patches/patch-src__cffi_src_openssl_x509_vfy_py =================================================================== RCS file: /cvs/ports/security/py-cryptography/patches/patch-src__cffi_src_openssl_x509_vfy_py,v retrieving revision 1.1 diff -u -p -r1.1 patch-src__cffi_src_openssl_x509_vfy_py --- patches/patch-src__cffi_src_openssl_x509_vfy_py 8 Nov 2016 15:37:59 -0000 1.1 +++ patches/patch-src__cffi_src_openssl_x509_vfy_py 4 Jan 2017 19:33:24 -0000 @@ -1,24 +1,28 @@ $OpenBSD: patch-src__cffi_src_openssl_x509_vfy_py,v 1.1 2016/11/08 15:37:59 sthen Exp $ -Hack to allow building with newer libressl following this commit: +Newer libressl has part but not all of the X509_VERIFY_PARAM_* API from +OpenSSL 1.0.2beta2+; hack to allow py-cryptography to build/run with this. -Date: 2016/11/05 20:14:59 -Author: beck -Branch: HEAD -Tag: (none) -Log: -Part one of the alt chains changes, bring in newer modifications to -VERIFY_PARAMS - based on boringssl. -ok jsing@ miod@ - -Members: - vpm_int.h:1.1->1.2 - x509_vfy.h:1.16->1.17 - x509_vpm.c:1.11->1.12 - ---- src/_cffi_src/openssl/x509_vfy.py.orig Mon Sep 26 21:22:21 2016 -+++ src/_cffi_src/openssl/x509_vfy.py Tue Nov 8 15:31:14 2016 -@@ -207,10 +207,12 @@ static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0 +--- src/_cffi_src/openssl/x509_vfy.py.orig Sun Nov 6 03:05:05 2016 ++++ src/_cffi_src/openssl/x509_vfy.py Wed Jan 4 19:30:20 2017 +@@ -187,10 +187,12 @@ void X509_STORE_CTX_set0_crls(X509_STORE_CTX *, + int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *, const char *, + size_t); + void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *, unsigned int); +-int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *, const char *, +- size_t); +-int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *, const unsigned char *, +- size_t); ++/* Fails with recent LibreSSL; ffi doesn't support ifdefs here */ ++// int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *, const char *, ++// size_t); ++// int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *, const unsigned char *, ++// size_t); ++/****/ + int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *, const char *); + """ + +@@ -207,9 +209,11 @@ static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0 static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0; static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0; static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0; @@ -26,21 +30,7 @@ Members: static const long X509_V_ERR_HOSTNAME_MISMATCH = 0; static const long X509_V_ERR_EMAIL_MISMATCH = 0; static const long X509_V_ERR_IP_ADDRESS_MISMATCH = 0; - #endif +#endif + #endif /* OpenSSL 1.0.2beta2+ verification parameters */ - #if CRYPTOGRAPHY_OPENSSL_102BETA2_OR_GREATER && \ -@@ -226,10 +228,12 @@ static const long X509_V_FLAG_SUITEB_128_LOS = 0; - - int (*X509_VERIFY_PARAM_set1_host)(X509_VERIFY_PARAM *, const char *, - size_t) = NULL; -+#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2050100fL - int (*X509_VERIFY_PARAM_set1_email)(X509_VERIFY_PARAM *, const char *, - size_t) = NULL; - int (*X509_VERIFY_PARAM_set1_ip)(X509_VERIFY_PARAM *, const unsigned char *, - size_t) = NULL; -+#endif - int (*X509_VERIFY_PARAM_set1_ip_asc)(X509_VERIFY_PARAM *, const char *) = NULL; - void (*X509_VERIFY_PARAM_set_hostflags)(X509_VERIFY_PARAM *, - unsigned int) = NULL;