[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)

2017-01-09 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915

Mark Felder  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|In Progress |Closed

--- Comment #14 from Mark Felder  ---
The change was reverted, but it doesn't matter anymore because 9.3 is EoL.

I should not be proud the "fix" is to wait for the OS to be EoL...

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-python@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-python
To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"

[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)

2016-12-08 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915

--- Comment #12 from commit-h...@freebsd.org ---
A commit references this bug:

Author: feld
Date: Thu Dec  8 17:07:23 UTC 2016
New revision: 428138
URL: https://svnweb.freebsd.org/changeset/ports/428138

Log:
  security/py-pycryptography: Fix build on FreeBSD 9.3

  Modern py-cryptography requires a more modern OpenSSL. This switch to
  requiring OpenSSL from ports is a disruptive change, but it will protect
  these users from the recently patched vulnerabilites.

  Support for OpenSSL 0.9.8 was removed in pycryptography as of version 1.4.
  The last release to support OpenSSL 0.9.8 was 1.3.4 which is still
  vulnerable to the HDKF key generation bug. It appears that version 1.4
  did build successfully on FreeBSD 9.3, but upstream had abandoned
  support for OpenSSL 0.9.8 at that point so it is unclear if it was fully
  functional.

  PR:   214915
  MFH:  2016Q4

Changes:
  head/security/py-cryptography/Makefile

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-python@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-python
To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"

[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)

2016-12-08 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915

--- Comment #13 from commit-h...@freebsd.org ---
A commit references this bug:

Author: feld
Date: Thu Dec  8 17:08:55 UTC 2016
New revision: 428139
URL: https://svnweb.freebsd.org/changeset/ports/428139

Log:
  MFH: r428138

  security/py-pycryptography: Fix build on FreeBSD 9.3

  Modern py-cryptography requires a more modern OpenSSL. This switch to
  requiring OpenSSL from ports is a disruptive change, but it will protect
  these users from the recently patched vulnerabilites.

  Support for OpenSSL 0.9.8 was removed in pycryptography as of version 1.4.
  The last release to support OpenSSL 0.9.8 was 1.3.4 which is still
  vulnerable to the HDKF key generation bug. It appears that version 1.4
  did build successfully on FreeBSD 9.3, but upstream had abandoned
  support for OpenSSL 0.9.8 at that point so it is unclear if it was fully
  functional.

  PR:   214915

  Approved by:  ports-secteam (with hat)

Changes:
_U  branches/2016Q4/
  branches/2016Q4/security/py-cryptography/Makefile

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-python@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-python
To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"

[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)

2016-12-05 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915

Kubilay Kocak  changed:

   What|Removed |Added

 Status|Closed  |In Progress
 Resolution|FIXED   |---

--- Comment #11 from Kubilay Kocak  ---
(In reply to Mark Felder from comment #10)

Conditionally use ports SSL. 
I prefer this over BROKEN as the package for 9.3 will be produced, and it's not
broken, it's broken 

Later versions of cryptography removed support for older versions (< 1.0.0
iirc) of SSL.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-python@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-python
To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"

[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)

2016-12-05 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915

--- Comment #10 from Mark Felder  ---
(In reply to Antoine Brodin from comment #8)

If we can't find a workaround for the build failure on 9.3 we'll have to mark
it as BROKEN there. It doesn't make sense to leave all users vulnerable because
it's broken on 9.3.

9.3 is also nearly EoL, so that was taken into consideration as well.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-python@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-python
To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"

[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)

2016-12-05 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915

--- Comment #9 from Vladimir Krstulja  ---
It fails on 9.3 with base OpenSSL. I looked into the code that fails but it's
not something I can repatch.

One option is to mark it broken for 9.3 with base SSL, since 9.3 is about to be
EOL'd very soon and nobody should be using OpenSSL that old anyway.

I meanwhile ran more tests, builds fine with py27 & py35 with ports OpenSSL on
all three supported FreeBSD branches.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-python@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-python
To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"

[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)

2016-12-04 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915

--- Comment #8 from Antoine Brodin  ---
Why was this committed and even MFHed when the build log says it fails to
build?

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-python@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-python
To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"

[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)

2016-12-04 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915

--- Comment #7 from commit-h...@freebsd.org ---
A commit references this bug:

Author: feld
Date: Sun Dec  4 22:29:11 UTC 2016
New revision: 427813
URL: https://svnweb.freebsd.org/changeset/ports/427813

Log:
  Document py-cryptography vulnerability

  PR:   214915
  Security: CVE-2016-9243

Changes:
  head/security/vuxml/vuln.xml

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-python@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-python
To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"

[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)

2016-12-04 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915

Mark Felder  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|Open|Closed

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-python@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-python
To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"

[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)

2016-12-04 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915

--- Comment #6 from commit-h...@freebsd.org ---
A commit references this bug:

Author: feld
Date: Sun Dec  4 22:20:29 UTC 2016
New revision: 427812
URL: https://svnweb.freebsd.org/changeset/ports/427812

Log:
  MFH: r427810

  security/py-cryptography: Update to 1.6

  Changelog:https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst

  PR:   214915
  Approved by:  ports-secteam (with hat)
  Security: CVE-2016-9243

Changes:
_U  branches/2016Q4/
  branches/2016Q4/security/py-cryptography/Makefile
  branches/2016Q4/security/py-cryptography/distinfo
  branches/2016Q4/security/py-cryptography/files/

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-python@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-python
To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"

[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)

2016-12-04 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915

Mark Felder  changed:

   What|Removed |Added

 CC||f...@freebsd.org
   Assignee|ko...@freebsd.org   |f...@freebsd.org

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-python@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-python
To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"

[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)

2016-12-04 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915

--- Comment #5 from commit-h...@freebsd.org ---
A commit references this bug:

Author: feld
Date: Sun Dec  4 22:18:51 UTC 2016
New revision: 427810
URL: https://svnweb.freebsd.org/changeset/ports/427810

Log:
  security/py-cryptography: Update to 1.6

  Changelog:https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst

  PR:   214915
  Approved by:  ports-secteam (with hat)
  MFH:  2016Q4
  Security: CVE-2016-9243

Changes:
  head/security/py-cryptography/Makefile
  head/security/py-cryptography/distinfo
  head/security/py-cryptography/files/

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-python@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-python
To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"

[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)

2016-11-30 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915

--- Comment #4 from Vladimir Krstulja  ---
More build tests:

* Poudriere 11.0, amd64, python35, libressl = OK
* Poudriere 10.3, amd64, python35, libressl = OK
* Poudriere 9.3, amd64, python35, libressl = OK (!)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-python@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-python
To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"

[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)

2016-11-30 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915

--- Comment #3 from Vladimir Krstulja  ---
Created attachment 177551
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=177551=edit
Build log for Poudriere 9.3 amd64 python27 base ssl  build test (FAIL).

Had to compress the log as it's 4M orig.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-python@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-python
To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"

[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)

2016-11-30 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915

Vladimir Krstulja  changed:

   What|Removed |Added

   Keywords|needs-patch |needs-qa, patch

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-python@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-python
To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"

[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)

2016-11-30 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915

--- Comment #2 from Vladimir Krstulja  ---
Created attachment 177550
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=177550=edit
Bump py-cryptography to 1.6

Patch to bump py-cryptography to 1.6. Build tests done:

* Poudriere 11.0, amd64, python27, base ssl = OK
* Poudriere 10.3, amd64, python27, base ssl = OK
* Poudriere 9.3, amd64, python27, base ssl = FAIL

* Poudriere 11.0, amd64, python35, libressl = PENDING
* Poudriere 10.3, amd64, python35, libressl = PENDING
* Poudriere 9.3, amd64, python35, libressl = PENDING

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-python@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-python
To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"

[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)

2016-11-30 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915

Kubilay Kocak  changed:

   What|Removed |Added

 Status|New |Open
  Flags|maintainer-feedback?(koobs@ |maintainer-feedback+
   |FreeBSD.org)|

--- Comment #1 from Kubilay Kocak  ---
Pending patch, should get to this later this week. If you can provide a QA'd
patch, I ought to be able to commit it sooner.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-python@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-python
To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"

[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)

2016-11-28 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915

Bug ID: 214915
   Summary: security/py-cryptography: Update to 1.6 (security
fixes)
   Product: Ports & Packages
   Version: Latest
  Hardware: Any
   URL: https://github.com/pyca/cryptography/blob/master/CHANG
ELOG.rst
OS: Any
Status: New
  Keywords: needs-patch, security
  Severity: Affects Some People
  Priority: ---
 Component: Individual Port(s)
  Assignee: ko...@freebsd.org
  Reporter: vlad-f...@acheronmedia.com
CC: ports-sect...@freebsd.org, pyt...@freebsd.org
  Assignee: ko...@freebsd.org
 Flags: maintainer-feedback?(ko...@freebsd.org),
merge-quarterly?

Please update py-cryptography to latest, 1.6. Contains a security fix for
CVE-2016-9243 (fixed upstream in 1.5.3).

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-python@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-python
To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"