[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915 Mark Felderchanged: What|Removed |Added Resolution|--- |FIXED Status|In Progress |Closed --- Comment #14 from Mark Felder --- The change was reverted, but it doesn't matter anymore because 9.3 is EoL. I should not be proud the "fix" is to wait for the OS to be EoL... -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915 --- Comment #12 from commit-h...@freebsd.org --- A commit references this bug: Author: feld Date: Thu Dec 8 17:07:23 UTC 2016 New revision: 428138 URL: https://svnweb.freebsd.org/changeset/ports/428138 Log: security/py-pycryptography: Fix build on FreeBSD 9.3 Modern py-cryptography requires a more modern OpenSSL. This switch to requiring OpenSSL from ports is a disruptive change, but it will protect these users from the recently patched vulnerabilites. Support for OpenSSL 0.9.8 was removed in pycryptography as of version 1.4. The last release to support OpenSSL 0.9.8 was 1.3.4 which is still vulnerable to the HDKF key generation bug. It appears that version 1.4 did build successfully on FreeBSD 9.3, but upstream had abandoned support for OpenSSL 0.9.8 at that point so it is unclear if it was fully functional. PR: 214915 MFH: 2016Q4 Changes: head/security/py-cryptography/Makefile -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915 --- Comment #13 from commit-h...@freebsd.org --- A commit references this bug: Author: feld Date: Thu Dec 8 17:08:55 UTC 2016 New revision: 428139 URL: https://svnweb.freebsd.org/changeset/ports/428139 Log: MFH: r428138 security/py-pycryptography: Fix build on FreeBSD 9.3 Modern py-cryptography requires a more modern OpenSSL. This switch to requiring OpenSSL from ports is a disruptive change, but it will protect these users from the recently patched vulnerabilites. Support for OpenSSL 0.9.8 was removed in pycryptography as of version 1.4. The last release to support OpenSSL 0.9.8 was 1.3.4 which is still vulnerable to the HDKF key generation bug. It appears that version 1.4 did build successfully on FreeBSD 9.3, but upstream had abandoned support for OpenSSL 0.9.8 at that point so it is unclear if it was fully functional. PR: 214915 Approved by: ports-secteam (with hat) Changes: _U branches/2016Q4/ branches/2016Q4/security/py-cryptography/Makefile -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915 Kubilay Kocakchanged: What|Removed |Added Status|Closed |In Progress Resolution|FIXED |--- --- Comment #11 from Kubilay Kocak --- (In reply to Mark Felder from comment #10) Conditionally use ports SSL. I prefer this over BROKEN as the package for 9.3 will be produced, and it's not broken, it's broken Later versions of cryptography removed support for older versions (< 1.0.0 iirc) of SSL. -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915 --- Comment #10 from Mark Felder--- (In reply to Antoine Brodin from comment #8) If we can't find a workaround for the build failure on 9.3 we'll have to mark it as BROKEN there. It doesn't make sense to leave all users vulnerable because it's broken on 9.3. 9.3 is also nearly EoL, so that was taken into consideration as well. -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915 --- Comment #9 from Vladimir Krstulja--- It fails on 9.3 with base OpenSSL. I looked into the code that fails but it's not something I can repatch. One option is to mark it broken for 9.3 with base SSL, since 9.3 is about to be EOL'd very soon and nobody should be using OpenSSL that old anyway. I meanwhile ran more tests, builds fine with py27 & py35 with ports OpenSSL on all three supported FreeBSD branches. -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915 --- Comment #8 from Antoine Brodin--- Why was this committed and even MFHed when the build log says it fails to build? -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915 --- Comment #7 from commit-h...@freebsd.org --- A commit references this bug: Author: feld Date: Sun Dec 4 22:29:11 UTC 2016 New revision: 427813 URL: https://svnweb.freebsd.org/changeset/ports/427813 Log: Document py-cryptography vulnerability PR: 214915 Security: CVE-2016-9243 Changes: head/security/vuxml/vuln.xml -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915 Mark Felderchanged: What|Removed |Added Resolution|--- |FIXED Status|Open|Closed -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915 --- Comment #6 from commit-h...@freebsd.org --- A commit references this bug: Author: feld Date: Sun Dec 4 22:20:29 UTC 2016 New revision: 427812 URL: https://svnweb.freebsd.org/changeset/ports/427812 Log: MFH: r427810 security/py-cryptography: Update to 1.6 Changelog:https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst PR: 214915 Approved by: ports-secteam (with hat) Security: CVE-2016-9243 Changes: _U branches/2016Q4/ branches/2016Q4/security/py-cryptography/Makefile branches/2016Q4/security/py-cryptography/distinfo branches/2016Q4/security/py-cryptography/files/ -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915 Mark Felderchanged: What|Removed |Added CC||f...@freebsd.org Assignee|ko...@freebsd.org |f...@freebsd.org -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915 --- Comment #5 from commit-h...@freebsd.org --- A commit references this bug: Author: feld Date: Sun Dec 4 22:18:51 UTC 2016 New revision: 427810 URL: https://svnweb.freebsd.org/changeset/ports/427810 Log: security/py-cryptography: Update to 1.6 Changelog:https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst PR: 214915 Approved by: ports-secteam (with hat) MFH: 2016Q4 Security: CVE-2016-9243 Changes: head/security/py-cryptography/Makefile head/security/py-cryptography/distinfo head/security/py-cryptography/files/ -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915 --- Comment #4 from Vladimir Krstulja--- More build tests: * Poudriere 11.0, amd64, python35, libressl = OK * Poudriere 10.3, amd64, python35, libressl = OK * Poudriere 9.3, amd64, python35, libressl = OK (!) -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915 --- Comment #3 from Vladimir Krstulja--- Created attachment 177551 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=177551=edit Build log for Poudriere 9.3 amd64 python27 base ssl build test (FAIL). Had to compress the log as it's 4M orig. -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915 Vladimir Krstuljachanged: What|Removed |Added Keywords|needs-patch |needs-qa, patch -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915 --- Comment #2 from Vladimir Krstulja--- Created attachment 177550 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=177550=edit Bump py-cryptography to 1.6 Patch to bump py-cryptography to 1.6. Build tests done: * Poudriere 11.0, amd64, python27, base ssl = OK * Poudriere 10.3, amd64, python27, base ssl = OK * Poudriere 9.3, amd64, python27, base ssl = FAIL * Poudriere 11.0, amd64, python35, libressl = PENDING * Poudriere 10.3, amd64, python35, libressl = PENDING * Poudriere 9.3, amd64, python35, libressl = PENDING -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915 Kubilay Kocakchanged: What|Removed |Added Status|New |Open Flags|maintainer-feedback?(koobs@ |maintainer-feedback+ |FreeBSD.org)| --- Comment #1 from Kubilay Kocak --- Pending patch, should get to this later this week. If you can provide a QA'd patch, I ought to be able to commit it sooner. -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
[Bug 214915] security/py-cryptography: Update to 1.6 (security fixes)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915 Bug ID: 214915 Summary: security/py-cryptography: Update to 1.6 (security fixes) Product: Ports & Packages Version: Latest Hardware: Any URL: https://github.com/pyca/cryptography/blob/master/CHANG ELOG.rst OS: Any Status: New Keywords: needs-patch, security Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: ko...@freebsd.org Reporter: vlad-f...@acheronmedia.com CC: ports-sect...@freebsd.org, pyt...@freebsd.org Assignee: ko...@freebsd.org Flags: maintainer-feedback?(ko...@freebsd.org), merge-quarterly? Please update py-cryptography to latest, 1.6. Contains a security fix for CVE-2016-9243 (fixed upstream in 1.5.3). -- You are receiving this mail because: You are on the CC list for the bug. ___ freebsd-python@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"