Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-python
diff options
context:
space:
mode:
Diffstat (limited to 'dev-python')
-rw-r--r--dev-python/m2crypto/files/m2crypto-0.37.1-openssl-fixes.patch76
-rw-r--r--dev-python/m2crypto/m2crypto-0.37.1-r1.ebuild69
2 files changed, 145 insertions, 0 deletions
diff --git a/dev-python/m2crypto/files/m2crypto-0.37.1-openssl-fixes.patch b/dev-python/m2crypto/files/m2crypto-0.37.1-openssl-fixes.patch
new file mode 100644
index 000000000000..c249f7adbb80
--- /dev/null
+++ b/dev-python/m2crypto/files/m2crypto-0.37.1-openssl-fixes.patch
@@ -0,0 +1,76 @@
+From 73fbd1e646f6bbf202d4418bae80eb9941fbf552 Mon Sep 17 00:00:00 2001
+From: Casey Deccio <casey@deccio.net>
+Date: Fri, 8 Jan 2021 12:43:09 -0700
+Subject: [PATCH] Allow verify_cb_* to be called with ok=True
+
+With https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58
+OpenSSL allowed verificaton to continue on UNABLE_TO_VERIFY_LEAF_SIGNATURE
+---
+ tests/test_ssl.py | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/tests/test_ssl.py b/tests/test_ssl.py
+index 92b6942..7a3271a 100644
+--- a/tests/test_ssl.py
++++ b/tests/test_ssl.py
+@@ -59,8 +59,13 @@ def allocate_srv_port():
+
+
+ def verify_cb_new_function(ok, store):
+- assert not ok
+ err = store.get_error()
++ # If err is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, then instead of
++ # aborting, this callback is called to retrieve additional error
++ # information. In this case, ok might not be False.
++ # See https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58
++ if err != m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
++ assert not ok
+ assert err in [m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
+ m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
+ m2.X509_V_ERR_CERT_UNTRUSTED,
+@@ -618,7 +623,12 @@ class MiscSSLClientTestCase(BaseSSLClientTestCase):
+
+ def verify_cb_old(self, ctx_ptr, x509_ptr, err, depth, ok):
+ try:
+- self.assertFalse(ok)
++ # If err is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, then instead of
++ # aborting, this callback is called to retrieve additional error
++ # information. In this case, ok might not be False.
++ # See https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58
++ if err != m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
++ self.assertFalse(ok)
+ self.assertIn(err,
+ [m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
+ m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
+--
+2.31.1
+
+From d06eaa88a5f491827733f32027c46de3557fbd05 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
+Date: Fri, 19 Feb 2021 15:53:02 +0100
+Subject: [PATCH] Use of RSA_SSLV23_PADDING has been deprecated.
+
+Fixes #293.
+---
+ tests/test_rsa.py | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/tests/test_rsa.py b/tests/test_rsa.py
+index 3de5016..7299785 100644
+--- a/tests/test_rsa.py
++++ b/tests/test_rsa.py
+@@ -124,11 +124,6 @@ class RSATestCase(unittest.TestCase):
+ ptxt = priv.private_decrypt(ctxt, p)
+ self.assertEqual(ptxt, self.data)
+
+- # sslv23_padding
+- ctxt = priv.public_encrypt(self.data, RSA.sslv23_padding)
+- res = priv.private_decrypt(ctxt, RSA.sslv23_padding)
+- self.assertEqual(res, self.data)
+-
+ # no_padding
+ with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
+ priv.public_encrypt(self.data, RSA.no_padding)
+--
+2.31.1
+
diff --git a/dev-python/m2crypto/m2crypto-0.37.1-r1.ebuild b/dev-python/m2crypto/m2crypto-0.37.1-r1.ebuild
new file mode 100644
index 000000000000..c650101f6d32
--- /dev/null
+++ b/dev-python/m2crypto/m2crypto-0.37.1-r1.ebuild
@@ -0,0 +1,69 @@
+# Copyright 2018-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{7..9} )
+PYTHON_REQ_USE="threads(+)"
+
+inherit distutils-r1 toolchain-funcs
+
+MY_PN="M2Crypto"
+DESCRIPTION="A Python crypto and SSL toolkit"
+HOMEPAGE="https://gitlab.com/m2crypto/m2crypto https://pypi.org/project/M2Crypto/"
+SRC_URI="mirror://pypi/${MY_PN:0:1}/${MY_PN}/${MY_PN}-${PV}.tar.gz"
+S="${WORKDIR}/${MY_PN}-${PV}"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-macos"
+IUSE="libressl test"
+RESTRICT="!test? ( test )"
+
+BDEPEND="
+ >=dev-lang/swig-2.0.9
+ test? ( dev-python/parameterized[${PYTHON_USEDEP}] )
+"
+RDEPEND="
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:0= )
+"
+DEPEND="${RDEPEND}"
+
+PATCHES=(
+ "${FILESDIR}/${P}-openssl-fixes.patch"
+)
+
+swig_define() {
+ local x
+ for x; do
+ if tc-cpp-is-true "defined(${x})"; then
+ SWIG_FEATURES+=" -D${x}"
+ fi
+ done
+}
+
+src_prepare() {
+ # TODO
+ sed -e 's:test_server_simple_timeouts:_&:' \
+ -i tests/test_ssl.py || die
+ distutils-r1_src_prepare
+}
+
+python_compile() {
+ # setup.py looks at platform.machine() to determine swig options.
+ # For exotic ABIs, we need to give swig a hint.
+ local -x SWIG_FEATURES=
+
+ # https://bugs.gentoo.org/617946
+ swig_define __ILP32__
+
+ # https://bugs.gentoo.org/674112
+ swig_define __ARM_PCS_VFP
+
+ distutils-r1_python_compile --openssl="${ESYSROOT}"/usr
+}
+
+python_test() {
+ esetup.py test
+}