From bc82ed8c77227b67d20d84d0a05cffb8be68f26d Mon Sep 17 00:00:00 2001
From: Matthew Thode <prometheanfire@gentoo.org>
Date: Wed, 1 Aug 2018 12:40:20 -0500
Subject: dev-python/cryptography: 2.2.2-r1 for CVE-2018-10903 with cleanup

Fast stable as well

Bug: https://bugs.gentoo.org/662564
Package-Manager: Portage-2.3.43, Repoman-2.3.10
---
 .../cryptography-vectors-1.7.1.ebuild              | 25 -------
 .../cryptography-vectors-2.0.2.ebuild              | 25 -------
 .../cryptography-vectors-2.1.4.ebuild              | 25 -------
 .../cryptography-vectors-2.2.2.ebuild              |  2 +-
 .../cryptography-vectors-2.3.ebuild                |  2 +-
 dev-python/cryptography/Manifest                   |  3 -
 .../cryptography/cryptography-1.7.1-r1.ebuild      | 52 ---------------
 dev-python/cryptography/cryptography-1.7.1.ebuild  | 50 --------------
 .../cryptography/cryptography-2.0.2-r1.ebuild      | 51 ---------------
 .../cryptography/cryptography-2.1.4-r1.ebuild      | 68 -------------------
 .../cryptography/cryptography-2.1.4-r2.ebuild      | 68 -------------------
 dev-python/cryptography/cryptography-2.1.4.ebuild  | 63 ------------------
 .../cryptography/cryptography-2.2.2-r1.ebuild      | 69 ++++++++++++++++++++
 dev-python/cryptography/cryptography-2.2.2.ebuild  | 68 -------------------
 dev-python/cryptography/files/CVE-2018-10903.patch | 76 ++++++++++++++++++++++
 15 files changed, 147 insertions(+), 500 deletions(-)
 delete mode 100644 dev-python/cryptography-vectors/cryptography-vectors-1.7.1.ebuild
 delete mode 100644 dev-python/cryptography-vectors/cryptography-vectors-2.0.2.ebuild
 delete mode 100644 dev-python/cryptography-vectors/cryptography-vectors-2.1.4.ebuild
 delete mode 100644 dev-python/cryptography/cryptography-1.7.1-r1.ebuild
 delete mode 100644 dev-python/cryptography/cryptography-1.7.1.ebuild
 delete mode 100644 dev-python/cryptography/cryptography-2.0.2-r1.ebuild
 delete mode 100644 dev-python/cryptography/cryptography-2.1.4-r1.ebuild
 delete mode 100644 dev-python/cryptography/cryptography-2.1.4-r2.ebuild
 delete mode 100644 dev-python/cryptography/cryptography-2.1.4.ebuild
 create mode 100644 dev-python/cryptography/cryptography-2.2.2-r1.ebuild
 delete mode 100644 dev-python/cryptography/cryptography-2.2.2.ebuild
 create mode 100644 dev-python/cryptography/files/CVE-2018-10903.patch

diff --git a/dev-python/cryptography-vectors/cryptography-vectors-1.7.1.ebuild b/dev-python/cryptography-vectors/cryptography-vectors-1.7.1.ebuild
deleted file mode 100644
index d116dec7d496..000000000000
--- a/dev-python/cryptography-vectors/cryptography-vectors-1.7.1.ebuild
+++ /dev/null
@@ -1,25 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy pypy3 )
-
-inherit distutils-r1
-
-MY_PN=${PN/-/_}
-MY_P=${MY_PN}-${PV}
-
-DESCRIPTION="Test vectors for the cryptography package"
-HOMEPAGE="https://pypi.org/project/cryptography-vectors/"
-SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${MY_P}.tar.gz"
-
-LICENSE="|| ( Apache-2.0 BSD )"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd"
-IUSE=""
-
-DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]"
-RDEPEND=""
-
-S=${WORKDIR}/${MY_P}
diff --git a/dev-python/cryptography-vectors/cryptography-vectors-2.0.2.ebuild b/dev-python/cryptography-vectors/cryptography-vectors-2.0.2.ebuild
deleted file mode 100644
index 522a34ffd311..000000000000
--- a/dev-python/cryptography-vectors/cryptography-vectors-2.0.2.ebuild
+++ /dev/null
@@ -1,25 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy pypy3 )
-
-inherit distutils-r1
-
-MY_PN=${PN/-/_}
-MY_P=${MY_PN}-${PV}
-
-DESCRIPTION="Test vectors for the cryptography package"
-HOMEPAGE="https://pypi.org/project/cryptography-vectors/"
-SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${MY_P}.tar.gz"
-
-LICENSE="|| ( Apache-2.0 BSD )"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~x86-fbsd"
-IUSE=""
-
-DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]"
-RDEPEND=""
-
-S=${WORKDIR}/${MY_P}
diff --git a/dev-python/cryptography-vectors/cryptography-vectors-2.1.4.ebuild b/dev-python/cryptography-vectors/cryptography-vectors-2.1.4.ebuild
deleted file mode 100644
index 4c323e7d6ba5..000000000000
--- a/dev-python/cryptography-vectors/cryptography-vectors-2.1.4.ebuild
+++ /dev/null
@@ -1,25 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-PYTHON_COMPAT=( python2_7 python3_{4,5,6,7} pypy pypy3 )
-
-inherit distutils-r1
-
-MY_PN=${PN/-/_}
-MY_P=${MY_PN}-${PV}
-
-DESCRIPTION="Test vectors for the cryptography package"
-HOMEPAGE="https://pypi.org/project/cryptography-vectors/"
-SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${MY_P}.tar.gz"
-
-LICENSE="|| ( Apache-2.0 BSD )"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~amd64-linux ~x86-linux ~x86-fbsd"
-IUSE=""
-
-DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]"
-RDEPEND=""
-
-S=${WORKDIR}/${MY_P}
diff --git a/dev-python/cryptography-vectors/cryptography-vectors-2.2.2.ebuild b/dev-python/cryptography-vectors/cryptography-vectors-2.2.2.ebuild
index 6c1b08319c74..257fe8aef645 100644
--- a/dev-python/cryptography-vectors/cryptography-vectors-2.2.2.ebuild
+++ b/dev-python/cryptography-vectors/cryptography-vectors-2.2.2.ebuild
@@ -16,7 +16,7 @@ SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${MY_P}.tar.gz"
 
 LICENSE="|| ( Apache-2.0 BSD )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~amd64-linux ~ppc-macos ~x86-linux ~x64-macos ~x64-solaris"
 IUSE=""
 
 DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]"
diff --git a/dev-python/cryptography-vectors/cryptography-vectors-2.3.ebuild b/dev-python/cryptography-vectors/cryptography-vectors-2.3.ebuild
index 6c1b08319c74..dcefb0e150ea 100644
--- a/dev-python/cryptography-vectors/cryptography-vectors-2.3.ebuild
+++ b/dev-python/cryptography-vectors/cryptography-vectors-2.3.ebuild
@@ -16,7 +16,7 @@ SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${MY_P}.tar.gz"
 
 LICENSE="|| ( Apache-2.0 BSD )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~ppc-macos ~x86-linux ~x64-macos ~x64-solaris"
 IUSE=""
 
 DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]"
diff --git a/dev-python/cryptography/Manifest b/dev-python/cryptography/Manifest
index 179000c042e6..1a1794af18cd 100644
--- a/dev-python/cryptography/Manifest
+++ b/dev-python/cryptography/Manifest
@@ -1,5 +1,2 @@
-DIST cryptography-1.7.1.tar.gz 420673 BLAKE2B 8c0257187f29173bae610f191f6ae3251e5dd2cfcbe639020d1ea8f94a09bfe4281c9f6b2c85aefc1989c5832eab4db40c226a8a2e12c4dcbf6241555dafa628 SHA512 fb88b0ee9e314526fcdbb6d35da409b7335c7408a69d2350c58379471d2b9d76021010955629cf776d26312f22d4f8aa3f135955a19dfbff9d602176c9bbfd40
-DIST cryptography-2.0.2.tar.gz 427303 BLAKE2B 53f891c02aa4b82b13a66a4c74bd6db9e8dcdb57bd0bba76648e0c1be710ce1d94c8425ead6d81b240b39c034125ce320757d4b43c56bc7410af11f171cf9a21 SHA512 a71219ff52006a7c8bf1553d0f132c747566c630281ef89aac40c65b193b1f0074fc9cda1de7057c76b452113dfb6188c83baef3ed9c05ff18adbc8b7bba646b
-DIST cryptography-2.1.4.tar.gz 441557 BLAKE2B 66aa07930ee54469328977e27096e65b7a333b38b71828c71cb7891b489ef7af60f5e5590f67b43d5e63dc2279d9ca1ba036879f3145264f7639d65000958b50 SHA512 f749cb4384badc174a842514e5a4fee2ed01ab9c716799d8d9d5301f6d2d97b6c41deb9e425f48928b639fa34bef8c05529ed7e5b777ef5ca75c244f8fda8fd4
 DIST cryptography-2.2.2.tar.gz 443822 BLAKE2B d0fbaad78d172f1ba1bfa6edd64d2d5a0eac0853a564fdbb9830dfedc5c53fe1b28d8c1878be85ce38b8cd90a0c2e40e6a209158693a88a7053a80f0481e6302 SHA512 6c1b19cdb870d65abad42523697e9a0bebc7a0025b34f10c4bdd30c313333efd7c41bcb4237a29b3a1b270e3fbade75ccb35df172b055b7c075d619f4d9424c9
 DIST cryptography-2.3.tar.gz 449464 BLAKE2B 7485c745f9c6512a5efce42181970deff19bd4420e91230d84b070cd77450a6805c56a2e37cda73b45c90ed969c8fdbb866a7cc9e53a6828a1ca6e45befd9de8 SHA512 75e14020da500fdbbd578f004b22ef3237844185329adf59288b29f1b3ee9dd2005a2c4a933fe8609a59d168012a9f687bab0f31ab39ed6ca325198aa9295e52
diff --git a/dev-python/cryptography/cryptography-1.7.1-r1.ebuild b/dev-python/cryptography/cryptography-1.7.1-r1.ebuild
deleted file mode 100644
index 11cff7b6191c..000000000000
--- a/dev-python/cryptography/cryptography-1.7.1-r1.ebuild
+++ /dev/null
@@ -1,52 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy{,3} )
-PYTHON_REQ_USE="threads(+)"
-
-inherit distutils-r1
-
-DESCRIPTION="Library providing cryptographic recipes and primitives"
-HOMEPAGE="https://github.com/pyca/cryptography/ https://pypi.org/project/cryptography/"
-SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
-
-LICENSE="|| ( Apache-2.0 BSD )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux"
-IUSE="libressl test"
-
-RDEPEND="
-	!libressl? ( dev-libs/openssl:0= )
-	libressl? ( dev-libs/libressl:0= )
-	$(python_gen_cond_dep '>=dev-python/cffi-1.4.1:=[${PYTHON_USEDEP}]' 'python*')
-	$(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 python3_3 pypy{,3})
-	>=dev-python/idna-2.0[${PYTHON_USEDEP}]
-	>=dev-python/pyasn1-0.1.8[${PYTHON_USEDEP}]
-	dev-python/setuptools[${PYTHON_USEDEP}]
-	>=dev-python/six-1.4.1[${PYTHON_USEDEP}]
-	$(python_gen_cond_dep '>=virtual/pypy-2.6.0' pypy )
-	virtual/python-ipaddress[${PYTHON_USEDEP}]
-	"
-DEPEND="${RDEPEND}
-	>=dev-python/setuptools-1.0[${PYTHON_USEDEP}]
-	test? (
-		~dev-python/cryptography-vectors-${PV}[${PYTHON_USEDEP}]
-		dev-python/hypothesis[${PYTHON_USEDEP}]
-		dev-python/iso8601[${PYTHON_USEDEP}]
-		dev-python/pretend[${PYTHON_USEDEP}]
-		dev-python/pyasn1-modules[${PYTHON_USEDEP}]
-		>=dev-python/pytest-2.9.0[${PYTHON_USEDEP}]
-		dev-python/pytz[${PYTHON_USEDEP}]
-	)"
-
-DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst )
-
-PATCHES=( "${FILESDIR}"/${P}-libressl251.patch )
-
-python_test() {
-	distutils_install_for_testing
-
-	py.test -v -v -x || die "Tests fail with ${EPYTHON}"
-}
diff --git a/dev-python/cryptography/cryptography-1.7.1.ebuild b/dev-python/cryptography/cryptography-1.7.1.ebuild
deleted file mode 100644
index 2646ca4511b3..000000000000
--- a/dev-python/cryptography/cryptography-1.7.1.ebuild
+++ /dev/null
@@ -1,50 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy{,3} )
-PYTHON_REQ_USE="threads(+)"
-
-inherit distutils-r1
-
-DESCRIPTION="Library providing cryptographic recipes and primitives"
-HOMEPAGE="https://github.com/pyca/cryptography/ https://pypi.org/project/cryptography/"
-SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
-
-LICENSE="|| ( Apache-2.0 BSD )"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-linux ~x86-linux"
-IUSE="libressl test"
-
-RDEPEND="
-	!libressl? ( dev-libs/openssl:0= )
-	libressl? ( dev-libs/libressl )
-	$(python_gen_cond_dep '>=dev-python/cffi-1.4.1:=[${PYTHON_USEDEP}]' 'python*')
-	$(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 python3_3 pypy{,3})
-	>=dev-python/idna-2.0[${PYTHON_USEDEP}]
-	>=dev-python/pyasn1-0.1.8[${PYTHON_USEDEP}]
-	dev-python/setuptools[${PYTHON_USEDEP}]
-	>=dev-python/six-1.4.1[${PYTHON_USEDEP}]
-	$(python_gen_cond_dep '>=virtual/pypy-2.6.0' pypy )
-	virtual/python-ipaddress[${PYTHON_USEDEP}]
-	"
-DEPEND="${RDEPEND}
-	>=dev-python/setuptools-1.0[${PYTHON_USEDEP}]
-	test? (
-		~dev-python/cryptography-vectors-${PV}[${PYTHON_USEDEP}]
-		dev-python/hypothesis[${PYTHON_USEDEP}]
-		dev-python/iso8601[${PYTHON_USEDEP}]
-		dev-python/pretend[${PYTHON_USEDEP}]
-		dev-python/pyasn1-modules[${PYTHON_USEDEP}]
-		>=dev-python/pytest-2.9.0[${PYTHON_USEDEP}]
-		dev-python/pytz[${PYTHON_USEDEP}]
-	)"
-
-DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst )
-
-python_test() {
-	distutils_install_for_testing
-
-	py.test -v -v -x || die "Tests fail with ${EPYTHON}"
-}
diff --git a/dev-python/cryptography/cryptography-2.0.2-r1.ebuild b/dev-python/cryptography/cryptography-2.0.2-r1.ebuild
deleted file mode 100644
index c69917dc3a69..000000000000
--- a/dev-python/cryptography/cryptography-2.0.2-r1.ebuild
+++ /dev/null
@@ -1,51 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy{,3} )
-PYTHON_REQ_USE="threads(+)"
-
-inherit distutils-r1 flag-o-matic
-
-DESCRIPTION="Library providing cryptographic recipes and primitives"
-HOMEPAGE="https://github.com/pyca/cryptography/ https://pypi.org/project/cryptography/"
-SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
-
-LICENSE="|| ( Apache-2.0 BSD )"
-SLOT="0"
-KEYWORDS="amd64 arm arm64 hppa ia64 ~mips ppc ppc64 x86"
-IUSE="libressl test"
-
-RDEPEND="
-	!libressl? ( >=dev-libs/openssl-1.0.2:0=[-bindist(-)] )
-	libressl? ( dev-libs/libressl:0= )
-	$(python_gen_cond_dep '>=dev-python/cffi-1.7:=[${PYTHON_USEDEP}]' 'python*')
-	$(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 pypy{,3})
-	>=dev-python/idna-2.1[${PYTHON_USEDEP}]
-	>=dev-python/asn1crypto-0.21.0[${PYTHON_USEDEP}]
-	dev-python/setuptools[${PYTHON_USEDEP}]
-	>=dev-python/six-1.4.1[${PYTHON_USEDEP}]
-	virtual/python-ipaddress[${PYTHON_USEDEP}]
-	"
-DEPEND="${RDEPEND}
-	>=dev-python/setuptools-1.0[${PYTHON_USEDEP}]
-	test? (
-		~dev-python/cryptography-vectors-${PV}[${PYTHON_USEDEP}]
-		dev-python/hypothesis[${PYTHON_USEDEP}]
-		dev-python/iso8601[${PYTHON_USEDEP}]
-		dev-python/pretend[${PYTHON_USEDEP}]
-		dev-python/pyasn1-modules[${PYTHON_USEDEP}]
-		>=dev-python/pytest-2.9.0[${PYTHON_USEDEP}]
-		dev-python/pytz[${PYTHON_USEDEP}]
-	)"
-
-DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst )
-
-python_configure_all() {
-	append-cflags $(test-flags-CC -pthread)
-}
-
-python_test() {
-	py.test -v -v -x || die "Tests fail with ${EPYTHON}"
-}
diff --git a/dev-python/cryptography/cryptography-2.1.4-r1.ebuild b/dev-python/cryptography/cryptography-2.1.4-r1.ebuild
deleted file mode 100644
index 00035b90760b..000000000000
--- a/dev-python/cryptography/cryptography-2.1.4-r1.ebuild
+++ /dev/null
@@ -1,68 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy{,3} )
-PYTHON_REQ_USE="threads(+)"
-
-inherit distutils-r1 flag-o-matic
-
-DESCRIPTION="Library providing cryptographic recipes and primitives"
-HOMEPAGE="https://github.com/pyca/cryptography/ https://pypi.org/project/cryptography/"
-SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
-
-LICENSE="|| ( Apache-2.0 BSD )"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~amd64-linux ~x86-linux ~x64-macos ~x64-solaris"
-IUSE="libressl test"
-
-# the openssl 1.0.2l-r1 needs to be updated again :(
-# It'd theb be able to go into the || section again
-#=dev-libs/openssl-1.0.2l-r1:0
-# the following is the original section, disallowing bindist entirely
-#!libressl? ( >=dev-libs/openssl-1.0.2:0=[-bindist(-)] )
-RDEPEND="
-	!libressl? (
-		dev-libs/openssl:0= (
-			|| (
-				dev-libs/openssl:0[-bindist(-)]
-				>=dev-libs/openssl-1.1.0g-r1:0
-			)
-		)
-	)
-	libressl? ( dev-libs/libressl:0= )
-	$(python_gen_cond_dep '>=dev-python/cffi-1.7:=[${PYTHON_USEDEP}]' 'python*')
-	$(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 pypy{,3})
-	>=dev-python/idna-2.1[${PYTHON_USEDEP}]
-	>=dev-python/asn1crypto-0.21.0[${PYTHON_USEDEP}]
-	dev-python/setuptools[${PYTHON_USEDEP}]
-	>=dev-python/six-1.4.1[${PYTHON_USEDEP}]
-	virtual/python-ipaddress[${PYTHON_USEDEP}]
-	"
-DEPEND="${RDEPEND}
-	>=dev-python/setuptools-1.0[${PYTHON_USEDEP}]
-	test? (
-		~dev-python/cryptography-vectors-${PV}[${PYTHON_USEDEP}]
-		dev-python/hypothesis[${PYTHON_USEDEP}]
-		dev-python/iso8601[${PYTHON_USEDEP}]
-		dev-python/pretend[${PYTHON_USEDEP}]
-		dev-python/pyasn1-modules[${PYTHON_USEDEP}]
-		>=dev-python/pytest-2.9.0[${PYTHON_USEDEP}]
-		dev-python/pytz[${PYTHON_USEDEP}]
-	)"
-
-DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst )
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-2.1.4-libressl-2.7-x509.patch
-	"${FILESDIR}"/${PN}-2.1.4-libressl-2.7-x509_vfy.patch
-)
-
-python_configure_all() {
-	append-cflags $(test-flags-CC -pthread)
-}
-
-python_test() {
-	py.test -v -v -x || die "Tests fail with ${EPYTHON}"
-}
diff --git a/dev-python/cryptography/cryptography-2.1.4-r2.ebuild b/dev-python/cryptography/cryptography-2.1.4-r2.ebuild
deleted file mode 100644
index adaade43c533..000000000000
--- a/dev-python/cryptography/cryptography-2.1.4-r2.ebuild
+++ /dev/null
@@ -1,68 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-PYTHON_COMPAT=( python2_7 python3_{4,5,6,7} pypy{,3} )
-PYTHON_REQ_USE="threads(+)"
-
-inherit distutils-r1 flag-o-matic
-
-DESCRIPTION="Library providing cryptographic recipes and primitives"
-HOMEPAGE="https://github.com/pyca/cryptography/ https://pypi.org/project/cryptography/"
-SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
-
-LICENSE="|| ( Apache-2.0 BSD )"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
-IUSE="libressl test"
-
-# the openssl 1.0.2l-r1 needs to be updated again :(
-# It'd theb be able to go into the || section again
-#=dev-libs/openssl-1.0.2l-r1:0
-# the following is the original section, disallowing bindist entirely
-#!libressl? ( >=dev-libs/openssl-1.0.2:0=[-bindist(-)] )
-RDEPEND="
-	!libressl? (
-		dev-libs/openssl:0= (
-			|| (
-				dev-libs/openssl:0[-bindist(-)]
-				>=dev-libs/openssl-1.0.2o-r2:0
-			)
-		)
-	)
-	libressl? ( dev-libs/libressl:0= )
-	$(python_gen_cond_dep '>=dev-python/cffi-1.7:=[${PYTHON_USEDEP}]' 'python*')
-	$(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 pypy{,3})
-	>=dev-python/idna-2.1[${PYTHON_USEDEP}]
-	>=dev-python/asn1crypto-0.21.0[${PYTHON_USEDEP}]
-	dev-python/setuptools[${PYTHON_USEDEP}]
-	>=dev-python/six-1.4.1[${PYTHON_USEDEP}]
-	virtual/python-ipaddress[${PYTHON_USEDEP}]
-	"
-DEPEND="${RDEPEND}
-	>=dev-python/setuptools-1.0[${PYTHON_USEDEP}]
-	test? (
-		~dev-python/cryptography-vectors-${PV}[${PYTHON_USEDEP}]
-		dev-python/hypothesis[${PYTHON_USEDEP}]
-		dev-python/iso8601[${PYTHON_USEDEP}]
-		dev-python/pretend[${PYTHON_USEDEP}]
-		dev-python/pyasn1-modules[${PYTHON_USEDEP}]
-		>=dev-python/pytest-2.9.0[${PYTHON_USEDEP}]
-		dev-python/pytz[${PYTHON_USEDEP}]
-	)"
-
-DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst )
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-2.1.4-libressl-2.7-x509.patch
-	"${FILESDIR}"/${PN}-2.1.4-libressl-2.7-x509_vfy.patch
-)
-
-python_configure_all() {
-	append-cflags $(test-flags-CC -pthread)
-}
-
-python_test() {
-	py.test -v -v -x || die "Tests fail with ${EPYTHON}"
-}
diff --git a/dev-python/cryptography/cryptography-2.1.4.ebuild b/dev-python/cryptography/cryptography-2.1.4.ebuild
deleted file mode 100644
index f5fc4dd530db..000000000000
--- a/dev-python/cryptography/cryptography-2.1.4.ebuild
+++ /dev/null
@@ -1,63 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy{,3} )
-PYTHON_REQ_USE="threads(+)"
-
-inherit distutils-r1 flag-o-matic
-
-DESCRIPTION="Library providing cryptographic recipes and primitives"
-HOMEPAGE="https://github.com/pyca/cryptography/ https://pypi.org/project/cryptography/"
-SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
-
-LICENSE="|| ( Apache-2.0 BSD )"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~amd64-linux ~x86-linux ~x64-macos ~x64-solaris"
-IUSE="libressl test"
-
-# the openssl 1.0.2l-r1 needs to be updated again :(
-# It'd theb be able to go into the || section again
-#=dev-libs/openssl-1.0.2l-r1:0
-# the following is the original section, disallowing bindist entirely
-#!libressl? ( >=dev-libs/openssl-1.0.2:0=[-bindist(-)] )
-RDEPEND="
-	!libressl? (
-		dev-libs/openssl:0= (
-			|| (
-				dev-libs/openssl:0[-bindist(-)]
-				>=dev-libs/openssl-1.1.0g-r1:0
-			)
-		)
-	)
-	libressl? ( dev-libs/libressl )
-	$(python_gen_cond_dep '>=dev-python/cffi-1.7:=[${PYTHON_USEDEP}]' 'python*')
-	$(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 pypy{,3})
-	>=dev-python/idna-2.1[${PYTHON_USEDEP}]
-	>=dev-python/asn1crypto-0.21.0[${PYTHON_USEDEP}]
-	dev-python/setuptools[${PYTHON_USEDEP}]
-	>=dev-python/six-1.4.1[${PYTHON_USEDEP}]
-	virtual/python-ipaddress[${PYTHON_USEDEP}]
-	"
-DEPEND="${RDEPEND}
-	>=dev-python/setuptools-1.0[${PYTHON_USEDEP}]
-	test? (
-		~dev-python/cryptography-vectors-${PV}[${PYTHON_USEDEP}]
-		dev-python/hypothesis[${PYTHON_USEDEP}]
-		dev-python/iso8601[${PYTHON_USEDEP}]
-		dev-python/pretend[${PYTHON_USEDEP}]
-		dev-python/pyasn1-modules[${PYTHON_USEDEP}]
-		>=dev-python/pytest-2.9.0[${PYTHON_USEDEP}]
-		dev-python/pytz[${PYTHON_USEDEP}]
-	)"
-
-DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst )
-
-python_configure_all() {
-	append-cflags $(test-flags-CC -pthread)
-}
-
-python_test() {
-	py.test -v -v -x || die "Tests fail with ${EPYTHON}"
-}
diff --git a/dev-python/cryptography/cryptography-2.2.2-r1.ebuild b/dev-python/cryptography/cryptography-2.2.2-r1.ebuild
new file mode 100644
index 000000000000..ffaf2cd166a9
--- /dev/null
+++ b/dev-python/cryptography/cryptography-2.2.2-r1.ebuild
@@ -0,0 +1,69 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+PYTHON_COMPAT=( python2_7 python3_{4,5,6,7} pypy{,3} )
+PYTHON_REQ_USE="threads(+)"
+
+inherit distutils-r1 flag-o-matic
+
+DESCRIPTION="Library providing cryptographic recipes and primitives"
+HOMEPAGE="https://github.com/pyca/cryptography/ https://pypi.org/project/cryptography/"
+SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
+
+LICENSE="|| ( Apache-2.0 BSD )"
+SLOT="0"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~amd64-linux ~ppc-macos ~x86-linux ~x64-macos ~x64-solaris"
+IUSE="libressl test"
+
+# the openssl 1.0.2l-r1 needs to be updated again :(
+# It'd theb be able to go into the || section again
+#=dev-libs/openssl-1.0.2l-r1:0
+# the following is the original section, disallowing bindist entirely
+#!libressl? ( >=dev-libs/openssl-1.0.2:0=[-bindist(-)] )
+RDEPEND="
+	!libressl? (
+		dev-libs/openssl:0= (
+			|| (
+				dev-libs/openssl:0[-bindist(-)]
+				>=dev-libs/openssl-1.0.2o-r2:0
+			)
+		)
+	)
+	libressl? ( dev-libs/libressl:0= )
+	$(python_gen_cond_dep '>=dev-python/cffi-1.7:=[${PYTHON_USEDEP}]' 'python*')
+	$(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 pypy{,3})
+	>=dev-python/idna-2.1[${PYTHON_USEDEP}]
+	>=dev-python/asn1crypto-0.21.0[${PYTHON_USEDEP}]
+	dev-python/setuptools[${PYTHON_USEDEP}]
+	>=dev-python/six-1.4.1[${PYTHON_USEDEP}]
+	virtual/python-ipaddress[${PYTHON_USEDEP}]
+	"
+DEPEND="${RDEPEND}
+	>=dev-python/setuptools-1.0[${PYTHON_USEDEP}]
+	test? (
+		~dev-python/cryptography-vectors-${PV}[${PYTHON_USEDEP}]
+		dev-python/hypothesis[${PYTHON_USEDEP}]
+		dev-python/iso8601[${PYTHON_USEDEP}]
+		dev-python/pretend[${PYTHON_USEDEP}]
+		dev-python/pyasn1-modules[${PYTHON_USEDEP}]
+		>=dev-python/pytest-2.9.0[${PYTHON_USEDEP}]
+		dev-python/pytz[${PYTHON_USEDEP}]
+	)"
+
+DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst )
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.1.4-libressl-2.7-x509.patch
+	"${FILESDIR}"/${PN}-2.1.4-libressl-2.7-x509_vfy.patch
+	"${FILESDIR}"/CVE-2018-10903.patch
+)
+
+python_configure_all() {
+	append-cflags $(test-flags-CC -pthread)
+}
+
+python_test() {
+	py.test -v -v -x || die "Tests fail with ${EPYTHON}"
+}
diff --git a/dev-python/cryptography/cryptography-2.2.2.ebuild b/dev-python/cryptography/cryptography-2.2.2.ebuild
deleted file mode 100644
index 016846fe9cb4..000000000000
--- a/dev-python/cryptography/cryptography-2.2.2.ebuild
+++ /dev/null
@@ -1,68 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-PYTHON_COMPAT=( python2_7 python3_{4,5,6,7} pypy{,3} )
-PYTHON_REQ_USE="threads(+)"
-
-inherit distutils-r1 flag-o-matic
-
-DESCRIPTION="Library providing cryptographic recipes and primitives"
-HOMEPAGE="https://github.com/pyca/cryptography/ https://pypi.org/project/cryptography/"
-SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
-
-LICENSE="|| ( Apache-2.0 BSD )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
-IUSE="libressl test"
-
-# the openssl 1.0.2l-r1 needs to be updated again :(
-# It'd theb be able to go into the || section again
-#=dev-libs/openssl-1.0.2l-r1:0
-# the following is the original section, disallowing bindist entirely
-#!libressl? ( >=dev-libs/openssl-1.0.2:0=[-bindist(-)] )
-RDEPEND="
-	!libressl? (
-		dev-libs/openssl:0= (
-			|| (
-				dev-libs/openssl:0[-bindist(-)]
-				>=dev-libs/openssl-1.0.2o-r2:0
-			)
-		)
-	)
-	libressl? ( dev-libs/libressl:0= )
-	$(python_gen_cond_dep '>=dev-python/cffi-1.7:=[${PYTHON_USEDEP}]' 'python*')
-	$(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 pypy{,3})
-	>=dev-python/idna-2.1[${PYTHON_USEDEP}]
-	>=dev-python/asn1crypto-0.21.0[${PYTHON_USEDEP}]
-	dev-python/setuptools[${PYTHON_USEDEP}]
-	>=dev-python/six-1.4.1[${PYTHON_USEDEP}]
-	virtual/python-ipaddress[${PYTHON_USEDEP}]
-	"
-DEPEND="${RDEPEND}
-	>=dev-python/setuptools-1.0[${PYTHON_USEDEP}]
-	test? (
-		~dev-python/cryptography-vectors-${PV}[${PYTHON_USEDEP}]
-		dev-python/hypothesis[${PYTHON_USEDEP}]
-		dev-python/iso8601[${PYTHON_USEDEP}]
-		dev-python/pretend[${PYTHON_USEDEP}]
-		dev-python/pyasn1-modules[${PYTHON_USEDEP}]
-		>=dev-python/pytest-2.9.0[${PYTHON_USEDEP}]
-		dev-python/pytz[${PYTHON_USEDEP}]
-	)"
-
-DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst )
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-2.1.4-libressl-2.7-x509.patch
-	"${FILESDIR}"/${PN}-2.1.4-libressl-2.7-x509_vfy.patch
-)
-
-python_configure_all() {
-	append-cflags $(test-flags-CC -pthread)
-}
-
-python_test() {
-	py.test -v -v -x || die "Tests fail with ${EPYTHON}"
-}
diff --git a/dev-python/cryptography/files/CVE-2018-10903.patch b/dev-python/cryptography/files/CVE-2018-10903.patch
new file mode 100644
index 000000000000..1133405fb93d
--- /dev/null
+++ b/dev-python/cryptography/files/CVE-2018-10903.patch
@@ -0,0 +1,76 @@
+From 688e0f673bfbf43fa898994326c6877f00ab19ef Mon Sep 17 00:00:00 2001
+From: Paul Kehrer <paul.l.kehrer@gmail.com>
+Date: Tue, 17 Jul 2018 10:47:57 +0800
+Subject: [PATCH] disallow implicit tag truncation with finalize_with_tag
+
+---
+ docs/hazmat/primitives/symmetric-encryption.rst     |  1 +
+ src/cryptography/hazmat/backends/openssl/ciphers.py |  5 +++++
+ src/cryptography/hazmat/primitives/ciphers/modes.py |  1 +
+ tests/hazmat/primitives/test_aes.py                 | 16 ++++++++++++++++
+ 5 files changed, 28 insertions(+)
+
+diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
+index 5ebcca754..5b6000902 100644
+--- a/docs/hazmat/primitives/symmetric-encryption.rst
++++ b/docs/hazmat/primitives/symmetric-encryption.rst
+@@ -670,6 +670,7 @@ Interfaces
+         :raises ValueError: This is raised when the data provided isn't
+             a multiple of the algorithm's block size, if ``min_tag_length`` is
+             less than 4, or if ``len(tag) < min_tag_length``.
++            ``min_tag_length`` is an argument to the ``GCM`` constructor.
+         :raises NotImplementedError: This is raised if the version of the
+             OpenSSL backend used is 1.0.1 or earlier.
+ 
+diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py
+index 462ffea25..e0ee06ee2 100644
+--- a/src/cryptography/hazmat/backends/openssl/ciphers.py
++++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
+@@ -199,6 +199,11 @@ def finalize_with_tag(self, tag):
+                 "finalize_with_tag requires OpenSSL >= 1.0.2. To use this "
+                 "method please update OpenSSL"
+             )
++        if len(tag) < self._mode._min_tag_length:
++            raise ValueError(
++                "Authentication tag must be {0} bytes or longer.".format(
++                    self._mode._min_tag_length)
++            )
+         res = self._backend._lib.EVP_CIPHER_CTX_ctrl(
+             self._ctx, self._backend._lib.EVP_CTRL_AEAD_SET_TAG,
+             len(tag), tag
+diff --git a/src/cryptography/hazmat/primitives/ciphers/modes.py b/src/cryptography/hazmat/primitives/ciphers/modes.py
+index 598dfaa4a..543015fef 100644
+--- a/src/cryptography/hazmat/primitives/ciphers/modes.py
++++ b/src/cryptography/hazmat/primitives/ciphers/modes.py
+@@ -220,6 +220,7 @@ def __init__(self, initialization_vector, tag=None, min_tag_length=16):
+                         min_tag_length)
+                 )
+         self._tag = tag
++        self._min_tag_length = min_tag_length
+ 
+     tag = utils.read_only_property("_tag")
+     initialization_vector = utils.read_only_property("_initialization_vector")
+diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py
+index d6f83ebc2..4ceccf155 100644
+--- a/tests/hazmat/primitives/test_aes.py
++++ b/tests/hazmat/primitives/test_aes.py
+@@ -439,3 +439,19 @@ def test_gcm_tag_decrypt_finalize(self, backend):
+             decryptor.finalize()
+         else:
+             decryptor.finalize_with_tag(tag)
++
++    @pytest.mark.supported(
++        only_if=lambda backend: (
++            not backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 or
++            backend._lib.CRYPTOGRAPHY_IS_LIBRESSL
++        ),
++        skip_message="Not supported on OpenSSL 1.0.1",
++    )
++    def test_gcm_tag_decrypt_finalize_tag_length(self, backend):
++        decryptor = base.Cipher(
++            algorithms.AES(b"0" * 16),
++            modes.GCM(b"0" * 12),
++            backend=backend
++        ).decryptor()
++        with pytest.raises(ValueError):
++            decryptor.finalize_with_tag(b"tagtooshort")
-- 
cgit v1.2.3-65-gdbad