dev-python/m2crypto: Updated for 0.38.0

Fixes https://github.com/gentoo/libressl/issues/335

Uses OpenBSD patches.

https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/security/py-M2Crypto/patches/

Signed-off-by: orbea <orbea@riseup.net>
Signed-off-by: Quentin Retornaz <gentoo@retornaz.com>

3 files changed, 253 insertions, 1 deletions

diff --git a/dev-python/m2crypto/Manifest b/dev-python/m2crypto/Manifest
index 549be47..d57a141 100644
--- a/dev-python/m2crypto/Manifest
+++ b/dev-python/m2crypto/Manifest
@@ -1,3 +1,3 @@
-DIST M2Crypto-0.35.2.tar.gz 1117706 BLAKE2B efa15e023be7755b94c642bb23eade912edcbbb76bcdfed3414d27937cd705ec4c83069ca620fe20e58e126549ba7f98e84f6f8330b78133a8a8b953d18f467b SHA512 3608b29a8e7d0732a2359e35fcaae191447aa7c0211ca3d057eed6cee7f0819f5c1121e7d41caca8cdea3c7911f8c447ee475b1b3d125e8dc3adde2718a59f36
 DIST M2Crypto-0.36.0.tar.gz 1127584 BLAKE2B 5cdbbb11ff67d4ddffb2853a72383f3c7f1e1aa53ab84166aeda4fbea1b0d7f506761bb07bf8cb5b36f94bdbeb2ea2b46e0693da8355f81b4bf5c4c1c1cc18b1 SHA512 5b7d6d10c943ff0e09e0e9748d5578e7e0f7659a73de4ba49481152bca05871aef2bfbb869e1636a7cebcf2dd8b9f67fb0d299a833d1d4ebd538031c35d7bca1
 DIST M2Crypto-0.37.1.tar.gz 1247031 BLAKE2B 3628150b8da15d7356298b6e52e0d8fa7875921a184a0eba3a97eff0588c9e0fee340c92fd486919057d900d6e3b2b711174dde9761fe247848f92ac6434df0a SHA512 9a5e0220704b4897a9ca7efa4b3b57447b9175c52e8039a85bff7bb1a43b709c69f3c8b5903df461f8de39d3f8a20f9bf494df6f5882771846adfe2c03fbea9e
+DIST M2Crypto-0.38.0.tar.gz 1241269 BLAKE2B 95433090e08ff72cd2b0779491dc38b89eca159b26812e763b5b8973e3d27249a96d5a2c983b59f414184f64beb8e455dc26979310378db89dd2081741d4d17d SHA512 b1e24e3101ce0dd9f17be4cabeddc2ec0f1228b270d74ef2fb38bae8807c5025b031d0743185f06370786a3dd5c3f42129720534dcff07ea4de3c727613f8d20
diff --git a/dev-python/m2crypto/files/m2crypto-libressl-0.38.0.patch b/dev-python/m2crypto/files/m2crypto-libressl-0.38.0.patch
new file mode 100644
index 0000000..e3f67e3
--- /dev/null
+++ b/dev-python/m2crypto/files/m2crypto-libressl-0.38.0.patch
@@ -0,0 +1,185 @@
+$OpenBSD: patch-src_M2Crypto_BIO_py,v 1.1 2021/07/24 20:02:04 sthen Exp $
+
+Partially revert https://gitlab.com/m2crypto/m2crypto/commit/738cd0bf3dc2ee619f598290d5bf4c2190987f16:
+
+ * Fix BIO.File ... return type of BIO.readline() and close properly.
+   That is, flush BIO.File() before closing and close also underlying
+   system file.
+
+For Python 2 this results in:
+
+python2 -c "import M2Crypto; M2Crypto.BIO.openfile('/etc/ssl/cert.pem')"
+Traceback (most recent call last):
+  File "<string>", line 1, in <module>
+  File "/usr/local/lib/python2.7/site-packages/M2Crypto/BIO.py", line 284, in openfile
+    return File(f)
+  File "/usr/local/lib/python2.7/site-packages/M2Crypto/BIO.py", line 239, in __init__
+    pyfile.flush()
+IOError: [Errno 9] Bad file descriptor
+
+https://gitlab.com/m2crypto/m2crypto/issues/211
+
+Index: src/M2Crypto/BIO.py
+--- a/src/M2Crypto/BIO.py.orig
++++ b/src/M2Crypto/BIO.py
+@@ -235,8 +235,9 @@ class File(BIO):
+         #
+         #  https://docs.python.org/3.3/c-api/file.html
+         #
+-        pyfile.flush()
+-        self.fname = pyfile.name
++        if six.PY3:
++            pyfile.flush()
++            self.fname = pyfile.name
+         self.pyfile = pyfile
+         # Be wary of https://github.com/openssl/openssl/pull/1925
+         # BIO_new_fd is NEVER to be used before OpenSSL 1.1.1
+@@ -246,7 +247,8 @@ class File(BIO):
+             self.bio = m2.bio_new_pyfile(pyfile, m2.bio_noclose)
+ 
+         self.close_pyfile = close_pyfile
+-        self.closed = False
++        if six.PY3:
++            self.closed = False
+ 
+     def flush(self):
+         # type: () -> None
+@@ -255,8 +257,9 @@ class File(BIO):
+ 
+     def close(self):
+         # type: () -> None
+-        self.flush()
+-        super(File, self).close()
++        if six.PY3:
++            self.flush()
++            super(File, self).close()
+         if self.close_pyfile:
+             self.pyfile.close()
+ 
+$OpenBSD: patch-src_SWIG__lib11_compat_i,v 1.2 2021/10/07 22:32:54 tb Exp $
+
+Provide CRYPTO_zalloc to fix build with LibreSSL
+
+Index: src/SWIG/_lib11_compat.i
+--- a/src/SWIG/_lib11_compat.i.orig
++++ b/src/SWIG/_lib11_compat.i
+@@ -8,7 +8,7 @@
+  */
+ 
+ %{
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 
+ #include <string.h>
+ #include <openssl/engine.h>
+@@ -24,6 +24,8 @@ static void *CRYPTO_zalloc(size_t num, const char *fil
+       return ret;
+ }
+ 
++#endif
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ #include <openssl/bn.h>
+ 
+ #ifndef BN_F_BN_GENCB_NEW
+$OpenBSD: patch-src_SWIG__lib_i,v 1.2 2021/10/07 22:32:54 tb Exp $
+
+Fix build with LibreSSL
+
+Index: src/SWIG/_lib.i
+--- a/src/SWIG/_lib.i.orig
++++ b/src/SWIG/_lib.i
+@@ -21,7 +21,7 @@
+ 
+ %{
+ /* OpenSSL 1.0.2 copmatbility shim */
+-#if OPENSSL_VERSION_NUMBER < 0x10002000L
++#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
+ typedef void (*OPENSSL_sk_freefunc)(void *);
+ typedef void *(*OPENSSL_sk_copyfunc)(const void *);
+ typedef struct stack_st OPENSSL_STACK;
+$OpenBSD: patch-src_SWIG__threads_i,v 1.1 2021/07/24 20:02:04 sthen Exp $
+
+Fix build with LibreSSL
+
+Index: src/SWIG/_threads.i
+--- a/src/SWIG/_threads.i.orig
++++ b/src/SWIG/_threads.i
+@@ -5,7 +5,7 @@
+ #include <pythread.h>
+ #include <openssl/crypto.h>
+ 
+-#if defined(THREADING) && OPENSSL_VERSION_NUMBER < 0x10100000L
++#if defined(THREADING) && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define CRYPTO_num_locks()      (CRYPTO_NUM_LOCKS)
+ static PyThread_type_lock lock_cs[CRYPTO_num_locks()];
+ static long lock_count[CRYPTO_num_locks()];
+@@ -13,7 +13,7 @@ static int thread_mode = 0;
+ #endif
+ 
+ void threading_locking_callback(int mode, int type, const char *file, int line) {
+-#if defined(THREADING) && OPENSSL_VERSION_NUMBER < 0x10100000L
++#if defined(THREADING) && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+         if (mode & CRYPTO_LOCK) {
+                 PyThread_acquire_lock(lock_cs[type], WAIT_LOCK);
+                 lock_count[type]++;
+@@ -25,7 +25,7 @@ void threading_locking_callback(int mode, int type, co
+ }
+ 
+ unsigned long threading_id_callback(void) {
+-#if defined(THREADING) && OPENSSL_VERSION_NUMBER < 0x10100000L
++#if defined(THREADING) && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     return (unsigned long)PyThread_get_thread_ident();
+ #else
+     return (unsigned long)0;
+@@ -35,7 +35,7 @@ unsigned long threading_id_callback(void) {
+ 
+ %inline %{
+ void threading_init(void) {
+-#if defined(THREADING) && OPENSSL_VERSION_NUMBER < 0x10100000L
++#if defined(THREADING) && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     int i;
+     if (!thread_mode) {
+         for (i=0; i<CRYPTO_num_locks(); i++) {
+@@ -50,7 +50,7 @@ void threading_init(void) {
+ }
+ 
+ void threading_cleanup(void) {
+-#if defined(THREADING) && OPENSSL_VERSION_NUMBER < 0x10100000L
++#if defined(THREADING) && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     int i;
+     if (thread_mode) {
+         CRYPTO_set_locking_callback(NULL);
+$OpenBSD: patch-SWIG__bio_i,v 1.4 2018/04/25 16:51:05 jasper Exp $
+
+BIO_meth_new() and BIO_meth_free() are non-static in LibreSSL
+
+Index: SWIG/_bio.i
+--- a/src/SWIG/_bio.i.orig
++++ a/src/SWIG/_bio.i
+@@ -293,8 +293,12 @@ int bio_should_write(BIO* a) {
+ }
+ 
+ /* Macros for things not defined before 1.1.0 */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+-static BIO_METHOD *
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++
++#if !defined(LIBRESSL_VERSION_NUMBER)
++static
++#endif
++BIO_METHOD *
+ BIO_meth_new( int type, const char *name )
+ {
+     BIO_METHOD *method = malloc( sizeof(BIO_METHOD) );
+@@ -306,7 +310,10 @@ BIO_meth_new( int type, const char *name )
+     return method;
+ }
+ 
+-static void
++#if !defined(LIBRESSL_VERSION_NUMBER)
++static
++#endif
++void
+ BIO_meth_free( BIO_METHOD *meth )
+ {
+     if ( meth == NULL ) {
diff --git a/dev-python/m2crypto/m2crypto-0.38.0.ebuild b/dev-python/m2crypto/m2crypto-0.38.0.ebuild
new file mode 100644
index 0000000..481c395
--- /dev/null
+++ b/dev-python/m2crypto/m2crypto-0.38.0.ebuild
@@ -0,0 +1,67 @@
+# Copyright 2018-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{8..10} )
+PYTHON_REQ_USE="threads(+)"
+
+inherit distutils-r1 toolchain-funcs
+
+MY_PN="M2Crypto"
+DESCRIPTION="A Python crypto and SSL toolkit"
+HOMEPAGE="https://gitlab.com/m2crypto/m2crypto https://pypi.org/project/M2Crypto/"
+SRC_URI="mirror://pypi/${MY_PN:0:1}/${MY_PN}/${MY_PN}-${PV}.tar.gz"
+S="${WORKDIR}/${MY_PN}-${PV}"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~x64-macos"
+IUSE="test"
+RESTRICT="!test? ( test )"
+
+BDEPEND="
+	>=dev-lang/swig-2.0.9
+	test? ( dev-python/parameterized[${PYTHON_USEDEP}] )
+"
+RDEPEND="
+	dev-libs/openssl:0=
+"
+DEPEND="${RDEPEND}"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-libressl-0.38.0.patch"
+)
+
+distutils_enable_tests setup.py
+
+swig_define() {
+	local x
+	for x; do
+		if tc-cpp-is-true "defined(${x})"; then
+			SWIG_FEATURES+=" -D${x}"
+		fi
+	done
+}
+
+src_prepare() {
+	# relies on very exact clock behavior which apparently fails
+	# with inconvenient CONFIG_HZ*
+	sed -e 's:test_server_simple_timeouts:_&:' \
+		-i tests/test_ssl.py || die
+	distutils-r1_src_prepare
+}
+
+python_compile() {
+	# setup.py looks at platform.machine() to determine swig options.
+	# For exotic ABIs, we need to give swig a hint.
+	local -x SWIG_FEATURES=
+
+	# https://bugs.gentoo.org/617946
+	swig_define __ILP32__
+
+	# https://bugs.gentoo.org/674112
+	swig_define __ARM_PCS_VFP
+
+	distutils-r1_python_compile --openssl="${ESYSROOT}"/usr
+}