Date: Fri, 09 Dec 2016 08:19:01 -0600 From: Mark Felder <feld@FreeBSD.org> To: Mathieu Arnold <mat@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r428138 - head/security/py-cryptography Message-ID: <1481293141.3621315.813810113.109D829E@webmail.messagingengine.com> In-Reply-To: <4649c489-221b-8d65-acb5-6e75832bfc28@FreeBSD.org> References: <201612081707.uB8H7Ntk058921@repo.freebsd.org> <4649c489-221b-8d65-acb5-6e75832bfc28@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 9, 2016, at 04:12, Mathieu Arnold wrote: > Le 08/12/2016 =C3=A0 18:07, Mark Felder a =C3=A9crit : > > Author: feld > > Date: Thu Dec 8 17:07:22 2016 > > New Revision: 428138 > > URL: https://svnweb.freebsd.org/changeset/ports/428138 > > > > Log: > > security/py-pycryptography: Fix build on FreeBSD 9.3 > >=20=20=20 > > Modern py-cryptography requires a more modern OpenSSL. This switch to > > requiring OpenSSL from ports is a disruptive change, but it will prot= ect > > these users from the recently patched vulnerabilites. > >=20=20=20 > > Support for OpenSSL 0.9.8 was removed in pycryptography as of version= 1.4. > > The last release to support OpenSSL 0.9.8 was 1.3.4 which is still > > vulnerable to the HDKF key generation bug. It appears that version 1.4 > > did build successfully on FreeBSD 9.3, but upstream had abandoned > > support for OpenSSL 0.9.8 at that point so it is unclear if it was fu= lly > > functional. > >=20=20=20 > > PR: 214915 > > MFH: 2016Q4 > > > > Modified: > > head/security/py-cryptography/Makefile > > > > Modified: head/security/py-cryptography/Makefile > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D > > --- head/security/py-cryptography/Makefile Thu Dec 8 17:05:45 2016 (r4= 28137) > > +++ head/security/py-cryptography/Makefile Thu Dec 8 17:07:22 2016 (r4= 28138) > > @@ -27,6 +27,11 @@ USE_PYTHON=3D autoplist distutils > > CFLAGS+=3D -I${OPENSSLINC} > > LDFLAGS+=3D -L${OPENSSLLIB} > >=20=20 > > +# Modern py-cyptography requires newer OpenSSL > > +.if ${OSVERSION} < 1000000 > > +WITH_OPENSSL_PORT=3D yes > > +.endif > > + >=20 > The correct fix is: >=20 > .if ${OSVERSION} < 1000000 && ${SSL_DEFAULT:Mbase} > IGNORE=3D Needs a more recent OpenSSL > .endif >=20 I was trying to avoid doing that because this means we won't have packages on our mirrors for 9.3-RELEASE users. :( --=20 Mark Felder ports-secteam member feld@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1481293141.3621315.813810113.109D829E>