Date: Fri, 9 Dec 2016 15:27:09 +0100 From: Mathieu Arnold <mat@FreeBSD.org> To: Mark Felder <feld@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r428138 - head/security/py-cryptography Message-ID: <5badfa2d-7912-536e-6bd2-9b02a6b5a8d9@FreeBSD.org> In-Reply-To: <1481293141.3621315.813810113.109D829E@webmail.messagingengine.com> References: <201612081707.uB8H7Ntk058921@repo.freebsd.org> <4649c489-221b-8d65-acb5-6e75832bfc28@FreeBSD.org> <1481293141.3621315.813810113.109D829E@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --DlFpvh1PV0gTEW7f4KnmIWH3LBlKqAoSq Content-Type: multipart/mixed; boundary="ccVLdSgmwvx4VOlVMRFLIAHAF2sDmllma"; protected-headers="v1" From: Mathieu Arnold <mat@FreeBSD.org> To: Mark Felder <feld@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Message-ID: <5badfa2d-7912-536e-6bd2-9b02a6b5a8d9@FreeBSD.org> Subject: Re: svn commit: r428138 - head/security/py-cryptography References: <201612081707.uB8H7Ntk058921@repo.freebsd.org> <4649c489-221b-8d65-acb5-6e75832bfc28@FreeBSD.org> <1481293141.3621315.813810113.109D829E@webmail.messagingengine.com> In-Reply-To: <1481293141.3621315.813810113.109D829E@webmail.messagingengine.com> --ccVLdSgmwvx4VOlVMRFLIAHAF2sDmllma Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Le 09/12/2016 =C3=A0 15:19, Mark Felder a =C3=A9crit : > > On Fri, Dec 9, 2016, at 04:12, Mathieu Arnold wrote: >> Le 08/12/2016 =C3=A0 18:07, Mark Felder a =C3=A9crit : >>> Author: feld >>> Date: Thu Dec 8 17:07:22 2016 >>> New Revision: 428138 >>> URL: https://svnweb.freebsd.org/changeset/ports/428138 >>> >>> Log: >>> security/py-pycryptography: Fix build on FreeBSD 9.3 >>> =20 >>> Modern py-cryptography requires a more modern OpenSSL. This switch = to >>> requiring OpenSSL from ports is a disruptive change, but it will pr= otect >>> these users from the recently patched vulnerabilites. >>> =20 >>> Support for OpenSSL 0.9.8 was removed in pycryptography as of versi= on 1.4. >>> The last release to support OpenSSL 0.9.8 was 1.3.4 which is still >>> vulnerable to the HDKF key generation bug. It appears that version = 1.4 >>> did build successfully on FreeBSD 9.3, but upstream had abandoned >>> support for OpenSSL 0.9.8 at that point so it is unclear if it was = fully >>> functional. >>> =20 >>> PR: 214915 >>> MFH: 2016Q4 >>> >>> Modified: >>> head/security/py-cryptography/Makefile >>> >>> Modified: head/security/py-cryptography/Makefile >>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D >>> --- head/security/py-cryptography/Makefile Thu Dec 8 17:05:45 2016 (= r428137) >>> +++ head/security/py-cryptography/Makefile Thu Dec 8 17:07:22 2016 (= r428138) >>> @@ -27,6 +27,11 @@ USE_PYTHON=3D autoplist distutils >>> CFLAGS+=3D -I${OPENSSLINC} >>> LDFLAGS+=3D -L${OPENSSLLIB} >>> =20 >>> +# Modern py-cyptography requires newer OpenSSL >>> +.if ${OSVERSION} < 1000000 >>> +WITH_OPENSSL_PORT=3D yes >>> +.endif >>> + >> The correct fix is: >> >> .if ${OSVERSION} < 1000000 && ${SSL_DEFAULT:Mbase} >> IGNORE=3D Needs a more recent OpenSSL >> .endif >> > I was trying to avoid doing that because this means we won't have > packages on our mirrors for 9.3-RELEASE users. :( It is not really a choice, either you don't have a package, or you have packages that are half linked with base openssl and half with ports openssl, which will end up doing at best core dumps. --=20 Mathieu Arnold --ccVLdSgmwvx4VOlVMRFLIAHAF2sDmllma-- --DlFpvh1PV0gTEW7f4KnmIWH3LBlKqAoSq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJYSr89XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzQUI2OTc4OUQyRUQxMjEwNjQ0MEJBNUIz QTQ1MTZGMzUxODNDRTQ4AAoJEDpFFvNRg85I/RgQAJQXF99CXlCcuWPZbM/mHBkq F3vVzv6QyZVkxvOjS5cUwOOSm3Jo8LpO2cqGWi6xCU34a6skAPH5lxr4yCqczwiX mm+1m5EzENSL57QkrVgf6v5olz5DpEKbgtUBbHk7MzwxlGIpoAxu8gCGzCpVmGit PRxCxo/IBPoK3q8G4csOPKEbXKUGgpPAO+/rr4LW9kzvWT08B9JiQlTtKm7V5GKr M5QOUyXgxR+Vec7urq5aytsN7fZlG71HpMbMH6A9QaPKJg1+HmA5Q8ZGEAL/Tz43 3TPc6sFlR+fPLcF3BLcWEBctrM8e3FTZgCav9t2r9e8kzPG2M3TbATDbUKuZMxIm Yg99Wn9G2bI5SkQY8Z5tmmdxhGpMS026rg/8kU+w0cQHSm4pCEFRVOCL5zwuMrJB jdRpJko7T3cQcmF72MgFsHDjmZ8LTEtFpfUSdON7IIctitxMh3unVjjPo4ONUtMp r+qv8Oo/AF+IPz2msB04iSvmjSuPzlnMCZtAj4xWGWeleoCUQH1o/MelhkuEHEjH SS5K1DM+ltOJXTu2JUE9mU63IAmTr+mXzk/ORlb6TxnVdElKK7HE8TDfjpK21Zl0 xRJUXorWCJS1cO89hw4Nu26z6pHQQspb/s04/vzoDyj+0eczjgESojr7TrBgSSxU CO6GxZ38v+QuUU2R3spP =llYY -----END PGP SIGNATURE----- --DlFpvh1PV0gTEW7f4KnmIWH3LBlKqAoSq--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5badfa2d-7912-536e-6bd2-9b02a6b5a8d9>