summaryrefslogtreecommitdiff
path: root/dev-python/cryptography
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2018-08-04 08:53:53 +0100
committerV3n3RiX <venerix@redcorelinux.org>2018-08-04 08:53:53 +0100
commite3872864be25f7421015bef2732fa57c0c9fb726 (patch)
tree9cb29a544215119b5c5538e37211b994ce1c87ae /dev-python/cryptography
parent480486b52ea64765faf696c88b2c6a26a5a454d4 (diff)
gentoo resync : 04.08.2018
Diffstat (limited to 'dev-python/cryptography')
-rw-r--r--dev-python/cryptography/Manifest14
-rw-r--r--dev-python/cryptography/cryptography-1.7.1-r1.ebuild52
-rw-r--r--dev-python/cryptography/cryptography-1.7.1.ebuild50
-rw-r--r--dev-python/cryptography/cryptography-2.0.2-r1.ebuild51
-rw-r--r--dev-python/cryptography/cryptography-2.1.4.ebuild63
-rw-r--r--dev-python/cryptography/cryptography-2.2.2-r1.ebuild (renamed from dev-python/cryptography/cryptography-2.1.4-r2.ebuild)3
-rw-r--r--dev-python/cryptography/cryptography-2.3.ebuild (renamed from dev-python/cryptography/cryptography-2.1.4-r1.ebuild)11
-rw-r--r--dev-python/cryptography/files/CVE-2018-10903.patch76
8 files changed, 88 insertions, 232 deletions
diff --git a/dev-python/cryptography/Manifest b/dev-python/cryptography/Manifest
index a30d41472cfc..24f3214a4a54 100644
--- a/dev-python/cryptography/Manifest
+++ b/dev-python/cryptography/Manifest
@@ -1,13 +1,9 @@
+AUX CVE-2018-10903.patch 3641 BLAKE2B a426705cfcbc9ba4e3ffd662610b7a27c7afe52dff71d1c7248c03524369faa763196eb018b7ea94b8ac87cc5cb5dd5bf172f5cdedadb54be62dbe4e0819ed82 SHA512 94c56586ae1649b29959d855235af8e84bc9dd927b412e0e0a62cb47bb52580a919bacefe4be6d0b75318be05afccb950dbff3d7f6ec1cb44c111a4bbc2e6a99
AUX cryptography-1.7.1-libressl251.patch 948 BLAKE2B cfb192c89d714093f366a75245911de165a3cab7062737df7b949a928927a5b6f0000b9fa7efa416798c62c803b406b14d2888afef87f8e63759fd3ff74c8da9 SHA512 5660bd82498ec2bd17ad4dcbd8d3ffd8a2a1364dc5584736e4cff278bbeb4644138336385fa2bc16261fe4712481c6cffba227aaa09c841df3081709f8ec7187
AUX cryptography-2.1.4-libressl-2.7-x509.patch 1005 BLAKE2B 9c01fe0f9c3c8c598388db68f68470b953b4a8e79dba8c1d3c6ce56486a93f340101a58db8771fa1adeaabe430d78acbb6723da597b8b114416d676022b989d4 SHA512 fc58993b3dc86990194e03c7cc4554d83260b243913d77b3743fe1f9fd0d21985ee849c6b7f7fc158c48b75505e8e8a9adf090b9c7ba40e12b09b3c020e50afe
AUX cryptography-2.1.4-libressl-2.7-x509_vfy.patch 3419 BLAKE2B 89642459484d42958aec818c4196eff35991ba415c76ee1f43c0765b1a9687c6b405f31322227eb132309439aa8d7ee5ed6df7ed07f640e4eea21c6e97fde858 SHA512 e941b89924d68b1d1dfe8e64a4f7ae363ccb53fd232a3853d9ddba0a7aed1dc27fb8d699e9197bdd7ff0b1780c1f12edd2edd4133f08e2f7f13348b170985a4c
-DIST cryptography-1.7.1.tar.gz 420673 BLAKE2B 8c0257187f29173bae610f191f6ae3251e5dd2cfcbe639020d1ea8f94a09bfe4281c9f6b2c85aefc1989c5832eab4db40c226a8a2e12c4dcbf6241555dafa628 SHA512 fb88b0ee9e314526fcdbb6d35da409b7335c7408a69d2350c58379471d2b9d76021010955629cf776d26312f22d4f8aa3f135955a19dfbff9d602176c9bbfd40
-DIST cryptography-2.0.2.tar.gz 427303 BLAKE2B 53f891c02aa4b82b13a66a4c74bd6db9e8dcdb57bd0bba76648e0c1be710ce1d94c8425ead6d81b240b39c034125ce320757d4b43c56bc7410af11f171cf9a21 SHA512 a71219ff52006a7c8bf1553d0f132c747566c630281ef89aac40c65b193b1f0074fc9cda1de7057c76b452113dfb6188c83baef3ed9c05ff18adbc8b7bba646b
-DIST cryptography-2.1.4.tar.gz 441557 BLAKE2B 66aa07930ee54469328977e27096e65b7a333b38b71828c71cb7891b489ef7af60f5e5590f67b43d5e63dc2279d9ca1ba036879f3145264f7639d65000958b50 SHA512 f749cb4384badc174a842514e5a4fee2ed01ab9c716799d8d9d5301f6d2d97b6c41deb9e425f48928b639fa34bef8c05529ed7e5b777ef5ca75c244f8fda8fd4
-EBUILD cryptography-1.7.1-r1.ebuild 1725 BLAKE2B 3327c2607caa9f5fe09f617091dcb21ec637cc5621aa10dcfdb07c82af71a7663a603ae2b7a1597ede0895221c2cf57fb5eacb8883ceb10f89fc36e9c1ef2900 SHA512 9e31689524057c73cf174c8ec4621b57777f20e75295748c91c58eeec8a058ac5067d996aaeb5508d87b07b58c3484e8a5a09c9f4585cadd10009cdc7899e79d
-EBUILD cryptography-1.7.1.ebuild 1662 BLAKE2B e93ee9089ba409dcc50f7a09aed35fe63706c0c08feda1413c1127fccdbedbe5de857b9f4980d2348125bfab11879b71b48e12c2d187f0ed8db6f5b083466e90 SHA512 33688e944e9b4a46f8a49b643fb5f8203716aca424ae6fb84d0b9351310efe4f7941eb2c329a8b4f11c159511aca7e8ee94bcbd25d89d3da919f943a591eda34
-EBUILD cryptography-2.0.2-r1.ebuild 1624 BLAKE2B 7bc96039e6e97bb471124fbc1d1a669a94b6b95a1066fc3a06e5adf84514efcb5651fb9a8c837942ed649e910fdb86ea86b4d92c4dca2177d81bc41ebc6800de SHA512 a65cda871f652ff1e903226396c238185e01a666b84bf1fd15a41707989b5848e4b442bce23c3bbc78a49bd64bfd27eb4d75274b2cb99be6c6ec5710d82df896
-EBUILD cryptography-2.1.4-r1.ebuild 2163 BLAKE2B c58897dd5f2f67b32238d71b15c1b9b080258fcf2d99b614f54205b2a1c356d425f2139d0ce9d8ec97a59873af0ede38e8bbdecabc530bbaa3787ce44cb126af SHA512 4e97f44751883fa5caa341e142df7ffbb4fdd800440b7b35268b8ada0181d8ecf1fdb718bedf41ac4cb44c92ac5c7a83ff4cd9fda4e195cf4c4c29a30330da08
-EBUILD cryptography-2.1.4-r2.ebuild 2182 BLAKE2B ed5ebbd230128b1d6f8a55a3c14d1e8094e37658a2dde1c4e495c9c8a655d36437c3f2246126d67df836a4fb51713e7a66d4873f1a78b3f56b7a7ddf59cbe66c SHA512 bf66f656fb468ca265688c4c883329454018bfc2fde4558ce2786db6c9b08a0df25c8d95a46310a2686fec840c731e5521ad0f41ec997c59237ae1bcb9f8e5ba
-EBUILD cryptography-2.1.4.ebuild 2044 BLAKE2B 2dd3ba08232364b585e92ed6fd83a204f9d1192ca016a796275a200b995c9e3244c687c042600be62a7245f327813ac6d95f6fb8fd1682c0b861cd106a5d2e72 SHA512 43cb90a1de0f0501cbff6385bff0e80eb1fe412479dbfca2bf8ac3d15e93b2c4621b80ca45c7482852620de97eab249cca0e7d2a050856cf4147c22d0523b2bb
+DIST cryptography-2.2.2.tar.gz 443822 BLAKE2B d0fbaad78d172f1ba1bfa6edd64d2d5a0eac0853a564fdbb9830dfedc5c53fe1b28d8c1878be85ce38b8cd90a0c2e40e6a209158693a88a7053a80f0481e6302 SHA512 6c1b19cdb870d65abad42523697e9a0bebc7a0025b34f10c4bdd30c313333efd7c41bcb4237a29b3a1b270e3fbade75ccb35df172b055b7c075d619f4d9424c9
+DIST cryptography-2.3.tar.gz 449464 BLAKE2B 7485c745f9c6512a5efce42181970deff19bd4420e91230d84b070cd77450a6805c56a2e37cda73b45c90ed969c8fdbb866a7cc9e53a6828a1ca6e45befd9de8 SHA512 75e14020da500fdbbd578f004b22ef3237844185329adf59288b29f1b3ee9dd2005a2c4a933fe8609a59d168012a9f687bab0f31ab39ed6ca325198aa9295e52
+EBUILD cryptography-2.2.2-r1.ebuild 2212 BLAKE2B ea9b70fe4d8e10b7e812a98a82665fc663a90939f04615f9ceb17baf14f4b8c3df327052151662ed5ae2f7bfeddb7caa7839108c36c57be780596baff8cb5985 SHA512 1c819531e989645d64c8742fa1b331bcc0bb733c6deee2a81ffa02dd92a074faf000f29e35db947f8014d3a7425a0f0e1ad722c0e28b9a90df049b482e82532a
+EBUILD cryptography-2.3.ebuild 2162 BLAKE2B 68fefc766e1b98af7623b5c7e6f3ed96a38ba8b23895b24d0d0a4a6d299f5a2180b9707652b084ba67040fc30b03ba781e91d4b3b07a2224aaf006c35c6b88b4 SHA512 44b7b60fd5f41caa0a299069e9bc761725a539cefa6d7b71db031d9d18fffb78f5468ac0da848387616e3f0cce7c78de1544b646bf6e0b1b939925a902ee9a37
MISC metadata.xml 384 BLAKE2B 6dbfdd39bb24b2df61454716e308605ae1d35c3babd01f16556bbbab240e425434315cb2b80a2c3e8e9b18b237899b5fb96566a7ffefde2af3af1dcc2e08362b SHA512 c2806f846608bdd0720b589494e13f57ab2d64026747f2b13f412c9a0e9d2bef6b16fc357e4d16b74ad7a2a2af8daa5e28d0b6bfe4d2141ce68881c724fd24c7
diff --git a/dev-python/cryptography/cryptography-1.7.1-r1.ebuild b/dev-python/cryptography/cryptography-1.7.1-r1.ebuild
deleted file mode 100644
index 11cff7b6191c..000000000000
--- a/dev-python/cryptography/cryptography-1.7.1-r1.ebuild
+++ /dev/null
@@ -1,52 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy{,3} )
-PYTHON_REQ_USE="threads(+)"
-
-inherit distutils-r1
-
-DESCRIPTION="Library providing cryptographic recipes and primitives"
-HOMEPAGE="https://github.com/pyca/cryptography/ https://pypi.org/project/cryptography/"
-SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
-
-LICENSE="|| ( Apache-2.0 BSD )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux"
-IUSE="libressl test"
-
-RDEPEND="
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:0= )
- $(python_gen_cond_dep '>=dev-python/cffi-1.4.1:=[${PYTHON_USEDEP}]' 'python*')
- $(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 python3_3 pypy{,3})
- >=dev-python/idna-2.0[${PYTHON_USEDEP}]
- >=dev-python/pyasn1-0.1.8[${PYTHON_USEDEP}]
- dev-python/setuptools[${PYTHON_USEDEP}]
- >=dev-python/six-1.4.1[${PYTHON_USEDEP}]
- $(python_gen_cond_dep '>=virtual/pypy-2.6.0' pypy )
- virtual/python-ipaddress[${PYTHON_USEDEP}]
- "
-DEPEND="${RDEPEND}
- >=dev-python/setuptools-1.0[${PYTHON_USEDEP}]
- test? (
- ~dev-python/cryptography-vectors-${PV}[${PYTHON_USEDEP}]
- dev-python/hypothesis[${PYTHON_USEDEP}]
- dev-python/iso8601[${PYTHON_USEDEP}]
- dev-python/pretend[${PYTHON_USEDEP}]
- dev-python/pyasn1-modules[${PYTHON_USEDEP}]
- >=dev-python/pytest-2.9.0[${PYTHON_USEDEP}]
- dev-python/pytz[${PYTHON_USEDEP}]
- )"
-
-DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst )
-
-PATCHES=( "${FILESDIR}"/${P}-libressl251.patch )
-
-python_test() {
- distutils_install_for_testing
-
- py.test -v -v -x || die "Tests fail with ${EPYTHON}"
-}
diff --git a/dev-python/cryptography/cryptography-1.7.1.ebuild b/dev-python/cryptography/cryptography-1.7.1.ebuild
deleted file mode 100644
index 2646ca4511b3..000000000000
--- a/dev-python/cryptography/cryptography-1.7.1.ebuild
+++ /dev/null
@@ -1,50 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy{,3} )
-PYTHON_REQ_USE="threads(+)"
-
-inherit distutils-r1
-
-DESCRIPTION="Library providing cryptographic recipes and primitives"
-HOMEPAGE="https://github.com/pyca/cryptography/ https://pypi.org/project/cryptography/"
-SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
-
-LICENSE="|| ( Apache-2.0 BSD )"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-linux ~x86-linux"
-IUSE="libressl test"
-
-RDEPEND="
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl )
- $(python_gen_cond_dep '>=dev-python/cffi-1.4.1:=[${PYTHON_USEDEP}]' 'python*')
- $(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 python3_3 pypy{,3})
- >=dev-python/idna-2.0[${PYTHON_USEDEP}]
- >=dev-python/pyasn1-0.1.8[${PYTHON_USEDEP}]
- dev-python/setuptools[${PYTHON_USEDEP}]
- >=dev-python/six-1.4.1[${PYTHON_USEDEP}]
- $(python_gen_cond_dep '>=virtual/pypy-2.6.0' pypy )
- virtual/python-ipaddress[${PYTHON_USEDEP}]
- "
-DEPEND="${RDEPEND}
- >=dev-python/setuptools-1.0[${PYTHON_USEDEP}]
- test? (
- ~dev-python/cryptography-vectors-${PV}[${PYTHON_USEDEP}]
- dev-python/hypothesis[${PYTHON_USEDEP}]
- dev-python/iso8601[${PYTHON_USEDEP}]
- dev-python/pretend[${PYTHON_USEDEP}]
- dev-python/pyasn1-modules[${PYTHON_USEDEP}]
- >=dev-python/pytest-2.9.0[${PYTHON_USEDEP}]
- dev-python/pytz[${PYTHON_USEDEP}]
- )"
-
-DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst )
-
-python_test() {
- distutils_install_for_testing
-
- py.test -v -v -x || die "Tests fail with ${EPYTHON}"
-}
diff --git a/dev-python/cryptography/cryptography-2.0.2-r1.ebuild b/dev-python/cryptography/cryptography-2.0.2-r1.ebuild
deleted file mode 100644
index c69917dc3a69..000000000000
--- a/dev-python/cryptography/cryptography-2.0.2-r1.ebuild
+++ /dev/null
@@ -1,51 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy{,3} )
-PYTHON_REQ_USE="threads(+)"
-
-inherit distutils-r1 flag-o-matic
-
-DESCRIPTION="Library providing cryptographic recipes and primitives"
-HOMEPAGE="https://github.com/pyca/cryptography/ https://pypi.org/project/cryptography/"
-SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
-
-LICENSE="|| ( Apache-2.0 BSD )"
-SLOT="0"
-KEYWORDS="amd64 arm arm64 hppa ia64 ~mips ppc ppc64 x86"
-IUSE="libressl test"
-
-RDEPEND="
- !libressl? ( >=dev-libs/openssl-1.0.2:0=[-bindist(-)] )
- libressl? ( dev-libs/libressl:0= )
- $(python_gen_cond_dep '>=dev-python/cffi-1.7:=[${PYTHON_USEDEP}]' 'python*')
- $(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 pypy{,3})
- >=dev-python/idna-2.1[${PYTHON_USEDEP}]
- >=dev-python/asn1crypto-0.21.0[${PYTHON_USEDEP}]
- dev-python/setuptools[${PYTHON_USEDEP}]
- >=dev-python/six-1.4.1[${PYTHON_USEDEP}]
- virtual/python-ipaddress[${PYTHON_USEDEP}]
- "
-DEPEND="${RDEPEND}
- >=dev-python/setuptools-1.0[${PYTHON_USEDEP}]
- test? (
- ~dev-python/cryptography-vectors-${PV}[${PYTHON_USEDEP}]
- dev-python/hypothesis[${PYTHON_USEDEP}]
- dev-python/iso8601[${PYTHON_USEDEP}]
- dev-python/pretend[${PYTHON_USEDEP}]
- dev-python/pyasn1-modules[${PYTHON_USEDEP}]
- >=dev-python/pytest-2.9.0[${PYTHON_USEDEP}]
- dev-python/pytz[${PYTHON_USEDEP}]
- )"
-
-DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst )
-
-python_configure_all() {
- append-cflags $(test-flags-CC -pthread)
-}
-
-python_test() {
- py.test -v -v -x || die "Tests fail with ${EPYTHON}"
-}
diff --git a/dev-python/cryptography/cryptography-2.1.4.ebuild b/dev-python/cryptography/cryptography-2.1.4.ebuild
deleted file mode 100644
index f5fc4dd530db..000000000000
--- a/dev-python/cryptography/cryptography-2.1.4.ebuild
+++ /dev/null
@@ -1,63 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy{,3} )
-PYTHON_REQ_USE="threads(+)"
-
-inherit distutils-r1 flag-o-matic
-
-DESCRIPTION="Library providing cryptographic recipes and primitives"
-HOMEPAGE="https://github.com/pyca/cryptography/ https://pypi.org/project/cryptography/"
-SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
-
-LICENSE="|| ( Apache-2.0 BSD )"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~amd64-linux ~x86-linux ~x64-macos ~x64-solaris"
-IUSE="libressl test"
-
-# the openssl 1.0.2l-r1 needs to be updated again :(
-# It'd theb be able to go into the || section again
-#=dev-libs/openssl-1.0.2l-r1:0
-# the following is the original section, disallowing bindist entirely
-#!libressl? ( >=dev-libs/openssl-1.0.2:0=[-bindist(-)] )
-RDEPEND="
- !libressl? (
- dev-libs/openssl:0= (
- || (
- dev-libs/openssl:0[-bindist(-)]
- >=dev-libs/openssl-1.1.0g-r1:0
- )
- )
- )
- libressl? ( dev-libs/libressl )
- $(python_gen_cond_dep '>=dev-python/cffi-1.7:=[${PYTHON_USEDEP}]' 'python*')
- $(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 pypy{,3})
- >=dev-python/idna-2.1[${PYTHON_USEDEP}]
- >=dev-python/asn1crypto-0.21.0[${PYTHON_USEDEP}]
- dev-python/setuptools[${PYTHON_USEDEP}]
- >=dev-python/six-1.4.1[${PYTHON_USEDEP}]
- virtual/python-ipaddress[${PYTHON_USEDEP}]
- "
-DEPEND="${RDEPEND}
- >=dev-python/setuptools-1.0[${PYTHON_USEDEP}]
- test? (
- ~dev-python/cryptography-vectors-${PV}[${PYTHON_USEDEP}]
- dev-python/hypothesis[${PYTHON_USEDEP}]
- dev-python/iso8601[${PYTHON_USEDEP}]
- dev-python/pretend[${PYTHON_USEDEP}]
- dev-python/pyasn1-modules[${PYTHON_USEDEP}]
- >=dev-python/pytest-2.9.0[${PYTHON_USEDEP}]
- dev-python/pytz[${PYTHON_USEDEP}]
- )"
-
-DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst )
-
-python_configure_all() {
- append-cflags $(test-flags-CC -pthread)
-}
-
-python_test() {
- py.test -v -v -x || die "Tests fail with ${EPYTHON}"
-}
diff --git a/dev-python/cryptography/cryptography-2.1.4-r2.ebuild b/dev-python/cryptography/cryptography-2.2.2-r1.ebuild
index d24836330f64..ffaf2cd166a9 100644
--- a/dev-python/cryptography/cryptography-2.1.4-r2.ebuild
+++ b/dev-python/cryptography/cryptography-2.2.2-r1.ebuild
@@ -14,7 +14,7 @@ SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
LICENSE="|| ( Apache-2.0 BSD )"
SLOT="0"
-KEYWORDS="alpha amd64 ~arm arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~amd64-linux ~ppc-macos ~x86-linux ~x64-macos ~x64-solaris"
IUSE="libressl test"
# the openssl 1.0.2l-r1 needs to be updated again :(
@@ -57,6 +57,7 @@ DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst )
PATCHES=(
"${FILESDIR}"/${PN}-2.1.4-libressl-2.7-x509.patch
"${FILESDIR}"/${PN}-2.1.4-libressl-2.7-x509_vfy.patch
+ "${FILESDIR}"/CVE-2018-10903.patch
)
python_configure_all() {
diff --git a/dev-python/cryptography/cryptography-2.1.4-r1.ebuild b/dev-python/cryptography/cryptography-2.3.ebuild
index 00035b90760b..958c0527b8c2 100644
--- a/dev-python/cryptography/cryptography-2.1.4-r1.ebuild
+++ b/dev-python/cryptography/cryptography-2.3.ebuild
@@ -3,7 +3,7 @@
EAPI=6
-PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy{,3} )
+PYTHON_COMPAT=( python2_7 python3_{4,5,6,7} pypy{,3} )
PYTHON_REQ_USE="threads(+)"
inherit distutils-r1 flag-o-matic
@@ -14,7 +14,7 @@ SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
LICENSE="|| ( Apache-2.0 BSD )"
SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~amd64-linux ~x86-linux ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
IUSE="libressl test"
# the openssl 1.0.2l-r1 needs to be updated again :(
@@ -27,12 +27,11 @@ RDEPEND="
dev-libs/openssl:0= (
|| (
dev-libs/openssl:0[-bindist(-)]
- >=dev-libs/openssl-1.1.0g-r1:0
+ >=dev-libs/openssl-1.0.2o-r2:0
)
)
)
libressl? ( dev-libs/libressl:0= )
- $(python_gen_cond_dep '>=dev-python/cffi-1.7:=[${PYTHON_USEDEP}]' 'python*')
$(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 pypy{,3})
>=dev-python/idna-2.1[${PYTHON_USEDEP}]
>=dev-python/asn1crypto-0.21.0[${PYTHON_USEDEP}]
@@ -42,6 +41,8 @@ RDEPEND="
"
DEPEND="${RDEPEND}
>=dev-python/setuptools-1.0[${PYTHON_USEDEP}]
+ $(python_gen_cond_dep '>=dev-python/cffi-1.7:=[${PYTHON_USEDEP}]' 'python*')
+ $(python_gen_cond_dep '!~dev-python/cffi-1.11.3[${PYTHON_USEDEP}]' 'python*')
test? (
~dev-python/cryptography-vectors-${PV}[${PYTHON_USEDEP}]
dev-python/hypothesis[${PYTHON_USEDEP}]
@@ -55,8 +56,6 @@ DEPEND="${RDEPEND}
DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst )
PATCHES=(
- "${FILESDIR}"/${PN}-2.1.4-libressl-2.7-x509.patch
- "${FILESDIR}"/${PN}-2.1.4-libressl-2.7-x509_vfy.patch
)
python_configure_all() {
diff --git a/dev-python/cryptography/files/CVE-2018-10903.patch b/dev-python/cryptography/files/CVE-2018-10903.patch
new file mode 100644
index 000000000000..1133405fb93d
--- /dev/null
+++ b/dev-python/cryptography/files/CVE-2018-10903.patch
@@ -0,0 +1,76 @@
+From 688e0f673bfbf43fa898994326c6877f00ab19ef Mon Sep 17 00:00:00 2001
+From: Paul Kehrer <paul.l.kehrer@gmail.com>
+Date: Tue, 17 Jul 2018 10:47:57 +0800
+Subject: [PATCH] disallow implicit tag truncation with finalize_with_tag
+
+---
+ docs/hazmat/primitives/symmetric-encryption.rst | 1 +
+ src/cryptography/hazmat/backends/openssl/ciphers.py | 5 +++++
+ src/cryptography/hazmat/primitives/ciphers/modes.py | 1 +
+ tests/hazmat/primitives/test_aes.py | 16 ++++++++++++++++
+ 5 files changed, 28 insertions(+)
+
+diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
+index 5ebcca754..5b6000902 100644
+--- a/docs/hazmat/primitives/symmetric-encryption.rst
++++ b/docs/hazmat/primitives/symmetric-encryption.rst
+@@ -670,6 +670,7 @@ Interfaces
+ :raises ValueError: This is raised when the data provided isn't
+ a multiple of the algorithm's block size, if ``min_tag_length`` is
+ less than 4, or if ``len(tag) < min_tag_length``.
++ ``min_tag_length`` is an argument to the ``GCM`` constructor.
+ :raises NotImplementedError: This is raised if the version of the
+ OpenSSL backend used is 1.0.1 or earlier.
+
+diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py
+index 462ffea25..e0ee06ee2 100644
+--- a/src/cryptography/hazmat/backends/openssl/ciphers.py
++++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
+@@ -199,6 +199,11 @@ def finalize_with_tag(self, tag):
+ "finalize_with_tag requires OpenSSL >= 1.0.2. To use this "
+ "method please update OpenSSL"
+ )
++ if len(tag) < self._mode._min_tag_length:
++ raise ValueError(
++ "Authentication tag must be {0} bytes or longer.".format(
++ self._mode._min_tag_length)
++ )
+ res = self._backend._lib.EVP_CIPHER_CTX_ctrl(
+ self._ctx, self._backend._lib.EVP_CTRL_AEAD_SET_TAG,
+ len(tag), tag
+diff --git a/src/cryptography/hazmat/primitives/ciphers/modes.py b/src/cryptography/hazmat/primitives/ciphers/modes.py
+index 598dfaa4a..543015fef 100644
+--- a/src/cryptography/hazmat/primitives/ciphers/modes.py
++++ b/src/cryptography/hazmat/primitives/ciphers/modes.py
+@@ -220,6 +220,7 @@ def __init__(self, initialization_vector, tag=None, min_tag_length=16):
+ min_tag_length)
+ )
+ self._tag = tag
++ self._min_tag_length = min_tag_length
+
+ tag = utils.read_only_property("_tag")
+ initialization_vector = utils.read_only_property("_initialization_vector")
+diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py
+index d6f83ebc2..4ceccf155 100644
+--- a/tests/hazmat/primitives/test_aes.py
++++ b/tests/hazmat/primitives/test_aes.py
+@@ -439,3 +439,19 @@ def test_gcm_tag_decrypt_finalize(self, backend):
+ decryptor.finalize()
+ else:
+ decryptor.finalize_with_tag(tag)
++
++ @pytest.mark.supported(
++ only_if=lambda backend: (
++ not backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 or
++ backend._lib.CRYPTOGRAPHY_IS_LIBRESSL
++ ),
++ skip_message="Not supported on OpenSSL 1.0.1",
++ )
++ def test_gcm_tag_decrypt_finalize_tag_length(self, backend):
++ decryptor = base.Cipher(
++ algorithms.AES(b"0" * 16),
++ modes.GCM(b"0" * 12),
++ backend=backend
++ ).decryptor()
++ with pytest.raises(ValueError):
++ decryptor.finalize_with_tag(b"tagtooshort")