From b8bbcd4dea422be57123d75fbf77db6d33542b06 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Sat, 1 May 2021 12:04:27 -0700 Subject: python3-m2crypto: Upgrade to 0.37.1 Unifiy .inc into .bb Add patches to fix issues with openssl 1.1.x Remove m2crypto-0.26.4-gcc_macros patch, its no longer needed Refresh existing patches Signed-off-by: Khem Raj Signed-off-by: Trevor Gamblin --- .../recipes-devtools/python/python-m2crypto.inc | 63 ---------------------- ...y-link-in-sysroot-not-in-host-directories.patch | 35 ------------ .../python-m2crypto/cross-compile-platform.patch | 33 ------------ .../m2crypto-0.26.4-gcc_macros.patch | 35 ------------ ...llow-verify_cb_-to-be-called-with-ok-True.patch | 47 ++++++++++++++++ ...of-RSA_SSLV23_PADDING-has-been-deprecated.patch | 29 ++++++++++ ...y-link-in-sysroot-not-in-host-directories.patch | 33 ++++++++++++ .../python3-m2crypto/cross-compile-platform.patch | 31 +++++++++++ .../python/python3-m2crypto_0.30.1.bb | 2 - .../python/python3-m2crypto_0.37.1.bb | 63 ++++++++++++++++++++++ 10 files changed, 203 insertions(+), 168 deletions(-) delete mode 100644 meta-python/recipes-devtools/python/python-m2crypto.inc delete mode 100644 meta-python/recipes-devtools/python/python-m2crypto/0001-setup.py-link-in-sysroot-not-in-host-directories.patch delete mode 100644 meta-python/recipes-devtools/python/python-m2crypto/cross-compile-platform.patch delete mode 100644 meta-python/recipes-devtools/python/python-m2crypto/m2crypto-0.26.4-gcc_macros.patch create mode 100644 meta-python/recipes-devtools/python/python3-m2crypto/0001-Allow-verify_cb_-to-be-called-with-ok-True.patch create mode 100644 meta-python/recipes-devtools/python/python3-m2crypto/0001-Use-of-RSA_SSLV23_PADDING-has-been-deprecated.patch create mode 100644 meta-python/recipes-devtools/python/python3-m2crypto/0001-setup.py-link-in-sysroot-not-in-host-directories.patch create mode 100644 meta-python/recipes-devtools/python/python3-m2crypto/cross-compile-platform.patch delete mode 100644 meta-python/recipes-devtools/python/python3-m2crypto_0.30.1.bb create mode 100644 meta-python/recipes-devtools/python/python3-m2crypto_0.37.1.bb (limited to 'meta-python/recipes-devtools/python') diff --git a/meta-python/recipes-devtools/python/python-m2crypto.inc b/meta-python/recipes-devtools/python/python-m2crypto.inc deleted file mode 100644 index 797a0354bf..0000000000 --- a/meta-python/recipes-devtools/python/python-m2crypto.inc +++ /dev/null @@ -1,63 +0,0 @@ -SUMMARY = "A Python crypto and SSL toolkit" -HOMEPAGE = "https://gitlab.com/m2crypto/m2crypto" - -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENCE;md5=b0e1f0b7d0ce8a62c18b1287b991800e" - -FILESEXTRAPATHS_prepend := "${THISDIR}/python-m2crypto:" - -SRC_URI += "file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \ - file://cross-compile-platform.patch \ - file://m2crypto-0.26.4-gcc_macros.patch \ - " -SRC_URI[md5sum] = "7fce3cbf85eb84a669682892b935746b" -SRC_URI[sha256sum] = "a1b2751cdadc6afac3df8a5799676b7b7c67a6ad144bb62d38563062e7cd3fc6" - -PYPI_PACKAGE = "M2Crypto" -inherit pypi siteinfo - -DEPENDS += "openssl swig-native" -RDEPENDS_${PN} += "\ - ${PYTHON_PN}-datetime \ - ${PYTHON_PN}-distutils \ - ${PYTHON_PN}-logging \ - ${PYTHON_PN}-netclient \ - ${PYTHON_PN}-netserver \ - ${PYTHON_PN}-numbers \ - ${PYTHON_PN}-smtpd \ - ${PYTHON_PN}-xmlrpc \ -" - -DISTUTILS_BUILD_ARGS += "build_ext --openssl=${STAGING_EXECPREFIXDIR} -I${STAGING_INCDIR}" -DISTUTILS_INSTALL_ARGS += "build_ext --openssl=${STAGING_EXECPREFIXDIR}" - -SWIG_FEATURES_x86 = "-D__i386__" -SWIG_FEATURES_x32 = "-D__ILP32__" -SWIG_FEATURES ?= "-D__${HOST_ARCH}__" -export SWIG_FEATURES - -# Get around a problem with swig, but only if the -# multilib header file exists. -# -do_configure_prepend() { - ${CPP} -dM - < /dev/null | grep -v '__\(STDC\|REGISTER_PREFIX\|GNUC\|STDC_HOSTED\)__' \ - | sed 's/^\(#define \([^ ]*\) .*\)$/#undef \2\n\1/' > ${S}/SWIG/gcc_macros.h - - if [ "${SITEINFO_BITS}" = "64" ];then - bit="64" - else - bit="32" - fi - - if [ -e ${STAGING_INCDIR}/openssl/opensslconf-${bit}.h ] ;then - for i in SWIG/_ec.i SWIG/_evp.i; do - sed -i -e "s/opensslconf.*\./opensslconf-${bit}\./" "${S}/$i" - done - elif [ -e ${STAGING_INCDIR}/openssl/opensslconf-n${bit}.h ] ;then - for i in SWIG/_ec.i SWIG/_evp.i; do - sed -i -e "s/opensslconf.*\./opensslconf-n${bit}\./" "${S}/$i" - done - fi -} - -BBCLASSEXTEND = "native" diff --git a/meta-python/recipes-devtools/python/python-m2crypto/0001-setup.py-link-in-sysroot-not-in-host-directories.patch b/meta-python/recipes-devtools/python/python-m2crypto/0001-setup.py-link-in-sysroot-not-in-host-directories.patch deleted file mode 100644 index b339d93f75..0000000000 --- a/meta-python/recipes-devtools/python/python-m2crypto/0001-setup.py-link-in-sysroot-not-in-host-directories.patch +++ /dev/null @@ -1,35 +0,0 @@ -From dfb83a41aaeae326e9b6f02b233af375bc7b8815 Mon Sep 17 00:00:00 2001 -From: Koen Kooi -Date: Fri, 29 Mar 2013 15:17:17 +0100 -Subject: [PATCH] setup.py: link in sysroot, not in host directories - -Signed-off-by: Koen Kooi - -Upstream-status: Unknown ---- - setup.py | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -Index: M2Crypto-0.30.1/setup.py -=================================================================== ---- M2Crypto-0.30.1.orig/setup.py -+++ M2Crypto-0.30.1/setup.py -@@ -130,6 +130,7 @@ class _M2CryptoBuildExt(build_ext.build_ - self.set_undefined_options('build', ('bundledlls', 'bundledlls')) - - self.libraries = ['ssl', 'crypto'] -+ self.openssl = os.environ.get( "STAGING_DIR" ) - if sys.platform == 'win32': - self.libraries = ['ssleay32', 'libeay32'] - if self.openssl and openssl_version(self.openssl, 0x10100000, True): -@@ -150,8 +151,8 @@ class _M2CryptoBuildExt(build_ext.build_ - - if self.openssl is not None: - log.debug('self.openssl = %s', self.openssl) -- openssl_library_dir = os.path.join(self.openssl, 'lib') -- openssl_include_dir = os.path.join(self.openssl, 'include') -+ openssl_library_dir = os.environ.get( "STAGING_LIBDIR" ) -+ openssl_include_dir = os.environ.get( "STAGING_INCDIR" ) - - self.library_dirs.append(openssl_library_dir) - self.include_dirs.append(openssl_include_dir) diff --git a/meta-python/recipes-devtools/python/python-m2crypto/cross-compile-platform.patch b/meta-python/recipes-devtools/python/python-m2crypto/cross-compile-platform.patch deleted file mode 100644 index 4b64f4613c..0000000000 --- a/meta-python/recipes-devtools/python/python-m2crypto/cross-compile-platform.patch +++ /dev/null @@ -1,33 +0,0 @@ -Do not compute platform, this does not work in cross compile environment -since it pokes at the system for getting architecture values - -Upstream-Status: Inappropriate -Signed-off-by: Khem Raj - -Index: M2Crypto-0.30.1/setup.py -=================================================================== ---- M2Crypto-0.30.1.orig/setup.py -+++ M2Crypto-0.30.1/setup.py -@@ -160,22 +160,6 @@ class _M2CryptoBuildExt(build_ext.build_ - log.debug('self.include_dirs = %s', self.include_dirs) - log.debug('self.library_dirs = %s', self.library_dirs) - -- if platform.system() == "Linux": -- # For RedHat-based distros, the '-D__{arch}__' option for -- # Swig needs to be normalized, particularly on i386. -- mach = platform.machine().lower() -- if mach in ('i386', 'i486', 'i586', 'i686'): -- arch = '__i386__' -- elif mach in ('ppc64', 'powerpc64', 'ppc64le', 'ppc64el'): -- arch = '__powerpc64__' -- elif mach in ('ppc', 'powerpc'): -- arch = '__powerpc__' -- else: -- arch = '__%s__' % mach -- self.swig_opts.append('-D%s' % arch) -- if mach in ('ppc64le', 'ppc64el'): -- self.swig_opts.append('-D_CALL_ELF=2') -- - self.swig_opts.extend(['-I%s' % i for i in self.include_dirs]) - - # Some Linux distributor has added the following line in diff --git a/meta-python/recipes-devtools/python/python-m2crypto/m2crypto-0.26.4-gcc_macros.patch b/meta-python/recipes-devtools/python/python-m2crypto/m2crypto-0.26.4-gcc_macros.patch deleted file mode 100644 index 7f6dd29f8a..0000000000 --- a/meta-python/recipes-devtools/python/python-m2crypto/m2crypto-0.26.4-gcc_macros.patch +++ /dev/null @@ -1,35 +0,0 @@ -Imported from Fedora - -Index: M2Crypto-0.30.1/SWIG/_m2crypto.i -=================================================================== ---- M2Crypto-0.30.1.orig/SWIG/_m2crypto.i -+++ M2Crypto-0.30.1/SWIG/_m2crypto.i -@@ -8,6 +8,11 @@ - * - */ - -+%import "gcc_macros.h" -+ -+%ignore WCHAR_MAX; -+%ignore WCHAR_MIN; -+ - %module(threads=1) m2crypto - /* We really don't need threadblock (PyGILState_Ensure() etc.) anywhere. - Disable threadallow as well, only enable it for operations likely to -@@ -15,11 +20,6 @@ - %nothreadblock; - %nothreadallow; - --#if SWIG_VERSION >= 0x030000 --#define __WCHAR_MAX__ __WCHAR_MAX --#define __WCHAR_MIN__ __WCHAR_MIN --#endif -- - %{ - #ifdef _WIN32 - #define _WINSOCKAPI_ -@@ -95,4 +95,3 @@ static PyObject *x509_store_verify_cb_fu - %constant int encrypt = 1; - %constant int decrypt = 0; - #endif -- diff --git a/meta-python/recipes-devtools/python/python3-m2crypto/0001-Allow-verify_cb_-to-be-called-with-ok-True.patch b/meta-python/recipes-devtools/python/python3-m2crypto/0001-Allow-verify_cb_-to-be-called-with-ok-True.patch new file mode 100644 index 0000000000..3c836635a1 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-m2crypto/0001-Allow-verify_cb_-to-be-called-with-ok-True.patch @@ -0,0 +1,47 @@ +From 73fbd1e646f6bbf202d4418bae80eb9941fbf552 Mon Sep 17 00:00:00 2001 +From: Casey Deccio +Date: Fri, 8 Jan 2021 12:43:09 -0700 +Subject: [PATCH] Allow verify_cb_* to be called with ok=True + +With https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58 +OpenSSL allowed verificaton to continue on UNABLE_TO_VERIFY_LEAF_SIGNATURE +--- + tests/test_ssl.py | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/tests/test_ssl.py b/tests/test_ssl.py +index 92b6942..7a3271a 100644 +--- a/tests/test_ssl.py ++++ b/tests/test_ssl.py +@@ -59,8 +59,13 @@ def allocate_srv_port(): + + + def verify_cb_new_function(ok, store): +- assert not ok + err = store.get_error() ++ # If err is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, then instead of ++ # aborting, this callback is called to retrieve additional error ++ # information. In this case, ok might not be False. ++ # See https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58 ++ if err != m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: ++ assert not ok + assert err in [m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, + m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, + m2.X509_V_ERR_CERT_UNTRUSTED, +@@ -618,7 +623,12 @@ class MiscSSLClientTestCase(BaseSSLClientTestCase): + + def verify_cb_old(self, ctx_ptr, x509_ptr, err, depth, ok): + try: +- self.assertFalse(ok) ++ # If err is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, then instead of ++ # aborting, this callback is called to retrieve additional error ++ # information. In this case, ok might not be False. ++ # See https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58 ++ if err != m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: ++ self.assertFalse(ok) + self.assertIn(err, + [m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, + m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, +-- +2.29.2 + diff --git a/meta-python/recipes-devtools/python/python3-m2crypto/0001-Use-of-RSA_SSLV23_PADDING-has-been-deprecated.patch b/meta-python/recipes-devtools/python/python3-m2crypto/0001-Use-of-RSA_SSLV23_PADDING-has-been-deprecated.patch new file mode 100644 index 0000000000..2313a324a0 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-m2crypto/0001-Use-of-RSA_SSLV23_PADDING-has-been-deprecated.patch @@ -0,0 +1,29 @@ +From d06eaa88a5f491827733f32027c46de3557fbd05 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= +Date: Fri, 19 Feb 2021 15:53:02 +0100 +Subject: [PATCH] Use of RSA_SSLV23_PADDING has been deprecated. + +Fixes #293. +--- + tests/test_rsa.py | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/tests/test_rsa.py b/tests/test_rsa.py +index 3de5016..7299785 100644 +--- a/tests/test_rsa.py ++++ b/tests/test_rsa.py +@@ -124,11 +124,6 @@ class RSATestCase(unittest.TestCase): + ptxt = priv.private_decrypt(ctxt, p) + self.assertEqual(ptxt, self.data) + +- # sslv23_padding +- ctxt = priv.public_encrypt(self.data, RSA.sslv23_padding) +- res = priv.private_decrypt(ctxt, RSA.sslv23_padding) +- self.assertEqual(res, self.data) +- + # no_padding + with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'): + priv.public_encrypt(self.data, RSA.no_padding) +-- +2.29.2 + diff --git a/meta-python/recipes-devtools/python/python3-m2crypto/0001-setup.py-link-in-sysroot-not-in-host-directories.patch b/meta-python/recipes-devtools/python/python3-m2crypto/0001-setup.py-link-in-sysroot-not-in-host-directories.patch new file mode 100644 index 0000000000..f4c74384f9 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-m2crypto/0001-setup.py-link-in-sysroot-not-in-host-directories.patch @@ -0,0 +1,33 @@ +From dfb83a41aaeae326e9b6f02b233af375bc7b8815 Mon Sep 17 00:00:00 2001 +From: Koen Kooi +Date: Fri, 29 Mar 2013 15:17:17 +0100 +Subject: [PATCH] setup.py: link in sysroot, not in host directories + +Signed-off-by: Koen Kooi + +Upstream-status: Unknown +--- + setup.py | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/setup.py ++++ b/setup.py +@@ -135,6 +135,7 @@ class _M2CryptoBuildExt(build_ext.build_ + self.set_undefined_options('build', ('bundledlls', 'bundledlls')) + + self.libraries = ['ssl', 'crypto'] ++ self.openssl = os.environ.get( "STAGING_DIR" ) + if sys.platform == 'win32': + self.libraries = ['ssleay32', 'libeay32'] + if self.openssl and openssl_version(self.openssl, +@@ -159,8 +160,8 @@ class _M2CryptoBuildExt(build_ext.build_ + + if self.openssl is not None: + log.debug('self.openssl = %s', self.openssl) +- openssl_library_dir = os.path.join(self.openssl, 'lib') +- openssl_include_dir = os.path.join(self.openssl, 'include') ++ openssl_library_dir = os.environ.get( "STAGING_LIBDIR" ) ++ openssl_include_dir = os.environ.get( "STAGING_INCDIR" ) + + self.library_dirs.append(openssl_library_dir) + self.include_dirs.append(openssl_include_dir) diff --git a/meta-python/recipes-devtools/python/python3-m2crypto/cross-compile-platform.patch b/meta-python/recipes-devtools/python/python3-m2crypto/cross-compile-platform.patch new file mode 100644 index 0000000000..f039ae8665 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-m2crypto/cross-compile-platform.patch @@ -0,0 +1,31 @@ +Do not compute platform, this does not work in cross compile environment +since it pokes at the system for getting architecture values + +Upstream-Status: Inappropriate +Signed-off-by: Khem Raj + +--- a/setup.py ++++ b/setup.py +@@ -169,22 +169,6 @@ class _M2CryptoBuildExt(build_ext.build_ + log.debug('self.include_dirs = %s', self.include_dirs) + log.debug('self.library_dirs = %s', self.library_dirs) + +- if platform.system() == "Linux": +- # For RedHat-based distros, the '-D__{arch}__' option for +- # Swig needs to be normalized, particularly on i386. +- mach = platform.machine().lower() +- if mach in ('i386', 'i486', 'i586', 'i686'): +- arch = '__i386__' +- elif mach in ('ppc64', 'powerpc64', 'ppc64le', 'ppc64el'): +- arch = '__powerpc64__' +- elif mach in ('ppc', 'powerpc'): +- arch = '__powerpc__' +- else: +- arch = '__%s__' % mach +- self.swig_opts.append('-D%s' % arch) +- if mach in ('ppc64le', 'ppc64el'): +- self.swig_opts.append('-D_CALL_ELF=2') +- + self.swig_opts.extend(['-I%s' % i for i in self.include_dirs]) + + # Some Linux distributor has added the following line in diff --git a/meta-python/recipes-devtools/python/python3-m2crypto_0.30.1.bb b/meta-python/recipes-devtools/python/python3-m2crypto_0.30.1.bb deleted file mode 100644 index 4d63d4bd3a..0000000000 --- a/meta-python/recipes-devtools/python/python3-m2crypto_0.30.1.bb +++ /dev/null @@ -1,2 +0,0 @@ -inherit setuptools3 -require python-m2crypto.inc diff --git a/meta-python/recipes-devtools/python/python3-m2crypto_0.37.1.bb b/meta-python/recipes-devtools/python/python3-m2crypto_0.37.1.bb new file mode 100644 index 0000000000..896d9d2cc4 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-m2crypto_0.37.1.bb @@ -0,0 +1,63 @@ +SUMMARY = "A Python crypto and SSL toolkit" +HOMEPAGE = "https://gitlab.com/m2crypto/m2crypto" + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENCE;md5=b0e1f0b7d0ce8a62c18b1287b991800e" + +FILESEXTRAPATHS_prepend := "${THISDIR}/python-m2crypto:" + +SRC_URI += "file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \ + file://cross-compile-platform.patch \ + file://0001-Allow-verify_cb_-to-be-called-with-ok-True.patch \ + file://0001-Use-of-RSA_SSLV23_PADDING-has-been-deprecated.patch \ + " +SRC_URI[sha256sum] = "e4e42f068b78ccbf113e5d0a72ae5f480f6c3ace4940b91e4fff5598cfff6fb3" + +PYPI_PACKAGE = "M2Crypto" +inherit pypi siteinfo setuptools3 + +DEPENDS += "openssl swig-native" +RDEPENDS_${PN} += "\ + ${PYTHON_PN}-datetime \ + ${PYTHON_PN}-distutils \ + ${PYTHON_PN}-logging \ + ${PYTHON_PN}-netclient \ + ${PYTHON_PN}-netserver \ + ${PYTHON_PN}-numbers \ + ${PYTHON_PN}-smtpd \ + ${PYTHON_PN}-xmlrpc \ +" + +DISTUTILS_BUILD_ARGS += "build_ext --openssl=${STAGING_EXECPREFIXDIR} -I${STAGING_INCDIR}" +DISTUTILS_INSTALL_ARGS += "build_ext --openssl=${STAGING_EXECPREFIXDIR}" + +SWIG_FEATURES_x86 = "-D__i386__" +SWIG_FEATURES_x32 = "-D__ILP32__" +SWIG_FEATURES ?= "-D__${HOST_ARCH}__" +export SWIG_FEATURES + +# Get around a problem with swig, but only if the +# multilib header file exists. +# +do_configure_prepend() { + ${CPP} -dM - < /dev/null | grep -v '__\(STDC\|REGISTER_PREFIX\|GNUC\|STDC_HOSTED\)__' \ + | sed 's/^\(#define \([^ ]*\) .*\)$/#undef \2\n\1/' > ${S}/SWIG/gcc_macros.h + + if [ "${SITEINFO_BITS}" = "64" ];then + bit="64" + else + bit="32" + fi + + if [ -e ${STAGING_INCDIR}/openssl/opensslconf-${bit}.h ] ;then + for i in SWIG/_ec.i SWIG/_evp.i; do + sed -i -e "s/opensslconf.*\./opensslconf-${bit}\./" "${S}/$i" + done + elif [ -e ${STAGING_INCDIR}/openssl/opensslconf-n${bit}.h ] ;then + for i in SWIG/_ec.i SWIG/_evp.i; do + sed -i -e "s/opensslconf.*\./opensslconf-n${bit}\./" "${S}/$i" + done + fi +} + +BBCLASSEXTEND = "native" -- cgit 1.2.3-korg