Re: [alpine-aports] [PATCH] main/py-cryptography: Update 2.3.1 -> 2.4.1

Timo Teras
Details
Message ID
<20181113133614.33312065@vostro>
Sender timestamp
1542108974
DKIM signature
missing
Download raw message
Hi,

Thanks for the report.

I filed the following upstream report:
https://github.com/pyca/cryptography/issues/4588

And pinged if the 'no-psk' openssl configuration is really needed:
https://github.com/alpinelinux/aports/commit/abe1dc5988d12f5aca771605b109390f33ce7519#commitcomment-31279291

Timo

On Tue, 13 Nov 2018 10:12:41 +0100
Marian Buschsieweke <marian.buschsieweke@ovgu.de> wrote:

> Hi,
> 
> here is how to reproduce the problem: Start gajim, which depends on
> py3-cryptography and py3-openssl:
> 
> $ gajim
> ===============================================================================
> PyOpenSSL not found, falling back to Python builtin SSL objects
> (insecure).
> ===============================================================================
> Traceback (most recent call last): File
> "/usr/lib/python3.6/site-packages/gajim/gajim.py", line 267, in
> _activate from gajim.gui_interface import Interface File
> "/usr/lib/python3.6/site-packages/gajim/gui_interface.py", line 73,
> in <module> from gajim.groupchat_control import GroupchatControl File
> "/usr/lib/python3.6/site-packages/gajim/groupchat_control.py", line
> 44, in <module> from gajim import config File
> "/usr/lib/python3.6/site-packages/gajim/config.py", line 58, in
> <module> from gajim.common import connection File
> "/usr/lib/python3.6/site-packages/gajim/common/connection.py", line
> 64, in <module> from gajim.common import check_X509 File
> "/usr/lib/python3.6/site-packages/gajim/common/check_X509.py", line
> 4, in <module> import OpenSSL.SSL File
> "/usr/lib/python3.6/site-packages/OpenSSL/__init__.py", line 8, in
> <module> from OpenSSL import crypto, SSL File
> "/usr/lib/python3.6/site-packages/OpenSSL/crypto.py", line 16, in
> <module> from OpenSSL._util import ( File
> "/usr/lib/python3.6/site-packages/OpenSSL/_util.py", line 6, in
> <module> from cryptography.hazmat.bindings.openssl.binding import
> Binding File
> "/usr/lib/python3.6/site-packages/cryptography/hazmat/bindings/openssl/binding.py",
> line 14, in <module> from cryptography.hazmat.bindings._openssl
> import ffi, lib ImportError: Error
> relocating /usr/lib/python3.6/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so:
> SSL_CTX_set_psk_client_callback: symbol not found
> 
> The affected file is owned by py3-cryptography. When compiled against
> libressl, this problem does not occur.
> 
> Kind regards,
> Marian
> 
> -------------------------------------------------------------
> M.Sc. Marian Buschsieweke
> Dept. Communication and Networked Systems (ComSys)
> Institute for Intelligent Cooperating Systems (IKS)
> Otto-von-Guericke-University of Magdeburg
> Universitätsplatz 2, Building 29, Room 314
> 39106 Magdeburg
> Germany
> 
> http://www.comsys.ovgu.de/Team/Marian+Buschsieweke.html
> Tel.: +49 - 391 - 67 - 52673
> Fax:  +49 - 391 - 67 - 41161
> 
> -------------------------------------------------------------
> 
> On Mon, 12 Nov 2018 10:34:16 +0200
> Timo Teras <timo.teras@iki.fi> wrote:
> 
> > On Mon, 12 Nov 2018 09:30:40 +0100
> > Marian Buschsieweke <marian.buschsieweke@ovgu.de> wrote:
> >   
> > > Also replaced dependency "openssl-dev" by "libressl-dev".    
> > 
> > Why? Edge has been migrated to openssl.1.1. We are trying to get
> > rid of libressl.
> > 
> > See the discussion threads:
> > http://lists.alpinelinux.org/alpine-devel/6308.html
> > http://lists.alpinelinux.org/alpine-devel/6334.html
> > 
> > Timo
> >   
> > > ---
> > >  main/py-cryptography/APKBUILD | 8 ++++----
> > >  1 file changed, 4 insertions(+), 4 deletions(-)
> > > 
> > > diff --git a/main/py-cryptography/APKBUILD
> > > b/main/py-cryptography/APKBUILD index 6fa72d66b1..3847713f20
> > > 100644 --- a/main/py-cryptography/APKBUILD
> > > +++ b/main/py-cryptography/APKBUILD
> > > @@ -2,14 +2,14 @@
> > >  # Maintainer: August Klein <amatcoder@gmail.com>
> > >  pkgname=py-cryptography
> > >  _pkgname=${pkgname#py-}
> > > -pkgver=2.3.1
> > > -pkgrel=1
> > > +pkgver=2.4.1
> > > +pkgrel=0
> > >  pkgdesc="A package which provides cryptographic recipes and
> > > primitives" url="https://pypi.python.org/pypi/cryptography"
> > >  arch="all"
> > >  license="Apache-2.0"
> > >  depends="py-cffi py-idna py-asn1crypto py-six"
> > > -makedepends="python2-dev python3-dev py-setuptools libffi-dev
> > > openssl-dev" +makedepends="python2-dev python3-dev py-setuptools
> > > libffi-dev libressl-dev" subpackages="py3-$_pkgname:_py3
> > > py2-$_pkgname:_py2"
> > > source="https://files.pythonhosted.org/packages/source/${_pkgname:0:1}/$_pkgname/$_pkgname-$pkgver.tar.gz"
> > > builddir="$srcdir/$_pkgname-$pkgver" @@ -51,4 +51,4 @@ _py3() {
> > >  	_py python3
> > >  }
> > >  
> > > -sha512sums="384581238b5669dbf31fd1b1385ec2ff9c6d76e2b7612efb15f255e17a11a38474f84668e62ceaa39a146260f46cac743575c0a8ffedc1e40c7b2f90d7cb00b1
> > > cryptography-2.3.1.tar.gz"
> > > +sha512sums="dd018fca4b3dbc2c576f643df0df2a534f9fdd4af464ae6ee77b0702bfd4dfa7e89943a89fe5126094f7f23e349a32774e91bb074735014efa49fe5390cc6b4c
> > > cryptography-2.4.1.tar.gz"    
> >   
>