* [Buildroot] [PATCH/next 1/1] package/python-cryptography: bump version to 2.3.1
@ 2018-08-19 18:42 Bernd Kuhls
2018-08-19 18:53 ` Yegor Yefremov
2018-08-29 20:20 ` Thomas Petazzoni
0 siblings, 2 replies; 8+ messages in thread
From: Bernd Kuhls @ 2018-08-19 18:42 UTC (permalink / raw)
To: buildroot
Changelog: https://cryptography.io/en/latest/changelog/#v2-3-1
Please note that CVE-2018-10903, fixed in version 2.3, was introduced
in version 1.9.0, so it was not present in buildroot:
https://nvd.nist.gov/vuln/detail/CVE-2018-10903
Added license hash and switched runtime dependency from pyasn1 to
asn1crypto: https://cryptography.io/en/latest/changelog/#v1-8
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
package/python-cryptography/Config.in | 2 +-
package/python-cryptography/python-cryptography.hash | 8 +++++---
package/python-cryptography/python-cryptography.mk | 4 ++--
3 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/package/python-cryptography/Config.in b/package/python-cryptography/Config.in
index 14f950d4d8..d1c2917ea9 100644
--- a/package/python-cryptography/Config.in
+++ b/package/python-cryptography/Config.in
@@ -7,7 +7,7 @@ config BR2_PACKAGE_PYTHON_CRYPTOGRAPHY
select BR2_PACKAGE_PYTHON_HASHLIB if BR2_PACKAGE_PYTHON # runtime
select BR2_PACKAGE_PYTHON_IDNA # runtime
select BR2_PACKAGE_PYTHON_IPADDRESS if BR2_PACKAGE_PYTHON # runtime
- select BR2_PACKAGE_PYTHON_PYASN # runtime
+ select BR2_PACKAGE_PYTHON_ASN1CRYPTO # runtime
select BR2_PACKAGE_PYTHON_PYEXPAT if BR2_PACKAGE_PYTHON # runtime
select BR2_PACKAGE_PYTHON3_PYEXPAT if BR2_PACKAGE_PYTHON3 # runtime
select BR2_PACKAGE_PYTHON_SETUPTOOLS # runtime
diff --git a/package/python-cryptography/python-cryptography.hash b/package/python-cryptography/python-cryptography.hash
index a1162cf880..9c6d8cc44f 100644
--- a/package/python-cryptography/python-cryptography.hash
+++ b/package/python-cryptography/python-cryptography.hash
@@ -1,3 +1,5 @@
-# md5 from https://pypi.python.org/pypi/cryptography/json, sha256 locally computed
-md5 fade66de437392ed1ba6980768626204 cryptography-1.7.2.tar.gz
-sha256 878cb68b3da3d493ffd68f36db11c29deee623671d3287c3f8d685117ffda9a9 cryptography-1.7.2.tar.gz
+# md5, sha256 from https://pypi.org/pypi/cryptography/json
+md5 2b5e8269c43c9b9ab54fc8c75ba3c7ac cryptography-2.3.1.tar.gz
+sha256 8d10113ca826a4c29d5b85b2c4e045ffa8bad74fb525ee0eceb1d38d4c70dfd6 cryptography-2.3.1.tar.gz
+# Locally computed sha256 checksums
+sha256 35452b557fab0efb1e80d7edb9c4e5118b9384082adaa051dde342102cb9de8d LICENSE
diff --git a/package/python-cryptography/python-cryptography.mk b/package/python-cryptography/python-cryptography.mk
index 5373da8202..3c97d0afee 100644
--- a/package/python-cryptography/python-cryptography.mk
+++ b/package/python-cryptography/python-cryptography.mk
@@ -4,9 +4,9 @@
#
################################################################################
-PYTHON_CRYPTOGRAPHY_VERSION = 1.7.2
+PYTHON_CRYPTOGRAPHY_VERSION = 2.3.1
PYTHON_CRYPTOGRAPHY_SOURCE = cryptography-$(PYTHON_CRYPTOGRAPHY_VERSION).tar.gz
-PYTHON_CRYPTOGRAPHY_SITE = https://pypi.python.org/packages/99/df/71c7260003f5c469cec3db4c547115df39e9ce6c719a99e067ba0e78fd8a
+PYTHON_CRYPTOGRAPHY_SITE = https://files.pythonhosted.org/packages/22/21/233e38f74188db94e8451ef6385754a98f3cad9b59bedf3a8e8b14988be4
PYTHON_CRYPTOGRAPHY_SETUP_TYPE = setuptools
PYTHON_CRYPTOGRAPHY_LICENSE = Apache-2.0 or BSD-3-Clause
PYTHON_CRYPTOGRAPHY_LICENSE_FILES = LICENSE LICENSE.APACHE LICENSE.BSD
--
2.18.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH/next 1/1] package/python-cryptography: bump version to 2.3.1
2018-08-19 18:42 [Buildroot] [PATCH/next 1/1] package/python-cryptography: bump version to 2.3.1 Bernd Kuhls
@ 2018-08-19 18:53 ` Yegor Yefremov
2018-08-19 19:02 ` Bernd Kuhls
2018-08-29 20:20 ` Thomas Petazzoni
1 sibling, 1 reply; 8+ messages in thread
From: Yegor Yefremov @ 2018-08-19 18:53 UTC (permalink / raw)
To: buildroot
Hi Bernd,
On Sun, Aug 19, 2018 at 8:42 PM, Bernd Kuhls <bernd.kuhls@t-online.de> wrote:
> Changelog: https://cryptography.io/en/latest/changelog/#v2-3-1
>
> Please note that CVE-2018-10903, fixed in version 2.3, was introduced
> in version 1.9.0, so it was not present in buildroot:
> https://nvd.nist.gov/vuln/detail/CVE-2018-10903
>
> Added license hash and switched runtime dependency from pyasn1 to
> asn1crypto: https://cryptography.io/en/latest/changelog/#v1-8
>
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Have you performed runtime tests?
Yegor
> package/python-cryptography/Config.in | 2 +-
> package/python-cryptography/python-cryptography.hash | 8 +++++---
> package/python-cryptography/python-cryptography.mk | 4 ++--
> 3 files changed, 8 insertions(+), 6 deletions(-)
>
> diff --git a/package/python-cryptography/Config.in b/package/python-cryptography/Config.in
> index 14f950d4d8..d1c2917ea9 100644
> --- a/package/python-cryptography/Config.in
> +++ b/package/python-cryptography/Config.in
> @@ -7,7 +7,7 @@ config BR2_PACKAGE_PYTHON_CRYPTOGRAPHY
> select BR2_PACKAGE_PYTHON_HASHLIB if BR2_PACKAGE_PYTHON # runtime
> select BR2_PACKAGE_PYTHON_IDNA # runtime
> select BR2_PACKAGE_PYTHON_IPADDRESS if BR2_PACKAGE_PYTHON # runtime
> - select BR2_PACKAGE_PYTHON_PYASN # runtime
> + select BR2_PACKAGE_PYTHON_ASN1CRYPTO # runtime
> select BR2_PACKAGE_PYTHON_PYEXPAT if BR2_PACKAGE_PYTHON # runtime
> select BR2_PACKAGE_PYTHON3_PYEXPAT if BR2_PACKAGE_PYTHON3 # runtime
> select BR2_PACKAGE_PYTHON_SETUPTOOLS # runtime
> diff --git a/package/python-cryptography/python-cryptography.hash b/package/python-cryptography/python-cryptography.hash
> index a1162cf880..9c6d8cc44f 100644
> --- a/package/python-cryptography/python-cryptography.hash
> +++ b/package/python-cryptography/python-cryptography.hash
> @@ -1,3 +1,5 @@
> -# md5 from https://pypi.python.org/pypi/cryptography/json, sha256 locally computed
> -md5 fade66de437392ed1ba6980768626204 cryptography-1.7.2.tar.gz
> -sha256 878cb68b3da3d493ffd68f36db11c29deee623671d3287c3f8d685117ffda9a9 cryptography-1.7.2.tar.gz
> +# md5, sha256 from https://pypi.org/pypi/cryptography/json
> +md5 2b5e8269c43c9b9ab54fc8c75ba3c7ac cryptography-2.3.1.tar.gz
> +sha256 8d10113ca826a4c29d5b85b2c4e045ffa8bad74fb525ee0eceb1d38d4c70dfd6 cryptography-2.3.1.tar.gz
> +# Locally computed sha256 checksums
> +sha256 35452b557fab0efb1e80d7edb9c4e5118b9384082adaa051dde342102cb9de8d LICENSE
> diff --git a/package/python-cryptography/python-cryptography.mk b/package/python-cryptography/python-cryptography.mk
> index 5373da8202..3c97d0afee 100644
> --- a/package/python-cryptography/python-cryptography.mk
> +++ b/package/python-cryptography/python-cryptography.mk
> @@ -4,9 +4,9 @@
> #
> ################################################################################
>
> -PYTHON_CRYPTOGRAPHY_VERSION = 1.7.2
> +PYTHON_CRYPTOGRAPHY_VERSION = 2.3.1
> PYTHON_CRYPTOGRAPHY_SOURCE = cryptography-$(PYTHON_CRYPTOGRAPHY_VERSION).tar.gz
> -PYTHON_CRYPTOGRAPHY_SITE = https://pypi.python.org/packages/99/df/71c7260003f5c469cec3db4c547115df39e9ce6c719a99e067ba0e78fd8a
> +PYTHON_CRYPTOGRAPHY_SITE = https://files.pythonhosted.org/packages/22/21/233e38f74188db94e8451ef6385754a98f3cad9b59bedf3a8e8b14988be4
> PYTHON_CRYPTOGRAPHY_SETUP_TYPE = setuptools
> PYTHON_CRYPTOGRAPHY_LICENSE = Apache-2.0 or BSD-3-Clause
> PYTHON_CRYPTOGRAPHY_LICENSE_FILES = LICENSE LICENSE.APACHE LICENSE.BSD
> --
> 2.18.0
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH/next 1/1] package/python-cryptography: bump version to 2.3.1
2018-08-19 18:53 ` Yegor Yefremov
@ 2018-08-19 19:02 ` Bernd Kuhls
2018-08-20 8:05 ` Yegor Yefremov
0 siblings, 1 reply; 8+ messages in thread
From: Bernd Kuhls @ 2018-08-19 19:02 UTC (permalink / raw)
To: buildroot
Am Sun, 19 Aug 2018 20:53:49 +0200 schrieb Yegor Yefremov:
> Have you performed runtime tests?
Hi Yegor,
no, only build-tested with openssl-1.1.0i.
Regards, Bernd
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH/next 1/1] package/python-cryptography: bump version to 2.3.1
2018-08-19 19:02 ` Bernd Kuhls
@ 2018-08-20 8:05 ` Yegor Yefremov
2018-08-20 12:05 ` Yegor Yefremov
2018-09-10 21:39 ` Bernd Kuhls
0 siblings, 2 replies; 8+ messages in thread
From: Yegor Yefremov @ 2018-08-20 8:05 UTC (permalink / raw)
To: buildroot
On Sun, Aug 19, 2018 at 9:02 PM, Bernd Kuhls <bernd.kuhls@t-online.de> wrote:
> Am Sun, 19 Aug 2018 20:53:49 +0200 schrieb Yegor Yefremov:
>
>> Have you performed runtime tests?
>
> Hi Yegor,
>
> no, only build-tested with openssl-1.1.0i.
I've performed a runtime test and I still get:
# python
Python 3.6.3 (default, Aug 20 2018, 08:30:51)
[GCC 7.3.1 20180425 [linaro-7.3-2018.05 revision
d29120a424ecfbc167ef90065c0eeb on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from cryptography.fernet import Fernet
>>> key = Fernet.generate_key()
random: nonblocking pool is initialized
>>> f = Fernet(key)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "usr/lib/python3.6/site-packages/cryptography/fernet.py", line
32, in __init__
File "usr/lib/python3.6/site-packages/cryptography/hazmat/backends/__init__.py",
line 15, in default_backend
File "usr/lib/python3.6/site-packages/cryptography/hazmat/backends/openssl/__init__.py",
line 7, in <module>
File "usr/lib/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py",
line 53, in <module>
File "usr/lib/python3.6/site-packages/cryptography/hazmat/bindings/openssl/binding.py",
line 13, in <module>
ImportError: /usr/lib/python3.6/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so:
undefined symbol: pthread_atfork
That's why the packaged wasn't updated for a long time.
Yegor
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH/next 1/1] package/python-cryptography: bump version to 2.3.1
2018-08-20 8:05 ` Yegor Yefremov
@ 2018-08-20 12:05 ` Yegor Yefremov
2018-09-10 21:39 ` Bernd Kuhls
1 sibling, 0 replies; 8+ messages in thread
From: Yegor Yefremov @ 2018-08-20 12:05 UTC (permalink / raw)
To: buildroot
Hi Bernd,
On Mon, Aug 20, 2018 at 10:05 AM, Yegor Yefremov
<yegorslists@googlemail.com> wrote:
> On Sun, Aug 19, 2018 at 9:02 PM, Bernd Kuhls <bernd.kuhls@t-online.de> wrote:
>> Am Sun, 19 Aug 2018 20:53:49 +0200 schrieb Yegor Yefremov:
>>
>>> Have you performed runtime tests?
>>
>> Hi Yegor,
>>
>> no, only build-tested with openssl-1.1.0i.
>
> I've performed a runtime test and I still get:
>
> # python
> Python 3.6.3 (default, Aug 20 2018, 08:30:51)
> [GCC 7.3.1 20180425 [linaro-7.3-2018.05 revision
> d29120a424ecfbc167ef90065c0eeb on linux
> Type "help", "copyright", "credits" or "license" for more information.
>>>> from cryptography.fernet import Fernet
>>>> key = Fernet.generate_key()
> random: nonblocking pool is initialized
>>>> f = Fernet(key)
> Traceback (most recent call last):
> File "<stdin>", line 1, in <module>
> File "usr/lib/python3.6/site-packages/cryptography/fernet.py", line
> 32, in __init__
> File "usr/lib/python3.6/site-packages/cryptography/hazmat/backends/__init__.py",
> line 15, in default_backend
> File "usr/lib/python3.6/site-packages/cryptography/hazmat/backends/openssl/__init__.py",
> line 7, in <module>
> File "usr/lib/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py",
> line 53, in <module>
> File "usr/lib/python3.6/site-packages/cryptography/hazmat/bindings/openssl/binding.py",
> line 13, in <module>
> ImportError: /usr/lib/python3.6/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so:
> undefined symbol: pthread_atfork
>
> That's why the packaged wasn't updated for a long time.
Could you make a runtest against openssl-1.1.0i? I was using the
current openssl version. Perhaps this error comes from the old
version...
Yegor
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH/next 1/1] package/python-cryptography: bump version to 2.3.1
2018-08-19 18:42 [Buildroot] [PATCH/next 1/1] package/python-cryptography: bump version to 2.3.1 Bernd Kuhls
2018-08-19 18:53 ` Yegor Yefremov
@ 2018-08-29 20:20 ` Thomas Petazzoni
1 sibling, 0 replies; 8+ messages in thread
From: Thomas Petazzoni @ 2018-08-29 20:20 UTC (permalink / raw)
To: buildroot
Hello,
On Sun, 19 Aug 2018 20:42:42 +0200, Bernd Kuhls wrote:
> Changelog: https://cryptography.io/en/latest/changelog/#v2-3-1
>
> Please note that CVE-2018-10903, fixed in version 2.3, was introduced
> in version 1.9.0, so it was not present in buildroot:
> https://nvd.nist.gov/vuln/detail/CVE-2018-10903
>
> Added license hash and switched runtime dependency from pyasn1 to
> asn1crypto: https://cryptography.io/en/latest/changelog/#v1-8
>
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
> ---
> package/python-cryptography/Config.in | 2 +-
> package/python-cryptography/python-cryptography.hash | 8 +++++---
> package/python-cryptography/python-cryptography.mk | 4 ++--
> 3 files changed, 8 insertions(+), 6 deletions(-)
Considering the runtime issues that are encountered with this update,
I've marked this patch as Changes Requested in patchwork.
Thanks!
Thomas
--
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH/next 1/1] package/python-cryptography: bump version to 2.3.1
2018-08-20 8:05 ` Yegor Yefremov
2018-08-20 12:05 ` Yegor Yefremov
@ 2018-09-10 21:39 ` Bernd Kuhls
2018-09-11 6:52 ` Yegor Yefremov
1 sibling, 1 reply; 8+ messages in thread
From: Bernd Kuhls @ 2018-09-10 21:39 UTC (permalink / raw)
To: buildroot
Am Mon, 20 Aug 2018 10:05:15 +0200 schrieb Yegor Yefremov:
> I've performed a runtime test and I still get:
[...]
> ImportError:
> /usr/lib/python3.6/site-packages/cryptography/hazmat/bindings/
_openssl.abi3.so:
> undefined symbol: pthread_atfork
Hi,
I did not find the time to do a run-time test yet, sorry, but it seems
you are not the only one hitting the problem:
https://www.mail-archive.com/yocto at yoctoproject.org/msg38512.html
https://forums.gentoo.org/viewtopic-p-8120220.html?
sid=b50fe8a26a38d18882c5f2915a030408
https://lists.yoctoproject.org/pipermail/yocto/2017-December/039398.html
The solution is to add "-pthread":
https://patchwork.openembedded.org/patch/146240/
https://bugs.gentoo.org/630578
https://gitweb.gentoo.org/repo/gentoo.git/commit/?
id=c824d1c44fcf4556de21d2c8b8ae3732b0fc0c5b
Could you please do another runtime test with this fix added?
Regards, Bernd
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH/next 1/1] package/python-cryptography: bump version to 2.3.1
2018-09-10 21:39 ` Bernd Kuhls
@ 2018-09-11 6:52 ` Yegor Yefremov
0 siblings, 0 replies; 8+ messages in thread
From: Yegor Yefremov @ 2018-09-11 6:52 UTC (permalink / raw)
To: buildroot
Hi Bernd,
On Mon, Sep 10, 2018 at 11:40 PM Bernd Kuhls <bernd.kuhls@t-online.de> wrote:
>
> Am Mon, 20 Aug 2018 10:05:15 +0200 schrieb Yegor Yefremov:
>
> > I've performed a runtime test and I still get:
> [...]
> > ImportError:
> > /usr/lib/python3.6/site-packages/cryptography/hazmat/bindings/
> _openssl.abi3.so:
> > undefined symbol: pthread_atfork
>
> Hi,
>
> I did not find the time to do a run-time test yet, sorry, but it seems
> you are not the only one hitting the problem:
>
> https://www.mail-archive.com/yocto at yoctoproject.org/msg38512.html
>
> https://forums.gentoo.org/viewtopic-p-8120220.html?
> sid=b50fe8a26a38d18882c5f2915a030408
>
> https://lists.yoctoproject.org/pipermail/yocto/2017-December/039398.html
>
> The solution is to add "-pthread":
>
> https://patchwork.openembedded.org/patch/146240/
>
> https://bugs.gentoo.org/630578
>
> https://gitweb.gentoo.org/repo/gentoo.git/commit/?
> id=c824d1c44fcf4556de21d2c8b8ae3732b0fc0c5b
>
> Could you please do another runtime test with this fix added?
Seems to be working. At least our runtime-test comes beyond f = Fernet(key).
I've tried this with a quick and dirty hack.
diff --git a/package/python-cryptography/python-cryptography.mk
b/package/python-cryptography/python-cryptography.mk
index 3c97d0afee..4eac995152 100644
--- a/package/python-cryptography/python-cryptography.mk
+++ b/package/python-cryptography/python-cryptography.mk
@@ -11,5 +11,6 @@ PYTHON_CRYPTOGRAPHY_SETUP_TYPE = setuptools
PYTHON_CRYPTOGRAPHY_LICENSE = Apache-2.0 or BSD-3-Clause
PYTHON_CRYPTOGRAPHY_LICENSE_FILES = LICENSE LICENSE.APACHE LICENSE.BSD
PYTHON_CRYPTOGRAPHY_DEPENDENCIES = host-python-cffi openssl
+PYTHON_CRYPTOGRAPHY_ENV = CFLAGS="-pthread"
$(eval $(python-package))
Please send v2 with properly embedded -pthread.
Regards,
Yegor
^ permalink raw reply related [flat|nested] 8+ messages in thread
end of thread, other threads:[~2018-09-11 6:52 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-19 18:42 [Buildroot] [PATCH/next 1/1] package/python-cryptography: bump version to 2.3.1 Bernd Kuhls
2018-08-19 18:53 ` Yegor Yefremov
2018-08-19 19:02 ` Bernd Kuhls
2018-08-20 8:05 ` Yegor Yefremov
2018-08-20 12:05 ` Yegor Yefremov
2018-09-10 21:39 ` Bernd Kuhls
2018-09-11 6:52 ` Yegor Yefremov
2018-08-29 20:20 ` Thomas Petazzoni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.