* [Buildroot] [PATCH/next 1/1] package/python-cryptography: bump version to 2.3.1 @ 2018-08-19 18:42 Bernd Kuhls 2018-08-19 18:53 ` Yegor Yefremov 2018-08-29 20:20 ` Thomas Petazzoni 0 siblings, 2 replies; 8+ messages in thread From: Bernd Kuhls @ 2018-08-19 18:42 UTC (permalink / raw) To: buildroot Changelog: https://cryptography.io/en/latest/changelog/#v2-3-1 Please note that CVE-2018-10903, fixed in version 2.3, was introduced in version 1.9.0, so it was not present in buildroot: https://nvd.nist.gov/vuln/detail/CVE-2018-10903 Added license hash and switched runtime dependency from pyasn1 to asn1crypto: https://cryptography.io/en/latest/changelog/#v1-8 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> --- package/python-cryptography/Config.in | 2 +- package/python-cryptography/python-cryptography.hash | 8 +++++--- package/python-cryptography/python-cryptography.mk | 4 ++-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/package/python-cryptography/Config.in b/package/python-cryptography/Config.in index 14f950d4d8..d1c2917ea9 100644 --- a/package/python-cryptography/Config.in +++ b/package/python-cryptography/Config.in @@ -7,7 +7,7 @@ config BR2_PACKAGE_PYTHON_CRYPTOGRAPHY select BR2_PACKAGE_PYTHON_HASHLIB if BR2_PACKAGE_PYTHON # runtime select BR2_PACKAGE_PYTHON_IDNA # runtime select BR2_PACKAGE_PYTHON_IPADDRESS if BR2_PACKAGE_PYTHON # runtime - select BR2_PACKAGE_PYTHON_PYASN # runtime + select BR2_PACKAGE_PYTHON_ASN1CRYPTO # runtime select BR2_PACKAGE_PYTHON_PYEXPAT if BR2_PACKAGE_PYTHON # runtime select BR2_PACKAGE_PYTHON3_PYEXPAT if BR2_PACKAGE_PYTHON3 # runtime select BR2_PACKAGE_PYTHON_SETUPTOOLS # runtime diff --git a/package/python-cryptography/python-cryptography.hash b/package/python-cryptography/python-cryptography.hash index a1162cf880..9c6d8cc44f 100644 --- a/package/python-cryptography/python-cryptography.hash +++ b/package/python-cryptography/python-cryptography.hash @@ -1,3 +1,5 @@ -# md5 from https://pypi.python.org/pypi/cryptography/json, sha256 locally computed -md5 fade66de437392ed1ba6980768626204 cryptography-1.7.2.tar.gz -sha256 878cb68b3da3d493ffd68f36db11c29deee623671d3287c3f8d685117ffda9a9 cryptography-1.7.2.tar.gz +# md5, sha256 from https://pypi.org/pypi/cryptography/json +md5 2b5e8269c43c9b9ab54fc8c75ba3c7ac cryptography-2.3.1.tar.gz +sha256 8d10113ca826a4c29d5b85b2c4e045ffa8bad74fb525ee0eceb1d38d4c70dfd6 cryptography-2.3.1.tar.gz +# Locally computed sha256 checksums +sha256 35452b557fab0efb1e80d7edb9c4e5118b9384082adaa051dde342102cb9de8d LICENSE diff --git a/package/python-cryptography/python-cryptography.mk b/package/python-cryptography/python-cryptography.mk index 5373da8202..3c97d0afee 100644 --- a/package/python-cryptography/python-cryptography.mk +++ b/package/python-cryptography/python-cryptography.mk @@ -4,9 +4,9 @@ # ################################################################################ -PYTHON_CRYPTOGRAPHY_VERSION = 1.7.2 +PYTHON_CRYPTOGRAPHY_VERSION = 2.3.1 PYTHON_CRYPTOGRAPHY_SOURCE = cryptography-$(PYTHON_CRYPTOGRAPHY_VERSION).tar.gz -PYTHON_CRYPTOGRAPHY_SITE = https://pypi.python.org/packages/99/df/71c7260003f5c469cec3db4c547115df39e9ce6c719a99e067ba0e78fd8a +PYTHON_CRYPTOGRAPHY_SITE = https://files.pythonhosted.org/packages/22/21/233e38f74188db94e8451ef6385754a98f3cad9b59bedf3a8e8b14988be4 PYTHON_CRYPTOGRAPHY_SETUP_TYPE = setuptools PYTHON_CRYPTOGRAPHY_LICENSE = Apache-2.0 or BSD-3-Clause PYTHON_CRYPTOGRAPHY_LICENSE_FILES = LICENSE LICENSE.APACHE LICENSE.BSD -- 2.18.0 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH/next 1/1] package/python-cryptography: bump version to 2.3.1 2018-08-19 18:42 [Buildroot] [PATCH/next 1/1] package/python-cryptography: bump version to 2.3.1 Bernd Kuhls @ 2018-08-19 18:53 ` Yegor Yefremov 2018-08-19 19:02 ` Bernd Kuhls 2018-08-29 20:20 ` Thomas Petazzoni 1 sibling, 1 reply; 8+ messages in thread From: Yegor Yefremov @ 2018-08-19 18:53 UTC (permalink / raw) To: buildroot Hi Bernd, On Sun, Aug 19, 2018 at 8:42 PM, Bernd Kuhls <bernd.kuhls@t-online.de> wrote: > Changelog: https://cryptography.io/en/latest/changelog/#v2-3-1 > > Please note that CVE-2018-10903, fixed in version 2.3, was introduced > in version 1.9.0, so it was not present in buildroot: > https://nvd.nist.gov/vuln/detail/CVE-2018-10903 > > Added license hash and switched runtime dependency from pyasn1 to > asn1crypto: https://cryptography.io/en/latest/changelog/#v1-8 > > Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Have you performed runtime tests? Yegor > package/python-cryptography/Config.in | 2 +- > package/python-cryptography/python-cryptography.hash | 8 +++++--- > package/python-cryptography/python-cryptography.mk | 4 ++-- > 3 files changed, 8 insertions(+), 6 deletions(-) > > diff --git a/package/python-cryptography/Config.in b/package/python-cryptography/Config.in > index 14f950d4d8..d1c2917ea9 100644 > --- a/package/python-cryptography/Config.in > +++ b/package/python-cryptography/Config.in > @@ -7,7 +7,7 @@ config BR2_PACKAGE_PYTHON_CRYPTOGRAPHY > select BR2_PACKAGE_PYTHON_HASHLIB if BR2_PACKAGE_PYTHON # runtime > select BR2_PACKAGE_PYTHON_IDNA # runtime > select BR2_PACKAGE_PYTHON_IPADDRESS if BR2_PACKAGE_PYTHON # runtime > - select BR2_PACKAGE_PYTHON_PYASN # runtime > + select BR2_PACKAGE_PYTHON_ASN1CRYPTO # runtime > select BR2_PACKAGE_PYTHON_PYEXPAT if BR2_PACKAGE_PYTHON # runtime > select BR2_PACKAGE_PYTHON3_PYEXPAT if BR2_PACKAGE_PYTHON3 # runtime > select BR2_PACKAGE_PYTHON_SETUPTOOLS # runtime > diff --git a/package/python-cryptography/python-cryptography.hash b/package/python-cryptography/python-cryptography.hash > index a1162cf880..9c6d8cc44f 100644 > --- a/package/python-cryptography/python-cryptography.hash > +++ b/package/python-cryptography/python-cryptography.hash > @@ -1,3 +1,5 @@ > -# md5 from https://pypi.python.org/pypi/cryptography/json, sha256 locally computed > -md5 fade66de437392ed1ba6980768626204 cryptography-1.7.2.tar.gz > -sha256 878cb68b3da3d493ffd68f36db11c29deee623671d3287c3f8d685117ffda9a9 cryptography-1.7.2.tar.gz > +# md5, sha256 from https://pypi.org/pypi/cryptography/json > +md5 2b5e8269c43c9b9ab54fc8c75ba3c7ac cryptography-2.3.1.tar.gz > +sha256 8d10113ca826a4c29d5b85b2c4e045ffa8bad74fb525ee0eceb1d38d4c70dfd6 cryptography-2.3.1.tar.gz > +# Locally computed sha256 checksums > +sha256 35452b557fab0efb1e80d7edb9c4e5118b9384082adaa051dde342102cb9de8d LICENSE > diff --git a/package/python-cryptography/python-cryptography.mk b/package/python-cryptography/python-cryptography.mk > index 5373da8202..3c97d0afee 100644 > --- a/package/python-cryptography/python-cryptography.mk > +++ b/package/python-cryptography/python-cryptography.mk > @@ -4,9 +4,9 @@ > # > ################################################################################ > > -PYTHON_CRYPTOGRAPHY_VERSION = 1.7.2 > +PYTHON_CRYPTOGRAPHY_VERSION = 2.3.1 > PYTHON_CRYPTOGRAPHY_SOURCE = cryptography-$(PYTHON_CRYPTOGRAPHY_VERSION).tar.gz > -PYTHON_CRYPTOGRAPHY_SITE = https://pypi.python.org/packages/99/df/71c7260003f5c469cec3db4c547115df39e9ce6c719a99e067ba0e78fd8a > +PYTHON_CRYPTOGRAPHY_SITE = https://files.pythonhosted.org/packages/22/21/233e38f74188db94e8451ef6385754a98f3cad9b59bedf3a8e8b14988be4 > PYTHON_CRYPTOGRAPHY_SETUP_TYPE = setuptools > PYTHON_CRYPTOGRAPHY_LICENSE = Apache-2.0 or BSD-3-Clause > PYTHON_CRYPTOGRAPHY_LICENSE_FILES = LICENSE LICENSE.APACHE LICENSE.BSD > -- > 2.18.0 > ^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH/next 1/1] package/python-cryptography: bump version to 2.3.1 2018-08-19 18:53 ` Yegor Yefremov @ 2018-08-19 19:02 ` Bernd Kuhls 2018-08-20 8:05 ` Yegor Yefremov 0 siblings, 1 reply; 8+ messages in thread From: Bernd Kuhls @ 2018-08-19 19:02 UTC (permalink / raw) To: buildroot Am Sun, 19 Aug 2018 20:53:49 +0200 schrieb Yegor Yefremov: > Have you performed runtime tests? Hi Yegor, no, only build-tested with openssl-1.1.0i. Regards, Bernd ^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH/next 1/1] package/python-cryptography: bump version to 2.3.1 2018-08-19 19:02 ` Bernd Kuhls @ 2018-08-20 8:05 ` Yegor Yefremov 2018-08-20 12:05 ` Yegor Yefremov 2018-09-10 21:39 ` Bernd Kuhls 0 siblings, 2 replies; 8+ messages in thread From: Yegor Yefremov @ 2018-08-20 8:05 UTC (permalink / raw) To: buildroot On Sun, Aug 19, 2018 at 9:02 PM, Bernd Kuhls <bernd.kuhls@t-online.de> wrote: > Am Sun, 19 Aug 2018 20:53:49 +0200 schrieb Yegor Yefremov: > >> Have you performed runtime tests? > > Hi Yegor, > > no, only build-tested with openssl-1.1.0i. I've performed a runtime test and I still get: # python Python 3.6.3 (default, Aug 20 2018, 08:30:51) [GCC 7.3.1 20180425 [linaro-7.3-2018.05 revision d29120a424ecfbc167ef90065c0eeb on linux Type "help", "copyright", "credits" or "license" for more information. >>> from cryptography.fernet import Fernet >>> key = Fernet.generate_key() random: nonblocking pool is initialized >>> f = Fernet(key) Traceback (most recent call last): File "<stdin>", line 1, in <module> File "usr/lib/python3.6/site-packages/cryptography/fernet.py", line 32, in __init__ File "usr/lib/python3.6/site-packages/cryptography/hazmat/backends/__init__.py", line 15, in default_backend File "usr/lib/python3.6/site-packages/cryptography/hazmat/backends/openssl/__init__.py", line 7, in <module> File "usr/lib/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 53, in <module> File "usr/lib/python3.6/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 13, in <module> ImportError: /usr/lib/python3.6/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so: undefined symbol: pthread_atfork That's why the packaged wasn't updated for a long time. Yegor ^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH/next 1/1] package/python-cryptography: bump version to 2.3.1 2018-08-20 8:05 ` Yegor Yefremov @ 2018-08-20 12:05 ` Yegor Yefremov 2018-09-10 21:39 ` Bernd Kuhls 1 sibling, 0 replies; 8+ messages in thread From: Yegor Yefremov @ 2018-08-20 12:05 UTC (permalink / raw) To: buildroot Hi Bernd, On Mon, Aug 20, 2018 at 10:05 AM, Yegor Yefremov <yegorslists@googlemail.com> wrote: > On Sun, Aug 19, 2018 at 9:02 PM, Bernd Kuhls <bernd.kuhls@t-online.de> wrote: >> Am Sun, 19 Aug 2018 20:53:49 +0200 schrieb Yegor Yefremov: >> >>> Have you performed runtime tests? >> >> Hi Yegor, >> >> no, only build-tested with openssl-1.1.0i. > > I've performed a runtime test and I still get: > > # python > Python 3.6.3 (default, Aug 20 2018, 08:30:51) > [GCC 7.3.1 20180425 [linaro-7.3-2018.05 revision > d29120a424ecfbc167ef90065c0eeb on linux > Type "help", "copyright", "credits" or "license" for more information. >>>> from cryptography.fernet import Fernet >>>> key = Fernet.generate_key() > random: nonblocking pool is initialized >>>> f = Fernet(key) > Traceback (most recent call last): > File "<stdin>", line 1, in <module> > File "usr/lib/python3.6/site-packages/cryptography/fernet.py", line > 32, in __init__ > File "usr/lib/python3.6/site-packages/cryptography/hazmat/backends/__init__.py", > line 15, in default_backend > File "usr/lib/python3.6/site-packages/cryptography/hazmat/backends/openssl/__init__.py", > line 7, in <module> > File "usr/lib/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", > line 53, in <module> > File "usr/lib/python3.6/site-packages/cryptography/hazmat/bindings/openssl/binding.py", > line 13, in <module> > ImportError: /usr/lib/python3.6/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so: > undefined symbol: pthread_atfork > > That's why the packaged wasn't updated for a long time. Could you make a runtest against openssl-1.1.0i? I was using the current openssl version. Perhaps this error comes from the old version... Yegor ^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH/next 1/1] package/python-cryptography: bump version to 2.3.1 2018-08-20 8:05 ` Yegor Yefremov 2018-08-20 12:05 ` Yegor Yefremov @ 2018-09-10 21:39 ` Bernd Kuhls 2018-09-11 6:52 ` Yegor Yefremov 1 sibling, 1 reply; 8+ messages in thread From: Bernd Kuhls @ 2018-09-10 21:39 UTC (permalink / raw) To: buildroot Am Mon, 20 Aug 2018 10:05:15 +0200 schrieb Yegor Yefremov: > I've performed a runtime test and I still get: [...] > ImportError: > /usr/lib/python3.6/site-packages/cryptography/hazmat/bindings/ _openssl.abi3.so: > undefined symbol: pthread_atfork Hi, I did not find the time to do a run-time test yet, sorry, but it seems you are not the only one hitting the problem: https://www.mail-archive.com/yocto at yoctoproject.org/msg38512.html https://forums.gentoo.org/viewtopic-p-8120220.html? sid=b50fe8a26a38d18882c5f2915a030408 https://lists.yoctoproject.org/pipermail/yocto/2017-December/039398.html The solution is to add "-pthread": https://patchwork.openembedded.org/patch/146240/ https://bugs.gentoo.org/630578 https://gitweb.gentoo.org/repo/gentoo.git/commit/? id=c824d1c44fcf4556de21d2c8b8ae3732b0fc0c5b Could you please do another runtime test with this fix added? Regards, Bernd ^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH/next 1/1] package/python-cryptography: bump version to 2.3.1 2018-09-10 21:39 ` Bernd Kuhls @ 2018-09-11 6:52 ` Yegor Yefremov 0 siblings, 0 replies; 8+ messages in thread From: Yegor Yefremov @ 2018-09-11 6:52 UTC (permalink / raw) To: buildroot Hi Bernd, On Mon, Sep 10, 2018 at 11:40 PM Bernd Kuhls <bernd.kuhls@t-online.de> wrote: > > Am Mon, 20 Aug 2018 10:05:15 +0200 schrieb Yegor Yefremov: > > > I've performed a runtime test and I still get: > [...] > > ImportError: > > /usr/lib/python3.6/site-packages/cryptography/hazmat/bindings/ > _openssl.abi3.so: > > undefined symbol: pthread_atfork > > Hi, > > I did not find the time to do a run-time test yet, sorry, but it seems > you are not the only one hitting the problem: > > https://www.mail-archive.com/yocto at yoctoproject.org/msg38512.html > > https://forums.gentoo.org/viewtopic-p-8120220.html? > sid=b50fe8a26a38d18882c5f2915a030408 > > https://lists.yoctoproject.org/pipermail/yocto/2017-December/039398.html > > The solution is to add "-pthread": > > https://patchwork.openembedded.org/patch/146240/ > > https://bugs.gentoo.org/630578 > > https://gitweb.gentoo.org/repo/gentoo.git/commit/? > id=c824d1c44fcf4556de21d2c8b8ae3732b0fc0c5b > > Could you please do another runtime test with this fix added? Seems to be working. At least our runtime-test comes beyond f = Fernet(key). I've tried this with a quick and dirty hack. diff --git a/package/python-cryptography/python-cryptography.mk b/package/python-cryptography/python-cryptography.mk index 3c97d0afee..4eac995152 100644 --- a/package/python-cryptography/python-cryptography.mk +++ b/package/python-cryptography/python-cryptography.mk @@ -11,5 +11,6 @@ PYTHON_CRYPTOGRAPHY_SETUP_TYPE = setuptools PYTHON_CRYPTOGRAPHY_LICENSE = Apache-2.0 or BSD-3-Clause PYTHON_CRYPTOGRAPHY_LICENSE_FILES = LICENSE LICENSE.APACHE LICENSE.BSD PYTHON_CRYPTOGRAPHY_DEPENDENCIES = host-python-cffi openssl +PYTHON_CRYPTOGRAPHY_ENV = CFLAGS="-pthread" $(eval $(python-package)) Please send v2 with properly embedded -pthread. Regards, Yegor ^ permalink raw reply related [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH/next 1/1] package/python-cryptography: bump version to 2.3.1 2018-08-19 18:42 [Buildroot] [PATCH/next 1/1] package/python-cryptography: bump version to 2.3.1 Bernd Kuhls 2018-08-19 18:53 ` Yegor Yefremov @ 2018-08-29 20:20 ` Thomas Petazzoni 1 sibling, 0 replies; 8+ messages in thread From: Thomas Petazzoni @ 2018-08-29 20:20 UTC (permalink / raw) To: buildroot Hello, On Sun, 19 Aug 2018 20:42:42 +0200, Bernd Kuhls wrote: > Changelog: https://cryptography.io/en/latest/changelog/#v2-3-1 > > Please note that CVE-2018-10903, fixed in version 2.3, was introduced > in version 1.9.0, so it was not present in buildroot: > https://nvd.nist.gov/vuln/detail/CVE-2018-10903 > > Added license hash and switched runtime dependency from pyasn1 to > asn1crypto: https://cryptography.io/en/latest/changelog/#v1-8 > > Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> > --- > package/python-cryptography/Config.in | 2 +- > package/python-cryptography/python-cryptography.hash | 8 +++++--- > package/python-cryptography/python-cryptography.mk | 4 ++-- > 3 files changed, 8 insertions(+), 6 deletions(-) Considering the runtime issues that are encountered with this update, I've marked this patch as Changes Requested in patchwork. Thanks! Thomas -- Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons) Embedded Linux and Kernel engineering https://bootlin.com ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2018-09-11 6:52 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-08-19 18:42 [Buildroot] [PATCH/next 1/1] package/python-cryptography: bump version to 2.3.1 Bernd Kuhls 2018-08-19 18:53 ` Yegor Yefremov 2018-08-19 19:02 ` Bernd Kuhls 2018-08-20 8:05 ` Yegor Yefremov 2018-08-20 12:05 ` Yegor Yefremov 2018-09-10 21:39 ` Bernd Kuhls 2018-09-11 6:52 ` Yegor Yefremov 2018-08-29 20:20 ` Thomas Petazzoni
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.