Package: release.debian.org
User: release.debian....@packages.debian.org
Usertags: pu
Tags: stretch
Severity: normal
With the intention of pushing OpenSSL 1.1.0j into Stretch here is the
proposed change for python-cryptography.
The package python-cryptography fails to build due to an API change of
BIO_callback_ctrl() in OpenSSL. While this is a no-no in a stable
release, it has been explained [0] that the function / callback was
always used with a different prototype. I fixed this by removing the
function / prototype from the python wrapper while upstream removed the
almost all BIO related wrappers [1].
I did a rebuild of python-cryptography's rdeps in Stretch against OpenSSL
1.1.0i and the proposed package with no fallout [2].
Any feedback from the python team is welcome.
[0] https://github.com/openssl/openssl/pull/4493#discussion_r143505277
[1] https://github.com/pyca/cryptography/pull/4220
[2]
https://breakpoint.cc/openssl-rebuild/2018-09-02-rebuild-stretch-python-cryptography/
Sebastian
diff -Nru python-cryptography-1.7.1/debian/changelog python-cryptography-1.7.1/debian/changelog
--- python-cryptography-1.7.1/debian/changelog 2017-05-28 04:20:33.000000000 +0200
+++ python-cryptography-1.7.1/debian/changelog 2018-09-02 15:17:35.000000000 +0200
@@ -1,3 +1,11 @@
+python-cryptography (1.7.1-3+deb9u1) unstable; urgency=medium
+
+ * Remove BIO_callback_ctrl: The prototype differs with the OpenSSL's
+ definition of it after it was changed (fixed) within OpenSSL. It has no
+ users.
+
+ -- Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Sun, 02 Sep 2018 15:17:35 +0200
+
python-cryptography (1.7.1-3) unstable; urgency=medium
* Apply patch 6e7ea2e7 from upstream to fix compilation against OpenSSL
diff -Nru python-cryptography-1.7.1/debian/patches/Remove-BIO_callback_ctrl.patch python-cryptography-1.7.1/debian/patches/Remove-BIO_callback_ctrl.patch
--- python-cryptography-1.7.1/debian/patches/Remove-BIO_callback_ctrl.patch 1970-01-01 01:00:00.000000000 +0100
+++ python-cryptography-1.7.1/debian/patches/Remove-BIO_callback_ctrl.patch 2018-09-02 15:17:35.000000000 +0200
@@ -0,0 +1,52 @@
+From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
+Date: Sun, 2 Sep 2018 15:00:43 +0200
+Subject: [PATCH] Remove BIO_callback_ctrl()
+
+This removes BIO_callback_ctrl(), bio_info_cb and its two users.
+This is the small version of #4220 ("Remove unused BIO bindings.").
+OpenSSL changed this type because it was wrong and the (now) different
+prototype fails to build.
+There should be users which rely on this function.
+
+Link: https://github.com/pyca/cryptography/pull/4220
+Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
+---
+ src/_cffi_src/openssl/bio.py | 8 --------
+ 1 file changed, 8 deletions(-)
+
+diff --git a/src/_cffi_src/openssl/bio.py b/src/_cffi_src/openssl/bio.py
+index a134d9b605b0..c4aa88c5b075 100644
+--- a/src/_cffi_src/openssl/bio.py
++++ b/src/_cffi_src/openssl/bio.py
+@@ -10,7 +10,6 @@ INCLUDES = """
+
+ TYPES = """
+ typedef struct bio_st BIO;
+-typedef void bio_info_cb(BIO *, int, const char *, int, long, long);
+ typedef ... bio_st;
+ typedef ... BIO_METHOD;
+ typedef ... BUF_MEM;
+@@ -69,11 +68,6 @@ BIO *BIO_new_fp(FILE *, int);
+ BIO *BIO_new_fd(int, int);
+ BIO *BIO_new_socket(int, int);
+ long BIO_ctrl(BIO *, int, long, void *);
+-long BIO_callback_ctrl(
+- BIO *,
+- int,
+- void (*)(struct bio_st *, int, const char *, int, long, long)
+-);
+ long BIO_int_ctrl(BIO *, int, long, int);
+ size_t BIO_ctrl_pending(BIO *);
+ size_t BIO_ctrl_wpending(BIO *);
+@@ -125,8 +119,6 @@ int BIO_set_close(BIO *,long);
+ int BIO_get_close(BIO *);
+ int BIO_pending(BIO *);
+ int BIO_wpending(BIO *);
+-int BIO_get_info_callback(BIO *, bio_info_cb **);
+-int BIO_set_info_callback(BIO *, bio_info_cb *);
+ long BIO_get_buffer_num_lines(BIO *);
+ long BIO_set_read_buffer_size(BIO *, long);
+ long BIO_set_write_buffer_size(BIO *, long);
+--
+2.11.0
+
diff -Nru python-cryptography-1.7.1/debian/patches/series python-cryptography-1.7.1/debian/patches/series
--- python-cryptography-1.7.1/debian/patches/series 2017-05-28 04:20:33.000000000 +0200
+++ python-cryptography-1.7.1/debian/patches/series 2018-09-02 15:17:12.000000000 +0200
@@ -1,2 +1,3 @@
0001-add-memory-limit-check-for-scrypt.patch
0002-fix-compilation-on-1.1.0f-3603.patch
+Remove-BIO_callback_ctrl.patch
