From: Theo Buehler Subject: Update M2Crypto to 0.46.2 (salt testers wanted) To: ports@openbsd.org Cc: mikolaj@kucharski.name Date: Fri, 17 Oct 2025 04:46:40 +0200 If anyone using salt could give this a spin to see if there are runtime issues, that would be great. That's the only serious use of this from ports. It works for me in tlsfuzzer. Salt needed to fix a few things for M2Crypto 0.44, so if 0.46.2 doesn't work, we could try and jump only to 0.44: https://github.com/saltstack/salt/pull/67782 Tests aren't looking fantastic, but it seems ok since they don't seem to affect anything important. Most of the failures are due to differing verifier errors, some tests fail because they want to connect to the internet, some rely on undocumented output strings we changed, and the membuf failures are due to a fix of UB in libcrypto. There's nonsense like trying to set a CSR version to 1 (aka 2) which we don't allow since the spec only defines 0 (aka 1). Proxy certs and some RAND nonsense are expected not to work since we removed support a long time ago. Index: Makefile =================================================================== RCS file: /cvs/ports/security/py-M2Crypto/Makefile,v diff -u -p -r1.49 Makefile --- Makefile 29 Apr 2025 10:39:48 -0000 1.49 +++ Makefile 17 Oct 2025 02:05:53 -0000 @@ -1,9 +1,8 @@ COMMENT= crypto and TLS toolkit for Python -MODPY_DISTV= 0.41.0 -DISTNAME= M2Crypto-${MODPY_DISTV} -PKGNAME= py-${DISTNAME} -REVISION= 4 +MODPY_DISTV= 0.46.2 +DISTNAME= m2crypto-${MODPY_DISTV} +PKGNAME= py-M2Crypto-${MODPY_DISTV} CATEGORIES= security Index: distinfo =================================================================== RCS file: /cvs/ports/security/py-M2Crypto/distinfo,v diff -u -p -r1.21 distinfo --- distinfo 7 May 2024 07:43:48 -0000 1.21 +++ distinfo 17 Oct 2025 01:55:20 -0000 @@ -1,2 +1,2 @@ -SHA256 (M2Crypto-0.41.0.tar.gz) = OhNYx+6EkEbZF4Knd/F4a/AnocHVG1+vjxlDW/w/FJU= -SIZE (M2Crypto-0.41.0.tar.gz) = 1151680 +SHA256 (m2crypto-0.46.2.tar.gz) = E8L6iVYve4r0DMdLVfSQvl4quMz7c58RwW085iIaYbo= +SIZE (m2crypto-0.46.2.tar.gz) = 501816 Index: patches/patch-src_SWIG__evp_i =================================================================== RCS file: patches/patch-src_SWIG__evp_i diff -N patches/patch-src_SWIG__evp_i --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_SWIG__evp_i 17 Oct 2025 02:00:24 -0000 @@ -0,0 +1,12 @@ +Index: src/SWIG/_evp.i +--- src/SWIG/_evp.i.orig ++++ src/SWIG/_evp.i +@@ -364,7 +364,7 @@ PyObject *hmac_init(HMAC_CTX *ctx, PyObject *key, cons + return NULL; + } + +- if (!HMAC_Init(ctx, kbuf.buf, kbuf.len, md)) { ++ if (!HMAC_Init_ex(ctx, kbuf.buf, kbuf.len, md, NULL)) { + PyErr_SetString(_evp_err, "HMAC_Init failed"); + m2_PyBuffer_Release(key, &kbuf); + return NULL; Index: patches/patch-src_SWIG__lib11_compat_i =================================================================== RCS file: /cvs/ports/security/py-M2Crypto/patches/patch-src_SWIG__lib11_compat_i,v diff -u -p -r1.3 patch-src_SWIG__lib11_compat_i --- patches/patch-src_SWIG__lib11_compat_i 11 Mar 2022 19:53:53 -0000 1.3 +++ patches/patch-src_SWIG__lib11_compat_i 17 Oct 2025 01:58:11 -0000 @@ -11,8 +11,8 @@ Index: src/SWIG/_lib11_compat.i +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) #include - #include -@@ -24,6 +24,8 @@ static void *CRYPTO_zalloc(size_t num, const char *fil + +@@ -23,6 +23,8 @@ static void *CRYPTO_zalloc(size_t num, const char *fil return ret; } Index: patches/patch-src_SWIG__lib_i =================================================================== RCS file: patches/patch-src_SWIG__lib_i diff -N patches/patch-src_SWIG__lib_i --- patches/patch-src_SWIG__lib_i 2 Mar 2024 12:00:46 -0000 1.5 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,70 +0,0 @@ -Fix build with LibreSSL - -Index: src/SWIG/_lib.i ---- src/SWIG/_lib.i.orig -+++ src/SWIG/_lib.i -@@ -21,7 +21,7 @@ - - %{ - /* OpenSSL 1.0.2 copmatbility shim */ --#if OPENSSL_VERSION_NUMBER < 0x10002000L -+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) - typedef void (*OPENSSL_sk_freefunc)(void *); - typedef void *(*OPENSSL_sk_copyfunc)(const void *); - typedef struct stack_st OPENSSL_STACK; -@@ -31,47 +31,21 @@ typedef struct stack_st OPENSSL_STACK; - - void OPENSSL_sk_free(OPENSSL_STACK *st) - { -- if (st == NULL) -- return; -- OPENSSL_free(st->data); -- OPENSSL_free(st); -+ sk_free(st); - } - - OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *sk, - OPENSSL_sk_copyfunc copy_func, - OPENSSL_sk_freefunc free_func) - { -- OPENSSL_STACK *ret; -- int i; -+ /* Do not support this. It relies on UB via function pointer casting. */ -+ return NULL; -+} - -- if (sk->num < 0) -- return NULL; -- -- if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) -- return NULL; -- -- /* direct structure assignment */ -- *ret = *sk; -- -- ret->num_alloc = sk->num > MIN_NODES ? (size_t)sk->num : MIN_NODES; -- ret->data = OPENSSL_zalloc(sizeof(*ret->data) * ret->num_alloc); -- if (ret->data == NULL) { -- OPENSSL_free(ret); -- return NULL; -- } -- -- for (i = 0; i < ret->num; ++i) { -- if (sk->data[i] == NULL) -- continue; -- if ((ret->data[i] = copy_func(sk->data[i])) == NULL) { -- while (--i >= 0) -- if (ret->data[i] != NULL) -- free_func((void *)ret->data[i]); -- OPENSSL_sk_free(ret); -- return NULL; -- } -- } -- return ret; -+int sk_find_ex(OPENSSL_STACK *sk, void *wanted) -+{ -+ /* Let's see if anything fails. */ -+ return -1; - } - #endif /* OpenSSL 1.0.2 copmatbility shim */ - Index: patches/patch-src_SWIG__x509_i =================================================================== RCS file: /cvs/ports/security/py-M2Crypto/patches/patch-src_SWIG__x509_i,v diff -u -p -r1.2 patch-src_SWIG__x509_i --- patches/patch-src_SWIG__x509_i 8 Feb 2025 04:13:06 -0000 1.2 +++ patches/patch-src_SWIG__x509_i 17 Oct 2025 01:57:54 -0000 @@ -3,7 +3,7 @@ X509_check_trust() and X509_NAME_print() Index: src/SWIG/_x509.i --- src/SWIG/_x509.i.orig +++ src/SWIG/_x509.i -@@ -108,8 +108,10 @@ extern int X509_cmp_current_time(ASN1_TIME *); +@@ -110,8 +110,10 @@ extern int X509_cmp_current_time(ASN1_TIME *); %rename(x509_check_purpose) X509_check_purpose; extern int X509_check_purpose(X509 *, int, int); @@ -14,7 +14,7 @@ Index: src/SWIG/_x509.i %rename(x509_write_pem) PEM_write_bio_X509; %threadallow PEM_write_bio_X509; -@@ -144,9 +146,11 @@ extern int X509V3_EXT_print(BIO *, X509_EXTENSION *, u +@@ -146,9 +148,11 @@ extern int X509V3_EXT_print(BIO *, X509_EXTENSION *, u extern X509_NAME *X509_NAME_new( void ); %rename(x509_name_free) X509_NAME_free; extern void X509_NAME_free(X509_NAME *); Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/security/py-M2Crypto/pkg/PLIST,v diff -u -p -r1.17 PLIST --- pkg/PLIST 29 Apr 2025 10:39:48 -0000 1.17 +++ pkg/PLIST 17 Oct 2025 02:06:12 -0000 @@ -8,7 +8,6 @@ lib/python${MODPY_VERSION}/site-packages lib/python${MODPY_VERSION}/site-packages/M2Crypto/DSA.py lib/python${MODPY_VERSION}/site-packages/M2Crypto/EC.py lib/python${MODPY_VERSION}/site-packages/M2Crypto/EVP.py -lib/python${MODPY_VERSION}/site-packages/M2Crypto/Engine.py lib/python${MODPY_VERSION}/site-packages/M2Crypto/Err.py lib/python${MODPY_VERSION}/site-packages/M2Crypto/RC4.py lib/python${MODPY_VERSION}/site-packages/M2Crypto/RSA.py @@ -19,6 +18,7 @@ lib/python${MODPY_VERSION}/site-packages lib/python${MODPY_VERSION}/site-packages/M2Crypto/SSL/Cipher.py lib/python${MODPY_VERSION}/site-packages/M2Crypto/SSL/Connection.py lib/python${MODPY_VERSION}/site-packages/M2Crypto/SSL/Context.py +lib/python${MODPY_VERSION}/site-packages/M2Crypto/SSL/SSLError.py lib/python${MODPY_VERSION}/site-packages/M2Crypto/SSL/SSLServer.py lib/python${MODPY_VERSION}/site-packages/M2Crypto/SSL/Session.py lib/python${MODPY_VERSION}/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.py @@ -32,6 +32,8 @@ lib/python${MODPY_VERSION}/site-packages lib/python${MODPY_VERSION}/site-packages/M2Crypto/SSL/${MODPY_PYCACHE}Connection.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/M2Crypto/SSL/${MODPY_PYCACHE}Context.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} lib/python${MODPY_VERSION}/site-packages/M2Crypto/SSL/${MODPY_PYCACHE}Context.${MODPY_PYC_MAGIC_TAG}pyc +lib/python${MODPY_VERSION}/site-packages/M2Crypto/SSL/${MODPY_PYCACHE}SSLError.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} +lib/python${MODPY_VERSION}/site-packages/M2Crypto/SSL/${MODPY_PYCACHE}SSLError.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/M2Crypto/SSL/${MODPY_PYCACHE}SSLServer.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} lib/python${MODPY_VERSION}/site-packages/M2Crypto/SSL/${MODPY_PYCACHE}SSLServer.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/M2Crypto/SSL/${MODPY_PYCACHE}Session.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} @@ -65,8 +67,6 @@ lib/python${MODPY_VERSION}/site-packages lib/python${MODPY_VERSION}/site-packages/M2Crypto/${MODPY_PYCACHE}EC.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/M2Crypto/${MODPY_PYCACHE}EVP.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} lib/python${MODPY_VERSION}/site-packages/M2Crypto/${MODPY_PYCACHE}EVP.${MODPY_PYC_MAGIC_TAG}pyc -lib/python${MODPY_VERSION}/site-packages/M2Crypto/${MODPY_PYCACHE}Engine.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} -lib/python${MODPY_VERSION}/site-packages/M2Crypto/${MODPY_PYCACHE}Engine.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/M2Crypto/${MODPY_PYCACHE}Err.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} lib/python${MODPY_VERSION}/site-packages/M2Crypto/${MODPY_PYCACHE}Err.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/M2Crypto/${MODPY_PYCACHE}RC4.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} @@ -99,9 +99,12 @@ lib/python${MODPY_VERSION}/site-packages lib/python${MODPY_VERSION}/site-packages/M2Crypto/${MODPY_PYCACHE}m2xmlrpclib.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/M2Crypto/${MODPY_PYCACHE}threading.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} lib/python${MODPY_VERSION}/site-packages/M2Crypto/${MODPY_PYCACHE}threading.${MODPY_PYC_MAGIC_TAG}pyc +lib/python${MODPY_VERSION}/site-packages/M2Crypto/${MODPY_PYCACHE}types.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} +lib/python${MODPY_VERSION}/site-packages/M2Crypto/${MODPY_PYCACHE}types.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/M2Crypto/${MODPY_PYCACHE}util.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} lib/python${MODPY_VERSION}/site-packages/M2Crypto/${MODPY_PYCACHE}util.${MODPY_PYC_MAGIC_TAG}pyc @so lib/python${MODPY_VERSION}/site-packages/M2Crypto/_m2crypto.${MODPY_PYC_MAGIC_TAG}so +lib/python${MODPY_VERSION}/site-packages/M2Crypto/_m2crypto.pyi lib/python${MODPY_VERSION}/site-packages/M2Crypto/callback.py lib/python${MODPY_VERSION}/site-packages/M2Crypto/ftpslib.py lib/python${MODPY_VERSION}/site-packages/M2Crypto/httpslib.py @@ -110,12 +113,15 @@ lib/python${MODPY_VERSION}/site-packages lib/python${MODPY_VERSION}/site-packages/M2Crypto/m2urllib.py lib/python${MODPY_VERSION}/site-packages/M2Crypto/m2urllib2.py lib/python${MODPY_VERSION}/site-packages/M2Crypto/m2xmlrpclib.py +lib/python${MODPY_VERSION}/site-packages/M2Crypto/py.typed lib/python${MODPY_VERSION}/site-packages/M2Crypto/threading.py +lib/python${MODPY_VERSION}/site-packages/M2Crypto/types.py lib/python${MODPY_VERSION}/site-packages/M2Crypto/util.py lib/python${MODPY_VERSION}/site-packages/m2crypto-${MODPY_DISTV}.dist-info/ lib/python${MODPY_VERSION}/site-packages/m2crypto-${MODPY_DISTV}.dist-info/METADATA lib/python${MODPY_VERSION}/site-packages/m2crypto-${MODPY_DISTV}.dist-info/RECORD lib/python${MODPY_VERSION}/site-packages/m2crypto-${MODPY_DISTV}.dist-info/WHEEL lib/python${MODPY_VERSION}/site-packages/m2crypto-${MODPY_DISTV}.dist-info/licenses/ -lib/python${MODPY_VERSION}/site-packages/m2crypto-${MODPY_DISTV}.dist-info/licenses/LICENCE +lib/python${MODPY_VERSION}/site-packages/m2crypto-${MODPY_DISTV}.dist-info/licenses/LICENSES/ +lib/python${MODPY_VERSION}/site-packages/m2crypto-${MODPY_DISTV}.dist-info/licenses/LICENSES/BSD-2-Clause.txt lib/python${MODPY_VERSION}/site-packages/m2crypto-${MODPY_DISTV}.dist-info/top_level.txt