python-cryptography: bump to version 3.4.5

Re-applied OpenSSL patches from
   pyca/cryptography#4920

We also need to patch setup.py a bit to make sure that the Rust extension
is not included.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

lang/python/python-cryptography/Makefile

@@ -8,11 +8,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=python-cryptography
-PKG_VERSION:=3.3.1
+PKG_VERSION:=3.4.5
 PKG_RELEASE:=1
 
 PYPI_NAME:=cryptography
-PKG_HASH:=7e177e4bea2de937a584b13645cab32f25e3d96fc0bc4a4cf99c27dc77682be6
+PKG_HASH:=4f6761a82b51fe02cda8f45af1c2f698a10f50003dc9c2572d8a49eda2e6d35b
 
 PKG_LICENSE:=Apache-2.0 BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE.APACHE LICENSE.BSD
@@ -26,6 +26,9 @@ include ../pypi.mk
 include $(INCLUDE_DIR)/package.mk
 include ../python3-package.mk
 
+PYTHON3_PKG_SETUP_VARS = \
+	CRYPTOGRAPHY_DONT_BUILD_RUST=1
+
 define Package/python3-cryptography
   SECTION:=lang
   CATEGORY:=Languages

lang/python/python-cryptography/patches/0002-Add-compatibility-for-X509_STORE_set_get_issuer.patch → lang/python/python-cryptography/patches/0001-Add-compatibility-for-X509_STORE_set_get_issuer.patch

@@ -1,7 +1,7 @@
-From 77b25307a743eb52ef5ead24c956e577f5bd025f Mon Sep 17 00:00:00 2001
+From 02c9bc956a24371da7815c42357bfc30a1521560 Mon Sep 17 00:00:00 2001
 From: Rosen Penev <rosenp@gmail.com>
 Date: Fri, 7 Jun 2019 20:42:04 -0700
-Subject: [PATCH 2/7] Add compatibility for X509_STORE_set_get_issuer
+Subject: [PATCH 1/3] Add compatibility for X509_STORE_set_get_issuer
 
 Deprecated under OpenSSL 1.1.
 ---
@@ -11,15 +11,15 @@ Deprecated under OpenSSL 1.1.
 
 --- a/src/_cffi_src/openssl/x509_vfy.py
 +++ b/src/_cffi_src/openssl/x509_vfy.py
-@@ -22,6 +22,7 @@ TYPES = """
+@@ -21,6 +21,7 @@ TYPES = """
  static const long Cryptography_HAS_102_VERIFICATION;
  static const long Cryptography_HAS_110_VERIFICATION_PARAMS;
  static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER;
 +static const long Cryptography_HAS_X509_CB_ISSUER_CHECK;
 
  typedef ... Cryptography_STACK_OF_ASN1_OBJECT;
  typedef ... Cryptography_STACK_OF_X509_OBJECT;
-@@ -252,4 +253,11 @@ void (*X509_STORE_set_get_issuer)(X509_S
+@@ -257,4 +258,11 @@ void (*X509_STORE_set_get_issuer)(X509_S
  #else
  static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 1;
  #endif
@@ -33,7 +33,7 @@ Deprecated under OpenSSL 1.1.
  """
 --- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
 +++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
-@@ -270,6 +270,11 @@ def cryptography_has_get_proto_version()
+@@ -269,6 +269,11 @@ def cryptography_has_get_proto_version()
          "SSL_get_max_proto_version",
      ]
 
@@ -45,7 +45,7 @@ Deprecated under OpenSSL 1.1.
 
  # This is a mapping of
  # {condition: function-returning-names-dependent-on-that-condition} so we can
-@@ -319,4 +324,7 @@ CONDITIONAL_NAMES = {
+@@ -318,4 +323,7 @@ CONDITIONAL_NAMES = {
      "Cryptography_HAS_VERIFIED_CHAIN": cryptography_has_verified_chain,
      "Cryptography_HAS_SRTP": cryptography_has_srtp,
      "Cryptography_HAS_GET_PROTO_VERSION": cryptography_has_get_proto_version,

lang/python/python-cryptography/patches/0003-Add-compatibility-for-deprecated-TLS-methods.patch → lang/python/python-cryptography/patches/0002-Add-compatibility-for-deprecated-TLS-methods.patch

@@ -1,7 +1,7 @@
-From 7a55c37e01114dfd1ae733b099fdee1ba1889449 Mon Sep 17 00:00:00 2001
+From 90e86579e5585e9ad74120b66e08f1efe10da625 Mon Sep 17 00:00:00 2001
 From: Rosen Penev <rosenp@gmail.com>
 Date: Fri, 7 Jun 2019 21:00:46 -0700
-Subject: [PATCH 3/7] Add compatibility for deprecated TLS methods
+Subject: [PATCH 2/3] Add compatibility for deprecated TLS methods
 
 ---
  src/_cffi_src/openssl/ssl.py                  | 45 +++++++++++++++++--
@@ -10,7 +10,7 @@ Subject: [PATCH 3/7] Add compatibility for deprecated TLS methods
 
 --- a/src/_cffi_src/openssl/ssl.py
 +++ b/src/_cffi_src/openssl/ssl.py
-@@ -14,12 +14,14 @@ TYPES = """
+@@ -13,12 +13,14 @@ TYPES = """
  static const long Cryptography_HAS_SSL_ST;
  static const long Cryptography_HAS_TLS_ST;
  static const long Cryptography_HAS_SSL3_METHOD;
@@ -27,7 +27,7 @@ Subject: [PATCH 3/7] Add compatibility for deprecated TLS methods
  static const long Cryptography_HAS_SIGALGS;
  static const long Cryptography_HAS_PSK;
  static const long Cryptography_HAS_VERIFIED_CHAIN;
-@@ -543,8 +545,43 @@ static const long Cryptography_HAS_SSL3_
+@@ -548,8 +550,43 @@ static const long Cryptography_HAS_SSL3_
 
  static const long Cryptography_HAS_RELEASE_BUFFERS = 1;
  static const long Cryptography_HAS_OP_NO_COMPRESSION = 1;
@@ -75,7 +75,7 @@ Subject: [PATCH 3/7] Add compatibility for deprecated TLS methods
  static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1;
 --- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
 +++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
-@@ -33,6 +33,38 @@ def cryptography_has_ssl3_method():
+@@ -31,6 +31,38 @@ def cryptography_has_ssl3_method():
      ]
 
 
@@ -114,7 +114,7 @@ Subject: [PATCH 3/7] Add compatibility for deprecated TLS methods
  def cryptography_has_102_verification():
      return [
          "X509_V_ERR_SUITE_B_INVALID_VERSION",
-@@ -286,6 +318,10 @@ CONDITIONAL_NAMES = {
+@@ -285,6 +317,10 @@ CONDITIONAL_NAMES = {
      "Cryptography_HAS_RSA_OAEP_MD": cryptography_has_rsa_oaep_md,
      "Cryptography_HAS_RSA_OAEP_LABEL": cryptography_has_rsa_oaep_label,
      "Cryptography_HAS_SSL3_METHOD": cryptography_has_ssl3_method,

lang/python/python-cryptography/patches/0003-Add-defines-for-totally-deprecated-functions.patch

@@ -0,0 +1,114 @@
+From fa031041283aac693273db24dab5b3f2193b438d Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Thu, 5 Dec 2019 12:52:13 -0800
+Subject: [PATCH 3/3] Add defines for totally deprecated functions
+
+---
+ src/_cffi_src/openssl/asn1.py     |  3 +++
+ src/_cffi_src/openssl/conf.py     |  4 ++++
+ src/_cffi_src/openssl/crypto.py   |  4 ++++
+ src/_cffi_src/openssl/ecdh.py     |  3 +++
+ src/_cffi_src/openssl/evp.py      |  5 +++++
+ src/_cffi_src/openssl/ssl.py      |  5 +++++
+ src/_cffi_src/openssl/x509.py     | 12 ++++++++++++
+ src/_cffi_src/openssl/x509_vfy.py |  6 ++++++
+ 8 files changed, 42 insertions(+)
+
+--- a/src/_cffi_src/openssl/asn1.py
++++ b/src/_cffi_src/openssl/asn1.py
+@@ -105,4 +105,7 @@ ASN1_NULL *ASN1_NULL_new(void);
+ """
+
+ CUSTOMIZATIONS = """
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++#define ASN1_STRING_data ASN1_STRING_get0_data
++#endif
+ """
+--- a/src/_cffi_src/openssl/conf.py
++++ b/src/_cffi_src/openssl/conf.py
+@@ -17,4 +17,8 @@ void OPENSSL_no_config(void);
+ """
+
+ CUSTOMIZATIONS = """
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++#define OPENSSL_config(x) 0
++#define OPENSSL_no_config() 0
++#endif
+ """
+--- a/src/_cffi_src/openssl/crypto.py
++++ b/src/_cffi_src/openssl/crypto.py
+@@ -113,4 +113,8 @@ void *Cryptography_realloc_wrapper(void
+ void Cryptography_free_wrapper(void *ptr, const char *path, int line) {
+     free(ptr);
+ }
++
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++#define CRYPTO_get_locking_callback() 0
++#endif
+ """
+--- a/src/_cffi_src/openssl/ecdh.py
++++ b/src/_cffi_src/openssl/ecdh.py
+@@ -17,4 +17,7 @@ long SSL_CTX_set_ecdh_auto(SSL_CTX *, in
+ """
+
+ CUSTOMIZATIONS = """
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++#define SSL_CTX_set_ecdh_auto(a, b) ((b) != 0)
++#endif
+ """
+--- a/src/_cffi_src/openssl/evp.py
++++ b/src/_cffi_src/openssl/evp.py
+@@ -269,4 +269,9 @@ static const long Cryptography_HAS_EVP_D
+ #ifndef EVP_PKEY_POLY1305
+ #define EVP_PKEY_POLY1305 NID_poly1305
+ #endif
++
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++#define EVP_CIPHER_CTX_cleanup EVP_CIPHER_CTX_reset
++#define OpenSSL_add_all_algorithms() do {} while(0)
++#endif
+ """
+--- a/src/_cffi_src/openssl/ssl.py
++++ b/src/_cffi_src/openssl/ssl.py
+@@ -745,4 +745,9 @@ long (*SSL_get_max_proto_version)(SSL *)
+ #else
+ static const long Cryptography_HAS_GET_PROTO_VERSION = 1;
+ #endif
++
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++#define SSL_library_init() 1
++#define SSL_load_error_strings() 0
++#endif
+ """
+--- a/src/_cffi_src/openssl/x509.py
++++ b/src/_cffi_src/openssl/x509.py
+@@ -305,4 +305,16 @@ int i2d_re_X509_CRL_tbs(X509_CRL *crl, u
+     return i2d_X509_CRL_INFO(crl->crl, pp);
+ }
+ #endif
++
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++#define X509_get_notBefore X509_get0_notBefore
++#define X509_get_notAfter X509_get0_notAfter
++#define X509_set_notBefore X509_set1_notBefore
++#define X509_set_notAfter X509_set1_notAfter
++
++#define X509_CRL_get_lastUpdate X509_CRL_get0_lastUpdate
++#define X509_CRL_get_nextUpdate X509_CRL_get0_nextUpdate
++#define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
++#define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
++#endif
+ """
+--- a/src/_cffi_src/openssl/x509_vfy.py
++++ b/src/_cffi_src/openssl/x509_vfy.py
+@@ -265,4 +265,10 @@ static const long Cryptography_HAS_X509_
+ #else
+ static const long Cryptography_HAS_X509_CB_ISSUER_CHECK = 1;
+ #endif
++
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++#define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack
++#define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted
++#define X509_STORE_CTX_get_chain X509_STORE_CTX_get1_chain
++#endif
+ """

lang/python/python-cryptography/patches/0004-don-t-setup-rust-extension.patch

@@ -0,0 +1,51 @@
+--- a/setup.py
++++ b/setup.py
+@@ -10,21 +10,24 @@ import sys
+
+ from setuptools import find_packages, setup
+
+-try:
+-    from setuptools_rust import RustExtension
+-except ImportError:
+-    print(
+-        """
+-        =============================DEBUG ASSISTANCE==========================
+-        If you are seeing an error here please try the following to
+-        successfully install cryptography:
+-
+-        Upgrade to the latest pip and try again. This will fix errors for most
+-        users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip
+-        =============================DEBUG ASSISTANCE==========================
+-        """
+-    )
+-    raise
++dont_setup_rust = os.environ.get("CRYPTOGRAPHY_DONT_BUILD_RUST")
++
++if not dont_setup_rust:
++    try:
++        from setuptools_rust import RustExtension
++    except ImportError:
++        print(
++            """
++            =============================DEBUG ASSISTANCE==========================
++            If you are seeing an error here please try the following to
++            successfully install cryptography:
++
++            Upgrade to the latest pip and try again. This will fix errors for most
++            users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip
++            =============================DEBUG ASSISTANCE==========================
++            """
++        )
++        raise
+
+
+ base_dir = os.path.dirname(__file__)
+@@ -45,7 +48,7 @@ setuptools_rust = "setuptools-rust>=0.11
+ install_requirements = ["cffi>=1.12"]
+ setup_requirements = install_requirements + [setuptools_rust]
+
+-if os.environ.get("CRYPTOGRAPHY_DONT_BUILD_RUST"):
++if dont_setup_rust:
+     rust_extensions = []
+ else:
+     rust_extensions = [