svn commit: r404378 - in head/lang/python32: . files
Bernard Spil
brnrd at FreeBSD.org
Thu Dec 24 17:09:14 UTC 2015
Author: brnrd
Date: Thu Dec 24 17:09:12 2015
New Revision: 404378
URL: https://svnweb.freebsd.org/changeset/ports/404378
Log:
lang/python32: Mark deprecated / fix No-EDGD/-SSLv3
- Mark DEPRECATED, EXPIRES Feb 2016 [1]
- Backport issue21356 RAND_egd fix [2]
- Fix build for openssl -nossl3
[1] https://www.python.org/dev/peps/pep-0392/#lifespan
[2] http://bugs.python.org/issue21356
PR: 195513
Reviewed by: koobs (mentor, python), feld (mentor)
Approved by: koobs (python, mentor)
Differential Revision: https://reviews.freebsd.org/D4701
> Description of fields to fill in above: 76 columns --|
> PR: If a Bugzilla PR is affected by the change.
> Submitted by: If someone else sent in the change.
> Reviewed by: If someone else reviewed your modification.
> Approved by: If you needed approval for this commit.
> Obtained from: If the change is from a third party.
> MFC after: N [day[s]|week[s]|month[s]]. Request a reminder email.
> Relnotes: Set to 'yes' for mention in release notes.
> Security: Vulnerability reference (one per line) or description.
> Sponsored by: If the change was sponsored by an organization.
> Empty fields above will be automatically removed.
M python32/Makefile
AM python32/files/patch-PR195513
Added:
head/lang/python32/files/patch-PR195513 (contents, props changed)
Modified:
head/lang/python32/Makefile
Modified: head/lang/python32/Makefile
==============================================================================
--- head/lang/python32/Makefile Thu Dec 24 17:00:54 2015 (r404377)
+++ head/lang/python32/Makefile Thu Dec 24 17:09:12 2015 (r404378)
@@ -12,6 +12,9 @@ COMMENT= Interpreted object-oriented pro
LICENSE= PSFL
+DEPRECATED= No longer receives bug fixes, only security updates. Please update to Python 3.5
+EXPIRATION_DATE= 2016-02-01
+
USES= cpe ncurses pkgconfig readline tar:xz
USE_OPENSSL= yes
USE_LDCONFIG= yes
Added: head/lang/python32/files/patch-PR195513
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/lang/python32/files/patch-PR195513 Thu Dec 24 17:09:12 2015 (r404378)
@@ -0,0 +1,174 @@
+--- Lib/ssl.py.orig 2014-10-12 08:52:02.000000000 +0200
++++ Lib/ssl.py 2015-12-23 11:29:24.243085919 +0100
+@@ -63,7 +63,16 @@ from _ssl import OPENSSL_VERSION_NUMBER,
+ from _ssl import _SSLContext, SSLError
+ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
+ from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1
+-from _ssl import RAND_status, RAND_egd, RAND_add
++### Fix build with LibreSSL (does not have RAND_egd)
++### PR195513, http://bugs.python.org/issue21356
++from _ssl import RAND_status, RAND_add
++try:
++ from _ssl import RAND_egd
++except ImportError:
++ # LibreSSL does not provide RAND_egd
++ pass
++### End PR195513
++
+ from _ssl import (
+ SSL_ERROR_ZERO_RETURN,
+ SSL_ERROR_WANT_READ,
+@@ -76,13 +85,12 @@ from _ssl import (
+ SSL_ERROR_INVALID_ERROR_CODE,
+ )
+ from _ssl import HAS_SNI
+-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1
++from _ssl import PROTOCOL_SSLv23, PROTOCOL_TLSv1
+ from _ssl import _OPENSSL_API_VERSION
+
+ _PROTOCOL_NAMES = {
+ PROTOCOL_TLSv1: "TLSv1",
+ PROTOCOL_SSLv23: "SSLv23",
+- PROTOCOL_SSLv3: "SSLv3",
+ }
+ try:
+ from _ssl import PROTOCOL_SSLv2
+@@ -91,6 +99,13 @@ except ImportError:
+ _SSLv2_IF_EXISTS = None
+ else:
+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
++try:
++ from _ssl import PROTOCOL_SSLv3
++ _SSLv3_IF_EXISTS = PROTOCOL_SSLv3
++except ImportError:
++ _SSLv3_IF_EXISTS = None
++else:
++ _PROTOCOL_NAMES[PROTOCOL_SSLv3] = "SSLv3"
+
+ from socket import getnameinfo as _getnameinfo
+ from socket import error as socket_error
+@@ -557,7 +572,7 @@ def PEM_cert_to_DER_cert(pem_cert_string
+ d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+ return base64.decodebytes(d.encode('ASCII', 'strict'))
+
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
+ """Retrieve the certificate from the server at the specified address,
+ and return it as a PEM-encoded string.
+ If 'ca_certs' is specified, validate the server cert against it.
+--- Lib/test/test_ssl.py.orig 2014-10-12 08:52:03.000000000 +0200
++++ Lib/test/test_ssl.py 2015-12-23 11:29:24.245086385 +0100
+@@ -21,11 +21,12 @@ import functools
+ ssl = support.import_module("ssl")
+
+ PROTOCOLS = [
+- ssl.PROTOCOL_SSLv3,
+ ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1
+ ]
+ if hasattr(ssl, 'PROTOCOL_SSLv2'):
+ PROTOCOLS.append(ssl.PROTOCOL_SSLv2)
++if hasattr(ssl, 'PROTOCOL_SSLv3'):
++ PROTOCOLS.append(ssl.PROTOCOL_SSLv3)
+
+ HOST = support.HOST
+
+@@ -104,8 +105,12 @@ class BasicSocketTests(unittest.TestCase
+ sys.stdout.write("\n RAND_status is %d (%s)\n"
+ % (v, (v and "sufficient randomness") or
+ "insufficient randomness"))
+- self.assertRaises(TypeError, ssl.RAND_egd, 1)
+- self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
++### Fix build with LibreSSL (does not have RAND_egd)
++### PR195513, http://bugs.python.org/issue21356
++ if hasattr(ssl, 'RAND_egd'):
++ self.assertRaises(TypeError, ssl.RAND_egd, 1)
++ self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
++### End PR195513
+ ssl.RAND_add("this is a random string", 75.0)
+
+ def test_parse_cert(self):
+@@ -380,7 +385,8 @@ class ContextTests(unittest.TestCase):
+ if hasattr(ssl, 'PROTOCOL_SSLv2'):
+ ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv2)
+ ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+- ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv3)
++ if hasattr(ssl, 'PROTOCOL_SSLv3'):
++ ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv3)
+ ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+ self.assertRaises(TypeError, ssl.SSLContext)
+ self.assertRaises(ValueError, ssl.SSLContext, -1)
+@@ -1372,6 +1378,7 @@ else:
+
+
+ @skip_if_broken_ubuntu_ssl
++ @unittest.skipUnless(hasattr(ssl, 'PROTOCOL_SSLv3'), "need SSLv3")
+ def test_protocol_sslv3(self):
+ """Connecting to an SSLv3 server with various client options"""
+ if support.verbose:
+--- Modules/_ssl.c.orig 2014-10-12 08:52:03.000000000 +0200
++++ Modules/_ssl.c 2015-12-23 11:29:24.242085898 +0100
+@@ -66,7 +66,9 @@ enum py_ssl_version {
+ #ifndef OPENSSL_NO_SSL2
+ PY_SSL_VERSION_SSL2,
+ #endif
+- PY_SSL_VERSION_SSL3=1,
++#ifndef OPENSSL_NO_SSL3
++ PY_SSL_VERSION_SSL3,
++#endif
+ PY_SSL_VERSION_SSL23,
+ PY_SSL_VERSION_TLS1
+ };
+@@ -1512,8 +1514,10 @@ context_new(PyTypeObject *type, PyObject
+ PySSL_BEGIN_ALLOW_THREADS
+ if (proto_version == PY_SSL_VERSION_TLS1)
+ ctx = SSL_CTX_new(TLSv1_method());
++#ifndef OPENSSL_NO_SSL3
+ else if (proto_version == PY_SSL_VERSION_SSL3)
+ ctx = SSL_CTX_new(SSLv3_method());
++#endif
+ #ifndef OPENSSL_NO_SSL2
+ else if (proto_version == PY_SSL_VERSION_SSL2)
+ ctx = SSL_CTX_new(SSLv2_method());
+@@ -1965,6 +1969,9 @@ Returns 1 if the OpenSSL PRNG has been s
+ It is necessary to seed the PRNG with RAND_add() on some platforms before\n\
+ using the ssl() function.");
+
++/* ### Fix build with LibreSSL (does not have RAND_egd)
++ ### PR195513, http://bugs.python.org/issue21356 */
++#ifndef OPENSSL_NO_EGD
+ static PyObject *
+ PySSL_RAND_egd(PyObject *self, PyObject *args)
+ {
+@@ -1992,6 +1999,8 @@ PyDoc_STRVAR(PySSL_RAND_egd_doc,
+ Queries the entropy gather daemon (EGD) on the socket named by 'path'.\n\
+ Returns number of bytes read. Raises SSLError if connection to EGD\n\
+ fails or if it does provide enough data to seed PRNG.");
++#endif /* OPENSSL_NO_EGD */
++/* ### End PR195513 */
+
+ #endif
+
+@@ -2005,8 +2014,12 @@ static PyMethodDef PySSL_methods[] = {
+ #ifdef HAVE_OPENSSL_RAND
+ {"RAND_add", PySSL_RAND_add, METH_VARARGS,
+ PySSL_RAND_add_doc},
++/* ### Fix build with LibreSSL (does not have RAND_egd)
++ ### PR195513, http://bugs.python.org/issue21356 */
++#ifndef OPENSSL_NO_EGD
+ {"RAND_egd", PySSL_RAND_egd, METH_VARARGS,
+ PySSL_RAND_egd_doc},
++#endif /* OPENSSL_NO_EGD */
+ {"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS,
+ PySSL_RAND_status_doc},
+ #endif
+@@ -2199,8 +2212,10 @@ PyInit__ssl(void)
+ PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
+ PY_SSL_VERSION_SSL2);
+ #endif
++#ifndef OPENSSL_NO_SSL3
+ PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
+ PY_SSL_VERSION_SSL3);
++#endif
+ PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+ PY_SSL_VERSION_SSL23);
+ PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
More information about the svn-ports-head
mailing list