python3: fix ssl support by removing libressl patches

Remove libressl specific patches. With commit ("tools/libressl: update to 3.7.0") they are no longer needed, rather they cause python3 to be compiled without working ssl-support. Fixes: #20107 Suggested-by: Andre Heider <a.heider@gmail.com> Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-12-20 09:20:45 +01:00 · 2022-12-20 09:20:45 +01:00 · 4ecd9d67e9
commit 4ecd9d67e9
parent 735cba83ce
3 changed files with 1 additions and 75 deletions
--- a/lang/python/python3/Makefile
+++ b/lang/python/python3/Makefile
@ -11,7 +11,7 @@ include $(TOPDIR)/rules.mk
 include ../python3-version.mk

 PKG_NAME:=python3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_VERSION:=$(PYTHON3_VERSION).$(PYTHON3_VERSION_MICRO)

 PKG_SOURCE:=Python-$(PKG_VERSION).tar.xz
--- a/lang/python/python3/patches/026-openssl-feature-flags.patch
+++ b/lang/python/python3/patches/026-openssl-feature-flags.patch
@ -1,47 +0,0 @@
--- a/Modules/_hashopenssl.c
-+++ b/Modules/_hashopenssl.c
-@@ -45,10 +45,12 @@
- 
- #define MUNCH_SIZE INT_MAX
- 
-+#if !defined(LIBRESSL_VERSION_NUMBER)
- #define PY_OPENSSL_HAS_SCRYPT 1
- #define PY_OPENSSL_HAS_SHA3 1
- #define PY_OPENSSL_HAS_SHAKE 1
- #define PY_OPENSSL_HAS_BLAKE2 1
-+#endif
- 
- #if OPENSSL_VERSION_NUMBER >= 0x30000000L
- #define PY_EVP_MD EVP_MD
-@@ -119,6 +121,7 @@ static const py_hashentry_t py_hashes[]
-     PY_HASH_ENTRY(Py_hash_sha256, "SHA256", SN_sha256, NID_sha256),
-     PY_HASH_ENTRY(Py_hash_sha384, "SHA384", SN_sha384, NID_sha384),
-     PY_HASH_ENTRY(Py_hash_sha512, "SHA512", SN_sha512, NID_sha512),
-+#if !defined(LIBRESSL_VERSION_NUMBER)
-     /* truncated sha2 */
-     PY_HASH_ENTRY(Py_hash_sha512_224, "SHA512_224", SN_sha512_224, NID_sha512_224),
-     PY_HASH_ENTRY(Py_hash_sha512_256, "SHA512_256", SN_sha512_256, NID_sha512_256),
-@@ -133,6 +136,7 @@ static const py_hashentry_t py_hashes[]
-     /* blake2 digest */
-     PY_HASH_ENTRY(Py_hash_blake2s, "blake2s256", SN_blake2s256, NID_blake2s256),
-     PY_HASH_ENTRY(Py_hash_blake2b, "blake2b512", SN_blake2b512, NID_blake2b512),
-+#endif
-     PY_HASH_ENTRY(NULL, NULL, NULL, 0),
- };
- 
-@@ -873,11 +877,15 @@ py_evp_fromname(PyObject *module, const
-         goto exit;
-     }
- 
-+#if defined(LIBRESSL_VERSION_NUMBER)
-+    type = get_hashlib_state(module)->EVPtype;
-+#else
-     if ((EVP_MD_flags(digest) & EVP_MD_FLAG_XOF) == EVP_MD_FLAG_XOF) {
-         type = get_hashlib_state(module)->EVPXOFtype;
-     } else {
-         type = get_hashlib_state(module)->EVPtype;
-     }
-+#endif
- 
-     self = newEVPobject(type);
-     if (self == NULL) {
--- a/lang/python/python3/patches/028-host-python-support-ssl-with-libressl.patch
+++ b/lang/python/python3/patches/028-host-python-support-ssl-with-libressl.patch
@ -1,27 +0,0 @@
--- a/Modules/_ssl.c
-+++ b/Modules/_ssl.c
-@@ -67,6 +67,12 @@
- #  error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL"
- #endif
- 
-+#ifdef LIBRESSL_VERSION_NUMBER
-+static int SSL_CTX_get_security_level(const SSL_CTX *ctx)
-+{
-+    return 1;
-+}
-+#endif
- 
- 
- struct py_ssl_error_code {
-@@ -169,7 +175,11 @@ extern const SSL_METHOD *TLSv1_2_method(
-  * Based on Hynek's excellent blog post (update 2021-02-11)
-  * https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
-  */
-+#ifndef LIBRESSL_VERSION_NUMBER
-   #define PY_SSL_DEFAULT_CIPHER_STRING "@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM"
-+#else
-+  #define PY_SSL_DEFAULT_CIPHER_STRING "ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM"
-+#endif
-   #ifndef PY_SSL_MIN_PROTOCOL
-     #define PY_SSL_MIN_PROTOCOL TLS1_2_VERSION
-   #endif