Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

python3: fix ssl support by removing libressl patches

Browse source 
Remove libressl specific patches. With commit
("tools/libressl: update to 3.7.0") they are no longer needed,
rather they cause python3 to be compiled without working ssl-support.

Fixes: #20107
Suggested-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Nick Hainke <vincent@systemli.org>
This commit is contained in:
Nick Hainke 2022-12-20 09:20:45 +01:00
parent 735cba83ce
commit 4ecd9d67e9
3 changed files with 1 additions and 75 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lang/python/python3/Makefile
View file

@ -11,7 +11,7 @@ include $(TOPDIR)/rules.mk
include ../python3-version.mk include ../python3-version.mk
PKG_NAME:=python3 PKG_NAME:=python3
PKG_RELEASE:=1 PKG_RELEASE:=2
PKG_VERSION:=$(PYTHON3_VERSION).$(PYTHON3_VERSION_MICRO) PKG_VERSION:=$(PYTHON3_VERSION).$(PYTHON3_VERSION_MICRO)
PKG_SOURCE:=Python-$(PKG_VERSION).tar.xz PKG_SOURCE:=Python-$(PKG_VERSION).tar.xz

47
lang/python/python3/patches/026-openssl-feature-flags.patch
View file

@ -1,47 +0,0 @@
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -45,10 +45,12 @@
#define MUNCH_SIZE INT_MAX
+#if !defined(LIBRESSL_VERSION_NUMBER)
#define PY_OPENSSL_HAS_SCRYPT 1
#define PY_OPENSSL_HAS_SHA3 1
#define PY_OPENSSL_HAS_SHAKE 1
#define PY_OPENSSL_HAS_BLAKE2 1
+#endif
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#define PY_EVP_MD EVP_MD
@@ -119,6 +121,7 @@ static const py_hashentry_t py_hashes[]
PY_HASH_ENTRY(Py_hash_sha256, "SHA256", SN_sha256, NID_sha256),
PY_HASH_ENTRY(Py_hash_sha384, "SHA384", SN_sha384, NID_sha384),
PY_HASH_ENTRY(Py_hash_sha512, "SHA512", SN_sha512, NID_sha512),
+#if !defined(LIBRESSL_VERSION_NUMBER)
/* truncated sha2 */
PY_HASH_ENTRY(Py_hash_sha512_224, "SHA512_224", SN_sha512_224, NID_sha512_224),
PY_HASH_ENTRY(Py_hash_sha512_256, "SHA512_256", SN_sha512_256, NID_sha512_256),
@@ -133,6 +136,7 @@ static const py_hashentry_t py_hashes[]
/* blake2 digest */
PY_HASH_ENTRY(Py_hash_blake2s, "blake2s256", SN_blake2s256, NID_blake2s256),
PY_HASH_ENTRY(Py_hash_blake2b, "blake2b512", SN_blake2b512, NID_blake2b512),
+#endif
PY_HASH_ENTRY(NULL, NULL, NULL, 0),
};
@@ -873,11 +877,15 @@ py_evp_fromname(PyObject *module, const
goto exit;
}
+#if defined(LIBRESSL_VERSION_NUMBER)
+ type = get_hashlib_state(module)->EVPtype;
+#else
if ((EVP_MD_flags(digest) & EVP_MD_FLAG_XOF) == EVP_MD_FLAG_XOF) {
type = get_hashlib_state(module)->EVPXOFtype;
} else {
type = get_hashlib_state(module)->EVPtype;
}
+#endif
self = newEVPobject(type);
if (self == NULL) {

27
lang/python/python3/patches/028-host-python-support-ssl-with-libressl.patch
View file

@ -1,27 +0,0 @@
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -67,6 +67,12 @@
# error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL"
#endif
+#ifdef LIBRESSL_VERSION_NUMBER
+static int SSL_CTX_get_security_level(const SSL_CTX *ctx)
+{
+ return 1;
+}
+#endif
struct py_ssl_error_code {
@@ -169,7 +175,11 @@ extern const SSL_METHOD *TLSv1_2_method(
* Based on Hynek's excellent blog post (update 2021-02-11)
* https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
*/
+#ifndef LIBRESSL_VERSION_NUMBER
#define PY_SSL_DEFAULT_CIPHER_STRING "@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM"
+#else
+ #define PY_SSL_DEFAULT_CIPHER_STRING "ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM"
+#endif
#ifndef PY_SSL_MIN_PROTOCOL
#define PY_SSL_MIN_PROTOCOL TLS1_2_VERSION
#endif