Includes fix for CVE-2023-40217 (Bypass TLS handshake on closed
sockets).
This also:
* Remove 027-install-python3-symlink-after-stdlib.patch
This was merged upstream in
https://github.com/python/cpython/pull/104693.
* Remove fix for unnecessary linking with libbsd
(60bf01cb60)
This was fixed upstream in
https://github.com/python/cpython/pull/105236.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
026-openssl-feature-flags.patch and
028-host-python-support-ssl-with-libressl.patch were removed in
4ecd9d67e9 to fix the ssl module after
libressl was upgraded to 3.7.0[1].
However, the cause of the ssl module build failure was only
028-host-python-support-ssl-with-libressl.patch.
Removing 026-openssl-feature-flags.patch caused a build failure for the
hashlib module.
This restores 026-openssl-feature-flags.patch with an updated version of
the patch from OpenBSD[2].
[1]: https://github.com/openwrt/packages/issues/20107
[2]: 26a04435bf/lang/python/3.10/patches/patch-Modules__hashopenssl_c
Fixes: 4ecd9d67e9 ("python3: fix ssl support by removing libressl patches")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Remove libressl specific patches. With commit
("tools/libressl: update to 3.7.0") they are no longer needed,
rather they cause python3 to be compiled without working ssl-support.
Fixes: #20107
Suggested-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Nick Hainke <vincent@systemli.org>
Manually re-applied:
008-distutils-use-python-sysroot.patch
016-adjust-config-paths.patch
Drop patch: 003-do-not-run-distutils-tests.patch
There is now a configure option '--disable-test-modules'
And seems we left the '_ctypes_test' around for quite some time.
Dropped now.
Refs:
https://bugs.python.org/issue27640https://bugs.python.org/issue43282
Drop patch: 013-getbuildinfo-date-time-source-date-epoch.patch
Python build honors SOURCE_DATE_EPOCH pretty well now.
Drop setuptools patches. Setuptools should be reproducible with Python 3.6+
according to a mention here:
https://github.com/pypa/setuptools/pull/1690#issuecomment-536517456
It's time to let upstream fix Setuptools reproduce-ability.
Drop patch: 010-do-not-add-rt-lib-dirs-when-cross-compiling.patch
I can't seem to fully remember why it's there.
And it seem to build fine without it.
Drop patch: 015-abort-on-failed-modules.patch
Python build supports a similar PYTHONSTRICTEXTENSIONBUILD=1 env-var
option.
Add patch: 026-openssl-feature-flags.patch
We need to keep this in our tree for a while.
See:
https://bugs.python.org/issue45627
Backport patch: 027-bpo-43158-Use-configure-values-for-building-_uuid-ex.patch
Link: https://github.com/python/cpython/pull/29353
Fixes the build for uuid C module.
Add patch: 028-host-python-support-ssl-with-libressl.patch
We need the _ssl module working on the host-side with LibreSSL for pip to
work to download from https://pypi.org
Refs: https://github.com/openwrt/openwrt/pull/4749
Add patch: 029-disable-deprecation-warning.patch
Fixes apparmor build. The warning causes a configure error.
Refreshed the rest of patches.
Some old build-flags were removed. They don't seem to be necessary anymore.
Split python3-uuid from python3-light. To better manage the libuuid library
(if needed). Also, fixing the uuid C module build. Seems this was failing,
and was falling back to using hashlib.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
