[gentoo-commits] repo/proj/libressl:master commit in: dev-lang/python/files/, dev-lang/python/

Quentin Retornaz Sat, 19 Nov 2022 09:27:46 -0800

commit:     503381926543fc0c62407be5f01781a141707750
Author:     Mike Skec <skec <AT> protonmail <DOT> ch>
AuthorDate: Fri Nov 18 06:05:01 2022 +0000
Commit:     Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
CommitDate: Sat Nov 19 17:26:48 2022 +0000
URL:        https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=50338192


dev-lang/python: merge 3.10.3+ patch files

Signed-off-by: Mike Skec <skec <AT> protonmail.ch>
Closes: https://github.com/gentoo/libressl/pull/476
Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>

 ...libressl.patch => python-3.10.3-libressl.patch} | 42 ++++++++++++++++++++++
 .../python/files/python-3.10.3-ssl-libressl.patch  | 40 ---------------------
 dev-lang/python/python-3.10.8_p2.ebuild            |  3 +-
 dev-lang/python/python-3.10.8_p3.ebuild            |  3 +-
 dev-lang/python/python-3.11.0_p1.ebuild            |  3 +-
 dev-lang/python/python-3.11.0_p2.ebuild            |  3 +-
 6 files changed, 46 insertions(+), 48 deletions(-)

diff --git a/dev-lang/python/files/python-3.10.3-hashopenssl-libressl.patch 
b/dev-lang/python/files/python-3.10.3-libressl.patch
similarity index 54%
rename from dev-lang/python/files/python-3.10.3-hashopenssl-libressl.patch
rename to dev-lang/python/files/python-3.10.3-libressl.patch
index 46cbbe7..68dd937 100644
--- a/dev-lang/python/files/python-3.10.3-hashopenssl-libressl.patch
+++ b/dev-lang/python/files/python-3.10.3-libressl.patch
@@ -1,3 +1,45 @@
+Neuter security level things for LibreSSL < 3.6.0
+
+diff --git a/Modules/_ssl.c b/Modules/_ssl.c
+index d11ec05..4cb9479 100644
+--- a/Modules/_ssl.c
++++ b/Modules/_ssl.c
+@@ -171,7 +171,15 @@ extern const SSL_METHOD *TLSv1_2_method(void);
+  * Based on Hynek's excellent blog post (update 2021-02-11)
+  * https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
+  */
+-  #define PY_SSL_DEFAULT_CIPHER_STRING 
"@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM"
++
++  // libssl can only parse @SECLEVEL annotations with LibreSSL 3.6.0 and 
later.
++  #if defined(LIBRESSL_VERSION_NUMBER) && \
++             (LIBRESSL_VERSION_NUMBER >= 0x03060000f)
++    #define PY_SSL_DEFAULT_CIPHER_STRING 
"@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM"
++  #else
++    #define PY_SSL_DEFAULT_CIPHER_STRING 
"ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM"
++  #endif
++
+   #ifndef PY_SSL_MIN_PROTOCOL
+     #define PY_SSL_MIN_PROTOCOL TLS1_2_VERSION
+   #endif
+@@ -3584,6 +3592,16 @@ PyDoc_STRVAR(PySSLContext_num_tickets_doc,
+ "Control the number of TLSv1.3 session tickets");
+ #endif /* TLS1_3_VERSION */
+
++// Fall back to security level 1 for LibreSSL < 3.6.0
++#if defined(LIBRESSL_VERSION_NUMBER) && \
++           (LIBRESSL_VERSION_NUMBER < 0x03060000f)
++static int
++SSL_CTX_get_security_level(const SSL_CTX *ctx)
++{
++    return 1;
++}
++#endif
++
+ static PyObject *
+ get_security_level(PySSLContext *self, void *c)
+ {
+
+Fix for _hashopenssl module.
 
https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/lang/python/3.11/patches/patch-Modules__hashopenssl_c
 
 Index: Modules/_hashopenssl.c

diff --git a/dev-lang/python/files/python-3.10.3-ssl-libressl.patch 
b/dev-lang/python/files/python-3.10.3-ssl-libressl.patch
deleted file mode 100644
index 78b6291..0000000
--- a/dev-lang/python/files/python-3.10.3-ssl-libressl.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-Neuter security level things for LibreSSL < 3.6.0
-
-diff --git a/Modules/_ssl.c b/Modules/_ssl.c
-index d11ec05..4cb9479 100644
---- a/Modules/_ssl.c
-+++ b/Modules/_ssl.c
-@@ -171,7 +171,15 @@ extern const SSL_METHOD *TLSv1_2_method(void);
-  * Based on Hynek's excellent blog post (update 2021-02-11)
-  * https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
-  */
--  #define PY_SSL_DEFAULT_CIPHER_STRING 
"@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM"
-+
-+  // libssl can only parse @SECLEVEL annotations with LibreSSL 3.6.0 and 
later.
-+  #if defined(LIBRESSL_VERSION_NUMBER) && \
-+             (LIBRESSL_VERSION_NUMBER >= 0x03060000f)
-+    #define PY_SSL_DEFAULT_CIPHER_STRING 
"@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM"
-+  #else
-+    #define PY_SSL_DEFAULT_CIPHER_STRING 
"ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM"
-+  #endif
-+
-   #ifndef PY_SSL_MIN_PROTOCOL
-     #define PY_SSL_MIN_PROTOCOL TLS1_2_VERSION
-   #endif
-@@ -3584,6 +3592,16 @@ PyDoc_STRVAR(PySSLContext_num_tickets_doc,
- "Control the number of TLSv1.3 session tickets");
- #endif /* TLS1_3_VERSION */
- 
-+// Fall back to security level 1 for LibreSSL < 3.6.0
-+#if defined(LIBRESSL_VERSION_NUMBER) && \
-+           (LIBRESSL_VERSION_NUMBER < 0x03060000f)
-+static int
-+SSL_CTX_get_security_level(const SSL_CTX *ctx)
-+{
-+    return 1;
-+}
-+#endif
-+
- static PyObject *
- get_security_level(PySSLContext *self, void *c)
- {

diff --git a/dev-lang/python/python-3.10.8_p2.ebuild 
b/dev-lang/python/python-3.10.8_p2.ebuild
index 87a3e07..0aa5e16 100644
--- a/dev-lang/python/python-3.10.8_p2.ebuild
+++ b/dev-lang/python/python-3.10.8_p2.ebuild
@@ -113,8 +113,7 @@ src_prepare() {
 
        local PATCHES=(
                "${WORKDIR}/${PATCHSET}"
-               "${FILESDIR}"/${PN}-3.10.3-hashopenssl-libressl.patch
-               "${FILESDIR}"/${PN}-3.10.3-ssl-libressl.patch
+               "${FILESDIR}"/${PN}-3.10.3-libressl.patch
        )
 
        default

diff --git a/dev-lang/python/python-3.10.8_p3.ebuild 
b/dev-lang/python/python-3.10.8_p3.ebuild
index a07e7b6..393aa9b 100644
--- a/dev-lang/python/python-3.10.8_p3.ebuild
+++ b/dev-lang/python/python-3.10.8_p3.ebuild
@@ -113,8 +113,7 @@ src_prepare() {
 
        local PATCHES=(
                "${WORKDIR}/${PATCHSET}"
-               "${FILESDIR}"/${PN}-3.10.3-hashopenssl-libressl.patch
-               "${FILESDIR}"/${PN}-3.10.3-ssl-libressl.patch
+               "${FILESDIR}"/${PN}-3.10.3-libressl.patch
        )
 
        default

diff --git a/dev-lang/python/python-3.11.0_p1.ebuild 
b/dev-lang/python/python-3.11.0_p1.ebuild
index 8c41902..b2c6dff 100644
--- a/dev-lang/python/python-3.11.0_p1.ebuild
+++ b/dev-lang/python/python-3.11.0_p1.ebuild
@@ -118,8 +118,7 @@ src_prepare() {
 
        local PATCHES=(
                "${WORKDIR}/${PATCHSET}"
-               "${FILESDIR}"/${PN}-3.10.3-hashopenssl-libressl.patch
-               "${FILESDIR}"/${PN}-3.10.3-ssl-libressl.patch
+               "${FILESDIR}"/${PN}-3.10.3-libressl.patch
        )
 
        default

diff --git a/dev-lang/python/python-3.11.0_p2.ebuild 
b/dev-lang/python/python-3.11.0_p2.ebuild
index a488ba8..eb5b1bb 100644
--- a/dev-lang/python/python-3.11.0_p2.ebuild
+++ b/dev-lang/python/python-3.11.0_p2.ebuild
@@ -118,8 +118,7 @@ src_prepare() {
 
        local PATCHES=(
                "${WORKDIR}/${PATCHSET}"
-               "${FILESDIR}"/${PN}-3.10.3-hashopenssl-libressl.patch
-               "${FILESDIR}"/${PN}-3.10.3-ssl-libressl.patch
+               "${FILESDIR}"/${PN}-3.10.3-libressl.patch
        )
 
        default

[gentoo-commits] repo/proj/libressl:master commit in: dev-lang/python/files/, dev-lang/python/

Reply via email to