This update turns on SSL certificate checking by default in http libraries. (There will be a 3.4 release for this soon too).
"When Python's standard library HTTP clients (httplib, urllib, urllib2, xmlrpclib) are used to access resources with HTTPS, by default the certificate is not checked against any trust store, nor is the hostname in the certificate checked against the requested host. It was possible to configure a trust root to be checked against, however there were no faculties for hostname checking." Add a forgotten entry to CHANGES.OpenBSD while there. OK? (I've CC'd ports to save time for anybody else who might jump on this :) Index: 2.7/Makefile =================================================================== RCS file: /cvs/ports/lang/python/2.7/Makefile,v retrieving revision 1.35 diff -u -p -r1.35 Makefile --- 2.7/Makefile 11 Jul 2014 06:59:42 -0000 1.35 +++ 2.7/Makefile 12 Dec 2014 00:21:10 -0000 @@ -1,7 +1,7 @@ # $OpenBSD: Makefile,v 1.35 2014/07/11 06:59:42 rpointel Exp $ VERSION = 2.7 -PATCHLEVEL = .8 +PATCHLEVEL = .9 SHARED_LIBS = python2.7 0.0 VERSION_SPEC = >=2.7,<2.8 Index: 2.7/distinfo =================================================================== RCS file: /cvs/ports/lang/python/2.7/distinfo,v retrieving revision 1.8 diff -u -p -r1.8 distinfo --- 2.7/distinfo 11 Jul 2014 06:59:42 -0000 1.8 +++ 2.7/distinfo 12 Dec 2014 00:21:10 -0000 @@ -1,2 +1,2 @@ -SHA256 (Python-2.7.8.tgz) = dNcLkU2kSHqh2XIisp6VVNBC+CXybLK5Or0g/dpWtVc= -SIZE (Python-2.7.8.tgz) = 14846119 +SHA256 (Python-2.7.9.tgz) = yLujPmasMgHavcVW8Op8/mrBGUbsMtNXxMb5sBjBLFs= +SIZE (Python-2.7.9.tgz) = 16657930 Index: 2.7/files/CHANGES.OpenBSD =================================================================== RCS file: /cvs/ports/lang/python/2.7/files/CHANGES.OpenBSD,v retrieving revision 1.5 diff -u -p -r1.5 CHANGES.OpenBSD --- 2.7/files/CHANGES.OpenBSD 22 May 2013 12:43:53 -0000 1.5 +++ 2.7/files/CHANGES.OpenBSD 12 Dec 2014 00:21:10 -0000 @@ -7,5 +7,7 @@ of changes made to this version of Pytho 2. INSTSONAME could be incorrect, configure.ac was patched to fix it. +3. RAND_egd support has been disabled, as it is not available in LibreSSL. + These changes are available in the OpenBSD CVS repository <http://www.openbsd.org/anoncvs.html> in ports/lang/python/2.7. Index: 2.7/patches/patch-Lib_ssl_py =================================================================== RCS file: /cvs/ports/lang/python/2.7/patches/patch-Lib_ssl_py,v retrieving revision 1.1 diff -u -p -r1.1 patch-Lib_ssl_py --- 2.7/patches/patch-Lib_ssl_py 19 Apr 2014 13:53:15 -0000 1.1 +++ 2.7/patches/patch-Lib_ssl_py 12 Dec 2014 00:21:10 -0000 @@ -1,12 +1,12 @@ $OpenBSD: patch-Lib_ssl_py,v 1.1 2014/04/19 13:53:15 espie Exp $ ---- Lib/ssl.py.orig Sat Apr 19 15:49:44 2014 -+++ Lib/ssl.py Sat Apr 19 15:49:58 2014 -@@ -62,7 +62,7 @@ import _ssl # if we can't import it, let t - from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION - from _ssl import SSLError - from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +--- Lib/ssl.py.orig Wed Dec 10 15:59:40 2014 ++++ Lib/ssl.py Fri Dec 12 00:17:11 2014 +@@ -106,7 +106,7 @@ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIR + from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN, + VERIFY_X509_STRICT) + from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj -from _ssl import RAND_status, RAND_egd, RAND_add +from _ssl import RAND_status, RAND_add - from _ssl import \ - SSL_ERROR_ZERO_RETURN, \ - SSL_ERROR_WANT_READ, \ + + def _import_symbols(prefix): + for n in dir(_ssl): Index: 2.7/patches/patch-Lib_test_regrtest_py =================================================================== RCS file: /cvs/ports/lang/python/2.7/patches/patch-Lib_test_regrtest_py,v retrieving revision 1.6 diff -u -p -r1.6 patch-Lib_test_regrtest_py --- 2.7/patches/patch-Lib_test_regrtest_py 9 Jan 2014 18:03:35 -0000 1.6 +++ 2.7/patches/patch-Lib_test_regrtest_py 12 Dec 2014 00:21:10 -0000 @@ -3,9 +3,9 @@ $OpenBSD: patch-Lib_test_regrtest_py,v 1 - test_bsddb and test_bsddb3 are in the list below as they are only available on i386 and amd64. ---- Lib/test/regrtest.py.orig Sun Nov 10 07:36:40 2013 -+++ Lib/test/regrtest.py Fri Nov 22 02:36:23 2013 -@@ -1416,22 +1416,16 @@ _expectations = { +--- Lib/test/regrtest.py.orig Wed Dec 10 15:59:41 2014 ++++ Lib/test/regrtest.py Fri Dec 12 00:15:59 2014 +@@ -1427,22 +1427,16 @@ _expectations = { """, 'openbsd3': """ @@ -30,7 +30,7 @@ $OpenBSD: patch-Lib_test_regrtest_py,v 1 """, 'netbsd3': """ -@@ -1458,6 +1452,8 @@ _expectations['freebsd5'] = _expectations['freebsd4'] +@@ -1469,6 +1463,8 @@ _expectations['freebsd5'] = _expectations['freebsd4'] _expectations['freebsd6'] = _expectations['freebsd4'] _expectations['freebsd7'] = _expectations['freebsd4'] _expectations['freebsd8'] = _expectations['freebsd4'] Index: 2.7/patches/patch-Lib_test_test_file2k_py =================================================================== RCS file: /cvs/ports/lang/python/2.7/patches/patch-Lib_test_test_file2k_py,v retrieving revision 1.1 diff -u -p -r1.1 patch-Lib_test_test_file2k_py --- 2.7/patches/patch-Lib_test_test_file2k_py 11 Jul 2014 06:59:43 -0000 1.1 +++ 2.7/patches/patch-Lib_test_test_file2k_py 12 Dec 2014 00:21:10 -0000 @@ -2,8 +2,8 @@ $OpenBSD: patch-Lib_test_test_file2k_py, No /dev/full on OpenBSD (http://bugs.python.org/issue21934). ---- Lib/test/test_file2k.py.orig Sat May 31 14:58:39 2014 -+++ Lib/test/test_file2k.py Sat Jul 5 08:37:49 2014 +--- Lib/test/test_file2k.py.orig Wed Dec 10 15:59:44 2014 ++++ Lib/test/test_file2k.py Fri Dec 12 00:15:59 2014 @@ -4,6 +4,7 @@ import unittest import itertools import select @@ -43,5 +43,5 @@ No /dev/full on OpenBSD (http://bugs.pyt + else: + self.skipTest("requires '/dev/full'") - class FileSubclassTests(unittest.TestCase): - + @unittest.skipUnless(sys.maxsize > 2**31, "requires 64-bit system") + @test_support.precisionbigmemtest(2**31, 2.5, dry_run=False) Index: 2.7/patches/patch-Lib_test_test_socket_py =================================================================== RCS file: /cvs/ports/lang/python/2.7/patches/patch-Lib_test_test_socket_py,v retrieving revision 1.4 diff -u -p -r1.4 patch-Lib_test_test_socket_py --- 2.7/patches/patch-Lib_test_test_socket_py 11 Jul 2014 06:59:43 -0000 1.4 +++ 2.7/patches/patch-Lib_test_test_socket_py 12 Dec 2014 00:21:10 -0000 @@ -1,9 +1,9 @@ $OpenBSD: patch-Lib_test_test_socket_py,v 1.4 2014/07/11 06:59:43 rpointel Exp $ security fix: http://bugs.python.org/issue20246 ---- Lib/test/test_socket.py.orig Mon Jun 30 04:05:36 2014 -+++ Lib/test/test_socket.py Wed Jul 9 11:41:15 2014 -@@ -1660,6 +1660,16 @@ class BufferIOTest(SocketConnectedTest): +--- Lib/test/test_socket.py.orig Wed Dec 10 15:59:47 2014 ++++ Lib/test/test_socket.py Fri Dec 12 00:15:59 2014 +@@ -1694,6 +1694,16 @@ class BufferIOTest(SocketConnectedTest): _testRecvFromIntoEmptyBuffer = _testRecvFromIntoArray Index: 2.7/patches/patch-Lib_test_test_ssl_py =================================================================== RCS file: /cvs/ports/lang/python/2.7/patches/patch-Lib_test_test_ssl_py,v retrieving revision 1.1 diff -u -p -r1.1 patch-Lib_test_test_ssl_py --- 2.7/patches/patch-Lib_test_test_ssl_py 11 Jul 2014 06:59:43 -0000 1.1 +++ 2.7/patches/patch-Lib_test_test_ssl_py 12 Dec 2014 00:21:10 -0000 @@ -2,9 +2,9 @@ $OpenBSD: patch-Lib_test_test_ssl_py,v 1 No RAND_egd on OpenBSD. ---- Lib/test/test_ssl.py.orig Fri Jul 4 17:30:14 2014 -+++ Lib/test/test_ssl.py Fri Jul 4 17:31:09 2014 -@@ -96,8 +96,6 @@ class BasicSocketTests(unittest.TestCase): +--- Lib/test/test_ssl.py.orig Wed Dec 10 15:59:47 2014 ++++ Lib/test/test_ssl.py Fri Dec 12 00:15:59 2014 +@@ -169,8 +169,6 @@ class BasicSocketTests(unittest.TestCase): sys.stdout.write("\n RAND_status is %d (%s)\n" % (v, (v and "sufficient randomness") or "insufficient randomness")) Index: 2.7/patches/patch-Makefile_pre_in =================================================================== RCS file: /cvs/ports/lang/python/2.7/patches/patch-Makefile_pre_in,v retrieving revision 1.7 diff -u -p -r1.7 patch-Makefile_pre_in --- 2.7/patches/patch-Makefile_pre_in 9 Jan 2014 18:03:35 -0000 1.7 +++ 2.7/patches/patch-Makefile_pre_in 12 Dec 2014 00:21:10 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-Makefile_pre_in,v 1.7 2014/01/09 18:03:35 fgsch Exp $ ---- Makefile.pre.in.orig Sun Nov 10 08:36:41 2013 -+++ Makefile.pre.in Mon Nov 11 15:27:59 2013 -@@ -499,7 +499,7 @@ gdbhooks: $(BUILDPYTHON)-gdb.py +--- Makefile.pre.in.orig Wed Dec 10 15:59:50 2014 ++++ Makefile.pre.in Fri Dec 12 00:15:59 2014 +@@ -512,7 +512,7 @@ gdbhooks: $(BUILDPYTHON)-gdb.py SRC_GDB_HOOKS=$(srcdir)/Tools/gdb/libpython.py $(BUILDPYTHON)-gdb.py: $(SRC_GDB_HOOKS) Index: 2.7/patches/patch-Modules__ssl_c =================================================================== RCS file: /cvs/ports/lang/python/2.7/patches/patch-Modules__ssl_c,v retrieving revision 1.2 diff -u -p -r1.2 patch-Modules__ssl_c --- 2.7/patches/patch-Modules__ssl_c 11 Jul 2014 06:59:43 -0000 1.2 +++ 2.7/patches/patch-Modules__ssl_c 12 Dec 2014 00:21:10 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-Modules__ssl_c,v 1.2 2014/07/11 06:59:43 rpointel Exp $ ---- Modules/_ssl.c.orig Mon Jun 30 04:05:42 2014 -+++ Modules/_ssl.c Wed Jul 9 11:41:16 2014 -@@ -1601,32 +1601,6 @@ Returns 1 if the OpenSSL PRNG has been seeded with eno +--- Modules/_ssl.c.orig Wed Dec 10 15:59:53 2014 ++++ Modules/_ssl.c Fri Dec 12 00:16:51 2014 +@@ -3301,32 +3301,6 @@ Returns 1 if the OpenSSL PRNG has been seeded with eno It is necessary to seed the PRNG with RAND_add() on some platforms before\n\ using the ssl() function."); @@ -34,11 +34,11 @@ $OpenBSD: patch-Modules__ssl_c,v 1.2 201 #endif /* HAVE_OPENSSL_RAND */ -@@ -1640,8 +1614,6 @@ static PyMethodDef PySSL_methods[] = { +@@ -3720,8 +3694,6 @@ static PyMethodDef PySSL_methods[] = { #ifdef HAVE_OPENSSL_RAND {"RAND_add", PySSL_RAND_add, METH_VARARGS, PySSL_RAND_add_doc}, -- {"RAND_egd", PySSL_RAND_egd, METH_O, +- {"RAND_egd", PySSL_RAND_egd, METH_VARARGS, - PySSL_RAND_egd_doc}, {"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS, PySSL_RAND_status_doc}, Index: 2.7/patches/patch-configure_ac =================================================================== RCS file: /cvs/ports/lang/python/2.7/patches/patch-configure_ac,v retrieving revision 1.4 diff -u -p -r1.4 patch-configure_ac --- 2.7/patches/patch-configure_ac 11 Jul 2014 06:59:43 -0000 1.4 +++ 2.7/patches/patch-configure_ac 12 Dec 2014 00:21:10 -0000 @@ -4,9 +4,9 @@ SOVERSION defaults to 1.0. SHARED_LIBS, at any point. Ensure they are on sync in case INSTSONAME is used by a third party. ---- configure.ac.orig Mon Jun 30 04:05:48 2014 -+++ configure.ac Wed Jul 9 11:41:18 2014 -@@ -891,6 +891,9 @@ if test $enable_shared = "yes"; then +--- configure.ac.orig Wed Dec 10 16:00:00 2014 ++++ configure.ac Fri Dec 12 00:15:59 2014 +@@ -894,6 +894,9 @@ if test $enable_shared = "yes"; then FreeBSD*) SOVERSION=`echo $SOVERSION|cut -d "." -f 1` ;; Index: 2.7/patches/patch-setup_py =================================================================== RCS file: /cvs/ports/lang/python/2.7/patches/patch-setup_py,v retrieving revision 1.9 diff -u -p -r1.9 patch-setup_py --- 2.7/patches/patch-setup_py 11 Jul 2014 06:59:43 -0000 1.9 +++ 2.7/patches/patch-setup_py 12 Dec 2014 00:21:10 -0000 @@ -1,6 +1,6 @@ $OpenBSD: patch-setup_py,v 1.9 2014/07/11 06:59:43 rpointel Exp $ ---- setup.py.orig Mon Jun 30 04:05:48 2014 -+++ setup.py Wed Jul 9 11:41:16 2014 +--- setup.py.orig Wed Dec 10 16:00:01 2014 ++++ setup.py Fri Dec 12 00:15:59 2014 @@ -35,6 +35,11 @@ COMPILED_WITH_PYDEBUG = ('--with-pydebug' in sysconfig # This global variable is used to hold the list of modules to be disabled. disabled_module_list = [] @@ -13,7 +13,7 @@ $OpenBSD: patch-setup_py,v 1.9 2014/07/1 def add_dir_to_list(dirlist, dir): """Add the directory 'dir' to the list 'dirlist' (at the front) if 1) 'dir' is not already in 'dirlist' -@@ -438,8 +443,8 @@ class PyBuildExt(build_ext): +@@ -440,8 +445,8 @@ class PyBuildExt(build_ext): def detect_modules(self): # Ensure that /usr/local is always used if not cross_compiling: @@ -24,7 +24,7 @@ $OpenBSD: patch-setup_py,v 1.9 2014/07/1 if cross_compiling: self.add_gcc_paths() self.add_multiarch_paths() -@@ -764,6 +769,8 @@ class PyBuildExt(build_ext): +@@ -766,6 +771,8 @@ class PyBuildExt(build_ext): 'termcap'): readline_libs.append('termcap') exts.append( Extension('readline', ['readline.c'], @@ -33,7 +33,7 @@ $OpenBSD: patch-setup_py,v 1.9 2014/07/1 library_dirs=['/usr/lib/termcap'], extra_link_args=readline_extra_link_args, libraries=readline_libs) ) -@@ -900,7 +907,7 @@ class PyBuildExt(build_ext): +@@ -902,7 +909,7 @@ class PyBuildExt(build_ext): # BerkeleyDB 4.6.x is not stable on many architectures. arch = platform_machine() if arch not in ('i386', 'i486', 'i586', 'i686', @@ -42,7 +42,7 @@ $OpenBSD: patch-setup_py,v 1.9 2014/07/1 return False return True -@@ -970,6 +977,7 @@ class PyBuildExt(build_ext): +@@ -972,6 +979,7 @@ class PyBuildExt(build_ext): std_variants.append(os.path.join(dn, "db3.%d"%x)) db_inc_paths = std_variants + db_inc_paths @@ -50,7 +50,7 @@ $OpenBSD: patch-setup_py,v 1.9 2014/07/1 db_inc_paths = [p for p in db_inc_paths if os.path.exists(p)] db_ver_inc_map = {} -@@ -1033,6 +1041,7 @@ class PyBuildExt(build_ext): +@@ -1035,6 +1043,7 @@ class PyBuildExt(build_ext): db_incdir.replace("include", 'lib64'), db_incdir.replace("include", 'lib'), ] @@ -58,7 +58,7 @@ $OpenBSD: patch-setup_py,v 1.9 2014/07/1 if host_platform != 'darwin': db_dirs_to_check = filter(os.path.isdir, db_dirs_to_check) -@@ -1055,6 +1064,7 @@ class PyBuildExt(build_ext): +@@ -1057,6 +1066,7 @@ class PyBuildExt(build_ext): # symlink to more general names? for dblib in (('db-%d.%d' % db_ver), ('db%d%d' % db_ver), @@ -66,7 +66,7 @@ $OpenBSD: patch-setup_py,v 1.9 2014/07/1 ('db%d' % db_ver[0])): dblib_file = self.compiler.find_library_file( db_dirs_to_check + lib_dirs, dblib ) -@@ -1212,7 +1222,7 @@ class PyBuildExt(build_ext): +@@ -1214,7 +1224,7 @@ class PyBuildExt(build_ext): sysroot = macosx_sdk_root() f = os.path.join(sysroot, f[1:]) @@ -75,7 +75,7 @@ $OpenBSD: patch-setup_py,v 1.9 2014/07/1 data = open(f).read() m = re.search(r"#s*define\s+HASHVERSION\s+2\s*", data) if m is not None: -@@ -1606,6 +1616,9 @@ class PyBuildExt(build_ext): +@@ -1608,6 +1618,9 @@ class PyBuildExt(build_ext): 'freebsd7', 'freebsd8') or host_platform.startswith("gnukfreebsd")): exts.append( Extension('ossaudiodev', ['ossaudiodev.c']) ) @@ -85,7 +85,7 @@ $OpenBSD: patch-setup_py,v 1.9 2014/07/1 else: missing.append('ossaudiodev') -@@ -1818,7 +1831,7 @@ class PyBuildExt(build_ext): +@@ -1820,7 +1833,7 @@ class PyBuildExt(build_ext): # For 8.4a2, the X11 headers are not included. Rather than include a # complicated search, this is a hard-coded path. It could bail out # if X11 libs are not found... @@ -94,7 +94,7 @@ $OpenBSD: patch-setup_py,v 1.9 2014/07/1 frameworks = ['-framework', 'Tcl', '-framework', 'Tk'] # All existing framework builds of Tcl/Tk don't support 64-bit -@@ -1873,8 +1886,7 @@ class PyBuildExt(build_ext): +@@ -1875,8 +1888,7 @@ class PyBuildExt(build_ext): # The versions with dots are used on Unix, and the versions without # dots on Windows, for detection by cygwin. tcllib = tklib = tcl_includes = tk_includes = None @@ -104,7 +104,7 @@ $OpenBSD: patch-setup_py,v 1.9 2014/07/1 tklib = self.compiler.find_library_file(lib_dirs, 'tk' + version) tcllib = self.compiler.find_library_file(lib_dirs, -@@ -1917,17 +1929,9 @@ class PyBuildExt(build_ext): +@@ -1919,17 +1931,9 @@ class PyBuildExt(build_ext): if host_platform == 'sunos5': include_dirs.append('/usr/openwin/include') added_lib_dirs.append('/usr/openwin/lib') Index: 2.7/pkg/PLIST-main =================================================================== RCS file: /cvs/ports/lang/python/2.7/pkg/PLIST-main,v retrieving revision 1.11 diff -u -p -r1.11 PLIST-main --- 2.7/pkg/PLIST-main 11 Jul 2014 06:59:43 -0000 1.11 +++ 2.7/pkg/PLIST-main 12 Dec 2014 00:21:10 -0000 @@ -1536,7 +1536,7 @@ lib/python2.7/keyword.py lib/python2.7/keyword.pyc lib/python2.7/keyword.pyo lib/python2.7/lib-dynload/ -lib/python2.7/lib-dynload/Python-2.7.8-py2.7.egg-info +lib/python2.7/lib-dynload/Python-2.7.9-py2.7.egg-info lib/python2.7/lib-dynload/_bisect.so lib/python2.7/lib-dynload/_codecs_cn.so lib/python2.7/lib-dynload/_codecs_hk.so @@ -1600,9 +1600,9 @@ lib/python2.7/lib-dynload/unicodedata.so lib/python2.7/lib-dynload/zlib.so lib/python2.7/lib2to3/ lib/python2.7/lib2to3/Grammar.txt -lib/python2.7/lib2to3/Grammar2.7.8.final.0.pickle +lib/python2.7/lib2to3/Grammar2.7.9.final.0.pickle lib/python2.7/lib2to3/PatternGrammar.txt -lib/python2.7/lib2to3/PatternGrammar2.7.8.final.0.pickle +lib/python2.7/lib2to3/PatternGrammar2.7.9.final.0.pickle lib/python2.7/lib2to3/__init__.py lib/python2.7/lib2to3/__init__.pyc lib/python2.7/lib2to3/__init__.pyo Index: 3.4/files/CHANGES.OpenBSD =================================================================== RCS file: /cvs/ports/lang/python/3.4/files/CHANGES.OpenBSD,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 CHANGES.OpenBSD --- 3.4/files/CHANGES.OpenBSD 13 Apr 2014 07:10:12 -0000 1.1.1.1 +++ 3.4/files/CHANGES.OpenBSD 12 Dec 2014 00:21:10 -0000 @@ -7,5 +7,7 @@ of changes made to this version of Pytho 2. INSTSONAME could be incorrect, configure.ac was patched to fix it. +3. RAND_egd support has been disabled, as it is not available in LibreSSL. + These changes are available in the OpenBSD CVS repository <http://www.openbsd.org/anoncvs.html> in ports/lang/python/3.4.
