From 5f0056886a82d39f5005cdfe6ac08bafd1008968 Mon Sep 17 00:00:00 2001 From: "Yamashita, Yuu" Date: Fri, 18 Dec 2015 13:14:27 +0000 Subject: [PATCH] Add `OPENSSL_NO_SSL3` patch for 2.7.3 .. 2.7.8 --- .../Python-2.7.3/004_openssl_no_ssl3.patch | 13 --- .../2.7.3/Python-2.7.3/010_ssl_no_ssl3.patch | 98 +++++++++++++++++++ .../Python-2.7.4/004_openssl_no_ssl3.patch | 13 --- .../2.7.4/Python-2.7.4/010_ssl_no_ssl3.patch | 98 +++++++++++++++++++ .../Python-2.7.5/004_openssl_no_ssl3.patch | 13 --- .../2.7.5/Python-2.7.5/010_ssl_no_ssl3.patch | 98 +++++++++++++++++++ .../Python-2.7.6/004_openssl_no_ssl3.patch | 13 --- .../2.7.6/Python-2.7.6/010_ssl_no_ssl3.patch | 98 +++++++++++++++++++ .../Python-2.7.7/004_openssl_no_ssl3.patch | 13 --- .../2.7.7/Python-2.7.7/010_ssl_no_ssl3.patch | 98 +++++++++++++++++++ .../Python-2.7.8/004_openssl_no_ssl3.patch | 13 --- .../2.7.8/Python-2.7.8/010_ssl_no_ssl3.patch | 98 +++++++++++++++++++ 12 files changed, 588 insertions(+), 78 deletions(-) delete mode 100644 plugins/python-build/share/python-build/patches/2.7.3/Python-2.7.3/004_openssl_no_ssl3.patch create mode 100644 plugins/python-build/share/python-build/patches/2.7.3/Python-2.7.3/010_ssl_no_ssl3.patch delete mode 100644 plugins/python-build/share/python-build/patches/2.7.4/Python-2.7.4/004_openssl_no_ssl3.patch create mode 100644 plugins/python-build/share/python-build/patches/2.7.4/Python-2.7.4/010_ssl_no_ssl3.patch delete mode 100644 plugins/python-build/share/python-build/patches/2.7.5/Python-2.7.5/004_openssl_no_ssl3.patch create mode 100644 plugins/python-build/share/python-build/patches/2.7.5/Python-2.7.5/010_ssl_no_ssl3.patch delete mode 100644 plugins/python-build/share/python-build/patches/2.7.6/Python-2.7.6/004_openssl_no_ssl3.patch create mode 100644 plugins/python-build/share/python-build/patches/2.7.6/Python-2.7.6/010_ssl_no_ssl3.patch delete mode 100644 plugins/python-build/share/python-build/patches/2.7.7/Python-2.7.7/004_openssl_no_ssl3.patch create mode 100644 plugins/python-build/share/python-build/patches/2.7.7/Python-2.7.7/010_ssl_no_ssl3.patch delete mode 100644 plugins/python-build/share/python-build/patches/2.7.8/Python-2.7.8/004_openssl_no_ssl3.patch create mode 100644 plugins/python-build/share/python-build/patches/2.7.8/Python-2.7.8/010_ssl_no_ssl3.patch diff --git a/plugins/python-build/share/python-build/patches/2.7.3/Python-2.7.3/004_openssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.3/Python-2.7.3/004_openssl_no_ssl3.patch deleted file mode 100644 index 3212d281..00000000 --- a/plugins/python-build/share/python-build/patches/2.7.3/Python-2.7.3/004_openssl_no_ssl3.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- Modules/_ssl.c.orig 2015-12-06 09:38:40.581734108 -0500 -+++ Modules/_ssl.c 2015-12-06 09:40:29.953991951 -0500 -@@ -302,8 +302,10 @@ - PySSL_BEGIN_ALLOW_THREADS - if (proto_version == PY_SSL_VERSION_TLS1) - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL3 - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#endif - #ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ diff --git a/plugins/python-build/share/python-build/patches/2.7.3/Python-2.7.3/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.3/Python-2.7.3/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..8845e45d --- /dev/null +++ b/plugins/python-build/share/python-build/patches/2.7.3/Python-2.7.3/010_ssl_no_ssl3.patch @@ -0,0 +1,98 @@ +diff -r -u ../Python-2.7.8.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-2.7.8.orig/Lib/ssl.py 2014-06-30 02:05:31.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 14:04:15.266072550 +0000 +@@ -62,30 +62,29 @@ + from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import \ +- SSL_ERROR_ZERO_RETURN, \ +- SSL_ERROR_WANT_READ, \ +- SSL_ERROR_WANT_WRITE, \ +- SSL_ERROR_WANT_X509_LOOKUP, \ +- SSL_ERROR_SYSCALL, \ +- SSL_ERROR_SSL, \ +- SSL_ERROR_WANT_CONNECT, \ +- SSL_ERROR_EOF, \ +- SSL_ERROR_INVALID_ERROR_CODE +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++from _ssl import RAND_status, RAND_add + try: +- from _ssl import PROTOCOL_SSLv2 +- _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++ from _ssl import RAND_egd + except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('ALERT_DESCRIPTION_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} ++ ++try: ++ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++except NameError: + _SSLv2_IF_EXISTS = None +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + + from socket import socket, _fileobject, _delegate_methods, error as socket_error + from socket import getnameinfo as _getnameinfo +@@ -436,7 +435,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodestring(d) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. +diff -r -u ../Python-2.7.8.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-2.7.8.orig/Modules/_ssl.c 2014-06-30 02:05:42.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 14:02:42.618029896 +0000 +@@ -67,7 +67,9 @@ + #ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, + #endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3=1, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -306,8 +308,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ +@@ -1808,8 +1812,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/2.7.4/Python-2.7.4/004_openssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.4/Python-2.7.4/004_openssl_no_ssl3.patch deleted file mode 100644 index 3212d281..00000000 --- a/plugins/python-build/share/python-build/patches/2.7.4/Python-2.7.4/004_openssl_no_ssl3.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- Modules/_ssl.c.orig 2015-12-06 09:38:40.581734108 -0500 -+++ Modules/_ssl.c 2015-12-06 09:40:29.953991951 -0500 -@@ -302,8 +302,10 @@ - PySSL_BEGIN_ALLOW_THREADS - if (proto_version == PY_SSL_VERSION_TLS1) - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL3 - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#endif - #ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ diff --git a/plugins/python-build/share/python-build/patches/2.7.4/Python-2.7.4/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.4/Python-2.7.4/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..8845e45d --- /dev/null +++ b/plugins/python-build/share/python-build/patches/2.7.4/Python-2.7.4/010_ssl_no_ssl3.patch @@ -0,0 +1,98 @@ +diff -r -u ../Python-2.7.8.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-2.7.8.orig/Lib/ssl.py 2014-06-30 02:05:31.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 14:04:15.266072550 +0000 +@@ -62,30 +62,29 @@ + from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import \ +- SSL_ERROR_ZERO_RETURN, \ +- SSL_ERROR_WANT_READ, \ +- SSL_ERROR_WANT_WRITE, \ +- SSL_ERROR_WANT_X509_LOOKUP, \ +- SSL_ERROR_SYSCALL, \ +- SSL_ERROR_SSL, \ +- SSL_ERROR_WANT_CONNECT, \ +- SSL_ERROR_EOF, \ +- SSL_ERROR_INVALID_ERROR_CODE +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++from _ssl import RAND_status, RAND_add + try: +- from _ssl import PROTOCOL_SSLv2 +- _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++ from _ssl import RAND_egd + except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('ALERT_DESCRIPTION_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} ++ ++try: ++ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++except NameError: + _SSLv2_IF_EXISTS = None +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + + from socket import socket, _fileobject, _delegate_methods, error as socket_error + from socket import getnameinfo as _getnameinfo +@@ -436,7 +435,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodestring(d) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. +diff -r -u ../Python-2.7.8.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-2.7.8.orig/Modules/_ssl.c 2014-06-30 02:05:42.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 14:02:42.618029896 +0000 +@@ -67,7 +67,9 @@ + #ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, + #endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3=1, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -306,8 +308,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ +@@ -1808,8 +1812,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/2.7.5/Python-2.7.5/004_openssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.5/Python-2.7.5/004_openssl_no_ssl3.patch deleted file mode 100644 index 3212d281..00000000 --- a/plugins/python-build/share/python-build/patches/2.7.5/Python-2.7.5/004_openssl_no_ssl3.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- Modules/_ssl.c.orig 2015-12-06 09:38:40.581734108 -0500 -+++ Modules/_ssl.c 2015-12-06 09:40:29.953991951 -0500 -@@ -302,8 +302,10 @@ - PySSL_BEGIN_ALLOW_THREADS - if (proto_version == PY_SSL_VERSION_TLS1) - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL3 - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#endif - #ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ diff --git a/plugins/python-build/share/python-build/patches/2.7.5/Python-2.7.5/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.5/Python-2.7.5/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..8845e45d --- /dev/null +++ b/plugins/python-build/share/python-build/patches/2.7.5/Python-2.7.5/010_ssl_no_ssl3.patch @@ -0,0 +1,98 @@ +diff -r -u ../Python-2.7.8.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-2.7.8.orig/Lib/ssl.py 2014-06-30 02:05:31.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 14:04:15.266072550 +0000 +@@ -62,30 +62,29 @@ + from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import \ +- SSL_ERROR_ZERO_RETURN, \ +- SSL_ERROR_WANT_READ, \ +- SSL_ERROR_WANT_WRITE, \ +- SSL_ERROR_WANT_X509_LOOKUP, \ +- SSL_ERROR_SYSCALL, \ +- SSL_ERROR_SSL, \ +- SSL_ERROR_WANT_CONNECT, \ +- SSL_ERROR_EOF, \ +- SSL_ERROR_INVALID_ERROR_CODE +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++from _ssl import RAND_status, RAND_add + try: +- from _ssl import PROTOCOL_SSLv2 +- _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++ from _ssl import RAND_egd + except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('ALERT_DESCRIPTION_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} ++ ++try: ++ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++except NameError: + _SSLv2_IF_EXISTS = None +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + + from socket import socket, _fileobject, _delegate_methods, error as socket_error + from socket import getnameinfo as _getnameinfo +@@ -436,7 +435,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodestring(d) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. +diff -r -u ../Python-2.7.8.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-2.7.8.orig/Modules/_ssl.c 2014-06-30 02:05:42.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 14:02:42.618029896 +0000 +@@ -67,7 +67,9 @@ + #ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, + #endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3=1, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -306,8 +308,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ +@@ -1808,8 +1812,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/2.7.6/Python-2.7.6/004_openssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.6/Python-2.7.6/004_openssl_no_ssl3.patch deleted file mode 100644 index 3212d281..00000000 --- a/plugins/python-build/share/python-build/patches/2.7.6/Python-2.7.6/004_openssl_no_ssl3.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- Modules/_ssl.c.orig 2015-12-06 09:38:40.581734108 -0500 -+++ Modules/_ssl.c 2015-12-06 09:40:29.953991951 -0500 -@@ -302,8 +302,10 @@ - PySSL_BEGIN_ALLOW_THREADS - if (proto_version == PY_SSL_VERSION_TLS1) - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL3 - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#endif - #ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ diff --git a/plugins/python-build/share/python-build/patches/2.7.6/Python-2.7.6/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.6/Python-2.7.6/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..8845e45d --- /dev/null +++ b/plugins/python-build/share/python-build/patches/2.7.6/Python-2.7.6/010_ssl_no_ssl3.patch @@ -0,0 +1,98 @@ +diff -r -u ../Python-2.7.8.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-2.7.8.orig/Lib/ssl.py 2014-06-30 02:05:31.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 14:04:15.266072550 +0000 +@@ -62,30 +62,29 @@ + from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import \ +- SSL_ERROR_ZERO_RETURN, \ +- SSL_ERROR_WANT_READ, \ +- SSL_ERROR_WANT_WRITE, \ +- SSL_ERROR_WANT_X509_LOOKUP, \ +- SSL_ERROR_SYSCALL, \ +- SSL_ERROR_SSL, \ +- SSL_ERROR_WANT_CONNECT, \ +- SSL_ERROR_EOF, \ +- SSL_ERROR_INVALID_ERROR_CODE +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++from _ssl import RAND_status, RAND_add + try: +- from _ssl import PROTOCOL_SSLv2 +- _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++ from _ssl import RAND_egd + except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('ALERT_DESCRIPTION_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} ++ ++try: ++ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++except NameError: + _SSLv2_IF_EXISTS = None +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + + from socket import socket, _fileobject, _delegate_methods, error as socket_error + from socket import getnameinfo as _getnameinfo +@@ -436,7 +435,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodestring(d) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. +diff -r -u ../Python-2.7.8.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-2.7.8.orig/Modules/_ssl.c 2014-06-30 02:05:42.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 14:02:42.618029896 +0000 +@@ -67,7 +67,9 @@ + #ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, + #endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3=1, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -306,8 +308,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ +@@ -1808,8 +1812,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/2.7.7/Python-2.7.7/004_openssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.7/Python-2.7.7/004_openssl_no_ssl3.patch deleted file mode 100644 index 3212d281..00000000 --- a/plugins/python-build/share/python-build/patches/2.7.7/Python-2.7.7/004_openssl_no_ssl3.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- Modules/_ssl.c.orig 2015-12-06 09:38:40.581734108 -0500 -+++ Modules/_ssl.c 2015-12-06 09:40:29.953991951 -0500 -@@ -302,8 +302,10 @@ - PySSL_BEGIN_ALLOW_THREADS - if (proto_version == PY_SSL_VERSION_TLS1) - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL3 - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#endif - #ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ diff --git a/plugins/python-build/share/python-build/patches/2.7.7/Python-2.7.7/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.7/Python-2.7.7/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..8845e45d --- /dev/null +++ b/plugins/python-build/share/python-build/patches/2.7.7/Python-2.7.7/010_ssl_no_ssl3.patch @@ -0,0 +1,98 @@ +diff -r -u ../Python-2.7.8.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-2.7.8.orig/Lib/ssl.py 2014-06-30 02:05:31.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 14:04:15.266072550 +0000 +@@ -62,30 +62,29 @@ + from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import \ +- SSL_ERROR_ZERO_RETURN, \ +- SSL_ERROR_WANT_READ, \ +- SSL_ERROR_WANT_WRITE, \ +- SSL_ERROR_WANT_X509_LOOKUP, \ +- SSL_ERROR_SYSCALL, \ +- SSL_ERROR_SSL, \ +- SSL_ERROR_WANT_CONNECT, \ +- SSL_ERROR_EOF, \ +- SSL_ERROR_INVALID_ERROR_CODE +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++from _ssl import RAND_status, RAND_add + try: +- from _ssl import PROTOCOL_SSLv2 +- _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++ from _ssl import RAND_egd + except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('ALERT_DESCRIPTION_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} ++ ++try: ++ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++except NameError: + _SSLv2_IF_EXISTS = None +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + + from socket import socket, _fileobject, _delegate_methods, error as socket_error + from socket import getnameinfo as _getnameinfo +@@ -436,7 +435,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodestring(d) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. +diff -r -u ../Python-2.7.8.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-2.7.8.orig/Modules/_ssl.c 2014-06-30 02:05:42.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 14:02:42.618029896 +0000 +@@ -67,7 +67,9 @@ + #ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, + #endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3=1, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -306,8 +308,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ +@@ -1808,8 +1812,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/2.7.8/Python-2.7.8/004_openssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.8/Python-2.7.8/004_openssl_no_ssl3.patch deleted file mode 100644 index 3212d281..00000000 --- a/plugins/python-build/share/python-build/patches/2.7.8/Python-2.7.8/004_openssl_no_ssl3.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- Modules/_ssl.c.orig 2015-12-06 09:38:40.581734108 -0500 -+++ Modules/_ssl.c 2015-12-06 09:40:29.953991951 -0500 -@@ -302,8 +302,10 @@ - PySSL_BEGIN_ALLOW_THREADS - if (proto_version == PY_SSL_VERSION_TLS1) - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL3 - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#endif - #ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ diff --git a/plugins/python-build/share/python-build/patches/2.7.8/Python-2.7.8/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/2.7.8/Python-2.7.8/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..8845e45d --- /dev/null +++ b/plugins/python-build/share/python-build/patches/2.7.8/Python-2.7.8/010_ssl_no_ssl3.patch @@ -0,0 +1,98 @@ +diff -r -u ../Python-2.7.8.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-2.7.8.orig/Lib/ssl.py 2014-06-30 02:05:31.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-18 14:04:15.266072550 +0000 +@@ -62,30 +62,29 @@ + from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import \ +- SSL_ERROR_ZERO_RETURN, \ +- SSL_ERROR_WANT_READ, \ +- SSL_ERROR_WANT_WRITE, \ +- SSL_ERROR_WANT_X509_LOOKUP, \ +- SSL_ERROR_SYSCALL, \ +- SSL_ERROR_SSL, \ +- SSL_ERROR_WANT_CONNECT, \ +- SSL_ERROR_EOF, \ +- SSL_ERROR_INVALID_ERROR_CODE +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++from _ssl import RAND_status, RAND_add + try: +- from _ssl import PROTOCOL_SSLv2 +- _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++ from _ssl import RAND_egd + except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('ALERT_DESCRIPTION_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} ++ ++try: ++ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++except NameError: + _SSLv2_IF_EXISTS = None +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + + from socket import socket, _fileobject, _delegate_methods, error as socket_error + from socket import getnameinfo as _getnameinfo +@@ -436,7 +435,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodestring(d) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. +diff -r -u ../Python-2.7.8.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-2.7.8.orig/Modules/_ssl.c 2014-06-30 02:05:42.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-18 14:02:42.618029896 +0000 +@@ -67,7 +67,9 @@ + #ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, + #endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3=1, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -306,8 +308,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ +@@ -1808,8 +1812,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",