From 4ecd9d67e90651a8e93760bf0b5771f7057c74a8 Mon Sep 17 00:00:00 2001 From: Nick Hainke Date: Tue, 20 Dec 2022 09:20:45 +0100 Subject: [PATCH] python3: fix ssl support by removing libressl patches Remove libressl specific patches. With commit ("tools/libressl: update to 3.7.0") they are no longer needed, rather they cause python3 to be compiled without working ssl-support. Fixes: #20107 Suggested-by: Andre Heider Signed-off-by: Nick Hainke --- lang/python/python3/Makefile | 2 +- .../patches/026-openssl-feature-flags.patch | 47 ------------------- ...ost-python-support-ssl-with-libressl.patch | 27 ----------- 3 files changed, 1 insertion(+), 75 deletions(-) delete mode 100644 lang/python/python3/patches/026-openssl-feature-flags.patch delete mode 100644 lang/python/python3/patches/028-host-python-support-ssl-with-libressl.patch diff --git a/lang/python/python3/Makefile b/lang/python/python3/Makefile index 37604fd8908f2..816b1f1dab7f3 100644 --- a/lang/python/python3/Makefile +++ b/lang/python/python3/Makefile @@ -11,7 +11,7 @@ include $(TOPDIR)/rules.mk include ../python3-version.mk PKG_NAME:=python3 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_VERSION:=$(PYTHON3_VERSION).$(PYTHON3_VERSION_MICRO) PKG_SOURCE:=Python-$(PKG_VERSION).tar.xz diff --git a/lang/python/python3/patches/026-openssl-feature-flags.patch b/lang/python/python3/patches/026-openssl-feature-flags.patch deleted file mode 100644 index b4c15ab80a11b..0000000000000 --- a/lang/python/python3/patches/026-openssl-feature-flags.patch +++ /dev/null @@ -1,47 +0,0 @@ ---- a/Modules/_hashopenssl.c -+++ b/Modules/_hashopenssl.c -@@ -45,10 +45,12 @@ - - #define MUNCH_SIZE INT_MAX - -+#if !defined(LIBRESSL_VERSION_NUMBER) - #define PY_OPENSSL_HAS_SCRYPT 1 - #define PY_OPENSSL_HAS_SHA3 1 - #define PY_OPENSSL_HAS_SHAKE 1 - #define PY_OPENSSL_HAS_BLAKE2 1 -+#endif - - #if OPENSSL_VERSION_NUMBER >= 0x30000000L - #define PY_EVP_MD EVP_MD -@@ -119,6 +121,7 @@ static const py_hashentry_t py_hashes[] - PY_HASH_ENTRY(Py_hash_sha256, "SHA256", SN_sha256, NID_sha256), - PY_HASH_ENTRY(Py_hash_sha384, "SHA384", SN_sha384, NID_sha384), - PY_HASH_ENTRY(Py_hash_sha512, "SHA512", SN_sha512, NID_sha512), -+#if !defined(LIBRESSL_VERSION_NUMBER) - /* truncated sha2 */ - PY_HASH_ENTRY(Py_hash_sha512_224, "SHA512_224", SN_sha512_224, NID_sha512_224), - PY_HASH_ENTRY(Py_hash_sha512_256, "SHA512_256", SN_sha512_256, NID_sha512_256), -@@ -133,6 +136,7 @@ static const py_hashentry_t py_hashes[] - /* blake2 digest */ - PY_HASH_ENTRY(Py_hash_blake2s, "blake2s256", SN_blake2s256, NID_blake2s256), - PY_HASH_ENTRY(Py_hash_blake2b, "blake2b512", SN_blake2b512, NID_blake2b512), -+#endif - PY_HASH_ENTRY(NULL, NULL, NULL, 0), - }; - -@@ -873,11 +877,15 @@ py_evp_fromname(PyObject *module, const - goto exit; - } - -+#if defined(LIBRESSL_VERSION_NUMBER) -+ type = get_hashlib_state(module)->EVPtype; -+#else - if ((EVP_MD_flags(digest) & EVP_MD_FLAG_XOF) == EVP_MD_FLAG_XOF) { - type = get_hashlib_state(module)->EVPXOFtype; - } else { - type = get_hashlib_state(module)->EVPtype; - } -+#endif - - self = newEVPobject(type); - if (self == NULL) { diff --git a/lang/python/python3/patches/028-host-python-support-ssl-with-libressl.patch b/lang/python/python3/patches/028-host-python-support-ssl-with-libressl.patch deleted file mode 100644 index 7b47c111f943d..0000000000000 --- a/lang/python/python3/patches/028-host-python-support-ssl-with-libressl.patch +++ /dev/null @@ -1,27 +0,0 @@ ---- a/Modules/_ssl.c -+++ b/Modules/_ssl.c -@@ -67,6 +67,12 @@ - # error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL" - #endif - -+#ifdef LIBRESSL_VERSION_NUMBER -+static int SSL_CTX_get_security_level(const SSL_CTX *ctx) -+{ -+ return 1; -+} -+#endif - - - struct py_ssl_error_code { -@@ -169,7 +175,11 @@ extern const SSL_METHOD *TLSv1_2_method( - * Based on Hynek's excellent blog post (update 2021-02-11) - * https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ - */ -+#ifndef LIBRESSL_VERSION_NUMBER - #define PY_SSL_DEFAULT_CIPHER_STRING "@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM" -+#else -+ #define PY_SSL_DEFAULT_CIPHER_STRING "ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM" -+#endif - #ifndef PY_SSL_MIN_PROTOCOL - #define PY_SSL_MIN_PROTOCOL TLS1_2_VERSION - #endif