From: "Quentin Retornaz" <gentoo@retornaz.com>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/proj/libressl:master commit in: dev-lang/python/files/, dev-lang/python/
Date: Sat, 19 Nov 2022 17:27:35 +0000 (UTC) [thread overview]
Message-ID: <1668878808.503381926543fc0c62407be5f01781a141707750.quentin@gentoo> (raw)
commit: 503381926543fc0c62407be5f01781a141707750
Author: Mike Skec <skec <AT> protonmail <DOT> ch>
AuthorDate: Fri Nov 18 06:05:01 2022 +0000
Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
CommitDate: Sat Nov 19 17:26:48 2022 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=50338192
dev-lang/python: merge 3.10.3+ patch files
Signed-off-by: Mike Skec <skec <AT> protonmail.ch>
Closes: https://github.com/gentoo/libressl/pull/476
Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>
...libressl.patch => python-3.10.3-libressl.patch} | 42 ++++++++++++++++++++++
.../python/files/python-3.10.3-ssl-libressl.patch | 40 ---------------------
dev-lang/python/python-3.10.8_p2.ebuild | 3 +-
dev-lang/python/python-3.10.8_p3.ebuild | 3 +-
dev-lang/python/python-3.11.0_p1.ebuild | 3 +-
dev-lang/python/python-3.11.0_p2.ebuild | 3 +-
6 files changed, 46 insertions(+), 48 deletions(-)
diff --git a/dev-lang/python/files/python-3.10.3-hashopenssl-libressl.patch b/dev-lang/python/files/python-3.10.3-libressl.patch
similarity index 54%
rename from dev-lang/python/files/python-3.10.3-hashopenssl-libressl.patch
rename to dev-lang/python/files/python-3.10.3-libressl.patch
index 46cbbe7..68dd937 100644
--- a/dev-lang/python/files/python-3.10.3-hashopenssl-libressl.patch
+++ b/dev-lang/python/files/python-3.10.3-libressl.patch
@@ -1,3 +1,45 @@
+Neuter security level things for LibreSSL < 3.6.0
+
+diff --git a/Modules/_ssl.c b/Modules/_ssl.c
+index d11ec05..4cb9479 100644
+--- a/Modules/_ssl.c
++++ b/Modules/_ssl.c
+@@ -171,7 +171,15 @@ extern const SSL_METHOD *TLSv1_2_method(void);
+ * Based on Hynek's excellent blog post (update 2021-02-11)
+ * https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
+ */
+- #define PY_SSL_DEFAULT_CIPHER_STRING "@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM"
++
++ // libssl can only parse @SECLEVEL annotations with LibreSSL 3.6.0 and later.
++ #if defined(LIBRESSL_VERSION_NUMBER) && \
++ (LIBRESSL_VERSION_NUMBER >= 0x03060000f)
++ #define PY_SSL_DEFAULT_CIPHER_STRING "@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM"
++ #else
++ #define PY_SSL_DEFAULT_CIPHER_STRING "ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM"
++ #endif
++
+ #ifndef PY_SSL_MIN_PROTOCOL
+ #define PY_SSL_MIN_PROTOCOL TLS1_2_VERSION
+ #endif
+@@ -3584,6 +3592,16 @@ PyDoc_STRVAR(PySSLContext_num_tickets_doc,
+ "Control the number of TLSv1.3 session tickets");
+ #endif /* TLS1_3_VERSION */
+
++// Fall back to security level 1 for LibreSSL < 3.6.0
++#if defined(LIBRESSL_VERSION_NUMBER) && \
++ (LIBRESSL_VERSION_NUMBER < 0x03060000f)
++static int
++SSL_CTX_get_security_level(const SSL_CTX *ctx)
++{
++ return 1;
++}
++#endif
++
+ static PyObject *
+ get_security_level(PySSLContext *self, void *c)
+ {
+
+Fix for _hashopenssl module.
https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/lang/python/3.11/patches/patch-Modules__hashopenssl_c
Index: Modules/_hashopenssl.c
diff --git a/dev-lang/python/files/python-3.10.3-ssl-libressl.patch b/dev-lang/python/files/python-3.10.3-ssl-libressl.patch
deleted file mode 100644
index 78b6291..0000000
--- a/dev-lang/python/files/python-3.10.3-ssl-libressl.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-Neuter security level things for LibreSSL < 3.6.0
-
-diff --git a/Modules/_ssl.c b/Modules/_ssl.c
-index d11ec05..4cb9479 100644
---- a/Modules/_ssl.c
-+++ b/Modules/_ssl.c
-@@ -171,7 +171,15 @@ extern const SSL_METHOD *TLSv1_2_method(void);
- * Based on Hynek's excellent blog post (update 2021-02-11)
- * https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
- */
-- #define PY_SSL_DEFAULT_CIPHER_STRING "@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM"
-+
-+ // libssl can only parse @SECLEVEL annotations with LibreSSL 3.6.0 and later.
-+ #if defined(LIBRESSL_VERSION_NUMBER) && \
-+ (LIBRESSL_VERSION_NUMBER >= 0x03060000f)
-+ #define PY_SSL_DEFAULT_CIPHER_STRING "@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM"
-+ #else
-+ #define PY_SSL_DEFAULT_CIPHER_STRING "ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM"
-+ #endif
-+
- #ifndef PY_SSL_MIN_PROTOCOL
- #define PY_SSL_MIN_PROTOCOL TLS1_2_VERSION
- #endif
-@@ -3584,6 +3592,16 @@ PyDoc_STRVAR(PySSLContext_num_tickets_doc,
- "Control the number of TLSv1.3 session tickets");
- #endif /* TLS1_3_VERSION */
-
-+// Fall back to security level 1 for LibreSSL < 3.6.0
-+#if defined(LIBRESSL_VERSION_NUMBER) && \
-+ (LIBRESSL_VERSION_NUMBER < 0x03060000f)
-+static int
-+SSL_CTX_get_security_level(const SSL_CTX *ctx)
-+{
-+ return 1;
-+}
-+#endif
-+
- static PyObject *
- get_security_level(PySSLContext *self, void *c)
- {
diff --git a/dev-lang/python/python-3.10.8_p2.ebuild b/dev-lang/python/python-3.10.8_p2.ebuild
index 87a3e07..0aa5e16 100644
--- a/dev-lang/python/python-3.10.8_p2.ebuild
+++ b/dev-lang/python/python-3.10.8_p2.ebuild
@@ -113,8 +113,7 @@ src_prepare() {
local PATCHES=(
"${WORKDIR}/${PATCHSET}"
- "${FILESDIR}"/${PN}-3.10.3-hashopenssl-libressl.patch
- "${FILESDIR}"/${PN}-3.10.3-ssl-libressl.patch
+ "${FILESDIR}"/${PN}-3.10.3-libressl.patch
)
default
diff --git a/dev-lang/python/python-3.10.8_p3.ebuild b/dev-lang/python/python-3.10.8_p3.ebuild
index a07e7b6..393aa9b 100644
--- a/dev-lang/python/python-3.10.8_p3.ebuild
+++ b/dev-lang/python/python-3.10.8_p3.ebuild
@@ -113,8 +113,7 @@ src_prepare() {
local PATCHES=(
"${WORKDIR}/${PATCHSET}"
- "${FILESDIR}"/${PN}-3.10.3-hashopenssl-libressl.patch
- "${FILESDIR}"/${PN}-3.10.3-ssl-libressl.patch
+ "${FILESDIR}"/${PN}-3.10.3-libressl.patch
)
default
diff --git a/dev-lang/python/python-3.11.0_p1.ebuild b/dev-lang/python/python-3.11.0_p1.ebuild
index 8c41902..b2c6dff 100644
--- a/dev-lang/python/python-3.11.0_p1.ebuild
+++ b/dev-lang/python/python-3.11.0_p1.ebuild
@@ -118,8 +118,7 @@ src_prepare() {
local PATCHES=(
"${WORKDIR}/${PATCHSET}"
- "${FILESDIR}"/${PN}-3.10.3-hashopenssl-libressl.patch
- "${FILESDIR}"/${PN}-3.10.3-ssl-libressl.patch
+ "${FILESDIR}"/${PN}-3.10.3-libressl.patch
)
default
diff --git a/dev-lang/python/python-3.11.0_p2.ebuild b/dev-lang/python/python-3.11.0_p2.ebuild
index a488ba8..eb5b1bb 100644
--- a/dev-lang/python/python-3.11.0_p2.ebuild
+++ b/dev-lang/python/python-3.11.0_p2.ebuild
@@ -118,8 +118,7 @@ src_prepare() {
local PATCHES=(
"${WORKDIR}/${PATCHSET}"
- "${FILESDIR}"/${PN}-3.10.3-hashopenssl-libressl.patch
- "${FILESDIR}"/${PN}-3.10.3-ssl-libressl.patch
+ "${FILESDIR}"/${PN}-3.10.3-libressl.patch
)
default
next reply other threads:[~2022-11-19 17:27 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-19 17:27 Quentin Retornaz [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-04-08 20:07 [gentoo-commits] repo/proj/libressl:master commit in: dev-lang/python/files/, dev-lang/python/ orbea
2022-11-13 14:47 Quentin Retornaz
2022-05-02 19:26 Quentin Retornaz
2022-03-16 23:56 Quentin Retornaz
2021-07-07 18:28 Quentin Retornaz
2021-07-07 18:21 Quentin Retornaz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1668878808.503381926543fc0c62407be5f01781a141707750.quentin@gentoo \
--to=gentoo@retornaz.com \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox