diff options
3 files changed, 97 insertions, 0 deletions
diff --git a/recipes-devtools/python/python-cryptography/Comment_lingering_SSLv2_symbol.patch b/recipes-devtools/python/python-cryptography/Comment_lingering_SSLv2_symbol.patch new file mode 100644 index 0000000..c8dbee2 --- /dev/null +++ b/recipes-devtools/python/python-cryptography/Comment_lingering_SSLv2_symbol.patch @@ -0,0 +1,25 @@ +From f326e4a97cce6b9479560ce0c65ad18d54393f96 Mon Sep 17 00:00:00 2001 +From: Cory Benfield <lukasaoz@gmail.com> +Date: Mon, 14 Dec 2015 15:37:46 +0000 +Subject: [PATCH] Comment lingering SSLv2 symbol. + +--- + src/_cffi_src/openssl/ssl.py | 4 ++++ + 1 file changed, 4 insertions(+) + +Index: cryptography-0.8.1/src/cryptography/hazmat/bindings/openssl/ssl.py +=================================================================== +--- cryptography-0.8.1.orig/src/cryptography/hazmat/bindings/openssl/ssl.py ++++ cryptography-0.8.1/src/cryptography/hazmat/bindings/openssl/ssl.py +@@ -372,6 +372,11 @@ const long SSL_OP_LEGACY_SERVER_CONNECT + #else + static const long Cryptography_HAS_SECURE_RENEGOTIATION = 1; + #endif ++ ++/* Cryptography now compiles out all SSLv2 bindings. This exists to allow ++ * clients that use it to check for SSLv2 support to keep functioning as ++ * expected. ++ */ + static const long Cryptography_HAS_SSL2 = 0; + + #ifdef OPENSSL_NO_SSL3_METHOD diff --git a/recipes-devtools/python/python-cryptography/Remove_SSLv2_bindings.patch b/recipes-devtools/python/python-cryptography/Remove_SSLv2_bindings.patch new file mode 100644 index 0000000..f0c9abc --- /dev/null +++ b/recipes-devtools/python/python-cryptography/Remove_SSLv2_bindings.patch @@ -0,0 +1,70 @@ +From 90c6a53a885dd5c66992309e0af98ac554f1bb97 Mon Sep 17 00:00:00 2001 +From: Cory Benfield <lukasaoz@gmail.com> +Date: Mon, 14 Dec 2015 08:35:20 +0000 +Subject: [PATCH] Remove SSLv2 bindings. + +This commit removes bindings that allow users to set SSLv2 handshake +methods. These are regarded as unnecessary and out-of-date: see #2527. +This commit does leave in a few options that refer to SSLv2 in order to +avoid breaking deployments that rely on them, and in order to allow +users to continue to request that SSLv2 not be enabled at all in their +OpenSSL. + +Upstream-Status: Backport + +This fixes the compile issue after updating to openssl 1.0.2h. refactored to apply to jethro. +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + src/_cffi_src/openssl/ssl.py | 17 +---------------- + .../hazmat/bindings/openssl/_conditional.py | 6 ------ + 2 files changed, 1 insertion(+), 22 deletions(-) + +Index: cryptography-0.8.1/src/cryptography/hazmat/bindings/openssl/ssl.py +=================================================================== +--- cryptography-0.8.1.orig/src/cryptography/hazmat/bindings/openssl/ssl.py ++++ cryptography-0.8.1/src/cryptography/hazmat/bindings/openssl/ssl.py +@@ -262,15 +262,6 @@ unsigned long SSL_CTX_add_extra_chain_ce + + /* methods */ + +-/* SSLv2 support is compiled out of some versions of OpenSSL. These will +- * get special support when we generate the bindings so that if they are +- * available they will be wrapped, but if they are not they won't cause +- * problems (like link errors). +- */ +-const SSL_METHOD *SSLv2_method(void); +-const SSL_METHOD *SSLv2_server_method(void); +-const SSL_METHOD *SSLv2_client_method(void); +- + /* + * TLSv1_1 and TLSv1_2 are recent additions. Only sufficiently new versions of + * OpenSSL support them. +@@ -381,14 +372,7 @@ const long SSL_OP_LEGACY_SERVER_CONNECT + #else + static const long Cryptography_HAS_SECURE_RENEGOTIATION = 1; + #endif +-#ifdef OPENSSL_NO_SSL2 + static const long Cryptography_HAS_SSL2 = 0; +-SSL_METHOD* (*SSLv2_method)(void) = NULL; +-SSL_METHOD* (*SSLv2_client_method)(void) = NULL; +-SSL_METHOD* (*SSLv2_server_method)(void) = NULL; +-#else +-static const long Cryptography_HAS_SSL2 = 1; +-#endif + + #ifdef OPENSSL_NO_SSL3_METHOD + static const long Cryptography_HAS_SSL3_METHOD = 0; +@@ -574,12 +558,6 @@ CONDITIONAL_NAMES = { + "TLSv1_2_client_method", + ], + +- "Cryptography_HAS_SSL2": [ +- "SSLv2_method", +- "SSLv2_client_method", +- "SSLv2_server_method", +- ], +- + "Cryptography_HAS_SSL3_METHOD": [ + "SSLv3_method", + "SSLv3_client_method", diff --git a/recipes-devtools/python/python-cryptography_0.8.1.bb b/recipes-devtools/python/python-cryptography_0.8.1.bb index cd10118..86bf0dc 100644 --- a/recipes-devtools/python/python-cryptography_0.8.1.bb +++ b/recipes-devtools/python/python-cryptography_0.8.1.bb @@ -8,6 +8,8 @@ SRCNAME = "cryptography" SRC_URI = "https://pypi.python.org/packages/source/c/${SRCNAME}/${SRCNAME}-${PV}.tar.gz \ file://run-ptest \ file://build_fix_openssl_1.0.1g.patch \ + file://Remove_SSLv2_bindings.patch \ + file://Comment_lingering_SSLv2_symbol.patch \ " S = "${WORKDIR}/${SRCNAME}-${PV}" |