diff --git a/plugins/python-build/share/python-build/patches/3.0.1/Python-3.0.1/002_openssl_no_ssl2.patch b/plugins/python-build/share/python-build/patches/3.0.1/Python-3.0.1/002_openssl_no_ssl2.patch deleted file mode 100644 index eb5f44ba..00000000 --- a/plugins/python-build/share/python-build/patches/3.0.1/Python-3.0.1/002_openssl_no_ssl2.patch +++ /dev/null @@ -1,75 +0,0 @@ -diff -r -u ./Lib/ssl.py ../Python-3.0.1/Lib/ssl.py ---- ./Lib/ssl.py 2009-01-04 08:47:58.000000000 +0900 -+++ ../Python-3.0.1/Lib/ssl.py 2013-05-08 19:58:59.000000000 +0900 -@@ -60,8 +60,20 @@ - - from _ssl import SSLError - from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED --from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, -+from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, - PROTOCOL_TLSv1) -+_PROTOCOL_NAMES = { -+ PROTOCOL_TLSv1: "TLSv1", -+ PROTOCOL_SSLv23: "SSLv23", -+ PROTOCOL_SSLv3: "SSLv3", -+} -+try: -+ from _ssl import PROTOCOL_SSLv2 -+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 -+except ImportError: -+ _SSLv2_IF_EXISTS = None -+else: -+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" - from _ssl import RAND_status, RAND_egd, RAND_add - from _ssl import ( - SSL_ERROR_ZERO_RETURN, -@@ -434,13 +446,4 @@ - return DER_cert_to_PEM_cert(dercert) - - def get_protocol_name(protocol_code): -- if protocol_code == PROTOCOL_TLSv1: -- return "TLSv1" -- elif protocol_code == PROTOCOL_SSLv23: -- return "SSLv23" -- elif protocol_code == PROTOCOL_SSLv2: -- return "SSLv2" -- elif protocol_code == PROTOCOL_SSLv3: -- return "SSLv3" -- else: -- return "" -+ return _PROTOCOL_NAMES.get(protocol_code, '') -diff -r -u ./Modules/_ssl.c ../Python-3.0.1/Modules/_ssl.c ---- ./Modules/_ssl.c 2009-02-03 05:41:29.000000000 +0900 -+++ ../Python-3.0.1/Modules/_ssl.c 2013-05-08 19:57:38.000000000 +0900 -@@ -62,7 +62,9 @@ - }; - - enum py_ssl_version { -+#ifndef OPENSSL_NO_SSL2 - PY_SSL_VERSION_SSL2, -+#endif - PY_SSL_VERSION_SSL3, - PY_SSL_VERSION_SSL23, - PY_SSL_VERSION_TLS1, -@@ -299,8 +301,10 @@ - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ -+#endif - else if (proto_version == PY_SSL_VERSION_SSL23) - self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ - PySSL_END_ALLOW_THREADS -@@ -1691,8 +1695,10 @@ - PY_SSL_CERT_REQUIRED); - - /* protocol versions */ -+#ifndef OPENSSL_NO_SSL2 - PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", - PY_SSL_VERSION_SSL2); -+#endif - PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", - PY_SSL_VERSION_SSL3); - PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", diff --git a/plugins/python-build/share/python-build/patches/3.0.1/Python-3.0.1/010_ssl_no_ssl2_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.0.1/Python-3.0.1/010_ssl_no_ssl2_no_ssl3.patch new file mode 100644 index 00000000..5501db40 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.0.1/Python-3.0.1/010_ssl_no_ssl2_no_ssl3.patch @@ -0,0 +1,96 @@ +diff -r -u ../Python-3.1.2.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-3.1.2.orig/Lib/ssl.py 2010-01-18 09:16:17.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-20 07:36:08.545346519 +0000 +@@ -60,20 +60,23 @@ + + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, +- PROTOCOL_TLSv1) +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import ( +- SSL_ERROR_ZERO_RETURN, +- SSL_ERROR_WANT_READ, +- SSL_ERROR_WANT_WRITE, +- SSL_ERROR_WANT_X509_LOOKUP, +- SSL_ERROR_SYSCALL, +- SSL_ERROR_SSL, +- SSL_ERROR_WANT_CONNECT, +- SSL_ERROR_EOF, +- SSL_ERROR_INVALID_ERROR_CODE, +- ) ++from _ssl import RAND_status, RAND_add ++try: ++ from _ssl import RAND_egd ++except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} + + from socket import getnameinfo as _getnameinfo + from socket import error as socket_error +@@ -415,7 +418,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff -r -u ../Python-3.1.2.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-3.1.2.orig/Modules/_ssl.c 2010-03-02 22:49:30.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-20 07:35:02.675100987 +0000 +@@ -62,8 +62,12 @@ + }; + + enum py_ssl_version { ++#ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, ++#endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1, + }; +@@ -299,10 +303,14 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif ++#ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ ++#endif + else if (proto_version == PY_SSL_VERSION_SSL23) + self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ + PySSL_END_ALLOW_THREADS +@@ -1698,10 +1706,14 @@ + PY_SSL_CERT_REQUIRED); + + /* protocol versions */ ++#ifndef OPENSSL_NO_SSL2 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); ++#endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/3.1.1/Python-3.1.1/001_openssl_no_ssl2.patch b/plugins/python-build/share/python-build/patches/3.1.1/Python-3.1.1/001_openssl_no_ssl2.patch deleted file mode 100644 index dec2b2f9..00000000 --- a/plugins/python-build/share/python-build/patches/3.1.1/Python-3.1.1/001_openssl_no_ssl2.patch +++ /dev/null @@ -1,75 +0,0 @@ -diff -r -u ../Python-3.1/Lib/ssl.py ./Lib/ssl.py ---- ../Python-3.1/Lib/ssl.py 2009-06-04 18:42:55.000000000 +0900 -+++ ./Lib/ssl.py 2015-08-15 13:12:22.270915671 +0900 -@@ -60,8 +60,20 @@ - - from _ssl import SSLError - from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED --from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, -+from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, - PROTOCOL_TLSv1) -+_PROTOCOL_NAMES = { -+ PROTOCOL_TLSv1: "TLSv1", -+ PROTOCOL_SSLv23: "SSLv23", -+ PROTOCOL_SSLv3: "SSLv3", -+} -+try: -+ from _ssl import PROTOCOL_SSLv2 -+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 -+except ImportError: -+ _SSLv2_IF_EXISTS = None -+else: -+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" - from _ssl import RAND_status, RAND_egd, RAND_add - from _ssl import ( - SSL_ERROR_ZERO_RETURN, -@@ -434,13 +446,4 @@ - return DER_cert_to_PEM_cert(dercert) - - def get_protocol_name(protocol_code): -- if protocol_code == PROTOCOL_TLSv1: -- return "TLSv1" -- elif protocol_code == PROTOCOL_SSLv23: -- return "SSLv23" -- elif protocol_code == PROTOCOL_SSLv2: -- return "SSLv2" -- elif protocol_code == PROTOCOL_SSLv3: -- return "SSLv3" -- else: -- return "" -+ return _PROTOCOL_NAMES.get(protocol_code, '') -diff -r -u ../Python-3.1/Modules/_ssl.c ./Modules/_ssl.c ---- ../Python-3.1/Modules/_ssl.c 2009-05-06 07:31:58.000000000 +0900 -+++ ./Modules/_ssl.c 2015-08-15 13:13:23.812369742 +0900 -@@ -62,7 +62,9 @@ - }; - - enum py_ssl_version { -+#ifndef OPENSSL_NO_SSL2 - PY_SSL_VERSION_SSL2, -+#endif - PY_SSL_VERSION_SSL3, - PY_SSL_VERSION_SSL23, - PY_SSL_VERSION_TLS1, -@@ -301,8 +303,10 @@ - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ -+#endif - else if (proto_version == PY_SSL_VERSION_SSL23) - self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ - PySSL_END_ALLOW_THREADS -@@ -1693,8 +1697,10 @@ - PY_SSL_CERT_REQUIRED); - - /* protocol versions */ -+#ifndef OPENSSL_NO_SSL2 - PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", - PY_SSL_VERSION_SSL2); -+#endif - PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", - PY_SSL_VERSION_SSL3); - PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", diff --git a/plugins/python-build/share/python-build/patches/3.1.1/Python-3.1.1/010_ssl_no_ssl2_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.1.1/Python-3.1.1/010_ssl_no_ssl2_no_ssl3.patch new file mode 100644 index 00000000..5501db40 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.1.1/Python-3.1.1/010_ssl_no_ssl2_no_ssl3.patch @@ -0,0 +1,96 @@ +diff -r -u ../Python-3.1.2.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-3.1.2.orig/Lib/ssl.py 2010-01-18 09:16:17.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-20 07:36:08.545346519 +0000 +@@ -60,20 +60,23 @@ + + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, +- PROTOCOL_TLSv1) +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import ( +- SSL_ERROR_ZERO_RETURN, +- SSL_ERROR_WANT_READ, +- SSL_ERROR_WANT_WRITE, +- SSL_ERROR_WANT_X509_LOOKUP, +- SSL_ERROR_SYSCALL, +- SSL_ERROR_SSL, +- SSL_ERROR_WANT_CONNECT, +- SSL_ERROR_EOF, +- SSL_ERROR_INVALID_ERROR_CODE, +- ) ++from _ssl import RAND_status, RAND_add ++try: ++ from _ssl import RAND_egd ++except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} + + from socket import getnameinfo as _getnameinfo + from socket import error as socket_error +@@ -415,7 +418,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff -r -u ../Python-3.1.2.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-3.1.2.orig/Modules/_ssl.c 2010-03-02 22:49:30.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-20 07:35:02.675100987 +0000 +@@ -62,8 +62,12 @@ + }; + + enum py_ssl_version { ++#ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, ++#endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1, + }; +@@ -299,10 +303,14 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif ++#ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ ++#endif + else if (proto_version == PY_SSL_VERSION_SSL23) + self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ + PySSL_END_ALLOW_THREADS +@@ -1698,10 +1706,14 @@ + PY_SSL_CERT_REQUIRED); + + /* protocol versions */ ++#ifndef OPENSSL_NO_SSL2 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); ++#endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/3.1.2/Python-3.1.2/001_openssl_no_ssl2.patch b/plugins/python-build/share/python-build/patches/3.1.2/Python-3.1.2/001_openssl_no_ssl2.patch deleted file mode 100644 index dec2b2f9..00000000 --- a/plugins/python-build/share/python-build/patches/3.1.2/Python-3.1.2/001_openssl_no_ssl2.patch +++ /dev/null @@ -1,75 +0,0 @@ -diff -r -u ../Python-3.1/Lib/ssl.py ./Lib/ssl.py ---- ../Python-3.1/Lib/ssl.py 2009-06-04 18:42:55.000000000 +0900 -+++ ./Lib/ssl.py 2015-08-15 13:12:22.270915671 +0900 -@@ -60,8 +60,20 @@ - - from _ssl import SSLError - from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED --from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, -+from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, - PROTOCOL_TLSv1) -+_PROTOCOL_NAMES = { -+ PROTOCOL_TLSv1: "TLSv1", -+ PROTOCOL_SSLv23: "SSLv23", -+ PROTOCOL_SSLv3: "SSLv3", -+} -+try: -+ from _ssl import PROTOCOL_SSLv2 -+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 -+except ImportError: -+ _SSLv2_IF_EXISTS = None -+else: -+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" - from _ssl import RAND_status, RAND_egd, RAND_add - from _ssl import ( - SSL_ERROR_ZERO_RETURN, -@@ -434,13 +446,4 @@ - return DER_cert_to_PEM_cert(dercert) - - def get_protocol_name(protocol_code): -- if protocol_code == PROTOCOL_TLSv1: -- return "TLSv1" -- elif protocol_code == PROTOCOL_SSLv23: -- return "SSLv23" -- elif protocol_code == PROTOCOL_SSLv2: -- return "SSLv2" -- elif protocol_code == PROTOCOL_SSLv3: -- return "SSLv3" -- else: -- return "" -+ return _PROTOCOL_NAMES.get(protocol_code, '') -diff -r -u ../Python-3.1/Modules/_ssl.c ./Modules/_ssl.c ---- ../Python-3.1/Modules/_ssl.c 2009-05-06 07:31:58.000000000 +0900 -+++ ./Modules/_ssl.c 2015-08-15 13:13:23.812369742 +0900 -@@ -62,7 +62,9 @@ - }; - - enum py_ssl_version { -+#ifndef OPENSSL_NO_SSL2 - PY_SSL_VERSION_SSL2, -+#endif - PY_SSL_VERSION_SSL3, - PY_SSL_VERSION_SSL23, - PY_SSL_VERSION_TLS1, -@@ -301,8 +303,10 @@ - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ -+#endif - else if (proto_version == PY_SSL_VERSION_SSL23) - self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ - PySSL_END_ALLOW_THREADS -@@ -1693,8 +1697,10 @@ - PY_SSL_CERT_REQUIRED); - - /* protocol versions */ -+#ifndef OPENSSL_NO_SSL2 - PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", - PY_SSL_VERSION_SSL2); -+#endif - PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", - PY_SSL_VERSION_SSL3); - PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", diff --git a/plugins/python-build/share/python-build/patches/3.1.2/Python-3.1.2/010_ssl_no_ssl2_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.1.2/Python-3.1.2/010_ssl_no_ssl2_no_ssl3.patch new file mode 100644 index 00000000..5501db40 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.1.2/Python-3.1.2/010_ssl_no_ssl2_no_ssl3.patch @@ -0,0 +1,96 @@ +diff -r -u ../Python-3.1.2.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-3.1.2.orig/Lib/ssl.py 2010-01-18 09:16:17.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-20 07:36:08.545346519 +0000 +@@ -60,20 +60,23 @@ + + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, +- PROTOCOL_TLSv1) +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import ( +- SSL_ERROR_ZERO_RETURN, +- SSL_ERROR_WANT_READ, +- SSL_ERROR_WANT_WRITE, +- SSL_ERROR_WANT_X509_LOOKUP, +- SSL_ERROR_SYSCALL, +- SSL_ERROR_SSL, +- SSL_ERROR_WANT_CONNECT, +- SSL_ERROR_EOF, +- SSL_ERROR_INVALID_ERROR_CODE, +- ) ++from _ssl import RAND_status, RAND_add ++try: ++ from _ssl import RAND_egd ++except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} + + from socket import getnameinfo as _getnameinfo + from socket import error as socket_error +@@ -415,7 +418,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff -r -u ../Python-3.1.2.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-3.1.2.orig/Modules/_ssl.c 2010-03-02 22:49:30.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-20 07:35:02.675100987 +0000 +@@ -62,8 +62,12 @@ + }; + + enum py_ssl_version { ++#ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, ++#endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1, + }; +@@ -299,10 +303,14 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif ++#ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ ++#endif + else if (proto_version == PY_SSL_VERSION_SSL23) + self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ + PySSL_END_ALLOW_THREADS +@@ -1698,10 +1706,14 @@ + PY_SSL_CERT_REQUIRED); + + /* protocol versions */ ++#ifndef OPENSSL_NO_SSL2 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); ++#endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/3.1.3/Python-3.1.3/001_openssl_no_ssl2.patch b/plugins/python-build/share/python-build/patches/3.1.3/Python-3.1.3/001_openssl_no_ssl2.patch deleted file mode 100644 index 997a6f68..00000000 --- a/plugins/python-build/share/python-build/patches/3.1.3/Python-3.1.3/001_openssl_no_ssl2.patch +++ /dev/null @@ -1,75 +0,0 @@ -diff -r -u ./Lib/ssl.py ../Python-3.1.3/Lib/ssl.py ---- ./Lib/ssl.py 2010-09-14 23:47:08.000000000 +0900 -+++ ../Python-3.1.3/Lib/ssl.py 2013-05-23 12:03:38.000000000 +0900 -@@ -60,8 +60,20 @@ - - from _ssl import SSLError - from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED --from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, -+from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, - PROTOCOL_TLSv1) -+_PROTOCOL_NAMES = { -+ PROTOCOL_TLSv1: "TLSv1", -+ PROTOCOL_SSLv23: "SSLv23", -+ PROTOCOL_SSLv3: "SSLv3", -+} -+try: -+ from _ssl import PROTOCOL_SSLv2 -+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 -+except ImportError: -+ _SSLv2_IF_EXISTS = None -+else: -+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" - from _ssl import RAND_status, RAND_egd, RAND_add - from _ssl import ( - SSL_ERROR_ZERO_RETURN, -@@ -427,13 +439,4 @@ - return DER_cert_to_PEM_cert(dercert) - - def get_protocol_name(protocol_code): -- if protocol_code == PROTOCOL_TLSv1: -- return "TLSv1" -- elif protocol_code == PROTOCOL_SSLv23: -- return "SSLv23" -- elif protocol_code == PROTOCOL_SSLv2: -- return "SSLv2" -- elif protocol_code == PROTOCOL_SSLv3: -- return "SSLv3" -- else: -- return "" -+ return _PROTOCOL_NAMES.get(protocol_code, '') -diff -r -u ./Modules/_ssl.c ../Python-3.1.3/Modules/_ssl.c ---- ./Modules/_ssl.c 2010-10-14 07:20:48.000000000 +0900 -+++ ../Python-3.1.3/Modules/_ssl.c 2013-05-23 12:04:31.000000000 +0900 -@@ -63,7 +63,9 @@ - }; - - enum py_ssl_version { -+#ifndef OPENSSL_NO_SSL2 - PY_SSL_VERSION_SSL2, -+#endif - PY_SSL_VERSION_SSL3, - PY_SSL_VERSION_SSL23, - PY_SSL_VERSION_TLS1 -@@ -306,8 +308,10 @@ - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ -+#endif - else if (proto_version == PY_SSL_VERSION_SSL23) - self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ - PySSL_END_ALLOW_THREADS -@@ -1785,8 +1789,10 @@ - PY_SSL_CERT_REQUIRED); - - /* protocol versions */ -+#ifndef OPENSSL_NO_SSL2 - PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", - PY_SSL_VERSION_SSL2); -+#endif - PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", - PY_SSL_VERSION_SSL3); - PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", diff --git a/plugins/python-build/share/python-build/patches/3.1.3/Python-3.1.3/010_ssl_no_ssl2_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.1.3/Python-3.1.3/010_ssl_no_ssl2_no_ssl3.patch new file mode 100644 index 00000000..1a4cafef --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.1.3/Python-3.1.3/010_ssl_no_ssl2_no_ssl3.patch @@ -0,0 +1,96 @@ +diff -r -u ../Python-3.1.3.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-3.1.3.orig/Lib/ssl.py 2010-09-14 14:47:08.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-20 07:32:44.351880682 +0000 +@@ -60,20 +60,23 @@ + + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, +- PROTOCOL_TLSv1) +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import ( +- SSL_ERROR_ZERO_RETURN, +- SSL_ERROR_WANT_READ, +- SSL_ERROR_WANT_WRITE, +- SSL_ERROR_WANT_X509_LOOKUP, +- SSL_ERROR_SYSCALL, +- SSL_ERROR_SSL, +- SSL_ERROR_WANT_CONNECT, +- SSL_ERROR_EOF, +- SSL_ERROR_INVALID_ERROR_CODE, +- ) ++from _ssl import RAND_status, RAND_add ++try: ++ from _ssl import RAND_egd ++except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} + + from socket import getnameinfo as _getnameinfo + from socket import error as socket_error +@@ -408,7 +411,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff -r -u ../Python-3.1.3.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-3.1.3.orig/Modules/_ssl.c 2010-10-13 22:20:48.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-20 07:31:44.644359788 +0000 +@@ -63,8 +63,12 @@ + }; + + enum py_ssl_version { ++#ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, ++#endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -304,10 +308,14 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif ++#ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ ++#endif + else if (proto_version == PY_SSL_VERSION_SSL23) + self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ + PySSL_END_ALLOW_THREADS +@@ -1785,10 +1793,14 @@ + PY_SSL_CERT_REQUIRED); + + /* protocol versions */ ++#ifndef OPENSSL_NO_SSL2 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); ++#endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/3.1.4/Python-3.1.4/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.1.4/Python-3.1.4/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..02aac663 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.1.4/Python-3.1.4/010_ssl_no_ssl3.patch @@ -0,0 +1,97 @@ +diff -r -u ../Python-3.1.5.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-3.1.5.orig/Lib/ssl.py 2012-04-09 23:25:35.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-20 07:28:44.015492213 +0000 +@@ -60,30 +60,28 @@ + + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import ( +- SSL_ERROR_ZERO_RETURN, +- SSL_ERROR_WANT_READ, +- SSL_ERROR_WANT_WRITE, +- SSL_ERROR_WANT_X509_LOOKUP, +- SSL_ERROR_SYSCALL, +- SSL_ERROR_SSL, +- SSL_ERROR_WANT_CONNECT, +- SSL_ERROR_EOF, +- SSL_ERROR_INVALID_ERROR_CODE, +- ) +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++from _ssl import RAND_status, RAND_add + try: +- from _ssl import PROTOCOL_SSLv2 ++ from _ssl import RAND_egd + except ImportError: ++ # LibreSSL does not provide RAND_egd + pass +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} ++ ++try: ++ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++except NameError: ++ _SSLv2_IF_EXISTS = None + + from socket import getnameinfo as _getnameinfo + from socket import error as socket_error +@@ -418,7 +416,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff -r -u ../Python-3.1.5.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-3.1.5.orig/Modules/_ssl.c 2012-04-09 23:25:36.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-20 07:27:06.620775506 +0000 +@@ -66,7 +66,9 @@ + #ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, + #endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3=1, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -306,8 +308,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ +@@ -1796,8 +1800,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/3.1.5/Python-3.1.5/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.1.5/Python-3.1.5/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..02aac663 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.1.5/Python-3.1.5/010_ssl_no_ssl3.patch @@ -0,0 +1,97 @@ +diff -r -u ../Python-3.1.5.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-3.1.5.orig/Lib/ssl.py 2012-04-09 23:25:35.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-20 07:28:44.015492213 +0000 +@@ -60,30 +60,28 @@ + + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import ( +- SSL_ERROR_ZERO_RETURN, +- SSL_ERROR_WANT_READ, +- SSL_ERROR_WANT_WRITE, +- SSL_ERROR_WANT_X509_LOOKUP, +- SSL_ERROR_SYSCALL, +- SSL_ERROR_SSL, +- SSL_ERROR_WANT_CONNECT, +- SSL_ERROR_EOF, +- SSL_ERROR_INVALID_ERROR_CODE, +- ) +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++from _ssl import RAND_status, RAND_add + try: +- from _ssl import PROTOCOL_SSLv2 ++ from _ssl import RAND_egd + except ImportError: ++ # LibreSSL does not provide RAND_egd + pass +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} ++ ++try: ++ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++except NameError: ++ _SSLv2_IF_EXISTS = None + + from socket import getnameinfo as _getnameinfo + from socket import error as socket_error +@@ -418,7 +416,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff -r -u ../Python-3.1.5.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-3.1.5.orig/Modules/_ssl.c 2012-04-09 23:25:36.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-20 07:27:06.620775506 +0000 +@@ -66,7 +66,9 @@ + #ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, + #endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3=1, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -306,8 +308,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ +@@ -1796,8 +1800,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/3.1/Python-3.1/001_openssl_no_ssl2.patch b/plugins/python-build/share/python-build/patches/3.1/Python-3.1/001_openssl_no_ssl2.patch deleted file mode 100644 index dec2b2f9..00000000 --- a/plugins/python-build/share/python-build/patches/3.1/Python-3.1/001_openssl_no_ssl2.patch +++ /dev/null @@ -1,75 +0,0 @@ -diff -r -u ../Python-3.1/Lib/ssl.py ./Lib/ssl.py ---- ../Python-3.1/Lib/ssl.py 2009-06-04 18:42:55.000000000 +0900 -+++ ./Lib/ssl.py 2015-08-15 13:12:22.270915671 +0900 -@@ -60,8 +60,20 @@ - - from _ssl import SSLError - from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED --from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, -+from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, - PROTOCOL_TLSv1) -+_PROTOCOL_NAMES = { -+ PROTOCOL_TLSv1: "TLSv1", -+ PROTOCOL_SSLv23: "SSLv23", -+ PROTOCOL_SSLv3: "SSLv3", -+} -+try: -+ from _ssl import PROTOCOL_SSLv2 -+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 -+except ImportError: -+ _SSLv2_IF_EXISTS = None -+else: -+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" - from _ssl import RAND_status, RAND_egd, RAND_add - from _ssl import ( - SSL_ERROR_ZERO_RETURN, -@@ -434,13 +446,4 @@ - return DER_cert_to_PEM_cert(dercert) - - def get_protocol_name(protocol_code): -- if protocol_code == PROTOCOL_TLSv1: -- return "TLSv1" -- elif protocol_code == PROTOCOL_SSLv23: -- return "SSLv23" -- elif protocol_code == PROTOCOL_SSLv2: -- return "SSLv2" -- elif protocol_code == PROTOCOL_SSLv3: -- return "SSLv3" -- else: -- return "" -+ return _PROTOCOL_NAMES.get(protocol_code, '') -diff -r -u ../Python-3.1/Modules/_ssl.c ./Modules/_ssl.c ---- ../Python-3.1/Modules/_ssl.c 2009-05-06 07:31:58.000000000 +0900 -+++ ./Modules/_ssl.c 2015-08-15 13:13:23.812369742 +0900 -@@ -62,7 +62,9 @@ - }; - - enum py_ssl_version { -+#ifndef OPENSSL_NO_SSL2 - PY_SSL_VERSION_SSL2, -+#endif - PY_SSL_VERSION_SSL3, - PY_SSL_VERSION_SSL23, - PY_SSL_VERSION_TLS1, -@@ -301,8 +303,10 @@ - self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ - else if (proto_version == PY_SSL_VERSION_SSL3) - self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ -+#ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ -+#endif - else if (proto_version == PY_SSL_VERSION_SSL23) - self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ - PySSL_END_ALLOW_THREADS -@@ -1693,8 +1697,10 @@ - PY_SSL_CERT_REQUIRED); - - /* protocol versions */ -+#ifndef OPENSSL_NO_SSL2 - PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", - PY_SSL_VERSION_SSL2); -+#endif - PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", - PY_SSL_VERSION_SSL3); - PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", diff --git a/plugins/python-build/share/python-build/patches/3.1/Python-3.1/010_ssl_no_ssl2_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.1/Python-3.1/010_ssl_no_ssl2_no_ssl3.patch new file mode 100644 index 00000000..5501db40 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.1/Python-3.1/010_ssl_no_ssl2_no_ssl3.patch @@ -0,0 +1,96 @@ +diff -r -u ../Python-3.1.2.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-3.1.2.orig/Lib/ssl.py 2010-01-18 09:16:17.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-20 07:36:08.545346519 +0000 +@@ -60,20 +60,23 @@ + + from _ssl import SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, +- PROTOCOL_TLSv1) +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import ( +- SSL_ERROR_ZERO_RETURN, +- SSL_ERROR_WANT_READ, +- SSL_ERROR_WANT_WRITE, +- SSL_ERROR_WANT_X509_LOOKUP, +- SSL_ERROR_SYSCALL, +- SSL_ERROR_SSL, +- SSL_ERROR_WANT_CONNECT, +- SSL_ERROR_EOF, +- SSL_ERROR_INVALID_ERROR_CODE, +- ) ++from _ssl import RAND_status, RAND_add ++try: ++ from _ssl import RAND_egd ++except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} + + from socket import getnameinfo as _getnameinfo + from socket import error as socket_error +@@ -415,7 +418,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff -r -u ../Python-3.1.2.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-3.1.2.orig/Modules/_ssl.c 2010-03-02 22:49:30.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-20 07:35:02.675100987 +0000 +@@ -62,8 +62,12 @@ + }; + + enum py_ssl_version { ++#ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, ++#endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1, + }; +@@ -299,10 +303,14 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */ ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */ ++#endif ++#ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */ ++#endif + else if (proto_version == PY_SSL_VERSION_SSL23) + self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ + PySSL_END_ALLOW_THREADS +@@ -1698,10 +1706,14 @@ + PY_SSL_CERT_REQUIRED); + + /* protocol versions */ ++#ifndef OPENSSL_NO_SSL2 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); ++#endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/3.2.1/Python-3.2.1/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.2.1/Python-3.2.1/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..7e2d6b09 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.2.1/Python-3.2.1/010_ssl_no_ssl3.patch @@ -0,0 +1,101 @@ +diff -r -u ../Python-3.2.1.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-3.2.1.orig/Lib/ssl.py 2011-07-09 06:58:49.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-20 07:06:01.609146268 +0000 +@@ -62,32 +62,30 @@ + from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION + from _ssl import _SSLContext, SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1 +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import ( +- SSL_ERROR_ZERO_RETURN, +- SSL_ERROR_WANT_READ, +- SSL_ERROR_WANT_WRITE, +- SSL_ERROR_WANT_X509_LOOKUP, +- SSL_ERROR_SYSCALL, +- SSL_ERROR_SSL, +- SSL_ERROR_WANT_CONNECT, +- SSL_ERROR_EOF, +- SSL_ERROR_INVALID_ERROR_CODE, +- ) +-from _ssl import HAS_SNI +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++from _ssl import RAND_status, RAND_add + try: +- from _ssl import PROTOCOL_SSLv2 ++ from _ssl import RAND_egd + except ImportError: ++ # LibreSSL does not provide RAND_egd + pass +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ ++from _ssl import HAS_SNI ++ ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} ++ ++try: ++ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++except NameError: ++ _SSLv2_IF_EXISTS = None + + from socket import getnameinfo as _getnameinfo + from socket import error as socket_error +@@ -545,7 +543,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff -r -u ../Python-3.2.1.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-3.2.1.orig/Modules/_ssl.c 2011-07-09 06:58:54.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-20 07:04:34.878266042 +0000 +@@ -66,7 +66,9 @@ + #ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, + #endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3=1, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -1450,8 +1452,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + ctx = SSL_CTX_new(TLSv1_method()); ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + ctx = SSL_CTX_new(SSLv3_method()); ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + ctx = SSL_CTX_new(SSLv2_method()); +@@ -2118,8 +2122,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/3.2.2/Python-3.2.2/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.2.2/Python-3.2.2/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..f8de55f9 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.2.2/Python-3.2.2/010_ssl_no_ssl3.patch @@ -0,0 +1,102 @@ +diff -r -u ../Python-3.2.2.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-3.2.2.orig/Lib/ssl.py 2011-09-03 16:16:42.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-20 07:01:09.947260656 +0000 +@@ -62,34 +62,30 @@ + from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION + from _ssl import _SSLContext, SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1 +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import ( +- SSL_ERROR_ZERO_RETURN, +- SSL_ERROR_WANT_READ, +- SSL_ERROR_WANT_WRITE, +- SSL_ERROR_WANT_X509_LOOKUP, +- SSL_ERROR_SYSCALL, +- SSL_ERROR_SSL, +- SSL_ERROR_WANT_CONNECT, +- SSL_ERROR_EOF, +- SSL_ERROR_INVALID_ERROR_CODE, +- ) ++from _ssl import RAND_status, RAND_add ++try: ++ from _ssl import RAND_egd ++except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ + from _ssl import HAS_SNI +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 + from _ssl import _OPENSSL_API_VERSION + +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} + try: +- from _ssl import PROTOCOL_SSLv2 +-except ImportError: +- pass +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" ++ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 ++except NameError: ++ _SSLv2_IF_EXISTS = None + + from socket import getnameinfo as _getnameinfo + from socket import error as socket_error +@@ -547,7 +543,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff -r -u ../Python-3.2.2.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-3.2.2.orig/Modules/_ssl.c 2011-09-03 16:16:46.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-20 06:59:12.632993190 +0000 +@@ -66,7 +66,9 @@ + #ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, + #endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3=1, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -1450,8 +1452,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + ctx = SSL_CTX_new(TLSv1_method()); ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + ctx = SSL_CTX_new(SSLv3_method()); ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + ctx = SSL_CTX_new(SSLv2_method()); +@@ -2136,8 +2140,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/3.2.3/Python-3.2.3/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.2.3/Python-3.2.3/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..11a94399 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.2.3/Python-3.2.3/010_ssl_no_ssl3.patch @@ -0,0 +1,100 @@ +diff -r -u ../Python-3.2.6.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-3.2.6.orig/Lib/ssl.py 2014-10-12 06:52:02.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-20 06:40:11.895384463 +0000 +@@ -62,35 +62,30 @@ + from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION + from _ssl import _SSLContext, SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1 + from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import ( +- SSL_ERROR_ZERO_RETURN, +- SSL_ERROR_WANT_READ, +- SSL_ERROR_WANT_WRITE, +- SSL_ERROR_WANT_X509_LOOKUP, +- SSL_ERROR_SYSCALL, +- SSL_ERROR_SSL, +- SSL_ERROR_WANT_CONNECT, +- SSL_ERROR_EOF, +- SSL_ERROR_INVALID_ERROR_CODE, +- ) ++try: ++ from _ssl import RAND_egd ++except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ + from _ssl import HAS_SNI +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 + from _ssl import _OPENSSL_API_VERSION + +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} + try: +- from _ssl import PROTOCOL_SSLv2 + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 +-except ImportError: ++except NameError: + _SSLv2_IF_EXISTS = None +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + + from socket import getnameinfo as _getnameinfo + from socket import error as socket_error +@@ -557,7 +552,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff -r -u ../Python-3.2.6.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-3.2.6.orig/Modules/_ssl.c 2014-10-12 06:52:03.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-20 06:37:10.124337227 +0000 +@@ -66,7 +66,9 @@ + #ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, + #endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3=1, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -1512,8 +1514,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + ctx = SSL_CTX_new(TLSv1_method()); ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + ctx = SSL_CTX_new(SSLv3_method()); ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + ctx = SSL_CTX_new(SSLv2_method()); +@@ -2199,8 +2203,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/3.2.4/Python-3.2.4/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.2.4/Python-3.2.4/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..11a94399 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.2.4/Python-3.2.4/010_ssl_no_ssl3.patch @@ -0,0 +1,100 @@ +diff -r -u ../Python-3.2.6.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-3.2.6.orig/Lib/ssl.py 2014-10-12 06:52:02.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-20 06:40:11.895384463 +0000 +@@ -62,35 +62,30 @@ + from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION + from _ssl import _SSLContext, SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1 + from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import ( +- SSL_ERROR_ZERO_RETURN, +- SSL_ERROR_WANT_READ, +- SSL_ERROR_WANT_WRITE, +- SSL_ERROR_WANT_X509_LOOKUP, +- SSL_ERROR_SYSCALL, +- SSL_ERROR_SSL, +- SSL_ERROR_WANT_CONNECT, +- SSL_ERROR_EOF, +- SSL_ERROR_INVALID_ERROR_CODE, +- ) ++try: ++ from _ssl import RAND_egd ++except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ + from _ssl import HAS_SNI +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 + from _ssl import _OPENSSL_API_VERSION + +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} + try: +- from _ssl import PROTOCOL_SSLv2 + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 +-except ImportError: ++except NameError: + _SSLv2_IF_EXISTS = None +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + + from socket import getnameinfo as _getnameinfo + from socket import error as socket_error +@@ -557,7 +552,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff -r -u ../Python-3.2.6.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-3.2.6.orig/Modules/_ssl.c 2014-10-12 06:52:03.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-20 06:37:10.124337227 +0000 +@@ -66,7 +66,9 @@ + #ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, + #endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3=1, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -1512,8 +1514,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + ctx = SSL_CTX_new(TLSv1_method()); ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + ctx = SSL_CTX_new(SSLv3_method()); ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + ctx = SSL_CTX_new(SSLv2_method()); +@@ -2199,8 +2203,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/3.2.5/Python-3.2.5/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.2.5/Python-3.2.5/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..11a94399 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.2.5/Python-3.2.5/010_ssl_no_ssl3.patch @@ -0,0 +1,100 @@ +diff -r -u ../Python-3.2.6.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-3.2.6.orig/Lib/ssl.py 2014-10-12 06:52:02.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-20 06:40:11.895384463 +0000 +@@ -62,35 +62,30 @@ + from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION + from _ssl import _SSLContext, SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1 + from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import ( +- SSL_ERROR_ZERO_RETURN, +- SSL_ERROR_WANT_READ, +- SSL_ERROR_WANT_WRITE, +- SSL_ERROR_WANT_X509_LOOKUP, +- SSL_ERROR_SYSCALL, +- SSL_ERROR_SSL, +- SSL_ERROR_WANT_CONNECT, +- SSL_ERROR_EOF, +- SSL_ERROR_INVALID_ERROR_CODE, +- ) ++try: ++ from _ssl import RAND_egd ++except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ + from _ssl import HAS_SNI +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 + from _ssl import _OPENSSL_API_VERSION + +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} + try: +- from _ssl import PROTOCOL_SSLv2 + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 +-except ImportError: ++except NameError: + _SSLv2_IF_EXISTS = None +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + + from socket import getnameinfo as _getnameinfo + from socket import error as socket_error +@@ -557,7 +552,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff -r -u ../Python-3.2.6.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-3.2.6.orig/Modules/_ssl.c 2014-10-12 06:52:03.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-20 06:37:10.124337227 +0000 +@@ -66,7 +66,9 @@ + #ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, + #endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3=1, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -1512,8 +1514,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + ctx = SSL_CTX_new(TLSv1_method()); ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + ctx = SSL_CTX_new(SSLv3_method()); ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + ctx = SSL_CTX_new(SSLv2_method()); +@@ -2199,8 +2203,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/3.2.6/Python-3.2.6/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.2.6/Python-3.2.6/010_ssl_no_ssl3.patch new file mode 100644 index 00000000..11a94399 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.2.6/Python-3.2.6/010_ssl_no_ssl3.patch @@ -0,0 +1,100 @@ +diff -r -u ../Python-3.2.6.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-3.2.6.orig/Lib/ssl.py 2014-10-12 06:52:02.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-20 06:40:11.895384463 +0000 +@@ -62,35 +62,30 @@ + from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION + from _ssl import _SSLContext, SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1 + from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import ( +- SSL_ERROR_ZERO_RETURN, +- SSL_ERROR_WANT_READ, +- SSL_ERROR_WANT_WRITE, +- SSL_ERROR_WANT_X509_LOOKUP, +- SSL_ERROR_SYSCALL, +- SSL_ERROR_SSL, +- SSL_ERROR_WANT_CONNECT, +- SSL_ERROR_EOF, +- SSL_ERROR_INVALID_ERROR_CODE, +- ) ++try: ++ from _ssl import RAND_egd ++except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ + from _ssl import HAS_SNI +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 + from _ssl import _OPENSSL_API_VERSION + +-_PROTOCOL_NAMES = { +- PROTOCOL_TLSv1: "TLSv1", +- PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", +-} ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} + try: +- from _ssl import PROTOCOL_SSLv2 + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 +-except ImportError: ++except NameError: + _SSLv2_IF_EXISTS = None +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + + from socket import getnameinfo as _getnameinfo + from socket import error as socket_error +@@ -557,7 +552,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff -r -u ../Python-3.2.6.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-3.2.6.orig/Modules/_ssl.c 2014-10-12 06:52:03.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-20 06:37:10.124337227 +0000 +@@ -66,7 +66,9 @@ + #ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, + #endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3=1, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -1512,8 +1514,10 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + ctx = SSL_CTX_new(TLSv1_method()); ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + ctx = SSL_CTX_new(SSLv3_method()); ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + ctx = SSL_CTX_new(SSLv2_method()); +@@ -2199,8 +2203,10 @@ + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/3.2/Python-3.2/001_openssl_no_ssl2.patch b/plugins/python-build/share/python-build/patches/3.2/Python-3.2/001_openssl_no_ssl2.patch deleted file mode 100644 index a4c55eb3..00000000 --- a/plugins/python-build/share/python-build/patches/3.2/Python-3.2/001_openssl_no_ssl2.patch +++ /dev/null @@ -1,75 +0,0 @@ -diff -r -u ./Lib/ssl.py ../Python-3.2/Lib/ssl.py ---- ./Lib/ssl.py 2010-10-23 03:19:07.000000000 +0900 -+++ ../Python-3.2/Lib/ssl.py 2013-05-23 11:56:30.000000000 +0900 -@@ -62,8 +62,20 @@ - from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION - from _ssl import _SSLContext, SSLError - from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED --from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, -+from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23, - PROTOCOL_TLSv1) -+_PROTOCOL_NAMES = { -+ PROTOCOL_TLSv1: "TLSv1", -+ PROTOCOL_SSLv23: "SSLv23", -+ PROTOCOL_SSLv3: "SSLv3", -+} -+try: -+ from _ssl import PROTOCOL_SSLv2 -+ _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 -+except ImportError: -+ _SSLv2_IF_EXISTS = None -+else: -+ _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" - from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1 - from _ssl import RAND_status, RAND_egd, RAND_add - from _ssl import ( -@@ -537,13 +549,4 @@ - return DER_cert_to_PEM_cert(dercert) - - def get_protocol_name(protocol_code): -- if protocol_code == PROTOCOL_TLSv1: -- return "TLSv1" -- elif protocol_code == PROTOCOL_SSLv23: -- return "SSLv23" -- elif protocol_code == PROTOCOL_SSLv2: -- return "SSLv2" -- elif protocol_code == PROTOCOL_SSLv3: -- return "SSLv3" -- else: -- return "" -+ return _PROTOCOL_NAMES.get(protocol_code, '') -diff -r -u ./Modules/_ssl.c ../Python-3.2/Modules/_ssl.c ---- ./Modules/_ssl.c 2011-01-29 20:31:20.000000000 +0900 -+++ ../Python-3.2/Modules/_ssl.c 2013-05-23 11:57:44.000000000 +0900 -@@ -63,7 +63,9 @@ - }; - - enum py_ssl_version { -+#ifndef OPENSSL_NO_SSL2 - PY_SSL_VERSION_SSL2, -+#endif - PY_SSL_VERSION_SSL3, - PY_SSL_VERSION_SSL23, - PY_SSL_VERSION_TLS1 -@@ -1450,8 +1452,10 @@ - ctx = SSL_CTX_new(TLSv1_method()); - else if (proto_version == PY_SSL_VERSION_SSL3) - ctx = SSL_CTX_new(SSLv3_method()); -+#ifndef OPENSSL_NO_SSL2 - else if (proto_version == PY_SSL_VERSION_SSL2) - ctx = SSL_CTX_new(SSLv2_method()); -+#endif - else if (proto_version == PY_SSL_VERSION_SSL23) - ctx = SSL_CTX_new(SSLv23_method()); - else -@@ -2110,8 +2114,10 @@ - PY_SSL_CERT_REQUIRED); - - /* protocol versions */ -+#ifndef OPENSSL_NO_SSL2 - PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", - PY_SSL_VERSION_SSL2); -+#endif - PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", - PY_SSL_VERSION_SSL3); - PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", diff --git a/plugins/python-build/share/python-build/patches/3.2/Python-3.2/010_ssl_no_ssl2_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.2/Python-3.2/010_ssl_no_ssl2_no_ssl3.patch new file mode 100644 index 00000000..1a3bb9a1 --- /dev/null +++ b/plugins/python-build/share/python-build/patches/3.2/Python-3.2/010_ssl_no_ssl2_no_ssl3.patch @@ -0,0 +1,100 @@ +diff -r -u ../Python-3.2.orig/Lib/ssl.py ./Lib/ssl.py +--- ../Python-3.2.orig/Lib/ssl.py 2010-10-22 18:19:07.000000000 +0000 ++++ ./Lib/ssl.py 2015-12-20 07:12:00.759323661 +0000 +@@ -62,23 +62,26 @@ + from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION + from _ssl import _SSLContext, SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED +-from _ssl import (PROTOCOL_SSLv2, PROTOCOL_SSLv3, PROTOCOL_SSLv23, +- PROTOCOL_TLSv1) +-from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1 +-from _ssl import RAND_status, RAND_egd, RAND_add +-from _ssl import ( +- SSL_ERROR_ZERO_RETURN, +- SSL_ERROR_WANT_READ, +- SSL_ERROR_WANT_WRITE, +- SSL_ERROR_WANT_X509_LOOKUP, +- SSL_ERROR_SYSCALL, +- SSL_ERROR_SSL, +- SSL_ERROR_WANT_CONNECT, +- SSL_ERROR_EOF, +- SSL_ERROR_INVALID_ERROR_CODE, +- ) ++from _ssl import RAND_status, RAND_add ++try: ++ from _ssl import RAND_egd ++except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++ ++def _import_symbols(prefix): ++ for n in dir(_ssl): ++ if n.startswith(prefix): ++ globals()[n] = getattr(_ssl, n) ++ ++_import_symbols('OP_') ++_import_symbols('SSL_ERROR_') ++_import_symbols('PROTOCOL_') ++ + from _ssl import HAS_SNI + ++_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} ++ + from socket import getnameinfo as _getnameinfo + from socket import error as socket_error + from socket import socket, AF_INET, SOCK_STREAM +@@ -518,7 +521,7 @@ + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +diff -r -u ../Python-3.2.orig/Modules/_ssl.c ./Modules/_ssl.c +--- ../Python-3.2.orig/Modules/_ssl.c 2011-01-29 11:31:20.000000000 +0000 ++++ ./Modules/_ssl.c 2015-12-20 07:10:38.285929662 +0000 +@@ -63,8 +63,12 @@ + }; + + enum py_ssl_version { ++#ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, ++#endif ++#ifndef OPENSSL_NO_SSL3 + PY_SSL_VERSION_SSL3, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -1448,10 +1452,14 @@ + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + ctx = SSL_CTX_new(TLSv1_method()); ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + ctx = SSL_CTX_new(SSLv3_method()); ++#endif ++#ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + ctx = SSL_CTX_new(SSLv2_method()); ++#endif + else if (proto_version == PY_SSL_VERSION_SSL23) + ctx = SSL_CTX_new(SSLv23_method()); + else +@@ -2110,10 +2118,14 @@ + PY_SSL_CERT_REQUIRED); + + /* protocol versions */ ++#ifndef OPENSSL_NO_SSL2 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); ++#endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1", diff --git a/plugins/python-build/share/python-build/patches/3.3.0/Python-3.3.0/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.3.0/Python-3.3.0/010_ssl_no_ssl3.patch index 5860b307..44d321ea 100644 --- a/plugins/python-build/share/python-build/patches/3.3.0/Python-3.3.0/010_ssl_no_ssl3.patch +++ b/plugins/python-build/share/python-build/patches/3.3.0/Python-3.3.0/010_ssl_no_ssl3.patch @@ -1,7 +1,7 @@ diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py --- ../Python-3.3.6.orig/Lib/ssl.py 2014-10-12 07:03:53.000000000 +0000 -+++ ./Lib/ssl.py 2015-12-18 12:49:03.860983039 +0000 -@@ -66,40 +66,27 @@ ++++ ./Lib/ssl.py 2015-12-20 06:43:59.175134734 +0000 +@@ -66,47 +66,32 @@ SSLSyscallError, SSLEOFError, ) from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED @@ -54,25 +54,19 @@ diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py - PROTOCOL_SSLv3: "SSLv3", -} +_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} - try: - from _ssl import PROTOCOL_SSLv2 - _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 -@@ -108,6 +95,14 @@ - else: - _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" - -+try: -+ from _ssl import PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2 -+except ImportError: -+ pass -+else: -+ _PROTOCOL_NAMES[PROTOCOL_TLSv1_1] = "TLSv1.1" -+ _PROTOCOL_NAMES[PROTOCOL_TLSv1_2] = "TLSv1.2" + + try: +- from _ssl import PROTOCOL_SSLv2 + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 +-except ImportError: ++except NameError: + _SSLv2_IF_EXISTS = None +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + from socket import getnameinfo as _getnameinfo from socket import error as socket_error - from socket import socket, AF_INET, SOCK_STREAM, create_connection -@@ -664,7 +659,7 @@ +@@ -664,7 +649,7 @@ d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] return base64.decodebytes(d.encode('ASCII', 'strict')) @@ -83,7 +77,7 @@ diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py If 'ca_certs' is specified, validate the server cert against it. diff -r -u ../Python-3.3.6.orig/Modules/_ssl.c ./Modules/_ssl.c --- ../Python-3.3.6.orig/Modules/_ssl.c 2014-10-12 07:03:53.000000000 +0000 -+++ ./Modules/_ssl.c 2015-12-18 12:41:01.706137147 +0000 ++++ ./Modules/_ssl.c 2015-12-20 06:42:45.773667904 +0000 @@ -1746,8 +1746,10 @@ PySSL_BEGIN_ALLOW_THREADS if (proto_version == PY_SSL_VERSION_TLS1) diff --git a/plugins/python-build/share/python-build/patches/3.3.1/Python-3.3.1/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.3.1/Python-3.3.1/010_ssl_no_ssl3.patch index 5860b307..44d321ea 100644 --- a/plugins/python-build/share/python-build/patches/3.3.1/Python-3.3.1/010_ssl_no_ssl3.patch +++ b/plugins/python-build/share/python-build/patches/3.3.1/Python-3.3.1/010_ssl_no_ssl3.patch @@ -1,7 +1,7 @@ diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py --- ../Python-3.3.6.orig/Lib/ssl.py 2014-10-12 07:03:53.000000000 +0000 -+++ ./Lib/ssl.py 2015-12-18 12:49:03.860983039 +0000 -@@ -66,40 +66,27 @@ ++++ ./Lib/ssl.py 2015-12-20 06:43:59.175134734 +0000 +@@ -66,47 +66,32 @@ SSLSyscallError, SSLEOFError, ) from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED @@ -54,25 +54,19 @@ diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py - PROTOCOL_SSLv3: "SSLv3", -} +_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} - try: - from _ssl import PROTOCOL_SSLv2 - _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 -@@ -108,6 +95,14 @@ - else: - _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" - -+try: -+ from _ssl import PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2 -+except ImportError: -+ pass -+else: -+ _PROTOCOL_NAMES[PROTOCOL_TLSv1_1] = "TLSv1.1" -+ _PROTOCOL_NAMES[PROTOCOL_TLSv1_2] = "TLSv1.2" + + try: +- from _ssl import PROTOCOL_SSLv2 + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 +-except ImportError: ++except NameError: + _SSLv2_IF_EXISTS = None +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + from socket import getnameinfo as _getnameinfo from socket import error as socket_error - from socket import socket, AF_INET, SOCK_STREAM, create_connection -@@ -664,7 +659,7 @@ +@@ -664,7 +649,7 @@ d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] return base64.decodebytes(d.encode('ASCII', 'strict')) @@ -83,7 +77,7 @@ diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py If 'ca_certs' is specified, validate the server cert against it. diff -r -u ../Python-3.3.6.orig/Modules/_ssl.c ./Modules/_ssl.c --- ../Python-3.3.6.orig/Modules/_ssl.c 2014-10-12 07:03:53.000000000 +0000 -+++ ./Modules/_ssl.c 2015-12-18 12:41:01.706137147 +0000 ++++ ./Modules/_ssl.c 2015-12-20 06:42:45.773667904 +0000 @@ -1746,8 +1746,10 @@ PySSL_BEGIN_ALLOW_THREADS if (proto_version == PY_SSL_VERSION_TLS1) diff --git a/plugins/python-build/share/python-build/patches/3.3.2/Python-3.3.2/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.3.2/Python-3.3.2/010_ssl_no_ssl3.patch index 5860b307..44d321ea 100644 --- a/plugins/python-build/share/python-build/patches/3.3.2/Python-3.3.2/010_ssl_no_ssl3.patch +++ b/plugins/python-build/share/python-build/patches/3.3.2/Python-3.3.2/010_ssl_no_ssl3.patch @@ -1,7 +1,7 @@ diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py --- ../Python-3.3.6.orig/Lib/ssl.py 2014-10-12 07:03:53.000000000 +0000 -+++ ./Lib/ssl.py 2015-12-18 12:49:03.860983039 +0000 -@@ -66,40 +66,27 @@ ++++ ./Lib/ssl.py 2015-12-20 06:43:59.175134734 +0000 +@@ -66,47 +66,32 @@ SSLSyscallError, SSLEOFError, ) from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED @@ -54,25 +54,19 @@ diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py - PROTOCOL_SSLv3: "SSLv3", -} +_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} - try: - from _ssl import PROTOCOL_SSLv2 - _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 -@@ -108,6 +95,14 @@ - else: - _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" - -+try: -+ from _ssl import PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2 -+except ImportError: -+ pass -+else: -+ _PROTOCOL_NAMES[PROTOCOL_TLSv1_1] = "TLSv1.1" -+ _PROTOCOL_NAMES[PROTOCOL_TLSv1_2] = "TLSv1.2" + + try: +- from _ssl import PROTOCOL_SSLv2 + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 +-except ImportError: ++except NameError: + _SSLv2_IF_EXISTS = None +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + from socket import getnameinfo as _getnameinfo from socket import error as socket_error - from socket import socket, AF_INET, SOCK_STREAM, create_connection -@@ -664,7 +659,7 @@ +@@ -664,7 +649,7 @@ d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] return base64.decodebytes(d.encode('ASCII', 'strict')) @@ -83,7 +77,7 @@ diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py If 'ca_certs' is specified, validate the server cert against it. diff -r -u ../Python-3.3.6.orig/Modules/_ssl.c ./Modules/_ssl.c --- ../Python-3.3.6.orig/Modules/_ssl.c 2014-10-12 07:03:53.000000000 +0000 -+++ ./Modules/_ssl.c 2015-12-18 12:41:01.706137147 +0000 ++++ ./Modules/_ssl.c 2015-12-20 06:42:45.773667904 +0000 @@ -1746,8 +1746,10 @@ PySSL_BEGIN_ALLOW_THREADS if (proto_version == PY_SSL_VERSION_TLS1) diff --git a/plugins/python-build/share/python-build/patches/3.3.3/Python-3.3.3/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.3.3/Python-3.3.3/010_ssl_no_ssl3.patch index 5860b307..44d321ea 100644 --- a/plugins/python-build/share/python-build/patches/3.3.3/Python-3.3.3/010_ssl_no_ssl3.patch +++ b/plugins/python-build/share/python-build/patches/3.3.3/Python-3.3.3/010_ssl_no_ssl3.patch @@ -1,7 +1,7 @@ diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py --- ../Python-3.3.6.orig/Lib/ssl.py 2014-10-12 07:03:53.000000000 +0000 -+++ ./Lib/ssl.py 2015-12-18 12:49:03.860983039 +0000 -@@ -66,40 +66,27 @@ ++++ ./Lib/ssl.py 2015-12-20 06:43:59.175134734 +0000 +@@ -66,47 +66,32 @@ SSLSyscallError, SSLEOFError, ) from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED @@ -54,25 +54,19 @@ diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py - PROTOCOL_SSLv3: "SSLv3", -} +_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} - try: - from _ssl import PROTOCOL_SSLv2 - _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 -@@ -108,6 +95,14 @@ - else: - _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" - -+try: -+ from _ssl import PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2 -+except ImportError: -+ pass -+else: -+ _PROTOCOL_NAMES[PROTOCOL_TLSv1_1] = "TLSv1.1" -+ _PROTOCOL_NAMES[PROTOCOL_TLSv1_2] = "TLSv1.2" + + try: +- from _ssl import PROTOCOL_SSLv2 + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 +-except ImportError: ++except NameError: + _SSLv2_IF_EXISTS = None +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + from socket import getnameinfo as _getnameinfo from socket import error as socket_error - from socket import socket, AF_INET, SOCK_STREAM, create_connection -@@ -664,7 +659,7 @@ +@@ -664,7 +649,7 @@ d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] return base64.decodebytes(d.encode('ASCII', 'strict')) @@ -83,7 +77,7 @@ diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py If 'ca_certs' is specified, validate the server cert against it. diff -r -u ../Python-3.3.6.orig/Modules/_ssl.c ./Modules/_ssl.c --- ../Python-3.3.6.orig/Modules/_ssl.c 2014-10-12 07:03:53.000000000 +0000 -+++ ./Modules/_ssl.c 2015-12-18 12:41:01.706137147 +0000 ++++ ./Modules/_ssl.c 2015-12-20 06:42:45.773667904 +0000 @@ -1746,8 +1746,10 @@ PySSL_BEGIN_ALLOW_THREADS if (proto_version == PY_SSL_VERSION_TLS1) diff --git a/plugins/python-build/share/python-build/patches/3.3.4/Python-3.3.4/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.3.4/Python-3.3.4/010_ssl_no_ssl3.patch index 5860b307..44d321ea 100644 --- a/plugins/python-build/share/python-build/patches/3.3.4/Python-3.3.4/010_ssl_no_ssl3.patch +++ b/plugins/python-build/share/python-build/patches/3.3.4/Python-3.3.4/010_ssl_no_ssl3.patch @@ -1,7 +1,7 @@ diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py --- ../Python-3.3.6.orig/Lib/ssl.py 2014-10-12 07:03:53.000000000 +0000 -+++ ./Lib/ssl.py 2015-12-18 12:49:03.860983039 +0000 -@@ -66,40 +66,27 @@ ++++ ./Lib/ssl.py 2015-12-20 06:43:59.175134734 +0000 +@@ -66,47 +66,32 @@ SSLSyscallError, SSLEOFError, ) from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED @@ -54,25 +54,19 @@ diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py - PROTOCOL_SSLv3: "SSLv3", -} +_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} - try: - from _ssl import PROTOCOL_SSLv2 - _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 -@@ -108,6 +95,14 @@ - else: - _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" - -+try: -+ from _ssl import PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2 -+except ImportError: -+ pass -+else: -+ _PROTOCOL_NAMES[PROTOCOL_TLSv1_1] = "TLSv1.1" -+ _PROTOCOL_NAMES[PROTOCOL_TLSv1_2] = "TLSv1.2" + + try: +- from _ssl import PROTOCOL_SSLv2 + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 +-except ImportError: ++except NameError: + _SSLv2_IF_EXISTS = None +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + from socket import getnameinfo as _getnameinfo from socket import error as socket_error - from socket import socket, AF_INET, SOCK_STREAM, create_connection -@@ -664,7 +659,7 @@ +@@ -664,7 +649,7 @@ d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] return base64.decodebytes(d.encode('ASCII', 'strict')) @@ -83,7 +77,7 @@ diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py If 'ca_certs' is specified, validate the server cert against it. diff -r -u ../Python-3.3.6.orig/Modules/_ssl.c ./Modules/_ssl.c --- ../Python-3.3.6.orig/Modules/_ssl.c 2014-10-12 07:03:53.000000000 +0000 -+++ ./Modules/_ssl.c 2015-12-18 12:41:01.706137147 +0000 ++++ ./Modules/_ssl.c 2015-12-20 06:42:45.773667904 +0000 @@ -1746,8 +1746,10 @@ PySSL_BEGIN_ALLOW_THREADS if (proto_version == PY_SSL_VERSION_TLS1) diff --git a/plugins/python-build/share/python-build/patches/3.3.5/Python-3.3.5/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.3.5/Python-3.3.5/010_ssl_no_ssl3.patch index 5860b307..44d321ea 100644 --- a/plugins/python-build/share/python-build/patches/3.3.5/Python-3.3.5/010_ssl_no_ssl3.patch +++ b/plugins/python-build/share/python-build/patches/3.3.5/Python-3.3.5/010_ssl_no_ssl3.patch @@ -1,7 +1,7 @@ diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py --- ../Python-3.3.6.orig/Lib/ssl.py 2014-10-12 07:03:53.000000000 +0000 -+++ ./Lib/ssl.py 2015-12-18 12:49:03.860983039 +0000 -@@ -66,40 +66,27 @@ ++++ ./Lib/ssl.py 2015-12-20 06:43:59.175134734 +0000 +@@ -66,47 +66,32 @@ SSLSyscallError, SSLEOFError, ) from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED @@ -54,25 +54,19 @@ diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py - PROTOCOL_SSLv3: "SSLv3", -} +_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} - try: - from _ssl import PROTOCOL_SSLv2 - _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 -@@ -108,6 +95,14 @@ - else: - _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" - -+try: -+ from _ssl import PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2 -+except ImportError: -+ pass -+else: -+ _PROTOCOL_NAMES[PROTOCOL_TLSv1_1] = "TLSv1.1" -+ _PROTOCOL_NAMES[PROTOCOL_TLSv1_2] = "TLSv1.2" + + try: +- from _ssl import PROTOCOL_SSLv2 + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 +-except ImportError: ++except NameError: + _SSLv2_IF_EXISTS = None +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + from socket import getnameinfo as _getnameinfo from socket import error as socket_error - from socket import socket, AF_INET, SOCK_STREAM, create_connection -@@ -664,7 +659,7 @@ +@@ -664,7 +649,7 @@ d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] return base64.decodebytes(d.encode('ASCII', 'strict')) @@ -83,7 +77,7 @@ diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py If 'ca_certs' is specified, validate the server cert against it. diff -r -u ../Python-3.3.6.orig/Modules/_ssl.c ./Modules/_ssl.c --- ../Python-3.3.6.orig/Modules/_ssl.c 2014-10-12 07:03:53.000000000 +0000 -+++ ./Modules/_ssl.c 2015-12-18 12:41:01.706137147 +0000 ++++ ./Modules/_ssl.c 2015-12-20 06:42:45.773667904 +0000 @@ -1746,8 +1746,10 @@ PySSL_BEGIN_ALLOW_THREADS if (proto_version == PY_SSL_VERSION_TLS1) diff --git a/plugins/python-build/share/python-build/patches/3.3.6/Python-3.3.6/010_ssl_no_ssl3.patch b/plugins/python-build/share/python-build/patches/3.3.6/Python-3.3.6/010_ssl_no_ssl3.patch index 5860b307..44d321ea 100644 --- a/plugins/python-build/share/python-build/patches/3.3.6/Python-3.3.6/010_ssl_no_ssl3.patch +++ b/plugins/python-build/share/python-build/patches/3.3.6/Python-3.3.6/010_ssl_no_ssl3.patch @@ -1,7 +1,7 @@ diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py --- ../Python-3.3.6.orig/Lib/ssl.py 2014-10-12 07:03:53.000000000 +0000 -+++ ./Lib/ssl.py 2015-12-18 12:49:03.860983039 +0000 -@@ -66,40 +66,27 @@ ++++ ./Lib/ssl.py 2015-12-20 06:43:59.175134734 +0000 +@@ -66,47 +66,32 @@ SSLSyscallError, SSLEOFError, ) from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED @@ -54,25 +54,19 @@ diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py - PROTOCOL_SSLv3: "SSLv3", -} +_PROTOCOL_NAMES = {value: name for name, value in globals().items() if name.startswith('PROTOCOL_')} - try: - from _ssl import PROTOCOL_SSLv2 - _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 -@@ -108,6 +95,14 @@ - else: - _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" - -+try: -+ from _ssl import PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2 -+except ImportError: -+ pass -+else: -+ _PROTOCOL_NAMES[PROTOCOL_TLSv1_1] = "TLSv1.1" -+ _PROTOCOL_NAMES[PROTOCOL_TLSv1_2] = "TLSv1.2" + + try: +- from _ssl import PROTOCOL_SSLv2 + _SSLv2_IF_EXISTS = PROTOCOL_SSLv2 +-except ImportError: ++except NameError: + _SSLv2_IF_EXISTS = None +-else: +- _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" + from socket import getnameinfo as _getnameinfo from socket import error as socket_error - from socket import socket, AF_INET, SOCK_STREAM, create_connection -@@ -664,7 +659,7 @@ +@@ -664,7 +649,7 @@ d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] return base64.decodebytes(d.encode('ASCII', 'strict')) @@ -83,7 +77,7 @@ diff -r -u ../Python-3.3.6.orig/Lib/ssl.py ./Lib/ssl.py If 'ca_certs' is specified, validate the server cert against it. diff -r -u ../Python-3.3.6.orig/Modules/_ssl.c ./Modules/_ssl.c --- ../Python-3.3.6.orig/Modules/_ssl.c 2014-10-12 07:03:53.000000000 +0000 -+++ ./Modules/_ssl.c 2015-12-18 12:41:01.706137147 +0000 ++++ ./Modules/_ssl.c 2015-12-20 06:42:45.773667904 +0000 @@ -1746,8 +1746,10 @@ PySSL_BEGIN_ALLOW_THREADS if (proto_version == PY_SSL_VERSION_TLS1)