Index: lang/python32/Makefile =================================================================== --- lang/python32/Makefile +++ lang/python32/Makefile @@ -12,6 +12,9 @@ LICENSE= PSFL +DEPRECATED= No longer receives bug fixes, only security updates. Please update to Python 3.5 +EXPIRATION_DATE= 2016-02-01 + USES= cpe ncurses pkgconfig readline tar:xz USE_OPENSSL= yes USE_LDCONFIG= yes Index: lang/python32/files/patch-PR195513 =================================================================== --- /dev/null +++ lang/python32/files/patch-PR195513 @@ -0,0 +1,174 @@ +--- Lib/ssl.py.orig 2014-10-12 08:52:02.000000000 +0200 ++++ Lib/ssl.py 2015-12-23 11:29:24.243085919 +0100 +@@ -63,7 +63,16 @@ from _ssl import OPENSSL_VERSION_NUMBER, + from _ssl import _SSLContext, SSLError + from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED + from _ssl import OP_ALL, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_TLSv1 +-from _ssl import RAND_status, RAND_egd, RAND_add ++### Fix build with LibreSSL (does not have RAND_egd) ++### PR195513, http://bugs.python.org/issue21356 ++from _ssl import RAND_status, RAND_add ++try: ++ from _ssl import RAND_egd ++except ImportError: ++ # LibreSSL does not provide RAND_egd ++ pass ++### End PR195513 ++ + from _ssl import ( + SSL_ERROR_ZERO_RETURN, + SSL_ERROR_WANT_READ, +@@ -76,13 +85,12 @@ from _ssl import ( + SSL_ERROR_INVALID_ERROR_CODE, + ) + from _ssl import HAS_SNI +-from _ssl import PROTOCOL_SSLv3, PROTOCOL_SSLv23, PROTOCOL_TLSv1 ++from _ssl import PROTOCOL_SSLv23, PROTOCOL_TLSv1 + from _ssl import _OPENSSL_API_VERSION + + _PROTOCOL_NAMES = { + PROTOCOL_TLSv1: "TLSv1", + PROTOCOL_SSLv23: "SSLv23", +- PROTOCOL_SSLv3: "SSLv3", + } + try: + from _ssl import PROTOCOL_SSLv2 +@@ -91,6 +99,13 @@ except ImportError: + _SSLv2_IF_EXISTS = None + else: + _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2" ++try: ++ from _ssl import PROTOCOL_SSLv3 ++ _SSLv3_IF_EXISTS = PROTOCOL_SSLv3 ++except ImportError: ++ _SSLv3_IF_EXISTS = None ++else: ++ _PROTOCOL_NAMES[PROTOCOL_SSLv3] = "SSLv3" + + from socket import getnameinfo as _getnameinfo + from socket import error as socket_error +@@ -557,7 +572,7 @@ def PEM_cert_to_DER_cert(pem_cert_string + d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)] + return base64.decodebytes(d.encode('ASCII', 'strict')) + +-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ++def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): + """Retrieve the certificate from the server at the specified address, + and return it as a PEM-encoded string. + If 'ca_certs' is specified, validate the server cert against it. +--- Lib/test/test_ssl.py.orig 2014-10-12 08:52:03.000000000 +0200 ++++ Lib/test/test_ssl.py 2015-12-23 11:29:24.245086385 +0100 +@@ -21,11 +21,12 @@ import functools + ssl = support.import_module("ssl") + + PROTOCOLS = [ +- ssl.PROTOCOL_SSLv3, + ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1 + ] + if hasattr(ssl, 'PROTOCOL_SSLv2'): + PROTOCOLS.append(ssl.PROTOCOL_SSLv2) ++if hasattr(ssl, 'PROTOCOL_SSLv3'): ++ PROTOCOLS.append(ssl.PROTOCOL_SSLv3) + + HOST = support.HOST + +@@ -104,8 +105,12 @@ class BasicSocketTests(unittest.TestCase + sys.stdout.write("\n RAND_status is %d (%s)\n" + % (v, (v and "sufficient randomness") or + "insufficient randomness")) +- self.assertRaises(TypeError, ssl.RAND_egd, 1) +- self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1) ++### Fix build with LibreSSL (does not have RAND_egd) ++### PR195513, http://bugs.python.org/issue21356 ++ if hasattr(ssl, 'RAND_egd'): ++ self.assertRaises(TypeError, ssl.RAND_egd, 1) ++ self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1) ++### End PR195513 + ssl.RAND_add("this is a random string", 75.0) + + def test_parse_cert(self): +@@ -380,7 +385,8 @@ class ContextTests(unittest.TestCase): + if hasattr(ssl, 'PROTOCOL_SSLv2'): + ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv2) + ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23) +- ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv3) ++ if hasattr(ssl, 'PROTOCOL_SSLv3'): ++ ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv3) + ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1) + self.assertRaises(TypeError, ssl.SSLContext) + self.assertRaises(ValueError, ssl.SSLContext, -1) +@@ -1372,6 +1378,7 @@ else: + + + @skip_if_broken_ubuntu_ssl ++ @unittest.skipUnless(hasattr(ssl, 'PROTOCOL_SSLv3'), "need SSLv3") + def test_protocol_sslv3(self): + """Connecting to an SSLv3 server with various client options""" + if support.verbose: +--- Modules/_ssl.c.orig 2014-10-12 08:52:03.000000000 +0200 ++++ Modules/_ssl.c 2015-12-23 11:29:24.242085898 +0100 +@@ -66,7 +66,9 @@ enum py_ssl_version { + #ifndef OPENSSL_NO_SSL2 + PY_SSL_VERSION_SSL2, + #endif +- PY_SSL_VERSION_SSL3=1, ++#ifndef OPENSSL_NO_SSL3 ++ PY_SSL_VERSION_SSL3, ++#endif + PY_SSL_VERSION_SSL23, + PY_SSL_VERSION_TLS1 + }; +@@ -1512,8 +1514,10 @@ context_new(PyTypeObject *type, PyObject + PySSL_BEGIN_ALLOW_THREADS + if (proto_version == PY_SSL_VERSION_TLS1) + ctx = SSL_CTX_new(TLSv1_method()); ++#ifndef OPENSSL_NO_SSL3 + else if (proto_version == PY_SSL_VERSION_SSL3) + ctx = SSL_CTX_new(SSLv3_method()); ++#endif + #ifndef OPENSSL_NO_SSL2 + else if (proto_version == PY_SSL_VERSION_SSL2) + ctx = SSL_CTX_new(SSLv2_method()); +@@ -1965,6 +1969,9 @@ Returns 1 if the OpenSSL PRNG has been s + It is necessary to seed the PRNG with RAND_add() on some platforms before\n\ + using the ssl() function."); + ++/* ### Fix build with LibreSSL (does not have RAND_egd) ++ ### PR195513, http://bugs.python.org/issue21356 */ ++#ifndef OPENSSL_NO_EGD + static PyObject * + PySSL_RAND_egd(PyObject *self, PyObject *args) + { +@@ -1992,6 +1999,8 @@ PyDoc_STRVAR(PySSL_RAND_egd_doc, + Queries the entropy gather daemon (EGD) on the socket named by 'path'.\n\ + Returns number of bytes read. Raises SSLError if connection to EGD\n\ + fails or if it does provide enough data to seed PRNG."); ++#endif /* OPENSSL_NO_EGD */ ++/* ### End PR195513 */ + + #endif + +@@ -2005,8 +2014,12 @@ static PyMethodDef PySSL_methods[] = { + #ifdef HAVE_OPENSSL_RAND + {"RAND_add", PySSL_RAND_add, METH_VARARGS, + PySSL_RAND_add_doc}, ++/* ### Fix build with LibreSSL (does not have RAND_egd) ++ ### PR195513, http://bugs.python.org/issue21356 */ ++#ifndef OPENSSL_NO_EGD + {"RAND_egd", PySSL_RAND_egd, METH_VARARGS, + PySSL_RAND_egd_doc}, ++#endif /* OPENSSL_NO_EGD */ + {"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS, + PySSL_RAND_status_doc}, + #endif +@@ -2199,8 +2212,10 @@ PyInit__ssl(void) + PyModule_AddIntConstant(m, "PROTOCOL_SSLv2", + PY_SSL_VERSION_SSL2); + #endif ++#ifndef OPENSSL_NO_SSL3 + PyModule_AddIntConstant(m, "PROTOCOL_SSLv3", + PY_SSL_VERSION_SSL3); ++#endif + PyModule_AddIntConstant(m, "PROTOCOL_SSLv23", + PY_SSL_VERSION_SSL23); + PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",