Patchwork contrib: disable SSLv3_method() to build old Python with recent libssl

login
register
mail settings
Submitter Yuya Nishihara
Date Dec. 4, 2015, 3:20 p.m.
Message ID <79664cc70af331c721f3.1449242441@mimosa>
Download mbox | patch
Permalink /patch/11807/
State Accepted
Headers show

Comments

Yuya Nishihara - Dec. 4, 2015, 3:20 p.m.
# HG changeset patch
# User Yuya Nishihara <yuya@tcha.org>
# Date 1446881464 -32400
#      Sat Nov 07 16:31:04 2015 +0900
# Node ID 79664cc70af331c721f3a0a381af140e1777f4a7
# Parent  30a20167ae29e1874163b59a489de0cb1d859565
contrib: disable SSLv3_method() to build old Python with recent libssl

Because OpenSSL is compiled without SSLv3 support on Debian sid, Python 2.6.9
can't be built without this hack. Python 2.7 is patched appropriately, but
2.6 isn't.

http://bugs.python.org/issue22935
Augie Fackler - Dec. 4, 2015, 7:53 p.m.
On Sat, Dec 05, 2015 at 12:20:41AM +0900, Yuya Nishihara wrote:
> # HG changeset patch
> # User Yuya Nishihara <yuya@tcha.org>
> # Date 1446881464 -32400
> #      Sat Nov 07 16:31:04 2015 +0900
> # Node ID 79664cc70af331c721f3a0a381af140e1777f4a7
> # Parent  30a20167ae29e1874163b59a489de0cb1d859565
> contrib: disable SSLv3_method() to build old Python with recent libssl

Queued, thanks

>
> Because OpenSSL is compiled without SSLv3 support on Debian sid, Python 2.6.9
> can't be built without this hack. Python 2.7 is patched appropriately, but
> 2.6 isn't.
>
> http://bugs.python.org/issue22935
>
> diff --git a/contrib/Makefile.python b/contrib/Makefile.python
> --- a/contrib/Makefile.python
> +++ b/contrib/Makefile.python
> @@ -47,8 +47,8 @@ PYTHON_SRCFILE=$(PYTHON_SRCDIR).tgz
>       [ -f $(PYTHON_SRCFILE) ] || wget http://www.python.org/ftp/python/$(PYTHONVER)/$(PYTHON_SRCFILE) || curl -OL http://www.python.org/ftp/python/$(PYTHONVER)/$(PYTHON_SRCFILE) || [ -f $(PYTHON_SRCFILE) ]
>       rm -rf $(PYTHON_SRCDIR)
>       tar xf $(PYTHON_SRCFILE)
> -	# Ubuntu disables SSLv2 the hard way, disable it on old Pythons too
> -	-sed -i 's,self.*SSLv2_method(),0;//\0,g' $(PYTHON_SRCDIR)/Modules/_ssl.c
> +	# Debian/Ubuntu disables SSLv2,3 the hard way, disable it on old Pythons too
> +	-sed -i 's,self.*SSLv[23]_method(),0;//\0,g' $(PYTHON_SRCDIR)/Modules/_ssl.c
>       # Find multiarch system libraries on Ubuntu and disable fortify error when setting argv
>       LDFLAGS="-L/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH`"; \
>       BASECFLAGS=-U_FORTIFY_SOURCE; \
> _______________________________________________
> Mercurial-devel mailing list
> Mercurial-devel@selenic.com
> https://selenic.com/mailman/listinfo/mercurial-devel

Patch

diff --git a/contrib/Makefile.python b/contrib/Makefile.python
--- a/contrib/Makefile.python
+++ b/contrib/Makefile.python
@@ -47,8 +47,8 @@  PYTHON_SRCFILE=$(PYTHON_SRCDIR).tgz
 	[ -f $(PYTHON_SRCFILE) ] || wget http://www.python.org/ftp/python/$(PYTHONVER)/$(PYTHON_SRCFILE) || curl -OL http://www.python.org/ftp/python/$(PYTHONVER)/$(PYTHON_SRCFILE) || [ -f $(PYTHON_SRCFILE) ]
 	rm -rf $(PYTHON_SRCDIR)
 	tar xf $(PYTHON_SRCFILE)
-	# Ubuntu disables SSLv2 the hard way, disable it on old Pythons too
-	-sed -i 's,self.*SSLv2_method(),0;//\0,g' $(PYTHON_SRCDIR)/Modules/_ssl.c
+	# Debian/Ubuntu disables SSLv2,3 the hard way, disable it on old Pythons too
+	-sed -i 's,self.*SSLv[23]_method(),0;//\0,g' $(PYTHON_SRCDIR)/Modules/_ssl.c
 	# Find multiarch system libraries on Ubuntu and disable fortify error when setting argv
 	LDFLAGS="-L/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH`"; \
 	BASECFLAGS=-U_FORTIFY_SOURCE; \