[oe] [meta-python][jethro][fido][PATCH] python-m2crypto: fix SSLv2 symbol issue
akuster808
akuster808 at gmail.com
Mon Mar 7 21:47:40 UTC 2016
On 03/07/2016 04:07 AM, Martin Jansa wrote:
> On Sat, Mar 05, 2016 at 08:54:57AM -0800, Armin Kuster wrote:
>> From: Armin Kuster <akuster at mvista.com>
>>
>> ERROR: Failed to import the "M2Crypto" module: .../usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: undefined symbol: SSLv2_method
>>
>> disable using SSLv2_method if not supported in openssl. This is now the case
>> with the advent of CVE-2016-0800
>
> Doen't apply cleanly in fido-next, can you send version for fido
> separately?
sure.
- armin
>
>>
>> Signed-off-by: Armin Kuster <akuster at mvista.com>
>> ---
>> ...y_build_with_SSLv2_when_it_is_not_available.patch | 20 ++++++++++++++++++++
>> .../python/python-m2crypto_0.21.1.bb | 4 +++-
>> 2 files changed, 23 insertions(+), 1 deletion(-)
>> create mode 100644 meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
>>
>> diff --git a/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
>> new file mode 100644
>> index 0000000..526c23f
>> --- /dev/null
>> +++ b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
>> @@ -0,0 +1,20 @@
>> +Upstream-Status: Backport
>> +https://gitlab.com/m2crypto/m2crypto/commit/ac01b38302474920288c1a9eb63fd35fa8d1db5b
>> +
>> +Signed-off-by: Armin Kuster <akuster at mvista.com>
>> +
>> +Index: M2Crypto-0.21.1/SWIG/_ssl.i
>> +===================================================================
>> +--- M2Crypto-0.21.1.orig/SWIG/_ssl.i
>> ++++ M2Crypto-0.21.1/SWIG/_ssl.i
>> +@@ -48,8 +48,10 @@ extern const char *SSL_alert_desc_string
>> + %rename(ssl_get_alert_desc_v) SSL_alert_desc_string_long;
>> + extern const char *SSL_alert_desc_string_long(int);
>> +
>> ++#ifndef OPENSSL_NO_SSL2
>> + %rename(sslv2_method) SSLv2_method;
>> + extern SSL_METHOD *SSLv2_method(void);
>> ++#endif
>> + %rename(sslv3_method) SSLv3_method;
>> + extern SSL_METHOD *SSLv3_method(void);
>> + %rename(sslv23_method) SSLv23_method;
>> diff --git a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
>> index ff6203f..7dfa8d8 100644
>> --- a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
>> +++ b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
>> @@ -8,7 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b0e1f0b7d0ce8a62c18b1287b991800e"
>>
>> SRC_URI = "http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-${PV}.tar.gz \
>> file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \
>> - file://0001-M2Crypto-Error-fix.patch"
>> + file://0001-M2Crypto-Error-fix.patch \
>> + file://dont_try_build_with_SSLv2_when_it_is_not_available.patch"
>>
>> SRC_URI[md5sum] = "f93d8462ff7646397a9f77a2fe602d17"
>> SRC_URI[sha256sum] = "25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a"
>> @@ -19,6 +20,7 @@ inherit setuptools
>>
>> SWIG_FEATURES_x86-64 = "-D__x86_64__"
>> SWIG_FEATURES ?= ""
>> +SWIG_FEATURES += "OPENSSL_NO_SSL2"
>> export SWIG_FEATURES
>>
>> # Get around a problem with swig, but only if the
>> --
>> 2.3.5
>>
>> --
>> _______________________________________________
>> Openembedded-devel mailing list
>> Openembedded-devel at lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
>
More information about the Openembedded-devel
mailing list