[oe] [meta-python][jethro][fido][PATCH] python-m2crypto: fix SSLv2 symbol issue

akuster808 akuster808 at gmail.com
Tue Mar 8 17:14:27 UTC 2016 


On 03/07/2016 06:58 PM, Yi Zhao wrote:
> Hi,
> 
> I got a build error when applied this patch on jethro branch:

thanks. looking into it now.

- armin
> 
> building 'M2Crypto.__m2crypto' extension
> swigging SWIG/_m2crypto.i to SWIG/_m2crypto_wrap.c
> swig -python
> -I/buildarea/poky/build-m2/tmp/sysroots/qemux86/usr/include/python2.7
> -I/buildarea/poky/build-m2/tmp/sysroots/qemux86/usr/include -includeall
> -modern -builtin -outdir build/lib.linux-x86_64-2.7/M2Crypto -o
> SWIG/_m2crypto_wrap.c SWIG/_m2crypto.i
> swig error : Unrecognized option OPENSSL_NO_SSL2
> Use 'swig -help' for available options.
> error: command 'swig' failed with exit status 1
> ERROR: python setup.py build execution failed.
> ERROR: Function failed: do_compile (log file is located at
> /buildarea/poky/build-m2/tmp/work/i586-poky-linux/python-m2crypto/0.21.1-r0/temp/log.do_compile.9461)
> 
> 
> 
> 
> Thanks,
> Yi
> 
> 
> 在 2016年03月06日 00:54, Armin Kuster 写道:
>> From: Armin Kuster <akuster at mvista.com>
>>
>> ERROR: Failed to import the "M2Crypto" module:
>> .../usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: undefined
>> symbol: SSLv2_method
>>
>> disable using SSLv2_method if not supported in openssl. This is now
>> the case
>> with the advent of CVE-2016-0800
>>
>> Signed-off-by: Armin Kuster <akuster at mvista.com>
>> ---
>>   ...y_build_with_SSLv2_when_it_is_not_available.patch | 20
>> ++++++++++++++++++++
>>   .../python/python-m2crypto_0.21.1.bb                 |  4 +++-
>>   2 files changed, 23 insertions(+), 1 deletion(-)
>>   create mode 100644
>> meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
>>
>>
>> diff --git
>> a/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
>> b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
>>
>> new file mode 100644
>> index 0000000..526c23f
>> --- /dev/null
>> +++
>> b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
>>
>> @@ -0,0 +1,20 @@
>> +Upstream-Status: Backport
>> +https://gitlab.com/m2crypto/m2crypto/commit/ac01b38302474920288c1a9eb63fd35fa8d1db5b
>>
>> +
>> +Signed-off-by: Armin Kuster <akuster at mvista.com>
>> +
>> +Index: M2Crypto-0.21.1/SWIG/_ssl.i
>> +===================================================================
>> +--- M2Crypto-0.21.1.orig/SWIG/_ssl.i
>> ++++ M2Crypto-0.21.1/SWIG/_ssl.i
>> +@@ -48,8 +48,10 @@ extern const char *SSL_alert_desc_string
>> + %rename(ssl_get_alert_desc_v) SSL_alert_desc_string_long;
>> + extern const char *SSL_alert_desc_string_long(int);
>> +
>> ++#ifndef OPENSSL_NO_SSL2
>> + %rename(sslv2_method) SSLv2_method;
>> + extern SSL_METHOD *SSLv2_method(void);
>> ++#endif
>> + %rename(sslv3_method) SSLv3_method;
>> + extern SSL_METHOD *SSLv3_method(void);
>> + %rename(sslv23_method) SSLv23_method;
>> diff --git
>> a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
>> b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
>> index ff6203f..7dfa8d8 100644
>> --- a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
>> +++ b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
>> @@ -8,7 +8,8 @@ LIC_FILES_CHKSUM =
>> "file://LICENCE;md5=b0e1f0b7d0ce8a62c18b1287b991800e"
>>     SRC_URI =
>> "http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-${PV}.tar.gz
>> \
>>             
>> file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \
>> -           file://0001-M2Crypto-Error-fix.patch"
>> +           file://0001-M2Crypto-Error-fix.patch \
>> +          
>> file://dont_try_build_with_SSLv2_when_it_is_not_available.patch"
>>     SRC_URI[md5sum] = "f93d8462ff7646397a9f77a2fe602d17"
>>   SRC_URI[sha256sum] =
>> "25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a"
>> @@ -19,6 +20,7 @@ inherit setuptools
>>     SWIG_FEATURES_x86-64 = "-D__x86_64__"
>>   SWIG_FEATURES ?= ""
>> +SWIG_FEATURES += "OPENSSL_NO_SSL2"
>>   export SWIG_FEATURES
>>     # Get around a problem with swig, but only if the
>

More information about the Openembedded-devel mailing list