[oe] [meta-python][jethro][PATCH][V2] python-m2crypto: fix SSLv2 symbol issue

Martin Jansa martin.jansa at gmail.com
Thu Mar 17 21:54:42 UTC 2016 

On Mon, Mar 14, 2016 at 03:21:33PM -0700, Pushpal Sidhu wrote:
> Hi,
> 
> On Wed, Mar 9, 2016 at 11:18 AM, akuster808 <akuster808 at gmail.com> wrote:
> >
> >
> >
> > On 03/09/2016 11:11 AM, Martin Jansa wrote:
> > > On Wed, Mar 09, 2016 at 09:06:57AM -0800, Armin Kuster wrote:
> > >> From: Armin Kuster <akuster at mvista.com>
> > >>
> > >> missed using "-D"  for OPENSSL_NO_SSL2 swig_features.
> > >
> > > fido version:
> > > http://patchwork.openembedded.org/patch/117291/
> > > needed -D as well, right?
> >
> > yes.
> >
> >
> > >
> > > I've pushed both to fido-next and jethro-next
> 
> When will this be merged into fido/jethro? I've been running into this
> build breakage for about a week now and if I patch it myself, I'll
> only run into a conflict again later, causing more build issues.

I'm still seeing multiple issues caused by last openssl upgrade, e.g.
ruby, pywbem, crda

Are they all supposed to be fixed by this?

> > thanks
> > -armin
> > >
> > >>
> > >> ERROR: Failed to import the "M2Crypto" module: .../usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: undefined symbol: SSLv2_method
> > >>
> > >> disable using SSLv2_method if not supported in openssl. This is now the case
> > >> with the advent of CVE-2016-0800
> > >>
> > >> Signed-off-by: Armin Kuster <akuster at mvista.com>
> > >> ---
> > >>  ...y_build_with_SSLv2_when_it_is_not_available.patch | 20 ++++++++++++++++++++
> > >>  .../python/python-m2crypto_0.21.1.bb                 |  4 +++-
> > >>  2 files changed, 23 insertions(+), 1 deletion(-)
> > >>  create mode 100644 meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
> > >>
> > >> diff --git a/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
> > >> new file mode 100644
> > >> index 0000000..526c23f
> > >> --- /dev/null
> > >> +++ b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
> > >> @@ -0,0 +1,20 @@
> > >> +Upstream-Status: Backport
> > >> +https://gitlab.com/m2crypto/m2crypto/commit/ac01b38302474920288c1a9eb63fd35fa8d1db5b
> > >> +
> > >> +Signed-off-by: Armin Kuster <akuster at mvista.com>
> > >> +
> > >> +Index: M2Crypto-0.21.1/SWIG/_ssl.i
> > >> +===================================================================
> > >> +--- M2Crypto-0.21.1.orig/SWIG/_ssl.i
> > >> ++++ M2Crypto-0.21.1/SWIG/_ssl.i
> > >> +@@ -48,8 +48,10 @@ extern const char *SSL_alert_desc_string
> > >> + %rename(ssl_get_alert_desc_v) SSL_alert_desc_string_long;
> > >> + extern const char *SSL_alert_desc_string_long(int);
> > >> +
> > >> ++#ifndef OPENSSL_NO_SSL2
> > >> + %rename(sslv2_method) SSLv2_method;
> > >> + extern SSL_METHOD *SSLv2_method(void);
> > >> ++#endif
> > >> + %rename(sslv3_method) SSLv3_method;
> > >> + extern SSL_METHOD *SSLv3_method(void);
> > >> + %rename(sslv23_method) SSLv23_method;
> > >> diff --git a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
> > >> index ff6203f..9daea5e 100644
> > >> --- a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
> > >> +++ b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
> > >> @@ -8,7 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b0e1f0b7d0ce8a62c18b1287b991800e"
> > >>
> > >>  SRC_URI = "http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-${PV}.tar.gz \
> > >>             file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \
> > >> -           file://0001-M2Crypto-Error-fix.patch"
> > >> +           file://0001-M2Crypto-Error-fix.patch \
> > >> +           file://dont_try_build_with_SSLv2_when_it_is_not_available.patch"
> > >>
> > >>  SRC_URI[md5sum] = "f93d8462ff7646397a9f77a2fe602d17"
> > >>  SRC_URI[sha256sum] = "25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a"
> > >> @@ -19,6 +20,7 @@ inherit setuptools
> > >>
> > >>  SWIG_FEATURES_x86-64 = "-D__x86_64__"
> > >>  SWIG_FEATURES ?= ""
> > >> +SWIG_FEATURES += "-DOPENSSL_NO_SSL2"
> > >>  export SWIG_FEATURES
> > >>
> > >>  # Get around a problem with swig, but only if the
> > >> --
> > >> 2.3.5
> > >>
> > >> --
> > >> _______________________________________________
> > >> Openembedded-devel mailing list
> > >> Openembedded-devel at lists.openembedded.org
> > >> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
> > >
> > --
> > _______________________________________________
> > Openembedded-devel mailing list
> > Openembedded-devel at lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-devel

-- 
Martin 'JaMa' Jansa     jabber: Martin.Jansa at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://lists.openembedded.org/pipermail/openembedded-devel/attachments/20160317/fc8df707/attachment-0002.sig>

More information about the Openembedded-devel mailing list