[oe] [meta-python][master][krogoth][PATCH] python-cryptography: fix compile issue with openssl 1.0.2h

Martin Jansa martin.jansa at gmail.com
Fri May 27 13:54:36 UTC 2016 

On Sun, May 15, 2016 at 01:39:26PM -0700, Armin Kuster wrote:
> From: Armin Kuster <akuster at mvista.com>
> 
> this fixes:
> 
> error: 'SSLv2_method' redeclared as different kind of symbol
> |  SSL_METHOD* (*SSLv2_method)(void) = NULL;

Can you please create similar change for jethro?
It also has 1.0.2h now and jethro is using older
python-cryptography_0.8.1.bb so it's not just cherry-pick of this.

Thanks,

> Signed-off-by: Armin Kuster <akuster at mvista.com>
> ---
>  .../Comment_lingering_SSLv2_symbol.patch           | 24 +++++++
>  .../Remove_SSLv2_bindings.patch                    | 75 ++++++++++++++++++++++
>  .../python/python-cryptography_1.1.bb              |  4 +-
>  3 files changed, 102 insertions(+), 1 deletion(-)
>  create mode 100644 meta-python/recipes-devtools/python/python-cryptography/Comment_lingering_SSLv2_symbol.patch
>  create mode 100644 meta-python/recipes-devtools/python/python-cryptography/Remove_SSLv2_bindings.patch
> 
> diff --git a/meta-python/recipes-devtools/python/python-cryptography/Comment_lingering_SSLv2_symbol.patch b/meta-python/recipes-devtools/python/python-cryptography/Comment_lingering_SSLv2_symbol.patch
> new file mode 100644
> index 0000000..b28e7ef
> --- /dev/null
> +++ b/meta-python/recipes-devtools/python/python-cryptography/Comment_lingering_SSLv2_symbol.patch
> @@ -0,0 +1,24 @@
> +From f326e4a97cce6b9479560ce0c65ad18d54393f96 Mon Sep 17 00:00:00 2001
> +From: Cory Benfield <lukasaoz at gmail.com>
> +Date: Mon, 14 Dec 2015 15:37:46 +0000
> +Subject: [PATCH] Comment lingering SSLv2 symbol.
> +
> +---
> + src/_cffi_src/openssl/ssl.py | 4 ++++
> + 1 file changed, 4 insertions(+)
> +
> +Index: cryptography-1.1/src/_cffi_src/openssl/ssl.py
> +===================================================================
> +--- cryptography-1.1.orig/src/_cffi_src/openssl/ssl.py
> ++++ cryptography-1.1/src/_cffi_src/openssl/ssl.py
> +@@ -421,6 +421,10 @@ const long SSL_OP_LEGACY_SERVER_CONNECT
> + static const long Cryptography_HAS_SECURE_RENEGOTIATION = 1;
> + #endif
> + 
> ++/* Cryptography now compiles out all SSLv2 bindings. This exists to allow
> ++ * clients that use it to check for SSLv2 support to keep functioning as
> ++ * expected.
> ++ */
> + static const long Cryptography_HAS_SSL2 = 0;
> + 
> + #ifdef OPENSSL_NO_SSL3_METHOD
> diff --git a/meta-python/recipes-devtools/python/python-cryptography/Remove_SSLv2_bindings.patch b/meta-python/recipes-devtools/python/python-cryptography/Remove_SSLv2_bindings.patch
> new file mode 100644
> index 0000000..8522325
> --- /dev/null
> +++ b/meta-python/recipes-devtools/python/python-cryptography/Remove_SSLv2_bindings.patch
> @@ -0,0 +1,75 @@
> +From 90c6a53a885dd5c66992309e0af98ac554f1bb97 Mon Sep 17 00:00:00 2001
> +From: Cory Benfield <lukasaoz at gmail.com>
> +Date: Mon, 14 Dec 2015 08:35:20 +0000
> +Subject: [PATCH] Remove SSLv2 bindings.
> +
> +This commit removes bindings that allow users to set SSLv2 handshake
> +methods. These are regarded as unnecessary and out-of-date: see #2527.
> +This commit does leave in a few options that refer to SSLv2 in order to
> +avoid breaking deployments that rely on them, and in order to allow
> +users to continue to request that SSLv2 not be enabled at all in their
> +OpenSSL.
> +
> +Upstream-Status: Backport
> +
> +This fixes the compile issue after updating to openssl 1.0.2h
> +Signed-off-by: Armin Kuster <akuster at mvista.com>
> +
> +---
> + src/_cffi_src/openssl/ssl.py                            | 17 +----------------
> + .../hazmat/bindings/openssl/_conditional.py             |  6 ------
> + 2 files changed, 1 insertion(+), 22 deletions(-)
> +
> +Index: cryptography-1.1/src/_cffi_src/openssl/ssl.py
> +===================================================================
> +--- cryptography-1.1.orig/src/_cffi_src/openssl/ssl.py
> ++++ cryptography-1.1/src/_cffi_src/openssl/ssl.py
> +@@ -292,15 +292,6 @@ unsigned long SSL_CTX_add_extra_chain_ce
> + 
> + /*  methods */
> + 
> +-/* SSLv2 support is compiled out of some versions of OpenSSL.  These will
> +- * get special support when we generate the bindings so that if they are
> +- * available they will be wrapped, but if they are not they won't cause
> +- * problems (like link errors).
> +- */
> +-const SSL_METHOD *SSLv2_method(void);
> +-const SSL_METHOD *SSLv2_server_method(void);
> +-const SSL_METHOD *SSLv2_client_method(void);
> +-
> + /*
> +  * TLSv1_1 and TLSv1_2 are recent additions.  Only sufficiently new versions of
> +  * OpenSSL support them.
> +@@ -429,14 +420,8 @@ const long SSL_OP_LEGACY_SERVER_CONNECT
> + #else
> + static const long Cryptography_HAS_SECURE_RENEGOTIATION = 1;
> + #endif
> +-#ifdef OPENSSL_NO_SSL2
> ++
> + static const long Cryptography_HAS_SSL2 = 0;
> +-SSL_METHOD* (*SSLv2_method)(void) = NULL;
> +-SSL_METHOD* (*SSLv2_client_method)(void) = NULL;
> +-SSL_METHOD* (*SSLv2_server_method)(void) = NULL;
> +-#else
> +-static const long Cryptography_HAS_SSL2 = 1;
> +-#endif
> + 
> + #ifdef OPENSSL_NO_SSL3_METHOD
> + static const long Cryptography_HAS_SSL3_METHOD = 0;
> +Index: cryptography-1.1/src/cryptography/hazmat/bindings/openssl/_conditional.py
> +===================================================================
> +--- cryptography-1.1.orig/src/cryptography/hazmat/bindings/openssl/_conditional.py
> ++++ cryptography-1.1/src/cryptography/hazmat/bindings/openssl/_conditional.py
> +@@ -274,12 +274,6 @@ CONDITIONAL_NAMES = {
> +         "TLSv1_2_client_method",
> +     ],
> + 
> +-    "Cryptography_HAS_SSL2": [
> +-        "SSLv2_method",
> +-        "SSLv2_client_method",
> +-        "SSLv2_server_method",
> +-    ],
> +-
> +     "Cryptography_HAS_SSL3_METHOD": [
> +         "SSLv3_method",
> +         "SSLv3_client_method",
> diff --git a/meta-python/recipes-devtools/python/python-cryptography_1.1.bb b/meta-python/recipes-devtools/python/python-cryptography_1.1.bb
> index c501787..665a4cb 100644
> --- a/meta-python/recipes-devtools/python/python-cryptography_1.1.bb
> +++ b/meta-python/recipes-devtools/python/python-cryptography_1.1.bb
> @@ -5,7 +5,9 @@ DEPENDS += " python-cffi-native python-cffi python-enum34 python-six python-pyas
>  SRCNAME = "cryptography"
>  
>  SRC_URI = "file://run-ptest \
> -           file://build_fix_openssl_1.0.1g.patch"
> +           file://build_fix_openssl_1.0.1g.patch \
> +           file://Remove_SSLv2_bindings.patch \
> +           file://Comment_lingering_SSLv2_symbol.patch"
>  
>  SRC_URI[md5sum] = "dd06da41535184f48f2c8e8b74dd570f"
>  SRC_URI[sha256sum] = "059bc6428b1d0e2317f505698602642f1d8dda5b120ec573a59a430d8cb7a32d"
> -- 
> 2.3.5
> 
> -- 
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel

-- 
Martin 'JaMa' Jansa     jabber: Martin.Jansa at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://lists.openembedded.org/pipermail/openembedded-devel/attachments/20160527/f6d3e189/attachment-0002.sig>

More information about the Openembedded-devel mailing list