diff options
Diffstat (limited to 'extra/python')
| -rwxr-xr-x | extra/python/build | 5 | ||||
| -rw-r--r-- | extra/python/checksums | 6 | ||||
| -rw-r--r-- | extra/python/depends | 2 | ||||
| -rw-r--r-- | extra/python/meta | 3 | ||||
| -rw-r--r-- | extra/python/patches/libressl-support.patch | 387 | ||||
| -rw-r--r-- | extra/python/patches/python3-always-pip.patch | 10 | ||||
| -rw-r--r-- | extra/python/sources | 3 | ||||
| -rw-r--r-- | extra/python/version | 2 |
8 files changed, 406 insertions, 12 deletions
diff --git a/extra/python/build b/extra/python/build index ba2b93bf..fd13febb 100755 --- a/extra/python/build +++ b/extra/python/build @@ -1,6 +1,8 @@ #!/bin/sh -e -patch -p1 < python3-always-pip.patch +for patch in *.patch; do + patch -p1 < "$patch" +done ./configure \ --prefix=/usr \ @@ -8,6 +10,7 @@ patch -p1 < python3-always-pip.patch --enable-static \ --with-system-expat \ --with-system-ffi \ + --with-ssl-default-suites='TLSv1.3:TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE' \ --with-ensurepip=yes make diff --git a/extra/python/checksums b/extra/python/checksums index b1d6dc36..25ad57b3 100644 --- a/extra/python/checksums +++ b/extra/python/checksums @@ -1,2 +1,4 @@ -3c2034c54f811448f516668dce09d24008a0716c3a794dd8639b5388cbde247d Python-3.9.2.tar.xz -1e3dd58370fa3f5c9454f72479565e5282d16defdeec43c88e9a4dd233e00c1b python3-always-pip.patch +%BLAKE3 +6b8e76b8d649e188539ea36c72bb4322b868ae534bc8b7c48352827bb75ba3e6 Python-3.11.5.tar.xz +3d764f2f6c4d40261a96617a6fa23456a7db841a919ed2589d15746b7ef26314 python3-always-pip.patch +297f33579bcdbc530a1cd18040906d2ae26eef3c18e81d2cc0b557549a188242 libressl-support.patch diff --git a/extra/python/depends b/extra/python/depends index 87a1a560..7c374cb7 100644 --- a/extra/python/depends +++ b/extra/python/depends @@ -1,6 +1,6 @@ bzip2 expat -libffi +libffi make libressl sqlite zlib diff --git a/extra/python/meta b/extra/python/meta new file mode 100644 index 00000000..1d51b671 --- /dev/null +++ b/extra/python/meta @@ -0,0 +1,3 @@ +description: Python programming language +license: Python-2.0 +maintainer: Cem Keylan <cem@carbslinux.org> diff --git a/extra/python/patches/libressl-support.patch b/extra/python/patches/libressl-support.patch new file mode 100644 index 00000000..0a7461aa --- /dev/null +++ b/extra/python/patches/libressl-support.patch @@ -0,0 +1,387 @@ +diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c +index cb8460ab2f..2c245262f3 100644 +--- a/Modules/_hashopenssl.c ++++ b/Modules/_hashopenssl.c +@@ -45,10 +45,12 @@ + + #define MUNCH_SIZE INT_MAX + ++#ifndef LIBRESSL_VERSION_NUMBER + #define PY_OPENSSL_HAS_SCRYPT 1 + #define PY_OPENSSL_HAS_SHA3 1 + #define PY_OPENSSL_HAS_SHAKE 1 + #define PY_OPENSSL_HAS_BLAKE2 1 ++#endif + + #if OPENSSL_VERSION_NUMBER >= 0x30000000L + #define PY_EVP_MD EVP_MD +@@ -1884,6 +1886,7 @@ hashlib_md_meth_names(PyObject *module) + return 0; + } + ++#ifndef LIBRESSL_VERSION_NUMBER + /*[clinic input] + _hashlib.get_fips_mode -> int + +@@ -1921,6 +1924,7 @@ _hashlib_get_fips_mode_impl(PyObject *module) + return result; + #endif + } ++#endif + + + static int +diff --git a/Modules/_ssl.c b/Modules/_ssl.c +index 6c63301b2a..d8a70d5511 100644 +--- a/Modules/_ssl.c ++++ b/Modules/_ssl.c +@@ -291,8 +291,10 @@ typedef struct { + int post_handshake_auth; + #endif + PyObject *msg_cb; ++#ifndef LIBRESSL_VERSION_NUMBER + PyObject *keylog_filename; + BIO *keylog_bio; ++#endif + /* Cached module state, also used in SSLSocket and SSLSession code. */ + _sslmodulestate *state; + } PySSLContext; +@@ -1829,6 +1831,7 @@ _ssl__SSLSocket_getpeercert_impl(PySSLSocket *self, int binary_mode) + return result; + } + ++#ifndef LIBRESSL_VERSION_NUMBER + /*[clinic input] + _ssl._SSLSocket.get_verified_chain + +@@ -1892,6 +1895,7 @@ _ssl__SSLSocket_get_unverified_chain_impl(PySSLSocket *self) + } + return retval; + } ++#endif + + static PyObject * + cipher_to_tuple(const SSL_CIPHER *cipher) +@@ -2298,8 +2302,7 @@ static PyObject * + _ssl__SSLSocket_write_impl(PySSLSocket *self, Py_buffer *b) + /*[clinic end generated code: output=aa7a6be5527358d8 input=77262d994fe5100a]*/ + { +- size_t count = 0; +- int retval; ++ int len; + int sockstate; + _PySSLError err; + int nonblocking; +@@ -2317,6 +2320,12 @@ _ssl__SSLSocket_write_impl(PySSLSocket *self, Py_buffer *b) + Py_INCREF(sock); + } + ++ if (b->len > INT_MAX) { ++ PyErr_Format(PyExc_OverflowError, ++ "string longer than %d bytes", INT_MAX); ++ goto error; ++ } ++ + if (sock != NULL) { + /* just in case the blocking state of the socket has been changed */ + nonblocking = (sock->sock_timeout >= 0); +@@ -2346,8 +2355,8 @@ _ssl__SSLSocket_write_impl(PySSLSocket *self, Py_buffer *b) + + do { + PySSL_BEGIN_ALLOW_THREADS +- retval = SSL_write_ex(self->ssl, b->buf, (size_t)b->len, &count); +- err = _PySSL_errno(retval == 0, self->ssl, retval); ++ len = SSL_write(self->ssl, b->buf, (int)b->len); ++ err = _PySSL_errno(len <= 0, self->ssl, len); + PySSL_END_ALLOW_THREADS + self->err = err; + +@@ -2380,11 +2389,11 @@ _ssl__SSLSocket_write_impl(PySSLSocket *self, Py_buffer *b) + err.ssl == SSL_ERROR_WANT_WRITE); + + Py_XDECREF(sock); +- if (retval == 0) +- return PySSL_SetError(self, retval, __FILE__, __LINE__); ++ if (len <= 0) ++ return PySSL_SetError(self, len, __FILE__, __LINE__); + if (PySSL_ChainExceptions(self) < 0) + return NULL; +- return PyLong_FromSize_t(count); ++ return PyLong_FromLong(len); + error: + Py_XDECREF(sock); + PySSL_ChainExceptions(self); +@@ -2418,7 +2427,7 @@ _ssl__SSLSocket_pending_impl(PySSLSocket *self) + + /*[clinic input] + _ssl._SSLSocket.read +- size as len: Py_ssize_t ++ size as len: int + [ + buffer: Py_buffer(accept={rwbuffer}) + ] +@@ -2428,14 +2437,13 @@ Read up to size bytes from the SSL socket. + [clinic start generated code]*/ + + static PyObject * +-_ssl__SSLSocket_read_impl(PySSLSocket *self, Py_ssize_t len, +- int group_right_1, Py_buffer *buffer) +-/*[clinic end generated code: output=49b16e6406023734 input=ec48bf622be1c4a1]*/ ++_ssl__SSLSocket_read_impl(PySSLSocket *self, int len, int group_right_1, ++ Py_buffer *buffer) ++/*[clinic end generated code: output=00097776cec2a0af input=ff157eb918d0905b]*/ + { + PyObject *dest = NULL; + char *mem; +- size_t count = 0; +- int retval; ++ int count; + int sockstate; + _PySSLError err; + int nonblocking; +@@ -2498,8 +2506,8 @@ _ssl__SSLSocket_read_impl(PySSLSocket *self, Py_ssize_t len, + + do { + PySSL_BEGIN_ALLOW_THREADS +- retval = SSL_read_ex(self->ssl, mem, (size_t)len, &count); +- err = _PySSL_errno(retval == 0, self->ssl, retval); ++ count = SSL_read(self->ssl, mem, len); ++ err = _PySSL_errno(count <= 0, self->ssl, count); + PySSL_END_ALLOW_THREADS + self->err = err; + +@@ -2532,8 +2540,8 @@ _ssl__SSLSocket_read_impl(PySSLSocket *self, Py_ssize_t len, + } while (err.ssl == SSL_ERROR_WANT_READ || + err.ssl == SSL_ERROR_WANT_WRITE); + +- if (retval == 0) { +- PySSL_SetError(self, retval, __FILE__, __LINE__); ++ if (count <= 0) { ++ PySSL_SetError(self, count, __FILE__, __LINE__); + goto error; + } + if (self->exc_type != NULL) +@@ -2546,7 +2554,7 @@ _ssl__SSLSocket_read_impl(PySSLSocket *self, Py_ssize_t len, + return dest; + } + else { +- return PyLong_FromSize_t(count); ++ return PyLong_FromLong(count); + } + + error: +@@ -3062,8 +3070,10 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version) + self->hostflags = X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS; + self->protocol = proto_version; + self->msg_cb = NULL; ++#ifndef LIBRESSL_VERSION_NUMBER + self->keylog_filename = NULL; + self->keylog_bio = NULL; ++#endif + self->alpn_protocols = NULL; + self->set_sni_cb = NULL; + self->state = get_ssl_state(module); +@@ -3187,6 +3197,7 @@ context_clear(PySSLContext *self) + { + Py_CLEAR(self->set_sni_cb); + Py_CLEAR(self->msg_cb); ++#ifndef LIBRESSL_VERSION_NUMBER + Py_CLEAR(self->keylog_filename); + if (self->keylog_bio != NULL) { + PySSL_BEGIN_ALLOW_THREADS +@@ -3194,6 +3205,7 @@ context_clear(PySSLContext *self) + PySSL_END_ALLOW_THREADS + self->keylog_bio = NULL; + } ++#endif + return 0; + } + +@@ -3535,7 +3547,7 @@ set_maximum_version(PySSLContext *self, PyObject *arg, void *c) + return set_min_max_proto_version(self, arg, 1); + } + +-#ifdef TLS1_3_VERSION ++#if defined(TLS1_3_VERSION) && !defined(LIBRESSL_VERSION_NUMBER) + static PyObject * + get_num_tickets(PySSLContext *self, void *c) + { +@@ -3568,12 +3580,14 @@ PyDoc_STRVAR(PySSLContext_num_tickets_doc, + "Control the number of TLSv1.3 session tickets"); + #endif /* TLS1_3_VERSION */ + ++#ifndef LIBRESSL_VERSION_NUMBER + static PyObject * + get_security_level(PySSLContext *self, void *c) + { + return PyLong_FromLong(SSL_CTX_get_security_level(self->ctx)); + } + PyDoc_STRVAR(PySSLContext_security_level_doc, "The current security level"); ++#endif + + static PyObject * + get_options(PySSLContext *self, void *c) +@@ -4603,13 +4617,15 @@ static PyGetSetDef context_getsetlist[] = { + (setter) set_minimum_version, NULL}, + {"maximum_version", (getter) get_maximum_version, + (setter) set_maximum_version, NULL}, ++#ifndef LIBRESSL_VERSION_NUMBER + {"keylog_filename", (getter) _PySSLContext_get_keylog_filename, + (setter) _PySSLContext_set_keylog_filename, NULL}, ++#endif + {"_msg_callback", (getter) _PySSLContext_get_msg_callback, + (setter) _PySSLContext_set_msg_callback, NULL}, + {"sni_callback", (getter) get_sni_callback, + (setter) set_sni_callback, PySSLContext_sni_callback_doc}, +-#ifdef TLS1_3_VERSION ++#if defined(TLS1_3_VERSION) && !defined(LIBRESSL_VERSION_NUMBER) + {"num_tickets", (getter) get_num_tickets, + (setter) set_num_tickets, PySSLContext_num_tickets_doc}, + #endif +@@ -4628,8 +4644,10 @@ static PyGetSetDef context_getsetlist[] = { + (setter) set_verify_flags, NULL}, + {"verify_mode", (getter) get_verify_mode, + (setter) set_verify_mode, NULL}, ++#ifndef LIBRESSL_VERSION_NUMBER + {"security_level", (getter) get_security_level, + NULL, PySSLContext_security_level_doc}, ++#endif + {NULL}, /* sentinel */ + }; + +diff --git a/Modules/_ssl/debughelpers.c b/Modules/_ssl/debughelpers.c +index 03c125eb44..d992c5bc02 100644 +--- a/Modules/_ssl/debughelpers.c ++++ b/Modules/_ssl/debughelpers.c +@@ -114,6 +114,8 @@ _PySSLContext_set_msg_callback(PySSLContext *self, PyObject *arg, void *c) { + return 0; + } + ++#ifndef LIBRESSL_VERSION_NUMBER ++ + static void + _PySSL_keylog_callback(const SSL *ssl, const char *line) + { +@@ -217,3 +219,5 @@ _PySSLContext_set_keylog_filename(PySSLContext *self, PyObject *arg, void *c) { + SSL_CTX_set_keylog_callback(self->ctx, _PySSL_keylog_callback); + return 0; + } ++ ++#endif +diff --git a/Modules/clinic/_hashopenssl.c.h b/Modules/clinic/_hashopenssl.c.h +index de01489e6a..c686eddea8 100644 +--- a/Modules/clinic/_hashopenssl.c.h ++++ b/Modules/clinic/_hashopenssl.c.h +@@ -1275,6 +1275,8 @@ _hashlib_HMAC_hexdigest(HMACobject *self, PyObject *Py_UNUSED(ignored)) + return _hashlib_HMAC_hexdigest_impl(self); + } + ++#if !defined(LIBRESSL_VERSION_NUMBER) ++ + PyDoc_STRVAR(_hashlib_get_fips_mode__doc__, + "get_fips_mode($module, /)\n" + "--\n" +@@ -1310,6 +1312,8 @@ _hashlib_get_fips_mode(PyObject *module, PyObject *Py_UNUSED(ignored)) + return return_value; + } + ++#endif /* !defined(LIBRESSL_VERSION_NUMBER) */ ++ + PyDoc_STRVAR(_hashlib_compare_digest__doc__, + "compare_digest($module, a, b, /)\n" + "--\n" +@@ -1385,4 +1389,8 @@ _hashlib_compare_digest(PyObject *module, PyObject *const *args, Py_ssize_t narg + #ifndef _HASHLIB_SCRYPT_METHODDEF + #define _HASHLIB_SCRYPT_METHODDEF + #endif /* !defined(_HASHLIB_SCRYPT_METHODDEF) */ +-/*[clinic end generated code: output=162369cb9d43f1cc input=a9049054013a1b77]*/ ++ ++#ifndef _HASHLIB_GET_FIPS_MODE_METHODDEF ++ #define _HASHLIB_GET_FIPS_MODE_METHODDEF ++#endif /* !defined(_HASHLIB_GET_FIPS_MODE_METHODDEF) */ ++/*[clinic end generated code: output=a110f274fb33395d input=a9049054013a1b77]*/ +diff --git a/Modules/clinic/_ssl.c.h b/Modules/clinic/_ssl.c.h +index b59b129af8..f6bcd09e03 100644 +--- a/Modules/clinic/_ssl.c.h ++++ b/Modules/clinic/_ssl.c.h +@@ -88,6 +88,8 @@ _ssl__SSLSocket_getpeercert(PySSLSocket *self, PyObject *const *args, Py_ssize_t + return return_value; + } + ++#if !defined(LIBRESSL_VERSION_NUMBER) ++ + PyDoc_STRVAR(_ssl__SSLSocket_get_verified_chain__doc__, + "get_verified_chain($self, /)\n" + "--\n" +@@ -105,6 +107,10 @@ _ssl__SSLSocket_get_verified_chain(PySSLSocket *self, PyObject *Py_UNUSED(ignore + return _ssl__SSLSocket_get_verified_chain_impl(self); + } + ++#endif /* !defined(LIBRESSL_VERSION_NUMBER) */ ++ ++#if !defined(LIBRESSL_VERSION_NUMBER) ++ + PyDoc_STRVAR(_ssl__SSLSocket_get_unverified_chain__doc__, + "get_unverified_chain($self, /)\n" + "--\n" +@@ -122,6 +128,8 @@ _ssl__SSLSocket_get_unverified_chain(PySSLSocket *self, PyObject *Py_UNUSED(igno + return _ssl__SSLSocket_get_unverified_chain_impl(self); + } + ++#endif /* !defined(LIBRESSL_VERSION_NUMBER) */ ++ + PyDoc_STRVAR(_ssl__SSLSocket_shared_ciphers__doc__, + "shared_ciphers($self, /)\n" + "--\n" +@@ -271,25 +279,25 @@ PyDoc_STRVAR(_ssl__SSLSocket_read__doc__, + {"read", (PyCFunction)_ssl__SSLSocket_read, METH_VARARGS, _ssl__SSLSocket_read__doc__}, + + static PyObject * +-_ssl__SSLSocket_read_impl(PySSLSocket *self, Py_ssize_t len, +- int group_right_1, Py_buffer *buffer); ++_ssl__SSLSocket_read_impl(PySSLSocket *self, int len, int group_right_1, ++ Py_buffer *buffer); + + static PyObject * + _ssl__SSLSocket_read(PySSLSocket *self, PyObject *args) + { + PyObject *return_value = NULL; +- Py_ssize_t len; ++ int len; + int group_right_1 = 0; + Py_buffer buffer = {NULL, NULL}; + + switch (PyTuple_GET_SIZE(args)) { + case 1: +- if (!PyArg_ParseTuple(args, "n:read", &len)) { ++ if (!PyArg_ParseTuple(args, "i:read", &len)) { + goto exit; + } + break; + case 2: +- if (!PyArg_ParseTuple(args, "nw*:read", &len, &buffer)) { ++ if (!PyArg_ParseTuple(args, "iw*:read", &len, &buffer)) { + goto exit; + } + group_right_1 = 1; +@@ -1351,6 +1359,14 @@ _ssl_enum_crls(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObje + + #endif /* defined(_MSC_VER) */ + ++#ifndef _SSL__SSLSOCKET_GET_VERIFIED_CHAIN_METHODDEF ++ #define _SSL__SSLSOCKET_GET_VERIFIED_CHAIN_METHODDEF ++#endif /* !defined(_SSL__SSLSOCKET_GET_VERIFIED_CHAIN_METHODDEF) */ ++ ++#ifndef _SSL__SSLSOCKET_GET_UNVERIFIED_CHAIN_METHODDEF ++ #define _SSL__SSLSOCKET_GET_UNVERIFIED_CHAIN_METHODDEF ++#endif /* !defined(_SSL__SSLSOCKET_GET_UNVERIFIED_CHAIN_METHODDEF) */ ++ + #ifndef _SSL_ENUM_CERTIFICATES_METHODDEF + #define _SSL_ENUM_CERTIFICATES_METHODDEF + #endif /* !defined(_SSL_ENUM_CERTIFICATES_METHODDEF) */ +@@ -1358,4 +1374,4 @@ _ssl_enum_crls(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObje + #ifndef _SSL_ENUM_CRLS_METHODDEF + #define _SSL_ENUM_CRLS_METHODDEF + #endif /* !defined(_SSL_ENUM_CRLS_METHODDEF) */ +-/*[clinic end generated code: output=5a7d7bf5cf8ee092 input=a9049054013a1b77]*/ ++/*[clinic end generated code: output=0e12e5e4ee2221b5 input=a9049054013a1b77]*/ diff --git a/extra/python/patches/python3-always-pip.patch b/extra/python/patches/python3-always-pip.patch index a228bd6b..5b0fe7d6 100644 --- a/extra/python/patches/python3-always-pip.patch +++ b/extra/python/patches/python3-always-pip.patch @@ -1,9 +1,7 @@ -diff --git a/Lib/ensurepip/__init__.py b/Lib/ensurepip/__init__.py -index f3152a5..52f6312 100644 ---- a/Lib/ensurepip/__init__.py -+++ b/Lib/ensurepip/__init__.py -@@ -116,7 +116,7 @@ def _bootstrap(*, root=None, upgrade=False, user=False, - additional_paths.append(os.path.join(tmpdir, wheel_name)) +--- python/Lib/ensurepip/__init__.py.orig Wed Oct 6 02:23:28 2021 ++++ python/Lib/ensurepip/__init__.py Wed Oct 6 02:23:47 2021 +@@ -180,7 +180,7 @@ + additional_paths.append(filename) # Construct the arguments to be passed to the pip command - args = ["install", "--no-cache-dir", "--no-index", "--find-links", tmpdir] diff --git a/extra/python/sources b/extra/python/sources index 4f9d6628..681036e8 100644 --- a/extra/python/sources +++ b/extra/python/sources @@ -1,2 +1,3 @@ -https://www.python.org/ftp/python/3.9.2/Python-3.9.2.tar.xz +https://www.python.org/ftp/python/3.11.5/Python-3.11.5.tar.xz patches/python3-always-pip.patch +patches/libressl-support.patch diff --git a/extra/python/version b/extra/python/version index 59a0e9a1..36c04f7c 100644 --- a/extra/python/version +++ b/extra/python/version @@ -1 +1 @@ -3.9.2 1 +3.11.5 2 |