diff --git a/component/python-2.7/buildout.cfg b/component/python-2.7/buildout.cfg index b0743db365bf4afe497f24c69205839e778c4707..29958b966ea70afb34b0321f23c517178ee344f9 100644 --- a/component/python-2.7/buildout.cfg +++ b/component/python-2.7/buildout.cfg @@ -27,9 +27,9 @@ python = python2.7 [python2.7] recipe = slapos.recipe.cmmi -package_version = 2.7.8 +package_version = 2.7.9 package_version_suffix = -md5sum = d235bdfa75b8396942e360a70487ee00 +md5sum = 38d530f7efc373d64a8fb1637e3baaa7 # This is actually the default setting for prefix, but we can't use it in # other settings in this part if we don't set it explicitly here. @@ -39,8 +39,6 @@ executable = ${:prefix}/bin/python${:version} patch-options = -p1 patches = - ${:_profile_base_location_}/tls_sni.patch#c95af105e6e96aaa58a50137595872a0 - ${:_profile_base_location_}/tls_sni_httplib.patch#5c9d00d23b85169df792a936a056cbcc ${:_profile_base_location_}/fix_compiler_module_issue_20613.patch#94443a77f903e9de880a029967fa6aa7 url = http://python.org/ftp/python/${:package_version}/Python-${:package_version}${:package_version_suffix}.tar.xz diff --git a/component/python-2.7/tls_sni.patch b/component/python-2.7/tls_sni.patch deleted file mode 100644 index 04f5a3fc3f14b0fd360e073565ffe8bce50d4034..0000000000000000000000000000000000000000 --- a/component/python-2.7/tls_sni.patch +++ /dev/null @@ -1,117 +0,0 @@ -Description: Support TLS SNI extension in ssl module -Author: markk -Bug-Python: http://bugs.python.org/issue5639 - ---- a/Lib/ssl.py -+++ b/Lib/ssl.py -@@ -202,6 +202,7 @@ - def __init__(self, sock, keyfile=None, certfile=None, - server_side=False, cert_reqs=CERT_NONE, - ssl_version=PROTOCOL_SSLv23, ca_certs=None, -+ server_hostname=None, - do_handshake_on_connect=True, - suppress_ragged_eofs=True, ciphers=None): - # Can't use sock.type as other flags (such as SOCK_NONBLOCK) get -@@ -238,6 +239,7 @@ - self._sslobj = _ssl.sslwrap(self._sock, server_side, - keyfile, certfile, - cert_reqs, ssl_version, ca_certs, -+ server_hostname, - ciphers) - if do_handshake_on_connect: - self.do_handshake() -@@ -246,6 +248,7 @@ - self.cert_reqs = cert_reqs - self.ssl_version = ssl_version - self.ca_certs = ca_certs -+ self.server_hostname = server_hostname - self.ciphers = ciphers - self.do_handshake_on_connect = do_handshake_on_connect - self.suppress_ragged_eofs = suppress_ragged_eofs -@@ -411,7 +414,7 @@ - raise ValueError("attempt to connect already-connected SSLSocket!") - self._sslobj = _ssl.sslwrap(self._sock, False, self.keyfile, self.certfile, - self.cert_reqs, self.ssl_version, -- self.ca_certs, self.ciphers) -+ self.ca_certs, self.server_hostname, self.ciphers) - try: - if return_errno: - rc = socket.connect_ex(self, addr) -@@ -452,6 +455,7 @@ - cert_reqs=self.cert_reqs, - ssl_version=self.ssl_version, - ca_certs=self.ca_certs, -+ server_hostname=None, - ciphers=self.ciphers, - do_handshake_on_connect=self.do_handshake_on_connect, - suppress_ragged_eofs=self.suppress_ragged_eofs), -@@ -566,7 +570,7 @@ - sock = sock._sock - - ssl_sock = _ssl.sslwrap(sock, 0, keyfile, certfile, CERT_NONE, -- PROTOCOL_SSLv23, None) -+ PROTOCOL_SSLv23, None, None, None) - try: - sock.getpeername() - except socket_error: ---- a/Modules/_ssl.c -+++ b/Modules/_ssl.c -@@ -267,7 +267,7 @@ - enum py_ssl_server_or_client socket_type, - enum py_ssl_cert_requirements certreq, - enum py_ssl_version proto_version, -- char *cacerts_file, char *ciphers) -+ char *cacerts_file, char *server_hostname, char *ciphers) - { - PySSLObject *self; - char *errstr = NULL; -@@ -389,6 +389,14 @@ - - PySSL_BEGIN_ALLOW_THREADS - self->ssl = SSL_new(self->ctx); /* New ssl struct */ -+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) -+ /* If SNI isn't supported, we just don't call it and fail silently, -+ * as there's not much else we can do. -+ */ -+ if ((socket_type == PY_SSL_CLIENT) && -+ (proto_version != PY_SSL_VERSION_SSL2) && server_hostname) -+ SSL_set_tlsext_host_name(self->ssl, server_hostname); -+#endif - PySSL_END_ALLOW_THREADS - SSL_set_fd(self->ssl, Sock->sock_fd); /* Set the socket for SSL */ - #ifdef SSL_MODE_AUTO_RETRY -@@ -431,15 +439,16 @@ - char *key_file = NULL; - char *cert_file = NULL; - char *cacerts_file = NULL; -+ char *server_hostname = NULL; - char *ciphers = NULL; - -- if (!PyArg_ParseTuple(args, "O!i|zziizz:sslwrap", -+ if (!PyArg_ParseTuple(args, "O!i|zziizzz:sslwrap", - PySocketModule.Sock_Type, - &Sock, - &server_side, - &key_file, &cert_file, - &verification_mode, &protocol, -- &cacerts_file, &ciphers)) -+ &cacerts_file, &server_hostname, &ciphers)) - return NULL; - - /* -@@ -452,13 +461,13 @@ - - return (PyObject *) newPySSLObject(Sock, key_file, cert_file, - server_side, verification_mode, -- protocol, cacerts_file, -+ protocol, cacerts_file, server_hostname, - ciphers); - } - - PyDoc_STRVAR(ssl_doc, - "sslwrap(socket, server_side, [keyfile, certfile, certs_mode, protocol,\n" --" cacertsfile, ciphers]) -> sslobject"); -+" cacertsfile, ciphers, server_hostname]) -> sslobject"); - - /* SSL object methods */ - diff --git a/component/python-2.7/tls_sni_httplib.patch b/component/python-2.7/tls_sni_httplib.patch deleted file mode 100644 index 260f32850716783936c29e8dbf236746b4cd540f..0000000000000000000000000000000000000000 --- a/component/python-2.7/tls_sni_httplib.patch +++ /dev/null @@ -1,39 +0,0 @@ -Author: Arnaud Fontaine <arnaud.fontaine@nexedi.com> -Description: Enable TLS SNI support for httplib - ---- a/Lib/httplib.py 2014-07-31 14:50:21.178088529 +0900 -+++ b/Lib/httplib.py 2014-07-31 20:11:09.279081382 +0900 -@@ -1195,7 +1195,12 @@ - if self._tunnel_host: - self.sock = sock - self._tunnel() -- self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file) -+ server_hostname = self._tunnel_host -+ else: -+ server_hostname = self.host -+ -+ self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file, -+ server_hostname=server_hostname) - - __all__.append("HTTPSConnection") - ---- a/Lib/ssl.py 2014-07-31 19:33:21.911968158 +0900 -+++ b/Lib/ssl.py 2014-07-31 19:33:57.428391985 +0900 -@@ -481,14 +481,15 @@ - server_side=False, cert_reqs=CERT_NONE, - ssl_version=PROTOCOL_SSLv23, ca_certs=None, - do_handshake_on_connect=True, -- suppress_ragged_eofs=True, ciphers=None): -+ suppress_ragged_eofs=True, ciphers=None, -+ server_hostname=None): - - return SSLSocket(sock, keyfile=keyfile, certfile=certfile, - server_side=server_side, cert_reqs=cert_reqs, - ssl_version=ssl_version, ca_certs=ca_certs, - do_handshake_on_connect=do_handshake_on_connect, - suppress_ragged_eofs=suppress_ragged_eofs, -- ciphers=ciphers) -+ ciphers=ciphers, server_hostname=server_hostname) - - - # some utility functions