[arch-commits] Commit in pypy3/trunk (PKGBUILD disable-sslv3.patch)

Thu Mar 3 17:15:39 UTC 2016

Date: Thursday, March 3, 2016 @ 18:15:38
  Author: heftig
Revision: 164525

Disable SSLv3

Added:
  pypy3/trunk/disable-sslv3.patch
Modified:
  pypy3/trunk/PKGBUILD

---------------------+
 PKGBUILD            |    3 +++
 disable-sslv3.patch |   32 ++++++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+)

Modified: PKGBUILD
===================================================================

--- PKGBUILD	2016-03-03 17:12:48 UTC (rev 164524)
+++ PKGBUILD	2016-03-03 17:15:38 UTC (rev 164525)
@@ -19,12 +19,15 @@
 license=('custom:MIT')
 #source=("hg+https://bitbucket.org/pypy/pypy#revision=$_hgrev")
 source=("https://bitbucket.org/pypy/pypy/downloads/$pkgname-$_pkgver-src.tar.bz2"
+        "disable-sslv3.patch"
         "trackgcroot-new-ops.patch")
 md5sums=('96ba72916114d16904e12562b5d84e51'
+         '383f6220bb64a963a6c071a62d110ec7'
          '3294fd2919c3372615b59c5f82552f64')
 
 prepare() {
   cd ${pkgname}-${_pkgver}-src
+  patch -Np1 -i ../disable-sslv3.patch
   patch -Np1 -i ../trackgcroot-new-ops.patch
 
   # Hacky fix to allow the curses module to build on x86_64; otherwise we get:

Added: disable-sslv3.patch
===================================================================
--- disable-sslv3.patch	                        (rev 0)
+++ disable-sslv3.patch	2016-03-03 17:15:38 UTC (rev 164525)
@@ -0,0 +1,32 @@
+diff -u -r pypy3-2.4.0-src/pypy/module/_ssl/interp_ssl.py pypy3-2.4.0-src-nossl3/pypy/module/_ssl/interp_ssl.py
+--- pypy3-2.4.0-src/pypy/module/_ssl/interp_ssl.py	2014-10-17 22:09:50.000000000 +0200
++++ pypy3-2.4.0-src-nossl3/pypy/module/_ssl/interp_ssl.py	2016-03-03 18:09:29.810745956 +0100
+@@ -95,7 +95,7 @@
+     def __init__(self, space, protocol):
+         if protocol == PY_SSL_VERSION_TLS1:
+             method = libssl_TLSv1_method()
+-        elif protocol == PY_SSL_VERSION_SSL3:
++        elif protocol == PY_SSL_VERSION_SSL3 and not OPENSSL_NO_SSL3:
+             method = libssl_SSLv3_method()
+         elif protocol == PY_SSL_VERSION_SSL2 and not OPENSSL_NO_SSL2:
+             method = libssl_SSLv2_method()
+@@ -110,6 +110,8 @@
+         options = SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+         if protocol != PY_SSL_VERSION_SSL2:
+             options |= SSL_OP_NO_SSLv2
++        if protocol != PY_SSL_VERSION_SSL3:
++            options |= SSL_OP_NO_SSLv3
+         libssl_SSL_CTX_set_options(self.ctx, options)
+         libssl_SSL_CTX_set_session_id_context(self.ctx, "Python", len("Python"))
+ 
+diff -u -r pypy3-2.4.0-src/rpython/rlib/ropenssl.py pypy3-2.4.0-src-nossl3/rpython/rlib/ropenssl.py
+--- pypy3-2.4.0-src/rpython/rlib/ropenssl.py	2014-10-17 22:09:50.000000000 +0200
++++ pypy3-2.4.0-src-nossl3/rpython/rlib/ropenssl.py	2016-03-03 18:07:59.587706148 +0100
+@@ -69,6 +69,7 @@
+     SSLEAY_VERSION = rffi_platform.DefinedConstantString(
+         "SSLEAY_VERSION", "SSLeay_version(SSLEAY_VERSION)")
+     OPENSSL_NO_SSL2 = rffi_platform.Defined("OPENSSL_NO_SSL2")
++    OPENSSL_NO_SSL3 = rffi_platform.Defined("OPENSSL_NO_SSL3")
+     SSL_FILETYPE_PEM = rffi_platform.ConstantInteger("SSL_FILETYPE_PEM")
+     SSL_OP_ALL = rffi_platform.ConstantInteger("SSL_OP_ALL")
+     SSL_OP_NO_SSLv2 = rffi_platform.ConstantInteger("SSL_OP_NO_SSLv2")

