diff --git a/srcpkgs/python3/patches/libressl-2.6.patch b/srcpkgs/python3/patches/libressl-2.6.patch index b2658dc01e..92dcf1ef06 100644 --- a/srcpkgs/python3/patches/libressl-2.6.patch +++ b/srcpkgs/python3/patches/libressl-2.6.patch @@ -24,24 +24,3 @@ https://github.com/python/cpython/pull/4930 @unittest.skipUnless(ssl.HAS_NPN, "NPN support needed for this test") def test_npn_protocols(self): server_protocols = ['http/1.1', 'spdy/2'] ---- Tools/ssl/multissltests.py.orig -+++ Tools/ssl/multissltests.py -@@ -47,7 +47,7 @@ - - OPENSSL_RECENT_VERSIONS = [ - "1.0.2", -- "1.0.2m", -+ "1.0.2n", - "1.1.0g", - ] - -@@ -57,8 +57,8 @@ - ] - - LIBRESSL_RECENT_VERSIONS = [ -- "2.5.3", - "2.5.5", -+ "2.6.4", - ] - - # store files in ../multissl diff --git a/srcpkgs/python3/patches/libressl-2.7.patch b/srcpkgs/python3/patches/libressl-2.7.patch new file mode 100644 index 0000000000..f4732e1f79 --- /dev/null +++ b/srcpkgs/python3/patches/libressl-2.7.patch @@ -0,0 +1,75 @@ +Based on https://github.com/python/cpython/pull/6210. + +--- Lib/test/test_ssl.py.orig ++++ Lib/test/test_ssl.py +@@ -1687,6 +1687,7 @@ def test_get_ca_certs_capath(self): + self.assertEqual(len(ctx.get_ca_certs()), 1) + + @needs_sni ++ @unittest.skipUnless(hasattr(ssl, "PROTOCOL_TLSv1_2"), "needs TLS 1.2") + def test_context_setget(self): + # Check that the context of a connected socket can be replaced. + ctx1 = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) +--- Modules/_ssl.c.orig ++++ Modules/_ssl.c +@@ -106,6 +106,12 @@ struct py_ssl_library_code { + + #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) + # define OPENSSL_VERSION_1_1 1 ++# define PY_OPENSSL_1_1_API 1 ++#endif ++ ++/* LibreSSL 2.7.0 provides necessary OpenSSL 1.1.0 APIs */ ++#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL ++# define PY_OPENSSL_1_1_API 1 + #endif + + /* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1 +@@ -152,16 +158,18 @@ struct py_ssl_library_code { + #define INVALID_SOCKET (-1) + #endif + +-#ifdef OPENSSL_VERSION_1_1 +-/* OpenSSL 1.1.0+ */ +-#ifndef OPENSSL_NO_SSL2 +-#define OPENSSL_NO_SSL2 +-#endif +-#else /* OpenSSL < 1.1.0 */ +-#if defined(WITH_THREAD) ++/* OpenSSL 1.0.2 and LibreSSL needs extra code for locking */ ++#if !defined(OPENSSL_VERSION_1_1) && defined(WITH_THREAD) + #define HAVE_OPENSSL_CRYPTO_LOCK + #endif + ++#if defined(OPENSSL_VERSION_1_1) && !defined(OPENSSL_NO_SSL2) ++#define OPENSSL_NO_SSL2 ++#endif ++ ++#ifndef PY_OPENSSL_1_1_API ++/* OpenSSL 1.1 API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7.0 */ ++ + #define TLS_method SSLv23_method + #define TLS_client_method SSLv23_client_method + #define TLS_server_method SSLv23_server_method +@@ -227,7 +235,7 @@ SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s) + return s->tlsext_tick_lifetime_hint; + } + +-#endif /* OpenSSL < 1.1.0 or LibreSSL */ ++#endif /* OpenSSL < 1.1.0 or LibreSSL < 2.7.0 */ + + + enum py_ssl_error { +--- Tools/ssl/multissltests.py.orig ++++ Tools/ssl/multissltests.py +@@ -57,8 +57,9 @@ + ] + + LIBRESSL_RECENT_VERSIONS = [ +- "2.5.3", + "2.5.5", ++ "2.6.4", ++ "2.7.1", + ] + + # store files in ../multissl diff --git a/srcpkgs/python3/template b/srcpkgs/python3/template index 27be37857c..be1b3c6d82 100644 --- a/srcpkgs/python3/template +++ b/srcpkgs/python3/template @@ -4,7 +4,7 @@ # pkgname=python3 version=3.6.5 -revision=3 +revision=4 wrksrc="Python-${version}" short_desc="Interpreted, interactive, object-oriented programming language (${version%.*} series)" maintainer="Juan RP "