3 files changed, 97 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python-cryptography/Comment_lingering_SSLv2_symbol.patch b/meta-python/recipes-devtools/python/python-cryptography/Comment_lingering_SSLv2_symbol.patch
new file mode 100644
index 0000000000..c8dbee27df
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python-cryptography/Comment_lingering_SSLv2_symbol.patch
@@ -0,0 +1,25 @@
+From f326e4a97cce6b9479560ce0c65ad18d54393f96 Mon Sep 17 00:00:00 2001
+From: Cory Benfield <lukasaoz@gmail.com>
+Date: Mon, 14 Dec 2015 15:37:46 +0000
+Subject: [PATCH] Comment lingering SSLv2 symbol.
+---
+ src/_cffi_src/openssl/ssl.py | 4 ++++
+ 1 file changed, 4 insertions(+)
+Index: cryptography-0.8.1/src/cryptography/hazmat/bindings/openssl/ssl.py
+===================================================================
+--- cryptography-0.8.1.orig/src/cryptography/hazmat/bindings/openssl/ssl.py
+++ cryptography-0.8.1/src/cryptography/hazmat/bindings/openssl/ssl.py
+@@ -372,6 +372,11 @@ const long SSL_OP_LEGACY_SERVER_CONNECT
+ #else
+ static const long Cryptography_HAS_SECURE_RENEGOTIATION = 1;
+ #endif
+
+/* Cryptography now compiles out all SSLv2 bindings. This exists to allow
+ * clients that use it to check for SSLv2 support to keep functioning as
+ * expected.
+ */
+ static const long Cryptography_HAS_SSL2 = 0;
+ 
+ #ifdef OPENSSL_NO_SSL3_METHOD
diff --git a/meta-python/recipes-devtools/python/python-cryptography/Remove_SSLv2_bindings.patch b/meta-python/recipes-devtools/python/python-cryptography/Remove_SSLv2_bindings.patch
new file mode 100644
index 0000000000..f0c9abcced
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python-cryptography/Remove_SSLv2_bindings.patch
@@ -0,0 +1,70 @@
+From 90c6a53a885dd5c66992309e0af98ac554f1bb97 Mon Sep 17 00:00:00 2001
+From: Cory Benfield <lukasaoz@gmail.com>
+Date: Mon, 14 Dec 2015 08:35:20 +0000
+Subject: [PATCH] Remove SSLv2 bindings.
+This commit removes bindings that allow users to set SSLv2 handshake
+methods. These are regarded as unnecessary and out-of-date: see #2527.
+This commit does leave in a few options that refer to SSLv2 in order to
+avoid breaking deployments that rely on them, and in order to allow
+users to continue to request that SSLv2 not be enabled at all in their
+OpenSSL.
+Upstream-Status: Backport
+This fixes the compile issue after updating to openssl 1.0.2h. refactored to apply to jethro.
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ src/_cffi_src/openssl/ssl.py                            | 17 +----------------
+ .../hazmat/bindings/openssl/_conditional.py             |  6 ------
+ 2 files changed, 1 insertion(+), 22 deletions(-)
+Index: cryptography-0.8.1/src/cryptography/hazmat/bindings/openssl/ssl.py
+===================================================================
+--- cryptography-0.8.1.orig/src/cryptography/hazmat/bindings/openssl/ssl.py
+++ cryptography-0.8.1/src/cryptography/hazmat/bindings/openssl/ssl.py
+@@ -262,15 +262,6 @@ unsigned long SSL_CTX_add_extra_chain_ce
+ 
+ /*  methods */
+ 
+-/* SSLv2 support is compiled out of some versions of OpenSSL.  These will
+- * get special support when we generate the bindings so that if they are
+- * available they will be wrapped, but if they are not they won't cause
+- * problems (like link errors).
+- */
+-const SSL_METHOD *SSLv2_method(void);
+-const SSL_METHOD *SSLv2_server_method(void);
+-const SSL_METHOD *SSLv2_client_method(void);
+-
+ /*
+  * TLSv1_1 and TLSv1_2 are recent additions.  Only sufficiently new versions of
+  * OpenSSL support them.
+@@ -381,14 +372,7 @@ const long SSL_OP_LEGACY_SERVER_CONNECT
+ #else
+ static const long Cryptography_HAS_SECURE_RENEGOTIATION = 1;
+ #endif
+-#ifdef OPENSSL_NO_SSL2
+ static const long Cryptography_HAS_SSL2 = 0;
+-SSL_METHOD* (*SSLv2_method)(void) = NULL;
+-SSL_METHOD* (*SSLv2_client_method)(void) = NULL;
+-SSL_METHOD* (*SSLv2_server_method)(void) = NULL;
+-#else
+-static const long Cryptography_HAS_SSL2 = 1;
+-#endif
+ 
+ #ifdef OPENSSL_NO_SSL3_METHOD
+ static const long Cryptography_HAS_SSL3_METHOD = 0;
+@@ -574,12 +558,6 @@ CONDITIONAL_NAMES = {
+         "TLSv1_2_client_method",
+     ],
+ 
+-    "Cryptography_HAS_SSL2": [
+-        "SSLv2_method",
+-        "SSLv2_client_method",
+-        "SSLv2_server_method",
+-    ],
+-
+     "Cryptography_HAS_SSL3_METHOD": [
+         "SSLv3_method",
+         "SSLv3_client_method",
diff --git a/meta-python/recipes-devtools/python/python-cryptography_0.8.1.bb b/meta-python/recipes-devtools/python/python-cryptography_0.8.1.bb
index cd1011823a..86bf0dc543 100644
--- a/meta-python/recipes-devtools/python/python-cryptography_0.8.1.bb
+++ b/meta-python/recipes-devtools/python/python-cryptography_0.8.1.bb
@@ -8,6 +8,8 @@ SRCNAME = "cryptography"
 SRC_URI = "https://pypi.python.org/packages/source/c/${SRCNAME}/${SRCNAME}-${PV}.tar.gz \
           file://run-ptest \
           file://build_fix_openssl_1.0.1g.patch \
+           file://Remove_SSLv2_bindings.patch \
+           file://Comment_lingering_SSLv2_symbol.patch \
 "
 S = "${WORKDIR}/${SRCNAME}-${PV}"

diff --git a/meta-python/recipes-devtools/python/python-cryptography/Comment_lingering_SSLv2_symbol.patch b/meta-python/recipes-devtools/python/python-cryptography/Comment_lingering_SSLv2_symbol.patch new file mode 100644 index 0000000000..c8dbee27df --- /dev/null +++ b/meta-python/recipes-devtools/python/python-cryptography/Comment_lingering_SSLv2_symbol.patch
@@ -0,0 +1,25 @@
		1	From f326e4a97cce6b9479560ce0c65ad18d54393f96 Mon Sep 17 00:00:00 2001
		2	From: Cory Benfield <lukasaoz@gmail.com>
		3	Date: Mon, 14 Dec 2015 15:37:46 +0000
		4	Subject: [PATCH] Comment lingering SSLv2 symbol.
		5
		6	---
		7	src/_cffi_src/openssl/ssl.py \| 4 ++++
		8	1 file changed, 4 insertions(+)
		9
		10	Index: cryptography-0.8.1/src/cryptography/hazmat/bindings/openssl/ssl.py
		11	===================================================================
		12	--- cryptography-0.8.1.orig/src/cryptography/hazmat/bindings/openssl/ssl.py
		13	+++ cryptography-0.8.1/src/cryptography/hazmat/bindings/openssl/ssl.py
		14	@@ -372,6 +372,11 @@ const long SSL_OP_LEGACY_SERVER_CONNECT
		15	#else
		16	static const long Cryptography_HAS_SECURE_RENEGOTIATION = 1;
		17	#endif
		18	+
		19	+/* Cryptography now compiles out all SSLv2 bindings. This exists to allow
		20	+ * clients that use it to check for SSLv2 support to keep functioning as
		21	+ * expected.
		22	+ */
		23	static const long Cryptography_HAS_SSL2 = 0;
		24
		25	#ifdef OPENSSL_NO_SSL3_METHOD


diff --git a/meta-python/recipes-devtools/python/python-cryptography/Remove_SSLv2_bindings.patch b/meta-python/recipes-devtools/python/python-cryptography/Remove_SSLv2_bindings.patch new file mode 100644 index 0000000000..f0c9abcced --- /dev/null +++ b/meta-python/recipes-devtools/python/python-cryptography/Remove_SSLv2_bindings.patch
@@ -0,0 +1,70 @@
		1	From 90c6a53a885dd5c66992309e0af98ac554f1bb97 Mon Sep 17 00:00:00 2001
		2	From: Cory Benfield <lukasaoz@gmail.com>
		3	Date: Mon, 14 Dec 2015 08:35:20 +0000
		4	Subject: [PATCH] Remove SSLv2 bindings.
		5
		6	This commit removes bindings that allow users to set SSLv2 handshake
		7	methods. These are regarded as unnecessary and out-of-date: see #2527.
		8	This commit does leave in a few options that refer to SSLv2 in order to
		9	avoid breaking deployments that rely on them, and in order to allow
		10	users to continue to request that SSLv2 not be enabled at all in their
		11	OpenSSL.
		12
		13	Upstream-Status: Backport
		14
		15	This fixes the compile issue after updating to openssl 1.0.2h. refactored to apply to jethro.
		16	Signed-off-by: Armin Kuster <akuster@mvista.com>
		17
		18	---
		19	src/_cffi_src/openssl/ssl.py \| 17 +----------------
		20	.../hazmat/bindings/openssl/_conditional.py \| 6 ------
		21	2 files changed, 1 insertion(+), 22 deletions(-)
		22
		23	Index: cryptography-0.8.1/src/cryptography/hazmat/bindings/openssl/ssl.py
		24	===================================================================
		25	--- cryptography-0.8.1.orig/src/cryptography/hazmat/bindings/openssl/ssl.py
		26	+++ cryptography-0.8.1/src/cryptography/hazmat/bindings/openssl/ssl.py
		27	@@ -262,15 +262,6 @@ unsigned long SSL_CTX_add_extra_chain_ce
		28
		29	/* methods */
		30
		31	-/* SSLv2 support is compiled out of some versions of OpenSSL. These will
		32	- * get special support when we generate the bindings so that if they are
		33	- * available they will be wrapped, but if they are not they won't cause
		34	- * problems (like link errors).
		35	- */
		36	-const SSL_METHOD *SSLv2_method(void);
		37	-const SSL_METHOD *SSLv2_server_method(void);
		38	-const SSL_METHOD *SSLv2_client_method(void);
		39	-
		40	/*
		41	* TLSv1_1 and TLSv1_2 are recent additions. Only sufficiently new versions of
		42	* OpenSSL support them.
		43	@@ -381,14 +372,7 @@ const long SSL_OP_LEGACY_SERVER_CONNECT
		44	#else
		45	static const long Cryptography_HAS_SECURE_RENEGOTIATION = 1;
		46	#endif
		47	-#ifdef OPENSSL_NO_SSL2
		48	static const long Cryptography_HAS_SSL2 = 0;
		49	-SSL_METHOD* (*SSLv2_method)(void) = NULL;
		50	-SSL_METHOD* (*SSLv2_client_method)(void) = NULL;
		51	-SSL_METHOD* (*SSLv2_server_method)(void) = NULL;
		52	-#else
		53	-static const long Cryptography_HAS_SSL2 = 1;
		54	-#endif
		55
		56	#ifdef OPENSSL_NO_SSL3_METHOD
		57	static const long Cryptography_HAS_SSL3_METHOD = 0;
		58	@@ -574,12 +558,6 @@ CONDITIONAL_NAMES = {
		59	"TLSv1_2_client_method",
		60	],
		61
		62	- "Cryptography_HAS_SSL2": [
		63	- "SSLv2_method",
		64	- "SSLv2_client_method",
		65	- "SSLv2_server_method",
		66	- ],
		67	-
		68	"Cryptography_HAS_SSL3_METHOD": [
		69	"SSLv3_method",
		70	"SSLv3_client_method",


diff --git a/meta-python/recipes-devtools/python/python-cryptography_0.8.1.bb b/meta-python/recipes-devtools/python/python-cryptography_0.8.1.bb index cd1011823a..86bf0dc543 100644 --- a/meta-python/recipes-devtools/python/python-cryptography_0.8.1.bb +++ b/meta-python/recipes-devtools/python/python-cryptography_0.8.1.bb
@@ -8,6 +8,8 @@ SRCNAME = "cryptography"
8	SRC_URI = "https://pypi.python.org/packages/source/c/${SRCNAME}/${SRCNAME}-${PV}.tar.gz \	8	SRC_URI = "https://pypi.python.org/packages/source/c/${SRCNAME}/${SRCNAME}-${PV}.tar.gz \
9	file://run-ptest \	9	file://run-ptest \
10	file://build_fix_openssl_1.0.1g.patch \	10	file://build_fix_openssl_1.0.1g.patch \
		11	file://Remove_SSLv2_bindings.patch \
		12	file://Comment_lingering_SSLv2_symbol.patch \
11	"	13	"
12	S = "${WORKDIR}/${SRCNAME}-${PV}"	14	S = "${WORKDIR}/${SRCNAME}-${PV}"
13		15