python2: update to 2.7.14, add upstream patch for libressl 2.7.x

2 files changed, 81 insertions, 2 deletions

diff --git a/package/python2/Makefile b/package/python2/Makefile
index ee99e3677..358866b0f 100644
--- a/package/python2/Makefile
+++ b/package/python2/Makefile
@@ -4,9 +4,9 @@
 include ${ADK_TOPDIR}/rules.mk
 
 PKG_NAME:=		python2
-PKG_VERSION:=		2.7.13
+PKG_VERSION:=		2.7.14
 PKG_RELEASE:=		1
-PKG_HASH:=		a4f05a0720ce0fd92626f0278b6b433eee9a6173ddf2bced7957dfb599a5ece1
+PKG_HASH:=		304c9b202ea6fbd0a4a8e0ad3733715fbd4749f2204a9173a58ec53c32ea73e8
 PKG_DESCR:=		python2 script interpreter
 PKG_SECTION:=		dev/lang
 PKG_DEPENDS:=		libffi
diff --git a/package/python2/patches/0001-2.7-bpo-33127-Compatibility-patch-for-LibreSSL-2.7.0.patch b/package/python2/patches/0001-2.7-bpo-33127-Compatibility-patch-for-LibreSSL-2.7.0.patch
new file mode 100644
index 000000000..e5759db40
--- /dev/null
+++ b/package/python2/patches/0001-2.7-bpo-33127-Compatibility-patch-for-LibreSSL-2.7.0.patch
@@ -0,0 +1,79 @@
+From edd541897b9c28ee0d0f0131746aa5f19665a104 Mon Sep 17 00:00:00 2001
+From: Christian Heimes <christian@python.org>
+Date: Sat, 24 Mar 2018 19:34:15 +0100
+Subject: [PATCH] [2.7] bpo-33127: Compatibility patch for LibreSSL 2.7.0
+ (GH-6210) (GH-6215)
+
+LibreSSL 2.7 introduced OpenSSL 1.1.0 API. The ssl module now detects
+LibreSSL 2.7 and only provides API shims for OpenSSL < 1.1.0 and
+LibreSSL < 2.7.
+
+Documentation updates and fixes for failing tests will be provided in
+another patch set.
+
+Signed-off-by: Christian Heimes <christian@python.org>.
+(cherry picked from commit 4ca0739c9d97ac7cd45499e0d31be68dc659d0e1)
+
+Co-authored-by: Christian Heimes <christian@python.org>
+---
+ .../2018-03-24-15-08-24.bpo-33127.olJmHv.rst       |  1 +
+ Modules/_ssl.c                                     | 24 ++++++++++++++--------
+ Tools/ssl/multissltests.py                         |  3 ++-
+ 3 files changed, 19 insertions(+), 9 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst
+
+diff --git a/Modules/_ssl.c b/Modules/_ssl.c
+index da8b20f54f..d0ce913d3d 100644
+--- a/Modules/_ssl.c
++++ b/Modules/_ssl.c
+@@ -102,6 +102,12 @@ struct py_ssl_library_code {
+ 
+ #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
+ #  define OPENSSL_VERSION_1_1 1
++#  define PY_OPENSSL_1_1_API 1
++#endif
++
++/* LibreSSL 2.7.0 provides necessary OpenSSL 1.1.0 APIs */
++#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL
++#  define PY_OPENSSL_1_1_API 1
+ #endif
+ 
+ /* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1
+@@ -149,16 +155,18 @@ struct py_ssl_library_code {
+ #define INVALID_SOCKET (-1)
+ #endif
+ 
+-#ifdef OPENSSL_VERSION_1_1
+-/* OpenSSL 1.1.0+ */
+-#ifndef OPENSSL_NO_SSL2
+-#define OPENSSL_NO_SSL2
+-#endif
+-#else /* OpenSSL < 1.1.0 */
+-#if defined(WITH_THREAD)
++/* OpenSSL 1.0.2 and LibreSSL needs extra code for locking */
++#if !defined(OPENSSL_VERSION_1_1) && defined(WITH_THREAD)
+ #define HAVE_OPENSSL_CRYPTO_LOCK
+ #endif
+ 
++#if defined(OPENSSL_VERSION_1_1) && !defined(OPENSSL_NO_SSL2)
++#define OPENSSL_NO_SSL2
++#endif
++
++#ifndef PY_OPENSSL_1_1_API
++/* OpenSSL 1.1 API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7.0 */
++
+ #define TLS_method SSLv23_method
+ 
+ static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
+@@ -201,7 +209,7 @@ static X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *store)
+ {
+     return store->param;
+ }
+-#endif /* OpenSSL < 1.1.0 or LibreSSL */
++#endif /* OpenSSL < 1.1.0 or LibreSSL < 2.7.0 */
+ 
+ 
+ enum py_ssl_error {
+-- 
+2.16.1
+