789441 – dev-lang/python-3.8.10 and dev-lang/python-3.9.5: implicit declaration of function 'SSLv3_method'

Bug 789441 - dev-lang/python-3.8.10 and dev-lang/python-3.9.5: implicit declaration of function 'SSLv3_method'

Summary: dev-lang/python-3.8.10 and dev-lang/python-3.9.5: implicit declaration of fun...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Python Gentoo Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2021-05-11 11:28 UTC by Erik Zeek
Modified:	2021-05-12 13:12 UTC (History)
CC List:	4 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
python-3.8.10 build log (dev-lang:python-3.8.10:20210511-110823.log.gz,29.73 KB, application/gzip) 2021-05-11 11:28 UTC, Erik Zeek	Details
dev-lang/python-3.9.5 build log (dev-lang:python-3.9.5:20210511-110938.log.gz,29.08 KB, application/gzip) 2021-05-11 11:29 UTC, Erik Zeek	Details
python-3.8.10 emerge info (emerge-info.txt,13.52 KB, text/plain) 2021-05-11 11:31 UTC, Erik Zeek	Details
python-3.9.5 emerge info (emerge-info.txt,13.52 KB, text/plain) 2021-05-11 11:32 UTC, Erik Zeek	Details
python 3.8/3.9 patch (0001-ssl-Hard-disable-SSLv3-to-avoid-automagic-deps.patch,1.08 KB, patch) 2021-05-12 08:01 UTC, Michał Górny	Details \| Diff
Disables SSL3 for Python 3.8 / 3.9 (python.patch,399 bytes, patch) 2021-05-12 12:24 UTC, Paul	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Erik Zeek 2021-05-11 11:28:56 UTC

Created attachment 707025 [details]
python-3.8.10 build log

Both dev-lang/python-3.8.10 and dev-lang/python-3.9.5 currently fail while building the _ssl module.

/gentoo/tmp/portage/dev-lang/python-3.9.5/work/Python-3.9.5/Modules/_ssl.c: In function '_ssl__SSLContext_impl':
/gentoo/tmp/portage/dev-lang/python-3.9.5/work/Python-3.9.5/Modules/_ssl.c:3116:27: error: implicit declaration of function 'SSLv3_method'; did you mean 'SSLv23_method'? [-Werror=implicit-function-declaration]
 3116 |         ctx = SSL_CTX_new(SSLv3_method());
      |                           ^~~~~~~~~~~~
      |                           SSLv23_method
/gentoo/tmp/portage/dev-lang/python-3.9.5/work/Python-3.9.5/Modules/_ssl.c:3116:27: warning: passing argument 1 of 'SSL_CTX_new' makes pointer from integer without a cast [-Wint-conversion]
 3116 |         ctx = SSL_CTX_new(SSLv3_method());
      |                           ^~~~~~~~~~~~~~
      |                           |
      |                           int
In file included from /gentoo/tmp/portage/dev-lang/python-3.9.5/work/Python-3.9.5/Modules/_ssl.c:59:
/usr/include/openssl/ssl.h:1503:47: note: expected 'const SSL_METHOD *' {aka 'const struct ssl_method_st *'} but argument is of type 'int'
 1503 | __owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
      |                             ~~~~~~~~~~~~~~~~~~^~~~

My current openssl:

* dev-libs/openssl
     Available versions:  1.0.2u^td 1.1.1k(0/1.1)^td
     IUSE (all versions): +asm bindist gmp kerberos rfc3779 sctp sslv2 (+)sslv3 static-libs test (+)tls-heartbeat vanilla zlib ABI_MIPS="n32 n64 o32" ABI_S390="32 64" ABI_X86="32 64 x32" CPU_FLAGS_X86="sse2" ELIBC="musl"
     Installed versions:  Version:   1.1.1k(0/1.1)^td
                          Date:      10:56:18 AM 05/07/2021
                          USE:       asm rfc3779 sslv3 zlib -bindist -sctp -static-libs -test -tls-heartbeat -vanilla ABI_MIPS="-n32 -n64 -o32" ABI_S390="-32 -64" ABI_X86="32 64 -x32" CPU_FLAGS_X86="sse2" ELIBC="-musl"
                          DEPEND:    >=app-misc/c_rehash-1.7-r1 >=sys-libs/zlib-1.2.8-r1[abi_x86_32(-),abi_x86_64(-)]
                          RDEPEND:   ${DEPEND} !<net-misc/openssh-8.0_p1-r3
                          PDEPEND:   app-misc/ca-certificates
                          BDEPEND:   >=dev-lang/perl-5
                          SRC_URI:   
                          EAPI:      7
     Best versions/slot:  1.1.1k(0/1.1)^td
     Homepage:            https://www.openssl.org/
     Find open bugs:      https://bugs.gentoo.org/buglist.cgi?quicksearch=dev-libs%2Fopenssl
     Description:         full-strength general purpose cryptography library (including SSL and TLS)
     License:             openssl

Comment 1 Erik Zeek 2021-05-11 11:29:56 UTC

Created attachment 707028 [details]
dev-lang/python-3.9.5 build log

Comment 2 Erik Zeek 2021-05-11 11:31:35 UTC

Created attachment 707031 [details]
python-3.8.10 emerge info

Comment 3 Erik Zeek 2021-05-11 11:32:28 UTC

Created attachment 707034 [details]
python-3.9.5 emerge info

Comment 4 Sam James archtester

2021-05-11 13:30:26 UTC

Is there anything _different_ about this system?

Comment 5 Erik Zeek 2021-05-11 14:19:28 UTC

(In reply to Sam James from comment #4)
> Is there anything _different_ about this system?

Other than being mine, none that I'm aware of ;-)

With the new gcc-11, I did switch to it and do a rebuild @world. Many packages weren't quite ready, so I switched back to gcc-10 (gcc-11 is still installed). Again, I rebuilt @world. I currently have 5 packages (including these two) that are failing to merge: dev-libs/ocl-icd, dev-libs/rocm-opencl-runtime, and sys-fs/dd-rescue.

Erik

Comment 6 Erik Zeek 2021-05-11 14:20:38 UTC

These packages were also failing with gcc-11. (That was one of the reasons I switched back to gcc-10.)

Comment 7 Erik Zeek 2021-05-11 18:05:14 UTC

If I disable sslv3 on dev-libs/openssl, these packages compiled successfully. (Not sure why I had that enabled.)

Comment 8 Michał Górny archtester

2021-05-11 22:10:43 UTC

Could you try 3.10 as well?  It has a patch blocking SSLv3 entirely, so maybe I should just backport it to older versions.

Are you using LibreSSL?

Comment 9 Erik Zeek 2021-05-12 02:36:10 UTC

(In reply to Michał Górny from comment #8)
> Could you try 3.10 as well?  It has a patch blocking SSLv3 entirely, so
> maybe I should just backport it to older versions.
> 
> Are you using LibreSSL?

I am not using LibreSSL.

I was able to emerge dev-lang/python-3.10.0_beta1::gentoo both with and without USE=sslv3 on dev-libs/openssl-1.1.1k. 

I double checked and dev-lang/python-3.8.10 still failed with USE=sslv3 and succeeded without it.

Comment 10 Attila Tóth 2021-05-12 06:23:04 UTC

(In reply to Erik Zeek from comment #7)
> If I disable sslv3 on dev-libs/openssl, these packages compiled
> successfully. (Not sure why I had that enabled.)

SSLv3_method is indeed missing from openssl/ssl.h, but has SSLv23_method. Python detects SSLv3 capability, but try to use set SSLv3_method function.

Comment 11 Michał Górny archtester

2021-05-12 08:01:09 UTC

Created attachment 707274 [details, diff]
python 3.8/3.9 patch

Could you try building python 3.8 and/or 3.9 with this patch?  Just drop it into /etc/portage/patches/dev-lang/python/ (create the directory).

Comment 12 Paul 2021-05-12 12:24:44 UTC

Created attachment 707541 [details, diff]
Disables SSL3 for Python 3.8 / 3.9

Disables SSL3 for Python 3.8 / 3.9

Comment 13 Paul 2021-05-12 12:28:07 UTC

(In reply to Michał Górny from comment #11)
> Created attachment 707274 [details, diff] [details, diff]
> python 3.8/3.9 patch
> 
> Could you try building python 3.8 and/or 3.9 with this patch?  Just drop it
> into /etc/portage/patches/dev-lang/python/ (create the directory).

it complains that "PySSLErrorObject" and other removed functions not found.
Although just disabling SSL3 is enough, managed to compile both Python 3.8 and 3.9.

Comment 14 Michał Górny archtester

2021-05-12 12:39:35 UTC

Yeah, sorry, rebase error.  I'll make new patchsets shortly.

Comment 15 Erik Zeek 2021-05-12 12:52:44 UTC

(In reply to Paul from comment #12)
> Created attachment 707541 [details, diff] [details, diff]
> Disables SSL3 for Python 3.8 / 3.9
> 
> Disables SSL3 for Python 3.8 / 3.9

This one worked for me.

Comment 16 Larry the Git Cow gentoo-dev

2021-05-12 13:12:12 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c5e71140a9a1272e67a69d8aaf510de38a8bc5bd

commit c5e71140a9a1272e67a69d8aaf510de38a8bc5bd
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2021-05-12 12:42:57 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2021-05-12 13:12:04 +0000

    dev-lang/python: Disable SSLv3 via 3.8.10_p1
    
    Closes: https://bugs.gentoo.org/789441
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 dev-lang/python/Manifest                |   1 +
 dev-lang/python/python-3.8.10_p1.ebuild | 336 ++++++++++++++++++++++++++++++++
 2 files changed, 337 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=faf36aa8324ffec16bbd04a93cd4755ab6b25f22

commit faf36aa8324ffec16bbd04a93cd4755ab6b25f22
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2021-05-12 12:44:09 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2021-05-12 13:12:03 +0000

    dev-lang/python: Disable SSLv3 via 3.9.5_p1
    
    Closes: https://bugs.gentoo.org/789441
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 dev-lang/python/Manifest               |   1 +
 dev-lang/python/python-3.9.5_p1.ebuild | 345 +++++++++++++++++++++++++++++++++
 2 files changed, 346 insertions(+)