Created attachment 707025 [details] python-3.8.10 build log Both dev-lang/python-3.8.10 and dev-lang/python-3.9.5 currently fail while building the _ssl module. /gentoo/tmp/portage/dev-lang/python-3.9.5/work/Python-3.9.5/Modules/_ssl.c: In function '_ssl__SSLContext_impl': /gentoo/tmp/portage/dev-lang/python-3.9.5/work/Python-3.9.5/Modules/_ssl.c:3116:27: error: implicit declaration of function 'SSLv3_method'; did you mean 'SSLv23_method'? [-Werror=implicit-function-declaration] 3116 | ctx = SSL_CTX_new(SSLv3_method()); | ^~~~~~~~~~~~ | SSLv23_method /gentoo/tmp/portage/dev-lang/python-3.9.5/work/Python-3.9.5/Modules/_ssl.c:3116:27: warning: passing argument 1 of 'SSL_CTX_new' makes pointer from integer without a cast [-Wint-conversion] 3116 | ctx = SSL_CTX_new(SSLv3_method()); | ^~~~~~~~~~~~~~ | | | int In file included from /gentoo/tmp/portage/dev-lang/python-3.9.5/work/Python-3.9.5/Modules/_ssl.c:59: /usr/include/openssl/ssl.h:1503:47: note: expected 'const SSL_METHOD *' {aka 'const struct ssl_method_st *'} but argument is of type 'int' 1503 | __owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); | ~~~~~~~~~~~~~~~~~~^~~~ My current openssl: * dev-libs/openssl Available versions: 1.0.2u^td 1.1.1k(0/1.1)^td IUSE (all versions): +asm bindist gmp kerberos rfc3779 sctp sslv2 (+)sslv3 static-libs test (+)tls-heartbeat vanilla zlib ABI_MIPS="n32 n64 o32" ABI_S390="32 64" ABI_X86="32 64 x32" CPU_FLAGS_X86="sse2" ELIBC="musl" Installed versions: Version: 1.1.1k(0/1.1)^td Date: 10:56:18 AM 05/07/2021 USE: asm rfc3779 sslv3 zlib -bindist -sctp -static-libs -test -tls-heartbeat -vanilla ABI_MIPS="-n32 -n64 -o32" ABI_S390="-32 -64" ABI_X86="32 64 -x32" CPU_FLAGS_X86="sse2" ELIBC="-musl" DEPEND: >=app-misc/c_rehash-1.7-r1 >=sys-libs/zlib-1.2.8-r1[abi_x86_32(-),abi_x86_64(-)] RDEPEND: ${DEPEND} !<net-misc/openssh-8.0_p1-r3 PDEPEND: app-misc/ca-certificates BDEPEND: >=dev-lang/perl-5 SRC_URI: EAPI: 7 Best versions/slot: 1.1.1k(0/1.1)^td Homepage: https://www.openssl.org/ Find open bugs: https://bugs.gentoo.org/buglist.cgi?quicksearch=dev-libs%2Fopenssl Description: full-strength general purpose cryptography library (including SSL and TLS) License: openssl
Created attachment 707028 [details] dev-lang/python-3.9.5 build log
Created attachment 707031 [details] python-3.8.10 emerge info
Created attachment 707034 [details] python-3.9.5 emerge info
Is there anything _different_ about this system?
(In reply to Sam James from comment #4) > Is there anything _different_ about this system? Other than being mine, none that I'm aware of ;-) With the new gcc-11, I did switch to it and do a rebuild @world. Many packages weren't quite ready, so I switched back to gcc-10 (gcc-11 is still installed). Again, I rebuilt @world. I currently have 5 packages (including these two) that are failing to merge: dev-libs/ocl-icd, dev-libs/rocm-opencl-runtime, and sys-fs/dd-rescue. Erik
These packages were also failing with gcc-11. (That was one of the reasons I switched back to gcc-10.)
If I disable sslv3 on dev-libs/openssl, these packages compiled successfully. (Not sure why I had that enabled.)
Could you try 3.10 as well? It has a patch blocking SSLv3 entirely, so maybe I should just backport it to older versions. Are you using LibreSSL?
(In reply to Michał Górny from comment #8) > Could you try 3.10 as well? It has a patch blocking SSLv3 entirely, so > maybe I should just backport it to older versions. > > Are you using LibreSSL? I am not using LibreSSL. I was able to emerge dev-lang/python-3.10.0_beta1::gentoo both with and without USE=sslv3 on dev-libs/openssl-1.1.1k. I double checked and dev-lang/python-3.8.10 still failed with USE=sslv3 and succeeded without it.
(In reply to Erik Zeek from comment #7) > If I disable sslv3 on dev-libs/openssl, these packages compiled > successfully. (Not sure why I had that enabled.) SSLv3_method is indeed missing from openssl/ssl.h, but has SSLv23_method. Python detects SSLv3 capability, but try to use set SSLv3_method function.
Created attachment 707274 [details, diff] python 3.8/3.9 patch Could you try building python 3.8 and/or 3.9 with this patch? Just drop it into /etc/portage/patches/dev-lang/python/ (create the directory).
Created attachment 707541 [details, diff] Disables SSL3 for Python 3.8 / 3.9 Disables SSL3 for Python 3.8 / 3.9
(In reply to Michał Górny from comment #11) > Created attachment 707274 [details, diff] [details, diff] > python 3.8/3.9 patch > > Could you try building python 3.8 and/or 3.9 with this patch? Just drop it > into /etc/portage/patches/dev-lang/python/ (create the directory). it complains that "PySSLErrorObject" and other removed functions not found. Although just disabling SSL3 is enough, managed to compile both Python 3.8 and 3.9.
Yeah, sorry, rebase error. I'll make new patchsets shortly.
(In reply to Paul from comment #12) > Created attachment 707541 [details, diff] [details, diff] > Disables SSL3 for Python 3.8 / 3.9 > > Disables SSL3 for Python 3.8 / 3.9 This one worked for me.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c5e71140a9a1272e67a69d8aaf510de38a8bc5bd commit c5e71140a9a1272e67a69d8aaf510de38a8bc5bd Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2021-05-12 12:42:57 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2021-05-12 13:12:04 +0000 dev-lang/python: Disable SSLv3 via 3.8.10_p1 Closes: https://bugs.gentoo.org/789441 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-lang/python/Manifest | 1 + dev-lang/python/python-3.8.10_p1.ebuild | 336 ++++++++++++++++++++++++++++++++ 2 files changed, 337 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=faf36aa8324ffec16bbd04a93cd4755ab6b25f22 commit faf36aa8324ffec16bbd04a93cd4755ab6b25f22 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2021-05-12 12:44:09 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2021-05-12 13:12:03 +0000 dev-lang/python: Disable SSLv3 via 3.9.5_p1 Closes: https://bugs.gentoo.org/789441 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-lang/python/Manifest | 1 + dev-lang/python/python-3.9.5_p1.ebuild | 345 +++++++++++++++++++++++++++++++++ 2 files changed, 346 insertions(+)