From 477d837ffc9d2ff7b4f384cbda3088ab827ed7234452fe4fcb7a2f93c30f9b76 Mon Sep 17 00:00:00 2001
From: Matej Cepl <mcepl@suse.com>
Date: Thu, 8 Aug 2024 17:05:11 +0000
Subject: [PATCH] Fix the patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=192
---
 ...24-5642-OpenSSL-API-buf-overread-NPN.patch | 91 +++++++++++++++++--
 1 file changed, 84 insertions(+), 7 deletions(-)

diff --git a/CVE-2024-5642-OpenSSL-API-buf-overread-NPN.patch b/CVE-2024-5642-OpenSSL-API-buf-overread-NPN.patch
index 903d341..94f6c70 100644
--- a/CVE-2024-5642-OpenSSL-API-buf-overread-NPN.patch
+++ b/CVE-2024-5642-OpenSSL-API-buf-overread-NPN.patch
@@ -31,8 +31,8 @@ Subject: [PATCH] PEP-644: Require OpenSSL 1.1.1 or newer
  Lib/test/test_ssl.py                                            |  119 --
  Misc/NEWS.d/next/Build/2021-03-30-14-19-39.bpo-43669.lWMUYx.rst |    1 
  Modules/Setup                                                   |   22 
- Modules/_hashopenssl.c                                          |   66 -
- Modules/_ssl.c                                                  |  510 ----------
+ Modules/_hashopenssl.c                                          |  108 --
+ Modules/_ssl.c                                                  |  518 ----------
  Modules/_ssl/debughelpers.c                                     |    4 
  Modules/clinic/_hashopenssl.c.h                                 |   11 
  Modules/clinic/_ssl.c.h                                         |   85 -
@@ -41,7 +41,7 @@ Subject: [PATCH] PEP-644: Require OpenSSL 1.1.1 or newer
  configure.ac                                                    |   36 
  pyconfig.h.in                                                   |    3 
  setup.py                                                        |   19 
- 15 files changed, 75 insertions(+), 825 deletions(-)
+ 15 files changed, 77 insertions(+), 873 deletions(-)
  create mode 100644 Misc/NEWS.d/next/Build/2021-03-30-14-19-39.bpo-43669.lWMUYx.rst
 
 --- a/Doc/using/unix.rst
@@ -474,15 +474,77 @@ Subject: [PATCH] PEP-644: Require OpenSSL 1.1.1 or newer
  hashlib_init_hashtable(PyObject *module)
  {
      _hashlibstate *state = get_hashlib_state(module);
-@@ -2229,8 +2171,6 @@ hashlib_init_hmactype(PyObject *module)
+@@ -2227,10 +2169,7 @@ hashlib_init_hmactype(PyObject *module)
+     return 0;
+ }
  
- #if 0
+-#if 0
  static PyModuleDef_Slot hashlib_slots[] = {
 -    /* OpenSSL 1.0.2 and LibreSSL */
 -    {Py_mod_exec, hashlib_openssl_legacy_init},
      {Py_mod_exec, hashlib_init_hashtable},
      {Py_mod_exec, hashlib_init_evptype},
      {Py_mod_exec, hashlib_init_evpxoftype},
+@@ -2238,7 +2177,6 @@ static PyModuleDef_Slot hashlib_slots[]
+     {Py_mod_exec, hashlib_md_meth_names},
+     {0, NULL}
+ };
+-#endif
+ 
+ static struct PyModuleDef _hashlibmodule = {
+     PyModuleDef_HEAD_INIT,
+@@ -2246,7 +2184,7 @@ static struct PyModuleDef _hashlibmodule
+     .m_doc = "OpenSSL interface for hashlib module",
+     .m_size = sizeof(_hashlibstate),
+     .m_methods = EVP_functions,
+-    .m_slots = NULL,
++    .m_slots = hashlib_slots,
+     .m_traverse = hashlib_traverse,
+     .m_clear = hashlib_clear,
+     .m_free = hashlib_free
+@@ -2255,41 +2193,5 @@ static struct PyModuleDef _hashlibmodule
+ PyMODINIT_FUNC
+ PyInit__hashlib(void)
+ {
+-    PyObject *m = PyState_FindModule(&_hashlibmodule);
+-    if (m != NULL) {
+-        Py_INCREF(m);
+-        return m;
+-    }
+-
+-    m = PyModule_Create(&_hashlibmodule);
+-    if (m == NULL) {
+-        return NULL;
+-    }
+-
+-    if (hashlib_openssl_legacy_init(m) < 0) {
+-        Py_DECREF(m);
+-        return NULL;
+-    }
+-    if (hashlib_init_hashtable(m) < 0) {
+-        Py_DECREF(m);
+-        return NULL;
+-    }
+-    if (hashlib_init_evptype(m) < 0) {
+-        Py_DECREF(m);
+-        return NULL;
+-    }
+-    if (hashlib_init_evpxoftype(m) < 0) {
+-        Py_DECREF(m);
+-        return NULL;
+-    }
+-    if (hashlib_init_hmactype(m) < 0) {
+-        Py_DECREF(m);
+-        return NULL;
+-    }
+-    if (hashlib_md_meth_names(m) == -1) {
+-        Py_DECREF(m);
+-        return NULL;
+-    }
+-
+-    return m;
++    return PyModuleDef_Init(&_hashlibmodule);
+ }
 --- a/Modules/_ssl.c
 +++ b/Modules/_ssl.c
 @@ -29,9 +29,9 @@
@@ -1418,7 +1480,22 @@ Subject: [PATCH] PEP-644: Require OpenSSL 1.1.1 or newer
  PyDoc_STRVAR(module_doc,
  "Implementation module for SSL socket operations.  See the socket module\n\
  for documentation.");
-@@ -6266,10 +5796,8 @@ PyInit__ssl(void)
+@@ -6152,14 +5682,6 @@ PyInit__ssl(void)
+         return NULL;
+     PySocketModule = *socket_api;
+ 
+-#ifndef OPENSSL_VERSION_1_1
+-    /* Load all algorithms and initialize cpuid */
+-    OPENSSL_add_all_algorithms_noconf();
+-    /* Init OpenSSL */
+-    SSL_load_error_strings();
+-    SSL_library_init();
+-#endif
+-
+ #ifdef HAVE_OPENSSL_CRYPTO_LOCK
+     /* note that this will start threading if not already started */
+     if (!_setup_ssl_threads()) {
+@@ -6266,10 +5788,8 @@ PyInit__ssl(void)
                              X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
      PyModule_AddIntConstant(m, "VERIFY_X509_STRICT",
                              X509_V_FLAG_X509_STRICT);
@@ -1429,7 +1506,7 @@ Subject: [PATCH] PEP-644: Require OpenSSL 1.1.1 or newer
  
      /* Alert Descriptions from ssl.h */
      /* note RESERVED constants no longer intended for use have been removed */
-@@ -6426,31 +5954,11 @@ PyInit__ssl(void)
+@@ -6426,31 +5946,11 @@ PyInit__ssl(void)
          PyModule_AddObject((m), (key), bool_obj); \
      } while (0)