diff --git a/gh-126500-test_ssl-no-stop-ThreadedEchoServer-OSError.patch b/gh-126500-test_ssl-no-stop-ThreadedEchoServer-OSError.patch new file mode 100644 index 0000000..bea4eed --- /dev/null +++ b/gh-126500-test_ssl-no-stop-ThreadedEchoServer-OSError.patch @@ -0,0 +1,82 @@ +From 3d390148c05a7ea2d401c4633e7d4db75ebf97d9 Mon Sep 17 00:00:00 2001 +From: Petr Viktorin +Date: Thu, 7 Nov 2024 11:07:02 +0100 +Subject: [PATCH] gh-126500: test_ssl: Don't stop ThreadedEchoServer on OSError + in ConnectionHandler; rely on __exit__ (GH-126503) + +If `read()` in the ConnectionHandler thread raises `OSError` (except `ConnectionError`), +the ConnectionHandler shuts down the entire ThreadedEchoServer, +preventing further connections. +It also does that for `EPROTOTYPE` in `wrap_conn`. + +As far as I can see, this is done to avoid the server thread getting stuck, +forgotten, in its accept loop. However, since 2011 (5b95eb90a7167285b6544b50865227c584943c9a) +the server is used as a context manager, and its `__exit__` does `stop()` and `join()`. +(I'm not sure if we *always* used `with` since that commit, but currently we do.) + +Make sure that the context manager *is* used, and remove the `server.stop()` +calls from ConnectionHandler. +(cherry picked from commit c9cda1608edf7664c10f4f467e24591062c2fe62) + +Co-authored-by: Petr Viktorin +--- + Lib/test/test_ssl.py | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py +index 9b59ddd887aa0b..b6421c7a3c827b 100644 +--- a/Lib/test/test_ssl.py ++++ b/Lib/test/test_ssl.py +@@ -2300,7 +2300,6 @@ def wrap_conn(self): + # See also http://erickt.github.io/blog/2014/11/19/adventures-in-debugging-a-potential-osx-kernel-bug/ + if e.errno != errno.EPROTOTYPE and sys.platform != "darwin": + self.running = False +- self.server.stop() + self.close() + return False + else: +@@ -2435,10 +2434,6 @@ def run(self): + self.close() + self.running = False + +- # normally, we'd just stop here, but for the test +- # harness, we want to stop the server +- self.server.stop() +- + def __init__(self, certificate=None, ssl_version=None, + certreqs=None, cacerts=None, + chatty=True, connectionchatty=False, starttls_server=False, +@@ -2472,21 +2467,33 @@ def __init__(self, certificate=None, ssl_version=None, + self.conn_errors = [] + threading.Thread.__init__(self) + self.daemon = True ++ self._in_context = False + + def __enter__(self): ++ if self._in_context: ++ raise ValueError('Re-entering ThreadedEchoServer context') ++ self._in_context = True + self.start(threading.Event()) + self.flag.wait() + return self + + def __exit__(self, *args): ++ assert self._in_context ++ self._in_context = False + self.stop() + self.join() + + def start(self, flag=None): ++ if not self._in_context: ++ raise ValueError( ++ 'ThreadedEchoServer must be used as a context manager') + self.flag = flag + threading.Thread.start(self) + + def run(self): ++ if not self._in_context: ++ raise ValueError( ++ 'ThreadedEchoServer must be used as a context manager') + self.sock.settimeout(1.0) + self.sock.listen(5) + self.active = True diff --git a/gh-127257-ssl-OSError-ERR_LIB_SYS.patch b/gh-127257-ssl-OSError-ERR_LIB_SYS.patch new file mode 100644 index 0000000..092d012 --- /dev/null +++ b/gh-127257-ssl-OSError-ERR_LIB_SYS.patch @@ -0,0 +1,67 @@ +From c7908750cbfcfb54688ffff654909ef021095026 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Mon, 16 Dec 2024 15:43:57 +0100 +Subject: [PATCH] [3.12] gh-127257: ssl: Raise OSError for ERR_LIB_SYS + (GH-127361) (GH-127905) + +gh-127257: ssl: Raise OSError for ERR_LIB_SYS (GH-127361) + +From the ERR_raise manpage: + + ERR_LIB_SYS + + This "library code" indicates that a system error is + being reported. In this case, the reason code given + to `ERR_raise()` and `ERR_raise_data()` *must* be + `errno(3)`. + +This PR only handles ERR_LIB_SYS for the high-lever error types +SSL_ERROR_SYSCALL and SSL_ERROR_SSL, i.e., not the ones where +OpenSSL indicates it has some more information about the issue. +(cherry picked from commit f4b31edf2d9d72878dab1f66a36913b5bcc848ec) + +Co-authored-by: Petr Viktorin +(cherry picked from commit 7f707fa6c67d0bfa9bbc1a9f344b932789659397) +--- + .../2024-11-28-14-14-46.gh-issue-127257.n6-jU9.rst | 2 ++ + Modules/_ssl.c | 10 ++++++++++ + 2 files changed, 12 insertions(+) + create mode 100644 Misc/NEWS.d/next/Library/2024-11-28-14-14-46.gh-issue-127257.n6-jU9.rst + +diff --git a/Misc/NEWS.d/next/Library/2024-11-28-14-14-46.gh-issue-127257.n6-jU9.rst b/Misc/NEWS.d/next/Library/2024-11-28-14-14-46.gh-issue-127257.n6-jU9.rst +new file mode 100644 +index 00000000000000..fb0380cba0b607 +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2024-11-28-14-14-46.gh-issue-127257.n6-jU9.rst +@@ -0,0 +1,2 @@ ++In :mod:`ssl`, system call failures that OpenSSL reports using ++``ERR_LIB_SYS`` are now raised as :exc:`OSError`. +diff --git a/Modules/_ssl.c b/Modules/_ssl.c +index 120c739e196732..09207abde14545 100644 +--- a/Modules/_ssl.c ++++ b/Modules/_ssl.c +@@ -654,6 +654,11 @@ PySSL_SetError(PySSLSocket *sslsock, int ret, const char *filename, int lineno) + ERR_GET_REASON(e) == SSL_R_CERTIFICATE_VERIFY_FAILED) { + type = state->PySSLCertVerificationErrorObject; + } ++ if (ERR_GET_LIB(e) == ERR_LIB_SYS) { ++ // A system error is being reported; reason is set to errno ++ errno = ERR_GET_REASON(e); ++ return PyErr_SetFromErrno(PyExc_OSError); ++ } + p = PY_SSL_ERROR_SYSCALL; + } + break; +@@ -679,6 +684,11 @@ PySSL_SetError(PySSLSocket *sslsock, int ret, const char *filename, int lineno) + errstr = "EOF occurred in violation of protocol"; + } + #endif ++ if (ERR_GET_LIB(e) == ERR_LIB_SYS) { ++ // A system error is being reported; reason is set to errno ++ errno = ERR_GET_REASON(e); ++ return PyErr_SetFromErrno(PyExc_OSError); ++ } + break; + } + default: diff --git a/python313.changes b/python313.changes index 095a92f..18c4aec 100644 --- a/python313.changes +++ b/python313.changes @@ -276,6 +276,9 @@ Fri Apr 11 19:47:34 UTC 2025 - Matej Cepl - Add gh-132535-rsrc-warn-test_timeout.patch to fix failing tests in the build system without network access (gh#python/cpython#132535). +- Add gh-126500-test_ssl-no-stop-ThreadedEchoServer-OSError.patch + and gh-127257-ssl-OSError-ERR_LIB_SYS.patch to make the + interpreter compatible with OpenSSL 3.5 (bsc#1241067). ------------------------------------------------------------------- Mon Mar 10 15:44:31 UTC 2025 - Bernhard Wiedemann diff --git a/python313.spec b/python313.spec index 408383d..2aa63d0 100644 --- a/python313.spec +++ b/python313.spec @@ -228,6 +228,10 @@ Patch42: gh126985-mv-pyvenv.cfg2getpath.patch # PATCH-FIX-UPSTREAM gh-132535-rsrc-warn-test_timeout.patch gh#python/cpython#132535 mcepl@suse.com # allows test_timeout tests to pass Patch43: gh-132535-rsrc-warn-test_timeout.patch +# PATCH-FIX-UPSTREAM bsc#1241067 mcepl@suse.com +# Make the interpreter compatible with OpenSSL 3.5 +Patch44: gh-126500-test_ssl-no-stop-ThreadedEchoServer-OSError.patch +Patch44: gh-127257-ssl-OSError-ERR_LIB_SYS.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes