From 1e7cac8a6a6219291db1916f25c057aa9ea09101 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 17 Nov 2021 20:28:19 +0100 Subject: [PATCH] dev-python/boto: Sync with gentoo It's from gentoo commit 38b155fa1bf907617067c98eb4ba3a5d0790eb1a. --- .../portage-stable/dev-python/boto/Manifest | 3 +- .../dev-python/boto/boto-2.41.0.ebuild | 55 --------- .../dev-python/boto/boto-2.48.0.ebuild | 55 --------- .../dev-python/boto/boto-2.49.0-r4.ebuild | 60 ++++++++++ .../boto-2.49.0-py3-httplib-strict.patch | 35 ++++++ .../files/boto-2.49.0-py3-server-port.patch | 42 +++++++ .../files/boto-2.49.0-py3-socket-binary.patch | 59 ++++++++++ .../boto/files/boto-2.49.0-py38.patch | 54 +++++++++ ...oto-2.49.0-try-to-add-SNI-support-v3.patch | 104 ++++++++++++++++++ .../boto/files/boto-2.49.0-unbundle-six.patch | 28 +++++ .../dev-python/boto/metadata.xml | 3 +- 11 files changed, 385 insertions(+), 113 deletions(-) delete mode 100644 sdk_container/src/third_party/portage-stable/dev-python/boto/boto-2.41.0.ebuild delete mode 100644 sdk_container/src/third_party/portage-stable/dev-python/boto/boto-2.48.0.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/dev-python/boto/boto-2.49.0-r4.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/dev-python/boto/files/boto-2.49.0-py3-httplib-strict.patch create mode 100644 sdk_container/src/third_party/portage-stable/dev-python/boto/files/boto-2.49.0-py3-server-port.patch create mode 100644 sdk_container/src/third_party/portage-stable/dev-python/boto/files/boto-2.49.0-py3-socket-binary.patch create mode 100644 sdk_container/src/third_party/portage-stable/dev-python/boto/files/boto-2.49.0-py38.patch create mode 100644 sdk_container/src/third_party/portage-stable/dev-python/boto/files/boto-2.49.0-try-to-add-SNI-support-v3.patch create mode 100644 sdk_container/src/third_party/portage-stable/dev-python/boto/files/boto-2.49.0-unbundle-six.patch diff --git a/sdk_container/src/third_party/portage-stable/dev-python/boto/Manifest b/sdk_container/src/third_party/portage-stable/dev-python/boto/Manifest index ea3befd350..880178074c 100644 --- a/sdk_container/src/third_party/portage-stable/dev-python/boto/Manifest +++ b/sdk_container/src/third_party/portage-stable/dev-python/boto/Manifest @@ -1,2 +1 @@ -DIST boto-2.41.0.tar.gz 1440323 BLAKE2B 9d72fcd09cbf57d22dc45d42699af8cecef6f2c8e4009c9d70b54a9b84e23801ecbb5f7bc484692ca93ae302793b4d2f511c1209bcd33d0703a39b809bda1e00 SHA512 ffb503e8f7ec84ec973e109ae9524e1db2ef5f34d9424c380eed9a85871f07f8c9c798ca358fefd772ff45a72226bb02eebbbf6ab2d56b2442c41ede736f6f5e -DIST boto-2.48.0.tar.gz 1461372 BLAKE2B 0069ddc6def7d8698471bd66a5d8d4b62d49f49138036b3ae6a9655e7b7432af5449f2812e83f2012be2f01e93a61d9608157c9fd4ea0a52f8801e31877a78a7 SHA512 ce8e302b059ef31e81078ef21999b96b8770d2ef0c70358624c8cc6a79b1a43a78e1c206cbcba50eafb9c964c4eda5b9b0b127ea9523dcf7438453b4b2293f9f +DIST boto-2.49.0.tar.gz 1478498 BLAKE2B 6a897ea162f5f4bd34a2d488a3e3897f7f2f5b8707dd0922c01b6a0b90ea577223bf3e588b6685bda1f2bc0e92af426711fcba67a70377183465a530065c6c84 SHA512 2175cf30cd25bbc05812e83e5ade7668c3e21b1bb09aa1b43f0f0ac7d6967a646394fb52c9be673ebb65618c5b33a52d6f31f6da702f5cd1d6c9a18169476dd4 diff --git a/sdk_container/src/third_party/portage-stable/dev-python/boto/boto-2.41.0.ebuild b/sdk_container/src/third_party/portage-stable/dev-python/boto/boto-2.41.0.ebuild deleted file mode 100644 index c3b00d0dbf..0000000000 --- a/sdk_container/src/third_party/portage-stable/dev-python/boto/boto-2.41.0.ebuild +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 - -PYTHON_COMPAT=( python2_7 python3_{4,5,6} ) - -inherit distutils-r1 - -DESCRIPTION="Amazon Web Services API" -HOMEPAGE="https://github.com/boto/boto https://pypi.org/project/boto/" -SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" - -LICENSE="MIT" -SLOT="0" -KEYWORDS="amd64 arm ppc sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos" -IUSE="doc test" - -REQUIRED_USE="doc? ( || ( $(python_gen_useflags 'python2*') ) )" - -DEPEND=" - dev-python/setuptools[${PYTHON_USEDEP}] - test? ( dev-python/nose[${PYTHON_USEDEP}] ) - doc? ( dev-python/sphinx[${PYTHON_USEDEP}] )" - -# requires Amazon Web Services keys to pass some tests -RESTRICT="test" - -pkg_setup() { - use doc && DISTUTILS_ALL_SUBPHASE_IMPLS=( 'python2*' ) -} - -python_test() { - "${PYTHON}" tests/test.py -v || die "Tests fail with ${EPYTHON}" -} - -python_prepare_all() { - # Prevent un-needed d'loading - sed -e "s/, 'sphinx.ext.intersphinx'//" -i docs/source/conf.py || die - distutils-r1_python_prepare_all -} - -python_compile_all() { - if use doc; then - # Appease the doc build and supply a file for _static - # the usual emake -C docs doesn't work under this authorship - cd docs && mkdir source/_static || die - emake html - fi -} - -python_install_all() { - use doc && local HTML_DOCS=( docs/build/html/. ) - distutils-r1_python_install_all -} diff --git a/sdk_container/src/third_party/portage-stable/dev-python/boto/boto-2.48.0.ebuild b/sdk_container/src/third_party/portage-stable/dev-python/boto/boto-2.48.0.ebuild deleted file mode 100644 index 08a852151e..0000000000 --- a/sdk_container/src/third_party/portage-stable/dev-python/boto/boto-2.48.0.ebuild +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -PYTHON_COMPAT=( python2_7 python3_{4,5,6} ) - -inherit distutils-r1 - -DESCRIPTION="Amazon Web Services API" -HOMEPAGE="https://github.com/boto/boto https://pypi.org/project/boto/" -SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" - -LICENSE="MIT" -SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos" -IUSE="doc test" - -REQUIRED_USE="doc? ( || ( $(python_gen_useflags 'python2*') ) )" - -DEPEND=" - dev-python/setuptools[${PYTHON_USEDEP}] - test? ( dev-python/nose[${PYTHON_USEDEP}] ) - doc? ( dev-python/sphinx[${PYTHON_USEDEP}] )" - -# requires Amazon Web Services keys to pass some tests -RESTRICT="test" - -pkg_setup() { - use doc && DISTUTILS_ALL_SUBPHASE_IMPLS=( 'python2*' ) -} - -python_test() { - "${PYTHON}" tests/test.py -v || die "Tests fail with ${EPYTHON}" -} - -python_prepare_all() { - # Prevent un-needed d'loading - sed -e "s/, 'sphinx.ext.intersphinx'//" -i docs/source/conf.py || die - distutils-r1_python_prepare_all -} - -python_compile_all() { - if use doc; then - # Appease the doc build and supply a file for _static - # the usual emake -C docs doesn't work under this authorship - cd docs && mkdir source/_static || die - emake html - fi -} - -python_install_all() { - use doc && local HTML_DOCS=( docs/build/html/. ) - distutils-r1_python_install_all -} diff --git a/sdk_container/src/third_party/portage-stable/dev-python/boto/boto-2.49.0-r4.ebuild b/sdk_container/src/third_party/portage-stable/dev-python/boto/boto-2.49.0-r4.ebuild new file mode 100644 index 0000000000..e9c03a7e7c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-python/boto/boto-2.49.0-r4.ebuild @@ -0,0 +1,60 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +PYTHON_COMPAT=( python3_{7..9} ) +DISTUTILS_USE_SETUPTOOLS=bdepend + +inherit distutils-r1 + +DESCRIPTION="Amazon Web Services API" +HOMEPAGE="https://github.com/boto/boto https://pypi.org/project/boto/" +SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" + +LICENSE="MIT" +SLOT="0" +KEYWORDS="amd64 arm arm64 ppc ~ppc64 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos" + +PATCHES=( + # taken from https://bugs.debian.org/909545 + "${FILESDIR}"/${P}-try-to-add-SNI-support-v3.patch + "${FILESDIR}"/${P}-py38.patch + "${FILESDIR}"/${P}-py3-socket-binary.patch + "${FILESDIR}"/${P}-py3-httplib-strict.patch + "${FILESDIR}"/${P}-py3-server-port.patch + "${FILESDIR}"/${P}-unbundle-six.patch +) + +RDEPEND=">=dev-python/six-1.12.0[${PYTHON_USEDEP}]" + +BDEPEND=" + test? ( + dev-python/httpretty[${PYTHON_USEDEP}] + dev-python/keyring[${PYTHON_USEDEP}] + dev-python/lxml[${PYTHON_USEDEP}] + dev-python/mock[${PYTHON_USEDEP}] + dev-python/paramiko[${PYTHON_USEDEP}] + dev-python/requests[${PYTHON_USEDEP}] + dev-python/rsa[${PYTHON_USEDEP}] + dev-python/selenium[${PYTHON_USEDEP}] + )" + +distutils_enable_tests nose + +src_prepare() { + # remove bundled libs. + rm -f "${S}"/boto/vendored/six.py || die + # broken, not worth fixing + rm tests/unit/cloudfront/test_signed_urls.py || die + # fix tests + mkdir -p "${HOME}"/.ssh || die + : > "${HOME}"/.ssh/known_hosts || die + + distutils-r1_src_prepare +} + +python_test() { + nosetests -v tests/unit || + die "Tests fail with ${EPYTHON}" +} diff --git a/sdk_container/src/third_party/portage-stable/dev-python/boto/files/boto-2.49.0-py3-httplib-strict.patch b/sdk_container/src/third_party/portage-stable/dev-python/boto/files/boto-2.49.0-py3-httplib-strict.patch new file mode 100644 index 0000000000..209b01aa74 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-python/boto/files/boto-2.49.0-py3-httplib-strict.patch @@ -0,0 +1,35 @@ +https://github.com/boto/boto/commit/4f4dcb31fe852c05ce19b44eb9d5b5d747e36f7c +https://github.com/boto/boto/pull/2718 + +From 4f4dcb31fe852c05ce19b44eb9d5b5d747e36f7c Mon Sep 17 00:00:00 2001 +From: Lee Ball <43632885+catleeball@users.noreply.github.com> +Date: Mon, 10 Jun 2019 16:02:53 -0700 +Subject: [PATCH] Remove `strict=True` from http_client (#6) + +In Python 3.4, the `strict` kwarg was removed[1]. We are removing it +here too. + +Alternatively, we can leave in `strict=True` for 2.x, but I chose to +remove it entirely to maintain consistent behavior across versions. + +[1]: https://docs.python.org/3/library/http.client.html +--- + boto/connection.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/boto/connection.py b/boto/connection.py +index c731173bb4eb..54e26fb2de16 100644 +--- a/boto/connection.py ++++ b/boto/connection.py +@@ -807,7 +807,7 @@ class AWSAuthConnection(object): + sock.sendall(six.ensure_binary("\r\n")) + else: + sock.sendall(six.ensure_binary("\r\n")) +- resp = http_client.HTTPResponse(sock, strict=True, debuglevel=self.debug) ++ resp = http_client.HTTPResponse(sock, debuglevel=self.debug) + resp.begin() + + if resp.status != 200: +-- +2.28.0 + diff --git a/sdk_container/src/third_party/portage-stable/dev-python/boto/files/boto-2.49.0-py3-server-port.patch b/sdk_container/src/third_party/portage-stable/dev-python/boto/files/boto-2.49.0-py3-server-port.patch new file mode 100644 index 0000000000..62e3319219 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-python/boto/files/boto-2.49.0-py3-server-port.patch @@ -0,0 +1,42 @@ +https://github.com/boto/boto/commit/b9f6cb0ab717ea76e2780c7fddd1cd36b3bf7d63 + +From b9f6cb0ab717ea76e2780c7fddd1cd36b3bf7d63 Mon Sep 17 00:00:00 2001 +From: Matt Houglum +Date: Fri, 21 Jun 2019 15:09:11 -0700 +Subject: [PATCH] Make server_name() behave correctly for PY3 + +...because Python-2.6-or-newer doesn't just include Python 2.6 and 2.7. +--- + boto/connection.py | 14 +++++--------- + 1 file changed, 5 insertions(+), 9 deletions(-) + +diff --git a/boto/connection.py b/boto/connection.py +index 54e26fb2de16..bbb25d8fb842 100644 +--- a/boto/connection.py ++++ b/boto/connection.py +@@ -650,17 +650,13 @@ class AWSAuthConnection(object): + if port == 80: + signature_host = self.host + else: +- # This unfortunate little hack can be attributed to +- # a difference in the 2.6 version of http_client. In old +- # versions, it would append ":443" to the hostname sent +- # in the Host header and so we needed to make sure we +- # did the same when calculating the V2 signature. In 2.6 +- # (and higher!) +- # it no longer does that. Hence, this kludge. +- if ((ON_APP_ENGINE and sys.version[:3] == '2.5') or +- sys.version[:3] in ('2.6', '2.7')) and port == 443: ++ ver_int = sys.version_info[0] * 10 + sys.version_info[1] ++ if port == 443 and ver_int >= 26: # Py >= 2.6 + signature_host = self.host + else: ++ # In versions < 2.6, Python's http_client would append ":443" ++ # to the hostname sent in the Host header and so we needed to ++ # make sure we did the same when calculating the V2 signature. + signature_host = '%s:%d' % (self.host, port) + return signature_host + +-- +2.28.0 + diff --git a/sdk_container/src/third_party/portage-stable/dev-python/boto/files/boto-2.49.0-py3-socket-binary.patch b/sdk_container/src/third_party/portage-stable/dev-python/boto/files/boto-2.49.0-py3-socket-binary.patch new file mode 100644 index 0000000000..1d109a3f49 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-python/boto/files/boto-2.49.0-py3-socket-binary.patch @@ -0,0 +1,59 @@ +https://github.com/boto/boto/commit/d2cb697b32c297858ecc36701a5a4176818ab36d +https://github.com/boto/boto/pull/2718 +https://github.com/boto/boto/pull/2893 +https://github.com/boto/boto/pull/3699 + +From d2cb697b32c297858ecc36701a5a4176818ab36d Mon Sep 17 00:00:00 2001 +From: Cat Lee Ball +Date: Mon, 10 Jun 2019 13:31:11 -0700 +Subject: [PATCH] Ensure binary strings sent to socket + +When running pre-release tests with proxied connections, it appeared a +few spots in connection.py would fail under Python 3 since the +socket.sendall method expects binary strings rather than unicode. +--- + boto/connection.py | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +diff --git a/boto/connection.py b/boto/connection.py +index a0d89a51f49c..d084d1f881fb 100644 +--- a/boto/connection.py ++++ b/boto/connection.py +@@ -796,17 +796,17 @@ class AWSAuthConnection(object): + else: + sock = socket.create_connection((self.proxy, int(self.proxy_port))) + boto.log.debug("Proxy connection: CONNECT %s HTTP/1.0\r\n", host) +- sock.sendall("CONNECT %s HTTP/1.0\r\n" % host) +- sock.sendall("User-Agent: %s\r\n" % UserAgent) ++ sock.sendall(six.ensure_binary("CONNECT %s HTTP/1.0\r\n" % host)) ++ sock.sendall(six.ensure_binary("User-Agent: %s\r\n" % UserAgent)) + if self.proxy_user and self.proxy_pass: + for k, v in self.get_proxy_auth_header().items(): +- sock.sendall("%s: %s\r\n" % (k, v)) ++ sock.sendall(six.ensure_binary("%s: %s\r\n" % (k, v))) + # See discussion about this config option at + # https://groups.google.com/forum/?fromgroups#!topic/boto-dev/teenFvOq2Cc + if config.getbool('Boto', 'send_crlf_after_proxy_auth_headers', False): +- sock.sendall("\r\n") ++ sock.sendall(six.ensure_binary("\r\n")) + else: +- sock.sendall("\r\n") ++ sock.sendall(six.ensure_binary("\r\n")) + resp = http_client.HTTPResponse(sock, strict=True, debuglevel=self.debug) + resp.begin() + +@@ -814,9 +814,10 @@ class AWSAuthConnection(object): + # Fake a socket error, use a code that make it obvious it hasn't + # been generated by the socket library + raise socket.error(-71, ++ six.ensure_binary( + "Error talking to HTTP proxy %s:%s: %s (%s)" % + (self.proxy, self.proxy_port, +- resp.status, resp.reason)) ++ resp.status, resp.reason))) + + # We can safely close the response, it duped the original socket + resp.close() +-- +2.28.0 + diff --git a/sdk_container/src/third_party/portage-stable/dev-python/boto/files/boto-2.49.0-py38.patch b/sdk_container/src/third_party/portage-stable/dev-python/boto/files/boto-2.49.0-py38.patch new file mode 100644 index 0000000000..0052c6e32e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-python/boto/files/boto-2.49.0-py38.patch @@ -0,0 +1,54 @@ +diff --git a/boto/ecs/item.py b/boto/ecs/item.py +index 79177a31..292b05af 100644 +--- a/boto/ecs/item.py ++++ b/boto/ecs/item.py +@@ -21,7 +21,7 @@ + + + import xml.sax +-import cgi ++import html + from boto.compat import six, StringIO + + class ResponseGroup(xml.sax.ContentHandler): +@@ -67,7 +67,7 @@ class ResponseGroup(xml.sax.ContentHandler): + return None + + def endElement(self, name, value, connection): +- self._xml.write("%s" % (cgi.escape(value).replace("&amp;", "&"), name)) ++ self._xml.write("%s" % (html.escape(value).replace("&amp;", "&"), name)) + if len(self._nodepath) == 0: + return + obj = None +diff --git a/tests/unit/utils/test_utils.py b/tests/unit/utils/test_utils.py +index db15b56d..89d1a524 100644 +--- a/tests/unit/utils/test_utils.py ++++ b/tests/unit/utils/test_utils.py +@@ -85,7 +85,7 @@ class TestPassword(unittest.TestCase): + def hmac_hashfunc(cls, msg): + if not isinstance(msg, bytes): + msg = msg.encode('utf-8') +- return hmac.new(b'mysecretkey', msg) ++ return hmac.new(b'mysecretkey', msg, digestmod='MD5') + + class HMACPassword(Password): + hashfunc = hmac_hashfunc +@@ -95,15 +95,15 @@ class TestPassword(unittest.TestCase): + password.set('foo') + + self.assertEquals(str(password), +- hmac.new(b'mysecretkey', b'foo').hexdigest()) ++ hmac.new(b'mysecretkey', b'foo', digestmod='MD5').hexdigest()) + + def test_constructor(self): +- hmac_hashfunc = lambda msg: hmac.new(b'mysecretkey', msg) ++ hmac_hashfunc = lambda msg: hmac.new(b'mysecretkey', msg, digestmod='MD5') + + password = Password(hashfunc=hmac_hashfunc) + password.set('foo') + self.assertEquals(password.str, +- hmac.new(b'mysecretkey', b'foo').hexdigest()) ++ hmac.new(b'mysecretkey', b'foo', digestmod='MD5').hexdigest()) + + + class TestPythonizeName(unittest.TestCase): diff --git a/sdk_container/src/third_party/portage-stable/dev-python/boto/files/boto-2.49.0-try-to-add-SNI-support-v3.patch b/sdk_container/src/third_party/portage-stable/dev-python/boto/files/boto-2.49.0-try-to-add-SNI-support-v3.patch new file mode 100644 index 0000000000..11d346a219 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-python/boto/files/boto-2.49.0-try-to-add-SNI-support-v3.patch @@ -0,0 +1,104 @@ +From f5e7f6c98b46ff622f60a4661ffc9ce07216d109 Mon Sep 17 00:00:00 2001 +From: Sebastian Andrzej Siewior +Date: Sat, 29 Sep 2018 21:47:11 +0200 +Subject: [PATCH] boto: try to add SNI support + +Add SNI support. Newer OpenSSL (with TLS1.3) fail to connect if the +hostname is missing. + +Link: https://bugs.debian.org/bug=909545 +Tested-by: Witold Baryluk +Signed-off-by: Sebastian Andrzej Siewior +--- + boto/connection.py | 19 ++++++++++--------- + boto/https_connection.py | 22 +++++++++++----------- + 2 files changed, 21 insertions(+), 20 deletions(-) + +diff --git a/boto/connection.py b/boto/connection.py +index 34b428f101df7..b4867a7657465 100644 +--- a/boto/connection.py ++++ b/boto/connection.py +@@ -778,8 +778,10 @@ + + def proxy_ssl(self, host=None, port=None): + if host and port: ++ cert_host = host + host = '%s:%d' % (host, port) + else: ++ cert_host = self.host + host = '%s:%d' % (self.host, self.port) + # Seems properly to use timeout for connect too + timeout = self.http_connection_kwargs.get("timeout") +@@ -824,23 +824,24 @@ DEFAULT_CA_CERTS_FILE = os.path.join(os.path.dirname(os.path.abspath(boto.cacert + h = http_client.HTTPConnection(host) + + if self.https_validate_certificates and HAVE_HTTPS_CONNECTION: ++ context = ssl.create_default_context() ++ context.verify_mode = ssl.CERT_REQUIRED ++ context.check_hostname = True ++ + msg = "wrapping ssl socket for proxied connection; " + if self.ca_certificates_file: + msg += "CA certificate file=%s" % self.ca_certificates_file ++ context.load_verify_locations(cafile=self.ca_certificates_file) + else: + msg += "using system provided SSL certs" ++ context.load_default_certs() + boto.log.debug(msg) + key_file = self.http_connection_kwargs.get('key_file', None) + cert_file = self.http_connection_kwargs.get('cert_file', None) +- sslSock = ssl.wrap_socket(sock, keyfile=key_file, +- certfile=cert_file, +- cert_reqs=ssl.CERT_REQUIRED, +- ca_certs=self.ca_certificates_file) +- cert = sslSock.getpeercert() +- hostname = self.host.split(':', 0)[0] +- if not https_connection.ValidateCertificateHostname(cert, hostname): +- raise https_connection.InvalidCertificateException( +- hostname, cert, 'hostname mismatch') ++ if key_file: ++ context.load_cert_chain(certfile=cert_file, keyfile=key_file) ++ ++ sslSock = context.wrap_socket(sock, server_hostname=cert_host) + else: + # Fallback for old Python without ssl.wrap_socket + if hasattr(http_client, 'ssl'): +diff --git a/boto/https_connection.py b/boto/https_connection.py +index ddc31a152292e..a5076f6f9b261 100644 +--- a/boto/https_connection.py ++++ b/boto/https_connection.py +@@ -119,20 +119,20 @@ from boto.compat import six, http_client + sock = socket.create_connection((self.host, self.port), self.timeout) + else: + sock = socket.create_connection((self.host, self.port)) ++ ++ context = ssl.create_default_context() ++ context.verify_mode = ssl.CERT_REQUIRED ++ context.check_hostname = True ++ if self.key_file: ++ context.load_cert_chain(certfile=self.cert_file, keyfile=self.key_file) ++ + msg = "wrapping ssl socket; " + if self.ca_certs: + msg += "CA certificate file=%s" % self.ca_certs ++ context.load_verify_locations(cafile=self.ca_certs) + else: + msg += "using system provided SSL certs" ++ context.load_default_certs() + boto.log.debug(msg) +- self.sock = ssl.wrap_socket(sock, keyfile=self.key_file, +- certfile=self.cert_file, +- cert_reqs=ssl.CERT_REQUIRED, +- ca_certs=self.ca_certs) +- cert = self.sock.getpeercert() +- hostname = self.host.split(':', 0)[0] +- if not ValidateCertificateHostname(cert, hostname): +- raise InvalidCertificateException(hostname, +- cert, +- 'remote hostname "%s" does not match ' +- 'certificate' % hostname) ++ ++ self.sock = context.wrap_socket(sock, server_hostname=self.host) +-- +2.19.0 + diff --git a/sdk_container/src/third_party/portage-stable/dev-python/boto/files/boto-2.49.0-unbundle-six.patch b/sdk_container/src/third_party/portage-stable/dev-python/boto/files/boto-2.49.0-unbundle-six.patch new file mode 100644 index 0000000000..188dae7eb6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-python/boto/files/boto-2.49.0-unbundle-six.patch @@ -0,0 +1,28 @@ +use the system copy of six + +--- a/boto/compat.py ++++ b/boto/compat.py +@@ -46,16 +46,16 @@ except (AttributeError, ImportError): + # This is probably running on App Engine. + expanduser = (lambda x: x) + +-from boto.vendored import six ++import six + +-from boto.vendored.six import BytesIO, StringIO +-from boto.vendored.six.moves import filter, http_client, map, _thread, \ ++from six import BytesIO, StringIO ++from six.moves import filter, http_client, map, _thread, \ + urllib, zip +-from boto.vendored.six.moves.queue import Queue +-from boto.vendored.six.moves.urllib.parse import parse_qs, quote, unquote, \ ++from six.moves.queue import Queue ++from six.moves.urllib.parse import parse_qs, quote, unquote, \ + urlparse, urlsplit +-from boto.vendored.six.moves.urllib.parse import unquote_plus +-from boto.vendored.six.moves.urllib.request import urlopen ++from six.moves.urllib.parse import unquote_plus ++from six.moves.urllib.request import urlopen + + if six.PY3: + # StandardError was removed, so use the base exception type instead diff --git a/sdk_container/src/third_party/portage-stable/dev-python/boto/metadata.xml b/sdk_container/src/third_party/portage-stable/dev-python/boto/metadata.xml index e630c46734..3ab9e0b0a8 100644 --- a/sdk_container/src/third_party/portage-stable/dev-python/boto/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/dev-python/boto/metadata.xml @@ -1,10 +1,11 @@ - + python@gentoo.org Python + boto boto