aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichał Górny <mgorny@gentoo.org>2019-11-20 22:33:33 +0100
committerMichał Górny <mgorny@gentoo.org>2019-11-20 22:33:33 +0100
commiteeb8c319eb825554607bbb26aea7de6574c4309a (patch)
treea50bc1eb3bf0bd53adc5af726cc5ec81ced7f0de
parentdev-lang/python: add 3.3.5 (diff)
downloadpython-eeb8c319eb825554607bbb26aea7de6574c4309a.tar.gz
python-eeb8c319eb825554607bbb26aea7de6574c4309a.tar.bz2
python-eeb8c319eb825554607bbb26aea7de6574c4309a.zip
dev-lang/python: Import and fix 3.4.10
Signed-off-by: Michał Górny <mgorny@gentoo.org>
-rw-r--r--dev-lang/python/Manifest2
-rw-r--r--dev-lang/python/files/3.4-getentropy-linux.patch40
-rw-r--r--dev-lang/python/files/3.6-disable-nis.patch21
-rw-r--r--dev-lang/python/files/python-3.4.10-openssl11.patch894
-rw-r--r--dev-lang/python/files/python-3.4.3-ncurses-pkg-config.patch13
-rw-r--r--dev-lang/python/files/python-3.4.5-cross.patch11
-rw-r--r--dev-lang/python/files/python-3.5.5-hash-unaligned.patch43
-rw-r--r--dev-lang/python/python-3.4.10.ebuild364
8 files changed, 1388 insertions, 0 deletions
diff --git a/dev-lang/python/Manifest b/dev-lang/python/Manifest
index 38fe597..fe0d951 100644
--- a/dev-lang/python/Manifest
+++ b/dev-lang/python/Manifest
@@ -1,3 +1,5 @@
DIST Python-2.6.9.tar.xz 9333664 SHA256 cae7bb995006ea5b703d9d28446f694894c441fe4bfb95d561c0ac908cd06e41 SHA512 bcd9286b6af3bfa2017f0b32c6c0f9b934224ece496d2d897ab3a61a936d306a5f61a580c060ce501034a614da374d17831a9c9be9f947b01d977b56437c023b WHIRLPOOL 0b9feb710f0c5c8726522465f26ac6fa17e8f87c0e5cda4ef0b130e5d8e213d32aad0143e0ec909c677a7b515ed63ed9e9d50a33890f22068b820a5f15ba47fd
DIST Python-3.2.6.tar.xz 9243292 SHA256 1d12b501819fd26afafbf8459be1aa279b56f032b4c15412de0a713ce0de7bdc SHA512 514b46029dd5b07f2d287a1f00c6716970197186a38e3f2e1ec60c2292cf03a2dc45165ba9c217e5219c7cb6d96a09f790f5b3bdcc8d11db53f927297fe4ddc9 WHIRLPOOL b34f215e0f50123c5b2969e615ffbab99b631433de8f13cbbca525bf57cbc1bb9a159fba02616b3772be9b249be3cec36d6fd1856a678880674b828eb4ab08ed
DIST Python-3.3.5.tar.xz 12116308 SHA256 abe99b484434503d8b23be0f243ec27139e743a4798cd71c1dce3cf40e63b6e5 SHA512 562ebd85291f29ff18d37f05682763fc45aa9d070688006f4ef5c89392a48022357c3ca9ee1d795e9e863bdef413e6bab77b8d65581d374a76dbe7cacec65550 WHIRLPOOL f4b6010d32b28b7bb038cbb7c5f98d325cc4253fd1be9a0a1089ed6fd7dd414c5169931d21ef819137d5c1084517a650828f260cf2a1d8ce871bc67aeef3fff8
+DIST Python-3.4.10.tar.xz 14559088 SHA256 d46a8f6fe91679e199c671b1b0a30aaf172d2acb5bcab25beb35f16c3d195b4e SHA512 d5d27d68049b61f135e21b12a800dbd4fc521d6935de178de6e2e88a989cda511d3c8fead90d14e38d2db0e528a74b22674e0da01c51ff4fad7d335ec6c3dbbc WHIRLPOOL 84608931cd785eddd234d207be2caa273575067d7687a0ed05217e2f2ae410da684fcf5ed65cfa17dd8eda082844bb4067cdcb4a277ceb20845ffa9f3baa6f58
+DIST python-gentoo-patches-3.4.6-0.tar.xz 11728 SHA256 93e7c8487deefc36c612403fb6c82e495c46846a1952f9ed85f82af41840be4a SHA512 41c22dc8f1db8800fc0b97eed2b27bf1873e5de1369bd4aecf7a7a91e609a78e45a4b56fc89d575317f33a7704c0c1cad1494e8a993415a198f256e8338f49ab WHIRLPOOL 851945e7ccea985a88bcbd71bc404bc34c27a0e335386e9ed15fa9876aab3285ff559936fb2dcadf7ac0594a7cb03ac3a9e4135b67b350c5fdf33e9a44ca0654
diff --git a/dev-lang/python/files/3.4-getentropy-linux.patch b/dev-lang/python/files/3.4-getentropy-linux.patch
new file mode 100644
index 0000000..9f12389
--- /dev/null
+++ b/dev-lang/python/files/3.4-getentropy-linux.patch
@@ -0,0 +1,40 @@
+From 5635d44079e1bbd9c495951ede8d078e7b8d67d5 Mon Sep 17 00:00:00 2001
+From: Victor Stinner <victor.stinner@gmail.com>
+Date: Mon, 9 Jan 2017 11:10:41 +0100
+Subject: [PATCH] Don't use getentropy() on Linux
+
+Issue #29188: Support glibc 2.24 on Linux: don't use getentropy() function but
+read from /dev/urandom to get random bytes, for example in os.urandom(). On
+Linux, getentropy() is implemented which getrandom() is blocking mode, whereas
+os.urandom() should not block.
+---
+ Python/random.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/Python/random.c b/Python/random.c
+index af3d0bd0d5..dc6400d3b8 100644
+--- a/Python/random.c
++++ b/Python/random.c
+@@ -67,9 +67,16 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)
+ return 0;
+ }
+
+-/* Issue #25003: Don' use getentropy() on Solaris (available since
+- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */
+-#elif defined(HAVE_GETENTROPY) && !defined(sun)
++/* Issue #25003: Don't use getentropy() on Solaris (available since
++ Solaris 11.3), it is blocking whereas os.urandom() should not block.
++
++ Issue #29188: Don't use getentropy() on Linux since the glibc 2.24
++ implements it with the getrandom() syscall which can fail with ENOSYS,
++ and this error is not supported in py_getentropy() and getrandom() is called
++ with flags=0 which blocks until system urandom is initialized, which is not
++ the desired behaviour to seed the Python hash secret nor for os.urandom():
++ see the PEP 524 which was only implemented in Python 3.6. */
++#elif defined(HAVE_GETENTROPY) && !defined(sun) && !defined(linux)
+ #define PY_GETENTROPY 1
+
+ /* Fill buffer with size pseudo-random bytes generated by getentropy().
+--
+2.15.0.rc2
+
diff --git a/dev-lang/python/files/3.6-disable-nis.patch b/dev-lang/python/files/3.6-disable-nis.patch
new file mode 100644
index 0000000..4e81847
--- /dev/null
+++ b/dev-lang/python/files/3.6-disable-nis.patch
@@ -0,0 +1,21 @@
+--- a/setup.py
++++ b/setup.py
+@@ -1332,17 +1332,7 @@ class PyBuildExt(build_ext):
+ # Jeremy Hylton's rlimit interface
+ exts.append( Extension('resource', ['resource.c']) )
+
+- # Sun yellow pages. Some systems have the functions in libc.
+- if (host_platform not in ['cygwin', 'qnx6'] and
+- find_file('rpcsvc/yp_prot.h', inc_dirs, []) is not None):
+- if (self.compiler.find_library_file(lib_dirs, 'nsl')):
+- libs = ['nsl']
+- else:
+- libs = []
+- exts.append( Extension('nis', ['nismodule.c'],
+- libraries = libs) )
+- else:
+- missing.append('nis')
++ missing.append('nis')
+ else:
+ missing.extend(['nis', 'resource', 'termios'])
+
diff --git a/dev-lang/python/files/python-3.4.10-openssl11.patch b/dev-lang/python/files/python-3.4.10-openssl11.patch
new file mode 100644
index 0000000..f5fe537
--- /dev/null
+++ b/dev-lang/python/files/python-3.4.10-openssl11.patch
@@ -0,0 +1,894 @@
+From 9c7a4d7baebfa84c2fa2deff7417871d96f714f2 Mon Sep 17 00:00:00 2001
+From: Christian Heimes <christian@python.org>
+Date: Mon, 5 Sep 2016 23:19:05 +0200
+Subject: [PATCH] Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.
+
+(rebased for 3.4.10)
+---
+ Lib/ssl.py | 15 ++--
+ Lib/test/test_ssl.py | 27 +++---
+ Modules/_hashopenssl.c | 167 +++++++++++++++++++++++--------------
+ Modules/_ssl.c | 184 +++++++++++++++++++++++++++++++----------
+ 4 files changed, 271 insertions(+), 122 deletions(-)
+
+diff --git a/Lib/ssl.py b/Lib/ssl.py
+index 873aa4798b..359809a020 100644
+--- a/Lib/ssl.py
++++ b/Lib/ssl.py
+@@ -51,6 +51,7 @@ The following constants identify various SSL protocol variants:
+ PROTOCOL_SSLv2
+ PROTOCOL_SSLv3
+ PROTOCOL_SSLv23
++PROTOCOL_TLS
+ PROTOCOL_TLSv1
+ PROTOCOL_TLSv1_1
+ PROTOCOL_TLSv1_2
+@@ -348,13 +349,13 @@ class SSLContext(_SSLContext):
+ __slots__ = ('protocol', '__weakref__')
+ _windows_cert_stores = ("CA", "ROOT")
+
+- def __new__(cls, protocol, *args, **kwargs):
++ def __new__(cls, protocol=PROTOCOL_TLS, *args, **kwargs):
+ self = _SSLContext.__new__(cls, protocol)
+ if protocol != _SSLv2_IF_EXISTS:
+ self.set_ciphers(_DEFAULT_CIPHERS)
+ return self
+
+- def __init__(self, protocol):
++ def __init__(self, protocol=PROTOCOL_TLS):
+ self.protocol = protocol
+
+ def wrap_socket(self, sock, server_side=False,
+@@ -408,7 +409,7 @@ def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None,
+ if not isinstance(purpose, _ASN1Object):
+ raise TypeError(purpose)
+
+- context = SSLContext(PROTOCOL_SSLv23)
++ context = SSLContext(PROTOCOL_TLS)
+
+ # SSLv2 considered harmful.
+ context.options |= OP_NO_SSLv2
+@@ -445,7 +446,7 @@ def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None,
+ context.load_default_certs(purpose)
+ return context
+
+-def _create_unverified_context(protocol=PROTOCOL_SSLv23, *, cert_reqs=None,
++def _create_unverified_context(protocol=PROTOCOL_TLS, *, cert_reqs=None,
+ check_hostname=False, purpose=Purpose.SERVER_AUTH,
+ certfile=None, keyfile=None,
+ cafile=None, capath=None, cadata=None):
+@@ -501,7 +502,7 @@ class SSLSocket(socket):
+
+ def __init__(self, sock=None, keyfile=None, certfile=None,
+ server_side=False, cert_reqs=CERT_NONE,
+- ssl_version=PROTOCOL_SSLv23, ca_certs=None,
++ ssl_version=PROTOCOL_TLS, ca_certs=None,
+ do_handshake_on_connect=True,
+ family=AF_INET, type=SOCK_STREAM, proto=0, fileno=None,
+ suppress_ragged_eofs=True, npn_protocols=None, ciphers=None,
+@@ -883,7 +884,7 @@ class SSLSocket(socket):
+
+ def wrap_socket(sock, keyfile=None, certfile=None,
+ server_side=False, cert_reqs=CERT_NONE,
+- ssl_version=PROTOCOL_SSLv23, ca_certs=None,
++ ssl_version=PROTOCOL_TLS, ca_certs=None,
+ do_handshake_on_connect=True,
+ suppress_ragged_eofs=True,
+ ciphers=None):
+@@ -930,7 +931,7 @@ def PEM_cert_to_DER_cert(pem_cert_string):
+ d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
+ return base64.decodebytes(d.encode('ASCII', 'strict'))
+
+-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
++def get_server_certificate(addr, ssl_version=PROTOCOL_TLS, ca_certs=None):
+ """Retrieve the certificate from the server at the specified address,
+ and return it as a PEM-encoded string.
+ If 'ca_certs' is specified, validate the server cert against it.
+diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
+index e36a309bfa..b663a04aa2 100644
+--- a/Lib/test/test_ssl.py
++++ b/Lib/test/test_ssl.py
+@@ -23,6 +23,9 @@ ssl = support.import_module("ssl")
+
+ PROTOCOLS = sorted(ssl._PROTOCOL_NAMES)
+ HOST = support.HOST
++IS_LIBRESSL = ssl.OPENSSL_VERSION.startswith('LibreSSL')
++IS_OPENSSL_1_1 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0)
++
+
+ def data_file(*name):
+ return os.path.join(os.path.dirname(__file__), *name)
+@@ -318,9 +321,9 @@ class BasicSocketTests(unittest.TestCase):
+ self.assertGreaterEqual(status, 0)
+ self.assertLessEqual(status, 15)
+ # Version string as returned by {Open,Libre}SSL, the format might change
+- if "LibreSSL" in s:
+- self.assertTrue(s.startswith("LibreSSL {:d}.{:d}".format(major, minor)),
+- (s, t))
++ if IS_LIBRESSL:
++ self.assertTrue(s.startswith("LibreSSL {:d}".format(major)),
++ (s, t, hex(n)))
+ else:
+ self.assertTrue(s.startswith("OpenSSL {:d}.{:d}.{:d}".format(major, minor, fix)),
+ (s, t))
+@@ -677,7 +680,8 @@ class ContextTests(unittest.TestCase):
+ def test_constructor(self):
+ for protocol in PROTOCOLS:
+ ssl.SSLContext(protocol)
+- self.assertRaises(TypeError, ssl.SSLContext)
++ ctx = ssl.SSLContext()
++ self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS)
+ self.assertRaises(ValueError, ssl.SSLContext, -1)
+ self.assertRaises(ValueError, ssl.SSLContext, 42)
+
+@@ -698,15 +702,15 @@ class ContextTests(unittest.TestCase):
+ def test_options(self):
+ ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+ # OP_ALL | OP_NO_SSLv2 | OP_NO_SSLv3 is the default value
+- self.assertEqual(ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3,
+- ctx.options)
++ default = (ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3)
++ if not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0):
++ default |= ssl.OP_NO_COMPRESSION
++ self.assertEqual(default, ctx.options)
+ ctx.options |= ssl.OP_NO_TLSv1
+- self.assertEqual(ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1,
+- ctx.options)
++ self.assertEqual(default | ssl.OP_NO_TLSv1, ctx.options)
+ if can_clear_options():
+- ctx.options = (ctx.options & ~ssl.OP_NO_SSLv2) | ssl.OP_NO_TLSv1
+- self.assertEqual(ssl.OP_ALL | ssl.OP_NO_TLSv1 | ssl.OP_NO_SSLv3,
+- ctx.options)
++ ctx.options = (ctx.options & ~ssl.OP_NO_TLSv1)
++ self.assertEqual(default, ctx.options)
+ ctx.options = 0
+ # Ubuntu has OP_NO_SSLv3 forced on by default
+ self.assertEqual(0, ctx.options & ~ssl.OP_NO_SSLv3)
+@@ -1042,6 +1046,7 @@ class ContextTests(unittest.TestCase):
+ self.assertRaises(TypeError, ctx.load_default_certs, 'SERVER_AUTH')
+
+ @unittest.skipIf(sys.platform == "win32", "not-Windows specific")
++ @unittest.skipIf(IS_LIBRESSL, "LibreSSL doesn't support env vars")
+ def test_load_default_certs_env(self):
+ ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+ with support.EnvironmentVarGuard() as env:
+diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
+index 5b0a7be12b..86a8950588 100644
+--- a/Modules/_hashopenssl.c
++++ b/Modules/_hashopenssl.c
+@@ -20,7 +20,6 @@
+
+ /* EVP is the preferred interface to hashing in OpenSSL */
+ #include <openssl/evp.h>
+-#include <openssl/hmac.h>
+ /* We use the object interface to discover what hashes OpenSSL supports. */
+ #include <openssl/objects.h>
+ #include "openssl/err.h"
+@@ -31,15 +30,22 @@
+ #define HASH_OBJ_CONSTRUCTOR 0
+ #endif
+
+-/* Minimum OpenSSL version needed to support sha224 and higher. */
+-#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x00908000)
+-#define _OPENSSL_SUPPORTS_SHA2
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
++/* OpenSSL < 1.1.0 */
++#define EVP_MD_CTX_new EVP_MD_CTX_create
++#define EVP_MD_CTX_free EVP_MD_CTX_destroy
++#define HAS_FAST_PKCS5_PBKDF2_HMAC 0
++#include <openssl/hmac.h>
++#else
++/* OpenSSL >= 1.1.0 */
++#define HAS_FAST_PKCS5_PBKDF2_HMAC 1
+ #endif
+
++
+ typedef struct {
+ PyObject_HEAD
+ PyObject *name; /* name of this hash algorithm */
+- EVP_MD_CTX ctx; /* OpenSSL message digest context */
++ EVP_MD_CTX *ctx; /* OpenSSL message digest context */
+ #ifdef WITH_THREAD
+ PyThread_type_lock lock; /* OpenSSL context lock */
+ #endif
+@@ -51,7 +57,6 @@ static PyTypeObject EVPtype;
+
+ #define DEFINE_CONSTS_FOR_NEW(Name) \
+ static PyObject *CONST_ ## Name ## _name_obj = NULL; \
+- static EVP_MD_CTX CONST_new_ ## Name ## _ctx; \
+ static EVP_MD_CTX *CONST_new_ ## Name ## _ctx_p = NULL;
+
+ DEFINE_CONSTS_FOR_NEW(md5)
+@@ -64,19 +69,57 @@ DEFINE_CONSTS_FOR_NEW(sha512)
+ #endif
+
+
++/* LCOV_EXCL_START */
++static PyObject *
++_setException(PyObject *exc)
++{
++ unsigned long errcode;
++ const char *lib, *func, *reason;
++
++ errcode = ERR_peek_last_error();
++ if (!errcode) {
++ PyErr_SetString(exc, "unknown reasons");
++ return NULL;
++ }
++ ERR_clear_error();
++
++ lib = ERR_lib_error_string(errcode);
++ func = ERR_func_error_string(errcode);
++ reason = ERR_reason_error_string(errcode);
++
++ if (lib && func) {
++ PyErr_Format(exc, "[%s: %s] %s", lib, func, reason);
++ }
++ else if (lib) {
++ PyErr_Format(exc, "[%s] %s", lib, reason);
++ }
++ else {
++ PyErr_SetString(exc, reason);
++ }
++ return NULL;
++}
++/* LCOV_EXCL_STOP */
++
+ static EVPobject *
+ newEVPobject(PyObject *name)
+ {
+ EVPobject *retval = (EVPobject *)PyObject_New(EVPobject, &EVPtype);
++ if (retval == NULL) {
++ return NULL;
++ }
++
++ retval->ctx = EVP_MD_CTX_new();
++ if (retval->ctx == NULL) {
++ PyErr_NoMemory();
++ return NULL;
++ }
+
+ /* save the name for .name to return */
+- if (retval != NULL) {
+- Py_INCREF(name);
+- retval->name = name;
++ Py_INCREF(name);
++ retval->name = name;
+ #ifdef WITH_THREAD
+- retval->lock = NULL;
++ retval->lock = NULL;
+ #endif
+- }
+
+ return retval;
+ }
+@@ -91,7 +134,7 @@ EVP_hash(EVPobject *self, const void *vp, Py_ssize_t len)
+ process = MUNCH_SIZE;
+ else
+ process = Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int);
+- EVP_DigestUpdate(&self->ctx, (const void*)cp, process);
++ EVP_DigestUpdate(self->ctx, (const void*)cp, process);
+ len -= process;
+ cp += process;
+ }
+@@ -106,16 +149,19 @@ EVP_dealloc(EVPobject *self)
+ if (self->lock != NULL)
+ PyThread_free_lock(self->lock);
+ #endif
+- EVP_MD_CTX_cleanup(&self->ctx);
++ EVP_MD_CTX_free(self->ctx);
+ Py_XDECREF(self->name);
+ PyObject_Del(self);
+ }
+
+-static void locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self)
++static int
++locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self)
+ {
++ int result;
+ ENTER_HASHLIB(self);
+- EVP_MD_CTX_copy(new_ctx_p, &self->ctx);
++ result = EVP_MD_CTX_copy(new_ctx_p, self->ctx);
+ LEAVE_HASHLIB(self);
++ return result;
+ }
+
+ /* External methods for a hash object */
+@@ -131,7 +177,9 @@ EVP_copy(EVPobject *self, PyObject *unused)
+ if ( (newobj = newEVPobject(self->name))==NULL)
+ return NULL;
+
+- locked_EVP_MD_CTX_copy(&newobj->ctx, self);
++ if (!locked_EVP_MD_CTX_copy(newobj->ctx, self)) {
++ return _setException(PyExc_ValueError);
++ }
+ return (PyObject *)newobj;
+ }
+
+@@ -142,16 +190,24 @@ static PyObject *
+ EVP_digest(EVPobject *self, PyObject *unused)
+ {
+ unsigned char digest[EVP_MAX_MD_SIZE];
+- EVP_MD_CTX temp_ctx;
++ EVP_MD_CTX *temp_ctx;
+ PyObject *retval;
+ unsigned int digest_size;
+
+- locked_EVP_MD_CTX_copy(&temp_ctx, self);
+- digest_size = EVP_MD_CTX_size(&temp_ctx);
+- EVP_DigestFinal(&temp_ctx, digest, NULL);
++ temp_ctx = EVP_MD_CTX_new();
++ if (temp_ctx == NULL) {
++ PyErr_NoMemory();
++ return NULL;
++ }
++
++ if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) {
++ return _setException(PyExc_ValueError);
++ }
++ digest_size = EVP_MD_CTX_size(temp_ctx);
++ EVP_DigestFinal(temp_ctx, digest, NULL);
+
+ retval = PyBytes_FromStringAndSize((const char *)digest, digest_size);
+- EVP_MD_CTX_cleanup(&temp_ctx);
++ EVP_MD_CTX_free(temp_ctx);
+ return retval;
+ }
+
+@@ -162,17 +218,25 @@ static PyObject *
+ EVP_hexdigest(EVPobject *self, PyObject *unused)
+ {
+ unsigned char digest[EVP_MAX_MD_SIZE];
+- EVP_MD_CTX temp_ctx;
++ EVP_MD_CTX *temp_ctx;
+ PyObject *retval;
+ char *hex_digest;
+ unsigned int i, j, digest_size;
+
++ temp_ctx = EVP_MD_CTX_new();
++ if (temp_ctx == NULL) {
++ PyErr_NoMemory();
++ return NULL;
++ }
++
+ /* Get the raw (binary) digest value */
+- locked_EVP_MD_CTX_copy(&temp_ctx, self);
+- digest_size = EVP_MD_CTX_size(&temp_ctx);
+- EVP_DigestFinal(&temp_ctx, digest, NULL);
++ if (!locked_EVP_MD_CTX_copy(temp_ctx, self)) {
++ return _setException(PyExc_ValueError);
++ }
++ digest_size = EVP_MD_CTX_size(temp_ctx);
++ EVP_DigestFinal(temp_ctx, digest, NULL);
+
+- EVP_MD_CTX_cleanup(&temp_ctx);
++ EVP_MD_CTX_free(temp_ctx);
+
+ /* Allocate a new buffer */
+ hex_digest = PyMem_Malloc(digest_size * 2 + 1);
+@@ -241,7 +305,7 @@ static PyObject *
+ EVP_get_block_size(EVPobject *self, void *closure)
+ {
+ long block_size;
+- block_size = EVP_MD_CTX_block_size(&self->ctx);
++ block_size = EVP_MD_CTX_block_size(self->ctx);
+ return PyLong_FromLong(block_size);
+ }
+
+@@ -249,7 +313,7 @@ static PyObject *
+ EVP_get_digest_size(EVPobject *self, void *closure)
+ {
+ long size;
+- size = EVP_MD_CTX_size(&self->ctx);
++ size = EVP_MD_CTX_size(self->ctx);
+ return PyLong_FromLong(size);
+ }
+
+@@ -310,7 +374,7 @@ EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds)
+ PyBuffer_Release(&view);
+ return -1;
+ }
+- EVP_DigestInit(&self->ctx, digest);
++ EVP_DigestInit(self->ctx, digest);
+
+ self->name = name_obj;
+ Py_INCREF(self->name);
+@@ -407,9 +471,9 @@ EVPnew(PyObject *name_obj,
+ return NULL;
+
+ if (initial_ctx) {
+- EVP_MD_CTX_copy(&self->ctx, initial_ctx);
++ EVP_MD_CTX_copy(self->ctx, initial_ctx);
+ } else {
+- EVP_DigestInit(&self->ctx, digest);
++ EVP_DigestInit(self->ctx, digest);
+ }
+
+ if (cp && len) {
+@@ -475,6 +539,7 @@ EVP_new(PyObject *self, PyObject *args, PyObject *kwdict)
+
+ #define PY_PBKDF2_HMAC 1
+
++#if !HAS_FAST_PKCS5_PBKDF2_HMAC
+ /* Improved implementation of PKCS5_PBKDF2_HMAC()
+ *
+ * PKCS5_PBKDF2_HMAC_fast() hashes the password exactly one time instead of
+@@ -556,37 +621,8 @@ PKCS5_PBKDF2_HMAC_fast(const char *pass, int passlen,
+ HMAC_CTX_cleanup(&hctx_tpl);
+ return 1;
+ }
++#endif
+
+-/* LCOV_EXCL_START */
+-static PyObject *
+-_setException(PyObject *exc)
+-{
+- unsigned long errcode;
+- const char *lib, *func, *reason;
+-
+- errcode = ERR_peek_last_error();
+- if (!errcode) {
+- PyErr_SetString(exc, "unknown reasons");
+- return NULL;
+- }
+- ERR_clear_error();
+-
+- lib = ERR_lib_error_string(errcode);
+- func = ERR_func_error_string(errcode);
+- reason = ERR_reason_error_string(errcode);
+-
+- if (lib && func) {
+- PyErr_Format(exc, "[%s: %s] %s", lib, func, reason);
+- }
+- else if (lib) {
+- PyErr_Format(exc, "[%s] %s", lib, reason);
+- }
+- else {
+- PyErr_SetString(exc, reason);
+- }
+- return NULL;
+-}
+-/* LCOV_EXCL_STOP */
+
+ PyDoc_STRVAR(pbkdf2_hmac__doc__,
+ "pbkdf2_hmac(hash_name, password, salt, iterations, dklen=None) -> key\n\
+@@ -668,10 +704,17 @@ pbkdf2_hmac(PyObject *self, PyObject *args, PyObject *kwdict)
+ key = PyBytes_AS_STRING(key_obj);
+
+ Py_BEGIN_ALLOW_THREADS
++#if HAS_FAST_PKCS5_PBKDF2_HMAC
++ retval = PKCS5_PBKDF2_HMAC((char*)password.buf, (int)password.len,
++ (unsigned char *)salt.buf, (int)salt.len,
++ iterations, digest, dklen,
++ (unsigned char *)key);
++#else
+ retval = PKCS5_PBKDF2_HMAC_fast((char*)password.buf, (int)password.len,
+ (unsigned char *)salt.buf, (int)salt.len,
+ iterations, digest, dklen,
+ (unsigned char *)key);
++#endif
+ Py_END_ALLOW_THREADS
+
+ if (!retval) {
+@@ -790,7 +833,7 @@ generate_hash_name_list(void)
+ if (CONST_ ## NAME ## _name_obj == NULL) { \
+ CONST_ ## NAME ## _name_obj = PyUnicode_FromString(#NAME); \
+ if (EVP_get_digestbyname(#NAME)) { \
+- CONST_new_ ## NAME ## _ctx_p = &CONST_new_ ## NAME ## _ctx; \
++ CONST_new_ ## NAME ## _ctx_p = EVP_MD_CTX_new(); \
+ EVP_DigestInit(CONST_new_ ## NAME ## _ctx_p, EVP_get_digestbyname(#NAME)); \
+ } \
+ } \
+diff --git a/Modules/_ssl.c b/Modules/_ssl.c
+index 0ff9d553e2..512e5f10ce 100644
+--- a/Modules/_ssl.c
++++ b/Modules/_ssl.c
+@@ -55,6 +55,14 @@ static PySocketModule_APIObject PySocketModule;
+ #include <sys/poll.h>
+ #endif
+
++/* Don't warn about deprecated functions */
++#ifdef __GNUC__
++#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
++#endif
++#ifdef __clang__
++#pragma clang diagnostic ignored "-Wdeprecated-declarations"
++#endif
++
+ /* Include OpenSSL header files */
+ #include "openssl/rsa.h"
+ #include "openssl/crypto.h"
+@@ -90,6 +98,10 @@ struct py_ssl_library_code {
+ /* Include generated data (error codes) */
+ #include "_ssl_data.h"
+
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
++# define OPENSSL_VERSION_1_1 1
++#endif
++
+ /* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1
+ http://www.openssl.org/news/changelog.html
+ */
+@@ -108,6 +120,80 @@ struct py_ssl_library_code {
+ # define HAVE_SNI 0
+ #endif
+
++#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
++# define HAVE_ALPN
++#endif
++
++#ifndef INVALID_SOCKET /* MS defines this */
++#define INVALID_SOCKET (-1)
++#endif
++
++#ifdef OPENSSL_VERSION_1_1
++/* OpenSSL 1.1.0+ */
++#ifndef OPENSSL_NO_SSL2
++#define OPENSSL_NO_SSL2
++#endif
++#else /* OpenSSL < 1.1.0 */
++#if defined(WITH_THREAD)
++#define HAVE_OPENSSL_CRYPTO_LOCK
++#endif
++
++#define TLS_method SSLv23_method
++
++static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
++{
++ return ne->set;
++}
++
++#ifndef OPENSSL_NO_COMP
++static int COMP_get_type(const COMP_METHOD *meth)
++{
++ return meth->type;
++}
++
++static const char *COMP_get_name(const COMP_METHOD *meth)
++{
++ return meth->name;
++}
++#endif
++
++static pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
++{
++ return ctx->default_passwd_callback;
++}
++
++static void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
++{
++ return ctx->default_passwd_callback_userdata;
++}
++
++static int X509_OBJECT_get_type(X509_OBJECT *x)
++{
++ return x->type;
++}
++
++static X509 *X509_OBJECT_get0_X509(X509_OBJECT *x)
++{
++ return x->data.x509;
++}
++
++static int BIO_up_ref(BIO *b)
++{
++ CRYPTO_add(&b->references, 1, CRYPTO_LOCK_BIO);
++ return 1;
++}
++
++static STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *store) {
++ return store->objs;
++}
++
++static X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *store)
++{
++ return store->param;
++}
++#endif /* OpenSSL < 1.1.0 or LibreSSL */
++
++
+ enum py_ssl_error {
+ /* these mirror ssl.h */
+ PY_SSL_ERROR_NONE,
+@@ -138,7 +224,7 @@ enum py_ssl_cert_requirements {
+ enum py_ssl_version {
+ PY_SSL_VERSION_SSL2,
+ PY_SSL_VERSION_SSL3=1,
+- PY_SSL_VERSION_SSL23,
++ PY_SSL_VERSION_TLS,
+ #if HAVE_TLSv1_2
+ PY_SSL_VERSION_TLS1,
+ PY_SSL_VERSION_TLS1_1,
+@@ -504,7 +590,7 @@ newPySSLSocket(PySSLContext *sslctx, PySocketSockObject *sock,
+ PySSL_BEGIN_ALLOW_THREADS
+ self->ssl = SSL_new(ctx);
+ PySSL_END_ALLOW_THREADS
+- SSL_set_app_data(self->ssl,self);
++ SSL_set_app_data(self->ssl, self);
+ SSL_set_fd(self->ssl, Py_SAFE_DOWNCAST(sock->sock_fd, SOCKET_T, int));
+ mode = SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER;
+ #ifdef SSL_MODE_AUTO_RETRY
+@@ -691,7 +777,7 @@ _create_tuple_for_X509_NAME (X509_NAME *xname)
+
+ /* check to see if we've gotten to a new RDN */
+ if (rdn_level >= 0) {
+- if (rdn_level != entry->set) {
++ if (rdn_level != X509_NAME_ENTRY_set(entry)) {
+ /* yes, new RDN */
+ /* add old RDN to DN */
+ rdnt = PyList_AsTuple(rdn);
+@@ -708,7 +794,7 @@ _create_tuple_for_X509_NAME (X509_NAME *xname)
+ goto fail0;
+ }
+ }
+- rdn_level = entry->set;
++ rdn_level = X509_NAME_ENTRY_set(entry);
+
+ /* now add this attribute to the current RDN */
+ name = X509_NAME_ENTRY_get_object(entry);
+@@ -811,18 +897,18 @@ _get_peer_alt_names (X509 *certificate) {
+ goto fail;
+ }
+
+- p = ext->value->data;
++ p = X509_EXTENSION_get_data(ext)->data;
+ if (method->it)
+ names = (GENERAL_NAMES*)
+ (ASN1_item_d2i(NULL,
+ &p,
+- ext->value->length,
++ X509_EXTENSION_get_data(ext)->length,
+ ASN1_ITEM_ptr(method->it)));
+ else
+ names = (GENERAL_NAMES*)
+ (method->d2i(NULL,
+ &p,
+- ext->value->length));
++ X509_EXTENSION_get_data(ext)->length));
+
+ for(j = 0; j < sk_GENERAL_NAME_num(names); j++) {
+ /* get a rendering of each name in the set of names */
+@@ -1033,13 +1119,11 @@ _get_crl_dp(X509 *certificate) {
+ int i, j;
+ PyObject *lst, *res = NULL;
+
+-#if OPENSSL_VERSION_NUMBER < 0x10001000L
+- dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL);
+-#else
++#if OPENSSL_VERSION_NUMBER >= 0x10001000L
+ /* Calls x509v3_cache_extensions and sets up crldp */
+ X509_check_ca(certificate);
+- dps = certificate->crldp;
+ #endif
++ dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL);
+
+ if (dps == NULL)
+ return Py_None;
+@@ -1431,9 +1515,9 @@ static PyObject *PySSL_compression(PySSLSocket *self) {
+ if (self->ssl == NULL)
+ Py_RETURN_NONE;
+ comp_method = SSL_get_current_compression(self->ssl);
+- if (comp_method == NULL || comp_method->type == NID_undef)
++ if (comp_method == NULL || COMP_get_type(comp_method) == NID_undef)
+ Py_RETURN_NONE;
+- short_name = OBJ_nid2sn(comp_method->type);
++ short_name = COMP_get_name(comp_method);
+ if (short_name == NULL)
+ Py_RETURN_NONE;
+ return PyUnicode_DecodeFSDefault(short_name);
+@@ -1981,7 +2065,7 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
+ {
+ char *kwlist[] = {"protocol", NULL};
+ PySSLContext *self;
+- int proto_version = PY_SSL_VERSION_SSL23;
++ int proto_version = PY_SSL_VERSION_TLS;
+ long options;
+ SSL_CTX *ctx = NULL;
+
+@@ -2007,8 +2091,8 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
+ else if (proto_version == PY_SSL_VERSION_SSL2)
+ ctx = SSL_CTX_new(SSLv2_method());
+ #endif
+- else if (proto_version == PY_SSL_VERSION_SSL23)
+- ctx = SSL_CTX_new(SSLv23_method());
++ else if (proto_version == PY_SSL_VERSION_TLS)
++ ctx = SSL_CTX_new(TLS_method());
+ else
+ proto_version = -1;
+ PySSL_END_ALLOW_THREADS
+@@ -2051,8 +2135,9 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
+ #ifndef OPENSSL_NO_ECDH
+ /* Allow automatic ECDH curve selection (on OpenSSL 1.0.2+), or use
+ prime256v1 by default. This is Apache mod_ssl's initialization
+- policy, so we should be safe. */
+-#if defined(SSL_CTX_set_ecdh_auto)
++ policy, so we should be safe. OpenSSL 1.1 has it enabled by default.
++ */
++#if defined(SSL_CTX_set_ecdh_auto) && !defined(OPENSSL_VERSION_1_1)
+ SSL_CTX_set_ecdh_auto(self->ctx, 1);
+ #else
+ {
+@@ -2263,10 +2348,12 @@ static PyObject *
+ get_verify_flags(PySSLContext *self, void *c)
+ {
+ X509_STORE *store;
++ X509_VERIFY_PARAM *param;
+ unsigned long flags;
+
+ store = SSL_CTX_get_cert_store(self->ctx);
+- flags = X509_VERIFY_PARAM_get_flags(store->param);
++ param = X509_STORE_get0_param(store);
++ flags = X509_VERIFY_PARAM_get_flags(param);
+ return PyLong_FromUnsignedLong(flags);
+ }
+
+@@ -2274,22 +2361,24 @@ static int
+ set_verify_flags(PySSLContext *self, PyObject *arg, void *c)
+ {
+ X509_STORE *store;
++ X509_VERIFY_PARAM *param;
+ unsigned long new_flags, flags, set, clear;
+
+ if (!PyArg_Parse(arg, "k", &new_flags))
+ return -1;
+ store = SSL_CTX_get_cert_store(self->ctx);
+- flags = X509_VERIFY_PARAM_get_flags(store->param);
++ param = X509_STORE_get0_param(store);
++ flags = X509_VERIFY_PARAM_get_flags(param);
+ clear = flags & ~new_flags;
+ set = ~flags & new_flags;
+ if (clear) {
+- if (!X509_VERIFY_PARAM_clear_flags(store->param, clear)) {
++ if (!X509_VERIFY_PARAM_clear_flags(param, clear)) {
+ _setSSLError(NULL, 0, __FILE__, __LINE__);
+ return -1;
+ }
+ }
+ if (set) {
+- if (!X509_VERIFY_PARAM_set_flags(store->param, set)) {
++ if (!X509_VERIFY_PARAM_set_flags(param, set)) {
+ _setSSLError(NULL, 0, __FILE__, __LINE__);
+ return -1;
+ }
+@@ -2459,8 +2548,8 @@ load_cert_chain(PySSLContext *self, PyObject *args, PyObject *kwds)
+ char *kwlist[] = {"certfile", "keyfile", "password", NULL};
+ PyObject *certfile, *keyfile = NULL, *password = NULL;
+ PyObject *certfile_bytes = NULL, *keyfile_bytes = NULL;
+- pem_password_cb *orig_passwd_cb = self->ctx->default_passwd_callback;
+- void *orig_passwd_userdata = self->ctx->default_passwd_callback_userdata;
++ pem_password_cb *orig_passwd_cb = SSL_CTX_get_default_passwd_cb(self->ctx);
++ void *orig_passwd_userdata = SSL_CTX_get_default_passwd_cb_userdata(self->ctx);
+ _PySSLPasswordInfo pw_info = { NULL, NULL, NULL, 0, 0 };
+ int r;
+
+@@ -2591,8 +2680,9 @@ _add_ca_certs(PySSLContext *self, void *data, Py_ssize_t len,
+ cert = d2i_X509_bio(biobuf, NULL);
+ } else {
+ cert = PEM_read_bio_X509(biobuf, NULL,
+- self->ctx->default_passwd_callback,
+- self->ctx->default_passwd_callback_userdata);
++ SSL_CTX_get_default_passwd_cb(self->ctx),
++ SSL_CTX_get_default_passwd_cb_userdata(self->ctx)
++ );
+ }
+ if (cert == NULL) {
+ break;
+@@ -3040,25 +3130,24 @@ static PyObject *
+ cert_store_stats(PySSLContext *self)
+ {
+ X509_STORE *store;
++ STACK_OF(X509_OBJECT) *objs;
+ X509_OBJECT *obj;
+- int x509 = 0, crl = 0, pkey = 0, ca = 0, i;
++ int x509 = 0, crl = 0, ca = 0, i;
+
+ store = SSL_CTX_get_cert_store(self->ctx);
+- for (i = 0; i < sk_X509_OBJECT_num(store->objs); i++) {
+- obj = sk_X509_OBJECT_value(store->objs, i);
+- switch (obj->type) {
++ objs = X509_STORE_get0_objects(store);
++ for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
++ obj = sk_X509_OBJECT_value(objs, i);
++ switch (X509_OBJECT_get_type(obj)) {
+ case X509_LU_X509:
+ x509++;
+- if (X509_check_ca(obj->data.x509)) {
++ if (X509_check_ca(X509_OBJECT_get0_X509(obj))) {
+ ca++;
+ }
+ break;
+ case X509_LU_CRL:
+ crl++;
+ break;
+- case X509_LU_PKEY:
+- pkey++;
+- break;
+ default:
+ /* Ignore X509_LU_FAIL, X509_LU_RETRY, X509_LU_PKEY.
+ * As far as I can tell they are internal states and never
+@@ -3083,6 +3172,7 @@ get_ca_certs(PySSLContext *self, PyObject *args, PyObject *kwds)
+ {
+ char *kwlist[] = {"binary_form", NULL};
+ X509_STORE *store;
++ STACK_OF(X509_OBJECT) *objs;
+ PyObject *ci = NULL, *rlist = NULL;
+ int i;
+ int binary_mode = 0;
+@@ -3097,17 +3187,18 @@ get_ca_certs(PySSLContext *self, PyObject *args, PyObject *kwds)
+ }
+
+ store = SSL_CTX_get_cert_store(self->ctx);
+- for (i = 0; i < sk_X509_OBJECT_num(store->objs); i++) {
++ objs = X509_STORE_get0_objects(store);
++ for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
+ X509_OBJECT *obj;
+ X509 *cert;
+
+- obj = sk_X509_OBJECT_value(store->objs, i);
+- if (obj->type != X509_LU_X509) {
++ obj = sk_X509_OBJECT_value(objs, i);
++ if (X509_OBJECT_get_type(obj) != X509_LU_X509) {
+ /* not a x509 cert */
+ continue;
+ }
+ /* CA for any purpose */
+- cert = obj->data.x509;
++ cert = X509_OBJECT_get0_X509(obj);
+ if (!X509_check_ca(cert)) {
+ continue;
+ }
+@@ -3780,10 +3871,12 @@ static PyMethodDef PySSL_methods[] = {
+ };
+
+
+-#ifdef WITH_THREAD
++#ifdef HAVE_OPENSSL_CRYPTO_LOCK
+
+ /* an implementation of OpenSSL threading operations in terms
+- of the Python C thread library */
++ * of the Python C thread library
++ * Only used up to 1.0.2. OpenSSL 1.1.0+ has its own locking code.
++ */
+
+ static PyThread_type_lock *_ssl_locks = NULL;
+
+@@ -3864,7 +3957,7 @@ static int _setup_ssl_threads(void) {
+ return 1;
+ }
+
+-#endif /* def HAVE_THREAD */
++#endif /* HAVE_OPENSSL_CRYPTO_LOCK for WITH_THREAD && OpenSSL < 1.1.0 */
+
+ PyDoc_STRVAR(module_doc,
+ "Implementation module for SSL socket operations. See the socket module\n\
+@@ -3931,11 +4024,16 @@ PyInit__ssl(void)
+ SSL_load_error_strings();
+ SSL_library_init();
+ #ifdef WITH_THREAD
++#ifdef HAVE_OPENSSL_CRYPTO_LOCK
+ /* note that this will start threading if not already started */
+ if (!_setup_ssl_threads()) {
+ return NULL;
+ }
++#elif OPENSSL_VERSION_1_1 && defined(OPENSSL_THREADS)
++ /* OpenSSL 1.1.0 builtin thread support is enabled */
++ _ssl_locks_count++;
+ #endif
++#endif /* WITH_THREAD */
+ OpenSSL_add_all_algorithms();
+
+ /* Add symbols to module dict */
+@@ -4079,7 +4177,9 @@ PyInit__ssl(void)
+ PY_SSL_VERSION_SSL3);
+ #endif
+ PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
+- PY_SSL_VERSION_SSL23);
++ PY_SSL_VERSION_TLS);
++ PyModule_AddIntConstant(m, "PROTOCOL_TLS",
++ PY_SSL_VERSION_TLS);
+ PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
+ PY_SSL_VERSION_TLS1);
+ #if HAVE_TLSv1_2
+--
+2.24.0
+
diff --git a/dev-lang/python/files/python-3.4.3-ncurses-pkg-config.patch b/dev-lang/python/files/python-3.4.3-ncurses-pkg-config.patch
new file mode 100644
index 0000000..8bfad11
--- /dev/null
+++ b/dev-lang/python/files/python-3.4.3-ncurses-pkg-config.patch
@@ -0,0 +1,13 @@
+do not hardcode /usr/include paths
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -4402,7 +4402,7 @@ fi
+
+ # first curses header check
+ ac_save_cppflags="$CPPFLAGS"
+-CPPFLAGS="$CPPFLAGS -I/usr/include/ncursesw"
++CPPFLAGS="$CPPFLAGS `$PKG_CONFIG --cflags ncursesw`"
+
+ AC_CHECK_HEADERS(curses.h ncurses.h)
+
diff --git a/dev-lang/python/files/python-3.4.5-cross.patch b/dev-lang/python/files/python-3.4.5-cross.patch
new file mode 100644
index 0000000..7a016ff
--- /dev/null
+++ b/dev-lang/python/files/python-3.4.5-cross.patch
@@ -0,0 +1,11 @@
+--- a/Lib/distutils/command/build_ext.py
++++ b/Lib/distutils/command/build_ext.py
+@@ -729,7 +729,7 @@
+ if sysconfig.get_config_var('Py_ENABLE_SHARED'):
+ pythonlib = 'python{}.{}{}'.format(
+ sys.hexversion >> 24, (sys.hexversion >> 16) & 0xff,
+- sys.abiflags)
++ sysconfig.get_config_var('ABIFLAGS'))
+ return ext.libraries + [pythonlib]
+ else:
+ return ext.libraries
diff --git a/dev-lang/python/files/python-3.5.5-hash-unaligned.patch b/dev-lang/python/files/python-3.5.5-hash-unaligned.patch
new file mode 100644
index 0000000..c418f40
--- /dev/null
+++ b/dev-lang/python/files/python-3.5.5-hash-unaligned.patch
@@ -0,0 +1,43 @@
+The hash implementation casts the input pointer to uint64_t* and directly reads
+from this, which may cause unaligned accesses. Use memcpy() instead so this code
+will not crash with SIGBUS on sparc.
+
+--- a/Python/pyhash.c 2017-11-29 10:21:20.283094068 +0100
++++ b/Python/pyhash.c 2017-11-29 10:24:26.733087813 +0100
+@@ -372,7 +372,7 @@ siphash24(const void *src, Py_ssize_t sr
+ PY_UINT64_T k0 = _le64toh(_Py_HashSecret.siphash.k0);
+ PY_UINT64_T k1 = _le64toh(_Py_HashSecret.siphash.k1);
+ PY_UINT64_T b = (PY_UINT64_T)src_sz << 56;
+- const PY_UINT64_T *in = (PY_UINT64_T*)src;
++ const PY_UINT8_T *in = (PY_UINT8_T*)src;
+
+ PY_UINT64_T v0 = k0 ^ 0x736f6d6570736575ULL;
+ PY_UINT64_T v1 = k1 ^ 0x646f72616e646f6dULL;
+@@ -381,12 +381,14 @@ siphash24(const void *src, Py_ssize_t sr
+
+ PY_UINT64_T t;
+ PY_UINT8_T *pt;
+- PY_UINT8_T *m;
++ const PY_UINT8_T *m;
+
+ while (src_sz >= 8) {
+- PY_UINT64_T mi = _le64toh(*in);
+- in += 1;
+- src_sz -= 8;
++ PY_UINT64_T mi;
++ memcpy(&mi, in, sizeof(mi));
++ mi = _le64toh(mi);
++ in += sizeof(mi);
++ src_sz -= sizeof(mi);
+ v3 ^= mi;
+ DOUBLE_ROUND(v0,v1,v2,v3);
+ v0 ^= mi;
+@@ -394,7 +396,7 @@ siphash24(const void *src, Py_ssize_t sr
+
+ t = 0;
+ pt = (PY_UINT8_T *)&t;
+- m = (PY_UINT8_T *)in;
++ m = in;
+ switch (src_sz) {
+ case 7: pt[6] = m[6];
+ case 6: pt[5] = m[5];
diff --git a/dev-lang/python/python-3.4.10.ebuild b/dev-lang/python/python-3.4.10.ebuild
new file mode 100644
index 0000000..10d6002
--- /dev/null
+++ b/dev-lang/python/python-3.4.10.ebuild
@@ -0,0 +1,364 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+WANT_LIBTOOL="none"
+
+inherit autotools eutils flag-o-matic multilib pax-utils python-utils-r1 toolchain-funcs multiprocessing
+
+MY_P="Python-${PV/_/}"
+PATCHSET_VERSION="3.4.6-0"
+
+DESCRIPTION="An interpreted, interactive, object-oriented programming language"
+HOMEPAGE="https://www.python.org/"
+SRC_URI="https://www.python.org/ftp/python/${PV%_rc*}/${MY_P}.tar.xz
+ https://dev.gentoo.org/~floppym/python/python-gentoo-patches-${PATCHSET_VERSION}.tar.xz"
+
+LICENSE="PSF-2"
+SLOT="3.4/3.4m"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd"
+IUSE="bluetooth build elibc_uclibc examples gdbm hardened ipv6 libressl +ncurses +readline sqlite +ssl +threads tk wininst +xml"
+
+# Do not add a dependency on dev-lang/python to this ebuild.
+# If you need to apply a patch which requires python for bootstrapping, please
+# run the bootstrap code on your dev box and include the results in the
+# patchset. See bug 447752.
+
+RDEPEND="app-arch/bzip2:0=
+ app-arch/xz-utils:0=
+ >=sys-libs/zlib-1.1.3:0=
+ virtual/libffi:=
+ virtual/libintl
+ gdbm? ( sys-libs/gdbm:0=[berkdb] )
+ ncurses? (
+ >=sys-libs/ncurses-5.2:0=
+ readline? ( >=sys-libs/readline-4.1:0= )
+ )
+ sqlite? ( >=dev-db/sqlite-3.3.8:3= )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:0= )
+ )
+ tk? (
+ >=dev-lang/tcl-8.0:0=
+ >=dev-lang/tk-8.0:0=
+ dev-tcltk/blt:0=
+ dev-tcltk/tix
+ )
+ xml? ( >=dev-libs/expat-2.1:0= )
+ !!<sys-apps/sandbox-2.6-r1"
+# bluetooth requires headers from bluez
+DEPEND="${RDEPEND}
+ bluetooth? ( net-wireless/bluez )
+ virtual/pkgconfig
+ >=sys-devel/autoconf-2.65
+ !sys-devel/gcc[libffi(-)]"
+RDEPEND+=" !build? ( app-misc/mime-types )"
+PDEPEND=">=app-eselect/eselect-python-20140125-r1"
+
+S="${WORKDIR}/${MY_P}"
+
+PYVER=${SLOT%/*}
+
+src_prepare() {
+ # Ensure that internal copies of expat, libffi and zlib are not used.
+ rm -fr Modules/expat
+ rm -fr Modules/_ctypes/libffi*
+ rm -fr Modules/zlib
+
+ if tc-is-cross-compiler; then
+ # Invokes BUILDPYTHON, which is built for the host arch
+ local EPATCH_EXCLUDE="*_regenerate_platform-specific_modules.patch"
+ fi
+
+ EPATCH_SUFFIX="patch" epatch "${WORKDIR}/patches"
+ epatch "${FILESDIR}/${PN}-3.4.3-ncurses-pkg-config.patch"
+ epatch "${FILESDIR}/${PN}-3.4.5-cross.patch"
+ epatch "${FILESDIR}/3.4-getentropy-linux.patch"
+ epatch "${FILESDIR}/3.6-disable-nis.patch"
+ epatch "${FILESDIR}/python-3.5.5-hash-unaligned.patch"
+ epatch "${FILESDIR}/python-3.4.10-openssl11.patch"
+
+ epatch_user
+
+ sed -i -e "s:@@GENTOO_LIBDIR@@:$(get_libdir):g" \
+ configure.ac \
+ Lib/distutils/command/install.py \
+ Lib/distutils/sysconfig.py \
+ Lib/site.py \
+ Lib/sysconfig.py \
+ Lib/test/test_site.py \
+ Makefile.pre.in \
+ Modules/Setup.dist \
+ Modules/getpath.c \
+ setup.py || die "sed failed to replace @@GENTOO_LIBDIR@@"
+
+ eautoreconf
+}
+
+src_configure() {
+ local disable
+ # disable automagic bluetooth headers detection
+ use bluetooth || export ac_cv_header_bluetooth_bluetooth_h=no
+ use gdbm || disable+=" gdbm"
+ use ncurses || disable+=" _curses _curses_panel"
+ use readline || disable+=" readline"
+ use sqlite || disable+=" _sqlite3"
+ use ssl || export PYTHON_DISABLE_SSL="1"
+ use tk || disable+=" _tkinter"
+ use xml || disable+=" _elementtree pyexpat" # _elementtree uses pyexpat.
+ export PYTHON_DISABLE_MODULES="${disable}"
+
+ if ! use xml; then
+ ewarn "You have configured Python without XML support."
+ ewarn "This is NOT a recommended configuration as you"
+ ewarn "may face problems parsing any XML documents."
+ fi
+
+ if [[ -n "${PYTHON_DISABLE_MODULES}" ]]; then
+ einfo "Disabled modules: ${PYTHON_DISABLE_MODULES}"
+ fi
+
+ if [[ "$(gcc-major-version)" -ge 4 ]]; then
+ append-flags -fwrapv
+ fi
+
+ filter-flags -malign-double
+
+ # https://bugs.gentoo.org/show_bug.cgi?id=50309
+ if is-flagq -O3; then
+ is-flagq -fstack-protector-all && replace-flags -O3 -O2
+ use hardened && replace-flags -O3 -O2
+ fi
+
+ # Export CXX so it ends up in /usr/lib/python3.X/config/Makefile.
+ tc-export CXX
+
+ # The configure script fails to use pkg-config correctly.
+ # http://bugs.python.org/issue15506
+ export ac_cv_path_PKG_CONFIG=$(tc-getPKG_CONFIG)
+
+ # Set LDFLAGS so we link modules with -lpython3.2 correctly.
+ # Needed on FreeBSD unless Python 3.2 is already installed.
+ # Please query BSD team before removing this!
+ append-ldflags "-L."
+
+ local dbmliborder
+ if use gdbm; then
+ dbmliborder+="${dbmliborder:+:}gdbm"
+ fi
+
+ BUILD_DIR="${WORKDIR}/${CHOST}"
+ mkdir -p "${BUILD_DIR}" || die
+ cd "${BUILD_DIR}" || die
+
+ ECONF_SOURCE="${S}" OPT="" \
+ econf \
+ --with-fpectl \
+ --enable-shared \
+ $(use_enable ipv6) \
+ $(use_with threads) \
+ --infodir='${prefix}/share/info' \
+ --mandir='${prefix}/share/man' \
+ --with-computed-gotos \
+ --with-dbmliborder="${dbmliborder}" \
+ --with-libc="" \
+ --enable-loadable-sqlite-extensions \
+ --with-system-expat \
+ --with-system-ffi \
+ --without-ensurepip
+
+ if use threads && grep -q "#define POSIX_SEMAPHORES_NOT_ENABLED 1" pyconfig.h; then
+ eerror "configure has detected that the sem_open function is broken."
+ eerror "Please ensure that /dev/shm is mounted as a tmpfs with mode 1777."
+ die "Broken sem_open function (bug 496328)"
+ fi
+}
+
+src_compile() {
+ # Ensure sed works as expected
+ # https://bugs.gentoo.org/594768
+ local -x LC_ALL=C
+
+ # Avoid invoking pgen for cross-compiles.
+ touch Include/graminit.h Python/graminit.c || die
+
+ cd "${BUILD_DIR}" || die
+
+ emake CPPFLAGS= CFLAGS= LDFLAGS=
+
+ # Work around bug 329499. See also bug 413751 and 457194.
+ if has_version dev-libs/libffi[pax_kernel]; then
+ pax-mark E python
+ else
+ pax-mark m python
+ fi
+}
+
+src_test() {
+ # Tests will not work when cross compiling.
+ if tc-is-cross-compiler; then
+ elog "Disabling tests due to crosscompiling."
+ return
+ fi
+
+ cd "${BUILD_DIR}" || die
+
+ # Skip failing tests.
+ local skipped_tests="gdb"
+
+ for test in ${skipped_tests}; do
+ mv "${S}"/Lib/test/test_${test}.py "${T}"
+ done
+
+ local -x PYTHONDONTWRITEBYTECODE=
+ emake test EXTRATESTOPTS="-u-network" CPPFLAGS= CFLAGS= LDFLAGS= < /dev/tty
+ local result=$?
+
+ for test in ${skipped_tests}; do
+ mv "${T}/test_${test}.py" "${S}"/Lib/test
+ done
+
+ elog "The following tests have been skipped:"
+ for test in ${skipped_tests}; do
+ elog "test_${test}.py"
+ done
+
+ elog "If you would like to run them, you may:"
+ elog "cd '${EPREFIX}/usr/$(get_libdir)/python${PYVER}/test'"
+ elog "and run the tests separately."
+
+ if [[ ${result} -ne 0 ]]; then
+ die "emake test failed"
+ fi
+}
+
+src_install() {
+ local libdir=${ED}/usr/$(get_libdir)/python${PYVER}
+
+ cd "${BUILD_DIR}" || die
+
+ emake DESTDIR="${D}" altinstall
+
+ sed \
+ -e "s/\(CONFIGURE_LDFLAGS=\).*/\1/" \
+ -e "s/\(PY_LDFLAGS=\).*/\1/" \
+ -i "${libdir}/config-${PYVER}"*/Makefile || die "sed failed"
+
+ # Fix collisions between different slots of Python.
+ rm -f "${ED}usr/$(get_libdir)/libpython3.so"
+
+ # Cheap hack to get version with ABIFLAGS
+ local abiver=$(cd "${ED}usr/include"; echo python*)
+ if [[ ${abiver} != python${PYVER} ]]; then
+ # Replace python3.X with a symlink to python3.Xm
+ rm "${ED}usr/bin/python${PYVER}" || die
+ dosym "${abiver}" "/usr/bin/python${PYVER}"
+ # Create python3.X-config symlink
+ dosym "${abiver}-config" "/usr/bin/python${PYVER}-config"
+ # Create python-3.5m.pc symlink
+ dosym "python-${PYVER}.pc" "/usr/$(get_libdir)/pkgconfig/${abiver/${PYVER}/-${PYVER}}.pc"
+ fi
+
+ use elibc_uclibc && rm -fr "${libdir}/test"
+ use sqlite || rm -fr "${libdir}/"{sqlite3,test/test_sqlite*}
+ use tk || rm -fr "${ED}usr/bin/idle${PYVER}" "${libdir}/"{idlelib,tkinter,test/test_tk*}
+
+ use threads || rm -fr "${libdir}/multiprocessing"
+ use wininst || rm -f "${libdir}/distutils/command/"wininst-*.exe
+
+ dodoc "${S}"/Misc/{ACKS,HISTORY,NEWS}
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ find "${S}"/Tools -name __pycache__ -print0 | xargs -0 rm -fr
+ doins -r "${S}"/Tools
+ fi
+ insinto /usr/share/gdb/auto-load/usr/$(get_libdir) #443510
+ local libname=$(printf 'e:\n\t@echo $(INSTSONAME)\ninclude Makefile\n' | \
+ emake --no-print-directory -s -f - 2>/dev/null)
+ newins "${S}"/Tools/gdb/libpython.py "${libname}"-gdb.py
+
+ newconfd "${FILESDIR}/pydoc.conf" pydoc-${PYVER}
+ newinitd "${FILESDIR}/pydoc.init" pydoc-${PYVER}
+ sed \
+ -e "s:@PYDOC_PORT_VARIABLE@:PYDOC${PYVER/./_}_PORT:" \
+ -e "s:@PYDOC@:pydoc${PYVER}:" \
+ -i "${ED}etc/conf.d/pydoc-${PYVER}" "${ED}etc/init.d/pydoc-${PYVER}" || die "sed failed"
+
+ # for python-exec
+ local vars=( EPYTHON PYTHON_SITEDIR PYTHON_SCRIPTDIR )
+
+ # if not using a cross-compiler, use the fresh binary
+ if ! tc-is-cross-compiler; then
+ local -x PYTHON=./python
+ local -x LD_LIBRARY_PATH=${LD_LIBRARY_PATH+${LD_LIBRARY_PATH}:}${PWD}
+ else
+ vars=( PYTHON "${vars[@]}" )
+ fi
+
+ python_export "python${PYVER}" "${vars[@]}"
+ echo "EPYTHON='${EPYTHON}'" > epython.py || die
+ python_domodule epython.py
+
+ # python-exec wrapping support
+ local pymajor=${PYVER%.*}
+ mkdir -p "${D}${PYTHON_SCRIPTDIR}" || die
+ # python and pythonX
+ ln -s "../../../bin/${abiver}" \
+ "${D}${PYTHON_SCRIPTDIR}/python${pymajor}" || die
+ ln -s "python${pymajor}" \
+ "${D}${PYTHON_SCRIPTDIR}/python" || die
+ # python-config and pythonX-config
+ # note: we need to create a wrapper rather than symlinking it due
+ # to some random dirname(argv[0]) magic performed by python-config
+ cat > "${D}${PYTHON_SCRIPTDIR}/python${pymajor}-config" <<-EOF || die
+ #!/bin/sh
+ exec "${abiver}-config" "\${@}"
+ EOF
+ chmod +x "${D}${PYTHON_SCRIPTDIR}/python${pymajor}-config" || die
+ ln -s "python${pymajor}-config" \
+ "${D}${PYTHON_SCRIPTDIR}/python-config" || die
+ # 2to3, pydoc, pyvenv
+ ln -s "../../../bin/2to3-${PYVER}" \
+ "${D}${PYTHON_SCRIPTDIR}/2to3" || die
+ ln -s "../../../bin/pydoc${PYVER}" \
+ "${D}${PYTHON_SCRIPTDIR}/pydoc" || die
+ ln -s "../../../bin/pyvenv-${PYVER}" \
+ "${D}${PYTHON_SCRIPTDIR}/pyvenv" || die
+ # idle
+ if use tk; then
+ ln -s "../../../bin/idle${PYVER}" \
+ "${D}${PYTHON_SCRIPTDIR}/idle" || die
+ fi
+}
+
+pkg_preinst() {
+ if has_version "<${CATEGORY}/${PN}-${PYVER}" && ! has_version ">=${CATEGORY}/${PN}-${PYVER}_alpha"; then
+ python_updater_warning="1"
+ fi
+}
+
+eselect_python_update() {
+ if [[ -z "$(eselect python show)" || ! -f "${EROOT}usr/bin/$(eselect python show)" ]]; then
+ eselect python update
+ fi
+
+ if [[ -z "$(eselect python show --python${PV%%.*})" || ! -f "${EROOT}usr/bin/$(eselect python show --python${PV%%.*})" ]]; then
+ eselect python update --python${PV%%.*}
+ fi
+}
+
+pkg_postinst() {
+ eselect_python_update
+
+ if [[ "${python_updater_warning}" == "1" ]]; then
+ ewarn "You have just upgraded from an older version of Python."
+ ewarn
+ ewarn "Please adjust PYTHON_TARGETS (if so desired), and run emerge with the --newuse or --changed-use option to rebuild packages installing python modules."
+ fi
+}
+
+pkg_postrm() {
+ eselect_python_update
+}