lang/python27: sync with upstream

Taken from: HardenedBSD

lang/python27/Makefile

@@ -2,7 +2,6 @@
 
 PORTNAME=	python
 PORTVERSION=	${PYTHON_PORTVERSION}
-PORTREVISION=	1
 CATEGORIES=	lang python ipv6
 MASTER_SITES=	PYTHON/ftp/python/${PORTVERSION}
 PKGNAMESUFFIX=	27

lang/python27/Makefile.version

@@ -1,4 +1,4 @@
 # Mk/Uses/python.mk includes this file, don't remove it!
 # $FreeBSD$
 
-PYTHON_PORTVERSION=	2.7.14
+PYTHON_PORTVERSION=	2.7.15

lang/python27/distinfo

@@ -1,3 +1,3 @@
-TIMESTAMP = 1505677472
-SHA256 (python/Python-2.7.14.tar.xz) = 71ffb26e09e78650e424929b2b457b9c912ac216576e6bd9e7d204ed03296a66
-SIZE (python/Python-2.7.14.tar.xz) = 12576112
+TIMESTAMP = 1525598061
+SHA256 (python/Python-2.7.15.tar.xz) = 22d9b1ac5b26135ad2b8c2901a9413537e08749a753356ee913c84dbd2df5574
+SIZE (python/Python-2.7.15.tar.xz) = 12642436

lang/python27/files/patch-issue30622

@@ -1,128 +0,0 @@
-From b2d096bd2a5ff86e53c25d00ee5fa097b36bf1d8 Mon Sep 17 00:00:00 2001
-From: Melvyn Sopacua <melvyn-sopacua@users.noreply.github.com>
-Date: Mon, 4 Sep 2017 23:35:15 +0200
-Subject: [PATCH] bpo-30622: Change NPN detection: (#2079)
-
-* Change NPN detection:
-
-Version breakdown, support disabled (pre-patch/post-patch):
-- pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False
-- 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will not be defined ->
-False/False
-- 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and
-OPENSSL_NO_NEXTPROTONEG will be defined -> True/False
-
-Version breakdown support enabled (pre-patch/post-patch):
-- pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False
-- 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will be defined and
-OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True
-- 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and
-OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True
-
-* Refine NPN guard:
-
-- If NPN is disabled, but ALPN is available we need our callback
-- Make clinic's ssl behave the same way
-
-This created a working ssl module for me, with NPN disabled and ALPN
-enabled for OpenSSL 1.1.0f.
-
-Concerns to address:
-The initial commit for NPN support into OpenSSL [1], had the
-OPENSSL_NPN_* variables defined inside the OPENSSL_NO_NEXTPROTONEG
-guard. The question is if that ever made it into a release.
-This would need an ugly hack, something like:
-
-	#if defined(OPENSSL_NO_NEXTPROTONEG) && \
-		!defined(OPENSSL_NPN_NEGOTIATED)
-	#	define OPENSSL_NPN_UNSUPPORTED 0
-	#	define OPENSSL_NPN_NEGOTIATED 1
-	#	define OPENSSL_NPN_NO_OVERLAP 2
-	#endif
-
-[1] https://github.com/openssl/openssl/commit/68b33cc5c7
-
---- Modules/_ssl.c.orig	2017-09-16 17:38:35 UTC
-+++ Modules/_ssl.c
-@@ -280,7 +280,7 @@ static unsigned int _ssl_locks_count = 0
- typedef struct {
-     PyObject_HEAD
-     SSL_CTX *ctx;
--#ifdef OPENSSL_NPN_NEGOTIATED
-+#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
-     unsigned char *npn_protocols;
-     int npn_protocols_len;
- #endif
-@@ -1502,7 +1502,7 @@ static PyObject *PySSL_version(PySSLSock
-     return PyUnicode_FromString(version);
- }
- 
--#ifdef OPENSSL_NPN_NEGOTIATED
-+#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
- static PyObject *PySSL_selected_npn_protocol(PySSLSocket *self) {
-     const unsigned char *out;
-     unsigned int outlen;
-@@ -2030,7 +2030,7 @@ static PyMethodDef PySSLMethods[] = {
-      PySSL_peercert_doc},
-     {"cipher", (PyCFunction)PySSL_cipher, METH_NOARGS},
-     {"version", (PyCFunction)PySSL_version, METH_NOARGS},
--#ifdef OPENSSL_NPN_NEGOTIATED
-+#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
-     {"selected_npn_protocol", (PyCFunction)PySSL_selected_npn_protocol, METH_NOARGS},
- #endif
- #ifdef HAVE_ALPN
-@@ -2140,7 +2140,7 @@ context_new(PyTypeObject *type, PyObject
-         return NULL;
-     }
-     self->ctx = ctx;
--#ifdef OPENSSL_NPN_NEGOTIATED
-+#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
-     self->npn_protocols = NULL;
- #endif
- #ifdef HAVE_ALPN
-@@ -2216,7 +2216,7 @@ context_dealloc(PySSLContext *self)
- {
-     context_clear(self);
-     SSL_CTX_free(self->ctx);
--#ifdef OPENSSL_NPN_NEGOTIATED
-+#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
-     PyMem_FREE(self->npn_protocols);
- #endif
- #ifdef HAVE_ALPN
-@@ -2246,7 +2246,7 @@ set_ciphers(PySSLContext *self, PyObject
-     Py_RETURN_NONE;
- }
- 
--#ifdef OPENSSL_NPN_NEGOTIATED
-+#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) || defined(HAVE_ALPN)
- static int
- do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen,
-                       const unsigned char *server_protocols, unsigned int server_protocols_len,
-@@ -2270,7 +2270,9 @@ do_protocol_selection(int alpn, unsigned
- 
-     return SSL_TLSEXT_ERR_OK;
- }
-+#endif
- 
-+#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
- /* this callback gets passed to SSL_CTX_set_next_protos_advertise_cb */
- static int
- _advertiseNPN_cb(SSL *s,
-@@ -2305,7 +2307,7 @@ _selectNPN_cb(SSL *s,
- static PyObject *
- _set_npn_protocols(PySSLContext *self, PyObject *args)
- {
--#ifdef OPENSSL_NPN_NEGOTIATED
-+#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
-     Py_buffer protos;
- 
-     if (!PyArg_ParseTuple(args, "s*:set_npn_protocols", &protos))
-@@ -4303,7 +4305,7 @@ init_ssl(void)
-     Py_INCREF(r);
-     PyModule_AddObject(m, "HAS_ECDH", r);
- 
--#ifdef OPENSSL_NPN_NEGOTIATED
-+#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
-     r = Py_True;
- #else
-     r = Py_False;

lang/python27/files/patch-issue33127

@@ -1,83 +0,0 @@
-From edd541897b9c28ee0d0f0131746aa5f19665a104 Mon Sep 17 00:00:00 2001
-From: Christian Heimes <christian@python.org>
-Date: Sat, 24 Mar 2018 19:34:15 +0100
-Subject: [PATCH] [2.7] bpo-33127: Compatibility patch for LibreSSL 2.7.0
- (GH-6210) (GH-6215)
-
-LibreSSL 2.7 introduced OpenSSL 1.1.0 API. The ssl module now detects
-LibreSSL 2.7 and only provides API shims for OpenSSL < 1.1.0 and
-LibreSSL < 2.7.
-
-Documentation updates and fixes for failing tests will be provided in
-another patch set.
-
-Signed-off-by: Christian Heimes <christian@python.org>.
-(cherry picked from commit 4ca0739c9d97ac7cd45499e0d31be68dc659d0e1)
-
-Co-authored-by: Christian Heimes <christian@python.org>
----
- .../2018-03-24-15-08-24.bpo-33127.olJmHv.rst       |  1 +
- Modules/_ssl.c                                     | 24 ++++++++++++++--------
- Tools/ssl/multissltests.py                         |  3 ++-
- 3 files changed, 19 insertions(+), 9 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst
-
-diff --git a/Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst b/Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst
-new file mode 100644
-index 000000000000..635aabbde031
---- /dev/null
-+++ Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst
-@@ -0,0 +1 @@
-+The ssl module now compiles with LibreSSL 2.7.1.
-diff --git a/Modules/_ssl.c b/Modules/_ssl.c
-index da8b20f54f35..d0ce913d3d89 100644
---- Modules/_ssl.c.orig
-+++ Modules/_ssl.c
-@@ -102,6 +102,12 @@ struct py_ssl_library_code {
- 
- #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
- #  define OPENSSL_VERSION_1_1 1
-+#  define PY_OPENSSL_1_1_API 1
-+#endif
-+
-+/* LibreSSL 2.7.0 provides necessary OpenSSL 1.1.0 APIs */
-+#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL
-+#  define PY_OPENSSL_1_1_API 1
- #endif
- 
- /* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1
-@@ -149,16 +155,18 @@ struct py_ssl_library_code {
- #define INVALID_SOCKET (-1)
- #endif
- 
--#ifdef OPENSSL_VERSION_1_1
--/* OpenSSL 1.1.0+ */
--#ifndef OPENSSL_NO_SSL2
--#define OPENSSL_NO_SSL2
--#endif
--#else /* OpenSSL < 1.1.0 */
--#if defined(WITH_THREAD)
-+/* OpenSSL 1.0.2 and LibreSSL needs extra code for locking */
-+#if !defined(OPENSSL_VERSION_1_1) && defined(WITH_THREAD)
- #define HAVE_OPENSSL_CRYPTO_LOCK
- #endif
- 
-+#if defined(OPENSSL_VERSION_1_1) && !defined(OPENSSL_NO_SSL2)
-+#define OPENSSL_NO_SSL2
-+#endif
-+
-+#ifndef PY_OPENSSL_1_1_API
-+/* OpenSSL 1.1 API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7.0 */
-+
- #define TLS_method SSLv23_method
- 
- static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
-@@ -201,7 +209,7 @@ static X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *store)
- {
-     return store->param;
- }
--#endif /* OpenSSL < 1.1.0 or LibreSSL */
-+#endif /* OpenSSL < 1.1.0 or LibreSSL < 2.7.0 */
- 
- 
- enum py_ssl_error {

lang/python27/pkg-plist

@@ -1436,8 +1436,8 @@ lib/python2.7/ensurepip/__init__.pyo
 lib/python2.7/ensurepip/__main__.py
 lib/python2.7/ensurepip/__main__.pyc
 lib/python2.7/ensurepip/__main__.pyo
-lib/python2.7/ensurepip/_bundled/pip-9.0.1-py2.py3-none-any.whl
-lib/python2.7/ensurepip/_bundled/setuptools-28.8.0-py2.py3-none-any.whl
+lib/python2.7/ensurepip/_bundled/pip-9.0.3-py2.py3-none-any.whl
+lib/python2.7/ensurepip/_bundled/setuptools-39.0.1-py2.py3-none-any.whl
 lib/python2.7/ensurepip/_uninstall.py
 lib/python2.7/ensurepip/_uninstall.pyc
 lib/python2.7/ensurepip/_uninstall.pyo
@@ -3038,7 +3038,6 @@ lib/python2.7/test/seq_tests.py
 lib/python2.7/test/seq_tests.pyc
 lib/python2.7/test/seq_tests.pyo
 lib/python2.7/test/sgml_input.html
-lib/python2.7/test/sha256.pem
 lib/python2.7/test/sortperf.py
 lib/python2.7/test/sortperf.pyc
 lib/python2.7/test/sortperf.pyo
@@ -4322,6 +4321,7 @@ lib/python2.7/test/win_console_handler.py
 lib/python2.7/test/win_console_handler.pyc
 lib/python2.7/test/win_console_handler.pyo
 lib/python2.7/test/wrongcert.pem
+lib/python2.7/test/xmltestdata/expat224_utf8_bug.xml
 lib/python2.7/test/xmltestdata/simple-ns.xml
 lib/python2.7/test/xmltestdata/simple.xml
 lib/python2.7/test/xmltestdata/test.xml