Add bpo43920-fix-load_verify_locations-errmsgs.patch
(from gh#python/cpython!25554) Making load_verify_locations(cadata) error message consistent.
This commit is contained in:
parent
4812bf97a2
commit
75bc4cb3a1
@ -25,13 +25,15 @@ Signed-off-by: Christian Heimes <christian@python.org>
|
||||
Lib/test/test_ssl.py | 26 +
|
||||
Misc/NEWS.d/next/Library/2021-03-16-22-37-32.bpo-43522.dhNwOu.rst | 1
|
||||
Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst | 2
|
||||
Modules/_ssl.c | 41 +
|
||||
17 files changed, 878 insertions(+), 539 deletions(-)
|
||||
Modules/_ssl.c | 40 +
|
||||
17 files changed, 877 insertions(+), 539 deletions(-)
|
||||
create mode 100644 Lib/test/nosan.pem
|
||||
create mode 100644 Misc/NEWS.d/next/Library/2021-03-16-22-37-32.bpo-43522.dhNwOu.rst
|
||||
|
||||
--- a/Lib/ssl.py
|
||||
+++ b/Lib/ssl.py
|
||||
Index: Python-3.6.15/Lib/ssl.py
|
||||
===================================================================
|
||||
--- Python-3.6.15.orig/Lib/ssl.py
|
||||
+++ Python-3.6.15/Lib/ssl.py
|
||||
@@ -173,6 +173,7 @@ if _ssl.HAS_TLS_UNIQUE:
|
||||
else:
|
||||
CHANNEL_BINDING_TYPES = []
|
||||
@ -64,8 +66,10 @@ Signed-off-by: Christian Heimes <christian@python.org>
|
||||
@property
|
||||
def verify_flags(self):
|
||||
return VerifyFlags(super().verify_flags)
|
||||
--- a/Lib/test/allsans.pem
|
||||
+++ b/Lib/test/allsans.pem
|
||||
Index: Python-3.6.15/Lib/test/allsans.pem
|
||||
===================================================================
|
||||
--- Python-3.6.15.orig/Lib/test/allsans.pem
|
||||
+++ Python-3.6.15/Lib/test/allsans.pem
|
||||
@@ -1,81 +1,170 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
-MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQCg/pM6dP7BTFNc
|
||||
@ -314,8 +318,10 @@ Signed-off-by: Christian Heimes <christian@python.org>
|
||||
+hDj7K/vq3YjoncGbZ4c9eXs9fmEfcDy3yEwXpQyjKMerSBEU95h62k77kXaJCqbG
|
||||
+cuCW2fGA6miQN1zGacfXvMfRrlupElnG5GxhqYu6UbMT
|
||||
-----END CERTIFICATE-----
|
||||
--- a/Lib/test/capath/b1930218.0
|
||||
+++ b/Lib/test/capath/b1930218.0
|
||||
Index: Python-3.6.15/Lib/test/capath/b1930218.0
|
||||
===================================================================
|
||||
--- Python-3.6.15.orig/Lib/test/capath/b1930218.0
|
||||
+++ Python-3.6.15/Lib/test/capath/b1930218.0
|
||||
@@ -1,26 +1,26 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEbTCCAtWgAwIBAgIJAMstgJlaaVJbMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNV
|
||||
@ -363,8 +369,10 @@ Signed-off-by: Christian Heimes <christian@python.org>
|
||||
+Dp0K+qtbNfuIkXdMjYydqc/8q8LmWgV7fgRuOc+Tzmc7esuvtjbh+3FkRdSm8M7v
|
||||
+dQSZaZrliAoQAnSJ7HWERIBI38H36TfOzpKSXIkiCHMf
|
||||
-----END CERTIFICATE-----
|
||||
--- a/Lib/test/capath/ceff1710.0
|
||||
+++ b/Lib/test/capath/ceff1710.0
|
||||
Index: Python-3.6.15/Lib/test/capath/ceff1710.0
|
||||
===================================================================
|
||||
--- Python-3.6.15.orig/Lib/test/capath/ceff1710.0
|
||||
+++ Python-3.6.15/Lib/test/capath/ceff1710.0
|
||||
@@ -1,26 +1,26 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEbTCCAtWgAwIBAgIJAMstgJlaaVJbMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNV
|
||||
@ -412,8 +420,10 @@ Signed-off-by: Christian Heimes <christian@python.org>
|
||||
+Dp0K+qtbNfuIkXdMjYydqc/8q8LmWgV7fgRuOc+Tzmc7esuvtjbh+3FkRdSm8M7v
|
||||
+dQSZaZrliAoQAnSJ7HWERIBI38H36TfOzpKSXIkiCHMf
|
||||
-----END CERTIFICATE-----
|
||||
--- a/Lib/test/keycert2.pem
|
||||
+++ b/Lib/test/keycert2.pem
|
||||
Index: Python-3.6.15/Lib/test/keycert2.pem
|
||||
===================================================================
|
||||
--- Python-3.6.15.orig/Lib/test/keycert2.pem
|
||||
+++ Python-3.6.15/Lib/test/keycert2.pem
|
||||
@@ -1,66 +1,66 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
-MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQDKjrjWZlfOs1Ch
|
||||
@ -543,8 +553,10 @@ Signed-off-by: Christian Heimes <christian@python.org>
|
||||
+GhIglMrgqJflTHAI/PvEsCKM1O0Un2dVGWsUCzPfhj1cKmagyb0Zd+2Tk9xGSRs9
|
||||
+2ceXMxRCjOJwEHUCFuTYeqowabdlpi0nyPbSn7JIwCpT
|
||||
-----END CERTIFICATE-----
|
||||
--- a/Lib/test/keycert3.pem
|
||||
+++ b/Lib/test/keycert3.pem
|
||||
Index: Python-3.6.15/Lib/test/keycert3.pem
|
||||
===================================================================
|
||||
--- Python-3.6.15.orig/Lib/test/keycert3.pem
|
||||
+++ Python-3.6.15/Lib/test/keycert3.pem
|
||||
@@ -1,84 +1,84 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
-MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQCfKC83Qe9/ZGMW
|
||||
@ -812,8 +824,10 @@ Signed-off-by: Christian Heimes <christian@python.org>
|
||||
+P7iAIQdqcRVtBetRs1mN1BVGfgKoEwEWmb0DzHBxKiMWeK/R1QGdBLRjk5oEOpIu
|
||||
+5n5zk6X+UJu9DupUhm985RR3/sIoWkoO1y2M6e1hKbJT/2wEvA==
|
||||
-----END CERTIFICATE-----
|
||||
--- a/Lib/test/keycert4.pem
|
||||
+++ b/Lib/test/keycert4.pem
|
||||
Index: Python-3.6.15/Lib/test/keycert4.pem
|
||||
===================================================================
|
||||
--- Python-3.6.15.orig/Lib/test/keycert4.pem
|
||||
+++ Python-3.6.15/Lib/test/keycert4.pem
|
||||
@@ -1,84 +1,84 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
-MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQDGjpiHzq7ghxhM
|
||||
@ -1081,8 +1095,10 @@ Signed-off-by: Christian Heimes <christian@python.org>
|
||||
+Xi4szXouKq62dWpfoBqbtmctsKUcVLyMcH4VK8BQ4wO7pKX8RQHJP6e4GNw+CAeh
|
||||
+m/W9lb1J6BB8kX0txMKYtrdRadcKaEC1D4WgqWd3xmjLDlg0s1jnyHwJZw==
|
||||
-----END CERTIFICATE-----
|
||||
--- a/Lib/test/make_ssl_certs.py
|
||||
+++ b/Lib/test/make_ssl_certs.py
|
||||
Index: Python-3.6.15/Lib/test/make_ssl_certs.py
|
||||
===================================================================
|
||||
--- Python-3.6.15.orig/Lib/test/make_ssl_certs.py
|
||||
+++ Python-3.6.15/Lib/test/make_ssl_certs.py
|
||||
@@ -7,6 +7,9 @@ import shutil
|
||||
import tempfile
|
||||
from subprocess import *
|
||||
@ -1220,8 +1236,10 @@ Signed-off-by: Christian Heimes <christian@python.org>
|
||||
unmake_ca()
|
||||
print("update Lib/test/test_ssl.py and Lib/test/test_asyncio/util.py")
|
||||
print_cert('keycert.pem')
|
||||
Index: Python-3.6.15/Lib/test/nosan.pem
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ b/Lib/test/nosan.pem
|
||||
+++ Python-3.6.15/Lib/test/nosan.pem
|
||||
@@ -0,0 +1,130 @@
|
||||
+-----BEGIN PRIVATE KEY-----
|
||||
+MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQCv3sUoOE4F7Pye
|
||||
@ -1353,8 +1371,10 @@ Signed-off-by: Christian Heimes <christian@python.org>
|
||||
+qvWVb/bK1QaPG3mT44a6jf6oEI+VPhQJv8qIWeKTtuwDqX7dH18T0ymzpvNq3zBT
|
||||
+RMjN5YJXvJw=
|
||||
+-----END CERTIFICATE-----
|
||||
--- a/Lib/test/pycacert.pem
|
||||
+++ b/Lib/test/pycacert.pem
|
||||
Index: Python-3.6.15/Lib/test/pycacert.pem
|
||||
===================================================================
|
||||
--- Python-3.6.15.orig/Lib/test/pycacert.pem
|
||||
+++ Python-3.6.15/Lib/test/pycacert.pem
|
||||
@@ -3,97 +3,97 @@ Certificate:
|
||||
Version: 3 (0x2)
|
||||
Serial Number:
|
||||
@ -1526,8 +1546,10 @@ Signed-off-by: Christian Heimes <christian@python.org>
|
||||
+Dp0K+qtbNfuIkXdMjYydqc/8q8LmWgV7fgRuOc+Tzmc7esuvtjbh+3FkRdSm8M7v
|
||||
+dQSZaZrliAoQAnSJ7HWERIBI38H36TfOzpKSXIkiCHMf
|
||||
-----END CERTIFICATE-----
|
||||
--- a/Lib/test/pycakey.pem
|
||||
+++ b/Lib/test/pycakey.pem
|
||||
Index: Python-3.6.15/Lib/test/pycakey.pem
|
||||
===================================================================
|
||||
--- Python-3.6.15.orig/Lib/test/pycakey.pem
|
||||
+++ Python-3.6.15/Lib/test/pycakey.pem
|
||||
@@ -1,40 +1,40 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
-MIIG/AIBADANBgkqhkiG9w0BAQEFAASCBuYwggbiAgEAAoIBgQCX7VVBujYXldtx
|
||||
@ -1607,8 +1629,10 @@ Signed-off-by: Christian Heimes <christian@python.org>
|
||||
+6eTeMLcsIJ+Fp7gG0ve2EdQwhVSVMFEu4Q4C2FcJeU++L4kYpY7sTnAjUtiLvtHn
|
||||
+yp3jllEn3CBD8Uhs4B+sL/6p
|
||||
-----END PRIVATE KEY-----
|
||||
--- a/Lib/test/revocation.crl
|
||||
+++ b/Lib/test/revocation.crl
|
||||
Index: Python-3.6.15/Lib/test/revocation.crl
|
||||
===================================================================
|
||||
--- Python-3.6.15.orig/Lib/test/revocation.crl
|
||||
+++ Python-3.6.15/Lib/test/revocation.crl
|
||||
@@ -1,14 +1,14 @@
|
||||
-----BEGIN X509 CRL-----
|
||||
MIICJjCBjwIBATANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJYWTEmMCQGA1UE
|
||||
@ -1634,8 +1658,10 @@ Signed-off-by: Christian Heimes <christian@python.org>
|
||||
+BLJOSOSu2vVUH5GUIrpvK9FTySKYa+MGryoPasuqZNfwpaXK+ON2G6QsmcXPWZY0
|
||||
+Dry6t0w2geW6UYVGmb831i8ZP3JVVVwcwi0=
|
||||
-----END X509 CRL-----
|
||||
--- a/Lib/test/test_asyncio/test_events.py
|
||||
+++ b/Lib/test/test_asyncio/test_events.py
|
||||
Index: Python-3.6.15/Lib/test/test_asyncio/test_events.py
|
||||
===================================================================
|
||||
--- Python-3.6.15.orig/Lib/test/test_asyncio/test_events.py
|
||||
+++ Python-3.6.15/Lib/test/test_asyncio/test_events.py
|
||||
@@ -72,7 +72,7 @@ PEERCERT = {
|
||||
'issuer': ((('countryName', 'XY'),),
|
||||
(('organizationName', 'Python Software Foundation CA'),),
|
||||
@ -1654,8 +1680,10 @@ Signed-off-by: Christian Heimes <christian@python.org>
|
||||
def check_terminated(self, returncode):
|
||||
if sys.platform == 'win32':
|
||||
self.assertIsInstance(returncode, int)
|
||||
--- a/Lib/test/test_ssl.py
|
||||
+++ b/Lib/test/test_ssl.py
|
||||
Index: Python-3.6.15/Lib/test/test_ssl.py
|
||||
===================================================================
|
||||
--- Python-3.6.15.orig/Lib/test/test_ssl.py
|
||||
+++ Python-3.6.15/Lib/test/test_ssl.py
|
||||
@@ -75,6 +75,8 @@ SIGNED_CERTFILE2 = data_file("keycert4.p
|
||||
SIGNING_CA = data_file("capath", "ceff1710.0")
|
||||
# cert with all kinds of subject alt names
|
||||
@ -1696,23 +1724,28 @@ Signed-off-by: Christian Heimes <christian@python.org>
|
||||
def test_wrong_cert(self):
|
||||
"""Connecting when the server rejects the client's certificate
|
||||
|
||||
Index: Python-3.6.15/Misc/NEWS.d/next/Library/2021-03-16-22-37-32.bpo-43522.dhNwOu.rst
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ b/Misc/NEWS.d/next/Library/2021-03-16-22-37-32.bpo-43522.dhNwOu.rst
|
||||
+++ Python-3.6.15/Misc/NEWS.d/next/Library/2021-03-16-22-37-32.bpo-43522.dhNwOu.rst
|
||||
@@ -0,0 +1 @@
|
||||
+Fix problem with :attr:`~ssl.SSLContext.hostname_checks_common_name`. OpenSSL does not copy hostflags from *struct SSL_CTX* to *struct SSL*.
|
||||
Index: Python-3.6.15/Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ b/Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst
|
||||
+++ Python-3.6.15/Misc/NEWS.d/next/Library/2021-04-09-14-08-03.bpo-43789.eaHlAm.rst
|
||||
@@ -0,0 +1,2 @@
|
||||
+OpenSSL 3.0.0: Don't call the password callback function a second time when
|
||||
+first call has signaled an error condition.
|
||||
--- a/Modules/_ssl.c
|
||||
+++ b/Modules/_ssl.c
|
||||
@@ -690,6 +690,15 @@ newPySSLSocket(PySSLContext *sslctx, PyS
|
||||
Index: Python-3.6.15/Modules/_ssl.c
|
||||
===================================================================
|
||||
--- Python-3.6.15.orig/Modules/_ssl.c
|
||||
+++ Python-3.6.15/Modules/_ssl.c
|
||||
@@ -690,6 +690,14 @@ newPySSLSocket(PySSLContext *sslctx, PyS
|
||||
_setSSLError(NULL, 0, __FILE__, __LINE__);
|
||||
return NULL;
|
||||
}
|
||||
+ /* bpo43522 and OpenSSL < 1.1.1l: copy hostflags manually */
|
||||
+ int OpenSSL_ver = OPENSSL_VERSION;
|
||||
+#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION < 0x101010cf
|
||||
+ X509_VERIFY_PARAM *ssl_verification_params = SSL_get0_param(self->ssl);
|
||||
+ X509_VERIFY_PARAM *ssl_ctx_verification_params = SSL_CTX_get0_param(ctx);
|
||||
@ -1723,7 +1756,7 @@ Signed-off-by: Christian Heimes <christian@python.org>
|
||||
SSL_set_app_data(self->ssl, self);
|
||||
if (sock) {
|
||||
SSL_set_fd(self->ssl, Py_SAFE_DOWNCAST(sock->sock_fd, SOCKET_T, int));
|
||||
@@ -3411,6 +3420,13 @@ _password_callback(char *buf, int size,
|
||||
@@ -3411,6 +3419,13 @@ _password_callback(char *buf, int size,
|
||||
|
||||
PySSL_END_ALLOW_THREADS_S(pw_info->thread_state);
|
||||
|
||||
@ -1737,7 +1770,7 @@ Signed-off-by: Christian Heimes <christian@python.org>
|
||||
if (pw_info->callable) {
|
||||
fn_ret = PyObject_CallFunctionObjArgs(pw_info->callable, NULL);
|
||||
if (!fn_ret) {
|
||||
@@ -5605,6 +5621,31 @@ PyInit__ssl(void)
|
||||
@@ -5605,6 +5620,31 @@ PyInit__ssl(void)
|
||||
SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
|
||||
#endif
|
||||
|
||||
|
100
bpo43920-fix-load_verify_locations-errmsgs.patch
Normal file
100
bpo43920-fix-load_verify_locations-errmsgs.patch
Normal file
@ -0,0 +1,100 @@
|
||||
From be6a5a3494dcf5c2f309acf959dd4d32ab846afb Mon Sep 17 00:00:00 2001
|
||||
From: Christian Heimes <christian@python.org>
|
||||
Date: Fri, 23 Apr 2021 11:56:31 +0200
|
||||
Subject: [PATCH] bpo-43920: Make load_verify_locations(cadata) error message
|
||||
consistent
|
||||
|
||||
Signed-off-by: Christian Heimes <christian@python.org>
|
||||
---
|
||||
Lib/test/test_ssl.py | 10 +++-
|
||||
Misc/NEWS.d/next/Library/2021-04-23-11-54-38.bpo-43920.cJMQ2D.rst | 2
|
||||
Lib/test/test_ssl.py | 10 ++-
|
||||
Misc/NEWS.d/next/Library/2021-04-23-11-54-38.bpo-43920.cJMQ2D.rst | 2
|
||||
Lib/test/test_ssl.py | 10 +++-
|
||||
Misc/NEWS.d/next/Library/2021-04-23-11-54-38.bpo-43920.cJMQ2D.rst | 2
|
||||
Modules/_ssl.c | 25 ++++++----
|
||||
3 files changed, 27 insertions(+), 10 deletions(-)
|
||||
create mode 100644 Misc/NEWS.d/next/Library/2021-04-23-11-54-38.bpo-43920.cJMQ2D.rst
|
||||
|
||||
Index: Python-3.6.15/Lib/test/test_ssl.py
|
||||
===================================================================
|
||||
--- Python-3.6.15.orig/Lib/test/test_ssl.py
|
||||
+++ Python-3.6.15/Lib/test/test_ssl.py
|
||||
@@ -1199,9 +1199,15 @@ class ContextTests(unittest.TestCase):
|
||||
ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
|
||||
self.assertRaises(TypeError, ctx.load_verify_locations, cadata=object)
|
||||
|
||||
- with self.assertRaisesRegex(ssl.SSLError, "no start line"):
|
||||
+ with self.assertRaisesRegex(
|
||||
+ ssl.SSLError,
|
||||
+ "no start line: cadata does not contain a certificate"
|
||||
+ ):
|
||||
ctx.load_verify_locations(cadata="broken")
|
||||
- with self.assertRaisesRegex(ssl.SSLError, "not enough data"):
|
||||
+ with self.assertRaisesRegex(
|
||||
+ ssl.SSLError,
|
||||
+ "not enough data: cadata does not contain a certificate"
|
||||
+ ):
|
||||
ctx.load_verify_locations(cadata=b"broken")
|
||||
|
||||
|
||||
Index: Python-3.6.15/Misc/NEWS.d/next/Library/2021-04-23-11-54-38.bpo-43920.cJMQ2D.rst
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ Python-3.6.15/Misc/NEWS.d/next/Library/2021-04-23-11-54-38.bpo-43920.cJMQ2D.rst
|
||||
@@ -0,0 +1,2 @@
|
||||
+OpenSSL 3.0.0: :meth:`~ssl.SSLContext.load_verify_locations` now returns a
|
||||
+consistent error message when cadata contains no valid certificate.
|
||||
Index: Python-3.6.15/Modules/_ssl.c
|
||||
===================================================================
|
||||
--- Python-3.6.15.orig/Modules/_ssl.c
|
||||
+++ Python-3.6.15/Modules/_ssl.c
|
||||
@@ -3579,7 +3579,7 @@ _add_ca_certs(PySSLContext *self, void *
|
||||
{
|
||||
BIO *biobuf = NULL;
|
||||
X509_STORE *store;
|
||||
- int retval = 0, err, loaded = 0;
|
||||
+ int retval = -1, err, loaded = 0;
|
||||
|
||||
assert(filetype == SSL_FILETYPE_ASN1 || filetype == SSL_FILETYPE_PEM);
|
||||
|
||||
@@ -3633,23 +3633,32 @@ _add_ca_certs(PySSLContext *self, void *
|
||||
}
|
||||
|
||||
err = ERR_peek_last_error();
|
||||
- if ((filetype == SSL_FILETYPE_ASN1) &&
|
||||
- (loaded > 0) &&
|
||||
- (ERR_GET_LIB(err) == ERR_LIB_ASN1) &&
|
||||
- (ERR_GET_REASON(err) == ASN1_R_HEADER_TOO_LONG)) {
|
||||
+ if (loaded == 0) {
|
||||
+ const char *msg = NULL;
|
||||
+ if (filetype == SSL_FILETYPE_PEM) {
|
||||
+ msg = "no start line: cadata does not contain a certificate";
|
||||
+ } else {
|
||||
+ msg = "not enough data: cadata does not contain a certificate";
|
||||
+ }
|
||||
+ _setSSLError(msg, 0, __FILE__, __LINE__);
|
||||
+ retval = -1;
|
||||
+ } else if ((filetype == SSL_FILETYPE_ASN1) &&
|
||||
+ (ERR_GET_LIB(err) == ERR_LIB_ASN1) &&
|
||||
+ (ERR_GET_REASON(err) == ASN1_R_HEADER_TOO_LONG)) {
|
||||
/* EOF ASN1 file, not an error */
|
||||
ERR_clear_error();
|
||||
retval = 0;
|
||||
} else if ((filetype == SSL_FILETYPE_PEM) &&
|
||||
- (loaded > 0) &&
|
||||
(ERR_GET_LIB(err) == ERR_LIB_PEM) &&
|
||||
(ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
|
||||
/* EOF PEM file, not an error */
|
||||
ERR_clear_error();
|
||||
retval = 0;
|
||||
- } else {
|
||||
- _setSSLError(NULL, 0, __FILE__, __LINE__);
|
||||
+ } else if (err != 0) {
|
||||
+ _setSSLError(NULL, 0, __FILE__, __LINE__);
|
||||
retval = -1;
|
||||
+ } else {
|
||||
+ retval = 0;
|
||||
}
|
||||
|
||||
BIO_free(biobuf);
|
@ -19,6 +19,9 @@ Thu Jan 11 15:14:09 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
|
||||
- Add crash-PyCFuncPtr_new-ctypes.patch (from
|
||||
gh#python/cpython#89863 and bpo#27987).
|
||||
- Fix CVE-2020-10735-DoS-no-limit-int-size.patch corrupted by quilt
|
||||
- Add bpo43920-fix-load_verify_locations-errmsgs.patch (from
|
||||
gh#python/cpython!25554) to make load_verify_locations(cadata)
|
||||
error message consistent.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 11 06:28:43 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
|
||||
|
@ -251,6 +251,9 @@ Patch61: bpo4379-skipTLS10-11-OpenSSL3.patch
|
||||
# PATCH-FIX-UPSTREAM crash-PyCFuncPtr_new-ctypes.patch gh#python/cpython#89863 mcepl@suse.com
|
||||
# fix SEGV in PyCFuncPtr_new in ctypes (fix from bpo#27987)
|
||||
Patch62: crash-PyCFuncPtr_new-ctypes.patch
|
||||
# PATCH-FIX-UPSTREAM bpo43920-fix-load_verify_locations-errmsgs.patch bsc#1217782 mcepl@suse.com
|
||||
# Make load_verify_locations(cadata) error message consistent (from gh#python/cpython!25554)
|
||||
Patch63: bpo43920-fix-load_verify_locations-errmsgs.patch
|
||||
BuildRequires: automake
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: gmp-devel
|
||||
@ -552,6 +555,7 @@ other applications.
|
||||
%patch -P 60 -p1
|
||||
%patch -P 61 -p1
|
||||
%patch -P 62 -p1
|
||||
%patch -P 63 -p1
|
||||
|
||||
# drop Autoconf version requirement
|
||||
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
|
||||
|
Loading…
Reference in New Issue
Block a user