Accepting request 928309 from devel:languages:python
- Add check_inv_ALPN_lists.patch checks for invalid ALPN lists before calling OpenSSL (gh#pyca/pyopenssl#1056). - update to 21.0.0: - The minimum ``cryptography`` version is now 3.3. - Drop support for Python 3.5 - Raise an error when an invalid ALPN value is set. - Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version`` - Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings. OBS-URL: https://build.opensuse.org/request/show/928309 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-pyOpenSSL?expand=0&rev=41
This commit is contained in:
commit
41d86ca868
51
check_inv_ALPN_lists.patch
Normal file
51
check_inv_ALPN_lists.patch
Normal file
@ -0,0 +1,51 @@
|
||||
From cc5c00ae5fd3c19d07fff79b5c4a08f5e58697ad Mon Sep 17 00:00:00 2001
|
||||
From: "Nathaniel J. Smith" <njs@pobox.com>
|
||||
Date: Wed, 27 Oct 2021 11:54:08 -0700
|
||||
Subject: [PATCH 1/2] Check for invalid ALPN lists before calling OpenSSL, for
|
||||
consistency
|
||||
|
||||
Fixes gh-1043
|
||||
---
|
||||
src/OpenSSL/SSL.py | 12 ++++++++++++
|
||||
tests/test_ssl.py | 2 +-
|
||||
2 files changed, 13 insertions(+), 1 deletion(-)
|
||||
|
||||
--- a/src/OpenSSL/SSL.py
|
||||
+++ b/src/OpenSSL/SSL.py
|
||||
@@ -1423,6 +1423,12 @@ class Context(object):
|
||||
This list should be a Python list of bytestrings representing the
|
||||
protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``.
|
||||
"""
|
||||
+ # Different versions of OpenSSL are inconsistent about how they handle
|
||||
+ # empty proto lists (see #1043), so we avoid the problem entirely by
|
||||
+ # rejecting them ourselves.
|
||||
+ if not protos:
|
||||
+ raise ValueError("at least one protocol must be specified")
|
||||
+
|
||||
# Take the list of protocols and join them together, prefixing them
|
||||
# with their lengths.
|
||||
protostr = b"".join(
|
||||
@@ -2451,6 +2457,12 @@ class Connection(object):
|
||||
This list should be a Python list of bytestrings representing the
|
||||
protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``.
|
||||
"""
|
||||
+ # Different versions of OpenSSL are inconsistent about how they handle
|
||||
+ # empty proto lists (see #1043), so we avoid the problem entirely by
|
||||
+ # rejecting them ourselves.
|
||||
+ if not protos:
|
||||
+ raise ValueError("at least one protocol must be specified")
|
||||
+
|
||||
# Take the list of protocols and join them together, prefixing them
|
||||
# with their lengths.
|
||||
protostr = b"".join(
|
||||
--- a/tests/test_ssl.py
|
||||
+++ b/tests/test_ssl.py
|
||||
@@ -1934,7 +1934,7 @@ class TestApplicationLayerProtoNegotiati
|
||||
protocols list. Ensure that we produce a user-visible error.
|
||||
"""
|
||||
context = Context(SSLv23_METHOD)
|
||||
- with pytest.raises(Error):
|
||||
+ with pytest.raises(ValueError):
|
||||
context.set_alpn_protos([])
|
||||
|
||||
def test_alpn_set_on_connection(self):
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:4c231c759543ba02560fcd2480c48dcec4dae34c9da7d3747c508227e0624b51
|
||||
size 173736
|
3
pyOpenSSL-21.0.0.tar.gz
Normal file
3
pyOpenSSL-21.0.0.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:5e2d8c5e46d0d865ae933bef5230090bdaf5506281e9eec60fa250ee80600cb3
|
||||
size 175652
|
@ -1,3 +1,20 @@
|
||||
-------------------------------------------------------------------
|
||||
Sat Oct 30 19:08:35 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||||
|
||||
- Add check_inv_ALPN_lists.patch checks for invalid ALPN lists
|
||||
before calling OpenSSL (gh#pyca/pyopenssl#1056).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 26 20:27:12 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
- update to 21.0.0:
|
||||
- The minimum ``cryptography`` version is now 3.3.
|
||||
- Drop support for Python 3.5
|
||||
- Raise an error when an invalid ALPN value is set.
|
||||
- Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``
|
||||
- Updated ``to_cryptography`` and ``from_cryptography`` methods to support an
|
||||
upcoming release of ``cryptography`` without raising deprecation warnings.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 1 18:07:21 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
|
@ -19,7 +19,7 @@
|
||||
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
|
||||
%define oldpython python
|
||||
Name: python-pyOpenSSL
|
||||
Version: 20.0.1
|
||||
Version: 21.0.0
|
||||
Release: 0
|
||||
Summary: Python wrapper module around the OpenSSL library
|
||||
License: Apache-2.0
|
||||
@ -28,8 +28,11 @@ Source: https://files.pythonhosted.org/packages/source/p/pyOpenSSL/pyOpe
|
||||
# PATCH-FIX-UPSTREAM skip-networked-test.patch gh#pyca/pyopenssl#68 mcepl@suse.com
|
||||
# Mark tests requiring network access
|
||||
Patch0: skip-networked-test.patch
|
||||
# PATCH-FIX-UPSTREAM check_inv_ALPN_lists.patch gh#pyca/pyopenssl#1056 mcepl@suse.com
|
||||
# Check for invalid ALPN lists before calling OpenSSL
|
||||
Patch1: check_inv_ALPN_lists.patch
|
||||
BuildRequires: %{python_module cffi}
|
||||
BuildRequires: %{python_module cryptography >= 2.8}
|
||||
BuildRequires: %{python_module cryptography >= 3.3}
|
||||
BuildRequires: %{python_module flaky}
|
||||
BuildRequires: %{python_module pretend}
|
||||
BuildRequires: %{python_module pytest >= 3.0.1}
|
||||
@ -40,7 +43,7 @@ BuildRequires: fdupes
|
||||
BuildRequires: openssl
|
||||
BuildRequires: python-rpm-macros
|
||||
Requires: python-cffi
|
||||
Requires: python-cryptography >= 2.8
|
||||
Requires: python-cryptography >= 3.3
|
||||
Requires: python-six >= 1.5.2
|
||||
Provides: pyOpenSSL = %{version}
|
||||
BuildArch: noarch
|
||||
|
Loading…
Reference in New Issue
Block a user