python/openssl-111-middlebox-compat.patch

From 4fa35e8b1ebb2a8e88ba7c4c9cd2a17b35638ee6 Mon Sep 17 00:00:00 2001
From: Dimitri John Ledkov <xnox@ubuntu.com>
Date: Fri, 28 Sep 2018 16:34:16 +0100
Subject: [PATCH] bpo-34834: Fix test_ssl.test_options to account for
 OP_ENABLE_MIDDLEBOX_COMPAT.

Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>

https://bugs.python.org/issue34834
---
 Lib/test/test_ssl.py |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -838,8 +838,12 @@ class ContextTests(unittest.TestCase):
         default = (ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3)
         # SSLContext also enables these by default
         default |= (OP_NO_COMPRESSION | OP_CIPHER_SERVER_PREFERENCE |
-                    OP_SINGLE_DH_USE | OP_SINGLE_ECDH_USE |
-                    OP_ENABLE_MIDDLEBOX_COMPAT)
+                    ssl.OP_SINGLE_DH_USE | ssl.OP_SINGLE_ECDH_USE)
+        if not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 1):
+            # define MIDDLEBOX constant, as python2.7 does not know about it
+            # but it is used by default.
+            OP_ENABLE_MIDDLEBOX_COMPAT = 1048576L
+            default |= OP_ENABLE_MIDDLEBOX_COMPAT
         self.assertEqual(default, ctx.options)
         ctx.options |= ssl.OP_NO_TLSv1
         self.assertEqual(default | ssl.OP_NO_TLSv1, ctx.options)
Accepting request 645303 from home:vitezslav_cizek:branches:devel:languages:python:Factory - Enable all the tests in %check - Add more patches to successfully build with openssl 1.1.1 (bsc#1113755) * openssl-111-middlebox-compat.patch * openssl-111-ssl_options.patch OBS-URL: https://build.opensuse.org/request/show/645303 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=235 2018-10-29 16:14:27 +01:00			`From 4fa35e8b1ebb2a8e88ba7c4c9cd2a17b35638ee6 Mon Sep 17 00:00:00 2001`
			`From: Dimitri John Ledkov <xnox@ubuntu.com>`
			`Date: Fri, 28 Sep 2018 16:34:16 +0100`
			`Subject: [PATCH] bpo-34834: Fix test_ssl.test_options to account for`
			`OP_ENABLE_MIDDLEBOX_COMPAT.`

			`Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>`

			`https://bugs.python.org/issue34834`
			`---`
- Restore python-2.7.9-sles-disable-verification-by-default.patch for SLE-12. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=337 2022-11-22 21:56:11 +01:00			`Lib/test/test_ssl.py \| 8 ++++++--`
			`1 file changed, 6 insertions(+), 2 deletions(-)`
Accepting request 645303 from home:vitezslav_cizek:branches:devel:languages:python:Factory - Enable all the tests in %check - Add more patches to successfully build with openssl 1.1.1 (bsc#1113755) * openssl-111-middlebox-compat.patch * openssl-111-ssl_options.patch OBS-URL: https://build.opensuse.org/request/show/645303 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=235 2018-10-29 16:14:27 +01:00
Accepting request 692400 from home:mcepl:branches:devel:languages:python:Factory - bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch removing unnecessary (and potentially harmful) URL scheme local-file://. - bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch Characters in the netloc attribute that decompose under NFKC normalization (as used by the IDNA encoding) into any of ``/``, ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the URL is decomposed before parsing, or is not a Unicode string, no error will be raised. Upstream commits e37ef41 and 507bd8c. - Update to 2.7.16: * bugfix-only release: complete list of changes on https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch which are fully included in the tarball. * Updated patches to apply cleanly: CVE-2019-5010-null-defer-x509-cert-DOS.patch bpo36160-init-sysconfig_vars.patch do-not-use-non-ascii-in-test_ssl.patch openssl-111-middlebox-compat.patch openssl-111-ssl_options.patch python-2.5.1-sqlite.patch python-2.6-gettext-plurals.patch python-2.7-dirs.patch python-2.7.2-fix_date_time_compiler.patch python-2.7.4-canonicalize2.patch python-2.7.5-multilib.patch python-2.7.9-ssl_ca_path.patch OBS-URL: https://build.opensuse.org/request/show/692400 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=241 2019-04-09 00:40:36 +02:00			`--- a/Lib/test/test_ssl.py`
			`+++ b/Lib/test/test_ssl.py`
- Restore python-2.7.9-sles-disable-verification-by-default.patch for SLE-12. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=337 2022-11-22 21:56:11 +01:00			`@@ -838,8 +838,12 @@ class ContextTests(unittest.TestCase):`
Accepting request 645303 from home:vitezslav_cizek:branches:devel:languages:python:Factory - Enable all the tests in %check - Add more patches to successfully build with openssl 1.1.1 (bsc#1113755) * openssl-111-middlebox-compat.patch * openssl-111-ssl_options.patch OBS-URL: https://build.opensuse.org/request/show/645303 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=235 2018-10-29 16:14:27 +01:00			`default = (ssl.OP_ALL \| ssl.OP_NO_SSLv2 \| ssl.OP_NO_SSLv3)`
			`# SSLContext also enables these by default`
Accepting request 692400 from home:mcepl:branches:devel:languages:python:Factory - bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch removing unnecessary (and potentially harmful) URL scheme local-file://. - bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch Characters in the netloc attribute that decompose under NFKC normalization (as used by the IDNA encoding) into any of ``/``, ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the URL is decomposed before parsing, or is not a Unicode string, no error will be raised. Upstream commits e37ef41 and 507bd8c. - Update to 2.7.16: * bugfix-only release: complete list of changes on https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch which are fully included in the tarball. * Updated patches to apply cleanly: CVE-2019-5010-null-defer-x509-cert-DOS.patch bpo36160-init-sysconfig_vars.patch do-not-use-non-ascii-in-test_ssl.patch openssl-111-middlebox-compat.patch openssl-111-ssl_options.patch python-2.5.1-sqlite.patch python-2.6-gettext-plurals.patch python-2.7-dirs.patch python-2.7.2-fix_date_time_compiler.patch python-2.7.4-canonicalize2.patch python-2.7.5-multilib.patch python-2.7.9-ssl_ca_path.patch OBS-URL: https://build.opensuse.org/request/show/692400 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=241 2019-04-09 00:40:36 +02:00			`default \|= (OP_NO_COMPRESSION \| OP_CIPHER_SERVER_PREFERENCE \|`
			`- OP_SINGLE_DH_USE \| OP_SINGLE_ECDH_USE \|`
			`- OP_ENABLE_MIDDLEBOX_COMPAT)`
Accepting request 645303 from home:vitezslav_cizek:branches:devel:languages:python:Factory - Enable all the tests in %check - Add more patches to successfully build with openssl 1.1.1 (bsc#1113755) * openssl-111-middlebox-compat.patch * openssl-111-ssl_options.patch OBS-URL: https://build.opensuse.org/request/show/645303 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=235 2018-10-29 16:14:27 +01:00			`+ ssl.OP_SINGLE_DH_USE \| ssl.OP_SINGLE_ECDH_USE)`
			`+ if not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 1):`
			`+ # define MIDDLEBOX constant, as python2.7 does not know about it`
			`+ # but it is used by default.`
			`+ OP_ENABLE_MIDDLEBOX_COMPAT = 1048576L`
			`+ default \|= OP_ENABLE_MIDDLEBOX_COMPAT`
			`self.assertEqual(default, ctx.options)`
			`ctx.options \|= ssl.OP_NO_TLSv1`
			`self.assertEqual(default \| ssl.OP_NO_TLSv1, ctx.options)`