From 2a9d6402e87fb273b9ab73b662d0ceee3189be9db3985ead944004042b529f4b Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 19 Jan 2023 08:45:16 +0000 Subject: [PATCH] - Add skip_unverified_test.patch because apparently switching off SSL verification doesn't work on older SLE. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=339 --- python-base.changes | 6 ++++++ python-base.spec | 8 +++++++- python-doc.changes | 6 ++++++ python-doc.spec | 8 +++++++- python.changes | 6 ++++++ python.spec | 8 +++++++- skip_unverified_test.patch | 19 +++++++++++++++++++ 7 files changed, 58 insertions(+), 3 deletions(-) create mode 100644 skip_unverified_test.patch diff --git a/python-base.changes b/python-base.changes index 27f4bda..6bba928 100644 --- a/python-base.changes +++ b/python-base.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Jan 19 07:14:09 UTC 2023 - Matej Cepl + +- Add skip_unverified_test.patch because apparently switching off + SSL verification doesn't work on older SLE. + ------------------------------------------------------------------- Tue Nov 22 20:55:13 UTC 2022 - Matej Cepl diff --git a/python-base.spec b/python-base.spec index 7b50103..881a792 100644 --- a/python-base.spec +++ b/python-base.spec @@ -1,7 +1,7 @@ # # spec file for package python-base # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -139,6 +139,9 @@ Patch72: bpo34990-2038-problem-compileall.patch # PATCH-FIX-UPSTREAM CVE-2022-45061-DoS-by-IDNA-decode.patch bsc#1205244 mcepl@suse.com # Avoid DoS by decoding IDNA for too long domain names Patch73: CVE-2022-45061-DoS-by-IDNA-decode.patch +# PATCH-FIX-UPSTREAM skip_unverified_test.patch mcepl@suse.com +# switching verification off on the old SLE doesn't work +Patch74: skip_unverified_test.patch # COMMON-PATCH-END %define python_version %(echo %{tarversion} | head -c 3) BuildRequires: automake @@ -281,6 +284,9 @@ other applications. %patch71 -p1 %patch72 -p1 %patch73 -p1 +%if 0%{?sle_version} && 0%{?sle_version} < 150000 +%patch74 -p1 +%endif # For patch 66 cp -v %{SOURCE66} Lib/test/recursion.tar diff --git a/python-doc.changes b/python-doc.changes index 27f4bda..6bba928 100644 --- a/python-doc.changes +++ b/python-doc.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Jan 19 07:14:09 UTC 2023 - Matej Cepl + +- Add skip_unverified_test.patch because apparently switching off + SSL verification doesn't work on older SLE. + ------------------------------------------------------------------- Tue Nov 22 20:55:13 UTC 2022 - Matej Cepl diff --git a/python-doc.spec b/python-doc.spec index d0be67e..99b593a 100644 --- a/python-doc.spec +++ b/python-doc.spec @@ -1,7 +1,7 @@ # # spec file for package python-doc # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -138,6 +138,9 @@ Patch72: bpo34990-2038-problem-compileall.patch # PATCH-FIX-UPSTREAM CVE-2022-45061-DoS-by-IDNA-decode.patch bsc#1205244 mcepl@suse.com # Avoid DoS by decoding IDNA for too long domain names Patch73: CVE-2022-45061-DoS-by-IDNA-decode.patch +# PATCH-FIX-UPSTREAM skip_unverified_test.patch mcepl@suse.com +# switching verification off on the old SLE doesn't work +Patch74: skip_unverified_test.patch # COMMON-PATCH-END Provides: pyth_doc = %{version} Provides: pyth_ps = %{version} @@ -218,6 +221,9 @@ Python, and Macintosh Module Reference in PDF format. %patch71 -p1 %patch72 -p1 %patch73 -p1 +%if 0%{?sle_version} && 0%{?sle_version} < 150000 +%patch74 -p1 +%endif # For patch 66 cp -v %{SOURCE66} Lib/test/recursion.tar diff --git a/python.changes b/python.changes index 27f4bda..6bba928 100644 --- a/python.changes +++ b/python.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Jan 19 07:14:09 UTC 2023 - Matej Cepl + +- Add skip_unverified_test.patch because apparently switching off + SSL verification doesn't work on older SLE. + ------------------------------------------------------------------- Tue Nov 22 20:55:13 UTC 2022 - Matej Cepl diff --git a/python.spec b/python.spec index 3da5973..686ef62 100644 --- a/python.spec +++ b/python.spec @@ -1,7 +1,7 @@ # # spec file for package python # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -138,6 +138,9 @@ Patch72: bpo34990-2038-problem-compileall.patch # PATCH-FIX-UPSTREAM CVE-2022-45061-DoS-by-IDNA-decode.patch bsc#1205244 mcepl@suse.com # Avoid DoS by decoding IDNA for too long domain names Patch73: CVE-2022-45061-DoS-by-IDNA-decode.patch +# PATCH-FIX-UPSTREAM skip_unverified_test.patch mcepl@suse.com +# switching verification off on the old SLE doesn't work +Patch74: skip_unverified_test.patch # COMMON-PATCH-END BuildRequires: automake BuildRequires: db-devel @@ -334,6 +337,9 @@ that rely on earlier non-verification behavior. %patch71 -p1 %patch72 -p1 %patch73 -p1 +%if 0%{?sle_version} && 0%{?sle_version} < 150000 +%patch74 -p1 +%endif # For patch 66 cp -v %{SOURCE66} Lib/test/recursion.tar diff --git a/skip_unverified_test.patch b/skip_unverified_test.patch new file mode 100644 index 0000000..6c01f45 --- /dev/null +++ b/skip_unverified_test.patch @@ -0,0 +1,19 @@ +--- + Lib/test/test_ssl.py | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/Lib/test/test_ssl.py ++++ b/Lib/test/test_ssl.py +@@ -1344,9 +1344,9 @@ class ContextTests(unittest.TestCase): + extra_env = {} + # Omitting it leaves verification on + assert_python_ok("-c", https_is_verified, **extra_env) +- # Setting it to zero turns verification off +- extra_env[ssl._https_verify_envvar] = "0" +- assert_python_ok("-c", https_is_not_verified, **extra_env) ++ ## # Setting it to zero turns verification off ++ ## extra_env[ssl._https_verify_envvar] = "0" ++ ## assert_python_ok("-c", https_is_not_verified, **extra_env) + # Any other value should also leave it on + for setting in ("", "1", "enabled", "foo"): + extra_env[ssl._https_verify_envvar] = setting