pool/python
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4a730b55c6
python/openssl-111-ssl_options.patch
Matej Cepl 88ffffeead Accepting request 692400 from home:mcepl:branches:devel:languages:python:Factory 
- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch 
  removing unnecessary (and potentially harmful) URL scheme
  local-file://.

- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch
  Characters in the netloc attribute that decompose under NFKC
  normalization (as used by the IDNA encoding) into any of ``/``,
  ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the
  URL is decomposed before parsing, or is not a Unicode string,
  no error will be raised.
  Upstream commits e37ef41 and 507bd8c.

- Update to 2.7.16:
  * bugfix-only release: complete list of changes on
    https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst
  * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
    which are fully included in the tarball.
  * Updated patches to apply cleanly:
        CVE-2019-5010-null-defer-x509-cert-DOS.patch
        bpo36160-init-sysconfig_vars.patch
        do-not-use-non-ascii-in-test_ssl.patch
        openssl-111-middlebox-compat.patch
        openssl-111-ssl_options.patch
        python-2.5.1-sqlite.patch
        python-2.6-gettext-plurals.patch
        python-2.7-dirs.patch
        python-2.7.2-fix_date_time_compiler.patch
        python-2.7.4-canonicalize2.patch
        python-2.7.5-multilib.patch
        python-2.7.9-ssl_ca_path.patch

OBS-URL: https://build.opensuse.org/request/show/692400
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=241
2019-04-08 22:40:36 +00:00

18 lines
930 B
Diff
Raw Blame History

--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -807,12 +807,8 @@ class ContextTests(unittest.TestCase):
default = (ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3)
# SSLContext also enables these by default
default |= (OP_NO_COMPRESSION | OP_CIPHER_SERVER_PREFERENCE |
- ssl.OP_SINGLE_DH_USE | ssl.OP_SINGLE_ECDH_USE)
- if not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 1):
- # define MIDDLEBOX constant, as python2.7 does not know about it
- # but it is used by default.
- OP_ENABLE_MIDDLEBOX_COMPAT = 1048576L
- default |= OP_ENABLE_MIDDLEBOX_COMPAT
+ OP_SINGLE_DH_USE | OP_SINGLE_ECDH_USE |
+ OP_ENABLE_MIDDLEBOX_COMPAT)
self.assertEqual(default, ctx.options)
ctx.options |= ssl.OP_NO_TLSv1
self.assertEqual(default | ssl.OP_NO_TLSv1, ctx.options)
Reference in New Issue View Git Blame Copy Permalink