Matej Cepl
88ffffeead
- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch
removing unnecessary (and potentially harmful) URL scheme
local-file://.
- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch
Characters in the netloc attribute that decompose under NFKC
normalization (as used by the IDNA encoding) into any of ``/``,
``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the
URL is decomposed before parsing, or is not a Unicode string,
no error will be raised.
Upstream commits e37ef41 and 507bd8c.
- Update to 2.7.16:
* bugfix-only release: complete list of changes on
https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst
* Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
which are fully included in the tarball.
* Updated patches to apply cleanly:
CVE-2019-5010-null-defer-x509-cert-DOS.patch
bpo36160-init-sysconfig_vars.patch
do-not-use-non-ascii-in-test_ssl.patch
openssl-111-middlebox-compat.patch
openssl-111-ssl_options.patch
python-2.5.1-sqlite.patch
python-2.6-gettext-plurals.patch
python-2.7-dirs.patch
python-2.7.2-fix_date_time_compiler.patch
python-2.7.4-canonicalize2.patch
python-2.7.5-multilib.patch
python-2.7.9-ssl_ca_path.patch
OBS-URL: https://build.opensuse.org/request/show/692400
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=241
31 lines
1.3 KiB
Diff
31 lines
1.3 KiB
Diff
From 4fa35e8b1ebb2a8e88ba7c4c9cd2a17b35638ee6 Mon Sep 17 00:00:00 2001
|
|
From: Dimitri John Ledkov <xnox@ubuntu.com>
|
|
Date: Fri, 28 Sep 2018 16:34:16 +0100
|
|
Subject: [PATCH] bpo-34834: Fix test_ssl.test_options to account for
|
|
OP_ENABLE_MIDDLEBOX_COMPAT.
|
|
|
|
Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
|
|
|
|
https://bugs.python.org/issue34834
|
|
---
|
|
Lib/test/test_ssl.py | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
--- a/Lib/test/test_ssl.py
|
|
+++ b/Lib/test/test_ssl.py
|
|
@@ -807,8 +807,12 @@ class ContextTests(unittest.TestCase):
|
|
default = (ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3)
|
|
# SSLContext also enables these by default
|
|
default |= (OP_NO_COMPRESSION | OP_CIPHER_SERVER_PREFERENCE |
|
|
- OP_SINGLE_DH_USE | OP_SINGLE_ECDH_USE |
|
|
- OP_ENABLE_MIDDLEBOX_COMPAT)
|
|
+ ssl.OP_SINGLE_DH_USE | ssl.OP_SINGLE_ECDH_USE)
|
|
+ if not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 1):
|
|
+ # define MIDDLEBOX constant, as python2.7 does not know about it
|
|
+ # but it is used by default.
|
|
+ OP_ENABLE_MIDDLEBOX_COMPAT = 1048576L
|
|
+ default |= OP_ENABLE_MIDDLEBOX_COMPAT
|
|
self.assertEqual(default, ctx.options)
|
|
ctx.options |= ssl.OP_NO_TLSv1
|
|
self.assertEqual(default | ssl.OP_NO_TLSv1, ctx.options)
|