Accepting request 645303 from home:vitezslav_cizek:branches:devel:languages:python:Factory

- Enable all the tests in %check - Add more patches to successfully build with openssl 1.1.1 (bsc#1113755) * openssl-111-middlebox-compat.patch * openssl-111-ssl_options.patch OBS-URL: https://build.opensuse.org/request/show/645303 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=235
2018-10-29 15:14:27 +00:00 · 2018-10-29 15:14:27 +00:00 · a74bb24131
commit a74bb24131
parent 20d7b72031
6 changed files with 73 additions and 1 deletions
--- a/openssl-111-middlebox-compat.patch
+++ b/openssl-111-middlebox-compat.patch
@ -0,0 +1,32 @@
+From 4fa35e8b1ebb2a8e88ba7c4c9cd2a17b35638ee6 Mon Sep 17 00:00:00 2001
+From: Dimitri John Ledkov <xnox@ubuntu.com>
+Date: Fri, 28 Sep 2018 16:34:16 +0100
+Subject: [PATCH] bpo-34834: Fix test_ssl.test_options to account for
+ OP_ENABLE_MIDDLEBOX_COMPAT.
+
+Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
+
+https://bugs.python.org/issue34834
+---
+ Lib/test/test_ssl.py | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+Index: Python-2.7.15/Lib/test/test_ssl.py
+===================================================================
+--- Python-2.7.15.orig/Lib/test/test_ssl.py	2018-10-29 13:32:59.190865648 +0100
+++ Python-2.7.15/Lib/test/test_ssl.py	2018-10-29 13:41:01.857624490 +0100
+@@ -777,8 +777,12 @@ class ContextTests(unittest.TestCase):
+         default = (ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3)
+         # SSLContext also enables these by default
+         default |= (ssl.OP_NO_COMPRESSION | ssl.OP_CIPHER_SERVER_PREFERENCE |
+-                    ssl.OP_SINGLE_DH_USE | ssl.OP_SINGLE_ECDH_USE |
+-                    ssl.OP_ENABLE_MIDDLEBOX_COMPAT)
+                    ssl.OP_SINGLE_DH_USE | ssl.OP_SINGLE_ECDH_USE)
+        if not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 1):
+            # define MIDDLEBOX constant, as python2.7 does not know about it
+            # but it is used by default.
+            OP_ENABLE_MIDDLEBOX_COMPAT = 1048576L
+            default |= OP_ENABLE_MIDDLEBOX_COMPAT
+         self.assertEqual(default, ctx.options)
+         ctx.options |= ssl.OP_NO_TLSv1
+         self.assertEqual(default | ssl.OP_NO_TLSv1, ctx.options)
--- a/openssl-111-ssl_options.patch
+++ b/openssl-111-ssl_options.patch
@ -0,0 +1,13 @@
+Index: Python-2.7.15/Lib/test/test_ssl.py
+===================================================================
+--- Python-2.7.15.orig/Lib/test/test_ssl.py	2018-10-29 13:41:01.857624490 +0100
+++ Python-2.7.15/Lib/test/test_ssl.py	2018-10-29 14:04:59.674004321 +0100
+@@ -776,7 +776,7 @@ class ContextTests(unittest.TestCase):
+         # OP_ALL | OP_NO_SSLv2 | OP_NO_SSLv3 is the default value
+         default = (ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3)
+         # SSLContext also enables these by default
+-        default |= (ssl.OP_NO_COMPRESSION | ssl.OP_CIPHER_SERVER_PREFERENCE |
+        default |= (ssl.OP_NO_COMPRESSION | 
+                     ssl.OP_SINGLE_DH_USE | ssl.OP_SINGLE_ECDH_USE)
+         if not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 1):
+             # define MIDDLEBOX constant, as python2.7 does not know about it
--- a/python-base.spec
+++ b/python-base.spec
@ -65,6 +65,10 @@ Patch42:        openssl-111.patch
 # PATCH-FIX-UPSTREAM CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch mcepl@suse.com
 # Suggested in https://github.com/python/cpython/commit/add531a1e55b.patch
 Patch43:        CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
+# https://github.com/python/cpython/pull/9624 (https://bugs.python.org/issue34834)
+Patch47:        openssl-111-middlebox-compat.patch
+# PATCH-FIX-SUSE python default SSLContext doesn't contain OP_CIPHER_SERVER_PREFERENCE
+Patch48:        openssl-111-ssl_options.patch
 # COMMON-PATCH-END
 %define         python_version    %(echo %{tarversion} | head -c 3)
 BuildRequires:  automake
@ -174,6 +178,8 @@ other applications.
 %patch41 -p1
 %patch42 -p1
 %patch43 -p1
+%patch47 -p1
+%patch48 -p1

 # drop Autoconf version requirement
 sed -i 's/^version_required/dnl version_required/' configure.ac
--- a/python-doc.spec
+++ b/python-doc.spec
@ -66,6 +66,10 @@ Patch42:        openssl-111.patch
 # PATCH-FIX-UPSTREAM CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch mcepl@suse.com
 # Suggested in https://github.com/python/cpython/commit/add531a1e55b.patch
 Patch43:        CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
+# https://github.com/python/cpython/pull/9624 (https://bugs.python.org/issue34834)
+Patch47:        openssl-111-middlebox-compat.patch
+# PATCH-FIX-SUSE python default SSLContext doesn't contain OP_CIPHER_SERVER_PREFERENCE
+Patch48:        openssl-111-ssl_options.patch
 # COMMON-PATCH-END
 Provides:       pyth_doc
 Provides:       pyth_ps
@ -121,6 +125,8 @@ Python, and Macintosh Module Reference in PDF format.
 %patch41 -p1
 %patch42 -p1
 %patch43 -p1
+%patch47 -p1
+%patch48 -p1

 # drop Autoconf version requirement
 sed -i 's/^version_required/dnl version_required/' configure.ac
--- a/python.changes
+++ b/python.changes
@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Mon Oct 29 13:21:20 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
+
+- Enable all the tests in %check
+- Add more patches to successfully build with openssl 1.1.1
+  (bsc#1113755)
+  * openssl-111-middlebox-compat.patch
+  * openssl-111-ssl_options.patch
+
 -------------------------------------------------------------------
 Fri Oct 26 10:48:44 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>

--- a/python.spec
+++ b/python.spec
@ -71,6 +71,10 @@ Patch42:        openssl-111.patch
 # PATCH-FIX-UPSTREAM CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch mcepl@suse.com
 # Suggested in https://github.com/python/cpython/commit/add531a1e55b.patch
 Patch43:        CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
+# https://github.com/python/cpython/pull/9624 (https://bugs.python.org/issue34834)
+Patch47:        openssl-111-middlebox-compat.patch
+# PATCH-FIX-SUSE python default SSLContext doesn't contain OP_CIPHER_SERVER_PREFERENCE
+Patch48:        openssl-111-ssl_options.patch
 # COMMON-PATCH-END
 BuildRequires:  automake
 BuildRequires:  db-devel
@ -227,6 +231,8 @@ that rely on earlier non-verification behavior.
 %patch41 -p1
 %patch42 -p1
 %patch43 -p1
+%patch47 -p1
+%patch48 -p1

 # drop Autoconf version requirement
 sed -i 's/^version_required/dnl version_required/' configure.ac
@ -264,7 +270,7 @@ if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then
  ulimit -v 10000000 || :
 fi
 LIST="test_urllib test_ssl test_hashlib test_hmac test_urllib2_localnet test_unicodedata test_tarfile test_sqlite test_tcl test_dbm test_anydbm test_dumbdbm test_gdbm test_whichdb test_tk test_ttk_textonly test_bsddb test_bsddb3 test_readline"
-make test TESTOPTS="test_ssl" TESTPYTHONOPTS="-v"
+make test TESTOPTS="$LIST" TESTPYTHONOPTS="-R"
 %endif

 %install