[python/f21] Enable SSLv2 and SSLv3 when SSLv23_method is used
Robert Kuska
rkuska at fedoraproject.org
Fri Jul 18 14:44:16 UTC 2014
commit e0419e878a0bbf063bed8a8b54509a85196f7f9f
Author: Robert Kuska <rkuska at redhat.com>
Date: Fri Jul 18 16:44:10 2014 +0200
Enable SSLv2 and SSLv3 when SSLv23_method is used
00195-enable-sslv23-in-ssl.patch | 15 +++++++++++++++
python.spec | 12 +++++++++++-
2 files changed, 26 insertions(+), 1 deletions(-)
---
diff --git a/00195-enable-sslv23-in-ssl.patch b/00195-enable-sslv23-in-ssl.patch
new file mode 100644
index 0000000..fcce84a
--- /dev/null
+++ b/00195-enable-sslv23-in-ssl.patch
@@ -0,0 +1,15 @@
+diff -up Python-2.7.8/Modules/_ssl.c.orig Python-2.7.8/Modules/_ssl.c
+--- Python-2.7.8/Modules/_ssl.c.orig 2014-07-17 14:17:32.584362667 +0200
++++ Python-2.7.8/Modules/_ssl.c 2014-07-17 14:17:38.215405930 +0200
+@@ -312,8 +312,10 @@ newPySSLObject(PySocketSockObject *Sock,
+ else if (proto_version == PY_SSL_VERSION_SSL2)
+ self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
+ #endif
+- else if (proto_version == PY_SSL_VERSION_SSL23)
++ else if (proto_version == PY_SSL_VERSION_SSL23) {
+ self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
++ self->ctx->options &= ~(SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
++ }
+ PySSL_END_ALLOW_THREADS
+
+ if (self->ctx == NULL) {
diff --git a/python.spec b/python.spec
index bccb8be..b11a27c 100644
--- a/python.spec
+++ b/python.spec
@@ -106,7 +106,7 @@ Summary: An interpreted, interactive, object-oriented programming language
Name: %{python}
# Remember to also rebase python-docs when changing this:
Version: 2.7.8
-Release: 1%{?dist}
+Release: 2%{?dist}
License: Python
Group: Development/Languages
Requires: %{python}-libs%{?_isa} = %{version}-%{release}
@@ -877,6 +877,12 @@ Patch193: 00193-enable-loading-sqlite-extensions.patch
# FIXED UPSTREAM
#Patch194: 00194-fix-tests-with-sqlite-3.8.4.patch
+# Since openssl-1.0.1h-5.fc21 SSLv2 and SSLV3 protocols
+# are disabled by default in openssl, according the comment in openssl
+# patch this affects only SSLv23_method, this patch enables SSLv2
+# and SSLv3 when SSLv23_method is used
+Patch195: 00195-enable-sslv23-in-ssl.patch
+
# (New patches go here ^^^)
#
# When adding new patches to "python" and "python3" in Fedora 17 onwards,
@@ -1233,6 +1239,7 @@ mv Modules/cryptmodule.c Modules/_cryptmodule.c
# 00192: upstream as of Python 2.7.7
%patch193 -p1
# 00194: upstream as of Python 2.7.7
+%patch195 -p1
# This shouldn't be necesarry, but is right now (2.2a3)
@@ -2067,6 +2074,9 @@ rm -fr %{buildroot}
# ======================================================
%changelog
+* Fri Jul 18 2014 Robert Kuska <rkuska at redhat.com> - 2.7.8-2
+- Enable SSLv2 and SSLv3 when SSLv23_method is used in ssl
+
* Mon Jul 14 2014 Robert Kuska <rkuska at redhat.com> - 2.7.8-1
- Update to 2.7.8
More information about the scm-commits
mailing list