[arch-commits] Commit in python/trunk (PKGBUILD increase-dh-key-size.patch)

Evangelos Foutras foutrelis at archlinux.org
Mon Sep 7 10:44:58 UTC 2015 

    Date: Monday, September 7, 2015 @ 12:44:58
  Author: foutrelis
Revision: 245450

Add upstream patch to increase DH key size in tests

This fixes a failure in test_ssl.

Added:
  python/trunk/increase-dh-key-size.patch
Modified:
  python/trunk/PKGBUILD

----------------------------+
 PKGBUILD                   |    9 ++++++-
 increase-dh-key-size.patch |   49 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 56 insertions(+), 2 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2015-09-07 10:31:10 UTC (rev 245449)
+++ PKGBUILD	2015-09-07 10:44:58 UTC (rev 245450)
@@ -25,12 +25,17 @@
 options=('!makeflags')
 provides=('python3')
 replaces=('python3')
-source=(http://www.python.org/ftp/python/${pkgver%rc*}/Python-${pkgver}.tar.xz)
-sha1sums=('7ca5cd664598bea96eec105aa6453223bb6b4456')
+source=(http://www.python.org/ftp/python/${pkgver%rc*}/Python-${pkgver}.tar.xz
+        increase-dh-key-size.patch)
+sha1sums=('7ca5cd664598bea96eec105aa6453223bb6b4456'
+          '924393ee68a39ba4931a49045895db8786b5e178')
 
 prepare() {
   cd Python-${pkgver}
 
+  # http://bugs.python.org/issue23844
+  patch -Np1 -i ../increase-dh-key-size.patch
+
   # FS#23997
   sed -i -e "s|^#.* /usr/local/bin/python|#!/usr/bin/python|" Lib/cgi.py
 

Added: increase-dh-key-size.patch
===================================================================
--- increase-dh-key-size.patch	                        (rev 0)
+++ increase-dh-key-size.patch	2015-09-07 10:44:58 UTC (rev 245450)
@@ -0,0 +1,49 @@
+
+# HG changeset patch
+# User Benjamin Peterson <benjamin at python.org>
+# Date 1427947446 14400
+# Node ID 1ad7c0253abe1252128d61c3d0127d22144cb354
+# Parent  47451f6e7e7528a6647dbdc435e9a9f5c13c0080
+replace 512 bit dh key with a 2014 bit one (closes #23844)
+
+Patch by Cédric Krier.
+
+diff --git a/Lib/test/dh1024.pem b/Lib/test/dh1024.pem
+new file mode 100644
+--- /dev/null
++++ b/Lib/test/dh1024.pem
+@@ -0,0 +1,7 @@
++-----BEGIN DH PARAMETERS-----
++MIGHAoGBAIbzw1s9CT8SV5yv6L7esdAdZYZjPi3qWFs61CYTFFQnf2s/d09NYaJt
++rrvJhIzWavqnue71qXCf83/J3nz3FEwUU/L0mGyheVbsSHiI64wUo3u50wK5Igo0
++RNs/LD0irs7m0icZ//hijafTU+JOBiuA8zMI+oZfU7BGuc9XrUprAgEC
++-----END DH PARAMETERS-----
++
++Generated with: openssl dhparam -out dh1024.pem  1024
+diff --git a/Lib/test/dh512.pem b/Lib/test/dh512.pem
+deleted file mode 100644
+--- a/Lib/test/dh512.pem
++++ /dev/null
+@@ -1,9 +0,0 @@
+------BEGIN DH PARAMETERS-----
+-MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak
+-XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC
+------END DH PARAMETERS-----
+-
+-These are the 512 bit DH parameters from "Assigned Number for SKIP Protocols"
+-(http://www.skip-vpn.org/spec/numbers.html).
+-See there for how they were generated.
+-Note that g is not a generator, but this is not a problem since p is a safe prime.
+diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
+--- a/Lib/test/test_ssl.py
++++ b/Lib/test/test_ssl.py
+@@ -64,7 +64,7 @@ BADKEY = data_file("badkey.pem")
+ NOKIACERT = data_file("nokia.pem")
+ NULLBYTECERT = data_file("nullbytecert.pem")
+ 
+-DHFILE = data_file("dh512.pem")
++DHFILE = data_file("dh1024.pem")
+ BYTES_DHFILE = os.fsencode(DHFILE)
+ 
+ 
+

More information about the arch-commits mailing list