[arch-commits] Commit in python/trunk (3 files)
Felix Yan
felixonmars at archlinux.org
Thu Jul 20 08:50:08 UTC 2017
Date: Thursday, July 20, 2017 @ 08:50:08
Author: felixonmars
Revision: 300856
upgpkg: python 3.6.2-1
Added:
python/trunk/openssl-110f.patch
Modified:
python/trunk/PKGBUILD
Deleted:
python/trunk/test_socket_aead_kernel49.patch
---------------------------------+
PKGBUILD | 16 ++++-----
openssl-110f.patch | 51 +++++++++++++++++++++++++++++++
test_socket_aead_kernel49.patch | 61 --------------------------------------
3 files changed, 59 insertions(+), 69 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-07-20 06:33:17 UTC (rev 300855)
+++ PKGBUILD 2017-07-20 08:50:08 UTC (rev 300856)
@@ -6,7 +6,7 @@
# Contributor: Jason Chu <jason at archlinux.org>
pkgname=python
-pkgver=3.6.1
+pkgver=3.6.2
pkgrel=1
_pybasever=3.6
pkgdesc="Next generation of the python high-level scripting language"
@@ -24,19 +24,19 @@
provides=('python3')
replaces=('python3')
source=("https://www.python.org/ftp/python/${pkgver%rc*}/Python-${pkgver}.tar.xz"{,.asc}
- test_socket_aead_kernel49.patch
+ openssl-110f.patch
dont-make-libpython-readonly.patch)
-sha1sums=('91d880a2a9fcfc6753cbfa132bf47a47e17e7b16'
- 'SKIP'
- '54df54d984fae381e471494e9b7f028a9f792eaf'
- 'c22b24324b8e53326702de439c401d97927ee3f2')
+sha512sums=('a8270a09a9e9b39f69ece6cdade2fa964665d2107b5acbad4453f1b921107b329c697c137185928fb4a576fc0f2ae2a98dbf26a8b7ea17219e990ddbc216db8b'
+ 'SKIP'
+ 'b32c2a0f17b3d19720187b68606024886c6b8008b7c61feaf4fe7b26b4547fddc71a2f191f87557d5fe613d06a8bc79ce5f724681a3090559fc34a032ccbf61a'
+ '2ef96708d5b13ae2a3d2cc62c87b4780e60ecfce914e190564492def3a11d5e56977659f41c7f9d12266e58050c766bce4e2b5d50b708eb792794fa8357920c4')
validpgpkeys=('0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D') # Ned Deily (Python release signing key) <nad at python.org>
prepare() {
cd Python-${pkgver}
- # Test suite fix for Linux 4.9.
- patch -p1 -i ../test_socket_aead_kernel49.patch
+ # https://bugs.python.org/issue30714
+ patch -p1 -i ../openssl-110f.patch
# FS#45809
patch -p1 -i ../dont-make-libpython-readonly.patch
Added: openssl-110f.patch
===================================================================
--- openssl-110f.patch (rev 0)
+++ openssl-110f.patch 2017-07-20 08:50:08 UTC (rev 300856)
@@ -0,0 +1,51 @@
+From 0e396a20c3137244b1774bd14a0cb03921ff326d Mon Sep 17 00:00:00 2001
+From: Christian Heimes <christian at python.org>
+Date: Tue, 20 Jun 2017 18:28:38 +0200
+Subject: [PATCH] bpo-30714: ALPN changes for OpenSSL 1.1.0f
+
+OpenSSL 1.1.0 to 1.1.0e aborted the handshake when server and client
+could not agree on a protocol using ALPN. OpenSSL 1.1.0f changed that.
+The most recent version now behaves like OpenSSL 1.0.2 again. The ALPN
+callback can pretend to not been set.
+
+See https://github.com/openssl/openssl/pull/3158 for more details
+
+Signed-off-by: Christian Heimes <christian at python.org>
+---
+ Doc/library/ssl.rst | 5 +++--
+ Lib/test/test_ssl.py | 5 +++--
+ Misc/NEWS | 3 +++
+ 3 files changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
+index 729a239a1ba..b51b9c6e396 100644
+--- a/Doc/library/ssl.rst
++++ b/Doc/library/ssl.rst
+@@ -1447,8 +1447,9 @@ to speed up repeated connections from the same clients.
+ This method will raise :exc:`NotImplementedError` if :data:`HAS_ALPN` is
+ False.
+
+- OpenSSL 1.1.0+ will abort the handshake and raise :exc:`SSLError` when
+- both sides support ALPN but cannot agree on a protocol.
++ OpenSSL 1.1.0 to 1.1.0e will abort the handshake and raise :exc:`SSLError`
++ when both sides support ALPN but cannot agree on a protocol. 1.1.0f+
++ behaves like 1.0.2.
+
+ .. versionadded:: 3.5
+
+diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
+index fdaf1c52046..3215031206c 100644
+--- a/Lib/test/test_ssl.py
++++ b/Lib/test/test_ssl.py
+@@ -3267,8 +3267,9 @@ def test_alpn_protocols(self):
+ except ssl.SSLError as e:
+ stats = e
+
+- if expected is None and IS_OPENSSL_1_1:
+- # OpenSSL 1.1.0 raises handshake error
++ if (expected is None and IS_OPENSSL_1_1
++ and ssl.OPENSSL_VERSION_INFO < (1, 1, 0, 6)):
++ # OpenSSL 1.1.0 to 1.1.0e raises handshake error
+ self.assertIsInstance(stats, ssl.SSLError)
+ else:
+ msg = "failed trying %s (s) and %s (c).\n" \
Deleted: test_socket_aead_kernel49.patch
===================================================================
--- test_socket_aead_kernel49.patch 2017-07-20 06:33:17 UTC (rev 300855)
+++ test_socket_aead_kernel49.patch 2017-07-20 08:50:08 UTC (rev 300856)
@@ -1,61 +0,0 @@
-Index: Python-3.6.0/Lib/test/test_socket.py
-===================================================================
---- Python-3.6.0.orig/Lib/test/test_socket.py
-+++ Python-3.6.0/Lib/test/test_socket.py
-@@ -5456,7 +5456,7 @@ class LinuxKernelCryptoAPI(unittest.Test
- self.assertEqual(len(dec), msglen * multiplier)
- self.assertEqual(dec, msg * multiplier)
-
-- @support.requires_linux_version(4, 3) # see test_aes_cbc
-+ @support.requires_linux_version(4, 9) # see issue29324
- def test_aead_aes_gcm(self):
- key = bytes.fromhex('c939cc13397c1d37de6ae0e1cb7c423c')
- iv = bytes.fromhex('b3d8cc017cbb89b39e0f67e2')
-@@ -5479,8 +5479,7 @@ class LinuxKernelCryptoAPI(unittest.Test
- op.sendmsg_afalg(op=socket.ALG_OP_ENCRYPT, iv=iv,
- assoclen=assoclen, flags=socket.MSG_MORE)
- op.sendall(assoc, socket.MSG_MORE)
-- op.sendall(plain, socket.MSG_MORE)
-- op.sendall(b'\x00' * taglen)
-+ op.sendall(plain)
- res = op.recv(assoclen + len(plain) + taglen)
- self.assertEqual(expected_ct, res[assoclen:-taglen])
- self.assertEqual(expected_tag, res[-taglen:])
-@@ -5488,7 +5487,7 @@ class LinuxKernelCryptoAPI(unittest.Test
- # now with msg
- op, _ = algo.accept()
- with op:
-- msg = assoc + plain + b'\x00' * taglen
-+ msg = assoc + plain
- op.sendmsg_afalg([msg], op=socket.ALG_OP_ENCRYPT, iv=iv,
- assoclen=assoclen)
- res = op.recv(assoclen + len(plain) + taglen)
-@@ -5499,7 +5498,7 @@ class LinuxKernelCryptoAPI(unittest.Test
- pack_uint32 = struct.Struct('I').pack
- op, _ = algo.accept()
- with op:
-- msg = assoc + plain + b'\x00' * taglen
-+ msg = assoc + plain
- op.sendmsg(
- [msg],
- ([socket.SOL_ALG, socket.ALG_SET_OP, pack_uint32(socket.ALG_OP_ENCRYPT)],
-@@ -5507,7 +5506,7 @@ class LinuxKernelCryptoAPI(unittest.Test
- [socket.SOL_ALG, socket.ALG_SET_AEAD_ASSOCLEN, pack_uint32(assoclen)],
- )
- )
-- res = op.recv(len(msg))
-+ res = op.recv(len(msg) + taglen)
- self.assertEqual(expected_ct, res[assoclen:-taglen])
- self.assertEqual(expected_tag, res[-taglen:])
-
-@@ -5517,8 +5516,8 @@ class LinuxKernelCryptoAPI(unittest.Test
- msg = assoc + expected_ct + expected_tag
- op.sendmsg_afalg([msg], op=socket.ALG_OP_DECRYPT, iv=iv,
- assoclen=assoclen)
-- res = op.recv(len(msg))
-- self.assertEqual(plain, res[assoclen:-taglen])
-+ res = op.recv(len(msg) - taglen)
-+ self.assertEqual(plain, res[assoclen:])
-
- @support.requires_linux_version(4, 3) # see test_aes_cbc
- def test_drbg_pr_sha256(self):
More information about the arch-commits
mailing list