[Python-modules-commits] r26174 - in packages/python-urllib3/trunk/debian (2 files)

eriol-guest at users.alioth.debian.org eriol-guest at users.alioth.debian.org
Wed Oct 16 15:41:47 UTC 2013 

    Date: Wednesday, October 16, 2013 @ 15:41:44
  Author: eriol-guest
Revision: 26174

Removed 06_fix_abuse_of_match_hostname_for_DoS.patch since fixed upstream

Modified:
  packages/python-urllib3/trunk/debian/changelog
Deleted:
  packages/python-urllib3/trunk/debian/patches/06_fix_abuse_of_match_hostname_for_DoS.patch

Modified: packages/python-urllib3/trunk/debian/changelog
===================================================================
--- packages/python-urllib3/trunk/debian/changelog	2013-10-16 15:35:33 UTC (rev 26173)
+++ packages/python-urllib3/trunk/debian/changelog	2013-10-16 15:41:44 UTC (rev 26174)
@@ -9,8 +9,10 @@
     - Refreshed
   * debian/patches/05_fix_python3_syntax_error_in_ntlmpool.patch
     - Removed since fixed upstream
+  * debian/patches/06_fix_abuse_of_match_hostname_for_DoS.patch
+    - Removed since fixed upstream
 
- -- Daniele Tricoli <eriol at mornie.org>  Wed, 16 Oct 2013 17:33:45 +0200
+ -- Daniele Tricoli <eriol at mornie.org>  Wed, 16 Oct 2013 17:39:22 +0200
 
 python-urllib3 (1.6-2) unstable; urgency=high
 

Deleted: packages/python-urllib3/trunk/debian/patches/06_fix_abuse_of_match_hostname_for_DoS.patch
===================================================================
--- packages/python-urllib3/trunk/debian/patches/06_fix_abuse_of_match_hostname_for_DoS.patch	2013-10-16 15:35:33 UTC (rev 26173)
+++ packages/python-urllib3/trunk/debian/patches/06_fix_abuse_of_match_hostname_for_DoS.patch	2013-10-16 15:41:44 UTC (rev 26174)
@@ -1,26 +0,0 @@
-Description: Fix possible abuse of ssl.match_hostname() for denial
- of service using certificates with many wildcards (CVE-2013-2099)
-Origin: http://hg.python.org/cpython/rev/c627638753e2
-Bug: http://bugs.python.org/issue17980
-Bug-Debian: http://bugs.debian.org/709070
-
---- a/urllib3/packages/ssl_match_hostname/__init__.py
-+++ b/urllib3/packages/ssl_match_hostname/__init__.py
-@@ -7,9 +7,16 @@
- class CertificateError(ValueError):
-     pass
- 
--def _dnsname_to_pat(dn):
-+def _dnsname_to_pat(dn, max_wildcards=1):    
-     pats = []
-     for frag in dn.split(r'.'):
-+        if frag.count('*') > max_wildcards:
-+            # Issue #17980: avoid denials of service by refusing more
-+            # than one wildcard per fragment.  A survery of established
-+            # policy among SSL implementations showed it to be a
-+            # reasonable choice.
-+            raise CertificateError(
-+                    "too many wildcards in certificate DNS name: " + repr(dn))
-         if frag == '*':
-             # When '*' is a fragment by itself, it matches a non-empty dotless
-             # fragment.

More information about the Python-modules-commits mailing list