[Python-modules-commits] r32757 - in packages/python-eventlet/trunk/debian (3 files)

zigo at users.alioth.debian.org zigo at users.alioth.debian.org
Thu May 21 17:13:55 UTC 2015 

    Date: Thursday, May 21, 2015 @ 17:13:54
  Author: zigo
Revision: 32757

Enforce TLSv1 always, instead of the more permissive SSLv23.

Added:
  packages/python-eventlet/trunk/debian/patches/enforce-tlsv1-always.patch
Modified:
  packages/python-eventlet/trunk/debian/changelog
  packages/python-eventlet/trunk/debian/patches/series

Modified: packages/python-eventlet/trunk/debian/changelog
===================================================================
--- packages/python-eventlet/trunk/debian/changelog	2015-05-21 14:17:39 UTC (rev 32756)
+++ packages/python-eventlet/trunk/debian/changelog	2015-05-21 17:13:54 UTC (rev 32757)
@@ -1,3 +1,9 @@
+python-eventlet (0.17.3-3) unstable; urgency=medium
+
+  * Enforce TLSv1 always, instead of the more permissive SSLv23.
+
+ -- Thomas Goirand <zigo at debian.org>  Thu, 21 May 2015 17:09:29 +0000
+
 python-eventlet (0.17.3-2) unstable; urgency=medium
 
   * Activates --with python3 which was missing.

Added: packages/python-eventlet/trunk/debian/patches/enforce-tlsv1-always.patch
===================================================================
--- packages/python-eventlet/trunk/debian/patches/enforce-tlsv1-always.patch	                        (rev 0)
+++ packages/python-eventlet/trunk/debian/patches/enforce-tlsv1-always.patch	2015-05-21 17:13:54 UTC (rev 32757)
@@ -0,0 +1,18 @@
+Description: Always enforce TLSv1
+ Upstream allows SSLv23, but we don't want this, we want TLSv1 always, as
+ we shouldn't trust lower types of crypto.
+Author: Thomas Goirand <zigo at debian.org>
+Forwarded: not-needed
+Last-Update: 2015-05-21
+
+--- python-eventlet-0.17.3.orig/eventlet/convenience.py
++++ python-eventlet-0.17.3/eventlet/convenience.py
+@@ -139,7 +139,7 @@ except ImportError:
+                           do_handshake_on_connect=True,
+                           suppress_ragged_eofs=True, ciphers=None):
+             # theoretically the ssl_version could be respected in this line
+-            context = SSL.Context(SSL.SSLv23_METHOD)
++            context = SSL.Context(SSL.TLSv1_METHOD)
+             if certfile is not None:
+                 context.use_certificate_file(certfile)
+             if keyfile is not None:

Modified: packages/python-eventlet/trunk/debian/patches/series
===================================================================
--- packages/python-eventlet/trunk/debian/patches/series	2015-05-21 14:17:39 UTC (rev 32756)
+++ packages/python-eventlet/trunk/debian/patches/series	2015-05-21 17:13:54 UTC (rev 32757)
@@ -1,3 +1,4 @@
 remove-self.assert-in-tests.patcher_test.py.patch
 fix-FTBFS-on-sphinx-build.patch
 use-packaged-python-mock-rather-than-embedded.patch
+enforce-tlsv1-always.patch

More information about the Python-modules-commits mailing list