f840222
@@ -7,7 +7,7 @@
Name: python-%{pypi_name}
Version: 19.2.1
- Release: 2%{?dist}
+ Release: 3%{?dist}
Summary: Twisted is a networking engine written in Python
License: MIT
@@ -17,6 +17,9 @@
# https://twistedmatrix.com/trac/ticket/9642
Patch1: 0001-Import-gobject-from-gi.repository-in-Python-3.patch
+ # CVE-2019-12855: Check remote certificates for XMPP TLS
+ Patch2: https://github.com/twisted/twisted/pull/1147.patch
+
%{?python_enable_dependency_generator}
%description
@@ -202,6 +205,9 @@
%changelog
+ * Tue Jul 09 2019 Miro Hrončok <mhroncok@redhat.com> - 19.2.1-3
+ - Security fix for CVE-2019-12855 (Check certificates for XMPP TLS) (#1728206) (#1728207)
* Wed Jul 03 2019 Miro Hrončok <mhroncok@redhat.com> - 19.2.1-2
- Rebuilt to update automatic Python dependencies
Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1728206 Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1728207
(untested)
Please also commit the patch.
(I'll continuie the review with wget https://github.com/twisted/twisted/pull/1147.patch.)
wget https://github.com/twisted/twisted/pull/1147.patch
Wyy the damn does simple-koji-ci not catch this :(
With the patch added, go ahead and merge it. I don't pretend to understand the patch, but it has no conflicts, adds passing tests, was reviewed by Glyph upstream, and only affects twisted.words.
twisted.words
Thanks. Amended.
There is one mor security issue filed in twisted, maybe we should build both of them together.
rebased onto f840222
Pull-Request has been merged by cstratak
Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1728206
Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1728207
(untested)