rpms / python-twisted

Clone
Source Code
GIT

#8 Security fix for CVE-2019-12855 (Check remote certificates for XMPP TLS)
Merged 4 years ago by cstratak. Opened 4 years ago by churchyard.
rpms/ churchyard/python-twisted CVE-2019-12855  into  master

file added
+1307
The added file is too large to be shown here, see it at: 1147.patch
file modified
+7 -1 
@@ -7,7 +7,7 @@ 
 

  

  Name:           python-%{pypi_name}
 

  Version:        19.2.1
 

- Release:        2%{?dist}
 

+ Release:        3%{?dist}
 

  Summary:        Twisted is a networking engine written in Python
 

  

  License:        MIT
 
@@ -17,6 +17,9 @@ 
 

  # https://twistedmatrix.com/trac/ticket/9642
 

  Patch1:         0001-Import-gobject-from-gi.repository-in-Python-3.patch
 

  

+ # CVE-2019-12855: Check remote certificates for XMPP TLS
 

+ Patch2:         https://github.com/twisted/twisted/pull/1147.patch
 

+ 

  %{?python_enable_dependency_generator}
 

  

  %description
 
@@ -202,6 +205,9 @@ 
 

  

  

  %changelog
 

+ * Tue Jul 09 2019 Miro Hrončok <mhroncok@redhat.com> - 19.2.1-3
 

+ - Security fix for CVE-2019-12855 (Check certificates for XMPP TLS) (#1728206) (#1728207)
 

+ 

  * Wed Jul 03 2019 Miro Hrončok <mhroncok@redhat.com> - 19.2.1-2
 

  - Rebuilt to update automatic Python dependencies

Please also commit the patch.

(I'll continuie the review with wget https://github.com/twisted/twisted/pull/1147.patch.)

Wyy the damn does simple-koji-ci not catch this :(

With the patch added, go ahead and merge it.
I don't pretend to understand the patch, but it has no conflicts, adds passing tests, was reviewed by Glyph upstream, and only affects twisted.words.

Thanks. Amended.

There is one mor security issue filed in twisted, maybe we should build both of them together.

rebased onto f840222
4 years ago

Pull-Request has been merged by cstratak
4 years ago
Changes Summary 2
+1307
file added
1147.patch
+7 -1
file changed
python-twisted.spec
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.