#8 Security fix for CVE-2019-12855 (Check remote certificates for XMPP TLS)
Merged 3 months ago by cstratak. Opened 3 months ago by churchyard.
rpms/ churchyard/python-twisted CVE-2019-12855  into  master

file added
+1307
The added file is too large to be shown here, see it at: 1147.patch
file modified
+7 -1

@@ -7,7 +7,7 @@ 

  

  Name:           python-%{pypi_name}

  Version:        19.2.1

- Release:        2%{?dist}

+ Release:        3%{?dist}

  Summary:        Twisted is a networking engine written in Python

  

  License:        MIT

@@ -17,6 +17,9 @@ 

  # https://twistedmatrix.com/trac/ticket/9642

  Patch1:         0001-Import-gobject-from-gi.repository-in-Python-3.patch

  

+ # CVE-2019-12855: Check remote certificates for XMPP TLS

+ Patch2:         https://github.com/twisted/twisted/pull/1147.patch

+ 

  %{?python_enable_dependency_generator}

  

  %description

@@ -202,6 +205,9 @@ 

  

  

  %changelog

+ * Tue Jul 09 2019 Miro Hrončok <mhroncok@redhat.com> - 19.2.1-3

+ - Security fix for CVE-2019-12855 (Check certificates for XMPP TLS) (#1728206) (#1728207)

+ 

  * Wed Jul 03 2019 Miro Hrončok <mhroncok@redhat.com> - 19.2.1-2

  - Rebuilt to update automatic Python dependencies

  

Please also commit the patch.

(I'll continuie the review with wget https://github.com/twisted/twisted/pull/1147.patch.)

Wyy the damn does simple-koji-ci not catch this :(

With the patch added, go ahead and merge it.
I don't pretend to understand the patch, but it has no conflicts, adds passing tests, was reviewed by Glyph upstream, and only affects twisted.words.

Thanks. Amended.

There is one mor security issue filed in twisted, maybe we should build both of them together.

rebased onto f840222

3 months ago

Pull-Request has been merged by cstratak

3 months ago