From 8f7e21547a06389b6bf34bdc897e1423a80f2c4c Mon Sep 17 00:00:00 2001 From: Matej Stuchlik Date: Jun 19 2015 09:58:26 +0000 Subject: Increase testsuite's DH key size --- diff --git a/00204-increase-dh-keys-size.patch b/00204-increase-dh-keys-size.patch new file mode 100644 index 0000000..e75d992 --- /dev/null +++ b/00204-increase-dh-keys-size.patch @@ -0,0 +1,49 @@ + +# HG changeset patch +# User Benjamin Peterson +# Date 1427947446 14400 +# Node ID 1ad7c0253abe1252128d61c3d0127d22144cb354 +# Parent 47451f6e7e7528a6647dbdc435e9a9f5c13c0080 +replace 512 bit dh key with a 2014 bit one (closes #23844) + +Patch by Cédric Krier. + +diff --git a/Lib/test/dh1024.pem b/Lib/test/dh1024.pem +new file mode 100644 +--- /dev/null ++++ b/Lib/test/dh1024.pem +@@ -0,0 +1,7 @@ ++-----BEGIN DH PARAMETERS----- ++MIGHAoGBAIbzw1s9CT8SV5yv6L7esdAdZYZjPi3qWFs61CYTFFQnf2s/d09NYaJt ++rrvJhIzWavqnue71qXCf83/J3nz3FEwUU/L0mGyheVbsSHiI64wUo3u50wK5Igo0 ++RNs/LD0irs7m0icZ//hijafTU+JOBiuA8zMI+oZfU7BGuc9XrUprAgEC ++-----END DH PARAMETERS----- ++ ++Generated with: openssl dhparam -out dh1024.pem 1024 +diff --git a/Lib/test/dh512.pem b/Lib/test/dh512.pem +deleted file mode 100644 +--- a/Lib/test/dh512.pem ++++ /dev/null +@@ -1,9 +0,0 @@ +------BEGIN DH PARAMETERS----- +-MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak +-XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC +------END DH PARAMETERS----- +- +-These are the 512 bit DH parameters from "Assigned Number for SKIP Protocols" +-(http://www.skip-vpn.org/spec/numbers.html). +-See there for how they were generated. +-Note that g is not a generator, but this is not a problem since p is a safe prime. +diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py +--- a/Lib/test/test_ssl.py ++++ b/Lib/test/test_ssl.py +@@ -64,7 +64,7 @@ BADKEY = data_file("badkey.pem") + NOKIACERT = data_file("nokia.pem") + NULLBYTECERT = data_file("nullbytecert.pem") + +-DHFILE = data_file("dh512.pem") ++DHFILE = data_file("dh1024.pem") + BYTES_DHFILE = os.fsencode(DHFILE) + + + diff --git a/python3.spec b/python3.spec index fcd3d15..6f243c3 100644 --- a/python3.spec +++ b/python3.spec @@ -140,7 +140,7 @@ Summary: Version 3 of the Python programming language aka Python 3000 Name: python3 Version: %{pybasever}.3 -Release: 3%{?dist} +Release: 4%{?dist} License: Python Group: Development/Languages @@ -731,6 +731,9 @@ Patch202: 00202-fix-undefined-behaviour-in-faulthandler.patch # test_threading fails in koji dues to it's handling of signals Patch203: 00203-disable-threading-test-koji.patch +# openssl requires DH keys to be > 768bits +Patch204: 00204-increase-dh-keys-size.patch + # (New patches go here ^^^) # @@ -909,6 +912,11 @@ for f in md5module.c sha1module.c sha256module.c sha512module.c; do rm Modules/$f done +%if 0%{with_rewheel} +%global pip_version 7.0.3 +sed -r -i s/'_PIP_VERSION = "[0-9.]+"'/'_PIP_VERSION = "%{pip_version}"'/ Lib/ensurepip/__init__.py +%endif + # # Apply patches: # @@ -1013,6 +1021,7 @@ done %patch199 -p1 %patch202 -p1 %patch203 -p1 +%patch204 -p1 # Currently (2010-01-15), http://docs.python.org/library is for 2.6, and there # are many differences between 2.6 and the Python 3 library. @@ -1131,7 +1140,7 @@ BuildPython debug \ "--with-pydebug --with-count-allocs --with-call-profile --without-ensurepip" \ %endif false \ - -O1 + -O0 %endif # with_debug_build BuildPython optimized \ @@ -1206,7 +1215,7 @@ make install DESTDIR=%{buildroot} INSTALL="install -p" EXTRA_CFLAGS="$MoreCFlags %if 0%{?with_debug_build} InstallPython debug \ %{py_INSTSONAME_debug} \ - -O1 + -O0 %endif # with_debug_build # Now the optimized build: @@ -1912,6 +1921,11 @@ rm -fr %{buildroot} * Thu Jun 18 2015 Fedora Release Engineering - 3.4.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild +* Wed Jun 17 2015 Matej Stuchlik - 3.4.3-4 +- Use 1024bit DH key in test_ssl +- Use -O0 when compiling -debug build +- Update pip version variable to the version we actually ship + * Wed Jun 17 2015 Matej Stuchlik - 3.4.3-3 - Make relocating Python by changing _prefix actually work Resolves: rhbz#1231801