rpms
/
koji
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add upstream patch switching to TLS1 from sslv3

Browse Source
epel9
Dennis Gilmore 10 years ago
parent e9c0b57315
commit 8511f62424
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File

35
0001-use-TLSv1.-https-bugzilla.redhat.com-show_bug.cgi-id.patch
Unescape View File

@ -0,0 +1,35 @@
From 07d1eb810930fa1de7c89bad817ccca68b9ec7bc Mon Sep 17 00:00:00 2001
From: Mike McLean <mikem@redhat.com>
Date: Wed, 15 Oct 2014 10:54:31 -0400
Subject: [PATCH] use TLSv1.
https://bugzilla.redhat.com/show_bug.cgi?id=1152823
---
koji/ssl/SSLCommon.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/koji/ssl/SSLCommon.py b/koji/ssl/SSLCommon.py
index 1a3b3d6..014fbf6 100644
--- a/koji/ssl/SSLCommon.py
+++ b/koji/ssl/SSLCommon.py
@@ -37,7 +37,7 @@ def CreateSSLContext(certs):
if f and not os.access(f, os.R_OK):
raise StandardError, "%s does not exist or is not readable" % f
- ctx = SSL.Context(SSL.SSLv3_METHOD) # SSLv3 only
+ ctx = SSL.Context(SSL.TLSv1_METHOD) # TLS v1 only
ctx.use_certificate_file(key_and_cert)
ctx.use_privatekey_file(key_and_cert)
ctx.load_client_ca(ca_cert)
@@ -45,7 +45,7 @@ def CreateSSLContext(certs):
verify = SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT
ctx.set_verify(verify, our_verify)
ctx.set_verify_depth(10)
- ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_TLSv1)
+ ctx.set_options(SSL.OP_NO_SSLv3 | SSL.OP_NO_SSLv2 | SSL.OP_NO_TLSv1)
return ctx
--
2.2.0

7
koji.spec
Unescape View File

@ -2,7 +2,7 @@
Name: koji Name: koji
Version: 1.9.0 Version: 1.9.0
Release: 8%{?dist} Release: 9%{?dist}
License: LGPLv2 and GPLv2+ License: LGPLv2 and GPLv2+
# koji.ssl libs (from plague) are GPLv2+ # koji.ssl libs (from plague) are GPLv2+
Summary: Build system tools Summary: Build system tools
@ -22,6 +22,7 @@ Patch10: 0001-refactor-image-build-handlers-in-kojid.patch
Patch11: 0002-refactor-do_images.patch Patch11: 0002-refactor-do_images.patch
Patch12: 0003-add-raw-xz-option.patch Patch12: 0003-add-raw-xz-option.patch
Patch13: 0001-correctly-call-pykickstarts-makeVersion.patch Patch13: 0001-correctly-call-pykickstarts-makeVersion.patch
Patch14: 0001-use-TLSv1.-https-bugzilla.redhat.com-show_bug.cgi-id.patch
Source: https://fedorahosted.org/released/koji/koji-%{version}.tar.bz2 Source: https://fedorahosted.org/released/koji/koji-%{version}.tar.bz2
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -148,6 +149,7 @@ koji-web is a web UI to the Koji system.
%patch11 -p1 %patch11 -p1
%patch12 -p1 %patch12 -p1
%patch13 -p1 %patch13 -p1
%patch14 -p1
%build %build
@ -251,6 +253,9 @@ if [ $1 = 0 ]; then
fi fi
%changelog %changelog
* Thu Dec 11 2014 Dennis Gilmore <dennis@ausil.us> - 1.9.0-9
- add upstream patch switching to TLS1 from sslv3
* Tue Sep 30 2014 Dennis Gilmore <dennis@ausil.us> - 1.9.0-8 * Tue Sep 30 2014 Dennis Gilmore <dennis@ausil.us> - 1.9.0-8
- don't exclude koji-vm from ppc and ppc64 - don't exclude koji-vm from ppc and ppc64

Write Preview
Loading…
Cancel
Save