summaryrefslogtreecommitdiff
diff options
authorVincent Bernat <bernat@debian.org>2013-08-16 17:53:42 +0200
committergit-ubuntu importer <ubuntu-devel-discuss@lists.ubuntu.com>2013-08-16 22:18:21 +0000
commit9bf615e696d500c9eb9708054ad750ff14ee53a0 (patch)
treead58b3b97023d8e798e5cc0b09b9549c1019122d
parent05638324426c8b7c2752b527fc190e465ed60306 (diff)
Imported using git-ubuntu import.
Notes
Notes: * Team upload. [ Vincent Bernat ] * Upload to unstable. * Fix CVE-2013-2037 with the appropriate patch. Closes: #706602.
-rw-r--r--debian/changelog10
-rw-r--r--debian/patches/series1
-rw-r--r--debian/patches/ssl-mismatch-check.patch25
3 files changed, 36 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index b884c57..0fd85c5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+python-httplib2 (0.8-2) unstable; urgency=low
+
+ * Team upload.
+
+ [ Vincent Bernat ]
+ * Upload to unstable.
+ * Fix CVE-2013-2037 with the appropriate patch. Closes: #706602.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 16 Aug 2013 17:53:42 +0200
+
python-httplib2 (0.8-1) experimental; urgency=low
* New upstream release.
diff --git a/debian/patches/series b/debian/patches/series
index 31c07bf..87a0444 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
use_system_cacerts.patch
+ssl-mismatch-check.patch
diff --git a/debian/patches/ssl-mismatch-check.patch b/debian/patches/ssl-mismatch-check.patch
new file mode 100644
index 0000000..4f9e2b3
--- /dev/null
+++ b/debian/patches/ssl-mismatch-check.patch
@@ -0,0 +1,25 @@
+Description: Close connection on certificate mismatch to avoid reuse
+Author: Roman Podolyaka <rpodolyaka...mirantis.com>
+Forwarded: https://code.google.com/p/httplib2/issues/detail?id=282
+
+diff -r 93291649202b python2/httplib2/__init__.py
+--- a/python2/httplib2/__init__.py Tue Mar 26 14:17:48 2013 -0400
++++ b/python2/httplib2/__init__.py Tue Apr 23 10:32:15 2013 +0300
+@@ -1030,7 +1030,7 @@
+ raise CertificateHostnameMismatch(
+ 'Server presented certificate that does not match '
+ 'host %s: %s' % (hostname, cert), hostname, cert)
+- except ssl_SSLError, e:
++ except (ssl_SSLError, CertificateHostnameMismatch), e:
+ if sock:
+ sock.close()
+ if self.sock:
+@@ -1040,7 +1040,7 @@
+ # to get at more detailed error information, in particular
+ # whether the error is due to certificate validation or
+ # something else (such as SSL protocol mismatch).
+- if e.errno == ssl.SSL_ERROR_SSL:
++ if hasattr(e, 'errno') and e.errno == ssl.SSL_ERROR_SSL:
+ raise SSLHandshakeError(e)
+ else:
+ raise