diff options
| author | Matthias Klose <doko@ubuntu.com> | 2015-12-12 15:00:33 +0100 |
|---|---|---|
| committer | git-ubuntu importer <ubuntu-devel-discuss@lists.ubuntu.com> | 2015-12-16 14:59:47 +0000 |
| commit | ea3e8fec7fc8ddafc956bb6d674eda2867c786ae (patch) | |
| tree | 45973dd83b43f36074ffda21731cef523bd31c3f | |
| parent | 3a66b0e87f05eed3647adc642b7d04b194f71fb3 (diff) | |
1.11.4-1ubuntu1 (patches unapplied)import/1.11.4-1ubuntu1ubuntu/trusty-updatesubuntu/trusty-proposedubuntu/trusty-devel
Imported using git-ubuntu import.
Notes
Notes:
* SRU: LP: #1500768.
* Backport pull request #385, fixing TLS verification when using a proxy.
| -rw-r--r-- | debian/changelog | 7 | ||||
| -rw-r--r-- | debian/patches/tls-verification.diff | 30 | ||||
| -rwxr-xr-x | debian/rules | 1 |
3 files changed, 38 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index d2fbde4..b5998ab 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +python-virtualenv (1.11.4-1ubuntu1) trusty-proposed; urgency=medium + + * SRU: LP: #1500768. + * Backport pull request #385, fixing TLS verification when using a proxy. + + -- Matthias Klose <doko@ubuntu.com> Sat, 12 Dec 2015 15:00:33 +0100 + python-virtualenv (1.11.4-1) unstable; urgency=medium * Team upload. diff --git a/debian/patches/tls-verification.diff b/debian/patches/tls-verification.diff new file mode 100644 index 0000000..9a804d8 --- /dev/null +++ b/debian/patches/tls-verification.diff @@ -0,0 +1,30 @@ +--- a/pip/_vendor/requests/packages/urllib3/connection.py ++++ b/pip/_vendor/requests/packages/urllib3/connection.py +@@ -155,12 +155,17 @@ + # self._tunnel_host below. + self._tunnel() + ++ # The name of the host we're requesting data from. ++ actual_host = self._tunnel_host ++ else: ++ actual_host = self.host ++ + # Wrap socket using verification with the root certs in + # trusted_root_certs + self.sock = ssl_wrap_socket(sock, self.key_file, self.cert_file, + cert_reqs=resolved_cert_reqs, + ca_certs=self.ca_certs, +- server_hostname=self.host, ++ server_hostname=actual_host, + ssl_version=resolved_ssl_version) + + if resolved_cert_reqs != ssl.CERT_NONE: +@@ -169,7 +174,7 @@ + self.assert_fingerprint) + elif self.assert_hostname is not False: + match_hostname(self.sock.getpeercert(), +- self.assert_hostname or self.host) ++ self.assert_hostname or actual_host) + + + if ssl: diff --git a/debian/rules b/debian/rules index 658928b..6ae0b2d 100755 --- a/debian/rules +++ b/debian/rules @@ -13,6 +13,7 @@ override_dh_auto_configure: unzip -d debian/pip $(PIP_WHL).orig # Add any necessary embedded pip patch applications here, e.g. #patch -d debian/pip -p1 < debian/patches/pip_non-writeable-home.patch + patch -d debian/pip -p1 < debian/patches/tls-verification.diff cd debian/pip && zip -r $(PIP_WHL_PATCHED) . # Rebuild the embedded parts, we may be quilt patching their sources [ -e virtualenv.py.orig ] || cp virtualenv.py virtualenv.py.orig |
