Date: Monday, September 7, 2015 @ 12:44:58 Author: foutrelis Revision: 245450
Add upstream patch to increase DH key size in tests This fixes a failure in test_ssl. Added: python/trunk/increase-dh-key-size.patch Modified: python/trunk/PKGBUILD ----------------------------+ PKGBUILD | 9 ++++++- increase-dh-key-size.patch | 49 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+), 2 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2015-09-07 10:31:10 UTC (rev 245449) +++ PKGBUILD 2015-09-07 10:44:58 UTC (rev 245450) @@ -25,12 +25,17 @@ options=('!makeflags') provides=('python3') replaces=('python3') -source=(http://www.python.org/ftp/python/${pkgver%rc*}/Python-${pkgver}.tar.xz) -sha1sums=('7ca5cd664598bea96eec105aa6453223bb6b4456') +source=(http://www.python.org/ftp/python/${pkgver%rc*}/Python-${pkgver}.tar.xz + increase-dh-key-size.patch) +sha1sums=('7ca5cd664598bea96eec105aa6453223bb6b4456' + '924393ee68a39ba4931a49045895db8786b5e178') prepare() { cd Python-${pkgver} + # http://bugs.python.org/issue23844 + patch -Np1 -i ../increase-dh-key-size.patch + # FS#23997 sed -i -e "s|^#.* /usr/local/bin/python|#!/usr/bin/python|" Lib/cgi.py Added: increase-dh-key-size.patch =================================================================== --- increase-dh-key-size.patch (rev 0) +++ increase-dh-key-size.patch 2015-09-07 10:44:58 UTC (rev 245450) @@ -0,0 +1,49 @@ + +# HG changeset patch +# User Benjamin Peterson <benja...@python.org> +# Date 1427947446 14400 +# Node ID 1ad7c0253abe1252128d61c3d0127d22144cb354 +# Parent 47451f6e7e7528a6647dbdc435e9a9f5c13c0080 +replace 512 bit dh key with a 2014 bit one (closes #23844) + +Patch by Cédric Krier. + +diff --git a/Lib/test/dh1024.pem b/Lib/test/dh1024.pem +new file mode 100644 +--- /dev/null ++++ b/Lib/test/dh1024.pem +@@ -0,0 +1,7 @@ ++-----BEGIN DH PARAMETERS----- ++MIGHAoGBAIbzw1s9CT8SV5yv6L7esdAdZYZjPi3qWFs61CYTFFQnf2s/d09NYaJt ++rrvJhIzWavqnue71qXCf83/J3nz3FEwUU/L0mGyheVbsSHiI64wUo3u50wK5Igo0 ++RNs/LD0irs7m0icZ//hijafTU+JOBiuA8zMI+oZfU7BGuc9XrUprAgEC ++-----END DH PARAMETERS----- ++ ++Generated with: openssl dhparam -out dh1024.pem 1024 +diff --git a/Lib/test/dh512.pem b/Lib/test/dh512.pem +deleted file mode 100644 +--- a/Lib/test/dh512.pem ++++ /dev/null +@@ -1,9 +0,0 @@ +------BEGIN DH PARAMETERS----- +-MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak +-XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC +------END DH PARAMETERS----- +- +-These are the 512 bit DH parameters from "Assigned Number for SKIP Protocols" +-(http://www.skip-vpn.org/spec/numbers.html). +-See there for how they were generated. +-Note that g is not a generator, but this is not a problem since p is a safe prime. +diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py +--- a/Lib/test/test_ssl.py ++++ b/Lib/test/test_ssl.py +@@ -64,7 +64,7 @@ BADKEY = data_file("badkey.pem") + NOKIACERT = data_file("nokia.pem") + NULLBYTECERT = data_file("nullbytecert.pem") + +-DHFILE = data_file("dh512.pem") ++DHFILE = data_file("dh1024.pem") + BYTES_DHFILE = os.fsencode(DHFILE) + + +