[issue25672] set SSL_MODE_RELEASE_BUFFERS

2016-01-07 Thread Roundup Robot
Roundup Robot added the comment: New changeset b5b0394ed20b by Benjamin Peterson in branch 'default': merge 3.5 (closes #25672) https://hg.python.org/cpython/rev/b5b0394ed20b -- nosy: +python-dev resolution: -> fixed stage: commit review -> resolved status: open -> closed

[issue25672] set SSL_MODE_RELEASE_BUFFERS

2016-01-06 Thread Marc-Andre Lemburg
Marc-Andre Lemburg added the comment: Thanks, Brett. I'm too busy with other things at the moment. -- assignee: -> brett.cannon ___ Python tracker ___

[issue25672] set SSL_MODE_RELEASE_BUFFERS

2016-01-06 Thread Brett Cannon
Brett Cannon added the comment: I assume this can be checked in, MAL? If you need someone to do it for you, feel free to assign it to me and I can do it when I have a chance. -- nosy: +brett.cannon stage: -> commit review ___ Python tracker

[issue25672] set SSL_MODE_RELEASE_BUFFERS

2015-11-20 Thread Cory Benfield
Cory Benfield added the comment: Thanks for the updated info Marc-Andre. Yeah, while generally speaking OpenSSL doesn't ship betas, it does provide them as tarballs. I have a beta of 1.0.2 floating around somewhere on my machine that I was using for ALPN testing back in 2014, and so I can

[issue25672] set SSL_MODE_RELEASE_BUFFERS

2015-11-20 Thread Marc-Andre Lemburg
Marc-Andre Lemburg added the comment: On 20.11.2015 12:10, Cory Benfield wrote: > Yeah, while generally speaking OpenSSL doesn't ship betas, it does provide > them as tarballs. I have a beta of 1.0.2 floating around somewhere on my > machine that I was using for ALPN testing back in 2014, and

[issue25672] set SSL_MODE_RELEASE_BUFFERS

2015-11-20 Thread Cory Benfield
Cory Benfield added the comment: Good idea Benjamin. I've uploaded a second patch that adjusts the check to be a runtime one, rather than a compiled one. -- Added file: http://bugs.python.org/file41091/ssl2.patch ___ Python tracker

[issue25672] set SSL_MODE_RELEASE_BUFFERS

2015-11-20 Thread Marc-Andre Lemburg
Marc-Andre Lemburg added the comment: The release buffer mode bugs were fixed in 1.0.0m and 1.0.1h: https://openssl.org/news/vulnerabilities.html#y2014 CVE-2014-0198 (OpenSSL advisory) 21st April 2014: A flaw in the do_ssl3_write function can allow remote attackers to cause a denial of

[issue25672] set SSL_MODE_RELEASE_BUFFERS

2015-11-19 Thread Cory Benfield
Cory Benfield added the comment: Ok, I've just uploaded an initial draft of the patch for review. -- keywords: +patch Added file: http://bugs.python.org/file41083/ssl.patch ___ Python tracker

[issue25672] set SSL_MODE_RELEASE_BUFFERS

2015-11-19 Thread Ethan Furman
Changes by Ethan Furman : -- nosy: +alex, christian.heimes, dstufft, giampaolo.rodola, janssen, pitrou title: Unconditionally set SSL_MODE_RELEASE_BUFFERS -> set SSL_MODE_RELEASE_BUFFERS ___ Python tracker

[issue25672] set SSL_MODE_RELEASE_BUFFERS

2015-11-19 Thread Benjamin Peterson
Benjamin Peterson added the comment: It might be better to do a runtime OpenSSL version check in case someone upgrades or downgrades to an vulnerable version without recompiling Python. -- nosy: +benjamin.peterson ___ Python tracker