From 930f77ffedb05f5b11d2ecafdd567ca4d150e421 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 13 2015 07:00:30 +0000 Subject: import python-setuptools-0.9.8-4.el7 --- diff --git a/SOURCES/restore-proxy-support-SSL-connection.patch b/SOURCES/restore-proxy-support-SSL-connection.patch new file mode 100644 index 0000000..23dc9ef --- /dev/null +++ b/SOURCES/restore-proxy-support-SSL-connection.patch @@ -0,0 +1,52 @@ +diff --git a/setuptools/ssl_support.py b/setuptools/ssl_support.py +--- a/setuptools/ssl_support.py ++++ b/setuptools/ssl_support.py +@@ -194,6 +194,12 @@ + sock = create_connection( + (self.host, self.port), getattr(self,'source_address',None) + ) ++ ++ # Handle the socket if a (proxy) tunnel is present ++ if hasattr(self, '_tunnel') and getattr(self, '_tunnel_host', None): ++ self.sock = sock ++ self._tunnel() ++ + self.sock = ssl.wrap_socket( + sock, cert_reqs=ssl.CERT_REQUIRED, ca_certs=self.ca_bundle + ) +# HG changeset patch +# User Raphael Kubo da Costa +# Date 1404396219 -10800 +# Node ID ca4b86f318ecf4cb46462e65a86fc814295124e8 +# Parent 2381b11608897723145601dac345b9a4c981f3cb +ssl_support: Adjust to tunneling changes in Python 2.7.7 and 3.4.1. + +The fix for https://bugs.python.org/issue7776 changed httplib.HTTPConnection's +handling of tunneling: `host' now points to the proxy host, so we have to +adjust the code to perform the certificate validation on `_tunnel_host' instead +when it is available. + +diff --git a/setuptools/ssl_support.py b/setuptools/ssl_support.py +--- a/setuptools/ssl_support.py ++++ b/setuptools/ssl_support.py +@@ -178,12 +178,19 @@ + if hasattr(self, '_tunnel') and getattr(self, '_tunnel_host', None): + self.sock = sock + self._tunnel() ++ # http://bugs.python.org/issue7776: Python>=3.4.1 and >=2.7.7 ++ # change self.host to mean the proxy server host when tunneling is ++ # being used. Adapt, since we are interested in the destination ++ # host for the match_hostname() comparison. ++ actual_host = self._tunnel_host ++ else: ++ actual_host = self.host + + self.sock = ssl.wrap_socket( + sock, cert_reqs=ssl.CERT_REQUIRED, ca_certs=self.ca_bundle + ) + try: +- match_hostname(self.sock.getpeercert(), self.host) ++ match_hostname(self.sock.getpeercert(), actual_host) + except CertificateError: + self.sock.shutdown(socket.SHUT_RDWR) + self.sock.close() diff --git a/SPECS/python-setuptools.spec b/SPECS/python-setuptools.spec index 1c06ee8..2259b0c 100644 --- a/SPECS/python-setuptools.spec +++ b/SPECS/python-setuptools.spec @@ -2,7 +2,7 @@ Name: python-setuptools Version: 0.9.8 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Easily build and distribute Python packages Group: Applications/System @@ -14,6 +14,9 @@ Source2: zpl.txt Patch0: python-setuptools-0.9.8-use-ssl-match-hostname-from-backports.patch +# Restore proxy support in SSL connections +Patch1: restore-proxy-support-SSL-connection.patch + BuildArch: noarch BuildRequires: python2-devel BuildRequires: python-backports-ssl_match_hostname @@ -43,6 +46,7 @@ This package contains the distribute fork of setuptools. sed -i '1s|^#!python|#!%{__python}|' setuptools/command/easy_install.py %patch0 -p1 +%patch1 -p1 %build CFLAGS="$RPM_OPT_FLAGS" %{__python} setup.py build @@ -68,6 +72,10 @@ LANG=en_US.utf8 %{__python} setup.py test %{_bindir}/easy_install-2.* %changelog +* Tue Jun 30 2015 Matej Stuchlik - 0.9.8-4 +- Restore proxy support in SSL connections +Resolves: rhbz#1121007 + * Fri Dec 27 2013 Daniel Mach - 0.9.8-3 - Mass rebuild 2013-12-27