diff --git a/SOURCES/9900-centos-fix-ssl-connection-resets.patch b/SOURCES/9900-centos-fix-ssl-connection-resets.patch new file mode 100644 index 0000000..952ca69 --- /dev/null +++ b/SOURCES/9900-centos-fix-ssl-connection-resets.patch @@ -0,0 +1,21 @@ +diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py +index 0aeabc10f2..72b7a94a21 100644 +--- a/Lib/test/test_ssl.py ++++ b/Lib/test/test_ssl.py +@@ -2021,6 +2021,16 @@ if _have_threads: + sys.stdout.write(" server: read %r (%s), sending back %r (%s)...\n" + % (msg, ctype, msg.lower(), ctype)) + self.write(msg.lower()) ++ except ConnectionResetError: ++ # XXX: OpenSSL 1.1.1 sometimes raises ConnectionResetError ++ # when connection is not shut down gracefully. ++ if self.server.chatty and support.verbose: ++ sys.stdout.write( ++ " Connection reset by peer: {}\n".format( ++ self.addr) ++ ) ++ self.close() ++ self.running = False + except OSError: + if self.server.chatty: + handle_error("Test server failure:\n") diff --git a/SPECS/python3.spec b/SPECS/python3.spec index bd7e9f3..5338e24 100644 --- a/SPECS/python3.spec +++ b/SPECS/python3.spec @@ -363,6 +363,8 @@ Patch294: 00294-define-TLS-cipher-suite-on-build-time.patch # and https://bugzilla.redhat.com/show_bug.cgi?id=1714756 Patch320: 00320-CVE-2019-9636-and-CVE-2019-10160.patch +Patch9900: 9900-centos-fix-ssl-connection-resets.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -644,6 +646,7 @@ sed -r -i s/'_PIP_VERSION = "[0-9.]+"'/'_PIP_VERSION = "%{pip_version}"'/ Lib/en %patch294 -p1 %patch320 -p1 +%patch9900 -p1 # Remove files that should be generated by the build # (This is after patching, so that we can use patches directly from upstream) @@ -1063,6 +1066,9 @@ CheckPython() { -wW --slowest --findleaks \ -x test_distutils \ -x test_bdist_rpm \ + %ifarch %{arm} + -x test_gdb \ + %endif %ifarch %{mips64} -x test_ctypes \ %endif