f5676fd233
- Fix double-free in KDC TGS processing (CVE-2023-39975) Resolves: rhbz#2229113 - Make tests compatible with Python 3.12 Resolves: rhbz#2224013 Signed-off-by: Julien Rische <jrische@redhat.com>
65 lines
2.2 KiB
Diff
65 lines
2.2 KiB
Diff
From 42e831da09bd196068aeb7fe6bfe380bb46b846c Mon Sep 17 00:00:00 2001
|
|
From: Julien Rische <jrische@redhat.com>
|
|
Date: Wed, 19 Jul 2023 13:43:17 +0200
|
|
Subject: [PATCH] Replace ssl.wrap_socket() for tests
|
|
|
|
The ssl.wrap_socket() function was deprecated in Python 3.7 and is
|
|
removed in Python 3.12. The ssl.SSLContext.wrap_socket() method
|
|
replaces it.
|
|
|
|
Bump the required Python version for tests to 3.4 for
|
|
ssl.create_default_context().
|
|
|
|
[ghudson@mit.edu: changed minimum Python version]
|
|
|
|
(cherry picked from commit 0ceab6c363e65fb21d3312a663f2b9b569ecc415)
|
|
---
|
|
src/configure.ac | 9 ++++-----
|
|
src/util/wsgiref-kdcproxy.py | 4 +++-
|
|
2 files changed, 7 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/src/configure.ac b/src/configure.ac
|
|
index 2561e917a2..487f393146 100644
|
|
--- a/src/configure.ac
|
|
+++ b/src/configure.ac
|
|
@@ -1157,10 +1157,9 @@ AC_SUBST(PKINIT)
|
|
# for lib/apputils
|
|
AC_REPLACE_FUNCS(daemon)
|
|
|
|
-# For Python tests. Python version 3.2.4 is required as prior
|
|
-# versions do not accept string input to subprocess.Popen.communicate
|
|
-# when universal_newlines is set.
|
|
-PYTHON_MINVERSION=3.2.4
|
|
+# For Python tests. Python version 3.4 is required for
|
|
+# ssl.create_default_context().
|
|
+PYTHON_MINVERSION=3.4
|
|
AC_SUBST(PYTHON_MINVERSION)
|
|
AC_CHECK_PROG(PYTHON,python3,python3)
|
|
if test x"$PYTHON" = x; then
|
|
@@ -1168,7 +1167,7 @@ if test x"$PYTHON" = x; then
|
|
fi
|
|
HAVE_PYTHON=no
|
|
if test x"$PYTHON" != x; then
|
|
- wantver="(sys.hexversion >= 0x30204F0)"
|
|
+ wantver="(sys.hexversion >= 0x30400F0)"
|
|
if "$PYTHON" -c "import sys; sys.exit(not $wantver and 1 or 0)"; then
|
|
HAVE_PYTHON=yes
|
|
fi
|
|
diff --git a/src/util/wsgiref-kdcproxy.py b/src/util/wsgiref-kdcproxy.py
|
|
index 58759696b6..d1d10d733c 100755
|
|
--- a/src/util/wsgiref-kdcproxy.py
|
|
+++ b/src/util/wsgiref-kdcproxy.py
|
|
@@ -14,6 +14,8 @@ else:
|
|
pem = '*'
|
|
|
|
server = make_server('localhost', port, kdcproxy.Application())
|
|
-server.socket = ssl.wrap_socket(server.socket, certfile=pem, server_side=True)
|
|
+sslctx = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)
|
|
+sslctx.load_cert_chain(certfile=pem)
|
|
+server.socket = sslctx.wrap_socket(server.socket, server_side=True)
|
|
os.write(sys.stdout.fileno(), b'proxy server ready\n')
|
|
server.serve_forever()
|
|
--
|
|
2.41.0
|
|
|