Increase testsuite's DH key size

2015-06-19 11:58:26 +02:00 · 2015-06-19 11:58:26 +02:00 · 8f7e21547a
commit 8f7e21547a
parent 2699e3706a
2 changed files with 66 additions and 3 deletions
--- a/00204-increase-dh-keys-size.patch
+++ b/00204-increase-dh-keys-size.patch
@ -0,0 +1,49 @@
 # HG changeset patch
 # User Benjamin Peterson <benjamin@python.org>
 # Date 1427947446 14400
 # Node ID 1ad7c0253abe1252128d61c3d0127d22144cb354
 # Parent  47451f6e7e7528a6647dbdc435e9a9f5c13c0080
 replace 512 bit dh key with a 2014 bit one (closes #23844)
 Patch by Cédric Krier.
 diff --git a/Lib/test/dh1024.pem b/Lib/test/dh1024.pem
 new file mode 100644
 --- /dev/null
 +++ b/Lib/test/dh1024.pem
@@ -0,0 +1,7 @@
 +-----BEGIN DH PARAMETERS-----
 +MIGHAoGBAIbzw1s9CT8SV5yv6L7esdAdZYZjPi3qWFs61CYTFFQnf2s/d09NYaJt
 +rrvJhIzWavqnue71qXCf83/J3nz3FEwUU/L0mGyheVbsSHiI64wUo3u50wK5Igo0
 +RNs/LD0irs7m0icZ//hijafTU+JOBiuA8zMI+oZfU7BGuc9XrUprAgEC
 +-----END DH PARAMETERS-----
 +
 +Generated with: openssl dhparam -out dh1024.pem  1024
 diff --git a/Lib/test/dh512.pem b/Lib/test/dh512.pem
 deleted file mode 100644
 --- a/Lib/test/dh512.pem
 +++ /dev/null
@@ -1,9 +0,0 @@
 ------BEGIN DH PARAMETERS-----
 -MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak
 -XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC
 ------END DH PARAMETERS-----
 -
 -These are the 512 bit DH parameters from "Assigned Number for SKIP Protocols"
 -(http://www.skip-vpn.org/spec/numbers.html).
 -See there for how they were generated.
 -Note that g is not a generator, but this is not a problem since p is a safe prime.
 diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
 --- a/Lib/test/test_ssl.py
 +++ b/Lib/test/test_ssl.py
@@ -64,7 +64,7 @@ BADKEY = data_file("badkey.pem")
 NOKIACERT = data_file("nokia.pem")
 NULLBYTECERT = data_file("nullbytecert.pem")
 -DHFILE = data_file("dh512.pem")
 +DHFILE = data_file("dh1024.pem")
 BYTES_DHFILE = os.fsencode(DHFILE)
--- a/python3.spec
+++ b/python3.spec
@ -140,7 +140,7 @@
 Summary: Version 3 of the Python programming language aka Python 3000
 Name: python3
 Version: %{pybasever}.3
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: Python
 Group: Development/Languages
@ -731,6 +731,9 @@ Patch202: 00202-fix-undefined-behaviour-in-faulthandler.patch
 # test_threading fails in koji dues to it's handling of signals
 Patch203: 00203-disable-threading-test-koji.patch
 # openssl requires DH keys to be > 768bits
 Patch204: 00204-increase-dh-keys-size.patch
 # (New patches go here ^^^)
 #
@ -909,6 +912,11 @@ for f in md5module.c sha1module.c sha256module.c sha512module.c; do
    rm Modules/$f
 done
 %if 0%{with_rewheel}
 %global pip_version 7.0.3
 sed -r -i s/'_PIP_VERSION = "[0-9.]+"'/'_PIP_VERSION = "%{pip_version}"'/ Lib/ensurepip/__init__.py
 %endif
 #
 # Apply patches:
 #
@ -1013,6 +1021,7 @@ done
 %patch199 -p1
 %patch202 -p1
 %patch203 -p1
 %patch204 -p1
 # Currently (2010-01-15), http://docs.python.org/library is for 2.6, and there
 # are many differences between 2.6 and the Python 3 library.
@ -1131,7 +1140,7 @@ BuildPython debug \
  "--with-pydebug --with-count-allocs --with-call-profile --without-ensurepip" \
 %endif
  false \
-  -O1
+  -O0
 %endif # with_debug_build
 BuildPython optimized \
@ -1206,7 +1215,7 @@ make install DESTDIR=%{buildroot} INSTALL="install -p" EXTRA_CFLAGS="$MoreCFlags
 %if 0%{?with_debug_build}
 InstallPython debug \
  %{py_INSTSONAME_debug} \
-  -O1
+  -O0
 %endif # with_debug_build
 # Now the optimized build:
@ -1912,6 +1921,11 @@ rm -fr %{buildroot}
 * Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.4.3-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
 * Wed Jun 17 2015 Matej Stuchlik <mstuchli@redhat.com> - 3.4.3-4
 - Use 1024bit DH key in test_ssl
 - Use -O0 when compiling -debug build
 - Update pip version variable to the version we actually ship
 * Wed Jun 17 2015 Matej Stuchlik <mstuchli@redhat.com> - 3.4.3-3
 - Make relocating Python by changing _prefix actually work
 Resolves: rhbz#1231801