upkg

- new upstream release - drop ssl session resumption patch that was applied in upstream
author: Björn Bidar 2019-01-13 13:03:16 +0100
committer: Björn Bidar 2019-01-13 13:05:53 +0100
commit: d6bcc3f5cdba55783c84e2d34e8662211665904b (patch)
tree: ed35bb606cf43aa06438407e35aa19cfa4a61bf3
parent: c8e5b61b951201783f6d2fa31ea8000f86aab307 (diff)
download: aur-d6bcc3f5cdba55783c84e2d34e8662211665904b.tar.gz
3 files changed, 10 insertions, 121 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 40bec84c122a..f70d28887009 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,9 +1,9 @@
 # Generated by mksrcinfo v8
-# Sun May 13 22:13:06 UTC 2018
+# Sun Jan 13 12:05:49 UTC 2019
 pkgbase = osc
 	pkgdesc = Command line client for the openSUSE Build Service
-	pkgver = 0.162.1
-	pkgrel = 2
+	pkgver = 0.164.0
+	pkgrel = 1
 	url = https://github.com/openSUSE/osc
 	arch = any
 	license = GPL2
@@ -20,12 +20,10 @@ pkgbase = osc
 	conflicts = zsh-completion-osc
 	replaces = osc-bash-completion
 	replaces = zsh-completion-osc
-	source = https://github.com/openSUSE/osc/archive/0.162.1.tar.gz
+	source = https://github.com/openSUSE/osc/archive/0.164.0.tar.gz
 	source = _osc
-	source = 0001-Disable-ssl-session-resumption.patch
-	sha256sums = 529d627bf10117f43f52f6e6db09e9663474ae984b7be93cae9a686b52bd932c
+	sha256sums = a8ea3e2ab6703061685a4ae08e232e70728022e8f9308fc3b626d21c8584da55
 	sha256sums = 2b045e03d2fdce12683ceb9792d491a32f00b256045456412e7bc18c8726218a
-	sha256sums = 7f01860ac98f5b817ff4d835f60fc940300b5d9b83629a6e9950ed7e6ddb087f
 
 pkgname = osc
 
diff --git a/0001-Disable-ssl-session-resumption.patch b/0001-Disable-ssl-session-resumption.patch
deleted file mode 100644
index 0542a486ca4f..000000000000
--- a/0001-Disable-ssl-session-resumption.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From b730f880cfe85a8547f569355a21706f27ebfa78 Mon Sep 17 00:00:00 2001
-From: Marcus Huewe <suse-tux@gmx.de>
-Date: Tue, 8 May 2018 14:23:08 +0200
-Subject: [PATCH] Disable ssl session resumption
-
-The old code could potentially yield to a use-after-free situation,
-which results in UB. For this, consider the following scenario, where
-osc performs several HTTPS requests (assumption: the server supports
-ssl session resumption):
-
-- HTTPS Request 1:
-  * a new SSL *s connection is established, which also creates a new
-    SSL_SESSION *ss => ss->references == 1
-  * once the handshake is done, the ss is put into the session cache
-    (see ssl_update_cache) => ss->references == 2
-  - osc saves the session ss in a class variable
-  - s is SSL_free()d, which calls SSL_SESSION_free => ss->references == 1
-
-- HTTPS Request 2:
-  * setup a new SSL *s connection that reuses the saved session ss
-    => ss->references == 2
-  * once the handshake is done, ssl_update_cache is called, which is a
-    NOP, because s->hit == 1 (that is, the session was resumed)
-  * osc saves the session ss in a class variable
-  * s is SSL_free()d, which calls SSL_SESSION_free => ss->references == 1
-
-...
-
-> 2 hours later (see tls1_default_timeout)
-
-...
-
-- HTTPS Request 256:
-  * setup a new SSL *s connection that reuses the saved session ss
-    => ss->references == 2
-  * once the handshake is done, ssl_update_cache is called, but is
-    _no_ NOP anymore
-  * ssl_update_cache flushes the session cache (this is done every
-    255/256 (depending on the way we count) connections) => ss is
-    SSL_SESSION_free()d => ss->references == 1
-  * osc saves the session ss in a class variable
-  * s is SSL_free()d, which calls SSL_SESSION_free:
-    since ss->references == 1, ss is eventually free()d
-
-- HTTPS Request 257:
-  * setup a new SSL *s connection that reuses the saved session ss
-
-Since ss does not exist anymore, the remaining program execution is UB.
-
-(Note: SSL_free(...) is _NOT_ called, if M2Crypto 0.29 is used.
-M2Crypto 0.30 calls SSL_free(...) again.)
-
-Due to a bug in OpenSSL_1_1_0h (see openssl commit 8e405776858) the
-scenario from above can be triggered with exactly 2 HTTPS requests (the
-SSL_SESSION is not cached, because we configured SSL_VERIFY_PEER, but
-no sid_ctx was set). This is fixed in openssl commit c4fa1f7fc01.
-
-In order to reliably reuse a session, we probably need to listen to the
-session cache changes. Such callbacks could be registered via
-SSL_CTX_sess_set_new_cb and/or SSL_CTX_sess_set_remove_cb, but both
-functions are not provided by M2Crypto. Another idea is to directly utilize
-the session cache, but this also has to be implemented in M2Crypto first.
-Yet another approach is to retrieve the session via SSL_get1_session, which
-increases the session's refcnt, but this also needs to be implemented in
-M2Crypto first (if we choose to use this approach, we also have to make
-sure that we eventually free the session manually...).
-
-Fixes: #398 ("SIGSEGV on \"osc commit\"")
----
- osc/oscssl.py | 6 ------
- 1 file changed, 6 deletions(-)
-
-diff --git a/osc/oscssl.py b/osc/oscssl.py
-index 7aa5a0d..186c98d 100644
---- a/osc/oscssl.py
-+++ b/osc/oscssl.py
-@@ -174,7 +174,6 @@ class mySSLContext(SSL.Context):
- 
- class myHTTPSHandler(M2Crypto.m2urllib2.HTTPSHandler):
-     handler_order = 499
--    saved_session = None
- 
-     def __init__(self, *args, **kwargs):
-         self.appname = kwargs.pop('appname', 'generic')
-@@ -204,8 +203,6 @@ class myHTTPSHandler(M2Crypto.m2urllib2.HTTPSHandler):
-             selector = req.get_selector()
-         # End our change
-         h.set_debuglevel(self._debuglevel)
--        if self.saved_session:
--            h.set_session(self.saved_session)
- 
-         headers = dict(req.headers)
-         headers.update(req.unredirected_hdrs)
-@@ -218,9 +215,6 @@ class myHTTPSHandler(M2Crypto.m2urllib2.HTTPSHandler):
-         headers["Connection"] = "close"
-         try:
-             h.request(req.get_method(), selector, req.data, headers)
--            s = h.get_session()
--            if s:
--                self.saved_session = s
-             r = h.getresponse()
-         except socket.error as err: # XXX what error?
-             err.filename = full_url
--- 
-2.17.0
-
diff --git a/PKGBUILD b/PKGBUILD
index 80571268b53a..ee556b0fe8ad 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -6,8 +6,8 @@
 # Contributor : Patrick McCarty  <pnorcks at gmail dot com>
 
 pkgname=osc
-pkgver=0.162.1
-pkgrel=2
+pkgver=0.164.0
+pkgrel=1
 pkgdesc="Command line client for the openSUSE Build Service"
 arch=(any)
 url="https://github.com/openSUSE/osc"
@@ -24,17 +24,14 @@ optdepends=('obs-build: required to run local builds'
 conflicts=('osc-git' 'osc-bash-completion' 'zsh-completion-osc')
 replaces=('osc-bash-completion' 'zsh-completion-osc')
 source=("https://github.com/openSUSE/${pkgname}/archive/${pkgver}.tar.gz"
-        "_osc"
-       '0001-Disable-ssl-session-resumption.patch' )
-sha256sums=('529d627bf10117f43f52f6e6db09e9663474ae984b7be93cae9a686b52bd932c'
-            '2b045e03d2fdce12683ceb9792d491a32f00b256045456412e7bc18c8726218a'
-            '7f01860ac98f5b817ff4d835f60fc940300b5d9b83629a6e9950ed7e6ddb087f')
+        "_osc")
+sha256sums=('a8ea3e2ab6703061685a4ae08e232e70728022e8f9308fc3b626d21c8584da55'
+            '2b045e03d2fdce12683ceb9792d491a32f00b256045456412e7bc18c8726218a')
 
 prepare() {
   # Add 'Arch_Core' and 'Arch_Extra' as osc build targets
   sed -i "s|SLE_11_SP2|SLE_11_SP2 Arch_Core Arch_Extra|" _osc
   cd "${srcdir}/${pkgname}-${pkgver}"
-  patch -Np1 -i "${srcdir}"/0001-Disable-ssl-session-resumption.patch 
 }
 
 build() {
author	Björn Bidar	2019-01-13 13:03:16 +0100
committer	Björn Bidar	2019-01-13 13:05:53 +0100
commit	d6bcc3f5cdba55783c84e2d34e8662211665904b (patch)
tree	ed35bb606cf43aa06438407e35aa19cfa4a61bf3
parent	c8e5b61b951201783f6d2fa31ea8000f86aab307 (diff)
download	aur-d6bcc3f5cdba55783c84e2d34e8662211665904b.tar.gz