Package: pyopenssl / 0.13-2+deb7u1

Metadata

Package Version Patches format
pyopenssl 0.13-2+deb7u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
10_fix_doc_buildsystem.patch | (download)

doc/Makefile | 8 4 + 4 - 0 !
doc/tools/mkhowto | 105 11 + 94 - 0 !
2 files changed, 15 insertions(+), 98 deletions(-)

 fix the doc build system, providing a working clean target and building
the latex doc using htlatex (in main) instead of latex2html

disable_test_set_default_verify_paths.patch | (download)

OpenSSL/test/test_ssl.py | 27 14 + 13 - 0 !
1 file changed, 14 insertions(+), 13 deletions(-)

 disable test_set_default_verify_paths since it tries to access the web

CVE 2013 4314.patch | (download)

OpenSSL/crypto/x509.c | 1 1 + 0 - 0 !
OpenSSL/crypto/x509ext.c | 83 78 + 5 - 0 !
OpenSSL/test/test_crypto.py | 62 62 + 0 - 0 !
3 files changed, 141 insertions(+), 5 deletions(-)

 fix hostname check bypassing vulnerability
 Fix handling of NULL bytes inside subjectAltName general names when
 formatting an X509 extension as a string.
 .
 When a CA than an SSL client trusts issues a server certificate that
 has a null byte in the subjectAltName, remote attackers can obtain a
 certifcate for 'www.foo.org\0.example.com' from the CA to spoof
 'www.foo.org' and conduct man-in-the-middle attacks between the
 pyOpenSSL-using client and SSL servers.
 .
 Additionally fix memory leak in get_extension().