Hello community, here is the log from the commit of package python-Twisted for openSUSE:Factory checked in at 2019-02-28 21:37:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Twisted (Old) and /work/SRC/openSUSE:Factory/.python-Twisted.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Twisted" Thu Feb 28 21:37:25 2019 rev:34 rq:677095 version:18.9.0 Changes: -------- --- /work/SRC/openSUSE:Factory/python-Twisted/python-Twisted.changes 2019-02-02 21:42:57.952307370 +0100 +++ /work/SRC/openSUSE:Factory/.python-Twisted.new.28833/python-Twisted.changes 2019-02-28 21:37:28.393657739 +0100 @@ -1,0 +2,6 @@ +Mon Feb 18 11:24:53 UTC 2019 - Tomáš Chvátal <[email protected]> + +- Add another patch for openssl 1.1.1 (from upstream git): + * openssl-errormsg.aptch + +------------------------------------------------------------------- New: ---- openssl-errormsg.aptch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Twisted.spec ++++++ --- /var/tmp/diff_new_pack.V3z6Ey/_old 2019-02-28 21:37:29.053657532 +0100 +++ /var/tmp/diff_new_pack.V3z6Ey/_new 2019-02-28 21:37:29.053657532 +0100 @@ -31,6 +31,7 @@ Patch2: openssl111.patch Patch3: no-pygtkcompat.patch Patch4: test-mktime-invalid-tm_isdst.patch +Patch5: openssl-errormsg.aptch BuildRequires: %{python_module Automat >= 0.3.0} BuildRequires: %{python_module PyHamcrest >= 1.9.0} BuildRequires: %{python_module appdirs >= 1.4.0} ++++++ openssl-errormsg.aptch ++++++ >From a1f400c56c7ad0ca241d044b4d283dc0d2291dbb Mon Sep 17 00:00:00 2001 From: Mark Williams <[email protected]> Date: Sun, 10 Feb 2019 16:40:10 -0800 Subject: [PATCH] ProperlyCloseFilesMixin.getHandleErrorCode now returns a matcher. twisted.test.test_ssl.StolenTCPTests checks that the TLS connection is closed upon when the corresponding transport connection is lost. This involves checking an error message that varies between OpenSSL versions. getHandleErrorCode becomes getHandleErrorCodeMatcher and returns a hamcrest Matcher to allow StolenTCPTests to match the possible OpenSSL error messages. --- src/twisted/test/test_ssl.py | 27 +++++++++++++++++++-------- src/twisted/test/test_tcp.py | 19 ++++++++++++------- 2 files changed, 31 insertions(+), 15 deletions(-) Index: Twisted-18.9.0/src/twisted/test/test_ssl.py =================================================================== --- Twisted-18.9.0.orig/src/twisted/test/test_ssl.py +++ Twisted-18.9.0/src/twisted/test/test_ssl.py @@ -16,7 +16,8 @@ from twisted.python.runtime import platf from twisted.test.test_tcp import ProperlyCloseFilesMixin from twisted.test.proto_helpers import waitUntilAllDisconnected -import os, errno +import os +import hamcrest try: from OpenSSL import SSL, crypto @@ -309,34 +310,19 @@ class StolenTCPTests(ProperlyCloseFilesM return SSL.Error - def getHandleErrorCode(self): - """ - Return the argument L{OpenSSL.SSL.Error} will be constructed with for - this case. This is basically just a random OpenSSL implementation - detail. It would be better if this test worked in a way which did not - require this. - """ - # Windows 2000 SP 4 and Windows XP SP 2 give back WSAENOTSOCK for - # SSL.Connection.write for some reason. The twisted.protocols.tls - # implementation of IReactorSSL doesn't suffer from this imprecation, - # though, since it is isolated from the Windows I/O layer (I suppose?). - - # If test_properlyCloseFiles waited for the SSL handshake to complete - # and performed an orderly shutdown, then this would probably be a - # little less weird: writing to a shutdown SSL connection has a more - # well-defined failure mode (or at least it should). - - # So figure out if twisted.protocols.tls is in use. If it can be - # imported, it should be. - if requireModule('twisted.protocols.tls') is None: - # It isn't available, so we expect WSAENOTSOCK if we're on Windows. - if platform.getType() == 'win32': - return errno.WSAENOTSOCK - - # Otherwise, we expect an error about how we tried to write to a - # shutdown connection. This is terribly implementation-specific. - return [('SSL routines', 'SSL_write', 'protocol is shutdown')] - + def getHandleErrorCodeMatcher(self): + # We expect an error about how we tried to write to a shutdown + # connection. This is terribly implementation-specific. + return hamcrest.contains( + hamcrest.contains( + hamcrest.equal_to('SSL routines'), + hamcrest.any_of( + hamcrest.equal_to('SSL_write'), + hamcrest.equal_to('ssl_write_internal'), + ), + hamcrest.equal_to('protocol is shutdown'), + ), + ) class TLSTests(unittest.TestCase): Index: Twisted-18.9.0/src/twisted/test/test_tcp.py =================================================================== --- Twisted-18.9.0.orig/src/twisted/test/test_tcp.py +++ Twisted-18.9.0/src/twisted/test/test_tcp.py @@ -8,6 +8,7 @@ Tests for implementations of L{IReactorT from __future__ import division, absolute_import import socket, random, errno +import hamcrest from functools import wraps from zope.interface import implementer @@ -1135,17 +1136,18 @@ class ProperlyCloseFilesMixin: raise NotImplementedError() - def getHandleErrorCode(self): + def getHandleErrorCodeMatcher(self): """ - Return the errno expected to result from writing to a closed - platform socket handle. + Return a L{hamcrest.core.matcher.Matcher} that matches the + errno expected to result from writing to a closed platform + socket handle. """ # Windows and Python 3: returns WSAENOTSOCK # Windows and Python 2: returns EBADF # Linux, FreeBSD, macOS: returns EBADF if platform.isWindows() and _PY3: - return errno.WSAENOTSOCK - return errno.EBADF + return hamcrest.equal_to(errno.WSAENOTSOCK) + return hamcrest.equal_to(errno.EBADF) def test_properlyCloseFiles(self): @@ -1190,10 +1192,13 @@ class ProperlyCloseFilesMixin: if not server.lostConnectionReason.check(error.ConnectionClosed): err(server.lostConnectionReason, "Server lost connection for unexpected reason") - expectedErrorCode = self.getHandleErrorCode() + errorCodeMatcher = self.getHandleErrorCodeMatcher() exception = self.assertRaises( self.getHandleExceptionType(), client.handle.send, b'bytes') - self.assertEqual(exception.args[0], expectedErrorCode) + hamcrest.assert_that( + exception.args[0], + errorCodeMatcher, + ) clientDeferred.addCallback(clientDisconnected) def cleanup(passthrough): Index: Twisted-18.9.0/src/twisted/test/test_sslverify.py =================================================================== --- Twisted-18.9.0.orig/src/twisted/test/test_sslverify.py +++ Twisted-18.9.0/src/twisted/test/test_sslverify.py @@ -1645,11 +1645,28 @@ class OpenSSLOptionsECDHIntegrationTests raise unittest.SkipTest("OpenSSL does not support ECDH.") onData = defer.Deferred() - self.loopback(sslverify.OpenSSLCertificateOptions(privateKey=self.sKey, - certificate=self.sCert, requireCertificate=False), - sslverify.OpenSSLCertificateOptions( - requireCertificate=False), - onData=onData) + # TLS 1.3 cipher suites do not specify the key exchange + # mechanism: + # https://wiki.openssl.org/index.php/TLS1.3#Differences_with_TLS1.2_and_below + # + # and OpenSSL only supports ECHDE groups with TLS 1.3: + # https://wiki.openssl.org/index.php/TLS1.3#Groups + # + # so TLS 1.3 implies ECDHE. Force this test to use TLS 1.2 to + # ensure ECDH is selected when it might not be. + self.loopback( + sslverify.OpenSSLCertificateOptions( + privateKey=self.sKey, + certificate=self.sCert, + requireCertificate=False, + lowerMaximumSecurityTo=sslverify.TLSVersion.TLSv1_2 + ), + sslverify.OpenSSLCertificateOptions( + requireCertificate=False, + lowerMaximumSecurityTo=sslverify.TLSVersion.TLSv1_2, + ), + onData=onData, + ) @onData.addCallback def assertECDH(_):
