OpenSSL version check: 1.0.2-beta and 1.0.2-beta1 are vulnerable.

author Daira Hopwood <daira@jacaranda.org>

Sat, 12 Apr 2014 17:11:05 +0000 (18:11 +0100)

committer Daira Hopwood <daira@jacaranda.org>

Mon, 1 Jun 2015 13:52:11 +0000 (14:52 +0100)
author Daira Hopwood <daira@jacaranda.org>
Sat, 12 Apr 2014 17:11:05 +0000 (18:11 +0100)
committer Daira Hopwood <daira@jacaranda.org>
Mon, 1 Jun 2015 13:52:11 +0000 (14:52 +0100)
diff --git a/src/allmydata/__init__.py b/src/allmydata/__init__.py

index 9883931de7b4034633426b78e7bfce32d1289973..de2ec26d5be2f3ed06991e0ae87c8f95c04096c0 100644 (file)
--- a/src/allmydata/__init__.py
+++ b/src/allmydata/__init__.py
@@ -436,7 +436,8 @@ def check_openssl_version(SSL):
          if ((numeric_components == [0, 9, 8] and components[2] >= '8y') or
              (numeric_components == [1, 0, 0] and components[2] >= '0l') or
              (numeric_components == [1, 0, 1] and components[2] >= '1g') or
-            (numeric_components >= [1, 0, 2])):
+            (numeric_components == [1, 0, 2] and not components[2].startswith('2-beta')) or
+            (numeric_components >= [1, 0, 3])):
              return
  
          if numeric_components == [1, 0, 1] and components[2] >= '1d':
diff --git a/src/allmydata/test/test_version.py b/src/allmydata/test/test_version.py

index 58a5851833b841d1ce95cdc671cf21a3f293ac77..8628f2812e90ea8c49b1ca014d0bfd4c0d507269 100644 (file)
--- a/src/allmydata/test/test_version.py
+++ b/src/allmydata/test/test_version.py
@@ -154,6 +154,7 @@ class CheckRequirement(unittest.TestCase):
          self.failUnlessRaises(PackagingError, check_openssl_version, MockSSL("OpenSSL 1.0.1e 7 Abc 2014"))
          self.failUnlessRaises(PackagingError, check_openssl_version, MockSSL("OpenSSL 1.0.1e invalid_date"))
          self.failUnlessRaises(PackagingError, check_openssl_version, MockSSL("OpenSSL 1.0.1e 7 Apr"))
+        self.failUnlessRaises(PackagingError, check_openssl_version, MockSSL("OpenSSL 1.0.2-beta1"))
          self.failUnlessRaises(PackagingError, check_openssl_version, MockSSL("OpenSSL 0.10"))
          self.failUnlessRaises(PackagingError, check_openssl_version, MockSSL("OpenSSL 0.10.0"))
          self.failUnlessRaises(PackagingError, check_openssl_version, MockSSL("OpenSSL 1.0.0"))
@@ -172,6 +173,7 @@ class CheckRequirement(unittest.TestCase):
          check_openssl_version(MockSSL("OpenSSL 1.0.1zzz"))
          check_openssl_version(MockSSL("OpenSSL 1.0.2"))
          check_openssl_version(MockSSL("OpenSSL 1.0.2a"))
+        check_openssl_version(MockSSL("OpenSSL 1.0.3"))
          check_openssl_version(MockSSL("OpenSSL 1.0.10a"))
          check_openssl_version(MockSSL("OpenSSL 1.1"))
          check_openssl_version(MockSSL("OpenSSL 1.1.0"))
author	Daira Hopwood <daira@jacaranda.org>
	Sat, 12 Apr 2014 17:11:05 +0000 (18:11 +0100)
committer	Daira Hopwood <daira@jacaranda.org>
	Mon, 1 Jun 2015 13:52:11 +0000 (14:52 +0100)
src/allmydata/__init__.py		patch \| blob \| history
src/allmydata/test/test_version.py		patch \| blob \| history