OpenSSL version check: 1.0.2-beta and 1.0.2-beta1 are vulnerable.

author Daira Hopwood <daira@jacaranda.org>

Sat, 12 Apr 2014 17:11:05 +0000 (18:11 +0100)

committer Daira Hopwood <daira@jacaranda.org>

Sat, 12 Apr 2014 17:11:05 +0000 (18:11 +0100)
author Daira Hopwood <daira@jacaranda.org>
Sat, 12 Apr 2014 17:11:05 +0000 (18:11 +0100)
committer Daira Hopwood <daira@jacaranda.org>
Sat, 12 Apr 2014 17:11:05 +0000 (18:11 +0100)
diff --git a/src/allmydata/__init__.py b/src/allmydata/__init__.py

index 94ad355c9728f2aac2237c21f2bae93e929aed60..4408156660eb6db3e4999da4759fa77074922ed7 100644 (file)
--- a/src/allmydata/__init__.py
+++ b/src/allmydata/__init__.py
@@ -422,7 +422,8 @@ def check_openssl_version(SSL):
          if ((numeric_components == [0, 9, 8] and components[2] >= '8y') or
              (numeric_components == [1, 0, 0] and components[2] >= '0l') or
              (numeric_components == [1, 0, 1] and components[2] >= '1g') or
-            (numeric_components >= [1, 0, 2])):
+            (numeric_components == [1, 0, 2] and not components[2].startswith('2-beta')) or
+            (numeric_components >= [1, 0, 3])):
              return
  
          if numeric_components == [1, 0, 1] and components[2] >= '1d':
diff --git a/src/allmydata/test/test_version.py b/src/allmydata/test/test_version.py

index c6ba1087e9b541da6742374af1eec3dae6ce8b68..73df5a712d695be5dc332b12c5f8cbac4275397d 100644 (file)
--- a/src/allmydata/test/test_version.py
+++ b/src/allmydata/test/test_version.py
@@ -142,6 +142,7 @@ class CheckRequirement(unittest.TestCase):
          self.failUnlessRaises(PackagingError, check_openssl_version, MockSSL("OpenSSL 1.0.1e 7 Abc 2014"))
          self.failUnlessRaises(PackagingError, check_openssl_version, MockSSL("OpenSSL 1.0.1e invalid_date"))
          self.failUnlessRaises(PackagingError, check_openssl_version, MockSSL("OpenSSL 1.0.1e 7 Apr"))
+        self.failUnlessRaises(PackagingError, check_openssl_version, MockSSL("OpenSSL 1.0.2-beta1"))
          self.failUnlessRaises(PackagingError, check_openssl_version, MockSSL("OpenSSL 0.10"))
          self.failUnlessRaises(PackagingError, check_openssl_version, MockSSL("OpenSSL 0.10.0"))
          self.failUnlessRaises(PackagingError, check_openssl_version, MockSSL("OpenSSL 1.0.0"))
@@ -160,6 +161,7 @@ class CheckRequirement(unittest.TestCase):
          check_openssl_version(MockSSL("OpenSSL 1.0.1zzz"))
          check_openssl_version(MockSSL("OpenSSL 1.0.2"))
          check_openssl_version(MockSSL("OpenSSL 1.0.2a"))
+        check_openssl_version(MockSSL("OpenSSL 1.0.3"))
          check_openssl_version(MockSSL("OpenSSL 1.0.10a"))
          check_openssl_version(MockSSL("OpenSSL 1.1"))
          check_openssl_version(MockSSL("OpenSSL 1.1.0"))
author	Daira Hopwood <daira@jacaranda.org>
	Sat, 12 Apr 2014 17:11:05 +0000 (18:11 +0100)
committer	Daira Hopwood <daira@jacaranda.org>
	Sat, 12 Apr 2014 17:11:05 +0000 (18:11 +0100)
src/allmydata/__init__.py		patch \| blob \| history
src/allmydata/test/test_version.py		patch \| blob \| history