From 15384d2e7d6e2b53844824e998da2923dc6e7b21 Mon Sep 17 00:00:00 2001
From: Daniele Tricoli <eriol@mornie.org>
Date: Wed, 16 Oct 2013 15:41:44 +0000
Subject: Removed 06_fix_abuse_of_match_hostname_for_DoS.patch since fixed
 upstream

---
 .../06_fix_abuse_of_match_hostname_for_DoS.patch   | 26 ----------------------
 1 file changed, 26 deletions(-)
 delete mode 100644 debian/patches/06_fix_abuse_of_match_hostname_for_DoS.patch

(limited to 'debian/patches')

diff --git a/debian/patches/06_fix_abuse_of_match_hostname_for_DoS.patch b/debian/patches/06_fix_abuse_of_match_hostname_for_DoS.patch
deleted file mode 100644
index 57a4c06..0000000
--- a/debian/patches/06_fix_abuse_of_match_hostname_for_DoS.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Description: Fix possible abuse of ssl.match_hostname() for denial
- of service using certificates with many wildcards (CVE-2013-2099)
-Origin: http://hg.python.org/cpython/rev/c627638753e2
-Bug: http://bugs.python.org/issue17980
-Bug-Debian: http://bugs.debian.org/709070
-
---- a/urllib3/packages/ssl_match_hostname/__init__.py
-+++ b/urllib3/packages/ssl_match_hostname/__init__.py
-@@ -7,9 +7,16 @@
- class CertificateError(ValueError):
-     pass
- 
--def _dnsname_to_pat(dn):
-+def _dnsname_to_pat(dn, max_wildcards=1):    
-     pats = []
-     for frag in dn.split(r'.'):
-+        if frag.count('*') > max_wildcards:
-+            # Issue #17980: avoid denials of service by refusing more
-+            # than one wildcard per fragment.  A survery of established
-+            # policy among SSL implementations showed it to be a
-+            # reasonable choice.
-+            raise CertificateError(
-+                    "too many wildcards in certificate DNS name: " + repr(dn))
-         if frag == '*':
-             # When '*' is a fragment by itself, it matches a non-empty dotless
-             # fragment.
-- 
cgit v1.2.3