Sync from SUSE:ALP:Source:Standard:1.0 saltbundlepy-pyopenssl revision 7e92d245fea3aa4981fc05e64fca0287

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

fix-missing-ASN1_STRING_get0_data-in-old-openssl.patch

@@ -0,0 +1,16 @@
+diff -urN a/src/OpenSSL/_util.py b/src/OpenSSL/_util.py
+--- a/src/OpenSSL/_util.py	2022-09-16 14:23:19.000000000 +0200
++++ b/src/OpenSSL/_util.py	2024-05-06 15:49:54.603228963 +0200
+@@ -12,6 +12,12 @@
+ lib = binding.lib
+ 
+ 
++if not hasattr(lib, "ASN1_STRING_get0_data") and hasattr(lib, "ASN1_STRING_data"):
++    # Define ASN1_STRING_get0_data if it's missing, but ASN1_STRING_data present.
++    # It's required for backward compatibility with older openssl versions.
++    lib.ASN1_STRING_get0_data = lib.ASN1_STRING_data
++
++
+ # This is a special CFFI allocator that does not bother to zero its memory
+ # after allocation. This has vastly better performance on large allocations and
+ # so should be used whenever we don't need the memory zeroed out.

revert_switch_to_new_utils_deprecation.patch

@@ -0,0 +1,36 @@
+Index: pyOpenSSL-23.2.0/src/OpenSSL/crypto.py
+===================================================================
+--- pyOpenSSL-23.2.0.orig/src/OpenSSL/crypto.py
++++ pyOpenSSL-23.2.0/src/OpenSSL/crypto.py
+@@ -3260,7 +3260,7 @@ def load_pkcs7_data(type: int, buffer: U
+     return pypkcs7
+ 
+ 
+-utils.deprecated(
++load_pkcs7_data = utils.deprecated(
+     load_pkcs7_data,
+     __name__,
+     (
+@@ -3268,7 +3268,6 @@ utils.deprecated(
+         "in cryptography."
+     ),
+     DeprecationWarning,
+-    name="load_pkcs7_data",
+ )
+ 
+ 
+@@ -3359,7 +3358,7 @@ def load_pkcs12(
+     return pkcs12
+ 
+ 
+-utils.deprecated(
++load_pkcs12 = utils.deprecated(
+     load_pkcs12,
+     __name__,
+     (
+@@ -3367,5 +3366,4 @@ utils.deprecated(
+         "in cryptography."
+     ),
+     DeprecationWarning,
+-    name="load_pkcs12",
+ )

saltbundlepy-pyopenssl.changes

@@ -0,0 +1,528 @@
+-------------------------------------------------------------------
+Mon May  6 13:50:55 UTC 2024 - Victor Zhestkov <vzhestkov@suse.com>
+
+- Make the module compatible with older OpenSSL versions
+  not having `ASN1_STRING_get0_data` defined by using
+  `ASN1_STRING_data` instead.
+
+- Added:
+  * fix-missing-ASN1_STRING_get0_data-in-old-openssl.patch
+
+-------------------------------------------------------------------
+Wed Dec 27 12:35:24 UTC 2023 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
+- Fix utils.deprecation issues with old OpenSSL version
+  (reverts https://github.com/pyca/pyopenssl/pull/1140)
+
+- Added:
+  * revert_switch_to_new_utils_deprecation.patch
+
+-------------------------------------------------------------------
+Thu Dec 14 15:22:39 UTC 2023 - Victor Zhestkov <vzhestkov@suse.com>
+
+- Update to 23.2.0:
+  * Removed ``X509StoreFlags.NOTIFY_POLICY``.
+  * ``cryptography`` maximum version has been increased to
+    41.0.x.
+  * Invalid versions are now rejected in
+    ``OpenSSL.crypto.X509Req.set_version``.
+  * Added ``X509VerificationCodes`` to ``OpenSSL.SSL``.
+
+- Update to 23.1.1:
+  * Worked around an issue in OpenSSL 3.1.0 which caused
+    `X509Extension.get_short_name` to raise an exception when no
+    short name was known to OpenSSL.
+
+- Update to 23.1.0:
+  * ``cryptography`` maximum version has been increased to
+    40.0.x.
+  * Add ``OpenSSL.SSL.Connection.DTLSv1_get_timeout`` and
+    ``OpenSSL.SSL.Connection.DTLSv1_handle_timeout``
+    to support DTLS timeouts `#1180
+
+- Update to 23.0.0:
+  * Add ``OpenSSL.SSL.X509StoreFlags.PARTIAL_CHAIN`` constant
+    to allow for users
+  to perform certificate verification on partial certificate chains.
+  * ``cryptography`` maximum version has been increased to 39.0.x.
+
+- Update to 22.1.0:
+  * Remove support for SSLv2 and SSLv3.
+  * The minimum ``cryptography`` version is now 37.0.2.
+  * The ``OpenSSL.crypto.X509StoreContextError`` exception
+    has been refactored, changing its internal attributes.
+  * Add ``OpenSSL.SSL.Connection.set_verify`` and
+    ``OpenSSL.SSL.Connection.get_verify_mode`` to override
+    the context object's verification flags.
+  * Add ``OpenSSL.SSL.Connection.use_certificate`` and
+    ``OpenSSL.SSL.Connection.use_privatekey``
+    to set a certificate per connection (and not just per context)
+
+- Update to 22.0.0:
+  * Drop support for Python 2.7.
+  * The minimum ``cryptography`` version is now 35.0.
+  * Expose wrappers for some `DTLS
+    <https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security>`_
+    primitives.
+
+- Update to 21.0.0 (bsc#1200771, jsc#SLE-24519):
+  * The minimum ``cryptography`` version is now 3.3.
+  * Drop support for Python 3.5
+  * Raise an error when an invalid ALPN value is set.
+  * Added ``OpenSSL.SSL.Context.set_min_proto_version`` and
+    ``OpenSSL.SSL.Context.set_max_proto_version``
+  * Updated ``to_cryptography`` and ``from_cryptography`` methods to
+    support an upcoming release of ``cryptography`` without raising
+    deprecation warnings.
+
+- Modified:
+  * skip-networked-test.patch
+
+-------------------------------------------------------------------
+Fri Jul 22 08:55:57 UTC 2022 - Victor Zhestkov <victor.zhestkov@suse.com>
+
+- update to 20.0.1:
+  - Fixed compatibility with OpenSSL 1.1.0.
+
+- Adjust metadata for skip-networked-test.patch and refer to the proper
+  upstream ticket gh#pyca/pyopenssl#68.
+
+- Update to v20.0.0
+  - Backward-incompatible changes:
+    - The minimum cryptography version is now 3.2.
+    - Remove deprecated OpenSSL.tsafe module.
+    - Removed deprecated
+      OpenSSL.SSL.Context.set_npn_advertise_callback,
+      OpenSSL.SSL.Context.set_npn_select_callback, and
+      OpenSSL.SSL.Connection.get_next_proto_negotiated.
+    - Drop support for Python 3.4
+    - Drop support for OpenSSL 1.0.1 and 1.0.2
+  - Deprecations:
+    - Deprecated OpenSSL.crypto.loads_pkcs7 and
+      OpenSSL.crypto.loads_pkcs12.
+  - Changes:
+    - Added a new optional chain parameter to
+      OpenSSL.crypto.X509StoreContext() where additional untrusted
+      certificates can be specified to help chain building. #948
+    - Added OpenSSL.crypto.X509Store.load_locations to set trusted
+      certificate file bundles and/or directories for verification.
+      #943
+    - Added Context.set_keylog_callback to log key material. #910
+    - Added OpenSSL.SSL.Connection.get_verified_chain to retrieve
+      the verified certificate chain of the peer. #894.
+    - Make verification callback optional in Context.set_verify. If
+      omitted, OpenSSL’s default verification is used. #933
+    - Fixed a bug that could truncate or cause a zero-length key
+      error due to a null byte in private key passphrase in
+      OpenSSL.crypto.load_privatekey and
+      OpenSSL.crypto.dump_privatekey. #947
+
+- Drop patch fix-compilation-2020.patch: no longer needed
+
+- Update to v19.1
+  * Removed deprecated aliases ContextType, ConnectionType, PKeyType, X509NameType,
+    X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType.
+    Use the classes without the ``Type`` suffix instead.
+  * The minimum ``cryptography`` version is now 2.8
+  * Deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback,
+    OpenSSL.SSL.Context.set_npn_select_callback, and
+    OpenSSL.SSL.Connection.get_next_proto_negotiated
+    ALPN should be used instead.
+  * Support bytearray in SSL.Connection.send() by using cffi's from_buffer
+  * The OpenSSL.SSL.Context.set_alpn_select_callback can return a new
+    NO_OVERLAPPING_PROTOCOLS sentinel value to allow a TLS handshake
+    to complete without an application protocol.
+
+- Added:
+  * pyOpenSSL-20.0.1.tar.gz
+
+- Modified:
+  * skip-networked-test.patch
+
+- Removed:
+  * pyOpenSSL-19.0.0.tar.gz
+  * fix-compilation-2020.patch
+
+-------------------------------------------------------------------
+Mon Apr  4 12:56:47 UTC 2022 - Victor Zhestkov <victor.zhestkov@suse.com>
+
+- Strictly require Python 3.10 with saltbundlepy requrement
+
+-------------------------------------------------------------------
+Thu Aug 22 12:02:59 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com>
+
+- Add fix-compilation-2020.patch to fix tests after 2020
+
+-------------------------------------------------------------------
+Thu Mar  7 15:53:31 UTC 2019 - John Vandenberg <jayvdb@gmail.com>
+
+- Remove no longer necessary pytest argument -k "not test_export_text"
+
+-------------------------------------------------------------------
+Sat Mar  2 16:29:39 UTC 2019 - Ondřej Súkup <mimi.vx@gmail.com>
+
+- update to 19.0
+- fixed build deps.
+- drop patches: openssl-1.1.0i.patch
+                openssl-1.1.1.patch
+                opensuse_ca.patch
+                tls13-renegotiation.patch
+ * X509Store.add_cert no longer raises an error if you add a duplicate cert.
+ * pyOpenSSL now works with OpenSSL 1.1.1.
+ * pyOpenSSL now handles NUL bytes in X509Name.get_components()
+
+-------------------------------------------------------------------
+Fri Mar  1 18:06:10 UTC 2019 - Hans-Peter Jansen <hpj@urpla.net>
+
+- remove everything to build docs:
+  - local-intersphinx-inventories.patch
+  - fetch-intersphinx-inventories.sh
+  - python3.inv
+  - crypto.inv
+
+-------------------------------------------------------------------
+Mon Feb 25 19:56:35 UTC 2019 - Todd R <toddrme2178@gmail.com>
+
+- Add fetch-intersphinx-inventories.sh to sources
+
+-------------------------------------------------------------------
+Sat Feb  2 18:56:14 UTC 2019 - Hans-Peter Jansen <hpj@urpla.net>
+
+- add local-intersphinx-inventories.patch for generating the docs
+  correctly
+- add fetch-intersphinx-inventories.sh to fetch the inventories
+
+-------------------------------------------------------------------
+Tue Oct 30 13:41:43 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
+
+- handle that renegotiation is forbidden in TLS 1.3
+  * add tls13-renegotiation.patch
+
+-------------------------------------------------------------------
+Tue Oct 30 11:21:30 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
+
+- Add patch to fix issues with openssl 1.1.1:
+  * openssl-1.1.1.patch
+- Drop the downstream fix_test_suite.patch
+
+-------------------------------------------------------------------
+Tue Oct 30 01:06:28 CET 2018 - mcepl@suse.com
+
+- Add patch fix_test_suite.patch to allow test suite to pass with
+  OpenSSL 1.1.1.
+
+-------------------------------------------------------------------
+Fri Oct  5 14:31:59 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
+
+- OpenSSL changed X509_STORE_add_cert in 1.1.0i such that it no longer
+  raises an error if a duplicate cert is added (bsc#1110435)
+  * https://github.com/pyca/pyopenssl/pull/787
+  * add X509_STORE_add_cert.patch
+
+-------------------------------------------------------------------
+Fri Aug 24 09:08:36 UTC 2018 - tchvatal@suse.com
+
+- Add patch to work with openssl 1.1.0i+:
+  * openssl-1.1.0i.patch
+
+-------------------------------------------------------------------
+Thu Aug 16 15:48:21 UTC 2018 - tchvatal@suse.com
+
+- Update to 18.0.0:
+  * Update for new openssl 1.1.1
+- Remove not needed patches:
+  * bug-lp-1265482.diff
+  * rsa128-i586.patch
+
+-------------------------------------------------------------------
+Thu Jun 14 14:41:50 UTC 2018 - hpj@urpla.net
+
+- add missing python-cffi dependency
+
+-------------------------------------------------------------------
+Tue Feb 27 19:20:19 UTC 2018 - aplanas@suse.com
+
+- Use %__python3 macro to call Python 3 binary
+
+-------------------------------------------------------------------
+Fri Feb  2 11:36:18 UTC 2018 - tchvatal@suse.com
+
+- Update to 17.5.0:
+  * The minimum cryptography version is now 2.1.4.
+  * Fixed various memory leaks
+  * Various fuzz fixes
+  * See CHANGELOG.rst
+
+-------------------------------------------------------------------
+Wed Aug 23 05:26:31 UTC 2017 - tbechtold@suse.com
+
+- update to 17.2.0:
+  - Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead.
+  - Fixed a bug causing ``Context.set_default_verify_paths()`` to not work with
+    cryptography ``manylinux1`` wheels on Python 3.x.
+  - Fixed a crash with (EC)DSA signatures in some cases.
+  - Removed the deprecated ``OpenSSL.rand.egd()`` function.
+    Applications should prefer ``os.urandom()`` for random number generation.
+  - Removed the deprecated default ``digest`` argument to ``OpenSSL.crypto.CRL.export()``.
+    Callers must now always pass an explicit ``digest``.
+  - Fixed a bug with ``ASN1_TIME`` casting in ``X509.set_notBefore()``,
+    ``X509.set_notAfter()``, ``Revoked.set_rev_date()``, ``Revoked.set_nextUpdate()``,
+    and ``Revoked.set_lastUpdate()``. You must now pass times in the form
+    ``YYYYMMDDhhmmssZ``. ``YYYYMMDDhhmmss+hhmm`` and ``YYYYMMDDhhmmss-hhmm``
+    will no longer work. `#612 <https://github.com/pyca/pyopenssl/pull/612>`_
+  - Deprecated the legacy "Type" aliases: ``ContextType``, ``ConnectionType``,
+    ``PKeyType``, ``X509NameType``, ``X509ExtensionType``, ``X509ReqType``,
+    ``X509Type``, ``X509StoreType``, ``CRLType``, ``PKCS7Type``, ``PKCS12Type``,
+    ``NetscapeSPKIType``.
+    The names without the "Type"-suffix should be used instead.
+  - Added ``OpenSSL.crypto.X509.from_cryptography()`` and ``OpenSSL.crypto.X509.to_cryptography()``
+    for converting X.509 certificate to and from pyca/cryptography objects.
+  - Added ``OpenSSL.crypto.X509Req.from_cryptography()``, ``OpenSSL.crypto.X509Req.to_cryptography()``,
+    ``OpenSSL.crypto.CRL.from_cryptography()``, and ``OpenSSL.crypto.CRL.to_cryptography()``
+    for converting X.509 CSRs and CRLs to and from pyca/cryptography objects.
+  - Added ``OpenSSL.debug`` that allows to get an overview of used library versions
+    (including linked OpenSSL) and other useful runtime information using
+    ``python -m OpenSSL.debug``.
+  - Added a fallback path to ``Context.set_default_verify_paths()`` to accommodate
+    the upcoming release of ``cryptography`` ``manylinux1`` wheels.
+- Drop python-pyOpenSSL=replace-expired-cert.patch . Applied upstream.
+- Drop python-pyOpenSSL-always-overflow.patch. Applied upstream.
+
+-------------------------------------------------------------------
+Thu Aug 10 11:38:17 CEST 2017 - ro@suse.de
+
+- add patch to always trigger overflow in the testsuite
+  (gh#pyca/pyopenssl#657) b3460c6a9a45a016d1ab65c149c606fa3f07096d
+ 
+  python-pyOpenSSL-always-overflow.patch 
+
+-------------------------------------------------------------------
+Tue Jun 13 07:05:41 UTC 2017 - dimstar@opensuse.org
+
+- Add python-pyOpenSSL=replace-expired-cert.patch: the root cert
+  expired, mking the test suite fail. Replace the certificate with
+  a new one, valid for 20 years (gh#pyca/pyopenssl#637).
+
+-------------------------------------------------------------------
+Fri May  5 21:32:55 UTC 2017 - toddrme2178@gmail.com
+
+- Fix Provides/Obsoletes.
+
+-------------------------------------------------------------------
+Wed Apr 26 14:20:27 UTC 2017 - toddrme2178@gmail.com
+
+- Implement single-spec version
+- Fix source URL
+- Update to 17.0.0
+  * Added ``OpenSSL.X509Store.set_time()`` to set a custom
+    verification time when verifying certificate chains.
+  * Added a collection of functions for working with OCSP stapling.
+    None of these functions make it possible to validate OCSP
+    assertions, only to staple them into the handshake and to
+    retrieve the stapled assertion if provided.
+    Users will need to write their own code to handle OCSP
+    assertions.
+    We specifically added: ``Context.set_ocsp_server_callback``,
+    ``Context.set_ocsp_client_callback``, and
+    ``Connection.request_ocsp``.
+  * Changed the ``SSL`` module's memory allocation policy to
+    avoid zeroing memory it allocates when unnecessary.
+    This reduces CPU usage and memory allocation time by an amount
+    proportional to the size of the allocation.
+    For applications that process a lot of TLS data or that use
+    very lage allocations this can provide considerable performance
+    improvements.
+  * Automatically set ``SSL_CTX_set_ecdh_auto()`` on
+    ``OpenSSL.SSL.Context``.
+  - Fix empty exceptions from ``OpenSSL.crypto.load_privatekey()``.
+- Rebase bug-lp-1265482.diff
+- Rebase rsa128-i586.patch
+- Rebase skip-networked-test.patch
+
+-------------------------------------------------------------------
+Wed Nov 16 07:46:25 UTC 2016 - dmueller@suse.com
+
+- fix source url
+
+-------------------------------------------------------------------
+Tue Nov 15 09:39:09 UTC 2016 - mlin@suse.com
+
+- Change source url to pypi.io
+  * version 16.2.0 source tarball failed to download from pypi.python.org
+
+-------------------------------------------------------------------
+Mon Nov 14 08:46:18 UTC 2016 - mlin@suse.com
+
+- Update to 16.2.0
+  * Deprecations
+  ** Dropped support for OpenSSL 0.9.8.
+  * Changes
+  ** Fix memory leak in OpenSSL.crypto.dump_privatekey() with FILETYPE_TEXT. #496
+  ** Enable use of CRL (and more) in verify context. #483
+  ** OpenSSL.crypto.PKey can now be constructed from cryptography objects and also
+     exported as such. #439
+  ** Support newer versions of cryptography which use opaque structs for OpenSSL
+     1.1.0 compatibility.
+  ** Fixed compatibility errors with OpenSSL 1.1.0.
+  ** Fixed an issue that caused failures with subinterpreters and embedded Pythons.
+     #552
+
+-------------------------------------------------------------------
+Mon May 16 15:29:16 UTC 2016 - jmatejek@suse.com
+
+- added %check section with testsuite
+- skip-networked-test.patch - mark a test as networked so that we can
+  specify non-network test run
+- rsa128-i586.patch - sidestep a crasher bug on 32bit platforms
+  by generating reasonably-sized RSA keys instead of small 128bit ones
+
+-------------------------------------------------------------------
+Mon May  9 09:54:12 UTC 2016 - hpj@urpla.net
+
+- update to 16.0.0
+  Backward-incompatible changes:
+  * Python 3.2 support has been dropped. It never had significant real world
+    usage and has been dropped by our main dependency cryptography. Affected
+    users should upgrade to Python 3.3 or later.
+  Deprecations:
+  * The support for EGD has been removed. The only affected function
+    OpenSSL.rand.egd() now uses os.urandom() to seed the internal PRNG instead.
+    Please see pyca/cryptography#1636 for more background information on this
+    decision. In accordance with our backward compatibility policy
+    OpenSSL.rand.egd() will be removed no sooner than a year from the release of
+    16.0.0.
+  * Please note that you should use urandom for all your secure random number
+    needs.
+  * Python 2.6 support has been deprecated. Our main dependency cryptography
+    deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually
+    dropping it. pyOpenSSL will drop Python 2.6 support once cryptography does.
+  Changes:
+  * Fixed OpenSSL.SSL.Context.set_session_id, OpenSSL.SSL.Connection.renegotiate,
+    OpenSSL.SSL.Connection.renegotiate_pending, and
+    OpenSSL.SSL.Context.load_client_ca. They were lacking an implementation since
+    0.14. #422
+  * Fixed segmentation fault when using keys larger than 4096-bit to sign data.
+    #428
+  * Fixed AttributeError when OpenSSL.SSL.Connection.get_app_data() was called
+    before setting any app data. #304
+  * Added OpenSSL.crypto.dump_publickey() to dump OpenSSL.crypto.PKey objects
+    that represent public keys, and OpenSSL.crypto.load_publickey() to load such
+    objects from serialized representations. #382
+  * Added OpenSSL.crypto.dump_crl() to dump a certificate revocation list out to
+    a string buffer. #368
+  * Added OpenSSL.SSL.Connection.get_state_string() using the OpenSSL binding
+    state_string_long. #358
+  * Added support for the socket.MSG_PEEK flag to OpenSSL.SSL.Connection.recv()
+    and OpenSSL.SSL.Connection.recv_into(). #294
+  * Added OpenSSL.SSL.Connection.get_protocol_version() and
+    OpenSSL.SSL.Connection.get_protocol_version_name(). #244
+  * Switched to utf8string mask by default. OpenSSL formerly defaulted to a
+    T61String if there were UTF-8 characters present. This was changed to
+    default to UTF8String in the config around 2005, but the actual code didn’t
+    change it until late last year. This will default us to the setting that
+    actually works. To revert this you can call
+    OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default"). #234
+
+- fixed paths in bug-lp-1265482.diff
+- fixed doc generation 
+- spec clean up
+
+-------------------------------------------------------------------
+Tue Jul 14 13:07:00 UTC 2015 - toddrme2178@gmail.com
+
+- Fix building on SLES 11
+
+-------------------------------------------------------------------
+Wed Apr 22 09:50:09 UTC 2015 - mcihar@suse.cz
+
+- Do not hardcode version in file list
+
+-------------------------------------------------------------------
+Wed Apr 22 09:42:53 UTC 2015 - mcihar@suse.cz
+
+- udapte to 0.15.1
+	* OpenSSL/SSL.py, OpenSSL/test/test_ssl.py: Fix a regression
+	  present in 0.15, where when an error occurs and no errno() is set,
+	  a KeyError is raised.  This happens, for example, if
+	  Connection.shutdown() is called when the underlying transport has
+	  gone away.
+	* OpenSSL/rand.py, OpenSSL/SSL.py: APIs which previously accepted
+	  filenames only as bytes now accept them as either bytes or
+	  unicode (and respect sys.getfilesystemencoding()).
+	* OpenSSL/SSL.py: Add Cory Benfield's next-protocol-negotiation
+	  (NPN) bindings.
+	* OpenSSL/SSL.py: Add ``Connection.recv_into``, mirroring the
+	  builtin ``socket.recv_into``.  Based on work from Cory Benfield.
+	* OpenSSL/test/test_ssl.py: Add tests for ``recv_into``.
+	* OpenSSL/crypto.py: Expose ``X509StoreContext`` for verifying certificates.
+	* OpenSSL/test/test_crypto.py: Add intermediate certificates for
+	* OpenSSL/SSL.py: ``Connection.shutdown`` now propagates errors from the
+	  underlying socket.
+	* OpenSSL/SSL.py: Fixed a regression ``Context.check_privatekey``
+	  causing it to always succeed - even if it should fail.
+	* OpenSSL/crypto.py: Fixed a regression where calling ``load_pkcs7_data``
+	  with ``FILETYPE_ASN1`` would fail with a ``NameError``.
+	* OpenSSL/SSL.py: Fix a regression in which the first argument of
+
+-------------------------------------------------------------------
+Mon Feb 24 12:58:58 UTC 2014 - mvyskocil@suse.com
+
+- update to 0.14
+  * Support for TLSv1.1 and TLSv1.2
+  * First-class support for PyPy
+  * New flags, such as MODE_RELEASE_BUFFERS and OP_NO_COMPRESSION
+  * Some APIs to access to the SSL session cache
+  * A variety of bug fixes for error handling cases
+  * Documentation has been converted from LaTeX
+    + python-pyOpenSSL-doc is now build from single spec file
+  * pyOpenSSL now depends on cryptography, so it became pure-python
+    module
+    + changed to noarch package, add proper dependencies
+  * Development moved to github
+    + changed Url tag respectivelly
+- refreshed bug-lp-1265482.diff
+
+-------------------------------------------------------------------
+Thu Jan  2 11:17:23 UTC 2014 - dmueller@suse.com
+
+-Add bug-lp-1265482.diff; fix testsuite for SLE11 (bnc#855666) 
+
+-------------------------------------------------------------------
+Fri Sep 13 14:02:43 UTC 2013 - jmatejek@suse.com
+
+- update to 0.13.1
+  * fixes NUL byte handling in subjectAltName (bnc#839107, CVE-2013-4314)
+
+-------------------------------------------------------------------
+Fri Apr  5 07:54:12 UTC 2013 - speilicke@suse.com
+
+- Package LICENSE
+
+-------------------------------------------------------------------
+Mon Jul  9 18:34:08 PDT 2012 - msuman@opensuse.org
+
+- Update to version 0.13
+  * Add OPENSSL_VERSION_NUMBER, SSLeay_version and related
+    constants for retrieving version information about the
+    underlying OpenSSL library.
+  * Support OpenSSL 1.0.0a and related changes.
+  * Remove SSLv2 support if the underlying OpenSSL library does
+    not provide it.
+  * Add a new method to the X509 type, get_signature_algorithm.
+  * Add a new method to the Connection type, get_peer_cert_chain.
+  * Add the PKey.check method to verify the internal consistency
+    of a PKey instance.
+  * Bug fixes.
+
+-------------------------------------------------------------------
+Thu Sep  1 08:48:23 UTC 2011 - saschpe@suse.de
+
+- Changed license to Apache-2.0, to fix bnc#715423
+
+-------------------------------------------------------------------
+Wed Aug 31 14:21:58 UTC 2011 - saschpe@suse.de
+
+- Initial version, obsoletes 'python-openssl':
+  * Builds properly on all SUSE version
+  * Has real HTML documentation
+

saltbundlepy-pyopenssl.spec

@@ -0,0 +1,94 @@
+#
+# spec file for package saltbundlepy-pyopenssl
+#
+# Copyright (c) 2021 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%{?!saltbundlepy_module:%define saltbundlepy_module() saltbundlepy-%{**}}
+%define pythons saltbundlepy
+
+# Disable python bytecompile for all distros
+# It's called explicitly in the spec
+%global __brp_python_bytecompile %{nil}
+
+Name:           saltbundlepy-pyopenssl
+Version:        23.2.0
+Release:        0
+Summary:        Python wrapper module around the OpenSSL library
+License:        Apache-2.0
+Group:          Development/Languages/Python
+URL:            https://github.com/pyca/pyopenssl
+Source:         https://files.pythonhosted.org/packages/source/p/pyOpenSSL/pyOpenSSL-%{version}.tar.gz
+# PATCH-FIX-UPSTREAM skip-networked-test.patch gh#pyca/pyopenssl#68 mcepl@suse.com
+# Mark tests requiring network access
+Patch0:         skip-networked-test.patch
+# Fix problem with old versions of OpenSSL
+Patch1:         revert_switch_to_new_utils_deprecation.patch
+# Fix missing ASN1_STRING_get0_data definition in old OpenSSL versions
+Patch2:         fix-missing-ASN1_STRING_get0_data-in-old-openssl.patch
+BuildRequires:  %{saltbundlepy_module base >= 3.10}
+BuildRequires:  %{saltbundlepy_module cffi}
+BuildRequires:  %{saltbundlepy_module cryptography >= 2.3.0}
+%if %{with tests}
+BuildRequires:  %{saltbundlepy_module flaky}
+BuildRequires:  %{saltbundlepy_module pretend}
+BuildRequires:  %{saltbundlepy_module pytest >= 3.0.1}
+%endif
+BuildRequires:  %{saltbundlepy_module setuptools}
+BuildRequires:  %{saltbundlepy_module six}
+BuildRequires:  ca-certificates-mozilla
+BuildRequires:  fdupes
+BuildRequires:  openssl
+BuildRequires:  saltbundlepy-rpm-macros
+Requires:       saltbundlepy-cffi
+Requires:       saltbundlepy-cryptography >= 2.3.0
+Requires:       saltbundlepy-six >= 1.5.2
+BuildArch:      noarch
+%python_subpackages
+
+%description
+pyOpenSSL is a set of Python bindings for OpenSSL.  It includes some low-level
+cryptography APIs but is primarily focused on providing an API for using the
+TLS protocol from Python.
+
+pyOpenSSL is now a pure-Python project with a dependency on a new project,
+cryptography (<https://github.com/pyca/cryptography>), which provides (among
+other things) a cffi-based interface to OpenSSL.
+
+%prep
+%autosetup -p1 -n pyOpenSSL-%{version}
+
+%build
+%python_build
+
+%install
+%python_install
+%python_expand %fdupes %{buildroot}%{$python_sitelib}
+
+%if %{with tests}
+%check
+export LC_ALL=en_US.UTF-8
+%{python_expand export PYTHONPATH=%{buildroot}%{$python_sitelib}
+py.test-%{$python_bin_suffix} -m "not network"
+}
+%endif
+
+%files %{python_files}
+%license LICENSE
+%doc *.rst
+%{python_sitelib}/OpenSSL/
+%{python_sitelib}/pyOpenSSL-%{version}*-info
+
+%changelog

skip-networked-test.patch

@@ -0,0 +1,30 @@
+Index: pyOpenSSL-23.2.0/tests/test_ssl.py
+===================================================================
+--- pyOpenSSL-23.2.0.orig/tests/test_ssl.py
++++ pyOpenSSL-23.2.0/tests/test_ssl.py
+@@ -1252,6 +1252,7 @@ class TestContext:
+         reason="set_default_verify_paths appears not to work on Windows.  "
+         "See LP#404343 and LP#404344.",
+     )
++    @pytest.mark.network
+     def test_set_default_verify_paths(self):
+         """
+         `Context.set_default_verify_paths` causes the platform-specific CA
+Index: pyOpenSSL-23.2.0/setup.cfg
+===================================================================
+--- pyOpenSSL-23.2.0.orig/setup.cfg
++++ pyOpenSSL-23.2.0/setup.cfg
+@@ -1,6 +1,8 @@
+ [tool:pytest]
+ addopts = "-r s --strict-markers"
+ testpaths = tests
++markers =
++   network: test case requires network connection
+ 
+ [metadata]
+ license_file = LICENSE
+@@ -15,4 +17,3 @@ doc_files = doc/_build/html
+ [egg_info]
+ tag_build = 
+ tag_date = 0
+-