From a7a7f17c7df15cea4d2726d33de2515fca8b4ab92f9458924649012337ac8436 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= <adrian@suse.de>
Date: Fri, 3 May 2024 22:00:38 +0200
Subject: [PATCH] Sync from SUSE:SLFO:Main python-pyOpenSSL revision
 469e827b3d3221737fde36b4f6876194

---
 .gitattributes            |  23 ++
 _multibuild               |   3 +
 pyOpenSSL-24.0.0.tar.gz   |   3 +
 python-pyOpenSSL.changes  | 596 ++++++++++++++++++++++++++++++++++++++
 python-pyOpenSSL.spec     |  96 ++++++
 skip-networked-test.patch |  35 +++
 6 files changed, 756 insertions(+)
 create mode 100644 .gitattributes
 create mode 100644 _multibuild
 create mode 100644 pyOpenSSL-24.0.0.tar.gz
 create mode 100644 python-pyOpenSSL.changes
 create mode 100644 python-pyOpenSSL.spec
 create mode 100644 skip-networked-test.patch

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..9b03811
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
diff --git a/_multibuild b/_multibuild
new file mode 100644
index 0000000..fcc7b97
--- /dev/null
+++ b/_multibuild
@@ -0,0 +1,3 @@
+<multibuild>
+  <package>test</package>
+</multibuild>
diff --git a/pyOpenSSL-24.0.0.tar.gz b/pyOpenSSL-24.0.0.tar.gz
new file mode 100644
index 0000000..273e392
--- /dev/null
+++ b/pyOpenSSL-24.0.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6aa33039a93fffa4563e655b61d11364d01264be8ccb49906101e02a334530bf
+size 183238
diff --git a/python-pyOpenSSL.changes b/python-pyOpenSSL.changes
new file mode 100644
index 0000000..f1cb656
--- /dev/null
+++ b/python-pyOpenSSL.changes
@@ -0,0 +1,596 @@
+-------------------------------------------------------------------
+Mon Jan 29 21:16:31 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 24.0.0:
+  * Added OpenSSL.SSL.Connection.get_selected_srtp_profile to
+    determine which SRTP profile was negotiated. #1279.
+
+-------------------------------------------------------------------
+Mon Nov 27 08:52:41 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 23.3.0:
+  * Dropped support for Python 3.6.
+  * The minimum ``cryptography`` version is now 41.0.5.
+  * Removed ``OpenSSL.crypto.loads_pkcs7`` and
+    ``OpenSSL.crypto.loads_pkcs12`` which had been deprecated for
+    3 years.
+  * Added ``OpenSSL.SSL.OP_LEGACY_SERVER_CONNECT`` to allow
+    legacy insecure renegotiation between OpenSSL and unpatched
+    servers.
+  * Deprecated ``OpenSSL.crypto.PKCS12`` (which was intended to
+    have been deprecated at the same time as
+    ``OpenSSL.crypto.load_pkcs12``).
+  * Deprecated ``OpenSSL.crypto.NetscapeSPKI``.
+  * Deprecated ``OpenSSL.crypto.CRL``
+  * Deprecated ``OpenSSL.crypto.Revoked``
+  * Deprecated ``OpenSSL.crypto.load_crl`` and
+    ``OpenSSL.crypto.dump_crl``
+  * Deprecated ``OpenSSL.crypto.sign`` and
+    ``OpenSSL.crypto.verify``
+  * Deprecated ``OpenSSL.crypto.X509Extension``
+  * Changed ``OpenSSL.crypto.X509Store.add_crl`` to also accept
+  * ``cryptography``'s ``x509.CertificateRevocationList``
+    arguments in addition
+  * to the now deprecated ``OpenSSL.crypto.CRL`` arguments.
+  * Fixed ``test_set_default_verify_paths`` test so that it is
+    skipped if no network connection is available.
+
+-------------------------------------------------------------------
+Mon Jun 19 20:25:32 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 23.2.0:
+  * Removed ``X509StoreFlags.NOTIFY_POLICY``.
+  * ``cryptography`` maximum version has been increased to
+    41.0.x.
+  * Invalid versions are now rejected in
+    ``OpenSSL.crypto.X509Req.set_version``.
+  * Added ``X509VerificationCodes`` to ``OpenSSL.SSL``.
+
+-------------------------------------------------------------------
+Fri Apr 21 12:30:17 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- add sle15_python_module_pythons (jsc#PED-68)
+
+-------------------------------------------------------------------
+Thu Apr 13 22:43:49 UTC 2023 - Matej Cepl <mcepl@suse.com>
+
+- Make calling of %{sle15modernpython} optional.
+
+-------------------------------------------------------------------
+Tue Mar 28 15:40:13 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 23.1.1:
+  * Worked around an issue in OpenSSL 3.1.0 which caused
+    `X509Extension.get_short_name` to raise an exception when no
+    short name was known to OpenSSL.
+
+-------------------------------------------------------------------
+Mon Mar 27 07:54:16 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 23.1.0:
+  * ``cryptography`` maximum version has been increased to
+    40.0.x.
+  * Add ``OpenSSL.SSL.Connection.DTLSv1_get_timeout`` and
+    ``OpenSSL.SSL.Connection.DTLSv1_handle_timeout``
+    to support DTLS timeouts `#1180
+
+-------------------------------------------------------------------
+Mon Jan  2 18:47:06 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 23.0.0:
+  * Add ``OpenSSL.SSL.X509StoreFlags.PARTIAL_CHAIN`` constant to allow for
+    users
+  to perform certificate verification on partial certificate chains.
+  * ``cryptography`` maximum version has been increased to 39.0.x.
+- drop pyOpenSSL-pr1158-conditional-__all__.patch (upstream)
+
+-------------------------------------------------------------------
+Fri Oct 21 14:20:05 UTC 2022 - Ben Greiner <code@bnavigator.de>
+
+- Upstream post-release doc fix (gh#pyca/pyopenssl#1150)
+  * The minimum cryptography version is now 38.0.x (and we now pin
+    releases  against cryptography major versions to prevent future
+    breakage)
+- Add pyOpenSSL-pr1158-conditional-__all__.patch
+  gh#pyca/pyopenssl#1158
+
+-------------------------------------------------------------------
+Thu Sep 29 19:33:29 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 22.1.0:
+  * Remove support for SSLv2 and SSLv3.
+  * The minimum ``cryptography`` version is now 37.0.2.
+  * The ``OpenSSL.crypto.X509StoreContextError`` exception has been refactored,
+    changing its internal attributes.
+  * Add ``OpenSSL.SSL.Connection.set_verify`` and ``OpenSSL.SSL.Connection.get_verify_mode``
+    to override the context object's verification flags.
+  * Add ``OpenSSL.SSL.Connection.use_certificate`` and
+    ``OpenSSL.SSL.Connection.use_privatekey``
+    to set a certificate per connection (and not just per context)
+
+-------------------------------------------------------------------
+Wed Jun  1 08:25:21 UTC 2022 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Shift BuildRequires on openssl, it's only required for tests.
+
+-------------------------------------------------------------------
+Fri Feb  4 23:21:43 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 22.0.0:
+  - Drop support for Python 2.7.
+  - The minimum ``cryptography`` version is now 35.0.
+  - Expose wrappers for some `DTLS
+    <https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security>`_
+    primitives.
+- drop check_inv_ALPN_lists.patch: upstream
+
+-------------------------------------------------------------------
+Thu Dec  9 05:55:51 UTC 2021 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Inject multibuild to avoid a build loop.
+
+-------------------------------------------------------------------
+Sat Oct 30 19:08:35 UTC 2021 - Matej Cepl <mcepl@suse.com>
+
+- Add check_inv_ALPN_lists.patch checks for invalid ALPN lists
+  before calling OpenSSL (gh#pyca/pyopenssl#1056).
+
+-------------------------------------------------------------------
+Tue Oct 26 20:27:12 UTC 2021 - Dirk Müller <dmueller@suse.com>
+
+- update to 21.0.0 (bsc#1200771, jsc#SLE-24519):
+  - The minimum ``cryptography`` version is now 3.3.
+  - Drop support for Python 3.5
+  - Raise an error when an invalid ALPN value is set.
+  - Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``
+  - Updated ``to_cryptography`` and ``from_cryptography`` methods to support an
+    upcoming release of ``cryptography`` without raising deprecation warnings.
+
+-------------------------------------------------------------------
+Mon Feb  1 18:07:21 UTC 2021 - Dirk Müller <dmueller@suse.com>
+
+- update to 20.0.1:
+  - Fixed compatibility with OpenSSL 1.1.0.
+
+-------------------------------------------------------------------
+Tue Dec 22 22:28:30 UTC 2020 - Matej Cepl <mcepl@suse.com>
+
+- Adjust metadata for skip-networked-test.patch and refer to the proper
+  upstream ticket gh#pyca/pyopenssl#68.
+
+-------------------------------------------------------------------
+Fri Dec 11 13:21:19 UTC 2020 - Matej Cepl <mcepl@suse.com>
+
+- According to gh#pyca/pyopenssl#684 tests must run with TZ=UTC, also
+  skip test_verify_with_time on %ix86.
+
+-------------------------------------------------------------------
+Wed Dec  9 16:41:15 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to v20.0.0
+  - Backward-incompatible changes:
+    - The minimum cryptography version is now 3.2.
+    - Remove deprecated OpenSSL.tsafe module.
+    - Removed deprecated
+      OpenSSL.SSL.Context.set_npn_advertise_callback,
+      OpenSSL.SSL.Context.set_npn_select_callback, and
+      OpenSSL.SSL.Connection.get_next_proto_negotiated.
+    - Drop support for Python 3.4
+    - Drop support for OpenSSL 1.0.1 and 1.0.2
+  - Deprecations:
+    - Deprecated OpenSSL.crypto.loads_pkcs7 and
+      OpenSSL.crypto.loads_pkcs12.
+  - Changes:
+    - Added a new optional chain parameter to
+      OpenSSL.crypto.X509StoreContext() where additional untrusted
+      certificates can be specified to help chain building. #948
+    - Added OpenSSL.crypto.X509Store.load_locations to set trusted
+      certificate file bundles and/or directories for verification.
+      #943
+    - Added Context.set_keylog_callback to log key material. #910
+    - Added OpenSSL.SSL.Connection.get_verified_chain to retrieve
+      the verified certificate chain of the peer. #894.
+    - Make verification callback optional in Context.set_verify. If
+      omitted, OpenSSL’s default verification is used. #933
+    - Fixed a bug that could truncate or cause a zero-length key
+      error due to a null byte in private key passphrase in
+      OpenSSL.crypto.load_privatekey and
+      OpenSSL.crypto.dump_privatekey. #947
+- drop patch fix-compilation-2020.patch: no longer needed
+- refreshed patch skip-networked-test.patch
+
+-------------------------------------------------------------------
+Tue Feb 18 16:49:55 UTC 2020 - John Vandenberg <jayvdb@gmail.com>
+
+- Update to v19.1
+  * Removed deprecated aliases ContextType, ConnectionType, PKeyType, X509NameType,
+    X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType.
+    Use the classes without the ``Type`` suffix instead.
+  * The minimum ``cryptography`` version is now 2.8
+  * Deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback,
+    OpenSSL.SSL.Context.set_npn_select_callback, and
+    OpenSSL.SSL.Connection.get_next_proto_negotiated
+    ALPN should be used instead.
+  * Support bytearray in SSL.Connection.send() by using cffi's from_buffer
+  * The OpenSSL.SSL.Context.set_alpn_select_callback can return a new
+    NO_OVERLAPPING_PROTOCOLS sentinel value to allow a TLS handshake
+    to complete without an application protocol.
+
+-------------------------------------------------------------------
+Thu Aug 22 12:02:59 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com>
+
+- Add fix-compilation-2020.patch to fix tests after 2020
+
+-------------------------------------------------------------------
+Thu Mar  7 15:53:31 UTC 2019 - John Vandenberg <jayvdb@gmail.com>
+
+- Remove no longer necessary pytest argument -k "not test_export_text"
+
+-------------------------------------------------------------------
+Sat Mar  2 16:29:39 UTC 2019 - Ondřej Súkup <mimi.vx@gmail.com>
+
+- update to 19.0
+- fixed build deps.
+- drop patches: openssl-1.1.0i.patch
+                openssl-1.1.1.patch
+                opensuse_ca.patch
+                tls13-renegotiation.patch
+ * X509Store.add_cert no longer raises an error if you add a duplicate cert.
+ * pyOpenSSL now works with OpenSSL 1.1.1.
+ * pyOpenSSL now handles NUL bytes in X509Name.get_components()
+
+-------------------------------------------------------------------
+Fri Mar  1 18:06:10 UTC 2019 - Hans-Peter Jansen <hpj@urpla.net>
+
+- remove everything to build docs:
+  - local-intersphinx-inventories.patch
+  - fetch-intersphinx-inventories.sh
+  - python3.inv
+  - crypto.inv
+
+-------------------------------------------------------------------
+Mon Feb 25 19:56:35 UTC 2019 - Todd R <toddrme2178@gmail.com>
+
+- Add fetch-intersphinx-inventories.sh to sources
+
+-------------------------------------------------------------------
+Sat Feb  2 18:56:14 UTC 2019 - Hans-Peter Jansen <hpj@urpla.net>
+
+- add local-intersphinx-inventories.patch for generating the docs
+  correctly
+- add fetch-intersphinx-inventories.sh to fetch the inventories
+
+-------------------------------------------------------------------
+Tue Oct 30 13:41:43 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
+
+- handle that renegotiation is forbidden in TLS 1.3
+  * add tls13-renegotiation.patch
+
+-------------------------------------------------------------------
+Tue Oct 30 11:21:30 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
+
+- Add patch to fix issues with openssl 1.1.1:
+  * openssl-1.1.1.patch
+- Drop the downstream fix_test_suite.patch
+
+-------------------------------------------------------------------
+Tue Oct 30 01:06:28 CET 2018 - mcepl@suse.com
+
+- Add patch fix_test_suite.patch to allow test suite to pass with
+  OpenSSL 1.1.1.
+
+-------------------------------------------------------------------
+Fri Oct  5 14:31:59 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
+
+- OpenSSL changed X509_STORE_add_cert in 1.1.0i such that it no longer
+  raises an error if a duplicate cert is added (bsc#1110435)
+  * https://github.com/pyca/pyopenssl/pull/787
+  * add X509_STORE_add_cert.patch
+
+-------------------------------------------------------------------
+Fri Aug 24 09:08:36 UTC 2018 - tchvatal@suse.com
+
+- Add patch to work with openssl 1.1.0i+:
+  * openssl-1.1.0i.patch
+
+-------------------------------------------------------------------
+Thu Aug 16 15:48:21 UTC 2018 - tchvatal@suse.com
+
+- Update to 18.0.0:
+  * Update for new openssl 1.1.1
+- Remove not needed patches:
+  * bug-lp-1265482.diff
+  * rsa128-i586.patch
+
+-------------------------------------------------------------------
+Thu Jun 14 14:41:50 UTC 2018 - hpj@urpla.net
+
+- add missing python-cffi dependency
+
+-------------------------------------------------------------------
+Tue Feb 27 19:20:19 UTC 2018 - aplanas@suse.com
+
+- Use %__python3 macro to call Python 3 binary
+
+-------------------------------------------------------------------
+Fri Feb  2 11:36:18 UTC 2018 - tchvatal@suse.com
+
+- Update to 17.5.0:
+  * The minimum cryptography version is now 2.1.4.
+  * Fixed various memory leaks
+  * Various fuzz fixes
+  * See CHANGELOG.rst
+
+-------------------------------------------------------------------
+Wed Aug 23 05:26:31 UTC 2017 - tbechtold@suse.com
+
+- update to 17.2.0:
+  - Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead.
+  - Fixed a bug causing ``Context.set_default_verify_paths()`` to not work with
+    cryptography ``manylinux1`` wheels on Python 3.x.
+  - Fixed a crash with (EC)DSA signatures in some cases.
+  - Removed the deprecated ``OpenSSL.rand.egd()`` function.
+    Applications should prefer ``os.urandom()`` for random number generation.
+  - Removed the deprecated default ``digest`` argument to ``OpenSSL.crypto.CRL.export()``.
+    Callers must now always pass an explicit ``digest``.
+  - Fixed a bug with ``ASN1_TIME`` casting in ``X509.set_notBefore()``,
+    ``X509.set_notAfter()``, ``Revoked.set_rev_date()``, ``Revoked.set_nextUpdate()``,
+    and ``Revoked.set_lastUpdate()``. You must now pass times in the form
+    ``YYYYMMDDhhmmssZ``. ``YYYYMMDDhhmmss+hhmm`` and ``YYYYMMDDhhmmss-hhmm``
+    will no longer work. `#612 <https://github.com/pyca/pyopenssl/pull/612>`_
+  - Deprecated the legacy "Type" aliases: ``ContextType``, ``ConnectionType``,
+    ``PKeyType``, ``X509NameType``, ``X509ExtensionType``, ``X509ReqType``,
+    ``X509Type``, ``X509StoreType``, ``CRLType``, ``PKCS7Type``, ``PKCS12Type``,
+    ``NetscapeSPKIType``.
+    The names without the "Type"-suffix should be used instead.
+  - Added ``OpenSSL.crypto.X509.from_cryptography()`` and ``OpenSSL.crypto.X509.to_cryptography()``
+    for converting X.509 certificate to and from pyca/cryptography objects.
+  - Added ``OpenSSL.crypto.X509Req.from_cryptography()``, ``OpenSSL.crypto.X509Req.to_cryptography()``,
+    ``OpenSSL.crypto.CRL.from_cryptography()``, and ``OpenSSL.crypto.CRL.to_cryptography()``
+    for converting X.509 CSRs and CRLs to and from pyca/cryptography objects.
+  - Added ``OpenSSL.debug`` that allows to get an overview of used library versions
+    (including linked OpenSSL) and other useful runtime information using
+    ``python -m OpenSSL.debug``.
+  - Added a fallback path to ``Context.set_default_verify_paths()`` to accommodate
+    the upcoming release of ``cryptography`` ``manylinux1`` wheels.
+- Drop python-pyOpenSSL=replace-expired-cert.patch . Applied upstream.
+- Drop python-pyOpenSSL-always-overflow.patch. Applied upstream.
+
+-------------------------------------------------------------------
+Thu Aug 10 11:38:17 CEST 2017 - ro@suse.de
+
+- add patch to always trigger overflow in the testsuite
+  (gh#pyca/pyopenssl#657) b3460c6a9a45a016d1ab65c149c606fa3f07096d
+
+  python-pyOpenSSL-always-overflow.patch
+
+-------------------------------------------------------------------
+Tue Jun 13 07:05:41 UTC 2017 - dimstar@opensuse.org
+
+- Add python-pyOpenSSL=replace-expired-cert.patch: the root cert
+  expired, mking the test suite fail. Replace the certificate with
+  a new one, valid for 20 years (gh#pyca/pyopenssl#637).
+
+-------------------------------------------------------------------
+Fri May  5 21:32:55 UTC 2017 - toddrme2178@gmail.com
+
+- Fix Provides/Obsoletes.
+
+-------------------------------------------------------------------
+Wed Apr 26 14:20:27 UTC 2017 - toddrme2178@gmail.com
+
+- Implement single-spec version
+- Fix source URL
+- Update to 17.0.0
+  * Added ``OpenSSL.X509Store.set_time()`` to set a custom
+    verification time when verifying certificate chains.
+  * Added a collection of functions for working with OCSP stapling.
+    None of these functions make it possible to validate OCSP
+    assertions, only to staple them into the handshake and to
+    retrieve the stapled assertion if provided.
+    Users will need to write their own code to handle OCSP
+    assertions.
+    We specifically added: ``Context.set_ocsp_server_callback``,
+    ``Context.set_ocsp_client_callback``, and
+    ``Connection.request_ocsp``.
+  * Changed the ``SSL`` module's memory allocation policy to
+    avoid zeroing memory it allocates when unnecessary.
+    This reduces CPU usage and memory allocation time by an amount
+    proportional to the size of the allocation.
+    For applications that process a lot of TLS data or that use
+    very lage allocations this can provide considerable performance
+    improvements.
+  * Automatically set ``SSL_CTX_set_ecdh_auto()`` on
+    ``OpenSSL.SSL.Context``.
+  - Fix empty exceptions from ``OpenSSL.crypto.load_privatekey()``.
+- Rebase bug-lp-1265482.diff
+- Rebase rsa128-i586.patch
+- Rebase skip-networked-test.patch
+
+-------------------------------------------------------------------
+Wed Nov 16 07:46:25 UTC 2016 - dmueller@suse.com
+
+- fix source url
+
+-------------------------------------------------------------------
+Tue Nov 15 09:39:09 UTC 2016 - mlin@suse.com
+
+- Change source url to pypi.io
+  * version 16.2.0 source tarball failed to download from pypi.python.org
+
+-------------------------------------------------------------------
+Mon Nov 14 08:46:18 UTC 2016 - mlin@suse.com
+
+- Update to 16.2.0
+  * Deprecations
+  ** Dropped support for OpenSSL 0.9.8.
+  * Changes
+  ** Fix memory leak in OpenSSL.crypto.dump_privatekey() with FILETYPE_TEXT. #496
+  ** Enable use of CRL (and more) in verify context. #483
+  ** OpenSSL.crypto.PKey can now be constructed from cryptography objects and also
+     exported as such. #439
+  ** Support newer versions of cryptography which use opaque structs for OpenSSL
+     1.1.0 compatibility.
+  ** Fixed compatibility errors with OpenSSL 1.1.0.
+  ** Fixed an issue that caused failures with subinterpreters and embedded Pythons.
+     #552
+
+-------------------------------------------------------------------
+Mon May 16 15:29:16 UTC 2016 - jmatejek@suse.com
+
+- added %check section with testsuite
+- skip-networked-test.patch - mark a test as networked so that we can
+  specify non-network test run
+- rsa128-i586.patch - sidestep a crasher bug on 32bit platforms
+  by generating reasonably-sized RSA keys instead of small 128bit ones
+
+-------------------------------------------------------------------
+Mon May  9 09:54:12 UTC 2016 - hpj@urpla.net
+
+- update to 16.0.0
+  Backward-incompatible changes:
+  * Python 3.2 support has been dropped. It never had significant real world
+    usage and has been dropped by our main dependency cryptography. Affected
+    users should upgrade to Python 3.3 or later.
+  Deprecations:
+  * The support for EGD has been removed. The only affected function
+    OpenSSL.rand.egd() now uses os.urandom() to seed the internal PRNG instead.
+    Please see pyca/cryptography#1636 for more background information on this
+    decision. In accordance with our backward compatibility policy
+    OpenSSL.rand.egd() will be removed no sooner than a year from the release of
+    16.0.0.
+  * Please note that you should use urandom for all your secure random number
+    needs.
+  * Python 2.6 support has been deprecated. Our main dependency cryptography
+    deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually
+    dropping it. pyOpenSSL will drop Python 2.6 support once cryptography does.
+  Changes:
+  * Fixed OpenSSL.SSL.Context.set_session_id, OpenSSL.SSL.Connection.renegotiate,
+    OpenSSL.SSL.Connection.renegotiate_pending, and
+    OpenSSL.SSL.Context.load_client_ca. They were lacking an implementation since
+    0.14. #422
+  * Fixed segmentation fault when using keys larger than 4096-bit to sign data.
+    #428
+  * Fixed AttributeError when OpenSSL.SSL.Connection.get_app_data() was called
+    before setting any app data. #304
+  * Added OpenSSL.crypto.dump_publickey() to dump OpenSSL.crypto.PKey objects
+    that represent public keys, and OpenSSL.crypto.load_publickey() to load such
+    objects from serialized representations. #382
+  * Added OpenSSL.crypto.dump_crl() to dump a certificate revocation list out to
+    a string buffer. #368
+  * Added OpenSSL.SSL.Connection.get_state_string() using the OpenSSL binding
+    state_string_long. #358
+  * Added support for the socket.MSG_PEEK flag to OpenSSL.SSL.Connection.recv()
+    and OpenSSL.SSL.Connection.recv_into(). #294
+  * Added OpenSSL.SSL.Connection.get_protocol_version() and
+    OpenSSL.SSL.Connection.get_protocol_version_name(). #244
+  * Switched to utf8string mask by default. OpenSSL formerly defaulted to a
+    T61String if there were UTF-8 characters present. This was changed to
+    default to UTF8String in the config around 2005, but the actual code didn’t
+    change it until late last year. This will default us to the setting that
+    actually works. To revert this you can call
+    OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default"). #234
+
+- fixed paths in bug-lp-1265482.diff
+- fixed doc generation
+- spec clean up
+
+-------------------------------------------------------------------
+Tue Jul 14 13:07:00 UTC 2015 - toddrme2178@gmail.com
+
+- Fix building on SLES 11
+
+-------------------------------------------------------------------
+Wed Apr 22 09:50:09 UTC 2015 - mcihar@suse.cz
+
+- Do not hardcode version in file list
+
+-------------------------------------------------------------------
+Wed Apr 22 09:42:53 UTC 2015 - mcihar@suse.cz
+
+- udapte to 0.15.1
+	* OpenSSL/SSL.py, OpenSSL/test/test_ssl.py: Fix a regression
+	  present in 0.15, where when an error occurs and no errno() is set,
+	  a KeyError is raised.  This happens, for example, if
+	  Connection.shutdown() is called when the underlying transport has
+	  gone away.
+	* OpenSSL/rand.py, OpenSSL/SSL.py: APIs which previously accepted
+	  filenames only as bytes now accept them as either bytes or
+	  unicode (and respect sys.getfilesystemencoding()).
+	* OpenSSL/SSL.py: Add Cory Benfield's next-protocol-negotiation
+	  (NPN) bindings.
+	* OpenSSL/SSL.py: Add ``Connection.recv_into``, mirroring the
+	  builtin ``socket.recv_into``.  Based on work from Cory Benfield.
+	* OpenSSL/test/test_ssl.py: Add tests for ``recv_into``.
+	* OpenSSL/crypto.py: Expose ``X509StoreContext`` for verifying certificates.
+	* OpenSSL/test/test_crypto.py: Add intermediate certificates for
+	* OpenSSL/SSL.py: ``Connection.shutdown`` now propagates errors from the
+	  underlying socket.
+	* OpenSSL/SSL.py: Fixed a regression ``Context.check_privatekey``
+	  causing it to always succeed - even if it should fail.
+	* OpenSSL/crypto.py: Fixed a regression where calling ``load_pkcs7_data``
+	  with ``FILETYPE_ASN1`` would fail with a ``NameError``.
+	* OpenSSL/SSL.py: Fix a regression in which the first argument of
+
+-------------------------------------------------------------------
+Mon Feb 24 12:58:58 UTC 2014 - mvyskocil@suse.com
+
+- update to 0.14
+  * Support for TLSv1.1 and TLSv1.2
+  * First-class support for PyPy
+  * New flags, such as MODE_RELEASE_BUFFERS and OP_NO_COMPRESSION
+  * Some APIs to access to the SSL session cache
+  * A variety of bug fixes for error handling cases
+  * Documentation has been converted from LaTeX
+    + python-pyOpenSSL-doc is now build from single spec file
+  * pyOpenSSL now depends on cryptography, so it became pure-python
+    module
+    + changed to noarch package, add proper dependencies
+  * Development moved to github
+    + changed Url tag respectivelly
+- refreshed bug-lp-1265482.diff
+
+-------------------------------------------------------------------
+Thu Jan  2 11:17:23 UTC 2014 - dmueller@suse.com
+
+-Add bug-lp-1265482.diff; fix testsuite for SLE11 (bnc#855666)
+
+-------------------------------------------------------------------
+Fri Sep 13 14:02:43 UTC 2013 - jmatejek@suse.com
+
+- update to 0.13.1
+  * fixes NUL byte handling in subjectAltName (bnc#839107, CVE-2013-4314)
+
+-------------------------------------------------------------------
+Fri Apr  5 07:54:12 UTC 2013 - speilicke@suse.com
+
+- Package LICENSE
+
+-------------------------------------------------------------------
+Mon Jul  9 18:34:08 PDT 2012 - msuman@opensuse.org
+
+- Update to version 0.13
+  * Add OPENSSL_VERSION_NUMBER, SSLeay_version and related
+    constants for retrieving version information about the
+    underlying OpenSSL library.
+  * Support OpenSSL 1.0.0a and related changes.
+  * Remove SSLv2 support if the underlying OpenSSL library does
+    not provide it.
+  * Add a new method to the X509 type, get_signature_algorithm.
+  * Add a new method to the Connection type, get_peer_cert_chain.
+  * Add the PKey.check method to verify the internal consistency
+    of a PKey instance.
+  * Bug fixes.
+
+-------------------------------------------------------------------
+Thu Sep  1 08:48:23 UTC 2011 - saschpe@suse.de
+
+- Changed license to Apache-2.0, to fix bnc#715423
+
+-------------------------------------------------------------------
+Wed Aug 31 14:21:58 UTC 2011 - saschpe@suse.de
+
+- Initial version, obsoletes 'python-openssl':
+  * Builds properly on all SUSE version
+  * Has real HTML documentation
+
diff --git a/python-pyOpenSSL.spec b/python-pyOpenSSL.spec
new file mode 100644
index 0000000..cb3ee2d
--- /dev/null
+++ b/python-pyOpenSSL.spec
@@ -0,0 +1,96 @@
+#
+# spec file for package python-pyOpenSSL
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%global flavor @BUILD_FLAVOR@%{nil}
+%if "%{flavor}" == "test"
+%define psuffix -test
+%bcond_without test
+%else
+%define psuffix %{nil}
+%bcond_with test
+%endif
+%{?sle15_python_module_pythons}
+Name:           python-pyOpenSSL%{psuffix}
+Version:        24.0.0
+Release:        0
+Summary:        Python wrapper module around the OpenSSL library
+License:        Apache-2.0
+URL:            https://github.com/pyca/pyopenssl
+Source:         https://files.pythonhosted.org/packages/source/p/pyOpenSSL/pyOpenSSL-%{version}.tar.gz
+# PATCH-FIX-UPSTREAM skip-networked-test.patch gh#pyca/pyopenssl#68 mcepl@suse.com
+# Mark tests requiring network access
+Patch0:         skip-networked-test.patch
+BuildRequires:  %{python_module cffi}
+BuildRequires:  %{python_module setuptools}
+BuildRequires:  fdupes
+BuildRequires:  python-rpm-macros
+Requires:       python-cffi
+Requires:       (python-cryptography >= 41.0.5 with python-cryptography < 43)
+Provides:       pyOpenSSL = %{version}
+BuildArch:      noarch
+%if %{with test}
+BuildRequires:  %{python_module cryptography >= 41.0.5 with %python-cryptography < 43}
+BuildRequires:  %{python_module flaky}
+BuildRequires:  %{python_module pretend}
+BuildRequires:  %{python_module pyOpenSSL >= %version}
+BuildRequires:  %{python_module pytest >= 3.0.1}
+BuildRequires:  ca-certificates-mozilla
+BuildRequires:  openssl
+%endif
+%python_subpackages
+
+%description
+pyOpenSSL is a set of Python bindings for OpenSSL.  It includes some low-level
+cryptography APIs but is primarily focused on providing an API for using the
+TLS protocol from Python.
+
+pyOpenSSL is now a pure-Python project with a dependency on a new project,
+cryptography (<https://github.com/pyca/cryptography>), which provides (among
+other things) a cffi-based interface to OpenSSL.
+
+%prep
+%autosetup -p1 -n pyOpenSSL-%{version}
+
+%build
+%python_build
+
+%install
+%if !%{with test}
+%python_install
+%python_expand %fdupes %{buildroot}%{$python_sitelib}
+%endif
+
+%check
+%if %{with test}
+SKIPPED_TESTS="network"
+%if %{__isa_bits} == 32
+SKIPPED_TESTS="(network or test_verify_with_time)"
+%endif
+export LC_ALL=en_US.UTF-8
+%pytest -k "not $SKIPPED_TESTS"
+%endif
+
+%if !%{with test}
+%files %{python_files}
+%license LICENSE
+%doc *.rst
+%{python_sitelib}/OpenSSL/
+%{python_sitelib}/pyOpenSSL-%{version}*-info
+%endif
+
+%changelog
diff --git a/skip-networked-test.patch b/skip-networked-test.patch
new file mode 100644
index 0000000..9bb78c4
--- /dev/null
+++ b/skip-networked-test.patch
@@ -0,0 +1,35 @@
+Index: pyOpenSSL-24.0.0/tests/test_ssl.py
+===================================================================
+--- pyOpenSSL-24.0.0.orig/tests/test_ssl.py
++++ pyOpenSSL-24.0.0/tests/test_ssl.py
+@@ -1250,6 +1250,7 @@ class TestContext:
+         reason="set_default_verify_paths appears not to work on Windows.  "
+         "See LP#404343 and LP#404344.",
+     )
++    @pytest.mark.network
+     def test_set_default_verify_paths(self):
+         """
+         `Context.set_default_verify_paths` causes the platform-specific CA
+Index: pyOpenSSL-24.0.0/setup.cfg
+===================================================================
+--- pyOpenSSL-24.0.0.orig/setup.cfg
++++ pyOpenSSL-24.0.0/setup.cfg
+@@ -11,4 +11,3 @@ doc_files = doc/_build/html
+ [egg_info]
+ tag_build = 
+ tag_date = 0
+-
+Index: pyOpenSSL-24.0.0/pyproject.toml
+===================================================================
+--- pyOpenSSL-24.0.0.orig/pyproject.toml
++++ pyOpenSSL-24.0.0/pyproject.toml
+@@ -42,6 +42,9 @@ ignore_missing_imports = true
+ [tool.pytest.ini_options]
+ addopts = "-r s --strict-markers"
+ testpaths = ["tests"]
++markers = [
++    "network: test case requires network connection",
++]
+ 
+ [tool.ruff]
+ select = ['E', 'F', 'I', 'W', 'UP', 'RUF']