From 205507e79b7111ebf3132a05c9e8eeef55c363fe17f2431585dab278de8504e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 3 May 2024 22:53:27 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main python-rsa revision 4c126a811eced23a98865bb1f741f9ce --- .gitattributes | 23 +++++ python-rsa.changes | 215 +++++++++++++++++++++++++++++++++++++++++++++ python-rsa.spec | 105 ++++++++++++++++++++++ rsa-4.9.tar.gz | 3 + 4 files changed, 346 insertions(+) create mode 100644 .gitattributes create mode 100644 python-rsa.changes create mode 100644 python-rsa.spec create mode 100644 rsa-4.9.tar.gz diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/python-rsa.changes b/python-rsa.changes new file mode 100644 index 0000000..10f6e96 --- /dev/null +++ b/python-rsa.changes @@ -0,0 +1,215 @@ +------------------------------------------------------------------- +Fri Apr 21 12:33:27 UTC 2023 - Dirk Müller + +- add sle15_python_module_pythons (jsc#PED-68) + +------------------------------------------------------------------- +Thu Apr 13 22:44:38 UTC 2023 - Matej Cepl + +- Make calling of %{sle15modernpython} optional. + +------------------------------------------------------------------- +Sun Jul 24 08:44:38 UTC 2022 - Dirk Müller + +- update to 4.9: + * Remove debug logging from `rsa/key.py` + * Remove overlapping slots in `PrivateKey` and `PublicKey`. + * Do not include CHANGELOG/LICENSE/README.md in wheel + * Fixed Key Generation Unittest: Public and Private keys are assigned the wrong way around + +------------------------------------------------------------------- +Sat Jun 25 20:49:54 UTC 2022 - Dirk Müller + +- update to 4.8: + - Switch to [Poetry](https://python-poetry.org/) for dependency and release management. + - Compatibility with Python 3.10. + - Chain exceptions using `raise new_exception from old_exception` + - Added marker file for PEP 561. This will allow type checking tools in dependent projects + - Use the Chinese Remainder Theorem when decrypting with a private key. This + makes decryption 2-4x faster + +------------------------------------------------------------------- +Mon Aug 23 14:46:41 UTC 2021 - Stefan Schubert + +- Use libalternatives instead of update-alternatives. + +------------------------------------------------------------------- +Tue Mar 2 00:30:30 UTC 2021 - Dirk Müller + +- update to 4.7.2: + * Fix picking/unpickling issue introduced in 4.7 + * Fix threading issue introduced in 4.7 + +------------------------------------------------------------------- +Thu Jan 28 23:02:47 UTC 2021 - Dirk Müller + +- update to 4.7 (CVE-2020-25658 bsc#1178676): + * CVE-2020-25658 - Bleichenbacher-style timing oracle in PKCS#1 v1.5 decryption code + * Add padding length check as described by PKCS#1 v1.5 + * Reuse of blinding factors to speed up blinding operations. + * Declare & test support for Python 3.9 + +------------------------------------------------------------------- +Wed Dec 9 10:45:29 UTC 2020 - Benjamin Greiner + +- Remove mypy test requirement. The test calls mypy via its API. + But mypy as importable module is only available for the default + python3 flavor. For packaging, we don't need to run the static + type checker at all. +- Remove mock requirement. + +------------------------------------------------------------------- +Sun Aug 16 21:04:02 UTC 2020 - John Vandenberg + +- Replace setup.py test with pytest +- Remove %bcond_without tests + +------------------------------------------------------------------- +Tue Jun 23 15:36:45 UTC 2020 - Dirk Mueller + +- update to 4.6.0 (CVE-2020-13757 bsc#1172389): + * Choose blinding factor relatively prime to N. Thanks Christian Heimes for pointing this out. + * Reject cyphertexts (when decrypting) and signatures (when verifying) that have been modified by prepending zero bytes. This resolves CVE-2020-13757. Thanks Carnil for pointing this out. + * Rolled back the switch to Poetry, and reverted back to using Pipenv + setup.py for dependency management. There apparently is an issue no-binary installs of packages build with Poetry. This fixes #148 +Limited SHA3 support to those Python versions (3.6+) that support it natively. The third-party library that adds support for this to Python 3.5 is a binary package, and thus breaks the pure-Python nature of Python-RSA. This should fix #147. + * Added support for Python 3.8. + * Dropped support for Python 2 and 3.4. + * Added type annotations to the source code. This will make Python-RSA easier to use in your IDE, and allows better type checking. + * Added static type checking via MyPy. + * Fix #129 Installing from source gives UnicodeDecodeError. + * Switched to using Poetry for package management. + * Choose blinding factor relatively prime to N. Thanks Christian Heimes for pointing this out. + * Reject cyphertexts (when decrypting) and signatures (when verifying) that + * have been modified by prepending zero bytes. This resolves CVE-2020-13757. + +------------------------------------------------------------------- +Sat Mar 23 18:54:24 UTC 2019 - Dirk Mueller + +- fix build on older distributions + +------------------------------------------------------------------- +Sat Feb 16 13:51:23 UTC 2019 - John Vandenberg + +- Update to v 4.0.0 + * Removed deprecated modules: + + rsa.varblock + + rsa.bigfile + + rsa._version133 + + rsa._version200 + * Removed CLI commands that use the VARBLOCK/bigfile format. + * Ensured that PublicKey.save_pkcs1() and PrivateKey.save_pkcs1() always return bytes. + * Dropped support for Python 2.6 and 3.3. + * Dropped support for Psyco. + * Miller-Rabin iterations determined by bitsize of key. + * Added function `rsa.find_signature_hash()` to return the name of the + hashing algorithm used to sign a message. `rsa.verify()` now also + returns that name, instead of always returning `True`. + * Add support for SHA-224 for PKCS1 signatures. + * Transitioned from `requirements.txt` to Pipenv for package management. + +------------------------------------------------------------------- +Tue Dec 4 12:53:58 UTC 2018 - Matej Cepl + +- Remove superfluous devel dependency for noarch package + +------------------------------------------------------------------- +Mon May 1 16:30:14 UTC 2017 - toddrme2178@gmail.com + +- Update to Version 3.4.2 + * Fixed dates in CHANGELOG.txt +- Update to Version 3.4.1 + * Included tests/private.pem in MANIFEST.in + * Included README.md and CHANGELOG.txt in MANIFEST.in +- Update to Version 3.4 + * Moved development to Github: https://github.com/sybrenstuvel/python-rsa + * Solved side-channel vulnerability by implementing blinding, fixes #19 + * Deprecated the VARBLOCK format and rsa.bigfile module due to security issues, see + https://github.com/sybrenstuvel/python-rsa/issues/13 + * Integration with Travis-CI, Coveralls and Code Climate + * Deprecated the old rsa._version133 and rsa._version200 submodules, they will be + completely removed in version 4.0. + * Add an 'exponent' argument to key.newkeys() + * Switched from Solovay-Strassen to Miller-Rabin primality testing, to + comply with NIST FIPS 186-4 as probabilistic primality test + (Appendix C, subsection C.3): + * Fixed bugs #12, #14, #27, #30, #49 +- Update to Version 3.3 + * Thanks to Filippo Valsorda: Fix BB'06 attack in verify() by + switching from parsing to comparison. + * Simplified Tox configuration and dropped Python 3.2 support. The + coverage package uses a u'' prefix, which was reintroduced in 3.3 + for ease of porting. +- Update to Version 3.2.3 + * Added character encoding markers for Python 2.x +- Update to Version 3.2.1 + * Added per-file licenses + * Added support for wheel packages + * Made example code more consistent and up to date with Python 3.4 +- Update to Version 3.2 + * Mentioned support for Python 3 in setup.py +- Implement single-spec version. +- Fix source URL. +- Remove cve_2016-1494.diff, fixed in latest version. + +------------------------------------------------------------------- +Tue Jan 5 18:39:56 UTC 2016 - rjschwei@suse.com + +- Fix CVE 2016-1494 (bsc#960680) + - Add patch cve_2016-1494.diff + +------------------------------------------------------------------- +Tue Dec 1 15:02:09 UTC 2015 - rjschwei@suse.com + +- Include version 3.1.4 in SLE 12 (FATE#319904, bsc#954690) + +------------------------------------------------------------------- +Fri Nov 20 17:53:48 UTC 2015 - p.drouand@gmail.com + +- Fix coreutils requirement + +------------------------------------------------------------------- +Wed Sep 23 11:35:21 UTC 2015 - rjschwei@suse.com + +- require coreutils (bsc#935595) + + %pre section uses rm which is part of coreutils package + +------------------------------------------------------------------- +Tue May 12 14:50:12 UTC 2015 - benoit.monin@gmx.fr + +- update to version 3.1.4: + * no changelog available +- add test dependency python-unittest2 +- fix update-alternatives +- run the tests with run_tests.py +- add README.rst to the package documentation + +------------------------------------------------------------------- +Sat Nov 08 20:23:00 UTC 2014 - Led + +- fix bashisms in pre script + +------------------------------------------------------------------- +Fri Oct 11 23:06:55 UTC 2013 - p.drouand@gmail.com + +- Update to version 3.1.2 + + No changelog available +- Replace python-distribute with python-setuptools BuildRequires +- Remove rsa-use-system-setuptools.patch; merged upstream +- Implement update-alternatives + +------------------------------------------------------------------- +Mon Aug 12 15:26:44 UTC 2013 - speilicke@suse.com + +- Add rsa-use-system-setuptools.patch + +------------------------------------------------------------------- +Fri Nov 23 11:18:01 UTC 2012 - speilicke@suse.com + +- Update to version 3.1.1: + + Upstream provides no changelog + +------------------------------------------------------------------- +Fri May 18 00:58:19 UTC 2012 - jfunk@funktronics.ca + +- Initial release + diff --git a/python-rsa.spec b/python-rsa.spec new file mode 100644 index 0000000..ff26218 --- /dev/null +++ b/python-rsa.spec @@ -0,0 +1,105 @@ +# +# spec file for package python-rsa +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%if 0%{?suse_version} > 1500 +%bcond_without libalternatives +%else +%bcond_with libalternatives +%endif + +%{?!python_module:%define python_module() python-%{**} python3-%{**}} +%define skip_python2 1 +%{?sle15_python_module_pythons} +Name: python-rsa +Version: 4.9 +Release: 0 +Summary: Pure-Python RSA Implementation +License: Apache-2.0 +Group: Development/Languages/Python +URL: https://stuvel.eu/rsa +Source: https://files.pythonhosted.org/packages/source/r/rsa/rsa-%{version}.tar.gz +BuildRequires: %{python_module setuptools} +BuildRequires: fdupes +BuildRequires: python-rpm-macros >= 20210929 +Requires: python-pyasn1 >= 0.1.3 +%if %{with libalternatives} +Requires: alts +BuildRequires: alts +%else +Requires(post): update-alternatives +Requires(preun):update-alternatives +%endif +Requires(pre): coreutils +BuildArch: noarch +# SECTION test requirements +BuildRequires: %{python_module pyasn1 >= 0.1.3} +BuildRequires: %{python_module pytest} +# /SECTION +%python_subpackages + +%description +Python-RSA is a pure-Python RSA implementation. It supports encryption and +decryption, signing and verifying signatures, and key generation according to +PKCS#1 version 1.5. + +%prep +%setup -q -n rsa-%{version} + +%build +export LC_ALL=en_US.utf8 +%python_build + +%install +export LC_ALL=en_US.utf8 +%python_install +%python_expand %fdupes %{buildroot}%{$python_sitelib} + +%python_clone -a %{buildroot}%{_bindir}/pyrsa-priv2pub +%python_clone -a %{buildroot}%{_bindir}/pyrsa-decrypt +%python_clone -a %{buildroot}%{_bindir}/pyrsa-encrypt +%python_clone -a %{buildroot}%{_bindir}/pyrsa-keygen +%python_clone -a %{buildroot}%{_bindir}/pyrsa-sign +%python_clone -a %{buildroot}%{_bindir}/pyrsa-verify + +%pre +# If libalternatives is used: Removing old update-alternatives entries. +%python_libalternatives_reset_alternative pyrsa-priv2pub + +%post +%{python_install_alternative pyrsa-priv2pub pyrsa-decrypt pyrsa-encrypt pyrsa-keygen pyrsa-sign pyrsa-verify} + +%preun +%python_uninstall_alternative pyrsa-priv2pub + +%check +# don't run the static type checker test -- mypy is only available for the default python3 flavor +# pytest --ignore tests/test_mypy.py + +%files %{python_files} +%license LICENSE +%doc README.md +%python_alternative %{_bindir}/pyrsa-decrypt +%python_alternative %{_bindir}/pyrsa-encrypt +%python_alternative %{_bindir}/pyrsa-keygen +%python_alternative %{_bindir}/pyrsa-priv2pub +%python_alternative %{_bindir}/pyrsa-sign +%python_alternative %{_bindir}/pyrsa-verify +%{python_sitelib}/rsa +%{python_sitelib}/rsa-%{version}*-info + +%changelog diff --git a/rsa-4.9.tar.gz b/rsa-4.9.tar.gz new file mode 100644 index 0000000..f25d356 --- /dev/null +++ b/rsa-4.9.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e38464a49c6c85d7f1351b0126661487a7e0a14a50f1675ec50eb34d4f20ef21 +size 29711