Accepting request 900001 from devel:languages:python
- Update to 0.38.0: - Remove the last use of setup.py test idiom. - Use m2_PyObject_AsReadBuffer instead of PyObject_AsReadBuffer. - Add support for arm64 big endian <Steev Klimaszewski> - Make support of RSA_SSLV23_PADDING optional (it has been deprecated). - Move project to src/ layout - Allow verify_cb_* to be called with ok=True <Casey Deccio> - Be prepared if any of constants in x509_vfy.h is not available. - But we do support 3.8 - We DO NOT support Python 2.6. - All patches were upstreamed: - 293_sslv23_padding.patch - no-need-parameterized.patch - python-M2Crypto-Allow-on-UNABLE_TO_VERIFY_LEAF_SIGNATURE.patch OBS-URL: https://build.opensuse.org/request/show/900001 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-M2Crypto?expand=0&rev=41
This commit is contained in:
commit
d83e999665
@ -1,14 +0,0 @@
|
|||||||
--- a/tests/test_rsa.py
|
|
||||||
+++ b/tests/test_rsa.py
|
|
||||||
@@ -124,11 +124,6 @@ class RSATestCase(unittest.TestCase):
|
|
||||||
ptxt = priv.private_decrypt(ctxt, p)
|
|
||||||
self.assertEqual(ptxt, self.data)
|
|
||||||
|
|
||||||
- # sslv23_padding
|
|
||||||
- ctxt = priv.public_encrypt(self.data, RSA.sslv23_padding)
|
|
||||||
- res = priv.private_decrypt(ctxt, RSA.sslv23_padding)
|
|
||||||
- self.assertEqual(res, self.data)
|
|
||||||
-
|
|
||||||
# no_padding
|
|
||||||
with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
|
|
||||||
priv.public_encrypt(self.data, RSA.no_padding)
|
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:e4e42f068b78ccbf113e5d0a72ae5f480f6c3ace4940b91e4fff5598cfff6fb3
|
|
||||||
size 1247031
|
|
@ -1,6 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iF0EABECAB0WIQSJ70vGKIq/QxurJcPgn+8l2WSErAUCX8/GrwAKCRDgn+8l2WSE
|
|
||||||
rAITAJ95Tn9v9Mr0kBf6bbbzEk6vYxV1hQCeLpgKge5XRjV3hse/9PBvzZRvZTo=
|
|
||||||
=6EAh
|
|
||||||
-----END PGP SIGNATURE-----
|
|
BIN
M2Crypto-0.38.0.tar.gz
(Stored with Git LFS)
Normal file
BIN
M2Crypto-0.38.0.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
6
M2Crypto-0.38.0.tar.gz.asc
Normal file
6
M2Crypto-0.38.0.tar.gz.asc
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iF0EABECAB0WIQSJ70vGKIq/QxurJcPgn+8l2WSErAUCYMfDmAAKCRDgn+8l2WSE
|
||||||
|
rJjeAJ9020kzL4u/p/KNnH3ei4EKFeJJhQCfcHKVJ0exSXSIj8/xbAdSKRvl8uQ=
|
||||||
|
=Q+r2
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,14 +0,0 @@
|
|||||||
--- a/setup.py
|
|
||||||
+++ b/setup.py
|
|
||||||
@@ -33,9 +33,9 @@ logging.basicConfig(format='%(levelname)
|
|
||||||
stream=sys.stdout, level=logging.INFO)
|
|
||||||
log = logging.getLogger('setup')
|
|
||||||
|
|
||||||
-requires_list = ['parameterized']
|
|
||||||
+requires_list = []
|
|
||||||
if (2, 6) < sys.version_info[:2] < (3, 5):
|
|
||||||
- requires_list = ['typing']
|
|
||||||
+ requires_list.append('typing')
|
|
||||||
if sys.version_info[0] > 2:
|
|
||||||
from typing import Dict, List
|
|
||||||
|
|
@ -1,47 +0,0 @@
|
|||||||
From 73fbd1e646f6bbf202d4418bae80eb9941fbf552 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Casey Deccio <casey@deccio.net>
|
|
||||||
Date: Fri, 8 Jan 2021 12:43:09 -0700
|
|
||||||
Subject: [PATCH] Allow verify_cb_* to be called with ok=True
|
|
||||||
|
|
||||||
With https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58
|
|
||||||
OpenSSL allowed verificaton to continue on UNABLE_TO_VERIFY_LEAF_SIGNATURE
|
|
||||||
---
|
|
||||||
tests/test_ssl.py | 14 ++++++++++++--
|
|
||||||
1 file changed, 12 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tests/test_ssl.py b/tests/test_ssl.py
|
|
||||||
index 92b6942c..7a3271aa 100644
|
|
||||||
--- a/tests/test_ssl.py
|
|
||||||
+++ b/tests/test_ssl.py
|
|
||||||
@@ -59,8 +59,13 @@ def allocate_srv_port():
|
|
||||||
|
|
||||||
|
|
||||||
def verify_cb_new_function(ok, store):
|
|
||||||
- assert not ok
|
|
||||||
err = store.get_error()
|
|
||||||
+ # If err is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, then instead of
|
|
||||||
+ # aborting, this callback is called to retrieve additional error
|
|
||||||
+ # information. In this case, ok might not be False.
|
|
||||||
+ # See https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58
|
|
||||||
+ if err != m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
|
|
||||||
+ assert not ok
|
|
||||||
assert err in [m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
|
|
||||||
m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
|
|
||||||
m2.X509_V_ERR_CERT_UNTRUSTED,
|
|
||||||
@@ -618,7 +623,12 @@ class MiscSSLClientTestCase(BaseSSLClientTestCase):
|
|
||||||
|
|
||||||
def verify_cb_old(self, ctx_ptr, x509_ptr, err, depth, ok):
|
|
||||||
try:
|
|
||||||
- self.assertFalse(ok)
|
|
||||||
+ # If err is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, then instead of
|
|
||||||
+ # aborting, this callback is called to retrieve additional error
|
|
||||||
+ # information. In this case, ok might not be False.
|
|
||||||
+ # See https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58
|
|
||||||
+ if err != m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
|
|
||||||
+ self.assertFalse(ok)
|
|
||||||
self.assertIn(err,
|
|
||||||
[m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
|
|
||||||
m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
|
|
||||||
--
|
|
||||||
GitLab
|
|
||||||
|
|
@ -1,3 +1,21 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jun 14 21:04:54 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||||||
|
|
||||||
|
- Update to 0.38.0:
|
||||||
|
- Remove the last use of setup.py test idiom.
|
||||||
|
- Use m2_PyObject_AsReadBuffer instead of PyObject_AsReadBuffer.
|
||||||
|
- Add support for arm64 big endian <Steev Klimaszewski>
|
||||||
|
- Make support of RSA_SSLV23_PADDING optional (it has been deprecated).
|
||||||
|
- Move project to src/ layout
|
||||||
|
- Allow verify_cb_* to be called with ok=True <Casey Deccio>
|
||||||
|
- Be prepared if any of constants in x509_vfy.h is not available.
|
||||||
|
- But we do support 3.8
|
||||||
|
- We DO NOT support Python 2.6.
|
||||||
|
- All patches were upstreamed:
|
||||||
|
- 293_sslv23_padding.patch
|
||||||
|
- no-need-parameterized.patch
|
||||||
|
- python-M2Crypto-Allow-on-UNABLE_TO_VERIFY_LEAF_SIGNATURE.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Apr 22 22:33:46 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
Thu Apr 22 22:33:46 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||||||
|
|
||||||
|
@ -19,7 +19,7 @@
|
|||||||
%define oldpython python
|
%define oldpython python
|
||||||
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
|
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
|
||||||
Name: python-M2Crypto
|
Name: python-M2Crypto
|
||||||
Version: 0.37.1
|
Version: 0.38.0
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Crypto and SSL toolkit for Python
|
Summary: Crypto and SSL toolkit for Python
|
||||||
License: MIT
|
License: MIT
|
||||||
@ -27,16 +27,6 @@ Group: Development/Languages/Python
|
|||||||
URL: https://gitlab.com/m2crypto/m2crypto
|
URL: https://gitlab.com/m2crypto/m2crypto
|
||||||
Source0: https://files.pythonhosted.org/packages/source/M/M2Crypto/M2Crypto-%{version}.tar.gz
|
Source0: https://files.pythonhosted.org/packages/source/M/M2Crypto/M2Crypto-%{version}.tar.gz
|
||||||
Source1: https://files.pythonhosted.org/packages/source/M/M2Crypto/M2Crypto-%{version}.tar.gz.asc
|
Source1: https://files.pythonhosted.org/packages/source/M/M2Crypto/M2Crypto-%{version}.tar.gz.asc
|
||||||
# PATCH-FIX-UPSTREAM python-M2Crypto-Allow-on-UNABLE_TO_VERIFY_LEAF_SIGNATURE.patch mcepl@suse.com
|
|
||||||
# https://salsa.debian.org/python-team/packages/m2crypto/-/commit/e0e9ad5cfff86383dabbb92540c0a4892cb4c456
|
|
||||||
# Fixes incompatibility with the modern crypto policies
|
|
||||||
Patch0: python-M2Crypto-Allow-on-UNABLE_TO_VERIFY_LEAF_SIGNATURE.patch
|
|
||||||
# PATCH-FIX-UPSTREAM 293_sslv23_padding.patch gl#m2crypto/m2crypto#293 mcepl@suse.com
|
|
||||||
# RSA_SSLV23_PADDING is evil and should be avoided.
|
|
||||||
Patch1: 293_sslv23_padding.patch
|
|
||||||
# PATCH-FIX-OPENSUSE no-need-parameterized.patch bsc#1185150 mcepl@suse.com
|
|
||||||
# no need to require parameterized for normal use
|
|
||||||
Patch2: no-need-parameterized.patch
|
|
||||||
BuildRequires: %{python_module devel}
|
BuildRequires: %{python_module devel}
|
||||||
BuildRequires: %{python_module parameterized}
|
BuildRequires: %{python_module parameterized}
|
||||||
BuildRequires: %{python_module pytest}
|
BuildRequires: %{python_module pytest}
|
||||||
|
Loading…
Reference in New Issue
Block a user