diff --git a/2293.patch b/2293.patch deleted file mode 100644 index 891c83f..0000000 --- a/2293.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 9578e4cadb09f4bca86d66c8f5d7a9370f5bf41e Mon Sep 17 00:00:00 2001 -From: Paul Kehrer -Date: Mon, 24 Aug 2015 08:00:10 -0500 -Subject: [PATCH 1/2] make engine addition idempotent - -Weird threading issues keep cropping up. ENGINE_add already -acquires a lock at the C layer via CRYPTO_w_lock (provided you -have registered the locking callbacks) so let's just use that ---- - src/cryptography/hazmat/bindings/openssl/binding.py | 19 ++++++++++++++----- - tests/hazmat/bindings/test_openssl.py | 4 ++-- - 2 files changed, 16 insertions(+), 7 deletions(-) - -Index: cryptography-1.0/src/cryptography/hazmat/bindings/openssl/binding.py -=================================================================== ---- cryptography-1.0.orig/src/cryptography/hazmat/bindings/openssl/binding.py -+++ cryptography-1.0/src/cryptography/hazmat/bindings/openssl/binding.py -@@ -65,10 +65,6 @@ class Binding(object): - @classmethod - def _register_osrandom_engine(cls): - assert cls.lib.ERR_peek_error() == 0 -- looked_up_engine = cls.lib.ENGINE_by_id(cls._osrandom_engine_id) -- if looked_up_engine != ffi.NULL: -- raise RuntimeError("osrandom engine already registered") -- - cls.lib.ERR_clear_error() - - engine = cls.lib.ENGINE_new() -@@ -81,7 +77,20 @@ class Binding(object): - result = cls.lib.ENGINE_set_RAND(engine, cls._osrandom_method) - assert result == 1 - result = cls.lib.ENGINE_add(engine) -- assert result == 1 -+ if result != 1: -+ # Engine already added. Clear the error stack. -+ errors = [] -+ while True: -+ code = cls.lib.ERR_get_error() -+ if code == 0: -+ break -+ -+ errors.append(code) -+ -+ # the following error code corresponds to "conflicting engine -+ # id" in ENGINE_LIST_ADD -+ assert 638025831 in errors -+ - finally: - result = cls.lib.ENGINE_free(engine) - assert result == 1 -@@ -133,3 +142,6 @@ class Binding(object): - mode, n, file, line - ) - ) -+ -+# init the static locks so we have a locking callback in C for engine init -+Binding.init_static_locks() -Index: cryptography-1.0/tests/hazmat/bindings/test_openssl.py -=================================================================== ---- cryptography-1.0.orig/tests/hazmat/bindings/test_openssl.py -+++ cryptography-1.0/tests/hazmat/bindings/test_openssl.py -@@ -89,8 +89,8 @@ class TestOpenSSL(object): - - def test_add_engine_more_than_once(self): - b = Binding() -- with pytest.raises(RuntimeError): -- b._register_osrandom_engine() -+ b._register_osrandom_engine() -+ assert b.lib.ERR_get_error() == 0 - - def test_ssl_ctx_options(self): - # Test that we're properly handling 32-bit unsigned on all platforms. diff --git a/cryptography-1.0.tar.gz b/cryptography-1.0.tar.gz deleted file mode 100644 index 768c5b6..0000000 --- a/cryptography-1.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:211c02fe77d791d7fc437227ba1c046268d5da665e05d8a53fc19f4f74c21001 -size 331438 diff --git a/cryptography-1.0.tar.gz.asc b/cryptography-1.0.tar.gz.asc deleted file mode 100644 index 546e7fc..0000000 --- a/cryptography-1.0.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQEcBAABAgAGBQJVy0xcAAoJECNa5fEp+e2Y6KsH/iitT57ksgfW8vZCy1pWHRCY -WtETpHyJ3KHS/mCcFnzB0hKVdylk7FHcM/hR3p2B46mnwjOq2H+aHyrVShWjn8nS -Z9YVNp4HFgQxV4njh7A6eyOqLe+F5GyQGiaI4wJxUtD/922JoKRavM0QzVMJ48m7 -TC2fI5VHpxlNsmmQlYogKPbr1D6C+mNZ+aPWEePZyHd9nfF4qRtSGl+DpsirQdRG -4HAxTsZLzT9Cqpjdfw71eE0CquY1SiSLP+s3KDiuTU2QsElBjDrYjhrBWl1N7TJb -occigR6GXSl1hw7vXH+6LUZAU0PaQYUS9ac/NFBIJXcvVzdUvVQoGAJjZ2zKz+c= -=m8N9 ------END PGP SIGNATURE----- diff --git a/cryptography-1.1.tar.gz b/cryptography-1.1.tar.gz new file mode 100644 index 0000000..fe1dcfd --- /dev/null +++ b/cryptography-1.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:059bc6428b1d0e2317f505698602642f1d8dda5b120ec573a59a430d8cb7a32d +size 348676 diff --git a/cryptography-1.1.tar.gz.asc b/cryptography-1.1.tar.gz.asc new file mode 100644 index 0000000..a1739ff --- /dev/null +++ b/cryptography-1.1.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQEcBAABAgAGBQJWMUuqAAoJECNa5fEp+e2YzQsIAIHOe9MUZP3X7rm5GH+hxrHI +RSFOXyXdDC7lxGjkPc1MhXOMwFqABWGe6o6y4yjJKewDGyNpFevX2c+7Zi00O8Ka +BtDWTLcuvtS0ycv99gorSsQv1PQohagxO/TTWRO7TgqVHRzChx0rw50rkJuR+bgL +F19lpVm2OfzN0qcPNNo4ED14shPr2OQrQUNZtoGk5dFbarYufOdl4E13MXKGU2iu +H3GznT3tIgpVvkLcfJF/LT+j/QlSVpzxd6hbPob06keBYNoYcbOYvjZ5B1NgmIiC ++LBfE9tfRB1HP/bpW9Cko7Y29Fm0FbHNkr7F5k73axnUnabVmJiRMm09JbqpALU= +=fvVi +-----END PGP SIGNATURE----- diff --git a/cryptography_vectors-1.0.tar.gz b/cryptography_vectors-1.0.tar.gz deleted file mode 100644 index 037004d..0000000 --- a/cryptography_vectors-1.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e7277818b7bd99b502ee79d37cf5b9405577c39171919014756181b947ea0234 -size 25003925 diff --git a/cryptography_vectors-1.0.tar.gz.asc b/cryptography_vectors-1.0.tar.gz.asc deleted file mode 100644 index 22696cd..0000000 --- a/cryptography_vectors-1.0.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQEcBAABAgAGBQJVy0yBAAoJECNa5fEp+e2YeGYH/jGBWd6v/+iiaNHCZsrG/H+c -HVH1c0Z+cx6XcSbLwz/VZ2ioGHqwESMKVS1ArHiv/OkoaSL8ZNeO3Af8Fao/aJb1 -+NcJBCjJNSRT3iTdu2hDis+H5sQdfjthQodcpNp2BYRNCsjHVi7KX8CdK3cu8jED -w1yuTJA3hlICqMxUMl2TC/XbYgh3qXIEIAGoY59aAkDujO7ceD73jrHeFYD/KqnI -News1nPfC2AjlX50sSR4X8e6aoR1EMwl0O5nUt/0d8owxR45iR2s62mGwzplDi/t -3XWAnUd1OEgeN9GGS7w82RdtCo45udJ6N7CY+ggxbSNyC6uDuxVfYEmU2VUSHiw= -=a+rm ------END PGP SIGNATURE----- diff --git a/cryptography_vectors-1.1.tar.gz b/cryptography_vectors-1.1.tar.gz new file mode 100644 index 0000000..2600fce --- /dev/null +++ b/cryptography_vectors-1.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a929fbb0eac391c93c5745451a4d4157a8bc18eb2e69faf3af1d825ceacbf32c +size 25026549 diff --git a/cryptography_vectors-1.1.tar.gz.asc b/cryptography_vectors-1.1.tar.gz.asc new file mode 100644 index 0000000..d507cf8 --- /dev/null +++ b/cryptography_vectors-1.1.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQEcBAABAgAGBQJWMUylAAoJECNa5fEp+e2Y0NQH/12rUn4ppMIkwf7573iBiX2H +1yieY5/gBAzcBHTodxZixw6sJNfJjw0DagP9zHOa2YFKjvkz2KmAUTK2rNBfgsG9 +34Tp/DGaH+q270/jeZG3PXPBi6lqK7JWsL3lS9Pi7gvx5nS+qywZnO7Xxsks0kDD +bi+1SCZuy8igXnteTfYO2isH7ziwKaIf8zGldK4c/8ri1HZ4+zMby6nN3ymMe1SU +6KoYiNteNzE1FXTftOJNr9l7zJNMkTdcQ1I1IvxUfdcXG/QWg4fFrSB40mzIhR20 +XJrGf77uo3HXKIHoIEWT57qU5kWciklUSwR4cgPs4JT1YCs7q/ngAetAVa7Y0cY= +=BrnC +-----END PGP SIGNATURE----- diff --git a/python-cryptography.changes b/python-cryptography.changes index ab9b2b1..c4b7bc7 100644 --- a/python-cryptography.changes +++ b/python-cryptography.changes @@ -1,3 +1,48 @@ +------------------------------------------------------------------- +Tue Nov 10 04:16:13 UTC 2015 - tbechtold@suse.com + +- update to 1.1: + * Added support for Elliptic Curve Diffie-Hellman with + :class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDH`. + * Added :class:`~cryptography.hazmat.primitives.kdf.x963kdf.X963KDF`. + * Added support for parsing certificate revocation lists (CRLs) using + :func:`~cryptography.x509.load_pem_x509_crl` and + :func:`~cryptography.x509.load_der_x509_crl`. + * Add support for AES key wrapping with + :func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap` and + :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap`. + * Added a ``__hash__`` method to :class:`~cryptography.x509.Name`. + * Add support for encoding and decoding elliptic curve points to a byte string + form using + :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.encode_point` + and + :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.from_encoded_point`. + * Added :meth:`~cryptography.x509.Extensions.get_extension_for_class`. + * :class:`~cryptography.x509.CertificatePolicies` are now supported in the + :class:`~cryptography.x509.CertificateBuilder`. + * ``countryName`` is now encoded as a ``PrintableString`` when creating subject + and issuer distinguished names with the Certificate and CSR builder classes. + * **SECURITY ISSUE**: The OpenSSL backend prior to 1.0.2 made extensive use + of assertions to check response codes where our tests could not trigger a + failure. However, when Python is run with ``-O`` these asserts are optimized + away. If a user ran Python with this flag and got an invalid response code + this could result in undefined behavior or worse. Accordingly, all response + checks from the OpenSSL backend have been converted from ``assert`` + to a true function call. Credit **Emilia Käsper (Google Security Team)** + for the report. + * We now ship OS X wheels that statically link OpenSSL by default. When + installing a wheel on OS X 10.10+ (and using a Python compiled against the + 10.10 SDK) users will no longer need to compile. See :doc:`/installation` for + alternate installation methods if required. + * Set the default string mask to UTF-8 in the OpenSSL backend to resolve + character encoding issues with older versions of OpenSSL. + * Several new OpenSSL bindings have been added to support a future pyOpenSSL + release. + * Raise an error during install on PyPy < 2.6. 1.0+ requires PyPy 2.6+. +- Remove 2293.patch . Applied in a different way upstream. +- Add BuildRequires for python-hypothesis and python-pyasn1-modules for running + unittests + ------------------------------------------------------------------- Wed Sep 30 12:01:27 UTC 2015 - dmueller@suse.com diff --git a/python-cryptography.spec b/python-cryptography.spec index 8616064..ac4b366 100644 --- a/python-cryptography.spec +++ b/python-cryptography.spec @@ -17,7 +17,7 @@ Name: python-cryptography -Version: 1.0 +Version: 1.1 Release: 0 Summary: Python library which exposes cryptographic recipes and primitives License: Apache-2.0 @@ -30,14 +30,14 @@ Source3: https://pypi.python.org/packages/source/c/cryptography-vectors/c Source4: https://pypi.python.org/packages/source/c/cryptography-vectors/cryptography_vectors-%{version}.tar.gz.asc # PATCH-FIX-SLE disable-uneven-sizes-tests.patch bnc#944204 Patch1: disable-uneven-sizes-tests.patch -# PATCH-FIX-UPSTREAM 2293.patch bnc#947679 -- https://github.com/pyca/cryptography/pull/2293 -Patch2: 2293.patch BuildRequires: libopenssl-devel BuildRequires: python-cffi >= 1.1.0 BuildRequires: python-devel BuildRequires: python-enum34 +BuildRequires: python-hypothesis BuildRequires: python-idna >= 2.0 BuildRequires: python-ipaddress +BuildRequires: python-pyasn1-modules BuildRequires: python-setuptools BuildRequires: python-six >= 1.4.1 BuildRequires: pkgconfig(libffi) @@ -73,7 +73,6 @@ functions. tar xvzf %{SOURCE3} %patch1 -p1 -%patch2 -p1 %build CFLAGS="%{optflags} -fno-strict-aliasing" python setup.py build