Accepting request 343788 from devel:languages:python

1 OBS-URL: https://build.opensuse.org/request/show/343788 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=11
2015-12-13 08:35:10 +00:00 · 2015-12-13 08:35:10 +00:00 · dc38a64c47
commit dc38a64c47
parent 856ef37944 eb54b1a6ae
11 changed files with 76 additions and 104 deletions
--- a/2293.patch
+++ b/2293.patch
@ -1,72 +0,0 @@
 From 9578e4cadb09f4bca86d66c8f5d7a9370f5bf41e Mon Sep 17 00:00:00 2001
 From: Paul Kehrer <paul.l.kehrer@gmail.com>
 Date: Mon, 24 Aug 2015 08:00:10 -0500
 Subject: [PATCH 1/2] make engine addition idempotent
 Weird threading issues keep cropping up. ENGINE_add already
 acquires a lock at the C layer via CRYPTO_w_lock (provided you
 have registered the locking callbacks) so let's just use that
 ---
 src/cryptography/hazmat/bindings/openssl/binding.py | 19 ++++++++++++++-----
 tests/hazmat/bindings/test_openssl.py               |  4 ++--
 2 files changed, 16 insertions(+), 7 deletions(-)
 Index: cryptography-1.0/src/cryptography/hazmat/bindings/openssl/binding.py
 ===================================================================
 --- cryptography-1.0.orig/src/cryptography/hazmat/bindings/openssl/binding.py
 +++ cryptography-1.0/src/cryptography/hazmat/bindings/openssl/binding.py
@@ -65,10 +65,6 @@ class Binding(object):
     @classmethod
     def _register_osrandom_engine(cls):
         assert cls.lib.ERR_peek_error() == 0
 -        looked_up_engine = cls.lib.ENGINE_by_id(cls._osrandom_engine_id)
 -        if looked_up_engine != ffi.NULL:
 -            raise RuntimeError("osrandom engine already registered")
 -
         cls.lib.ERR_clear_error()
         engine = cls.lib.ENGINE_new()
@@ -81,7 +77,20 @@ class Binding(object):
             result = cls.lib.ENGINE_set_RAND(engine, cls._osrandom_method)
             assert result == 1
             result = cls.lib.ENGINE_add(engine)
 -            assert result == 1
 +            if result != 1:
 +                # Engine already added. Clear the error stack.
 +                errors = []
 +                while True:
 +                    code = cls.lib.ERR_get_error()
 +                    if code == 0:
 +                        break
 +
 +                    errors.append(code)
 +
 +                # the following error code corresponds to "conflicting engine
 +                # id" in ENGINE_LIST_ADD
 +                assert 638025831 in errors
 +
         finally:
             result = cls.lib.ENGINE_free(engine)
             assert result == 1
@@ -133,3 +142,6 @@ class Binding(object):
                     mode, n, file, line
                 )
             )
 +
 +# init the static locks so we have a locking callback in C for engine init
 +Binding.init_static_locks()
 Index: cryptography-1.0/tests/hazmat/bindings/test_openssl.py
 ===================================================================
 --- cryptography-1.0.orig/tests/hazmat/bindings/test_openssl.py
 +++ cryptography-1.0/tests/hazmat/bindings/test_openssl.py
@@ -89,8 +89,8 @@ class TestOpenSSL(object):
     def test_add_engine_more_than_once(self):
         b = Binding()
 -        with pytest.raises(RuntimeError):
 -            b._register_osrandom_engine()
 +        b._register_osrandom_engine()
 +        assert b.lib.ERR_get_error() == 0
     def test_ssl_ctx_options(self):
         # Test that we're properly handling 32-bit unsigned on all platforms.
--- a/cryptography-1.0.tar.gz
+++ b/cryptography-1.0.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:211c02fe77d791d7fc437227ba1c046268d5da665e05d8a53fc19f4f74c21001
 size 331438
--- a/cryptography-1.0.tar.gz.asc
+++ b/cryptography-1.0.tar.gz.asc
@ -1,11 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 iQEcBAABAgAGBQJVy0xcAAoJECNa5fEp+e2Y6KsH/iitT57ksgfW8vZCy1pWHRCY
 WtETpHyJ3KHS/mCcFnzB0hKVdylk7FHcM/hR3p2B46mnwjOq2H+aHyrVShWjn8nS
 Z9YVNp4HFgQxV4njh7A6eyOqLe+F5GyQGiaI4wJxUtD/922JoKRavM0QzVMJ48m7
 TC2fI5VHpxlNsmmQlYogKPbr1D6C+mNZ+aPWEePZyHd9nfF4qRtSGl+DpsirQdRG
 4HAxTsZLzT9Cqpjdfw71eE0CquY1SiSLP+s3KDiuTU2QsElBjDrYjhrBWl1N7TJb
 occigR6GXSl1hw7vXH+6LUZAU0PaQYUS9ac/NFBIJXcvVzdUvVQoGAJjZ2zKz+c=
 =m8N9
 -----END PGP SIGNATURE-----
--- a/cryptography-1.1.tar.gz
+++ b/cryptography-1.1.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:059bc6428b1d0e2317f505698602642f1d8dda5b120ec573a59a430d8cb7a32d
 size 348676
--- a/cryptography-1.1.tar.gz.asc
+++ b/cryptography-1.1.tar.gz.asc
@ -0,0 +1,11 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 iQEcBAABAgAGBQJWMUuqAAoJECNa5fEp+e2YzQsIAIHOe9MUZP3X7rm5GH+hxrHI
 RSFOXyXdDC7lxGjkPc1MhXOMwFqABWGe6o6y4yjJKewDGyNpFevX2c+7Zi00O8Ka
 BtDWTLcuvtS0ycv99gorSsQv1PQohagxO/TTWRO7TgqVHRzChx0rw50rkJuR+bgL
 F19lpVm2OfzN0qcPNNo4ED14shPr2OQrQUNZtoGk5dFbarYufOdl4E13MXKGU2iu
 H3GznT3tIgpVvkLcfJF/LT+j/QlSVpzxd6hbPob06keBYNoYcbOYvjZ5B1NgmIiC
 +LBfE9tfRB1HP/bpW9Cko7Y29Fm0FbHNkr7F5k73axnUnabVmJiRMm09JbqpALU=
 =fvVi
 -----END PGP SIGNATURE-----
--- a/cryptography_vectors-1.0.tar.gz
+++ b/cryptography_vectors-1.0.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:e7277818b7bd99b502ee79d37cf5b9405577c39171919014756181b947ea0234
 size 25003925
--- a/cryptography_vectors-1.0.tar.gz.asc
+++ b/cryptography_vectors-1.0.tar.gz.asc
@ -1,11 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 iQEcBAABAgAGBQJVy0yBAAoJECNa5fEp+e2YeGYH/jGBWd6v/+iiaNHCZsrG/H+c
 HVH1c0Z+cx6XcSbLwz/VZ2ioGHqwESMKVS1ArHiv/OkoaSL8ZNeO3Af8Fao/aJb1
 +NcJBCjJNSRT3iTdu2hDis+H5sQdfjthQodcpNp2BYRNCsjHVi7KX8CdK3cu8jED
 w1yuTJA3hlICqMxUMl2TC/XbYgh3qXIEIAGoY59aAkDujO7ceD73jrHeFYD/KqnI
 News1nPfC2AjlX50sSR4X8e6aoR1EMwl0O5nUt/0d8owxR45iR2s62mGwzplDi/t
 3XWAnUd1OEgeN9GGS7w82RdtCo45udJ6N7CY+ggxbSNyC6uDuxVfYEmU2VUSHiw=
 =a+rm
 -----END PGP SIGNATURE-----
--- a/cryptography_vectors-1.1.tar.gz
+++ b/cryptography_vectors-1.1.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:a929fbb0eac391c93c5745451a4d4157a8bc18eb2e69faf3af1d825ceacbf32c
 size 25026549
--- a/cryptography_vectors-1.1.tar.gz.asc
+++ b/cryptography_vectors-1.1.tar.gz.asc
@ -0,0 +1,11 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 iQEcBAABAgAGBQJWMUylAAoJECNa5fEp+e2Y0NQH/12rUn4ppMIkwf7573iBiX2H
 1yieY5/gBAzcBHTodxZixw6sJNfJjw0DagP9zHOa2YFKjvkz2KmAUTK2rNBfgsG9
 34Tp/DGaH+q270/jeZG3PXPBi6lqK7JWsL3lS9Pi7gvx5nS+qywZnO7Xxsks0kDD
 bi+1SCZuy8igXnteTfYO2isH7ziwKaIf8zGldK4c/8ri1HZ4+zMby6nN3ymMe1SU
 6KoYiNteNzE1FXTftOJNr9l7zJNMkTdcQ1I1IvxUfdcXG/QWg4fFrSB40mzIhR20
 XJrGf77uo3HXKIHoIEWT57qU5kWciklUSwR4cgPs4JT1YCs7q/ngAetAVa7Y0cY=
 =BrnC
 -----END PGP SIGNATURE-----
--- a/python-cryptography.changes
+++ b/python-cryptography.changes
@ -1,3 +1,48 @@
 -------------------------------------------------------------------
 Tue Nov 10 04:16:13 UTC 2015 - tbechtold@suse.com
 - update to 1.1:
  * Added support for Elliptic Curve Diffie-Hellman with
    :class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDH`.
  * Added :class:`~cryptography.hazmat.primitives.kdf.x963kdf.X963KDF`.
  * Added support for parsing certificate revocation lists (CRLs) using
    :func:`~cryptography.x509.load_pem_x509_crl` and
    :func:`~cryptography.x509.load_der_x509_crl`.
  * Add support for AES key wrapping with
    :func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap` and
    :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap`.
  * Added a ``__hash__`` method to :class:`~cryptography.x509.Name`.
  * Add support for encoding and decoding elliptic curve points to a byte string
    form using
    :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.encode_point`
    and
    :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.from_encoded_point`.
  * Added :meth:`~cryptography.x509.Extensions.get_extension_for_class`.
  * :class:`~cryptography.x509.CertificatePolicies` are now supported in the
    :class:`~cryptography.x509.CertificateBuilder`.
  * ``countryName`` is now encoded as a ``PrintableString`` when creating subject
    and issuer distinguished names with the Certificate and CSR builder classes.
  * **SECURITY ISSUE**: The OpenSSL backend prior to 1.0.2 made extensive use
    of assertions to check response codes where our tests could not trigger a
    failure.  However, when Python is run with ``-O`` these asserts are optimized
    away.  If a user ran Python with this flag and got an invalid response code
    this could result in undefined behavior or worse. Accordingly, all response
    checks from the OpenSSL backend have been converted from ``assert``
    to a true function call. Credit **Emilia Käsper (Google Security Team)**
    for the report.
  * We now ship OS X wheels that statically link OpenSSL by default. When
    installing a wheel on OS X 10.10+ (and using a Python compiled against the
    10.10 SDK) users will no longer need to compile. See :doc:`/installation` for
    alternate installation methods if required.
  * Set the default string mask to UTF-8 in the OpenSSL backend to resolve
    character encoding issues with older versions of OpenSSL.
  * Several new OpenSSL bindings have been added to support a future pyOpenSSL
    release.
  * Raise an error during install on PyPy < 2.6. 1.0+ requires PyPy 2.6+.
 - Remove 2293.patch . Applied in a different way upstream.
 - Add BuildRequires for python-hypothesis and python-pyasn1-modules for running
  unittests
 -------------------------------------------------------------------
 Wed Sep 30 12:01:27 UTC 2015 - dmueller@suse.com
--- a/python-cryptography.spec
+++ b/python-cryptography.spec
@ -17,7 +17,7 @@
 Name:           python-cryptography
-Version:        1.0
+Version:        1.1
 Release:        0
 Summary:        Python library which exposes cryptographic recipes and primitives
 License:        Apache-2.0
@ -30,14 +30,14 @@ Source3:        https://pypi.python.org/packages/source/c/cryptography-vectors/c
 Source4:        https://pypi.python.org/packages/source/c/cryptography-vectors/cryptography_vectors-%{version}.tar.gz.asc
 # PATCH-FIX-SLE disable-uneven-sizes-tests.patch bnc#944204
 Patch1:         disable-uneven-sizes-tests.patch
 # PATCH-FIX-UPSTREAM 2293.patch bnc#947679 -- https://github.com/pyca/cryptography/pull/2293
 Patch2:         2293.patch
 BuildRequires:  libopenssl-devel
 BuildRequires:  python-cffi >= 1.1.0
 BuildRequires:  python-devel
 BuildRequires:  python-enum34
 BuildRequires:  python-hypothesis
 BuildRequires:  python-idna >= 2.0
 BuildRequires:  python-ipaddress
 BuildRequires:  python-pyasn1-modules
 BuildRequires:  python-setuptools
 BuildRequires:  python-six >= 1.4.1
 BuildRequires:  pkgconfig(libffi)
@ -73,7 +73,6 @@ functions.
 tar xvzf %{SOURCE3}
 %patch1 -p1
 %patch2 -p1
 %build
 CFLAGS="%{optflags} -fno-strict-aliasing" python setup.py build