- update to 22.0.0:

- Drop support for Python 2.7. - The minimum ``cryptography`` version is now 35.0. - Expose wrappers for some `DTLS <https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security>`_ primitives. - drop check_inv_ALPN_lists.patch: upstream OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=86
2022-02-04 23:26:14 +00:00 · 2022-02-04 23:26:14 +00:00 · 213e82c0f5
commit 213e82c0f5
parent 2ea74614d2
5 changed files with 19 additions and 68 deletions
--- a/check_inv_ALPN_lists.patch
+++ b/check_inv_ALPN_lists.patch
@ -1,51 +0,0 @@
 From cc5c00ae5fd3c19d07fff79b5c4a08f5e58697ad Mon Sep 17 00:00:00 2001
 From: "Nathaniel J. Smith" <njs@pobox.com>
 Date: Wed, 27 Oct 2021 11:54:08 -0700
 Subject: [PATCH 1/2] Check for invalid ALPN lists before calling OpenSSL, for
 consistency
 Fixes gh-1043
 ---
 src/OpenSSL/SSL.py |   12 ++++++++++++
 tests/test_ssl.py  |    2 +-
 2 files changed, 13 insertions(+), 1 deletion(-)
 --- a/src/OpenSSL/SSL.py
 +++ b/src/OpenSSL/SSL.py
@@ -1423,6 +1423,12 @@ class Context(object):
             This list should be a Python list of bytestrings representing the
             protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``.
         """
 +        # Different versions of OpenSSL are inconsistent about how they handle
 +        # empty proto lists (see #1043), so we avoid the problem entirely by
 +        # rejecting them ourselves.
 +        if not protos:
 +            raise ValueError("at least one protocol must be specified")
 +
         # Take the list of protocols and join them together, prefixing them
         # with their lengths.
         protostr = b"".join(
@@ -2451,6 +2457,12 @@ class Connection(object):
             This list should be a Python list of bytestrings representing the
             protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``.
         """
 +        # Different versions of OpenSSL are inconsistent about how they handle
 +        # empty proto lists (see #1043), so we avoid the problem entirely by
 +        # rejecting them ourselves.
 +        if not protos:
 +            raise ValueError("at least one protocol must be specified")
 +
         # Take the list of protocols and join them together, prefixing them
         # with their lengths.
         protostr = b"".join(
 --- a/tests/test_ssl.py
 +++ b/tests/test_ssl.py
@@ -1934,7 +1934,7 @@ class TestApplicationLayerProtoNegotiati
         protocols list. Ensure that we produce a user-visible error.
         """
         context = Context(SSLv23_METHOD)
 -        with pytest.raises(Error):
 +        with pytest.raises(ValueError):
             context.set_alpn_protos([])
     def test_alpn_set_on_connection(self):
--- a/pyOpenSSL-21.0.0.tar.gz
+++ b/pyOpenSSL-21.0.0.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:5e2d8c5e46d0d865ae933bef5230090bdaf5506281e9eec60fa250ee80600cb3
 size 175652
--- a/pyOpenSSL-22.0.0.tar.gz
+++ b/pyOpenSSL-22.0.0.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:660b1b1425aac4a1bea1d94168a85d99f0b3144c869dd4390d27629d0087f1bf
 size 178438
--- a/python-pyOpenSSL.changes
+++ b/python-pyOpenSSL.changes
@ -1,3 +1,14 @@
 -------------------------------------------------------------------
 Fri Feb  4 23:21:43 UTC 2022 - Dirk Müller <dmueller@suse.com>
 - update to 22.0.0:
  - Drop support for Python 2.7.
  - The minimum ``cryptography`` version is now 35.0.
  - Expose wrappers for some `DTLS
    <https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security>`_
    primitives.
 - drop check_inv_ALPN_lists.patch: upstream
 -------------------------------------------------------------------
 Thu Dec  9 05:55:51 UTC 2021 - Steve Kowalik <steven.kowalik@suse.com>
--- a/python-pyOpenSSL.spec
+++ b/python-pyOpenSSL.spec
@ -1,7 +1,7 @@
 #
 # spec file
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,6 @@
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 %define oldpython python
 %global flavor @BUILD_FLAVOR@%{nil}
 %if "%{flavor}" == "test"
 %define psuffix -test
@ -26,8 +25,9 @@
 %define psuffix %{nil}
 %bcond_with test
 %endif
 %global skip_python2 1
 Name:           python-pyOpenSSL%{psuffix}
-Version:        21.0.0
+Version:        22.0.0
 Release:        0
 Summary:        Python wrapper module around the OpenSSL library
 License:        Apache-2.0
@ -36,32 +36,23 @@ Source:         https://files.pythonhosted.org/packages/source/p/pyOpenSSL/pyOpe
 # PATCH-FIX-UPSTREAM skip-networked-test.patch gh#pyca/pyopenssl#68 mcepl@suse.com
 # Mark tests requiring network access
 Patch0:         skip-networked-test.patch
 # PATCH-FIX-UPSTREAM check_inv_ALPN_lists.patch gh#pyca/pyopenssl#1056 mcepl@suse.com
 #  Check for invalid ALPN lists before calling OpenSSL
 Patch1:         check_inv_ALPN_lists.patch
 BuildRequires:  %{python_module cffi}
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  fdupes
 BuildRequires:  openssl
 BuildRequires:  python-rpm-macros
 %if %{with test}
-BuildRequires:  %{python_module cryptography >= 3.3}
+BuildRequires:  %{python_module cryptography >= 35}
 BuildRequires:  %{python_module flaky}
 BuildRequires:  %{python_module pretend}
 BuildRequires:  %{python_module pyOpenSSL}
 BuildRequires:  %{python_module pytest >= 3.0.1}
 BuildRequires:  %{python_module six}
 BuildRequires:  ca-certificates-mozilla
 %endif
 Requires:       python-cffi
-Requires:       python-cryptography >= 3.3
+Requires:       python-cryptography >= 35
 Requires:       python-six >= 1.5.2
 Provides:       pyOpenSSL = %{version}
 BuildArch:      noarch
 %ifpython2
 Obsoletes:      %{oldpython}-openssl < %{version}
 Provides:       %{oldpython}-openssl = %{version}
 %endif
 %python_subpackages
 %description