From 74f5a4af4cef2293d808bf149382f16c81465d1c3cdd14990a074da23d7f9fec Mon Sep 17 00:00:00 2001 From: Jan Matejek Date: Mon, 16 May 2016 15:28:11 +0000 Subject: [PATCH 1/2] Accepting request 394332 from home:frispete:python - update to 16.0.0 Backward-incompatible changes: * Python 3.2 support has been dropped. It never had significant real world usage and has been dropped by our main dependency cryptography. Affected users should upgrade to Python 3.3 or later. Deprecations: * The support for EGD has been removed. The only affected function OpenSSL.rand.egd() now uses os.urandom() to seed the internal PRNG instead. Please see pyca/cryptography#1636 for more background information on this decision. In accordance with our backward compatibility policy OpenSSL.rand.egd() will be removed no sooner than a year from the release of 16.0.0. * Please note that you should use urandom for all your secure random number needs. * Python 2.6 support has been deprecated. Our main dependency cryptography deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually dropping it. pyOpenSSL will drop Python 2.6 support once cryptography does. Changes: * Fixed OpenSSL.SSL.Context.set_session_id, OpenSSL.SSL.Connection.renegotiate, OpenSSL.SSL.Connection.renegotiate_pending, and OpenSSL.SSL.Context.load_client_ca. They were lacking an implementation since 0.14. #422 * Fixed segmentation fault when using keys larger than 4096-bit to sign data. #428 * Fixed AttributeError when OpenSSL.SSL.Connection.get_app_data() was called before setting any app data. #304 * Added OpenSSL.crypto.dump_publickey() to dump OpenSSL.crypto.PKey objects that represent public keys, and OpenSSL.crypto.load_publickey() to load such objects from serialized representations. #382 * Added OpenSSL.crypto.dump_crl() to dump a certificate revocation list out to OBS-URL: https://build.opensuse.org/request/show/394332 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=33 --- bug-lp-1265482.diff | 4 ++-- pyOpenSSL-0.15.1.tar.gz | 3 --- pyOpenSSL-16.0.0.tar.gz | 3 +++ python-pyOpenSSL.changes | 51 ++++++++++++++++++++++++++++++++++++++++ python-pyOpenSSL.spec | 12 +++++----- 5 files changed, 62 insertions(+), 11 deletions(-) delete mode 100644 pyOpenSSL-0.15.1.tar.gz create mode 100644 pyOpenSSL-16.0.0.tar.gz diff --git a/bug-lp-1265482.diff b/bug-lp-1265482.diff index b050b67..9d45ce3 100644 --- a/bug-lp-1265482.diff +++ b/bug-lp-1265482.diff @@ -1,7 +1,7 @@ Index: OpenSSL/test/test_crypto.py =================================================================== ---- OpenSSL/test/test_crypto.py.orig -+++ OpenSSL/test/test_crypto.py +--- OpenSSL/tests/test_crypto.py.orig ++++ OpenSSL/tests/test_crypto.py @@ -627,7 +627,7 @@ class PKeyTests(TestCase): :py:meth:`PKeyType.generate_key` generates an RSA key when passed :py:data:`TYPE_RSA` as a type and a reasonable number of bits. diff --git a/pyOpenSSL-0.15.1.tar.gz b/pyOpenSSL-0.15.1.tar.gz deleted file mode 100644 index da14bed..0000000 --- a/pyOpenSSL-0.15.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f0a26070d6db0881de8bcc7846934b7c3c930d8f9c79d45883ee48984bc0d672 -size 149887 diff --git a/pyOpenSSL-16.0.0.tar.gz b/pyOpenSSL-16.0.0.tar.gz new file mode 100644 index 0000000..f875866 --- /dev/null +++ b/pyOpenSSL-16.0.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:363d10ee43d062285facf4e465f4f5163f9f702f9134f0a5896f134cbb92d17d +size 171929 diff --git a/python-pyOpenSSL.changes b/python-pyOpenSSL.changes index 3fd84a4..efd96fe 100644 --- a/python-pyOpenSSL.changes +++ b/python-pyOpenSSL.changes @@ -1,3 +1,54 @@ +------------------------------------------------------------------- +Mon May 9 09:54:12 UTC 2016 - hpj@urpla.net + +- update to 16.0.0 + Backward-incompatible changes: + * Python 3.2 support has been dropped. It never had significant real world + usage and has been dropped by our main dependency cryptography. Affected + users should upgrade to Python 3.3 or later. + Deprecations: + * The support for EGD has been removed. The only affected function + OpenSSL.rand.egd() now uses os.urandom() to seed the internal PRNG instead. + Please see pyca/cryptography#1636 for more background information on this + decision. In accordance with our backward compatibility policy + OpenSSL.rand.egd() will be removed no sooner than a year from the release of + 16.0.0. + * Please note that you should use urandom for all your secure random number + needs. + * Python 2.6 support has been deprecated. Our main dependency cryptography + deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually + dropping it. pyOpenSSL will drop Python 2.6 support once cryptography does. + Changes: + * Fixed OpenSSL.SSL.Context.set_session_id, OpenSSL.SSL.Connection.renegotiate, + OpenSSL.SSL.Connection.renegotiate_pending, and + OpenSSL.SSL.Context.load_client_ca. They were lacking an implementation since + 0.14. #422 + * Fixed segmentation fault when using keys larger than 4096-bit to sign data. + #428 + * Fixed AttributeError when OpenSSL.SSL.Connection.get_app_data() was called + before setting any app data. #304 + * Added OpenSSL.crypto.dump_publickey() to dump OpenSSL.crypto.PKey objects + that represent public keys, and OpenSSL.crypto.load_publickey() to load such + objects from serialized representations. #382 + * Added OpenSSL.crypto.dump_crl() to dump a certificate revocation list out to + a string buffer. #368 + * Added OpenSSL.SSL.Connection.get_state_string() using the OpenSSL binding + state_string_long. #358 + * Added support for the socket.MSG_PEEK flag to OpenSSL.SSL.Connection.recv() + and OpenSSL.SSL.Connection.recv_into(). #294 + * Added OpenSSL.SSL.Connection.get_protocol_version() and + OpenSSL.SSL.Connection.get_protocol_version_name(). #244 + * Switched to utf8string mask by default. OpenSSL formerly defaulted to a + T61String if there were UTF-8 characters present. This was changed to + default to UTF8String in the config around 2005, but the actual code didn’t + change it until late last year. This will default us to the setting that + actually works. To revert this you can call + OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default"). #234 + +- fixed paths in bug-lp-1265482.diff +- fixed doc generation +- spec clean up + ------------------------------------------------------------------- Tue Jul 14 13:07:00 UTC 2015 - toddrme2178@gmail.com diff --git a/python-pyOpenSSL.spec b/python-pyOpenSSL.spec index 45a0d63..47f8757 100644 --- a/python-pyOpenSSL.spec +++ b/python-pyOpenSSL.spec @@ -1,7 +1,7 @@ # # spec file for package python-pyOpenSSL # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: python-pyOpenSSL -Version: 0.15.1 +Version: 16.0.0 Release: 0 Url: https://github.com/pyca/pyopenssl Summary: Python wrapper module around the OpenSSL library @@ -58,19 +58,19 @@ Provides documentation for %{name}. %prep %setup -q -n pyOpenSSL-%{version} -%patch0 +%patch0 -p1 %build -CFLAGS="%{optflags} -fno-strict-aliasing" python setup.py build +python setup.py build -python setup.py build_sphinx && rm build/sphinx/html/.buildinfo +PYTHONPATH="build/lib" python setup.py build_sphinx && rm build/sphinx/html/.buildinfo %install python setup.py install --prefix=%{_prefix} --root=%{buildroot} %files %defattr(0644,root,root,0755) -%doc LICENSE README.rst TODO +%doc LICENSE *.rst %{python_sitelib}/OpenSSL/ %{python_sitelib}/pyOpenSSL-%{version}-py*.egg-info/ From fdb9f83f9d935781c38d2700478a7499fcc586b9d825acdaa73fb6916bc2d411 Mon Sep 17 00:00:00 2001 From: Jan Matejek Date: Tue, 17 May 2016 13:40:41 +0000 Subject: [PATCH 2/2] Accepting request 396253 from home:matejcik:branches:devel:languages:python - added %check section with testsuite - skip-networked-test.patch - mark a test as networked so that we can specify non-network test run - rsa128-i586.patch - sidestep a crasher bug on 32bit platforms by generating reasonably-sized RSA keys instead of small 128bit ones OBS-URL: https://build.opensuse.org/request/show/396253 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=34 --- python-pyOpenSSL.changes | 9 +++++++++ python-pyOpenSSL.spec | 15 +++++++++++++-- rsa128-i586.patch | 31 +++++++++++++++++++++++++++++++ skip-networked-test.patch | 12 ++++++++++++ 4 files changed, 65 insertions(+), 2 deletions(-) create mode 100644 rsa128-i586.patch create mode 100644 skip-networked-test.patch diff --git a/python-pyOpenSSL.changes b/python-pyOpenSSL.changes index efd96fe..8ae95ca 100644 --- a/python-pyOpenSSL.changes +++ b/python-pyOpenSSL.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Mon May 16 15:29:16 UTC 2016 - jmatejek@suse.com + +- added %check section with testsuite +- skip-networked-test.patch - mark a test as networked so that we can + specify non-network test run +- rsa128-i586.patch - sidestep a crasher bug on 32bit platforms + by generating reasonably-sized RSA keys instead of small 128bit ones + ------------------------------------------------------------------- Mon May 9 09:54:12 UTC 2016 - hpj@urpla.net diff --git a/python-pyOpenSSL.spec b/python-pyOpenSSL.spec index 47f8757..b0f7184 100644 --- a/python-pyOpenSSL.spec +++ b/python-pyOpenSSL.spec @@ -25,12 +25,16 @@ License: Apache-2.0 Group: Development/Languages/Python Source: http://pypi.python.org/packages/source/p/pyOpenSSL/pyOpenSSL-%{version}.tar.gz Patch0: bug-lp-1265482.diff +Patch1: skip-networked-test.patch +Patch2: rsa128-i586.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: openssl-devel BuildRequires: python-Sphinx -BuildRequires: python-cryptography >= 0.2 +BuildRequires: python-cryptography >= 1.3.1 BuildRequires: python-devel +BuildRequires: python-pytest BuildRequires: python-setuptools -Requires: python-cryptography >= 0.2 +Requires: python-cryptography >= 1.3.1 Provides: pyOpenSSL = %{version} Provides: python-openssl = %{version} Obsoletes: python-openssl < %{version} @@ -59,6 +63,8 @@ Provides documentation for %{name}. %prep %setup -q -n pyOpenSSL-%{version} %patch0 -p1 +%patch1 -p1 +%patch2 -p1 %build python setup.py build @@ -68,6 +74,11 @@ PYTHONPATH="build/lib" python setup.py build_sphinx && rm build/sphinx/html/.bui %install python setup.py install --prefix=%{_prefix} --root=%{buildroot} +%check +export LC_ALL=en_US.UTF-8 +export PYTHONPATH=src +py.test -m "not network" + %files %defattr(0644,root,root,0755) %doc LICENSE *.rst diff --git a/rsa128-i586.patch b/rsa128-i586.patch new file mode 100644 index 0000000..1cb3a11 --- /dev/null +++ b/rsa128-i586.patch @@ -0,0 +1,31 @@ +Index: pyOpenSSL-16.0.0/tests/test_ssl.py +=================================================================== +--- pyOpenSSL-16.0.0.orig/tests/test_ssl.py ++++ pyOpenSSL-16.0.0/tests/test_ssl.py +@@ -549,7 +549,7 @@ class ContextTests(TestCase, _LoopbackMi + instance. + """ + key = PKey() +- key.generate_key(TYPE_RSA, 128) ++ key.generate_key(TYPE_RSA, 2048) + ctx = Context(TLSv1_METHOD) + ctx.use_privatekey(key) + self.assertRaises(TypeError, ctx.use_privatekey, "") +@@ -569,7 +569,7 @@ class ContextTests(TestCase, _LoopbackMi + arguments does not raise an exception. + """ + key = PKey() +- key.generate_key(TYPE_RSA, 128) ++ key.generate_key(TYPE_RSA, 2048) + + with open(pemfile, "wt") as pem: + pem.write( +@@ -920,7 +920,7 @@ class ContextTests(TestCase, _LoopbackMi + passphrase. Return the path to the new file. + """ + key = PKey() +- key.generate_key(TYPE_RSA, 128) ++ key.generate_key(TYPE_RSA, 2048) + pemFile = self.mktemp() + fObj = open(pemFile, 'w') + pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase) diff --git a/skip-networked-test.patch b/skip-networked-test.patch new file mode 100644 index 0000000..3671997 --- /dev/null +++ b/skip-networked-test.patch @@ -0,0 +1,12 @@ +Index: pyOpenSSL-16.0.0/tests/test_ssl.py +=================================================================== +--- pyOpenSSL-16.0.0.orig/tests/test_ssl.py ++++ pyOpenSSL-16.0.0/tests/test_ssl.py +@@ -1198,6 +1198,7 @@ class ContextTests(TestCase, _LoopbackMi + reason="set_default_verify_paths appears not to work on Windows. " + "See LP#404343 and LP#404344." + ) ++ @pytest.mark.network + def test_set_default_verify_paths(self): + """ + :py:obj:`Context.set_default_verify_paths` causes the