- Add remove-sha1.patch to make it compatible with latests versions of

cryptography gh#ronf/asyncssh@fae5a9e8baad OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-asyncssh?expand=0&rev=43
2023-01-25 12:27:47 +00:00
parent 8aaad73eec
commit 5970a4c06d
4 changed files with 106 additions and 5 deletions
--- a/gss_test.patch
+++ b/gss_test.patch
@@ -2,9 +2,11 @@
 tests/test_connection.py |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/tests/test_connection.py
-+++ b/tests/test_connection.py
-@@ -1470,7 +1470,7 @@ class _TestConnectionAsyncAcceptor(Serve
+Index: asyncssh-2.13.0/tests/test_connection.py
+===================================================================
+--- asyncssh-2.13.0.orig/tests/test_connection.py
+++ asyncssh-2.13.0/tests/test_connection.py
+@@ -1546,7 +1546,7 @@ class _TestConnectionAsyncAcceptor(Serve
 
             conn.logger.info('Acceptor called')
 
--- a/python-asyncssh.changes
+++ b/python-asyncssh.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Jan 25 12:18:38 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Add remove-sha1.patch to make it compatible with latests versions of
+  cryptography gh#ronf/asyncssh@fae5a9e8baad
+
 -------------------------------------------------------------------
 Thu Jan  5 21:06:40 UTC 2023 - Dirk Müller <dmueller@suse.com>

--- a/python-asyncssh.spec
+++ b/python-asyncssh.spec
@@ -16,7 +16,6 @@
 #


-%{?!python_module:%define python_module() python-%{**} python3-%{**}}
 %define skip_python2 1
 %define skip_python36 1
 Name:           python-asyncssh
@@ -28,6 +27,8 @@ Group:          Development/Languages/Python
 URL:            https://github.com/ronf/asyncssh
 Source:         https://files.pythonhosted.org/packages/source/a/asyncssh/asyncssh-%{version}.tar.gz
 Patch0:         gss_test.patch
+# PATCH-FIX-UPSTREAM remove-sha1.patch gh#ronf/asyncssh@fae5a9e8baad
+Patch1:         remove-sha1.patch
 # SECTION test requirements
 BuildRequires:  %{python_module bcrypt >= 3.1.3}
 BuildRequires:  %{python_module cryptography >= 2.8}
@@ -75,6 +76,7 @@ server implementation of the SSHv2 protocol on top of the Python asyncio framewo
 %files %{python_files}
 %license LICENSE COPYRIGHT
 %doc README.rst
-%{python_sitelib}/*
+%{python_sitelib}/asyncssh
+%{python_sitelib}/asyncssh-%{version}*-info

 %changelog
--- a/remove-sha1.patch
+++ b/remove-sha1.patch
@@ -0,0 +1,91 @@
+From fae5a9e8baad8bd505b43e14fc13b9010789865c Mon Sep 17 00:00:00 2001
+From: Ron Frederick <ronf@timeheart.net>
+Date: Sat, 7 Jan 2023 21:02:01 -0800
+Subject: [PATCH] Handle elimination of SHA-1 for digital signatures in
+ cryptograhy 39.0.0
+
+This commit changes the default X.509 signature algorithm for DSA and
+some unit test code to avoid attempting to use SHA-1 for X.509 certificate
+signing, as this is no longer allowed in cryptography 39.0.0.
+---
+ asyncssh/dsa.py          | 2 +-
+ asyncssh/ecdsa.py        | 2 +-
+ asyncssh/public_key.py   | 4 ++--
+ asyncssh/rsa.py          | 2 +-
+ tests/test_public_key.py | 2 +-
+ 5 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/asyncssh/dsa.py b/asyncssh/dsa.py
+index d3f95196..1972e1d0 100644
+--- a/asyncssh/dsa.py
+++ b/asyncssh/dsa.py
+@@ -41,7 +41,7 @@ class _DSAKey(SSHKey):
+     _key: Union[DSAPrivateKey, DSAPublicKey]
+ 
+     algorithm = b'ssh-dss'
+-    default_hash_name = 'sha1'
+    default_x509_hash = 'sha256'
+     pem_name = b'DSA'
+     pkcs8_oid = ObjectIdentifier('1.2.840.10040.4.1')
+     sig_algorithms = (algorithm,)
+diff --git a/asyncssh/ecdsa.py b/asyncssh/ecdsa.py
+index 25bad399..57d8d821 100644
+--- a/asyncssh/ecdsa.py
+++ b/asyncssh/ecdsa.py
+@@ -54,7 +54,7 @@ class _ECKey(SSHKey):
+ 
+     _key: Union[ECDSAPrivateKey, ECDSAPublicKey]
+ 
+-    default_hash_name = 'sha256'
+    default_x509_hash = 'sha256'
+     pem_name = b'EC'
+     pkcs8_oid = ObjectIdentifier('1.2.840.10045.2.1')
+ 
+diff --git a/asyncssh/public_key.py b/asyncssh/public_key.py
+index 75672ed4..a744b3d7 100644
+--- a/asyncssh/public_key.py
+++ b/asyncssh/public_key.py
+@@ -240,7 +240,7 @@ class SSHKey:
+     sig_algorithms: Sequence[bytes] = ()
+     x509_algorithms: Sequence[bytes] = ()
+     all_sig_algorithms: Set[bytes] = set()
+-    default_hash_name: str = ''
+    default_x509_hash: str = ''
+     pem_name: bytes = b''
+     pkcs8_oid: Optional[ObjectIdentifier] = None
+     use_executor: bool = False
+@@ -385,7 +385,7 @@ def _generate_x509_certificate(self, key: 'SSHKey', subject: str,
+                              'valid after time')
+ 
+         if hash_name == ():
+-            hash_name = key.default_hash_name
+            hash_name = key.default_x509_hash
+ 
+         if comment == ():
+             comment = key.get_comment_bytes()
+diff --git a/asyncssh/rsa.py b/asyncssh/rsa.py
+index 09edc59d..ccfbaa2d 100644
+--- a/asyncssh/rsa.py
+++ b/asyncssh/rsa.py
+@@ -52,7 +52,7 @@ class RSAKey(SSHKey):
+     _key: Union[RSAPrivateKey, RSAPublicKey]
+ 
+     algorithm = b'ssh-rsa'
+-    default_hash_name = 'sha256'
+    default_x509_hash = 'sha256'
+     pem_name = b'RSA'
+     pkcs8_oid = ObjectIdentifier('1.2.840.113549.1.1.1')
+     sig_algorithms = (b'rsa-sha2-256', b'rsa-sha2-512',
+diff --git a/tests/test_public_key.py b/tests/test_public_key.py
+index ad288203..091531a4 100644
+--- a/tests/test_public_key.py
+++ b/tests/test_public_key.py
+@@ -2358,7 +2358,7 @@ def test_x509_certificate_hashes(self):
+         privkey = get_test_key('ssh-rsa')
+         pubkey = privkey.convert_to_public()
+ 
+-        for hash_alg in ('sha1', 'sha256', 'sha512'):
+        for hash_alg in ('sha256', 'sha512'):
+             cert = privkey.generate_x509_user_certificate(
+                 pubkey, 'OU=user', hash_alg=hash_alg)
+