From fcf55eaaab8d2070e0646457a17f2fca2c0cc472326ee9c748d34b98ad27c91d Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Thu, 29 Sep 2022 19:34:28 +0000 Subject: [PATCH 1/2] - update to 22.1.0: * Remove support for SSLv2 and SSLv3. * The minimum ``cryptography`` version is now 37.0.2. * The ``OpenSSL.crypto.X509StoreContextError`` exception has been refactored, changing its internal attributes. * Add ``OpenSSL.SSL.Connection.set_verify`` and ``OpenSSL.SSL.Connection.get_verify_mode`` to override the context object's verification flags. * Add ``OpenSSL.SSL.Connection.use_certificate`` and ``OpenSSL.SSL.Connection.use_privatekey`` to set a certificate per connection (and not just per context) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=95 --- pyOpenSSL-22.0.0.tar.gz | 3 --- pyOpenSSL-22.1.0.tar.gz | 3 +++ python-pyOpenSSL.changes | 14 ++++++++++++++ python-pyOpenSSL.spec | 6 +++--- skip-networked-test.patch | 20 ++++++++++++-------- 5 files changed, 32 insertions(+), 14 deletions(-) delete mode 100644 pyOpenSSL-22.0.0.tar.gz create mode 100644 pyOpenSSL-22.1.0.tar.gz diff --git a/pyOpenSSL-22.0.0.tar.gz b/pyOpenSSL-22.0.0.tar.gz deleted file mode 100644 index 22f2adc..0000000 --- a/pyOpenSSL-22.0.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:660b1b1425aac4a1bea1d94168a85d99f0b3144c869dd4390d27629d0087f1bf -size 178438 diff --git a/pyOpenSSL-22.1.0.tar.gz b/pyOpenSSL-22.1.0.tar.gz new file mode 100644 index 0000000..f21f3ff --- /dev/null +++ b/pyOpenSSL-22.1.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7a83b7b272dd595222d672f5ce29aa030f1fb837630ef229f62e72e395ce8968 +size 181704 diff --git a/python-pyOpenSSL.changes b/python-pyOpenSSL.changes index 6d156ef..19edb43 100644 --- a/python-pyOpenSSL.changes +++ b/python-pyOpenSSL.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Thu Sep 29 19:33:29 UTC 2022 - Dirk Müller + +- update to 22.1.0: + * Remove support for SSLv2 and SSLv3. + * The minimum ``cryptography`` version is now 37.0.2. + * The ``OpenSSL.crypto.X509StoreContextError`` exception has been refactored, + changing its internal attributes. + * Add ``OpenSSL.SSL.Connection.set_verify`` and ``OpenSSL.SSL.Connection.get_verify_mode`` + to override the context object's verification flags. + * Add ``OpenSSL.SSL.Connection.use_certificate`` and + ``OpenSSL.SSL.Connection.use_privatekey`` + to set a certificate per connection (and not just per context) + ------------------------------------------------------------------- Wed Jun 1 08:25:21 UTC 2022 - Steve Kowalik diff --git a/python-pyOpenSSL.spec b/python-pyOpenSSL.spec index d1d75d4..1b7f080 100644 --- a/python-pyOpenSSL.spec +++ b/python-pyOpenSSL.spec @@ -27,7 +27,7 @@ %endif %global skip_python2 1 Name: python-pyOpenSSL%{psuffix} -Version: 22.0.0 +Version: 22.1.0 Release: 0 Summary: Python wrapper module around the OpenSSL library License: Apache-2.0 @@ -41,7 +41,7 @@ BuildRequires: %{python_module setuptools} BuildRequires: fdupes BuildRequires: python-rpm-macros %if %{with test} -BuildRequires: %{python_module cryptography >= 35} +BuildRequires: %{python_module cryptography >= 37.0.2} BuildRequires: %{python_module flaky} BuildRequires: %{python_module pretend} BuildRequires: %{python_module pyOpenSSL >= %version} @@ -50,7 +50,7 @@ BuildRequires: ca-certificates-mozilla BuildRequires: openssl %endif Requires: python-cffi -Requires: python-cryptography >= 35 +Requires: python-cryptography >= 37.0.2 Provides: pyOpenSSL = %{version} BuildArch: noarch %python_subpackages diff --git a/skip-networked-test.patch b/skip-networked-test.patch index 7d219a6..7ee1860 100644 --- a/skip-networked-test.patch +++ b/skip-networked-test.patch @@ -1,6 +1,8 @@ ---- a/tests/test_ssl.py -+++ b/tests/test_ssl.py -@@ -1240,6 +1240,7 @@ class TestContext(object): +Index: pyOpenSSL-22.1.0/tests/test_ssl.py +=================================================================== +--- pyOpenSSL-22.1.0.orig/tests/test_ssl.py ++++ pyOpenSSL-22.1.0/tests/test_ssl.py +@@ -1244,6 +1244,7 @@ class TestContext: reason="set_default_verify_paths appears not to work on Windows. " "See LP#404343 and LP#404344.", ) @@ -8,8 +10,10 @@ def test_set_default_verify_paths(self): """ `Context.set_default_verify_paths` causes the platform-specific CA ---- a/setup.cfg -+++ b/setup.cfg +Index: pyOpenSSL-22.1.0/setup.cfg +=================================================================== +--- pyOpenSSL-22.1.0.orig/setup.cfg ++++ pyOpenSSL-22.1.0/setup.cfg @@ -2,6 +2,8 @@ minversion = 3.0.1 strict = true @@ -17,9 +21,9 @@ +markers = + network: test case requires network connection - [bdist_wheel] - universal = 1 -@@ -19,4 +21,3 @@ doc-files = doc/_build/html + [metadata] + license_file = LICENSE +@@ -16,4 +18,3 @@ doc_files = doc/_build/html [egg_info] tag_build = tag_date = 0 From b067fdba7da8b9e5ed0d04a960fc476da149deb6360a018de098fcb4e0aa1ab2 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Mon, 24 Oct 2022 21:44:16 +0000 Subject: [PATCH 2/2] Accepting request 1030427 from home:bnavigator:branches:devel:languages:python - Upstream post-release doc fix (gh#pyca/pyopenssl#1150) * The minimum cryptography version is now 38.0.x (and we now pin releases against cryptography major versions to prevent future breakage) - Add pyOpenSSL-pr1158-conditional-__all__.patch gh#pyca/pyopenssl#1158 OBS-URL: https://build.opensuse.org/request/show/1030427 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=96 --- pyOpenSSL-pr1158-conditional-__all__.patch | 46 ++++++++++++++++++++++ python-pyOpenSSL.changes | 10 +++++ python-pyOpenSSL.spec | 11 +++--- 3 files changed, 62 insertions(+), 5 deletions(-) create mode 100644 pyOpenSSL-pr1158-conditional-__all__.patch diff --git a/pyOpenSSL-pr1158-conditional-__all__.patch b/pyOpenSSL-pr1158-conditional-__all__.patch new file mode 100644 index 0000000..60dce69 --- /dev/null +++ b/pyOpenSSL-pr1158-conditional-__all__.patch @@ -0,0 +1,46 @@ +diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py +index 9db7353..c2a49f2 100644 +--- a/src/OpenSSL/SSL.py ++++ b/src/OpenSSL/SSL.py +@@ -59,7 +59,7 @@ __all__ = [ + "OP_NO_TLSv1", + "OP_NO_TLSv1_1", + "OP_NO_TLSv1_2", +- "OP_NO_TLSv1_3", ++ # "OP_NO_TLSv1_3", conditionally added below + "MODE_RELEASE_BUFFERS", + "OP_SINGLE_DH_USE", + "OP_SINGLE_ECDH_USE", +@@ -84,8 +84,8 @@ __all__ = [ + "OP_NO_QUERY_MTU", + "OP_COOKIE_EXCHANGE", + "OP_NO_TICKET", +- "OP_NO_RENEGOTIATION", +- "OP_IGNORE_UNEXPECTED_EOF", ++ # "OP_NO_RENEGOTIATION", conditionally added below ++ # "OP_IGNORE_UNEXPECTED_EOF", conditionally added below + "OP_ALL", + "VERIFY_PEER", + "VERIFY_FAIL_IF_NO_PEER_CERT", +@@ -172,6 +172,7 @@ OP_NO_TLSv1_1 = _lib.SSL_OP_NO_TLSv1_1 + OP_NO_TLSv1_2 = _lib.SSL_OP_NO_TLSv1_2 + try: + OP_NO_TLSv1_3 = _lib.SSL_OP_NO_TLSv1_3 ++ __all__ += ["OP_NO_TLSv1_3"] + except AttributeError: + pass + +@@ -208,11 +209,13 @@ OP_NO_TICKET = _lib.SSL_OP_NO_TICKET + + try: + OP_NO_RENEGOTIATION = _lib.SSL_OP_NO_RENEGOTIATION ++ __all__ += ["OP_NO_RENEGOTIATION"] + except AttributeError: + pass + + try: + OP_IGNORE_UNEXPECTED_EOF = _lib.SSL_OP_IGNORE_UNEXPECTED_EOF ++ __all__ += ["OP_IGNORE_UNEXPECTED_EOF"] + except AttributeError: + pass + diff --git a/python-pyOpenSSL.changes b/python-pyOpenSSL.changes index 19edb43..53572be 100644 --- a/python-pyOpenSSL.changes +++ b/python-pyOpenSSL.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Fri Oct 21 14:20:05 UTC 2022 - Ben Greiner + +- Upstream post-release doc fix (gh#pyca/pyopenssl#1150) + * The minimum cryptography version is now 38.0.x (and we now pin + releases against cryptography major versions to prevent future + breakage) +- Add pyOpenSSL-pr1158-conditional-__all__.patch + gh#pyca/pyopenssl#1158 + ------------------------------------------------------------------- Thu Sep 29 19:33:29 UTC 2022 - Dirk Müller diff --git a/python-pyOpenSSL.spec b/python-pyOpenSSL.spec index 1b7f080..8fbc4d5 100644 --- a/python-pyOpenSSL.spec +++ b/python-pyOpenSSL.spec @@ -36,12 +36,14 @@ Source: https://files.pythonhosted.org/packages/source/p/pyOpenSSL/pyOpe # PATCH-FIX-UPSTREAM skip-networked-test.patch gh#pyca/pyopenssl#68 mcepl@suse.com # Mark tests requiring network access Patch0: skip-networked-test.patch +# PATCH-FIX-UPSTREAM pyOpenSSL-pr1158-conditional-__all__.patch gh#pyca/pyopenssl#1158 +Patch1: pyOpenSSL-pr1158-conditional-__all__.patch BuildRequires: %{python_module cffi} BuildRequires: %{python_module setuptools} BuildRequires: fdupes BuildRequires: python-rpm-macros %if %{with test} -BuildRequires: %{python_module cryptography >= 37.0.2} +BuildRequires: %{python_module cryptography >= 38.0.0 with %python-cryptography < 39} BuildRequires: %{python_module flaky} BuildRequires: %{python_module pretend} BuildRequires: %{python_module pyOpenSSL >= %version} @@ -50,7 +52,7 @@ BuildRequires: ca-certificates-mozilla BuildRequires: openssl %endif Requires: python-cffi -Requires: python-cryptography >= 37.0.2 +Requires: (python-cryptography >= 38.0.0 with python-cryptography < 39) Provides: pyOpenSSL = %{version} BuildArch: noarch %python_subpackages @@ -65,8 +67,7 @@ cryptography (), which provides (among other things) a cffi-based interface to OpenSSL. %prep -%setup -q -n pyOpenSSL-%{version} -%autopatch -p1 +%autosetup -p1 -n pyOpenSSL-%{version} %build %python_build @@ -92,7 +93,7 @@ export LC_ALL=en_US.UTF-8 %license LICENSE %doc *.rst %{python_sitelib}/OpenSSL/ -%{python_sitelib}/pyOpenSSL-%{version}-py*.egg-info +%{python_sitelib}/pyOpenSSL-%{version}*-info %endif %changelog