powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
Browse Source

pyOpenSSL package update 

Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>
master
basebuilder_pel7x64builder0 3 years ago
parent
e62f34e0d7
commit
1392bbe852
7 changed files with 1314 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 77
      SOURCES/pyOpenSSL-0.13-check-error.patch
  2. 93
      SOURCES/pyOpenSSL-0.13.1-digest.patch
  3. 389
      SOURCES/pyOpenSSL-0.13.1-exception.patch
  4. 333
      SOURCES/pyOpenSSL-0.13.1-test-failure.patch
  5. 33
      SOURCES/pyOpenSSL-elinks.patch
  6. 46
      SOURCES/pyOpenSSL-nopdfout.patch
  7. 343
      SPECS/pyOpenSSL.spec

77
SOURCES/pyOpenSSL-0.13-check-error.patch
Unescape View File

@ -0,0 +1,77 @@ @@ -0,0 +1,77 @@
diff -up pyOpenSSL-0.13/OpenSSL/crypto/crypto.c.error pyOpenSSL-0.13/OpenSSL/crypto/crypto.c
--- pyOpenSSL-0.13/OpenSSL/crypto/crypto.c.error 2011-09-02 17:46:13.000000000 +0200
+++ pyOpenSSL-0.13/OpenSSL/crypto/crypto.c 2013-04-04 14:25:17.405118204 +0200
@@ -45,12 +45,15 @@ global_passphrase_callback(char *buf, in
func = (PyObject *)cb_arg;
argv = Py_BuildValue("(i)", rwflag);
+ if (argv == NULL)
+ return 0;
ret = PyEval_CallObject(func, argv);
Py_DECREF(argv);
if (ret == NULL)
return 0;
if (!PyBytes_Check(ret))
{
+ Py_DECREF(ret);
PyErr_SetString(PyExc_ValueError, "String expected");
return 0;
}
@@ -58,6 +61,7 @@ global_passphrase_callback(char *buf, in
if (nchars > len)
nchars = len;
strncpy(buf, PyBytes_AsString(ret), nchars);
+ Py_DECREF(ret);
return nchars;
}
@@ -637,7 +641,10 @@ crypto_sign(PyObject *spam, PyObject *ar
return NULL;
}
- EVP_SignInit(&md_ctx, digest);
+ if (EVP_SignInit(&md_ctx, digest) <= 0) {
+ exception_from_error_queue(crypto_Error);
+ return NULL;
+ }
EVP_SignUpdate(&md_ctx, data, data_len);
sig_len = sizeof(sig_buf);
err = EVP_SignFinal(&md_ctx, sig_buf, &sig_len, pkey->pkey);
@@ -692,7 +699,11 @@ crypto_verify(PyObject *spam, PyObject *
return NULL;
}
- EVP_VerifyInit(&md_ctx, digest);
+ if (EVP_VerifyInit(&md_ctx, digest) <= 0) {
+ exception_from_error_queue(crypto_Error);
+ EVP_PKEY_free(pkey);
+ return NULL;
+ }
EVP_VerifyUpdate(&md_ctx, data, data_len);
err = EVP_VerifyFinal(&md_ctx, signature, sig_len, pkey);
EVP_PKEY_free(pkey);
diff -up pyOpenSSL-0.13/OpenSSL/crypto/x509.c.error pyOpenSSL-0.13/OpenSSL/crypto/x509.c
--- pyOpenSSL-0.13/OpenSSL/crypto/x509.c.error 2011-09-02 17:46:13.000000000 +0200
+++ pyOpenSSL-0.13/OpenSSL/crypto/x509.c 2013-04-04 14:02:34.932847551 +0200
@@ -656,6 +656,7 @@ crypto_X509_digest(crypto_X509Obj *self,
if (!X509_digest(self->x509,digest,fp,&len))
{
exception_from_error_queue(crypto_Error);
+ return NULL;
}
tmp = malloc(3*len+1);
memset(tmp, 0, 3*len+1);
diff -up pyOpenSSL-0.13/OpenSSL/ssl/context.c.error pyOpenSSL-0.13/OpenSSL/ssl/context.c
--- pyOpenSSL-0.13/OpenSSL/ssl/context.c.error 2011-09-02 17:46:13.000000000 +0200
+++ pyOpenSSL-0.13/OpenSSL/ssl/context.c 2013-04-04 14:02:34.932847551 +0200
@@ -1215,6 +1215,10 @@ ssl_Context_init(ssl_ContextObj *self, i
}
self->ctx = SSL_CTX_new(method);
+ if (self->ctx == NULL) {
+ exception_from_error_queue(ssl_Error);
+ return NULL;
+ }
Py_INCREF(Py_None);
self->passphrase_callback = Py_None;
Py_INCREF(Py_None);

93
SOURCES/pyOpenSSL-0.13.1-digest.patch
Unescape View File

@ -0,0 +1,93 @@ @@ -0,0 +1,93 @@
diff -up pyOpenSSL-0.13.1/OpenSSL/crypto/crl.c.digest pyOpenSSL-0.13.1/OpenSSL/crypto/crl.c
--- pyOpenSSL-0.13.1/OpenSSL/crypto/crl.c.digest 2011-08-15 00:06:11.000000000 +0200
+++ pyOpenSSL-0.13.1/OpenSSL/crypto/crl.c 2018-05-04 18:57:37.708913903 +0200
@@ -2,7 +2,7 @@
#define crypto_MODULE
#include "crypto.h"
-
+#if OPENSSL_VERSION_NUMBER<0x10002000L
static X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) {
X509_REVOKED *dupe = NULL;
@@ -32,6 +32,7 @@ static X509_REVOKED * X509_REVOKED_dup(X
dupe->sequence = orig->sequence;
return dupe;
}
+#endif
static char crypto_CRL_get_revoked_doc[] = "\n\
Return revoked portion of the CRL structure (by value\n\
@@ -130,14 +131,24 @@ crypto_CRL_export(crypto_CRLObj *self, P
crypto_PKeyObj *key;
ASN1_TIME *tmptm;
crypto_X509Obj *x509;
- static char *kwlist[] = {"cert", "key", "type", "days", NULL};
+ const char *mdname = NULL;
+ const EVP_MD *md;
+ static char *kwlist[] = {"cert", "key", "type", "days", "digest", NULL};
- if (!PyArg_ParseTupleAndKeywords(args, keywds, "O!O!|ii:dump_crl", kwlist,
+ if (!PyArg_ParseTupleAndKeywords(args, keywds, "O!O!|iiz:dump_crl", kwlist,
&crypto_X509_Type, &x509,
- &crypto_PKey_Type, &key, &type, &days)) {
+ &crypto_PKey_Type, &key, &type, &days, &mdname)) {
+ return NULL;
+ }
+ if (mdname == NULL) {
+ mdname = "sha256";
+ }
+ if ((md = EVP_get_digestbyname(mdname)) == NULL) {
+ PyErr_SetString(
+ PyExc_ValueError,
+ "No such digest method");
return NULL;
}
-
bio = BIO_new(BIO_s_mem());
tmptm = ASN1_TIME_new();
if (!tmptm) {
@@ -149,7 +160,7 @@ crypto_CRL_export(crypto_CRLObj *self, P
X509_CRL_set_nextUpdate(self->crl, tmptm);
ASN1_TIME_free(tmptm);
X509_CRL_set_issuer_name(self->crl, X509_get_subject_name(x509->x509));
- X509_CRL_sign(self->crl, key->pkey, EVP_md5());
+ X509_CRL_sign(self->crl, key->pkey, md);
switch (type) {
case X509_FILETYPE_PEM:
ret = PEM_write_bio_X509_CRL(bio, self->crl);
diff -up pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py.digest pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py
--- pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py.digest 2018-05-04 18:57:37.707913880 +0200
+++ pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py 2018-05-04 18:55:09.360484497 +0200
@@ -2628,11 +2628,12 @@ class CRLTests(TestCase):
crl.add_revoked(revoked)
# PEM format
- dumped_crl = crl.export(self.cert, self.pkey, days=20)
+ dumped_crl = crl.export(self.cert, self.pkey, days=20, digest="sha1")
text = _runopenssl(dumped_crl, "crl", "-noout", "-text")
text.index(b('Serial Number: 03AB'))
text.index(b('Superseded'))
text.index(b('Issuer: /C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA'))
+ text.index(b('Signature Algorithm: sha1WithRSAEncryption'))
# DER format
dumped_crl = crl.export(self.cert, self.pkey, FILETYPE_ASN1)
@@ -2662,14 +2663,14 @@ class CRLTests(TestCase):
def test_export_wrong_args(self):
"""
Calling L{OpenSSL.CRL.export} with fewer than two or more than
- four arguments, or with arguments other than the certificate,
- private key, integer file type, and integer number of days it
+ five arguments, or with arguments other than the certificate,
+ private key, integer file type, integer number of days, and digest it
expects, results in a L{TypeError} being raised.
"""
crl = CRL()
self.assertRaises(TypeError, crl.export)
self.assertRaises(TypeError, crl.export, self.cert)
- self.assertRaises(TypeError, crl.export, self.cert, self.pkey, FILETYPE_PEM, 10, "foo")
+ self.assertRaises(TypeError, crl.export, self.cert, self.pkey, FILETYPE_PEM, 10, "foo", "boo")
self.assertRaises(TypeError, crl.export, None, self.pkey, FILETYPE_PEM, 10)
self.assertRaises(TypeError, crl.export, self.cert, None, FILETYPE_PEM, 10)

389
SOURCES/pyOpenSSL-0.13.1-exception.patch
Unescape View File

@ -0,0 +1,389 @@ @@ -0,0 +1,389 @@
diff -up pyOpenSSL-0.13.1/OpenSSL/crypto/crypto.c.exception pyOpenSSL-0.13.1/OpenSSL/crypto/crypto.c
--- pyOpenSSL-0.13.1/OpenSSL/crypto/crypto.c.exception 2018-05-04 18:56:35.946486574 +0200
+++ pyOpenSSL-0.13.1/OpenSSL/crypto/crypto.c 2018-05-04 18:56:35.950486667 +0200
@@ -45,26 +45,72 @@ global_passphrase_callback(char *buf, in
func = (PyObject *)cb_arg;
argv = Py_BuildValue("(i)", rwflag);
- if (argv == NULL)
+ if (argv == NULL) {
return 0;
+ }
ret = PyEval_CallObject(func, argv);
Py_DECREF(argv);
- if (ret == NULL)
+ if (ret == NULL) {
return 0;
- if (!PyBytes_Check(ret))
- {
+ }
+ if (!PyBytes_Check(ret)) {
Py_DECREF(ret);
PyErr_SetString(PyExc_ValueError, "String expected");
return 0;
}
nchars = PyBytes_Size(ret);
- if (nchars > len)
- nchars = len;
+ if (nchars > len) {
+ Py_DECREF(ret);
+ PyErr_SetString(PyExc_ValueError,
+ "passphrase returned by callback is too long");
+ return 0;
+ }
strncpy(buf, PyBytes_AsString(ret), nchars);
Py_DECREF(ret);
return nchars;
}
+static PyObject *
+raise_current_error(void)
+{
+ if (PyErr_Occurred()) {
+ /*
+ * The python exception from callback is more informative than
+ * OpenSSL's error.
+ */
+ flush_error_queue();
+ return NULL;
+ }
+ exception_from_error_queue(crypto_Error);
+ return NULL;
+}
+
+static int
+setup_callback(int type, PyObject *pw, pem_password_cb **cb, void **cb_arg) {
+ if (pw == NULL) {
+ *cb = NULL;
+ *cb_arg = NULL;
+ return 1;
+ }
+ if (type != X509_FILETYPE_PEM) {
+ PyErr_SetString(PyExc_ValueError,
+ "only FILETYPE_PEM key format supports encryption");
+ return 0;
+ }
+ if (PyBytes_Check(pw)) {
+ *cb = NULL;
+ *cb_arg = PyBytes_AsString(pw);
+ } else if (PyCallable_Check(pw)) {
+ *cb = global_passphrase_callback;
+ *cb_arg = pw;
+ } else {
+ PyErr_SetString(PyExc_TypeError,
+ "Last argument must be string or callable");
+ return 0;
+ }
+ return 1;
+}
+
static char crypto_load_privatekey_doc[] = "\n\
Load a private key from a buffer\n\
\n\
@@ -89,31 +135,20 @@ crypto_load_privatekey(PyObject *spam, P
BIO *bio;
EVP_PKEY *pkey;
- if (!PyArg_ParseTuple(args, "is#|O:load_privatekey", &type, &buffer, &len, &pw))
+ if (!PyArg_ParseTuple(args, "is#|O:load_privatekey",
+ &type, &buffer, &len, &pw)) {
+ return NULL;
+ }
+ if (!setup_callback(type, pw, &cb, &cb_arg)) {
return NULL;
-
- if (pw != NULL)
- {
- if (PyBytes_Check(pw))
- {
- cb = NULL;
- cb_arg = PyBytes_AsString(pw);
- }
- else if (PyCallable_Check(pw))
- {
- cb = global_passphrase_callback;
- cb_arg = pw;
- }
- else
- {
- PyErr_SetString(PyExc_TypeError, "Last argument must be string or callable");
- return NULL;
- }
}
bio = BIO_new_mem_buf(buffer, len);
- switch (type)
- {
+ if (bio == NULL) {
+ exception_from_error_queue(crypto_Error);
+ return NULL;
+ }
+ switch (type) {
case X509_FILETYPE_PEM:
pkey = PEM_read_bio_PrivateKey(bio, NULL, cb, cb_arg);
break;
@@ -129,10 +164,8 @@ crypto_load_privatekey(PyObject *spam, P
}
BIO_free(bio);
- if (pkey == NULL)
- {
- exception_from_error_queue(crypto_Error);
- return NULL;
+ if (pkey == NULL) {
+ return raise_current_error();
}
return (PyObject *)crypto_PKey_New(pkey, 1);
@@ -168,49 +201,32 @@ crypto_dump_privatekey(PyObject *spam, P
crypto_PKeyObj *pkey;
if (!PyArg_ParseTuple(args, "iO!|sO:dump_privatekey", &type,
- &crypto_PKey_Type, &pkey, &cipher_name, &pw))
+ &crypto_PKey_Type, &pkey, &cipher_name, &pw)) {
return NULL;
-
- if (cipher_name != NULL && pw == NULL)
- {
+ }
+ if (cipher_name != NULL && pw == NULL) {
PyErr_SetString(PyExc_ValueError, "Illegal number of arguments");
return NULL;
}
- if (cipher_name != NULL)
- {
+ if (cipher_name != NULL) {
cipher = EVP_get_cipherbyname(cipher_name);
- if (cipher == NULL)
- {
+ if (cipher == NULL) {
PyErr_SetString(PyExc_ValueError, "Invalid cipher name");
return NULL;
}
- if (PyBytes_Check(pw))
- {
- cb = NULL;
- cb_arg = PyBytes_AsString(pw);
- }
- else if (PyCallable_Check(pw))
- {
- cb = global_passphrase_callback;
- cb_arg = pw;
- }
- else
- {
- PyErr_SetString(PyExc_TypeError, "Last argument must be string or callable");
+ if (!setup_callback(type, pw, &cb, &cb_arg)) {
return NULL;
}
}
bio = BIO_new(BIO_s_mem());
- switch (type)
- {
+ if (bio == NULL) {
+ exception_from_error_queue(crypto_Error);
+ return NULL;
+ }
+ switch (type) {
case X509_FILETYPE_PEM:
ret = PEM_write_bio_PrivateKey(bio, pkey->pkey, cipher, NULL, 0, cb, cb_arg);
- if (PyErr_Occurred())
- {
- BIO_free(bio);
- return NULL;
- }
break;
case X509_FILETYPE_ASN1:
@@ -219,8 +235,12 @@ crypto_dump_privatekey(PyObject *spam, P
case X509_FILETYPE_TEXT:
rsa = EVP_PKEY_get1_RSA(pkey->pkey);
+ if (rsa == NULL) {
+ ret = 0;
+ break;
+ }
ret = RSA_print(bio, rsa, 0);
- RSA_free(rsa);
+ RSA_free(rsa);
break;
default:
@@ -229,11 +249,9 @@ crypto_dump_privatekey(PyObject *spam, P
return NULL;
}
- if (ret == 0)
- {
+ if (ret == 0) {
BIO_free(bio);
- exception_from_error_queue(crypto_Error);
- return NULL;
+ return raise_current_error();
}
buf_len = BIO_get_mem_data(bio, &temp);
@@ -513,8 +531,8 @@ crypto_load_pkcs7_data(PyObject *spam, P
if (!PyArg_ParseTuple(args, "is#:load_pkcs7_data", &type, &buffer, &len))
return NULL;
- /*
- * Try to read the pkcs7 data from the bio
+ /*
+ * Try to read the pkcs7 data from the bio
*/
bio = BIO_new_mem_buf(buffer, len);
switch (type)
diff -up pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py.exception pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py
--- pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py.exception 2018-05-04 18:56:35.948486620 +0200
+++ pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py 2018-05-04 18:57:16.363420609 +0200
@@ -7,7 +7,7 @@ Unit tests for L{OpenSSL.crypto}.
from unittest import main
-import os, re
+import os, re, sys
from subprocess import PIPE, Popen
from datetime import datetime, timedelta
@@ -2038,6 +2038,18 @@ class FunctionTests(TestCase):
load_privatekey, FILETYPE_PEM, encryptedPrivateKeyPEM, b("quack"))
+ def test_load_privatekey_passphraseWrongType(self):
+ """
+ :py:obj:`load_privatekey` raises :py:obj:`ValueError` when it is passed a passphrase
+ with a private key encoded in a format, that doesn't support
+ encryption.
+ """
+ key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
+ blob = dump_privatekey(FILETYPE_ASN1, key)
+ self.assertRaises(ValueError,
+ load_privatekey, FILETYPE_ASN1, blob, "secret")
+
+
def test_load_privatekey_passphrase(self):
"""
L{load_privatekey} can create a L{PKey} object from an encrypted PEM
@@ -2058,7 +2070,7 @@ class FunctionTests(TestCase):
called = []
def cb(*a):
called.append(None)
- return "quack"
+ return b("quack")
self.assertRaises(
Error,
load_privatekey, FILETYPE_PEM, encryptedPrivateKeyPEM, cb)
@@ -2083,25 +2095,36 @@ class FunctionTests(TestCase):
def test_load_privatekey_passphrase_exception(self):
"""
An exception raised by the passphrase callback passed to
- L{load_privatekey} causes L{OpenSSL.crypto.Error} to be raised.
-
- This isn't as nice as just letting the exception pass through. The
- behavior might be changed to that eventually.
+ L{load_privatekey} is propagated.
"""
def broken(ignored):
raise RuntimeError("This is not working.")
self.assertRaises(
- Error,
+ RuntimeError,
load_privatekey,
FILETYPE_PEM, encryptedPrivateKeyPEM, broken)
+ def test_load_privatekey_passphrase_wrong_return_type(self):
+ """
+ :py:obj:`load_privatekey` raises :py:obj:`ValueError` if the passphrase
+ callback returns something other than a byte string.
+ """
+ self.assertRaises(
+ ValueError,
+ load_privatekey,
+ FILETYPE_PEM, encryptedPrivateKeyPEM, lambda *args: 3)
+
+
def test_dump_privatekey_wrong_args(self):
"""
L{dump_privatekey} raises L{TypeError} if called with the wrong number
of arguments.
"""
self.assertRaises(TypeError, dump_privatekey)
+ # If cipher name is given, password is required.
+ self.assertRaises(
+ ValueError, dump_privatekey, FILETYPE_PEM, PKey(), "foo")
def test_dump_privatekey_unknown_cipher(self):
@@ -2138,6 +2161,18 @@ class FunctionTests(TestCase):
self.assertRaises(ValueError, dump_privatekey, 100, key)
+ def test_load_privatekey_passphraseCallbackLength(self):
+ """
+ :py:obj:`crypto.load_privatekey` should raise an error when the passphrase
+ provided by the callback is too long, not silently truncate it.
+ """
+ def cb(ignored):
+ return "a" * 1025
+
+ self.assertRaises(ValueError,
+ load_privatekey, FILETYPE_PEM, encryptedPrivateKeyPEM, cb)
+
+
def test_dump_privatekey_passphrase(self):
"""
L{dump_privatekey} writes an encrypted PEM when given a passphrase.
@@ -2152,6 +2187,17 @@ class FunctionTests(TestCase):
self.assertEqual(loadedKey.bits(), key.bits())
+ def test_dump_privatekey_passphraseWrongType(self):
+ """
+ :py:obj:`dump_privatekey` raises :py:obj:`ValueError` when it is passed a passphrase
+ with a private key encoded in a format, that doesn't support
+ encryption.
+ """
+ key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
+ self.assertRaises(ValueError,
+ dump_privatekey, FILETYPE_ASN1, key, "blowfish", "secret")
+
+
def test_dump_certificate(self):
"""
L{dump_certificate} writes PEM, DER, and text.
@@ -2230,6 +2276,32 @@ class FunctionTests(TestCase):
self.assertEqual(loadedKey.bits(), key.bits())
+ def test_dump_privatekey_passphrase_exception(self):
+ """
+ :py:obj:`dump_privatekey` should not overwrite the exception raised
+ by the passphrase callback.
+ """
+ def cb(ignored):
+ raise ArithmeticError
+
+ key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
+ self.assertRaises(ArithmeticError,
+ dump_privatekey, FILETYPE_PEM, key, "blowfish", cb)
+
+
+ def test_dump_privatekey_passphraseCallbackLength(self):
+ """
+ :py:obj:`crypto.dump_privatekey` should raise an error when the passphrase
+ provided by the callback is too long, not silently truncate it.
+ """
+ def cb(ignored):
+ return "a" * 1025
+
+ key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
+ self.assertRaises(ValueError,
+ dump_privatekey, FILETYPE_PEM, key, "blowfish", cb)
+
+
def test_load_pkcs7_data(self):
"""
L{load_pkcs7_data} accepts a PKCS#7 string and returns an instance of

333
SOURCES/pyOpenSSL-0.13.1-test-failure.patch
Unescape View File

@ -0,0 +1,333 @@ @@ -0,0 +1,333 @@
diff -up pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py.test-failure pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py
--- pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py.test-failure 2013-08-23 21:48:24.000000000 +0200
+++ pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py 2018-05-04 18:55:55.508551705 +0200
@@ -35,22 +35,22 @@ def normalize_privatekey_pem(pem):
root_cert_pem = b("""-----BEGIN CERTIFICATE-----
-MIIC7TCCAlagAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE
+MIIC6TCCAlKgAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE
BhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdU
-ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwIhgPMjAwOTAzMjUxMjM2
-NThaGA8yMDE3MDYxMTEyMzY1OFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklM
-MRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9U
-ZXN0aW5nIFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPmaQumL
-urpE527uSEHdL1pqcDRmWzu+98Y6YHzT/J7KWEamyMCNZ6fRW1JCR782UQ8a07fy
-2xXsKy4WdKaxyG8CcatwmXvpvRQ44dSANMihHELpANTdyVp6DCysED6wkQFurHlF
-1dshEaJw8b/ypDhmbVIo6Ci1xvCJqivbLFnbAgMBAAGjgbswgbgwHQYDVR0OBBYE
-FINVdy1eIfFJDAkk51QJEo3IfgSuMIGIBgNVHSMEgYAwfoAUg1V3LV4h8UkMCSTn
-VAkSjch+BK6hXKRaMFgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UE
-BxMHQ2hpY2FnbzEQMA4GA1UEChMHVGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBS
-b290IENBggg9DMTgxt659DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
-AGGCDazMJGoWNBpc03u6+smc95dEead2KlZXBATOdFT1VesY3+nUOqZhEhTGlDMi
-hkgaZnzoIq/Uamidegk4hirsCT/R+6vsKAAxNTcBjUeZjlykCJWy5ojShGftXIKY
-w/njVbKMXrvc83qmTdGl3TAM0fxQIpqgcglFLveEBgzn
+ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwHhcNMTcwNjExMjIzMjU5
+WhcNMzcwNjA2MjIzMjU5WjBYMQswCQYDVQQGEwJVUzELMAkGA1UECBMCSUwxEDAO
+BgNVBAcTB0NoaWNhZ28xEDAOBgNVBAoTB1Rlc3RpbmcxGDAWBgNVBAMTD1Rlc3Rp
+bmcgUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA+ZpC6Yu6ukTn
+bu5IQd0vWmpwNGZbO773xjpgfNP8nspYRqbIwI1np9FbUkJHvzZRDxrTt/LbFewr
+LhZ0prHIbwJxq3CZe+m9FDjh1IA0yKEcQukA1N3JWnoMLKwQPrCRAW6seUXV2yER
+onDxv/KkOGZtUijoKLXG8ImqK9ssWdsCAwEAAaOBuzCBuDAdBgNVHQ4EFgQUg1V3
+LV4h8UkMCSTnVAkSjch+BK4wgYgGA1UdIwSBgDB+gBSDVXctXiHxSQwJJOdUCRKN
+yH4ErqFcpFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdD
+aGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3Qg
+Q0GCCD0MxODG3rn0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEANFYQ
+R+T70VcZ+SnvURnwviFgCXeedBzCr21meo+DNHbkp2gudB9W8Xrned/wtUBVymy9
+gjB5jINfU7Lci0H57Evsw96UJJVfhXdUMHpqt1RGCoEd9FWnrDyrSy0NysnBT2bH
+lEqxh3aFEUx9IOQ4sgnx1/NOFXBpkRtivl6O0Ec=
-----END CERTIFICATE-----
""")
@@ -72,18 +72,18 @@ cbvAhow217X9V0dVerEOKxnNYspXRrh36h7k4mQA
""")
server_cert_pem = b("""-----BEGIN CERTIFICATE-----
-MIICKDCCAZGgAwIBAgIJAJn/HpR21r/8MA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UEBxMHQ2hpY2FnbzEQMA4GA1UEChMH
-VGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBSb290IENBMCIYDzIwMDkwMzI1MTIz
-NzUzWhgPMjAxNzA2MTExMjM3NTNaMBgxFjAUBgNVBAMTDWxvdmVseSBzZXJ2ZXIw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL6m+G653V0tpBC/OKl22VxOi2Cv
-lK4TYu9LHSDP9uDVTe7V5D5Tl6qzFoRRx5pfmnkqT5B+W9byp2NU3FC5hLm5zSAr
-b45meUhjEJ/ifkZgbNUjHdBIGP9MAQUHZa5WKdkGIJvGAvs8UzUqlr4TBWQIB24+
-lJ+Ukk/CRgasrYwdAgMBAAGjNjA0MB0GA1UdDgQWBBS4kC7Ij0W1TZXZqXQFAM2e
-gKEG2DATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQBh30Li
-dJ+NlxIOx5343WqIBka3UbsOb2kxWrbkVCrvRapCMLCASO4FqiKWM+L0VDBprqIp
-2mgpFQ6FHpoIENGvJhdEKpptQ5i7KaGhnDNTfdy3x1+h852G99f1iyj0RmbuFcM8
-uzujnS8YXWvM7DM1Ilozk4MzPug8jzFp5uhKCQ==
+MIICJDCCAY2gAwIBAgIJAJn/HpR21r/8MA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJJTDEQMA4GA1UEBwwHQ2hpY2FnbzEQMA4GA1UECgwH
+VGVzdGluZzEYMBYGA1UEAwwPVGVzdGluZyBSb290IENBMB4XDTE3MDYxMjAwMTA1
+N1oXDTM3MDYwNzAwMTA1N1owGDEWMBQGA1UEAwwNbG92ZWx5IHNlcnZlcjCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvqb4brndXS2kEL84qXbZXE6LYK+UrhNi
+70sdIM/24NVN7tXkPlOXqrMWhFHHml+aeSpPkH5b1vKnY1TcULmEubnNICtvjmZ5
+SGMQn+J+RmBs1SMd0EgY/0wBBQdlrlYp2QYgm8YC+zxTNSqWvhMFZAgHbj6Un5SS
+T8JGBqytjB0CAwEAAaM2MDQwHQYDVR0OBBYEFINVdy1eIfFJDAkk51QJEo3IfgSu
+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4GBAGki1K6WgHHJ
+qC6aY2EowjaWOXLO6jUZIhGk7BA7vMRfNug429AOZ4m5F6OQhzmJmlw67Jyu2FeI
+h0VtBuQoHPtjqZXF59oX6hMMmGLMs9pV0UA3fJs5MYA4/V5ZcQy0Ie0QoJNejLzE
+6V1Qz1rRTYLUyEcpI7ZCmBg2KQQI8YZI
-----END CERTIFICATE-----
""")
@@ -105,18 +105,18 @@ r50+LF74iLXFwqysVCebPKMOpDWp/qQ1BbJQIPs7
"""))
client_cert_pem = b("""-----BEGIN CERTIFICATE-----
-MIICJjCCAY+gAwIBAgIJAKxpFI5lODkjMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UEBxMHQ2hpY2FnbzEQMA4GA1UEChMH
-VGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBSb290IENBMCIYDzIwMDkwMzI1MTIz
-ODA1WhgPMjAxNzA2MTExMjM4MDVaMBYxFDASBgNVBAMTC3VnbHkgY2xpZW50MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAZh/SRtNm5ntMT4qb6YzEpTroMlq2
-rn+GrRHRiZ+xkCw/CGNhbtPir7/QxaUj26BSmQrHw1bGKEbPsWiW7bdXSespl+xK
-iku4G/KvnnmWdeJHqsiXeUZtqurMELcPQAw9xPHEuhqqUJvvEoMTsnCEqGM+7Dtb
-oCRajYyHfluARQIDAQABozYwNDAdBgNVHQ4EFgQUNQB+qkaOaEVecf1J3TTUtAff
-0fAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAyv/Jh7gM
-Q3OHvmsFEEvRI+hsW8y66zK4K5de239Y44iZrFYkt7Q5nBPMEWDj4F2hLYWL/qtI
-9Zdr0U4UDCU9SmmGYh4o7R4TZ5pGFvBYvjhHbkSFYFQXZxKUi+WUxplP6I0wr2KJ
-PSTJCjJOn3xo2NTKRgV1gaoTf2EhL+RG8TQ=
+MIICIjCCAYugAwIBAgIJAKxpFI5lODkjMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJJTDEQMA4GA1UEBwwHQ2hpY2FnbzEQMA4GA1UECgwH
+VGVzdGluZzEYMBYGA1UEAwwPVGVzdGluZyBSb290IENBMB4XDTE3MDYxMjAwMDQx
+M1oXDTM3MDYwNzAwMDQxM1owFjEUMBIGA1UEAwwLdWdseSBjbGllbnQwgZ8wDQYJ
+KoZIhvcNAQEBBQADgY0AMIGJAoGBAMBmH9JG02bme0xPipvpjMSlOugyWrauf4at
+EdGJn7GQLD8IY2Fu0+Kvv9DFpSPboFKZCsfDVsYoRs+xaJbtt1dJ6ymX7EqKS7gb
+8q+eeZZ14keqyJd5Rm2q6swQtw9ADD3E8cS6GqpQm+8SgxOycISoYz7sO1ugJFqN
+jId+W4BFAgMBAAGjNjA0MB0GA1UdDgQWBBSDVXctXiHxSQwJJOdUCRKNyH4ErjAT
+BgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQUFAAOBgQAMqcHyweaCOZNN
+dWQQOsBKQlL5wqVVZwucHPWqobjxpULKy9gS2ha2zbgkXcB/BnBOSwe0Fm+MJV0T
+NbnTghcGJNpEH7VKn4xSLvIGZmnZZWgxeIB16z4GhpkK2fShBJ+6GKZjsgjT0lSH
+JRgjHbWutZfZvbSHXr9n7PIphG1Ojg==
-----END CERTIFICATE-----
""")
@@ -138,22 +138,22 @@ f6GGcfNpip0Uk7q7udTKuX7Q/buZi/C4YW7u3VKA
"""))
cleartextCertificatePEM = b("""-----BEGIN CERTIFICATE-----
-MIIC7TCCAlagAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE
+MIIC6TCCAlKgAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE
BhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdU
-ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwIhgPMjAwOTAzMjUxMjM2
-NThaGA8yMDE3MDYxMTEyMzY1OFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklM
-MRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9U
-ZXN0aW5nIFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPmaQumL
-urpE527uSEHdL1pqcDRmWzu+98Y6YHzT/J7KWEamyMCNZ6fRW1JCR782UQ8a07fy
-2xXsKy4WdKaxyG8CcatwmXvpvRQ44dSANMihHELpANTdyVp6DCysED6wkQFurHlF
-1dshEaJw8b/ypDhmbVIo6Ci1xvCJqivbLFnbAgMBAAGjgbswgbgwHQYDVR0OBBYE
-FINVdy1eIfFJDAkk51QJEo3IfgSuMIGIBgNVHSMEgYAwfoAUg1V3LV4h8UkMCSTn
-VAkSjch+BK6hXKRaMFgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UE
-BxMHQ2hpY2FnbzEQMA4GA1UEChMHVGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBS
-b290IENBggg9DMTgxt659DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
-AGGCDazMJGoWNBpc03u6+smc95dEead2KlZXBATOdFT1VesY3+nUOqZhEhTGlDMi
-hkgaZnzoIq/Uamidegk4hirsCT/R+6vsKAAxNTcBjUeZjlykCJWy5ojShGftXIKY
-w/njVbKMXrvc83qmTdGl3TAM0fxQIpqgcglFLveEBgzn
+ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwHhcNMTcwNjExMjIzMjU5
+WhcNMzcwNjA2MjIzMjU5WjBYMQswCQYDVQQGEwJVUzELMAkGA1UECBMCSUwxEDAO
+BgNVBAcTB0NoaWNhZ28xEDAOBgNVBAoTB1Rlc3RpbmcxGDAWBgNVBAMTD1Rlc3Rp
+bmcgUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA+ZpC6Yu6ukTn
+bu5IQd0vWmpwNGZbO773xjpgfNP8nspYRqbIwI1np9FbUkJHvzZRDxrTt/LbFewr
+LhZ0prHIbwJxq3CZe+m9FDjh1IA0yKEcQukA1N3JWnoMLKwQPrCRAW6seUXV2yER
+onDxv/KkOGZtUijoKLXG8ImqK9ssWdsCAwEAAaOBuzCBuDAdBgNVHQ4EFgQUg1V3
+LV4h8UkMCSTnVAkSjch+BK4wgYgGA1UdIwSBgDB+gBSDVXctXiHxSQwJJOdUCRKN
+yH4ErqFcpFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdD
+aGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3Qg
+Q0GCCD0MxODG3rn0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEANFYQ
+R+T70VcZ+SnvURnwviFgCXeedBzCr21meo+DNHbkp2gudB9W8Xrned/wtUBVymy9
+gjB5jINfU7Lci0H57Evsw96UJJVfhXdUMHpqt1RGCoEd9FWnrDyrSy0NysnBT2bH
+lEqxh3aFEUx9IOQ4sgnx1/NOFXBpkRtivl6O0Ec=
-----END CERTIFICATE-----
""")
@@ -309,7 +309,7 @@ class X509ExtTests(TestCase):
"""
# Basic setup stuff to generate a certificate
self.pkey = PKey()
- self.pkey.generate_key(TYPE_RSA, 384)
+ self.pkey.generate_key(TYPE_RSA, 2048)
self.req = X509Req()
self.req.set_pubkey(self.pkey)
# Authority good you have.
@@ -608,7 +608,7 @@ class PKeyTests(TestCase):
L{PKeyType.generate_key} generates an RSA key when passed
L{TYPE_RSA} as a type and a reasonable number of bits.
"""
- bits = 128
+ bits = 2048
key = PKey()
key.generate_key(TYPE_RSA, bits)
self.assertEqual(key.type(), TYPE_RSA)
@@ -624,7 +624,7 @@ class PKeyTests(TestCase):
# 512 is a magic number. The DSS (Digital Signature Standard)
# allows a minimum of 512 bits for DSA. DSA_generate_parameters
# will silently promote any value below 512 to 512.
- bits = 512
+ bits = 1024
key = PKey()
key.generate_key(TYPE_DSA, bits)
self.assertEqual(key.type(), TYPE_DSA)
@@ -638,7 +638,7 @@ class PKeyTests(TestCase):
key to generate new keys.
"""
key = PKey()
- for type, bits in [(TYPE_RSA, 512), (TYPE_DSA, 576)]:
+ for type, bits in [(TYPE_RSA, 2048), (TYPE_DSA, 1024)]:
key.generate_key(type, bits)
self.assertEqual(key.type(), type)
self.assertEqual(key.bits(), bits)
@@ -869,7 +869,7 @@ class X509NameTests(TestCase):
self.assertEqual(
a.der(),
b('0\x1b1\x0b0\t\x06\x03U\x04\x06\x13\x02US'
- '1\x0c0\n\x06\x03U\x04\x03\x13\x03foo'))
+ '1\x0c0\n\x06\x03U\x04\x03\x0c\x03foo'))
def test_get_components(self):
@@ -926,7 +926,7 @@ class _PKeyInteractionTestsMixin:
"""
request = self.signable()
key = PKey()
- key.generate_key(TYPE_RSA, 512)
+ key.generate_key(TYPE_RSA, 2048)
request.set_pubkey(key)
pub = request.get_pubkey()
self.assertRaises(ValueError, request.sign, pub, 'MD5')
@@ -939,7 +939,7 @@ class _PKeyInteractionTestsMixin:
"""
request = self.signable()
key = PKey()
- key.generate_key(TYPE_RSA, 512)
+ key.generate_key(TYPE_RSA, 2048)
self.assertRaises(ValueError, request.sign, key, "monkeys")
@@ -950,16 +950,16 @@ class _PKeyInteractionTestsMixin:
"""
request = self.signable()
key = PKey()
- key.generate_key(TYPE_RSA, 512)
+ key.generate_key(TYPE_RSA, 2048)
request.set_pubkey(key)
- request.sign(key, 'MD5')
+ request.sign(key, 'SHA256')
# If the type has a verify method, cover that too.
if getattr(request, 'verify', None) is not None:
pub = request.get_pubkey()
self.assertTrue(request.verify(pub))
# Make another key that won't verify.
key = PKey()
- key.generate_key(TYPE_RSA, 512)
+ key.generate_key(TYPE_RSA, 2048)
self.assertRaises(Error, request.verify, key)
@@ -1257,7 +1257,7 @@ WpOdIpB8KksUTCzV591Nr1wd
internally.
"""
cert = load_certificate(FILETYPE_PEM, self.pemData)
- self.assertEqual(cert.get_notBefore(), b("20090325123658Z"))
+ self.assertEqual(cert.get_notBefore(), b("20170611223259Z"))
def test_get_notAfter(self):
@@ -1267,7 +1267,7 @@ WpOdIpB8KksUTCzV591Nr1wd
internally.
"""
cert = load_certificate(FILETYPE_PEM, self.pemData)
- self.assertEqual(cert.get_notAfter(), b("20170611123658Z"))
+ self.assertEqual(cert.get_notAfter(), b("20370606223259Z"))
def test_gmtime_adj_notBefore_wrong_args(self):
@@ -1348,10 +1348,10 @@ WpOdIpB8KksUTCzV591Nr1wd
L{X509.digest} returns a string giving ":"-separated hex-encoded words
of the digest of the certificate.
"""
- cert = X509()
+ cert = load_certificate(FILETYPE_PEM, self.pemData)
self.assertEqual(
- cert.digest("md5"),
- b("A8:EB:07:F8:53:25:0A:F2:56:05:C5:A5:C4:C4:C7:15"))
+ cert.digest("SHA256"),
+ b('65:D6:61:2C:C2:2D:5F:A6:08:76:9A:03:01:B3:71:FF:FD:48:9B:A3:F2:19:B3:84:CF:3F:D0:9E:57:39:6A:7E'))
def _extcert(self, pkey, extensions):
@@ -1364,6 +1364,7 @@ WpOdIpB8KksUTCzV591Nr1wd
cert.set_notAfter(when)
cert.add_extensions(extensions)
+ cert.sign(pkey, 'SHA256')
return load_certificate(
FILETYPE_PEM, dump_certificate(FILETYPE_PEM, cert))
@@ -2109,7 +2110,7 @@ class FunctionTests(TestCase):
cipher name.
"""
key = PKey()
- key.generate_key(TYPE_RSA, 512)
+ key.generate_key(TYPE_RSA, 2048)
self.assertRaises(
ValueError, dump_privatekey,
FILETYPE_PEM, key, "zippers", "passphrase")
@@ -2121,7 +2122,7 @@ class FunctionTests(TestCase):
is neither a C{str} nor a callable.
"""
key = PKey()
- key.generate_key(TYPE_RSA, 512)
+ key.generate_key(TYPE_RSA, 2048)
self.assertRaises(
TypeError,
dump_privatekey, FILETYPE_PEM, key, "blowfish", object())
@@ -2133,7 +2134,7 @@ class FunctionTests(TestCase):
filetype.
"""
key = PKey()
- key.generate_key(TYPE_RSA, 512)
+ key.generate_key(TYPE_RSA, 2048)
self.assertRaises(ValueError, dump_privatekey, 100, key)
@@ -2580,6 +2581,8 @@ class CRLTests(TestCase):
"""
crl = CRL()
revoked = Revoked()
+ revoked.set_serial(b"01")
+ revoked.set_rev_date(b"20160310020145Z")
crl.add_revoked(revoked=revoked)
self.assertTrue(isinstance(crl.get_revoked()[0], Revoked))
diff -up pyOpenSSL-0.13.1/OpenSSL/test/test_ssl.py.test-failure pyOpenSSL-0.13.1/OpenSSL/test/test_ssl.py
--- pyOpenSSL-0.13.1/OpenSSL/test/test_ssl.py.test-failure 2011-08-15 00:06:11.000000000 +0200
+++ pyOpenSSL-0.13.1/OpenSSL/test/test_ssl.py 2018-05-04 18:53:26.670109705 +0200
@@ -282,7 +282,7 @@ class ContextTests(TestCase, _LoopbackMi
try:
Context(SSLv2_METHOD)
- except ValueError:
+ except (ValueError, Error):
# Some versions of OpenSSL have SSLv2, some don't.
# Difficult to say in advance.
pass
@@ -645,7 +645,7 @@ class ContextTests(TestCase, _LoopbackMi
self.assertRaises(TypeError, context.load_verify_locations, None, None, None)
- if platform == "win32":
+ if True:
"set_default_verify_paths appears not to work on Windows. "
"See LP#404343 and LP#404344."
else:
@@ -869,9 +869,9 @@ class ContextTests(TestCase, _LoopbackMi
connections created with the context object will be able to choose from.
"""
context = Context(TLSv1_METHOD)
- context.set_cipher_list("hello world:EXP-RC4-MD5")
+ context.set_cipher_list("hello world:AES128-SHA256")
conn = Connection(context, None)
- self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])
+ self.assertEquals(conn.get_cipher_list(), ["AES128-SHA256"])

33
SOURCES/pyOpenSSL-elinks.patch
Unescape View File

@ -0,0 +1,33 @@ @@ -0,0 +1,33 @@
diff -Nur pyOpenSSL-0.5.1.orig/doc/tools/mkhowto pyOpenSSL-0.5.1/doc/tools/mkhowto
--- pyOpenSSL-0.5.1.orig/doc/tools/mkhowto 2001-07-30 13:31:48.000000000 +0200
+++ pyOpenSSL-0.5.1/doc/tools/mkhowto 2003-08-08 16:46:10.000000000 +0200
@@ -56,7 +56,7 @@
DVIPS_BINARY = "dvips"
LATEX_BINARY = "latex"
LATEX2HTML_BINARY = "latex2html"
-LYNX_BINARY = "lynx"
+LYNX_BINARY = "elinks"
MAKEINDEX_BINARY = "makeindex"
PDFLATEX_BINARY = "pdflatex"
PERL_BINARY = "perl"
@@ -397,7 +397,7 @@
if tempdir is None:
tempdir = self.doc
indexfile = os.path.join(tempdir, "index.html")
- self.run("%s -nolist -dump %s >%s.txt"
+ self.run("%s -dump %s >%s.txt"
% (LYNX_BINARY, indexfile, self.doc))
def require_temps(self, binary=None):
diff -Nur pyOpenSSL-0.5.1.orig/setup.cfg pyOpenSSL-0.5.1/setup.cfg
--- pyOpenSSL-0.5.1.orig/setup.cfg 2002-09-10 00:05:21.000000000 +0200
+++ pyOpenSSL-0.5.1/setup.cfg 2003-08-08 16:48:34.000000000 +0200
@@ -4,7 +4,7 @@
# bdist_rpm settings contributed by Mihai Ibanescu <misa@redhat.com>
[bdist_rpm]
release = 1
-build-requires = lynx openssl-devel python-devel perl tetex-dvips tetex-latex
+build-requires = elinks openssl-devel python-devel perl tetex-dvips tetex-latex
group = Development/Libraries
build_script = rpm/build_script
doc-files = doc/pyOpenSSL.txt doc/pyOpenSSL.ps doc/html

46
SOURCES/pyOpenSSL-nopdfout.patch
Unescape View File

@ -0,0 +1,46 @@ @@ -0,0 +1,46 @@
--- pyOpenSSL-0.6/doc/tools/texinputs/howto.cls.nopdfout 2001-07-16 07:53:03.000000000 -0400
+++ pyOpenSSL-0.6/doc/tools/texinputs/howto.cls 2005-03-14 20:22:34.745230000 -0500
@@ -54,10 +54,16 @@
% changes \\ to ', ' (comma-space), making it pass muster for
% generating document info in the PDF file.
\def\\{, }
- \pdfinfo{
- /Author (\@author)
- /Title (\@title)
- }
+ \ifx\pdfoutput\relax
+ \else
+ \ifcase\pdfoutput
+ \else
+ \pdfinfo{
+ /Author (\@author)
+ /Title (\@title)
+ }
+ \fi
+ \fi
}}
\begin{flushright}
{\rm\Huge\py@HeaderFamily \@title} \par
--- pyOpenSSL-0.6/doc/tools/texinputs/manual.cls.nopdfout 2005-03-14 09:32:50.000000000 -0500
+++ pyOpenSSL-0.6/doc/tools/texinputs/manual.cls 2005-03-14 09:34:20.000000000 -0500
@@ -69,10 +69,16 @@
% changes \\ to ', ' (comma-space), making it pass muster for
% generating document info in the PDF file.
\def\\{, }
- \pdfinfo{
- /Author (\@author)
- /Title (\@title)
- }
+ \ifx\pdfoutput\relax
+ \else
+ \ifcase\pdfoutput
+ \else
+ \pdfinfo{%
+ /Author (\@author)
+ /Title (\@title)
+ }
+ \fi
+ \fi
}}
\begin{flushright}%
{\rm\Huge\py@HeaderFamily \@title \par}%

343
SPECS/pyOpenSSL.spec
Unescape View File

@ -0,0 +1,343 @@ @@ -0,0 +1,343 @@
%if 0%{?fedora} > 12
%global with_python3 1
%endif

Summary: Python wrapper module around the OpenSSL library
Name: pyOpenSSL
Version: 0.13.1
Release: 4%{?dist}
Source0: http://pypi.python.org/packages/source/p/pyOpenSSL/pyOpenSSL-%{version}.tar.gz

# Fedora specific patches

Patch2: pyOpenSSL-elinks.patch
Patch3: pyOpenSSL-nopdfout.patch

Patch10: pyOpenSSL-0.13-check-error.patch
Patch11: pyOpenSSL-0.13.1-test-failure.patch
Patch12: pyOpenSSL-0.13.1-exception.patch
Patch13: pyOpenSSL-0.13.1-digest.patch

License: ASL 2.0
Group: Development/Libraries
Url: http://pyopenssl.sourceforge.net/

BuildRequires: elinks
BuildRequires: openssl-devel
BuildRequires: tetex-dvips
BuildRequires: tetex-latex
BuildRequires: latex2html

BuildRequires: python2-devel
%if 0%{?with_python3}
BuildRequires: python3-devel
%endif

%description
High-level wrapper around a subset of the OpenSSL library, includes among others
* SSL.Connection objects, wrapping the methods of Python's portable
sockets
* Callbacks written in Python
* Extensive error-handling mechanism, mirroring OpenSSL's error codes

%if 0%{?with_python3}
%package -n python3-pyOpenSSL
Summary: Python wrapper module around the OpenSSL library

%description -n python3-pyOpenSSL
High-level wrapper around a subset of the OpenSSL library, includes among others
* SSL.Connection objects, wrapping the methods of Python's portable
sockets
* Callbacks written in Python
* Extensive error-handling mechanism, mirroring OpenSSL's error codes
%endif

%package doc
Summary: Documentation for pyOpenSSL
BuildArch: noarch

%description doc
Documentation for pyOpenSSL

# we don't want to provide private python extension libs
%{?filter_setup:
%filter_provides_in %{python_sitearch}/.*\.so$
%if 0%{?with_python3}
%filter_provides_in %{python3_sitearch}/.*\.so$
%endif
%filter_requires_in %{_datadir}/doc/
%filter_setup
}

%prep
%setup -q -n pyOpenSSL-%{version}
%patch2 -p1 -b .elinks
%patch3 -p1 -b .nopdfout
%patch10 -p1 -b .error
%patch11 -p1 -b .test-failure
%patch12 -p1 -b .exception
%patch13 -p1 -b .digest

# Fix permissions for debuginfo package
%{__chmod} -x OpenSSL/ssl/connection.c

%build
%if 0%{?with_python3}
rm -rf %{py3dir}
cp -a . %{py3dir}
find %{py3dir} -name '*.py' | xargs sed -i '1s|^#!python|#!%{__python3}|'
%endif

find -name '*.py' | xargs sed -i '1s|^#!python|#!%{__python}|'

CFLAGS="%{optflags} -fno-strict-aliasing" %{__python} setup.py build

%if 0%{?with_python3}
pushd %{py3dir}
CFLAGS="%{optflags} -fno-strict-aliasing" %{__python3} setup.py build
popd
%endif

#%{__make} -C doc ps
#%{__make} -C doc text html

%install
%{__python} setup.py install --skip-build --root %{buildroot}

%if 0%{?with_python3}
pushd %{py3dir}
%{__python3} setup.py install --skip-build --root %{buildroot}
popd
%endif

%files
%{python_sitearch}/OpenSSL/
%{python_sitearch}/pyOpenSSL-*.egg-info

%if 0%{?with_python3}
%files -n python3-pyOpenSSL
%{python3_sitearch}/OpenSSL/
%{python3_sitearch}/pyOpenSSL-*.egg-info
%endif

%files doc
%doc README doc/pyOpenSSL.*

%changelog
* Fri May 4 2018 Tomáš Mráz <tmraz@redhat.com> - 0.13.1-4
- fix various testsuite failures
- fix exception propagation from private key passphrase callback (#1227505)
- add optional digest parameter to CRL.export method (#1523772)

* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.13.1-3
- Mass rebuild 2014-01-24

* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.13.1-2
- Mass rebuild 2013-12-27

* Thu Sep 5 2013 Tomáš Mráz <tmraz@redhat.com> - 0.13.1-1
- new upstream release fixing a security issue with string
formatting subjectAltName of a certificate

* Tue Aug 06 2013 Jeffrey C. Ollie <jeff@ocjtech.us> - 0.13-8
- Python 3 subpackage
- Split documentation off into noarch subpackage

* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.13-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

* Thu Apr 4 2013 Tomáš Mráz <tmraz@redhat.com> - 0.13-6
- Check for error returns which cause segfaults in FIPS mode
- Fix missing error check and leak found by gcc-with-cpychecker (#800086)

* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.13-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Fri Oct 12 2012 Petr Pisar <ppisar@redhat.com> - 0.13-4
- Do not scan documentation for dependencies (bug #865806)

* Mon Oct 08 2012 Dan Horák <dan[at]danny.cz> - 0.13-3
- rebuilt because ARM packages had wrong Requires autodetected

* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Wed Jun 20 2012 Tomas Mraz <tmraz@redhat.com> - 0.13-1
- New upstream release

* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.12-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Tue Jun 28 2011 Tomas Mraz <tmraz@redhat.com> - 0.12-1
- New upstream release

* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.10-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Tue Dec 7 2010 Toshio Kuratomi <toshio@fedoraproject.org> - 0.10-2
- Fix incompatibility with python-2.7's socket module.

* Mon Oct 4 2010 Tomas Mraz <tmraz@redhat.com> - 0.10-1
- Merge-review cleanup by Parag Nemade (#226335)
- New upstream release

* Wed Jul 21 2010 David Malcolm <dmalcolm@redhat.com> - 0.9-2
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild

* Tue Sep 29 2009 Matěj Cepl <mcepl@redhat.com> - 0.9-1
- New upstream release
- Fix BuildRequires to make Postscript documentation buildable

* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 0.7-7
- rebuilt with new openssl

* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

* Thu Jan 15 2009 Dennis Gilmore <dennis@ausil.us> - 0.7-4
- rebuild against now openssl

* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 0.7-3
- Rebuild for Python 2.6

* Fri Sep 19 2008 Dennis Gilmore <dennis@ausil.us> - 0.7-2
- update threadsafe patch
- bug#462807

* Mon Sep 15 2008 Paul F. Johnson <paul@all-the-johnsons.co.uk> 0.7-1
- bump to new release
- the inevitable patch fixes


* Wed Mar 26 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0.6-4
- fix horrific release tag
- fix license tag
- add egg-info

* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 0.6-3.p24.9
- Autorebuild for GCC 4.3

* Wed Dec 5 2007 Jeremy Katz <katzj@redhat.com> - 0.6-2.p24.9
- rebuild for new openssl

* Mon Dec 11 2006 Paul Howarth <paul@city-fan.org> - 0.6-1.p24.9
- add missing buildreq latex2html, needed to build HTML docs
- rewrite to be more in line with Fedora python spec template and use
%%{python_sitearch} rather than a script-generated %%files list
- package is not relocatable - drop Prefix: tag
- buildreq perl not necessary
- fix permissions for files going into debuginfo package

* Thu Dec 7 2006 Jeremy Katz <katzj@redhat.com> - 0.6-1.p24.8
- rebuild for python 2.5

* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.6-1.p24.7.2.2
- rebuild

* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.6-1.p24.7.2.1
- bump again for double-long bug on ppc(64)

* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.6-1.p24.7.2
- rebuilt for new gcc4.1 snapshot and glibc changes

* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt

* Wed Nov 9 2005 Mihai Ibanescu <misa@redhat.com> - 0.6-1.p24.7
- rebuilt against newer openssl

* Wed Aug 24 2005 Jeremy Katz <katzj@redhat.com> - 0.6-1.p24.6
- add dcbw's patch to fix some threading problems

* Wed Aug 03 2005 Karsten Hopp <karsten@redhat.de> 0.6-1.p24.5
- current rpm creates .pyo files, include them in filelist

* Thu Mar 17 2005 Mihai Ibanescu <misa@redhat.com> 0.6-1.p24.4
- rebuilt

* Mon Mar 14 2005 Mihai Ibanescu <misa@redhat.com> 0.6-1.p24.3
- rebuilt

* Mon Mar 7 2005 Tomas Mraz <tmraz@redhat.com> 0.6-1.p23.2
- rebuild with openssl-0.9.7e

* Tue Nov 9 2004 Nalin Dahyabhai <nalin@redhat.com> 0.6-1.p23.1
- rebuild

* Fri Aug 13 2004 Mihai Ibanescu <misa@redhat.com> 0.6-1
- 0.6 is out

* Tue Aug 10 2004 Mihai Ibanescu <misa@redhat.com> 0.6-0.90.rc1
- release candidate

* Thu Jun 24 2004 Mihai Ibanescu <misa@redhat.com> 0.5.1-24
- rebuilt

* Mon Jun 21 2004 Mihai Ibanescu <misa@redhat.com> 0.5.1-23
- rebuilt

* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Wed Nov 5 2003 Mihai Ibanescu <misa@redhat.com> 0.5.1-20
- rebuilt against python 2.3.2

* Fri Aug 8 2003 Mihai Ibanescu <misa@redhat.com> 0.5.1-12
- lynx no longer supported, using elinks instead (patch from
Michael Redinger <michael.redinger@uibk.ac.at>, bug #101947 )

* Wed Jun 4 2003 Elliot Lee <sopwith@redhat.com> 0.5.1-11
- Rebuilt

* Wed Jun 4 2003 Mihai Ibanescu <misa@redhat.com> 0.5.1-10.7.x
- Built on 7.x

* Mon Mar 3 2003 Mihai Ibanescu <misa@redhat.com> 0.5.1-9
- bug #73967: Added Requires: python

* Mon Feb 24 2003 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Fri Feb 21 2003 Mihai Ibanescu <misa@redhat.com> 0.5.1-7
- bug #84803: Added patch to expose more flags

* Fri Jan 31 2003 Mihai Ibanescu <misa@redhat.com> 0.5.1-5
- installing to %%{_libdir}

* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
- rebuilt

* Tue Jan 7 2003 Nalin Dahyabhai <nalin@redhat.com> 0.5.1-3
- rebuild

* Fri Jan 3 2003 Nalin Dahyabhai <nalin@redhat.com>
- Add -I and -L flags for finding Kerberos headers and libraries, in case
they're referenced

* Tue Dec 3 2002 Mihai Ibanescu <misa@redhat.com>
- Fix for bug 73967: site-packages/OpenSSL not owned by this package
- Adding hacks around the lack of latex2html on ia64

* Tue Sep 24 2002 Mihai Ibanescu <misa@redhat.com>
- 0.5.1

* Thu Aug 29 2002 Mihai Ibanescu <misa@redhat.com>
- Building 0.5.1rc1 with version number 0.5.0.91 (this should also fix the big
error of pushing 0.5pre previously, since it breaks rpm's version comparison
algorithm).
- We use %%{__python}. Too bad I can't pass --define's to distutils.

* Fri Aug 16 2002 Mihai Ibanescu <misa@redhat.com>
- Building 0.5

* Fri Jun 14 2002 Mihai Ibanescu <misa@redhat.com>
- Added documentation
Write Preview
Loading…
Cancel
Save