Browse Source

pyOpenSSL package update

Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>
master
basebuilder_pel7x64builder0 4 years ago
parent
commit
1392bbe852
  1. 77
      SOURCES/pyOpenSSL-0.13-check-error.patch
  2. 93
      SOURCES/pyOpenSSL-0.13.1-digest.patch
  3. 389
      SOURCES/pyOpenSSL-0.13.1-exception.patch
  4. 333
      SOURCES/pyOpenSSL-0.13.1-test-failure.patch
  5. 33
      SOURCES/pyOpenSSL-elinks.patch
  6. 46
      SOURCES/pyOpenSSL-nopdfout.patch
  7. 343
      SPECS/pyOpenSSL.spec

77
SOURCES/pyOpenSSL-0.13-check-error.patch

@ -0,0 +1,77 @@ @@ -0,0 +1,77 @@
diff -up pyOpenSSL-0.13/OpenSSL/crypto/crypto.c.error pyOpenSSL-0.13/OpenSSL/crypto/crypto.c
--- pyOpenSSL-0.13/OpenSSL/crypto/crypto.c.error 2011-09-02 17:46:13.000000000 +0200
+++ pyOpenSSL-0.13/OpenSSL/crypto/crypto.c 2013-04-04 14:25:17.405118204 +0200
@@ -45,12 +45,15 @@ global_passphrase_callback(char *buf, in
func = (PyObject *)cb_arg;
argv = Py_BuildValue("(i)", rwflag);
+ if (argv == NULL)
+ return 0;
ret = PyEval_CallObject(func, argv);
Py_DECREF(argv);
if (ret == NULL)
return 0;
if (!PyBytes_Check(ret))
{
+ Py_DECREF(ret);
PyErr_SetString(PyExc_ValueError, "String expected");
return 0;
}
@@ -58,6 +61,7 @@ global_passphrase_callback(char *buf, in
if (nchars > len)
nchars = len;
strncpy(buf, PyBytes_AsString(ret), nchars);
+ Py_DECREF(ret);
return nchars;
}
@@ -637,7 +641,10 @@ crypto_sign(PyObject *spam, PyObject *ar
return NULL;
}
- EVP_SignInit(&md_ctx, digest);
+ if (EVP_SignInit(&md_ctx, digest) <= 0) {
+ exception_from_error_queue(crypto_Error);
+ return NULL;
+ }
EVP_SignUpdate(&md_ctx, data, data_len);
sig_len = sizeof(sig_buf);
err = EVP_SignFinal(&md_ctx, sig_buf, &sig_len, pkey->pkey);
@@ -692,7 +699,11 @@ crypto_verify(PyObject *spam, PyObject *
return NULL;
}
- EVP_VerifyInit(&md_ctx, digest);
+ if (EVP_VerifyInit(&md_ctx, digest) <= 0) {
+ exception_from_error_queue(crypto_Error);
+ EVP_PKEY_free(pkey);
+ return NULL;
+ }
EVP_VerifyUpdate(&md_ctx, data, data_len);
err = EVP_VerifyFinal(&md_ctx, signature, sig_len, pkey);
EVP_PKEY_free(pkey);
diff -up pyOpenSSL-0.13/OpenSSL/crypto/x509.c.error pyOpenSSL-0.13/OpenSSL/crypto/x509.c
--- pyOpenSSL-0.13/OpenSSL/crypto/x509.c.error 2011-09-02 17:46:13.000000000 +0200
+++ pyOpenSSL-0.13/OpenSSL/crypto/x509.c 2013-04-04 14:02:34.932847551 +0200
@@ -656,6 +656,7 @@ crypto_X509_digest(crypto_X509Obj *self,
if (!X509_digest(self->x509,digest,fp,&len))
{
exception_from_error_queue(crypto_Error);
+ return NULL;
}
tmp = malloc(3*len+1);
memset(tmp, 0, 3*len+1);
diff -up pyOpenSSL-0.13/OpenSSL/ssl/context.c.error pyOpenSSL-0.13/OpenSSL/ssl/context.c
--- pyOpenSSL-0.13/OpenSSL/ssl/context.c.error 2011-09-02 17:46:13.000000000 +0200
+++ pyOpenSSL-0.13/OpenSSL/ssl/context.c 2013-04-04 14:02:34.932847551 +0200
@@ -1215,6 +1215,10 @@ ssl_Context_init(ssl_ContextObj *self, i
}
self->ctx = SSL_CTX_new(method);
+ if (self->ctx == NULL) {
+ exception_from_error_queue(ssl_Error);
+ return NULL;
+ }
Py_INCREF(Py_None);
self->passphrase_callback = Py_None;
Py_INCREF(Py_None);

93
SOURCES/pyOpenSSL-0.13.1-digest.patch

@ -0,0 +1,93 @@ @@ -0,0 +1,93 @@
diff -up pyOpenSSL-0.13.1/OpenSSL/crypto/crl.c.digest pyOpenSSL-0.13.1/OpenSSL/crypto/crl.c
--- pyOpenSSL-0.13.1/OpenSSL/crypto/crl.c.digest 2011-08-15 00:06:11.000000000 +0200
+++ pyOpenSSL-0.13.1/OpenSSL/crypto/crl.c 2018-05-04 18:57:37.708913903 +0200
@@ -2,7 +2,7 @@
#define crypto_MODULE
#include "crypto.h"
-
+#if OPENSSL_VERSION_NUMBER<0x10002000L
static X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) {
X509_REVOKED *dupe = NULL;
@@ -32,6 +32,7 @@ static X509_REVOKED * X509_REVOKED_dup(X
dupe->sequence = orig->sequence;
return dupe;
}
+#endif
static char crypto_CRL_get_revoked_doc[] = "\n\
Return revoked portion of the CRL structure (by value\n\
@@ -130,14 +131,24 @@ crypto_CRL_export(crypto_CRLObj *self, P
crypto_PKeyObj *key;
ASN1_TIME *tmptm;
crypto_X509Obj *x509;
- static char *kwlist[] = {"cert", "key", "type", "days", NULL};
+ const char *mdname = NULL;
+ const EVP_MD *md;
+ static char *kwlist[] = {"cert", "key", "type", "days", "digest", NULL};
- if (!PyArg_ParseTupleAndKeywords(args, keywds, "O!O!|ii:dump_crl", kwlist,
+ if (!PyArg_ParseTupleAndKeywords(args, keywds, "O!O!|iiz:dump_crl", kwlist,
&crypto_X509_Type, &x509,
- &crypto_PKey_Type, &key, &type, &days)) {
+ &crypto_PKey_Type, &key, &type, &days, &mdname)) {
+ return NULL;
+ }
+ if (mdname == NULL) {
+ mdname = "sha256";
+ }
+ if ((md = EVP_get_digestbyname(mdname)) == NULL) {
+ PyErr_SetString(
+ PyExc_ValueError,
+ "No such digest method");
return NULL;
}
-
bio = BIO_new(BIO_s_mem());
tmptm = ASN1_TIME_new();
if (!tmptm) {
@@ -149,7 +160,7 @@ crypto_CRL_export(crypto_CRLObj *self, P
X509_CRL_set_nextUpdate(self->crl, tmptm);
ASN1_TIME_free(tmptm);
X509_CRL_set_issuer_name(self->crl, X509_get_subject_name(x509->x509));
- X509_CRL_sign(self->crl, key->pkey, EVP_md5());
+ X509_CRL_sign(self->crl, key->pkey, md);
switch (type) {
case X509_FILETYPE_PEM:
ret = PEM_write_bio_X509_CRL(bio, self->crl);
diff -up pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py.digest pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py
--- pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py.digest 2018-05-04 18:57:37.707913880 +0200
+++ pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py 2018-05-04 18:55:09.360484497 +0200
@@ -2628,11 +2628,12 @@ class CRLTests(TestCase):
crl.add_revoked(revoked)
# PEM format
- dumped_crl = crl.export(self.cert, self.pkey, days=20)
+ dumped_crl = crl.export(self.cert, self.pkey, days=20, digest="sha1")
text = _runopenssl(dumped_crl, "crl", "-noout", "-text")
text.index(b('Serial Number: 03AB'))
text.index(b('Superseded'))
text.index(b('Issuer: /C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA'))
+ text.index(b('Signature Algorithm: sha1WithRSAEncryption'))
# DER format
dumped_crl = crl.export(self.cert, self.pkey, FILETYPE_ASN1)
@@ -2662,14 +2663,14 @@ class CRLTests(TestCase):
def test_export_wrong_args(self):
"""
Calling L{OpenSSL.CRL.export} with fewer than two or more than
- four arguments, or with arguments other than the certificate,
- private key, integer file type, and integer number of days it
+ five arguments, or with arguments other than the certificate,
+ private key, integer file type, integer number of days, and digest it
expects, results in a L{TypeError} being raised.
"""
crl = CRL()
self.assertRaises(TypeError, crl.export)
self.assertRaises(TypeError, crl.export, self.cert)
- self.assertRaises(TypeError, crl.export, self.cert, self.pkey, FILETYPE_PEM, 10, "foo")
+ self.assertRaises(TypeError, crl.export, self.cert, self.pkey, FILETYPE_PEM, 10, "foo", "boo")
self.assertRaises(TypeError, crl.export, None, self.pkey, FILETYPE_PEM, 10)
self.assertRaises(TypeError, crl.export, self.cert, None, FILETYPE_PEM, 10)

389
SOURCES/pyOpenSSL-0.13.1-exception.patch

@ -0,0 +1,389 @@ @@ -0,0 +1,389 @@
diff -up pyOpenSSL-0.13.1/OpenSSL/crypto/crypto.c.exception pyOpenSSL-0.13.1/OpenSSL/crypto/crypto.c
--- pyOpenSSL-0.13.1/OpenSSL/crypto/crypto.c.exception 2018-05-04 18:56:35.946486574 +0200
+++ pyOpenSSL-0.13.1/OpenSSL/crypto/crypto.c 2018-05-04 18:56:35.950486667 +0200
@@ -45,26 +45,72 @@ global_passphrase_callback(char *buf, in
func = (PyObject *)cb_arg;
argv = Py_BuildValue("(i)", rwflag);
- if (argv == NULL)
+ if (argv == NULL) {
return 0;
+ }
ret = PyEval_CallObject(func, argv);
Py_DECREF(argv);
- if (ret == NULL)
+ if (ret == NULL) {
return 0;
- if (!PyBytes_Check(ret))
- {
+ }
+ if (!PyBytes_Check(ret)) {
Py_DECREF(ret);
PyErr_SetString(PyExc_ValueError, "String expected");
return 0;
}
nchars = PyBytes_Size(ret);
- if (nchars > len)
- nchars = len;
+ if (nchars > len) {
+ Py_DECREF(ret);
+ PyErr_SetString(PyExc_ValueError,
+ "passphrase returned by callback is too long");
+ return 0;
+ }
strncpy(buf, PyBytes_AsString(ret), nchars);
Py_DECREF(ret);
return nchars;
}
+static PyObject *
+raise_current_error(void)
+{
+ if (PyErr_Occurred()) {
+ /*
+ * The python exception from callback is more informative than
+ * OpenSSL's error.
+ */
+ flush_error_queue();
+ return NULL;
+ }
+ exception_from_error_queue(crypto_Error);
+ return NULL;
+}
+
+static int
+setup_callback(int type, PyObject *pw, pem_password_cb **cb, void **cb_arg) {
+ if (pw == NULL) {
+ *cb = NULL;
+ *cb_arg = NULL;
+ return 1;
+ }
+ if (type != X509_FILETYPE_PEM) {
+ PyErr_SetString(PyExc_ValueError,
+ "only FILETYPE_PEM key format supports encryption");
+ return 0;
+ }
+ if (PyBytes_Check(pw)) {
+ *cb = NULL;
+ *cb_arg = PyBytes_AsString(pw);
+ } else if (PyCallable_Check(pw)) {
+ *cb = global_passphrase_callback;
+ *cb_arg = pw;
+ } else {
+ PyErr_SetString(PyExc_TypeError,
+ "Last argument must be string or callable");
+ return 0;
+ }
+ return 1;
+}
+
static char crypto_load_privatekey_doc[] = "\n\
Load a private key from a buffer\n\
\n\
@@ -89,31 +135,20 @@ crypto_load_privatekey(PyObject *spam, P
BIO *bio;
EVP_PKEY *pkey;
- if (!PyArg_ParseTuple(args, "is#|O:load_privatekey", &type, &buffer, &len, &pw))
+ if (!PyArg_ParseTuple(args, "is#|O:load_privatekey",
+ &type, &buffer, &len, &pw)) {
+ return NULL;
+ }
+ if (!setup_callback(type, pw, &cb, &cb_arg)) {
return NULL;
-
- if (pw != NULL)
- {
- if (PyBytes_Check(pw))
- {
- cb = NULL;
- cb_arg = PyBytes_AsString(pw);
- }
- else if (PyCallable_Check(pw))
- {
- cb = global_passphrase_callback;
- cb_arg = pw;
- }
- else
- {
- PyErr_SetString(PyExc_TypeError, "Last argument must be string or callable");
- return NULL;
- }
}
bio = BIO_new_mem_buf(buffer, len);
- switch (type)
- {
+ if (bio == NULL) {
+ exception_from_error_queue(crypto_Error);
+ return NULL;
+ }
+ switch (type) {
case X509_FILETYPE_PEM:
pkey = PEM_read_bio_PrivateKey(bio, NULL, cb, cb_arg);
break;
@@ -129,10 +164,8 @@ crypto_load_privatekey(PyObject *spam, P
}
BIO_free(bio);
- if (pkey == NULL)
- {
- exception_from_error_queue(crypto_Error);
- return NULL;
+ if (pkey == NULL) {
+ return raise_current_error();
}
return (PyObject *)crypto_PKey_New(pkey, 1);
@@ -168,49 +201,32 @@ crypto_dump_privatekey(PyObject *spam, P
crypto_PKeyObj *pkey;
if (!PyArg_ParseTuple(args, "iO!|sO:dump_privatekey", &type,
- &crypto_PKey_Type, &pkey, &cipher_name, &pw))
+ &crypto_PKey_Type, &pkey, &cipher_name, &pw)) {
return NULL;
-
- if (cipher_name != NULL && pw == NULL)
- {
+ }
+ if (cipher_name != NULL && pw == NULL) {
PyErr_SetString(PyExc_ValueError, "Illegal number of arguments");
return NULL;
}
- if (cipher_name != NULL)
- {
+ if (cipher_name != NULL) {
cipher = EVP_get_cipherbyname(cipher_name);
- if (cipher == NULL)
- {
+ if (cipher == NULL) {
PyErr_SetString(PyExc_ValueError, "Invalid cipher name");
return NULL;
}
- if (PyBytes_Check(pw))
- {
- cb = NULL;
- cb_arg = PyBytes_AsString(pw);
- }
- else if (PyCallable_Check(pw))
- {
- cb = global_passphrase_callback;
- cb_arg = pw;
- }
- else
- {
- PyErr_SetString(PyExc_TypeError, "Last argument must be string or callable");
+ if (!setup_callback(type, pw, &cb, &cb_arg)) {
return NULL;
}
}
bio = BIO_new(BIO_s_mem());
- switch (type)
- {
+ if (bio == NULL) {
+ exception_from_error_queue(crypto_Error);
+ return NULL;
+ }
+ switch (type) {
case X509_FILETYPE_PEM:
ret = PEM_write_bio_PrivateKey(bio, pkey->pkey, cipher, NULL, 0, cb, cb_arg);
- if (PyErr_Occurred())
- {
- BIO_free(bio);
- return NULL;
- }
break;
case X509_FILETYPE_ASN1:
@@ -219,8 +235,12 @@ crypto_dump_privatekey(PyObject *spam, P
case X509_FILETYPE_TEXT:
rsa = EVP_PKEY_get1_RSA(pkey->pkey);
+ if (rsa == NULL) {
+ ret = 0;
+ break;
+ }
ret = RSA_print(bio, rsa, 0);
- RSA_free(rsa);
+ RSA_free(rsa);
break;
default:
@@ -229,11 +249,9 @@ crypto_dump_privatekey(PyObject *spam, P
return NULL;
}
- if (ret == 0)
- {
+ if (ret == 0) {
BIO_free(bio);
- exception_from_error_queue(crypto_Error);
- return NULL;
+ return raise_current_error();
}
buf_len = BIO_get_mem_data(bio, &temp);
@@ -513,8 +531,8 @@ crypto_load_pkcs7_data(PyObject *spam, P
if (!PyArg_ParseTuple(args, "is#:load_pkcs7_data", &type, &buffer, &len))
return NULL;
- /*
- * Try to read the pkcs7 data from the bio
+ /*
+ * Try to read the pkcs7 data from the bio
*/
bio = BIO_new_mem_buf(buffer, len);
switch (type)
diff -up pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py.exception pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py
--- pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py.exception 2018-05-04 18:56:35.948486620 +0200
+++ pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py 2018-05-04 18:57:16.363420609 +0200
@@ -7,7 +7,7 @@ Unit tests for L{OpenSSL.crypto}.
from unittest import main
-import os, re
+import os, re, sys
from subprocess import PIPE, Popen
from datetime import datetime, timedelta
@@ -2038,6 +2038,18 @@ class FunctionTests(TestCase):
load_privatekey, FILETYPE_PEM, encryptedPrivateKeyPEM, b("quack"))
+ def test_load_privatekey_passphraseWrongType(self):
+ """
+ :py:obj:`load_privatekey` raises :py:obj:`ValueError` when it is passed a passphrase
+ with a private key encoded in a format, that doesn't support
+ encryption.
+ """
+ key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
+ blob = dump_privatekey(FILETYPE_ASN1, key)
+ self.assertRaises(ValueError,
+ load_privatekey, FILETYPE_ASN1, blob, "secret")
+
+
def test_load_privatekey_passphrase(self):
"""
L{load_privatekey} can create a L{PKey} object from an encrypted PEM
@@ -2058,7 +2070,7 @@ class FunctionTests(TestCase):
called = []
def cb(*a):
called.append(None)
- return "quack"
+ return b("quack")
self.assertRaises(
Error,
load_privatekey, FILETYPE_PEM, encryptedPrivateKeyPEM, cb)
@@ -2083,25 +2095,36 @@ class FunctionTests(TestCase):
def test_load_privatekey_passphrase_exception(self):
"""
An exception raised by the passphrase callback passed to
- L{load_privatekey} causes L{OpenSSL.crypto.Error} to be raised.
-
- This isn't as nice as just letting the exception pass through. The
- behavior might be changed to that eventually.
+ L{load_privatekey} is propagated.
"""
def broken(ignored):
raise RuntimeError("This is not working.")
self.assertRaises(
- Error,
+ RuntimeError,
load_privatekey,
FILETYPE_PEM, encryptedPrivateKeyPEM, broken)
+ def test_load_privatekey_passphrase_wrong_return_type(self):
+ """
+ :py:obj:`load_privatekey` raises :py:obj:`ValueError` if the passphrase
+ callback returns something other than a byte string.
+ """
+ self.assertRaises(
+ ValueError,
+ load_privatekey,
+ FILETYPE_PEM, encryptedPrivateKeyPEM, lambda *args: 3)
+
+
def test_dump_privatekey_wrong_args(self):
"""
L{dump_privatekey} raises L{TypeError} if called with the wrong number
of arguments.
"""
self.assertRaises(TypeError, dump_privatekey)
+ # If cipher name is given, password is required.
+ self.assertRaises(
+ ValueError, dump_privatekey, FILETYPE_PEM, PKey(), "foo")
def test_dump_privatekey_unknown_cipher(self):
@@ -2138,6 +2161,18 @@ class FunctionTests(TestCase):
self.assertRaises(ValueError, dump_privatekey, 100, key)
+ def test_load_privatekey_passphraseCallbackLength(self):
+ """
+ :py:obj:`crypto.load_privatekey` should raise an error when the passphrase
+ provided by the callback is too long, not silently truncate it.
+ """
+ def cb(ignored):
+ return "a" * 1025
+
+ self.assertRaises(ValueError,
+ load_privatekey, FILETYPE_PEM, encryptedPrivateKeyPEM, cb)
+
+
def test_dump_privatekey_passphrase(self):
"""
L{dump_privatekey} writes an encrypted PEM when given a passphrase.
@@ -2152,6 +2187,17 @@ class FunctionTests(TestCase):
self.assertEqual(loadedKey.bits(), key.bits())
+ def test_dump_privatekey_passphraseWrongType(self):
+ """
+ :py:obj:`dump_privatekey` raises :py:obj:`ValueError` when it is passed a passphrase
+ with a private key encoded in a format, that doesn't support
+ encryption.
+ """
+ key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
+ self.assertRaises(ValueError,
+ dump_privatekey, FILETYPE_ASN1, key, "blowfish", "secret")
+
+
def test_dump_certificate(self):
"""
L{dump_certificate} writes PEM, DER, and text.
@@ -2230,6 +2276,32 @@ class FunctionTests(TestCase):
self.assertEqual(loadedKey.bits(), key.bits())
+ def test_dump_privatekey_passphrase_exception(self):
+ """
+ :py:obj:`dump_privatekey` should not overwrite the exception raised
+ by the passphrase callback.
+ """
+ def cb(ignored):
+ raise ArithmeticError
+
+ key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
+ self.assertRaises(ArithmeticError,
+ dump_privatekey, FILETYPE_PEM, key, "blowfish", cb)
+
+
+ def test_dump_privatekey_passphraseCallbackLength(self):
+ """
+ :py:obj:`crypto.dump_privatekey` should raise an error when the passphrase
+ provided by the callback is too long, not silently truncate it.
+ """
+ def cb(ignored):
+ return "a" * 1025
+
+ key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
+ self.assertRaises(ValueError,
+ dump_privatekey, FILETYPE_PEM, key, "blowfish", cb)
+
+
def test_load_pkcs7_data(self):
"""
L{load_pkcs7_data} accepts a PKCS#7 string and returns an instance of

333
SOURCES/pyOpenSSL-0.13.1-test-failure.patch

@ -0,0 +1,333 @@ @@ -0,0 +1,333 @@
diff -up pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py.test-failure pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py
--- pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py.test-failure 2013-08-23 21:48:24.000000000 +0200
+++ pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py 2018-05-04 18:55:55.508551705 +0200
@@ -35,22 +35,22 @@ def normalize_privatekey_pem(pem):
root_cert_pem = b("""-----BEGIN CERTIFICATE-----
-MIIC7TCCAlagAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE
+MIIC6TCCAlKgAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE
BhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdU
-ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwIhgPMjAwOTAzMjUxMjM2
-NThaGA8yMDE3MDYxMTEyMzY1OFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklM
-MRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9U
-ZXN0aW5nIFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPmaQumL
-urpE527uSEHdL1pqcDRmWzu+98Y6YHzT/J7KWEamyMCNZ6fRW1JCR782UQ8a07fy
-2xXsKy4WdKaxyG8CcatwmXvpvRQ44dSANMihHELpANTdyVp6DCysED6wkQFurHlF
-1dshEaJw8b/ypDhmbVIo6Ci1xvCJqivbLFnbAgMBAAGjgbswgbgwHQYDVR0OBBYE
-FINVdy1eIfFJDAkk51QJEo3IfgSuMIGIBgNVHSMEgYAwfoAUg1V3LV4h8UkMCSTn
-VAkSjch+BK6hXKRaMFgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UE
-BxMHQ2hpY2FnbzEQMA4GA1UEChMHVGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBS
-b290IENBggg9DMTgxt659DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
-AGGCDazMJGoWNBpc03u6+smc95dEead2KlZXBATOdFT1VesY3+nUOqZhEhTGlDMi
-hkgaZnzoIq/Uamidegk4hirsCT/R+6vsKAAxNTcBjUeZjlykCJWy5ojShGftXIKY
-w/njVbKMXrvc83qmTdGl3TAM0fxQIpqgcglFLveEBgzn
+ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwHhcNMTcwNjExMjIzMjU5
+WhcNMzcwNjA2MjIzMjU5WjBYMQswCQYDVQQGEwJVUzELMAkGA1UECBMCSUwxEDAO
+BgNVBAcTB0NoaWNhZ28xEDAOBgNVBAoTB1Rlc3RpbmcxGDAWBgNVBAMTD1Rlc3Rp
+bmcgUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA+ZpC6Yu6ukTn
+bu5IQd0vWmpwNGZbO773xjpgfNP8nspYRqbIwI1np9FbUkJHvzZRDxrTt/LbFewr
+LhZ0prHIbwJxq3CZe+m9FDjh1IA0yKEcQukA1N3JWnoMLKwQPrCRAW6seUXV2yER
+onDxv/KkOGZtUijoKLXG8ImqK9ssWdsCAwEAAaOBuzCBuDAdBgNVHQ4EFgQUg1V3
+LV4h8UkMCSTnVAkSjch+BK4wgYgGA1UdIwSBgDB+gBSDVXctXiHxSQwJJOdUCRKN
+yH4ErqFcpFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdD
+aGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3Qg
+Q0GCCD0MxODG3rn0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEANFYQ
+R+T70VcZ+SnvURnwviFgCXeedBzCr21meo+DNHbkp2gudB9W8Xrned/wtUBVymy9
+gjB5jINfU7Lci0H57Evsw96UJJVfhXdUMHpqt1RGCoEd9FWnrDyrSy0NysnBT2bH
+lEqxh3aFEUx9IOQ4sgnx1/NOFXBpkRtivl6O0Ec=
-----END CERTIFICATE-----
""")
@@ -72,18 +72,18 @@ cbvAhow217X9V0dVerEOKxnNYspXRrh36h7k4mQA
""")
server_cert_pem = b("""-----BEGIN CERTIFICATE-----
-MIICKDCCAZGgAwIBAgIJAJn/HpR21r/8MA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UEBxMHQ2hpY2FnbzEQMA4GA1UEChMH
-VGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBSb290IENBMCIYDzIwMDkwMzI1MTIz
-NzUzWhgPMjAxNzA2MTExMjM3NTNaMBgxFjAUBgNVBAMTDWxvdmVseSBzZXJ2ZXIw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL6m+G653V0tpBC/OKl22VxOi2Cv
-lK4TYu9LHSDP9uDVTe7V5D5Tl6qzFoRRx5pfmnkqT5B+W9byp2NU3FC5hLm5zSAr
-b45meUhjEJ/ifkZgbNUjHdBIGP9MAQUHZa5WKdkGIJvGAvs8UzUqlr4TBWQIB24+
-lJ+Ukk/CRgasrYwdAgMBAAGjNjA0MB0GA1UdDgQWBBS4kC7Ij0W1TZXZqXQFAM2e
-gKEG2DATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQBh30Li
-dJ+NlxIOx5343WqIBka3UbsOb2kxWrbkVCrvRapCMLCASO4FqiKWM+L0VDBprqIp
-2mgpFQ6FHpoIENGvJhdEKpptQ5i7KaGhnDNTfdy3x1+h852G99f1iyj0RmbuFcM8
-uzujnS8YXWvM7DM1Ilozk4MzPug8jzFp5uhKCQ==
+MIICJDCCAY2gAwIBAgIJAJn/HpR21r/8MA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJJTDEQMA4GA1UEBwwHQ2hpY2FnbzEQMA4GA1UECgwH
+VGVzdGluZzEYMBYGA1UEAwwPVGVzdGluZyBSb290IENBMB4XDTE3MDYxMjAwMTA1
+N1oXDTM3MDYwNzAwMTA1N1owGDEWMBQGA1UEAwwNbG92ZWx5IHNlcnZlcjCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvqb4brndXS2kEL84qXbZXE6LYK+UrhNi
+70sdIM/24NVN7tXkPlOXqrMWhFHHml+aeSpPkH5b1vKnY1TcULmEubnNICtvjmZ5
+SGMQn+J+RmBs1SMd0EgY/0wBBQdlrlYp2QYgm8YC+zxTNSqWvhMFZAgHbj6Un5SS
+T8JGBqytjB0CAwEAAaM2MDQwHQYDVR0OBBYEFINVdy1eIfFJDAkk51QJEo3IfgSu
+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4GBAGki1K6WgHHJ
+qC6aY2EowjaWOXLO6jUZIhGk7BA7vMRfNug429AOZ4m5F6OQhzmJmlw67Jyu2FeI
+h0VtBuQoHPtjqZXF59oX6hMMmGLMs9pV0UA3fJs5MYA4/V5ZcQy0Ie0QoJNejLzE
+6V1Qz1rRTYLUyEcpI7ZCmBg2KQQI8YZI
-----END CERTIFICATE-----
""")
@@ -105,18 +105,18 @@ r50+LF74iLXFwqysVCebPKMOpDWp/qQ1BbJQIPs7
"""))
client_cert_pem = b("""-----BEGIN CERTIFICATE-----
-MIICJjCCAY+gAwIBAgIJAKxpFI5lODkjMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UEBxMHQ2hpY2FnbzEQMA4GA1UEChMH
-VGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBSb290IENBMCIYDzIwMDkwMzI1MTIz
-ODA1WhgPMjAxNzA2MTExMjM4MDVaMBYxFDASBgNVBAMTC3VnbHkgY2xpZW50MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAZh/SRtNm5ntMT4qb6YzEpTroMlq2
-rn+GrRHRiZ+xkCw/CGNhbtPir7/QxaUj26BSmQrHw1bGKEbPsWiW7bdXSespl+xK
-iku4G/KvnnmWdeJHqsiXeUZtqurMELcPQAw9xPHEuhqqUJvvEoMTsnCEqGM+7Dtb
-oCRajYyHfluARQIDAQABozYwNDAdBgNVHQ4EFgQUNQB+qkaOaEVecf1J3TTUtAff
-0fAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAyv/Jh7gM
-Q3OHvmsFEEvRI+hsW8y66zK4K5de239Y44iZrFYkt7Q5nBPMEWDj4F2hLYWL/qtI
-9Zdr0U4UDCU9SmmGYh4o7R4TZ5pGFvBYvjhHbkSFYFQXZxKUi+WUxplP6I0wr2KJ
-PSTJCjJOn3xo2NTKRgV1gaoTf2EhL+RG8TQ=
+MIICIjCCAYugAwIBAgIJAKxpFI5lODkjMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJJTDEQMA4GA1UEBwwHQ2hpY2FnbzEQMA4GA1UECgwH
+VGVzdGluZzEYMBYGA1UEAwwPVGVzdGluZyBSb290IENBMB4XDTE3MDYxMjAwMDQx
+M1oXDTM3MDYwNzAwMDQxM1owFjEUMBIGA1UEAwwLdWdseSBjbGllbnQwgZ8wDQYJ
+KoZIhvcNAQEBBQADgY0AMIGJAoGBAMBmH9JG02bme0xPipvpjMSlOugyWrauf4at
+EdGJn7GQLD8IY2Fu0+Kvv9DFpSPboFKZCsfDVsYoRs+xaJbtt1dJ6ymX7EqKS7gb
+8q+eeZZ14keqyJd5Rm2q6swQtw9ADD3E8cS6GqpQm+8SgxOycISoYz7sO1ugJFqN
+jId+W4BFAgMBAAGjNjA0MB0GA1UdDgQWBBSDVXctXiHxSQwJJOdUCRKNyH4ErjAT
+BgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQUFAAOBgQAMqcHyweaCOZNN
+dWQQOsBKQlL5wqVVZwucHPWqobjxpULKy9gS2ha2zbgkXcB/BnBOSwe0Fm+MJV0T
+NbnTghcGJNpEH7VKn4xSLvIGZmnZZWgxeIB16z4GhpkK2fShBJ+6GKZjsgjT0lSH
+JRgjHbWutZfZvbSHXr9n7PIphG1Ojg==
-----END CERTIFICATE-----
""")
@@ -138,22 +138,22 @@ f6GGcfNpip0Uk7q7udTKuX7Q/buZi/C4YW7u3VKA
"""))
cleartextCertificatePEM = b("""-----BEGIN CERTIFICATE-----
-MIIC7TCCAlagAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE
+MIIC6TCCAlKgAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE
BhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdU
-ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwIhgPMjAwOTAzMjUxMjM2
-NThaGA8yMDE3MDYxMTEyMzY1OFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklM
-MRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9U
-ZXN0aW5nIFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPmaQumL
-urpE527uSEHdL1pqcDRmWzu+98Y6YHzT/J7KWEamyMCNZ6fRW1JCR782UQ8a07fy
-2xXsKy4WdKaxyG8CcatwmXvpvRQ44dSANMihHELpANTdyVp6DCysED6wkQFurHlF
-1dshEaJw8b/ypDhmbVIo6Ci1xvCJqivbLFnbAgMBAAGjgbswgbgwHQYDVR0OBBYE
-FINVdy1eIfFJDAkk51QJEo3IfgSuMIGIBgNVHSMEgYAwfoAUg1V3LV4h8UkMCSTn
-VAkSjch+BK6hXKRaMFgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UE
-BxMHQ2hpY2FnbzEQMA4GA1UEChMHVGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBS
-b290IENBggg9DMTgxt659DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
-AGGCDazMJGoWNBpc03u6+smc95dEead2KlZXBATOdFT1VesY3+nUOqZhEhTGlDMi
-hkgaZnzoIq/Uamidegk4hirsCT/R+6vsKAAxNTcBjUeZjlykCJWy5ojShGftXIKY
-w/njVbKMXrvc83qmTdGl3TAM0fxQIpqgcglFLveEBgzn
+ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwHhcNMTcwNjExMjIzMjU5
+WhcNMzcwNjA2MjIzMjU5WjBYMQswCQYDVQQGEwJVUzELMAkGA1UECBMCSUwxEDAO
+BgNVBAcTB0NoaWNhZ28xEDAOBgNVBAoTB1Rlc3RpbmcxGDAWBgNVBAMTD1Rlc3Rp
+bmcgUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA+ZpC6Yu6ukTn
+bu5IQd0vWmpwNGZbO773xjpgfNP8nspYRqbIwI1np9FbUkJHvzZRDxrTt/LbFewr
+LhZ0prHIbwJxq3CZe+m9FDjh1IA0yKEcQukA1N3JWnoMLKwQPrCRAW6seUXV2yER
+onDxv/KkOGZtUijoKLXG8ImqK9ssWdsCAwEAAaOBuzCBuDAdBgNVHQ4EFgQUg1V3
+LV4h8UkMCSTnVAkSjch+BK4wgYgGA1UdIwSBgDB+gBSDVXctXiHxSQwJJOdUCRKN
+yH4ErqFcpFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdD
+aGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3Qg
+Q0GCCD0MxODG3rn0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEANFYQ
+R+T70VcZ+SnvURnwviFgCXeedBzCr21meo+DNHbkp2gudB9W8Xrned/wtUBVymy9
+gjB5jINfU7Lci0H57Evsw96UJJVfhXdUMHpqt1RGCoEd9FWnrDyrSy0NysnBT2bH
+lEqxh3aFEUx9IOQ4sgnx1/NOFXBpkRtivl6O0Ec=
-----END CERTIFICATE-----
""")
@@ -309,7 +309,7 @@ class X509ExtTests(TestCase):
"""
# Basic setup stuff to generate a certificate
self.pkey = PKey()
- self.pkey.generate_key(TYPE_RSA, 384)
+ self.pkey.generate_key(TYPE_RSA, 2048)
self.req = X509Req()
self.req.set_pubkey(self.pkey)
# Authority good you have.
@@ -608,7 +608,7 @@ class PKeyTests(TestCase):
L{PKeyType.generate_key} generates an RSA key when passed
L{TYPE_RSA} as a type and a reasonable number of bits.
"""
- bits = 128
+ bits = 2048
key = PKey()
key.generate_key(TYPE_RSA, bits)
self.assertEqual(key.type(), TYPE_RSA)
@@ -624,7 +624,7 @@ class PKeyTests(TestCase):
# 512 is a magic number. The DSS (Digital Signature Standard)
# allows a minimum of 512 bits for DSA. DSA_generate_parameters
# will silently promote any value below 512 to 512.
- bits = 512
+ bits = 1024
key = PKey()
key.generate_key(TYPE_DSA, bits)
self.assertEqual(key.type(), TYPE_DSA)
@@ -638,7 +638,7 @@ class PKeyTests(TestCase):
key to generate new keys.
"""
key = PKey()
- for type, bits in [(TYPE_RSA, 512), (TYPE_DSA, 576)]:
+ for type, bits in [(TYPE_RSA, 2048), (TYPE_DSA, 1024)]:
key.generate_key(type, bits)
self.assertEqual(key.type(), type)
self.assertEqual(key.bits(), bits)
@@ -869,7 +869,7 @@ class X509NameTests(TestCase):
self.assertEqual(
a.der(),
b('0\x1b1\x0b0\t\x06\x03U\x04\x06\x13\x02US'
- '1\x0c0\n\x06\x03U\x04\x03\x13\x03foo'))
+ '1\x0c0\n\x06\x03U\x04\x03\x0c\x03foo'))
def test_get_components(self):
@@ -926,7 +926,7 @@ class _PKeyInteractionTestsMixin:
"""
request = self.signable()
key = PKey()
- key.generate_key(TYPE_RSA, 512)
+ key.generate_key(TYPE_RSA, 2048)
request.set_pubkey(key)
pub = request.get_pubkey()
self.assertRaises(ValueError, request.sign, pub, 'MD5')
@@ -939,7 +939,7 @@ class _PKeyInteractionTestsMixin:
"""
request = self.signable()
key = PKey()
- key.generate_key(TYPE_RSA, 512)
+ key.generate_key(TYPE_RSA, 2048)
self.assertRaises(ValueError, request.sign, key, "monkeys")
@@ -950,16 +950,16 @@ class _PKeyInteractionTestsMixin:
"""
request = self.signable()
key = PKey()
- key.generate_key(TYPE_RSA, 512)
+ key.generate_key(TYPE_RSA, 2048)
request.set_pubkey(key)
- request.sign(key, 'MD5')
+ request.sign(key, 'SHA256')
# If the type has a verify method, cover that too.
if getattr(request, 'verify', None) is not None:
pub = request.get_pubkey()
self.assertTrue(request.verify(pub))
# Make another key that won't verify.
key = PKey()
- key.generate_key(TYPE_RSA, 512)
+ key.generate_key(TYPE_RSA, 2048)
self.assertRaises(Error, request.verify, key)
@@ -1257,7 +1257,7 @@ WpOdIpB8KksUTCzV591Nr1wd
internally.
"""
cert = load_certificate(FILETYPE_PEM, self.pemData)
- self.assertEqual(cert.get_notBefore(), b("20090325123658Z"))
+ self.assertEqual(cert.get_notBefore(), b("20170611223259Z"))
def test_get_notAfter(self):
@@ -1267,7 +1267,7 @@ WpOdIpB8KksUTCzV591Nr1wd
internally.
"""
cert = load_certificate(FILETYPE_PEM, self.pemData)
- self.assertEqual(cert.get_notAfter(), b("20170611123658Z"))
+ self.assertEqual(cert.get_notAfter(), b("20370606223259Z"))
def test_gmtime_adj_notBefore_wrong_args(self):
@@ -1348,10 +1348,10 @@ WpOdIpB8KksUTCzV591Nr1wd
L{X509.digest} returns a string giving ":"-separated hex-encoded words
of the digest of the certificate.
"""
- cert = X509()
+ cert = load_certificate(FILETYPE_PEM, self.pemData)
self.assertEqual(
- cert.digest("md5"),
- b("A8:EB:07:F8:53:25:0A:F2:56:05:C5:A5:C4:C4:C7:15"))
+ cert.digest("SHA256"),
+ b('65:D6:61:2C:C2:2D:5F:A6:08:76:9A:03:01:B3:71:FF:FD:48:9B:A3:F2:19:B3:84:CF:3F:D0:9E:57:39:6A:7E'))
def _extcert(self, pkey, extensions):
@@ -1364,6 +1364,7 @@ WpOdIpB8KksUTCzV591Nr1wd
cert.set_notAfter(when)
cert.add_extensions(extensions)
+ cert.sign(pkey, 'SHA256')
return load_certificate(
FILETYPE_PEM, dump_certificate(FILETYPE_PEM, cert))
@@ -2109,7 +2110,7 @@ class FunctionTests(TestCase):
cipher name.
"""
key = PKey()
- key.generate_key(TYPE_RSA, 512)
+ key.generate_key(TYPE_RSA, 2048)
self.assertRaises(
ValueError, dump_privatekey,
FILETYPE_PEM, key, "zippers", "passphrase")
@@ -2121,7 +2122,7 @@ class FunctionTests(TestCase):
is neither a C{str} nor a callable.
"""
key = PKey()
- key.generate_key(TYPE_RSA, 512)
+ key.generate_key(TYPE_RSA, 2048)
self.assertRaises(
TypeError,
dump_privatekey, FILETYPE_PEM, key, "blowfish", object())
@@ -2133,7 +2134,7 @@ class FunctionTests(TestCase):
filetype.
"""
key = PKey()
- key.generate_key(TYPE_RSA, 512)
+ key.generate_key(TYPE_RSA, 2048)
self.assertRaises(ValueError, dump_privatekey, 100, key)
@@ -2580,6 +2581,8 @@ class CRLTests(TestCase):
"""
crl = CRL()
revoked = Revoked()
+ revoked.set_serial(b"01")
+ revoked.set_rev_date(b"20160310020145Z")
crl.add_revoked(revoked=revoked)
self.assertTrue(isinstance(crl.get_revoked()[0], Revoked))
diff -up pyOpenSSL-0.13.1/OpenSSL/test/test_ssl.py.test-failure pyOpenSSL-0.13.1/OpenSSL/test/test_ssl.py
--- pyOpenSSL-0.13.1/OpenSSL/test/test_ssl.py.test-failure 2011-08-15 00:06:11.000000000 +0200
+++ pyOpenSSL-0.13.1/OpenSSL/test/test_ssl.py 2018-05-04 18:53:26.670109705 +0200
@@ -282,7 +282,7 @@ class ContextTests(TestCase, _LoopbackMi
try:
Context(SSLv2_METHOD)
- except ValueError:
+ except (ValueError, Error):
# Some versions of OpenSSL have SSLv2, some don't.
# Difficult to say in advance.
pass
@@ -645,7 +645,7 @@ class ContextTests(TestCase, _LoopbackMi
self.assertRaises(TypeError, context.load_verify_locations, None, None, None)
- if platform == "win32":
+ if True:
"set_default_verify_paths appears not to work on Windows. "
"See LP#404343 and LP#404344."
else:
@@ -869,9 +869,9 @@ class ContextTests(TestCase, _LoopbackMi
connections created with the context object will be able to choose from.
"""
context = Context(TLSv1_METHOD)
- context.set_cipher_list("hello world:EXP-RC4-MD5")
+ context.set_cipher_list("hello world:AES128-SHA256")
conn = Connection(context, None)
- self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])
+ self.assertEquals(conn.get_cipher_list(), ["AES128-SHA256"])

33
SOURCES/pyOpenSSL-elinks.patch

@ -0,0 +1,33 @@ @@ -0,0 +1,33 @@
diff -Nur pyOpenSSL-0.5.1.orig/doc/tools/mkhowto pyOpenSSL-0.5.1/doc/tools/mkhowto
--- pyOpenSSL-0.5.1.orig/doc/tools/mkhowto 2001-07-30 13:31:48.000000000 +0200
+++ pyOpenSSL-0.5.1/doc/tools/mkhowto 2003-08-08 16:46:10.000000000 +0200
@@ -56,7 +56,7 @@
DVIPS_BINARY = "dvips"
LATEX_BINARY = "latex"
LATEX2HTML_BINARY = "latex2html"
-LYNX_BINARY = "lynx"
+LYNX_BINARY = "elinks"
MAKEINDEX_BINARY = "makeindex"
PDFLATEX_BINARY = "pdflatex"
PERL_BINARY = "perl"
@@ -397,7 +397,7 @@
if tempdir is None:
tempdir = self.doc
indexfile = os.path.join(tempdir, "index.html")
- self.run("%s -nolist -dump %s >%s.txt"
+ self.run("%s -dump %s >%s.txt"
% (LYNX_BINARY, indexfile, self.doc))
def require_temps(self, binary=None):
diff -Nur pyOpenSSL-0.5.1.orig/setup.cfg pyOpenSSL-0.5.1/setup.cfg
--- pyOpenSSL-0.5.1.orig/setup.cfg 2002-09-10 00:05:21.000000000 +0200
+++ pyOpenSSL-0.5.1/setup.cfg 2003-08-08 16:48:34.000000000 +0200
@@ -4,7 +4,7 @@
# bdist_rpm settings contributed by Mihai Ibanescu <misa@redhat.com>
[bdist_rpm]
release = 1
-build-requires = lynx openssl-devel python-devel perl tetex-dvips tetex-latex
+build-requires = elinks openssl-devel python-devel perl tetex-dvips tetex-latex
group = Development/Libraries
build_script = rpm/build_script
doc-files = doc/pyOpenSSL.txt doc/pyOpenSSL.ps doc/html

46
SOURCES/pyOpenSSL-nopdfout.patch

@ -0,0 +1,46 @@ @@ -0,0 +1,46 @@
--- pyOpenSSL-0.6/doc/tools/texinputs/howto.cls.nopdfout 2001-07-16 07:53:03.000000000 -0400
+++ pyOpenSSL-0.6/doc/tools/texinputs/howto.cls 2005-03-14 20:22:34.745230000 -0500
@@ -54,10 +54,16 @@
% changes \\ to ', ' (comma-space), making it pass muster for
% generating document info in the PDF file.
\def\\{, }
- \pdfinfo{
- /Author (\@author)
- /Title (\@title)
- }
+ \ifx\pdfoutput\relax
+ \else
+ \ifcase\pdfoutput
+ \else
+ \pdfinfo{
+ /Author (\@author)
+ /Title (\@title)
+ }
+ \fi
+ \fi
}}
\begin{flushright}
{\rm\Huge\py@HeaderFamily \@title} \par
--- pyOpenSSL-0.6/doc/tools/texinputs/manual.cls.nopdfout 2005-03-14 09:32:50.000000000 -0500
+++ pyOpenSSL-0.6/doc/tools/texinputs/manual.cls 2005-03-14 09:34:20.000000000 -0500
@@ -69,10 +69,16 @@
% changes \\ to ', ' (comma-space), making it pass muster for
% generating document info in the PDF file.
\def\\{, }
- \pdfinfo{
- /Author (\@author)
- /Title (\@title)
- }
+ \ifx\pdfoutput\relax
+ \else
+ \ifcase\pdfoutput
+ \else
+ \pdfinfo{%
+ /Author (\@author)
+ /Title (\@title)
+ }
+ \fi
+ \fi
}}
\begin{flushright}%
{\rm\Huge\py@HeaderFamily \@title \par}%

343
SPECS/pyOpenSSL.spec

@ -0,0 +1,343 @@ @@ -0,0 +1,343 @@
%if 0%{?fedora} > 12
%global with_python3 1
%endif

Summary: Python wrapper module around the OpenSSL library
Name: pyOpenSSL
Version: 0.13.1
Release: 4%{?dist}
Source0: http://pypi.python.org/packages/source/p/pyOpenSSL/pyOpenSSL-%{version}.tar.gz

# Fedora specific patches

Patch2: pyOpenSSL-elinks.patch
Patch3: pyOpenSSL-nopdfout.patch

Patch10: pyOpenSSL-0.13-check-error.patch
Patch11: pyOpenSSL-0.13.1-test-failure.patch
Patch12: pyOpenSSL-0.13.1-exception.patch
Patch13: pyOpenSSL-0.13.1-digest.patch

License: ASL 2.0
Group: Development/Libraries
Url: http://pyopenssl.sourceforge.net/

BuildRequires: elinks
BuildRequires: openssl-devel
BuildRequires: tetex-dvips
BuildRequires: tetex-latex
BuildRequires: latex2html

BuildRequires: python2-devel
%if 0%{?with_python3}
BuildRequires: python3-devel
%endif

%description
High-level wrapper around a subset of the OpenSSL library, includes among others
* SSL.Connection objects, wrapping the methods of Python's portable
sockets
* Callbacks written in Python
* Extensive error-handling mechanism, mirroring OpenSSL's error codes

%if 0%{?with_python3}
%package -n python3-pyOpenSSL
Summary: Python wrapper module around the OpenSSL library

%description -n python3-pyOpenSSL
High-level wrapper around a subset of the OpenSSL library, includes among others
* SSL.Connection objects, wrapping the methods of Python's portable
sockets
* Callbacks written in Python
* Extensive error-handling mechanism, mirroring OpenSSL's error codes
%endif

%package doc
Summary: Documentation for pyOpenSSL
BuildArch: noarch

%description doc
Documentation for pyOpenSSL

# we don't want to provide private python extension libs
%{?filter_setup:
%filter_provides_in %{python_sitearch}/.*\.so$
%if 0%{?with_python3}
%filter_provides_in %{python3_sitearch}/.*\.so$
%endif
%filter_requires_in %{_datadir}/doc/
%filter_setup
}

%prep
%setup -q -n pyOpenSSL-%{version}
%patch2 -p1 -b .elinks
%patch3 -p1 -b .nopdfout
%patch10 -p1 -b .error
%patch11 -p1 -b .test-failure
%patch12 -p1 -b .exception
%patch13 -p1 -b .digest

# Fix permissions for debuginfo package
%{__chmod} -x OpenSSL/ssl/connection.c

%build
%if 0%{?with_python3}
rm -rf %{py3dir}
cp -a . %{py3dir}
find %{py3dir} -name '*.py' | xargs sed -i '1s|^#!python|#!%{__python3}|'
%endif

find -name '*.py' | xargs sed -i '1s|^#!python|#!%{__python}|'

CFLAGS="%{optflags} -fno-strict-aliasing" %{__python} setup.py build

%if 0%{?with_python3}
pushd %{py3dir}
CFLAGS="%{optflags} -fno-strict-aliasing" %{__python3} setup.py build
popd
%endif

#%{__make} -C doc ps
#%{__make} -C doc text html

%install
%{__python} setup.py install --skip-build --root %{buildroot}

%if 0%{?with_python3}
pushd %{py3dir}
%{__python3} setup.py install --skip-build --root %{buildroot}
popd
%endif

%files
%{python_sitearch}/OpenSSL/
%{python_sitearch}/pyOpenSSL-*.egg-info

%if 0%{?with_python3}
%files -n python3-pyOpenSSL
%{python3_sitearch}/OpenSSL/
%{python3_sitearch}/pyOpenSSL-*.egg-info
%endif

%files doc
%doc README doc/pyOpenSSL.*

%changelog
* Fri May 4 2018 Tomáš Mráz <tmraz@redhat.com> - 0.13.1-4
- fix various testsuite failures
- fix exception propagation from private key passphrase callback (#1227505)
- add optional digest parameter to CRL.export method (#1523772)

* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.13.1-3
- Mass rebuild 2014-01-24

* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.13.1-2
- Mass rebuild 2013-12-27

* Thu Sep 5 2013 Tomáš Mráz <tmraz@redhat.com> - 0.13.1-1
- new upstream release fixing a security issue with string
formatting subjectAltName of a certificate

* Tue Aug 06 2013 Jeffrey C. Ollie <jeff@ocjtech.us> - 0.13-8
- Python 3 subpackage
- Split documentation off into noarch subpackage

* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.13-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

* Thu Apr 4 2013 Tomáš Mráz <tmraz@redhat.com> - 0.13-6
- Check for error returns which cause segfaults in FIPS mode
- Fix missing error check and leak found by gcc-with-cpychecker (#800086)

* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.13-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Fri Oct 12 2012 Petr Pisar <ppisar@redhat.com> - 0.13-4
- Do not scan documentation for dependencies (bug #865806)

* Mon Oct 08 2012 Dan Horák <dan[at]danny.cz> - 0.13-3
- rebuilt because ARM packages had wrong Requires autodetected

* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Wed Jun 20 2012 Tomas Mraz <tmraz@redhat.com> - 0.13-1
- New upstream release

* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.12-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Tue Jun 28 2011 Tomas Mraz <tmraz@redhat.com> - 0.12-1
- New upstream release

* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.10-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Tue Dec 7 2010 Toshio Kuratomi <toshio@fedoraproject.org> - 0.10-2
- Fix incompatibility with python-2.7's socket module.

* Mon Oct 4 2010 Tomas Mraz <tmraz@redhat.com> - 0.10-1
- Merge-review cleanup by Parag Nemade (#226335)
- New upstream release

* Wed Jul 21 2010 David Malcolm <dmalcolm@redhat.com> - 0.9-2
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild

* Tue Sep 29 2009 Matěj Cepl <mcepl@redhat.com> - 0.9-1
- New upstream release
- Fix BuildRequires to make Postscript documentation buildable

* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 0.7-7
- rebuilt with new openssl

* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

* Thu Jan 15 2009 Dennis Gilmore <dennis@ausil.us> - 0.7-4
- rebuild against now openssl

* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 0.7-3
- Rebuild for Python 2.6

* Fri Sep 19 2008 Dennis Gilmore <dennis@ausil.us> - 0.7-2
- update threadsafe patch
- bug#462807

* Mon Sep 15 2008 Paul F. Johnson <paul@all-the-johnsons.co.uk> 0.7-1
- bump to new release
- the inevitable patch fixes


* Wed Mar 26 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0.6-4
- fix horrific release tag
- fix license tag
- add egg-info

* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 0.6-3.p24.9
- Autorebuild for GCC 4.3

* Wed Dec 5 2007 Jeremy Katz <katzj@redhat.com> - 0.6-2.p24.9
- rebuild for new openssl

* Mon Dec 11 2006 Paul Howarth <paul@city-fan.org> - 0.6-1.p24.9
- add missing buildreq latex2html, needed to build HTML docs
- rewrite to be more in line with Fedora python spec template and use
%%{python_sitearch} rather than a script-generated %%files list
- package is not relocatable - drop Prefix: tag
- buildreq perl not necessary
- fix permissions for files going into debuginfo package

* Thu Dec 7 2006 Jeremy Katz <katzj@redhat.com> - 0.6-1.p24.8
- rebuild for python 2.5

* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.6-1.p24.7.2.2
- rebuild

* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.6-1.p24.7.2.1
- bump again for double-long bug on ppc(64)

* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.6-1.p24.7.2
- rebuilt for new gcc4.1 snapshot and glibc changes

* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt

* Wed Nov 9 2005 Mihai Ibanescu <misa@redhat.com> - 0.6-1.p24.7
- rebuilt against newer openssl

* Wed Aug 24 2005 Jeremy Katz <katzj@redhat.com> - 0.6-1.p24.6
- add dcbw's patch to fix some threading problems

* Wed Aug 03 2005 Karsten Hopp <karsten@redhat.de> 0.6-1.p24.5
- current rpm creates .pyo files, include them in filelist

* Thu Mar 17 2005 Mihai Ibanescu <misa@redhat.com> 0.6-1.p24.4
- rebuilt

* Mon Mar 14 2005 Mihai Ibanescu <misa@redhat.com> 0.6-1.p24.3
- rebuilt

* Mon Mar 7 2005 Tomas Mraz <tmraz@redhat.com> 0.6-1.p23.2
- rebuild with openssl-0.9.7e

* Tue Nov 9 2004 Nalin Dahyabhai <nalin@redhat.com> 0.6-1.p23.1
- rebuild

* Fri Aug 13 2004 Mihai Ibanescu <misa@redhat.com> 0.6-1
- 0.6 is out

* Tue Aug 10 2004 Mihai Ibanescu <misa@redhat.com> 0.6-0.90.rc1
- release candidate

* Thu Jun 24 2004 Mihai Ibanescu <misa@redhat.com> 0.5.1-24
- rebuilt

* Mon Jun 21 2004 Mihai Ibanescu <misa@redhat.com> 0.5.1-23
- rebuilt

* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Wed Nov 5 2003 Mihai Ibanescu <misa@redhat.com> 0.5.1-20
- rebuilt against python 2.3.2

* Fri Aug 8 2003 Mihai Ibanescu <misa@redhat.com> 0.5.1-12
- lynx no longer supported, using elinks instead (patch from
Michael Redinger <michael.redinger@uibk.ac.at>, bug #101947 )

* Wed Jun 4 2003 Elliot Lee <sopwith@redhat.com> 0.5.1-11
- Rebuilt

* Wed Jun 4 2003 Mihai Ibanescu <misa@redhat.com> 0.5.1-10.7.x
- Built on 7.x

* Mon Mar 3 2003 Mihai Ibanescu <misa@redhat.com> 0.5.1-9
- bug #73967: Added Requires: python

* Mon Feb 24 2003 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Fri Feb 21 2003 Mihai Ibanescu <misa@redhat.com> 0.5.1-7
- bug #84803: Added patch to expose more flags

* Fri Jan 31 2003 Mihai Ibanescu <misa@redhat.com> 0.5.1-5
- installing to %%{_libdir}

* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
- rebuilt

* Tue Jan 7 2003 Nalin Dahyabhai <nalin@redhat.com> 0.5.1-3
- rebuild

* Fri Jan 3 2003 Nalin Dahyabhai <nalin@redhat.com>
- Add -I and -L flags for finding Kerberos headers and libraries, in case
they're referenced

* Tue Dec 3 2002 Mihai Ibanescu <misa@redhat.com>
- Fix for bug 73967: site-packages/OpenSSL not owned by this package
- Adding hacks around the lack of latex2html on ia64

* Tue Sep 24 2002 Mihai Ibanescu <misa@redhat.com>
- 0.5.1

* Thu Aug 29 2002 Mihai Ibanescu <misa@redhat.com>
- Building 0.5.1rc1 with version number 0.5.0.91 (this should also fix the big
error of pushing 0.5pre previously, since it breaks rpm's version comparison
algorithm).
- We use %%{__python}. Too bad I can't pass --define's to distutils.

* Fri Aug 16 2002 Mihai Ibanescu <misa@redhat.com>
- Building 0.5

* Fri Jun 14 2002 Mihai Ibanescu <misa@redhat.com>
- Added documentation
Loading…
Cancel
Save