From 41b5d827a2695514dfaa4fb0b9644672136e7845 Mon Sep 17 00:00:00 2001 From: tuibuilder_pel7x64builder0 Date: Sun, 7 Feb 2021 01:12:06 +0100 Subject: [PATCH] python-crypto package added Signed-off-by: tuibuilder_pel7x64builder0 --- SOURCES/pycrypto-2.6.1-CVE-2013-7459.patch | 106 +++++ .../pycrypto-2.6.1-unbundle-libtomcrypt.patch | 30 ++ ...crypto-2.4-fix-pubkey-size-divisions.patch | 46 ++ SOURCES/python-crypto-2.4-optflags.patch | 31 ++ SPECS/python-crypto.spec | 446 ++++++++++++++++++ 5 files changed, 659 insertions(+) create mode 100644 SOURCES/pycrypto-2.6.1-CVE-2013-7459.patch create mode 100644 SOURCES/pycrypto-2.6.1-unbundle-libtomcrypt.patch create mode 100644 SOURCES/python-crypto-2.4-fix-pubkey-size-divisions.patch create mode 100644 SOURCES/python-crypto-2.4-optflags.patch create mode 100644 SPECS/python-crypto.spec diff --git a/SOURCES/pycrypto-2.6.1-CVE-2013-7459.patch b/SOURCES/pycrypto-2.6.1-CVE-2013-7459.patch new file mode 100644 index 0000000..db1f740 --- /dev/null +++ b/SOURCES/pycrypto-2.6.1-CVE-2013-7459.patch @@ -0,0 +1,106 @@ +From 8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 Mon Sep 17 00:00:00 2001 +From: Legrandin +Date: Sun, 22 Dec 2013 22:24:46 +0100 +Subject: [PATCH] Throw exception when IV is used with ECB or CTR + +The IV parameter is currently ignored when initializing +a cipher in ECB or CTR mode. + +For CTR mode, it is confusing: it takes some time to see +that a different parameter is needed (the counter). + +For ECB mode, it is outright dangerous. + +This patch forces an exception to be raised. +--- + lib/Crypto/SelfTest/Cipher/common.py | 31 +++++++++++++++++++++++-------- + src/block_template.c | 11 +++++++++++ + 2 files changed, 34 insertions(+), 8 deletions(-) + +diff --git a/lib/Crypto/SelfTest/Cipher/common.py b/lib/Crypto/SelfTest/Cipher/common.py +index 420b6ff..a5f8a88 100644 +--- a/lib/Crypto/SelfTest/Cipher/common.py ++++ b/lib/Crypto/SelfTest/Cipher/common.py +@@ -239,16 +239,30 @@ class RoundtripTest(unittest.TestCase): + return """%s .decrypt() output of .encrypt() should not be garbled""" % (self.module_name,) + + def runTest(self): +- for mode in (self.module.MODE_ECB, self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB, self.module.MODE_OPENPGP): ++ ++ ## ECB mode ++ mode = self.module.MODE_ECB ++ encryption_cipher = self.module.new(a2b_hex(self.key), mode) ++ ciphertext = encryption_cipher.encrypt(self.plaintext) ++ decryption_cipher = self.module.new(a2b_hex(self.key), mode) ++ decrypted_plaintext = decryption_cipher.decrypt(ciphertext) ++ self.assertEqual(self.plaintext, decrypted_plaintext) ++ ++ ## OPENPGP mode ++ mode = self.module.MODE_OPENPGP ++ encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) ++ eiv_ciphertext = encryption_cipher.encrypt(self.plaintext) ++ eiv = eiv_ciphertext[:self.module.block_size+2] ++ ciphertext = eiv_ciphertext[self.module.block_size+2:] ++ decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv) ++ decrypted_plaintext = decryption_cipher.decrypt(ciphertext) ++ self.assertEqual(self.plaintext, decrypted_plaintext) ++ ++ ## All other non-AEAD modes (but CTR) ++ for mode in (self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB): + encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) + ciphertext = encryption_cipher.encrypt(self.plaintext) +- +- if mode != self.module.MODE_OPENPGP: +- decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) +- else: +- eiv = ciphertext[:self.module.block_size+2] +- ciphertext = ciphertext[self.module.block_size+2:] +- decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv) ++ decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) + decrypted_plaintext = decryption_cipher.decrypt(ciphertext) + self.assertEqual(self.plaintext, decrypted_plaintext) + +diff --git a/src/block_template.c b/src/block_template.c +index f940e0e..d555ceb 100644 +--- a/src/block_template.c ++++ b/src/block_template.c +@@ -170,6 +170,17 @@ ALGnew(PyObject *self, PyObject *args, PyObject *kwdict) + "Key cannot be the null string"); + return NULL; + } ++ if (IVlen != 0 && mode == MODE_ECB) ++ { ++ PyErr_Format(PyExc_ValueError, "ECB mode does not use IV"); ++ return NULL; ++ } ++ if (IVlen != 0 && mode == MODE_CTR) ++ { ++ PyErr_Format(PyExc_ValueError, ++ "CTR mode needs counter parameter, not IV"); ++ return NULL; ++ } + if (IVlen != BLOCK_SIZE && mode != MODE_ECB && mode != MODE_CTR) + { + PyErr_Format(PyExc_ValueError, +From 58de28a5d32bc10e15766e5a59f41b07397cc6cb Mon Sep 17 00:00:00 2001 +From: Richard Mitchell +Date: Mon, 28 Apr 2014 16:58:27 +0100 +Subject: [PATCH] Fix speedtest run for ECB modes. + +--- + pct-speedtest.py | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/pct-speedtest.py b/pct-speedtest.py +index 4ce18be..c7b893a 100644 +--- a/pct-speedtest.py ++++ b/pct-speedtest.py +@@ -121,6 +121,8 @@ class Benchmark: + blocks = self.random_blocks(16384, 1000) + if mode is None: + cipher = module.new(key) ++ elif mode==module.MODE_ECB: ++ cipher = module.new(key, module.MODE_ECB) + else: + cipher = module.new(key, mode, iv) + diff --git a/SOURCES/pycrypto-2.6.1-unbundle-libtomcrypt.patch b/SOURCES/pycrypto-2.6.1-unbundle-libtomcrypt.patch new file mode 100644 index 0000000..00c7676 --- /dev/null +++ b/SOURCES/pycrypto-2.6.1-unbundle-libtomcrypt.patch @@ -0,0 +1,30 @@ +--- setup.py ++++ setup.py +@@ -390,10 +390,12 @@ kw = {'name':"pycrypto", + include_dirs=['src/'], + sources=["src/CAST.c"]), + Extension("Crypto.Cipher._DES", +- include_dirs=['src/', 'src/libtom/'], ++ include_dirs=['src/'], ++ libraries=['tomcrypt'], + sources=["src/DES.c"]), + Extension("Crypto.Cipher._DES3", +- include_dirs=['src/', 'src/libtom/'], ++ include_dirs=['src/'], ++ libraries=['tomcrypt'], + sources=["src/DES3.c"]), + + # Stream ciphers +--- src/DES.c ++++ src/DES.c +@@ -28,8 +28,8 @@ + * assert-like LTC_ARGCHK macro fails. */ + #define ARGTYPE 4 + +-/* Include the actial DES implementation */ +-#include "libtom/tomcrypt_des.c" ++/* Access the actual DES implementation */ ++#include "tomcrypt.h" + + #undef DES /* this is needed because tomcrypt_custom.h defines DES to an empty string */ + diff --git a/SOURCES/python-crypto-2.4-fix-pubkey-size-divisions.patch b/SOURCES/python-crypto-2.4-fix-pubkey-size-divisions.patch new file mode 100644 index 0000000..9f3323b --- /dev/null +++ b/SOURCES/python-crypto-2.4-fix-pubkey-size-divisions.patch @@ -0,0 +1,46 @@ +setup.py for Python 3 doesn't invoke 2to3 on pct-speedtest.py, which runs +into problems: + +Traceback (most recent call last): + File "pct-speedtest.py", line 218, in + Benchmark().run() + File "pct-speedtest.py", line 200, in run + self.test_pubkey_setup(pubkey_name, module, key_bytes) + File "pct-speedtest.py", line 85, in test_pubkey_setup + keys = self.random_keys(key_bytes)[:5] + File "pct-speedtest.py", line 49, in random_keys + return self.random_blocks(bytes, 10**5) # 100k + File "pct-speedtest.py", line 53, in random_blocks + data = self.random_data(bytes) + File "pct-speedtest.py", line 62, in random_data + self.__random_data = self._random_bytes(bytes) + File "pct-speedtest.py", line 73, in _random_bytes + return os.urandom(b) + File "/usr/lib64/python3.2/os.py", line 777, in urandom + bs += read(_urandomfd, n - len(bs)) +TypeError: integer argument expected, got float + +This is due to the divisions in the pubkey_specs table, which in Python 3 is +true division, returning a float. + +As it happens, 2to3 can't convert these divisions, see: +http://bugs.python.org/issue12831 + +Change them to explicitly be floor divisions (supported in Python 2.2 +onwards; see PEP 0238) + +--- pycrypto/pct-speedtest.py ++++ pycrypto/pct-speedtest.py +@@ -165,9 +165,9 @@ + + def run(self): + pubkey_specs = [ +- ("RSA(1024)", RSA, 1024/8), +- ("RSA(2048)", RSA, 2048/8), +- ("RSA(4096)", RSA, 4096/8), ++ ("RSA(1024)", RSA, 1024//8), ++ ("RSA(2048)", RSA, 2048//8), ++ ("RSA(4096)", RSA, 4096//8), + ] + block_specs = [ + ("DES", DES, 8), diff --git a/SOURCES/python-crypto-2.4-optflags.patch b/SOURCES/python-crypto-2.4-optflags.patch new file mode 100644 index 0000000..c0f57ce --- /dev/null +++ b/SOURCES/python-crypto-2.4-optflags.patch @@ -0,0 +1,31 @@ +--- pycrypto/setup.py ++++ pycrypto/setup.py +@@ -165,28 +165,6 @@ + # Make assert() statements always work + self.__remove_compiler_option("-DNDEBUG") + +- # Choose our own optimization options +- for opt in ["-O", "-O0", "-O1", "-O2", "-O3", "-Os"]: +- self.__remove_compiler_option(opt) +- if self.debug: +- # Basic optimization is still needed when debugging to compile +- # the libtomcrypt code. +- self.__add_compiler_option("-O") +- else: +- # Speed up execution by tweaking compiler options. This +- # especially helps the DES modules. +- self.__add_compiler_option("-O3") +- self.__add_compiler_option("-fomit-frame-pointer") +- # Don't include debug symbols unless debugging +- self.__remove_compiler_option("-g") +- # Don't include profiling information (incompatible with +- # -fomit-frame-pointer) +- self.__remove_compiler_option("-pg") +- if USE_GCOV: +- self.__add_compiler_option("-fprofile-arcs") +- self.__add_compiler_option("-ftest-coverage") +- self.compiler.libraries += ['gcov'] +- + # Call the superclass's build_extensions method + build_ext.build_extensions(self) + diff --git a/SPECS/python-crypto.spec b/SPECS/python-crypto.spec new file mode 100644 index 0000000..0796b73 --- /dev/null +++ b/SPECS/python-crypto.spec @@ -0,0 +1,446 @@ +%global _docdir_fmt %{name} +%{!?python3_pkgversion:%global python3_pkgversion 3} +%global python2_pkgversion 2 +%global with_python3 1 + +Summary: Cryptography library for Python +Name: python-crypto +Version: 2.6.1 +Release: 15%{?dist} +# Mostly Public Domain apart from parts of HMAC.py and setup.py, which are Python +License: Public Domain and Python +URL: http://www.pycrypto.org/ +Source0: http://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-%{version}.tar.gz +Patch0: python-crypto-2.4-optflags.patch +Patch1: python-crypto-2.4-fix-pubkey-size-divisions.patch +Patch2: pycrypto-2.6.1-CVE-2013-7459.patch +Patch3: pycrypto-2.6.1-unbundle-libtomcrypt.patch +BuildRequires: coreutils +BuildRequires: findutils +BuildRequires: gcc +BuildRequires: gmp-devel >= 4.1 +BuildRequires: libtomcrypt-devel >= 1.16 +BuildRequires: python%{python2_pkgversion}-devel +%if %{with_python3} +BuildRequires: python%{python3_pkgversion}-devel +BuildRequires: python-tools +%endif + +%description +PyCrypto is a collection of both secure hash functions (such as MD5 and +SHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.). + +%package -n python%{python2_pkgversion}-crypto +Summary: Cryptography library for Python 2 +Provides: pycrypto = %{version}-%{release} +%if 0%{?fedora} +%{?python_provide:%python_provide python2-crypto} +%else +Obsoletes: python-crypto <= %{version}-%{release} +Provides: python-crypto = %{version}-%{release} +%endif + +%description -n python%{python2_pkgversion}-crypto +PyCrypto is a collection of both secure hash functions (such as MD5 and +SHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.). + +This is the Python 2 build of the package. + +%if %{with_python3} +%package -n python%{python3_pkgversion}-crypto +Summary: Cryptography library for Python 3 +%{?python_provide:%python_provide python%{python3_pkgversion}-crypto} + +%description -n python%{python3_pkgversion}-crypto +PyCrypto is a collection of both secure hash functions (such as MD5 and +SHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.). + +This is the Python 3 build of the package. +%endif + +%prep +%setup -n pycrypto-%{version} -q + +# Use distribution compiler flags rather than upstream's +%patch0 -p1 + +# Fix divisions within benchmarking suite: +%patch1 -p1 + +# AES.new with invalid parameter crashes python +# https://github.com/dlitz/pycrypto/issues/176 +# CVE-2013-7459 +%patch2 -p1 + +# Unbundle libtomcrypt (#1087557) +rm -rf src/libtom +%patch3 + +# setup.py doesn't run 2to3 on pct-speedtest.py +%if %{with_python3} +cp pct-speedtest.py pct-speedtest3.py +2to3 -wn pct-speedtest3.py +%endif + +%build +%global optflags %{optflags} -fno-strict-aliasing +#%%py2_build +CFLAGS="%{optflags}" %{__python2} setup.py build +%if %{with_python3} +%py3_build +%endif + +%install +%{__python2} setup.py install -O1 --skip-build --root %{buildroot} +#%%py2_install +%if %{with_python3} +%py3_install +%endif + +# Remove group write permissions on shared objects +find %{buildroot}%{python2_sitearch} -name '*.so' -exec chmod -c g-w {} \; +%if %{with_python3} +find %{buildroot}%{python3_sitearch} -name '*.so' -exec chmod -c g-w {} \; +%endif + +%check +%{__python2} setup.py test +%if %{with_python3} +%{__python3} setup.py test +%endif + +# Benchmark +PYTHONPATH=%{buildroot}%{python2_sitearch} %{__python2} pct-speedtest.py +%if %{with_python3} +PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} pct-speedtest3.py +%endif + +%files -n python%{python2_pkgversion}-crypto +%license COPYRIGHT LEGAL/ +%doc README TODO ACKS ChangeLog Doc/ +%{python2_sitearch}/Crypto/ +%{python2_sitearch}/pycrypto-%{version}-py2.*.egg-info + +%if %{with_python3} +%files -n python%{python3_pkgversion}-crypto +%license COPYRIGHT LEGAL/ +%doc README TODO ACKS ChangeLog Doc/ +%{python3_sitearch}/Crypto/ +%{python3_sitearch}/pycrypto-%{version}-py3.*.egg-info +%endif + +%changelog +* Fri May 19 2017 Pavel Cahyna - 2.6.1-15 +- Add Provides and Obsoletes for the python-crypto package now + when the package is named python2-crypto. On Fedora this is + done automatically, but not on RHEL. + +* Fri May 12 2017 Pavel Cahyna - 2.6.1-14 +- Restore the Python 3 conditional builds +- Stop using %%py2_build which we don't have yet on RHEL + +* Wed Jan 18 2017 Paul Howarth - 2.6.1-13 +- AES.new with invalid parameter crashes python (CVE-2013-7459) + (https://github.com/dlitz/pycrypto/issues/176) + +* Fri Dec 09 2016 Charalampos Stratakis - 2.6.1-12 +- Rebuild for Python 3.6 + +* Tue Jul 19 2016 Fedora Release Engineering - 2.6.1-11 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Thu Feb 04 2016 Fedora Release Engineering - 2.6.1-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Dec 30 2015 Paul Howarth - 2.6.1-9 +- Enable python3 builds from EPEL-7 (#1110373) +- Modernize spec + +* Wed Nov 04 2015 Matej Stuchlik - 2.6.1-8 +- Rebuilt for Python 3.5 + +* Thu Jun 18 2015 Fedora Release Engineering - 2.6.1-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sun Aug 17 2014 Fedora Release Engineering - 2.6.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 2.6.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue May 27 2014 Paul Howarth - 2.6.1-4 +- Rebuild for python3 3.4 in Rawhide again + +* Wed May 14 2014 Paul Howarth - 2.6.1-3 +- Unbundle libtomcrypt (#1087557) +- Drop %%defattr, redundant since rpm 4.4 + +* Wed May 14 2014 Bohuslav Kabrda - 2.6.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 + +* Fri Oct 18 2013 Paul Howarth - 2.6.1-1 +- Update to 2.6.1 + - Fix PRNG not correctly reseeded in some situations (CVE-2013-1445) + +* Sun Aug 04 2013 Fedora Release Engineering - 2.6-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Thu Feb 14 2013 Fedora Release Engineering - 2.6-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Fri Aug 03 2012 David Malcolm - 2.6-4 +- rebuild for https://fedoraproject.org/wiki/Features/Python_3.3 + +* Fri Aug 3 2012 David Malcolm - 2.6-3 +- remove rhel logic from with_python3 conditional + +* Sat Jul 21 2012 Fedora Release Engineering - 2.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu May 24 2012 Paul Howarth - 2.6-1 +- Update to 2.6 + - Fix insecure ElGamal key generation (launchpad bug #985164, CVE-2012-2417) + - Huge documentation cleanup + - Added more tests, including test vectors from NIST 800-38A + - Remove broken MODE_PGP, which never actually worked properly + - A new mode, MODE_OPENPGP, has been added for people wishing to write + OpenPGP implementations (see also launchpad bug #996814) + - Fix: getPrime with invalid input causes Python to abort with fatal error + (launchpad bug #988431) + - Fix: Segfaults within error-handling paths (launchpad bug #934294) + - Fix: Block ciphers allow empty string as IV (launchpad bug #997464) + - Fix DevURandomRNG to work with Python3's new I/O stack + - Remove automagic dependencies on libgmp and libmpir; let the caller + disable them using args + - Many other minor bug fixes and improvements +- Drop upstream patches + +* Sat Feb 18 2012 Paul Howarth - 2.5-2 +- Add upstream fixes for issues found by Dave Malcolm's experimental static + analysis tool (#790584) + +* Mon Jan 16 2012 Paul Howarth - 2.5-1 +- Update to 2.5 + - Added PKCS#1 encryption schemes (v1.5 and OAEP); we now have a decent, + easy-to-use non-textbook RSA implementation + - Added PKCS#1 signature schemes (v1.5 and PSS); v1.5 required some + extensive changes to Hash modules to contain the algorithm-specific ASN.1 + OID, and to that end we now always have a (thin) Python module to hide the + one in pure C + - Added 2 standard Key Derivation Functions (PBKDF1 and PBKDF2) + - Added export/import of RSA keys in OpenSSH and PKCS#8 formats + - Added password-protected export/import of RSA keys (one old method for + PKCS#8 PEM only) + - Added ability to generate RSA key pairs with configurable public + exponent e + - Added ability to construct an RSA key pair even if only the private + exponent d is known, and not p and q + - Added SHA-2 C source code (fully from Lorenz Quack) + - Unit tests for all the above + - Updates to documentation (both inline and in Doc/pycrypt.rst) + - Minor bug fixes (setup.py and tests) +- Upstream no longer ships python-3-changes.txt + +* Sat Jan 7 2012 Paul Howarth - 2.4.1-2 +- Rebuild with gcc 4.7 + +* Mon Nov 7 2011 Paul Howarth - 2.4.1-1 +- Update to 2.4.1 + - Fix "error: Setup script exited with error: src/config.h: No such file or + directory" when installing via easy_install + +* Wed Oct 26 2011 Marcela Mašláňová - 2.4-2.1 +- Rebuild with new gmp without compat lib + +* Tue Oct 25 2011 Paul Howarth - 2.4-2 +- Add python3-crypto subpackage (based on patch from Dave Malcolm - #748529) + +* Mon Oct 24 2011 Paul Howarth - 2.4-1 +- Update to 2.4 + - Python 3 support! PyCrypto now supports every version of Python from 2.1 + through to 3.2 + - Timing-attack countermeasures in _fastmath: when built against libgmp + version 5 or later, we use mpz_powm_sec instead of mpz_powm, which should + prevent the timing attack described by Geremy Condra at PyCon 2011 + - New hash modules (for Python ≥ 2.5 only): SHA224, SHA384 and SHA512 + - Configuration using GNU autoconf, which should help fix a bunch of build + issues + - Support using MPIR as an alternative to GMP + - Improve the test command in setup.py, by allowing tests to be performed on + a single sub-package or module only + - Fix double-decref of "counter" when Cipher object initialization fails + - Apply patches from Debian's python-crypto 2.3-3 package: + - fix-RSA-generate-exception.patch + - epydoc-exclude-introspect.patch + - no-usr-local.patch + - Fix launchpad bug #702835: "Import key code is not compatible with GMP + library" + - More tests, better documentation, various bugfixes +- Update patch for imposing our own compiler optimization flags +- Drop lib64 patch, no longer needed +- No longer need to fix up permissions and remove shellbangs + +* Wed Oct 12 2011 Peter Schiffer - 2.3-5.1 +- Rebuild with new gmp + +* Wed May 11 2011 Paul Howarth - 2.3-5 +- Upstream rolled new tarball with top-level directory restored +- Nobody else likes macros for commands + +* Tue Feb 08 2011 Fedora Release Engineering - 2.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Sep 29 2010 jkeating - 2.3-3 +- Rebuilt for gcc bug 634757 + +* Fri Sep 24 2010 David Malcolm - 2.3-2 +- Add "-fno-strict-aliasing" to compilation flags + +* Fri Aug 27 2010 Paul Howarth - 2.3-1 +- Update to 2.3 + - Fix NameError when attempting to use deprecated getRandomNumber() function + - _slowmath: Compute RSA u parameter when it's not given to RSA.construct; + this makes _slowmath behave the same as _fastmath in this regard + - Make RSA.generate raise a more user-friendly exception message when the + user tries to generate a bogus-length key +- Add -c option to %%setup because upstream tarball has dropped the top-level + directory +- Run benchmark as part of %%check if we have python 2.4 or later +- BR: python2-devel rather than just python-devel +- Add patch to make sure we can find libgmp in 64-bit multilib environments + +* Tue Aug 3 2010 Paul Howarth - 2.2-1 +- Update to 2.2 + - Deprecated Crypto.Util.number.getRandomNumber() + - It's been replaced by getRandomNBitInteger and getRandomInteger + - Better isPrime() and getPrime() implementations + - getStrongPrime() implementation for generating RSA primes + - Support for importing and exporting RSA keys in DER and PEM format + - Fix PyCrypto when floor division (python -Qnew) is enabled + - When building using gcc, use -std=c99 for compilation +- Update optflags patch + +* Thu Jul 22 2010 David Malcolm - 2.1.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Tue Feb 16 2010 Paul Howarth - 2.1.0-1 +- Update to 2.1.0 (see ChangeLog for details) +- Remove patches (no longer needed) +- Use new upstream URLs +- Upstream has replaced LICENSE with LEGAL/ and COPYRIGHT +- Clarify that license is mostly Public Domain, partly Python +- Add %%check section and run the test suite in it +- Remove upstream's fiddling with compiler optimization flags so we get + usable debuginfo +- Filter out unwanted provides for python shared objects +- Tidy up egg-info handling +- Simplify %%files list +- Pacify rpmlint as much as is reasonable +- Add dist tag + +* Sun Jul 26 2009 Fedora Release Engineering - 2.0.1-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Thu Feb 26 2009 Fedora Release Engineering - 2.0.1-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Fri Feb 13 2009 Stewart Adam - 2.0.1-17 +- Use patches in upstream git to fix #484473 + +* Fri Feb 13 2009 Thorsten Leemhuis - 2.0.1-16.1 +- add patch to fix #485298 / CVE-2009-0544 + +* Sat Feb 7 2009 Stewart Adam - 2.0.1-15.1 +- Oops, actually apply the patch +- Modify patch so modules remain compatible with PEP 247 + +* Sat Feb 7 2009 Stewart Adam - 2.0.1-15 +- Add patch to hashlib instead of deprecated md5 and sha modules (#484473) + +* Sat Nov 29 2008 Ignacio Vazquez-Abrams - 2.0.1-14.1 +- Rebuild for Python 2.6 + +* Sun May 04 2008 Thorsten Leemhuis - 2.0.1-13 +- provide pycrypto + +* Sat Feb 09 2008 Thorsten Leemhuis - 2.0.1-12 +- rebuilt + +* Fri Jan 04 2008 Thorsten Leemhuis - 2.0.1-11 +- egg-info file in python_sitearch and not in python_sitelib + +* Fri Jan 04 2008 Thorsten Leemhuis - 2.0.1-10 +- ship egg-file + +* Tue Aug 21 2007 Thorsten Leemhuis - 2.0.1-9 +- Remove the old and outdated python-abi hack + +* Fri Aug 03 2007 Thorsten Leemhuis +- Update License field due to the "Licensing guidelines changes" + +* Mon Jun 04 2007 David Woodhouse - 2.0.1-8 +- Fix libdir handling so it works on more arches than x86_64 + +* Wed Apr 18 2007 Thorsten Leemhuis - 2.0.1-7 +- Fix typo + +* Wed Apr 18 2007 Thorsten Leemhuis - 2.0.1-6 +- Remove dist +- rebuild, because the older version was much bigger, as it was build when + distutils was doing static links of libpython + +* Sat Dec 09 2006 Thorsten Leemhuis - 2.0.1-5 +- Rebuild for python 2.5 + +* Thu Sep 07 2006 Thorsten Leemhuis - 2.0.1-4 +- Don't ghost pyo files (#205408) + +* Tue Aug 29 2006 Thorsten Leemhuis - 2.0.1-3 +- Rebuild for Fedora Extras 6 + +* Mon Feb 13 2006 Thorsten Leemhuis - 2.0.1-2 +- Rebuild for Fedora Extras 5 + +* Wed Aug 17 2005 Thorsten Leemhuis - 0:2.0.1-1 +- Update to 2.0.1 +- Use Dist +- Drop python-crypto-64bit-unclean.patch, similar patch was applied + upstream + +* Thu May 05 2005 Thorsten Leemhuis - 0:2.0-4 +- add python-crypto-64bit-unclean.patch (#156173) + +* Mon Mar 21 2005 Seth Vidal - 0:2.0-3 +- iterate release for build on python 2.4 based systems + +* Sat Dec 18 2004 Thorsten Leemhuis - 0:2.0-2 +- Fix build on x86_64: use python_sitearch for files and patch source + to find gmp + +* Thu Aug 26 2004 Thorsten Leemhuis - 0:2.0-0.fdr.1 +- Update to 2.00 + +* Fri Aug 13 2004 Ville Skytta - 0:1.9-0.fdr.6.a6 +- Don't use get_python_version(), it's available in Python >= 2.3 only. + +* Thu Aug 12 2004 Thorsten Leemhuis 0:1.9-0.fdr.5.a6 +- Own dir python_sitearch/Crypto/ + +* Wed Aug 11 2004 Thorsten Leemhuis 0:1.9-0.fdr.4.a6 +- Match python spec template more + +* Sat Jul 17 2004 Thorsten Leemhuis 0:1.9-0.fdr.3.a6 +- Own _libdir/python/site-packages/Crypto/ + +* Wed Mar 24 2004 Panu Matilainen 0.3.2-0.fdr.2.a6 +- generate .pyo files during install +- require exact version of python used to build the package +- include more docs + demos +- fix dependency on /usr/local/bin/python +- use fedora.us style buildroot +- buildrequires gmp-devel +- use description from README + +* Sun Jan 11 2004 Ryan Boder 0.3.2-0.fdr.1.a6 +- Initial build. +