diff --git a/Fixed-4380-do-not-assume-TLSv1-is-available-in-OpenS.patch b/Fixed-4380-do-not-assume-TLSv1-is-available-in-OpenS.patch deleted file mode 100644 index cd4d21023986abe73cdb33cc3c0e2da4d6492211..0000000000000000000000000000000000000000 --- a/Fixed-4380-do-not-assume-TLSv1-is-available-in-OpenS.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 525b6547e918e12c45119685d2e208aa0e51c4c9 Mon Sep 17 00:00:00 2001 -From: Alex Gaynor -Date: Sun, 12 Aug 2018 15:48:24 -0400 -Subject: [PATCH] Fixed #4380 -- do not assume TLSv1 is available in OpenSSL - (#4389) - -* Fixed #4380 -- do not assume TLSv1 is available in OpenSSL - -Hallelujah! It's starting to become the case that some OpenSSLs are disabling it. - -* cover this file as well ---- - tests/hazmat/backends/test_openssl.py | 2 +- - tests/hazmat/bindings/test_openssl.py | 6 ++++-- - 2 files changed, 5 insertions(+), 3 deletions(-) - -diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py -index 31b34cd0..e77f5dc3 100644 ---- a/tests/hazmat/backends/test_openssl.py -+++ b/tests/hazmat/backends/test_openssl.py -@@ -115,7 +115,7 @@ class TestOpenSSL(object): - assert len(errors) == 10 - - def test_ssl_ciphers_registered(self): -- meth = backend._lib.TLSv1_method() -+ meth = backend._lib.SSLv23_method() - ctx = backend._lib.SSL_CTX_new(meth) - assert ctx != backend._ffi.NULL - backend._lib.SSL_CTX_free(ctx) -diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py -index 488f64e1..c0dbc9ba 100644 ---- a/tests/hazmat/bindings/test_openssl.py -+++ b/tests/hazmat/bindings/test_openssl.py -@@ -37,7 +37,8 @@ class TestOpenSSL(object): - # Test that we're properly handling 32-bit unsigned on all platforms. - b = Binding() - assert b.lib.SSL_OP_ALL > 0 -- ctx = b.lib.SSL_CTX_new(b.lib.TLSv1_method()) -+ ctx = b.lib.SSL_CTX_new(b.lib.SSLv23_method()) -+ assert ctx != b.ffi.NULL - ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free) - current_options = b.lib.SSL_CTX_get_options(ctx) - resp = b.lib.SSL_CTX_set_options(ctx, b.lib.SSL_OP_ALL) -@@ -49,7 +50,8 @@ class TestOpenSSL(object): - # Test that we're properly handling 32-bit unsigned on all platforms. - b = Binding() - assert b.lib.SSL_OP_ALL > 0 -- ctx = b.lib.SSL_CTX_new(b.lib.TLSv1_method()) -+ ctx = b.lib.SSL_CTX_new(b.lib.SSLv23_method()) -+ assert ctx != b.ffi.NULL - ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free) - ssl = b.lib.SSL_new(ctx) - ssl = b.ffi.gc(ssl, b.lib.SSL_free) --- -2.19.1 - diff --git a/cryptography-2.3.tar.gz b/cryptography-2.3.tar.gz deleted file mode 100644 index 9c15572eb750f3214588ed963fa13ccdc250e2d2..0000000000000000000000000000000000000000 Binary files a/cryptography-2.3.tar.gz and /dev/null differ diff --git a/cryptography-2.6.1.tar.gz b/cryptography-2.6.1.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..a367c961ebbc25f13a5013ec3d96a384eeaa7d9f Binary files /dev/null and b/cryptography-2.6.1.tar.gz differ diff --git a/python-cryptography.spec b/python-cryptography.spec index fcc6425f9cefe2cb321b82021b6f25b891868d47..759883ac08da3730a4148e8d1ae05d929ae7b7c3 100644 --- a/python-cryptography.spec +++ b/python-cryptography.spec @@ -1,106 +1,137 @@ -Name: python-cryptography -Version: 2.3 -Release: 5 -Summary: a package designed to expose cryptographic primitives and recipes to Python developers. -License: ASL 2.0 or BSD -URL: https://cryptography.io -Source0: https://pypi.io/packages/source/c/cryptography/cryptography-2.3.tar.gz -Patch6000: Fixed-4380-do-not-assume-TLSv1-is-available-in-OpenS.patch -Patch6001: sigh-missed-one-TLSv1-4392.patch - -BuildRequires: openssl-devel gcc python2-devel python2-pytest >= 3.2.1 -BuildRequires: python2-setuptools python2-pretend python2-iso8601 -BuildRequires: python2-cryptography-vectors = %{version} python2-pytz -BuildRequires: python2-asn1crypto >= 0.21 python2-hypothesis >= 1.11.4 -BuildRequires: python2-idna >= 2.1 python2-six >= 1.4.1 python2-cffi >= 1.7 -BuildRequires: python2-enum34 python2-ipaddress python3-iso8601 -BuildRequires: python3-devel python3-setuptools python3-pretend -BuildRequires: python3-pytest >= 3.2.1 python3-pytz python3-idna >= 2.1 -BuildRequires: python3-cryptography-vectors = %{version} python3-six >= 1.4.1 -BuildRequires: python3-asn1crypto >= 0.21 python3-hypothesis >= 1.11.4 -BuildRequires: python3-cffi >= 1.7 -BuildRequires: procps-ng net-tools openssl python2-pycparser python3-pycparser +%bcond_with python2 +%bcond_without python3 + +Name: python-cryptography +Version: 2.6.1 +Release: 1 +Summary: PyCA's cryptography library +License: ASL 2.0 or BSD +URL: https://cryptography.io/en/latest/ +Source0: https://pypi.io/packages/source/c/cryptography/cryptography-%{version}.tar.gz + +BuildRequires: openssl-devel +BuildRequires: gcc + +%if %{with python2} +BuildRequires: python2-devel python2-pytest >= 3.2.1 python2-setuptools +BuildRequires: python2-pretend python2-iso8601 python2-cryptography-vectors = %{version} +BuildRequires: python2-asn1crypto >= 0.21 python2-hypothesis >= 1.11.4 python2-pytz +BuildRequires: python2-idna >= 2.1 python2-six >= 1.4.1 python2-cffi >= 1.7 +BuildRequires: python2-enum34 python2-ipaddress +%endif + +BuildRequires: python%{python3_pkgversion}-devel +BuildRequires: python%{python3_pkgversion}-pytest >= 3.2.1 +BuildRequires: python%{python3_pkgversion}-setuptools +BuildRequires: python%{python3_pkgversion}-pretend +BuildRequires: python%{python3_pkgversion}-iso8601 +BuildRequires: python%{python3_pkgversion}-cryptography-vectors = %{version} +BuildRequires: python%{python3_pkgversion}-asn1crypto >= 0.21 +BuildRequires: python%{python3_pkgversion}-hypothesis >= 1.11.4 +BuildRequires: python%{python3_pkgversion}-pytz +BuildRequires: python%{python3_pkgversion}-idna >= 2.1 +BuildRequires: python%{python3_pkgversion}-six >= 1.4.1 +BuildRequires: python%{python3_pkgversion}-cffi >= 1.7 %description -cryptography is a package which provides cryptographic recipes and primitives -to Python developers. Our goal is for it to be your "cryptographic standard -library". It supports Python 2.7, Python 3.4+, and PyPy 5.4+. +cryptography is a package designed to expose cryptographic primitives and +recipes to Python developers. + +%if %{with python2} +%package -n python2-cryptography +Summary: PyCA's cryptography library + +Requires: openssl-libs python2-idna >= 2.1 python2-asn1crypto >= 0.21 +Requires: python2-six >= 1.4.1 python2-cffi >= 1.7 python2-enum34 +Requires: python2-ipaddress -%package -n python2-cryptography -Summary: a package designed to expose cryptographic primitives and recipes to Python2 developers. %{?python_provide:%python_provide python2-cryptography} -Requires: openssl python2-idna >= 2.1 python2-asn1crypto >= 0.21 -Requires: python2-six >= 1.4.1 python2-cffi >= 1.7 python2-enum34 python2-ipaddress %description -n python2-cryptography -cryptography is a package which provides cryptographic recipes and primitives -to Python developers. Our goal is for it to be your "cryptographic standard -library". It supports Python 2.7, Python 3.4+, and PyPy 5.4+. +cryptography is a package designed to expose cryptographic primitives and +recipes to Python developers. +%endif + +%package -n python%{python3_pkgversion}-cryptography +Summary: PyCA's cryptography library + +Requires: openssl-libs +Requires: python%{python3_pkgversion}-idna >= 2.1 +Requires: python%{python3_pkgversion}-asn1crypto >= 0.21 +Requires: python%{python3_pkgversion}-six >= 1.4.1 +Requires: python%{python3_pkgversion}-cffi >= 1.7 -%package -n python3-cryptography -Summary: a package designed to expose cryptographic primitives and recipes to Python3 developers. -%{?python_provide:%python_provide python3-cryptography} -Requires: openssl python3-idna >= 2.1 python3-asn1crypto >= 0.21 -Requires: python3-six >= 1.4.1 python3-cffi >= 1.7 +%{?python_provide:%python_provide python%{python3_pkgversion}-cryptography} -%description -n python3-cryptography -cryptography is a package which provides cryptographic recipes and primitives -to Python developers. Our goal is for it to be your "cryptographic standard -library". It supports Python 2.7, Python 3.4+, and PyPy 5.4+. +%description -n python%{python3_pkgversion}-cryptography +cryptography is a package designed to expose cryptographic primitives and +recipes to Python developers. %package_help %prep %autosetup -n cryptography-%{version} -p1 + rm -rf %{py3dir} cp -a . %{py3dir} find %{py3dir} -name '*.py' | xargs sed -i '1s|^#!/usr/bin/python|#!%{__python3}|' %build +%if %{with python2} %py2_build +%endif + pushd %{py3dir} %py3_build popd %install +# Actually other *.c and *.h are appropriate +# see https://github.com/pyca/cryptography/issues/1463 find . -name .keep -print -delete + +%if %{with python2} %py2_install +%endif + pushd %{py3dir} %py3_install popd %check -rm -f tests/hazmat/primitives/test_padding.py -%{__python2} setup.py test +# see https://github.com/pyca/cryptography/issues/4885 for the deselected test +%if %{with python2} +PYTHONPATH=%{buildroot}%{python2_sitearch} %{__python2} -m pytest -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve)" +%endif + pushd %{py3dir} -rm -f tests/hazmat/primitives/test_padding.py -%{__python3} setup.py test +PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve)" popd -%pre - -%preun - -%post - -%postun - +%if %{with python2} %files -n python2-cryptography -%doc README.rst -%license LICENSE LICENSE.APACHE LICENSE.BSD AUTHORS.rst +%defattr(-,root,root) +%doc AUTHORS.rst +%license LICENSE LICENSE.APACHE LICENSE.BSD %{python2_sitearch}/cryptography %{python2_sitearch}/cryptography-%{version}-py*.egg-info +%endif -%files -n python3-cryptography -%doc README.rst -%license LICENSE LICENSE.APACHE LICENSE.BSD AUTHORS.rst +%files -n python%{python3_pkgversion}-cryptography +%defattr(-,root,root) +%doc AUTHORS.rst +%license LICENSE LICENSE.APACHE LICENSE.BSD %{python3_sitearch}/* %{python3_sitearch}/cryptography-%{version}-py*.egg-info %files help -%doc docs +%defattr(-,root,root) +%doc README.rst docs %changelog +* Thu Feb 13 2020 openEuler Buildteam - 2.6.1-1 +- Update to 2.6.1 + * Tue Oct 22 2019 openEuler Buildteam - 2.3-5 - Package rebuild. diff --git a/sigh-missed-one-TLSv1-4392.patch b/sigh-missed-one-TLSv1-4392.patch deleted file mode 100644 index 058dcff9656edb82d03ced6b2c84887cb283dfce..0000000000000000000000000000000000000000 --- a/sigh-missed-one-TLSv1-4392.patch +++ /dev/null @@ -1,26 +0,0 @@ -From b1aad8f273dfec7641b31bfbeaebfb921e27122a Mon Sep 17 00:00:00 2001 -From: Alex Gaynor -Date: Sun, 12 Aug 2018 17:39:32 -0400 -Subject: [PATCH] sigh, missed one TLSv1 (#4392) - ---- - tests/hazmat/bindings/test_openssl.py | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py -index c0dbc9ba..f317f07f 100644 ---- a/tests/hazmat/bindings/test_openssl.py -+++ b/tests/hazmat/bindings/test_openssl.py -@@ -65,7 +65,8 @@ class TestOpenSSL(object): - # Test that we're properly handling 32-bit unsigned on all platforms. - b = Binding() - assert b.lib.SSL_OP_ALL > 0 -- ctx = b.lib.SSL_CTX_new(b.lib.TLSv1_method()) -+ ctx = b.lib.SSL_CTX_new(b.lib.SSLv23_method()) -+ assert ctx != b.ffi.NULL - ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free) - ssl = b.lib.SSL_new(ctx) - ssl = b.ffi.gc(ssl, b.lib.SSL_free) --- -2.19.1 -