# # spec file for package python-pyOpenSSL # # Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: python-pyOpenSSL Version: 16.0.0 Release: 1.1 Url: https://github.com/pyca/pyopenssl Summary: Python wrapper module around the OpenSSL library License: Apache-2.0 Group: Development/Languages/Python Source: http://pypi.python.org/packages/source/p/pyOpenSSL/pyOpenSSL-%{version}.tar.gz Patch0: bug-lp-1265482.diff Patch1: skip-networked-test.patch Patch2: rsa128-i586.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: openssl-devel BuildRequires: python-Sphinx BuildRequires: python-cryptography >= 1.3.1 BuildRequires: python-devel BuildRequires: python-pytest BuildRequires: python-setuptools Requires: python-cryptography >= 1.3.1 Provides: pyOpenSSL = %{version} Provides: python-openssl = %{version} Obsoletes: python-openssl < %{version} %if 0%{?suse_version} && 0%{?suse_version} <= 1110 %{!?python_sitelib: %global python_sitelib %(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} %else BuildArch: noarch %endif %description pyOpenSSL is a set of Python bindings for OpenSSL. It includes some low-level cryptography APIs but is primarily focused on providing an API for using the TLS protocol from Python. pyOpenSSL is now a pure-Python project with a dependency on a new project, cryptography (), which provides (among other things) a cffi-based interface to OpenSSL. %package doc Summary: Documentation for %{name} Group: Documentation/HTML %description doc Provides documentation for %{name}. %prep %setup -q -n pyOpenSSL-%{version} %patch0 -p1 %patch1 -p1 %patch2 -p1 %build python setup.py build #PYTHONPATH="build/lib" python setup.py build_sphinx && rm build/sphinx/html/.buildinfo %install python setup.py install --prefix=%{_prefix} --root=%{buildroot} %check export LC_ALL=en_US.UTF-8 export PYTHONPATH=src py.test -m "not network" %files %defattr(0644,root,root,0755) %doc LICENSE *.rst %{python_sitelib}/OpenSSL/ %{python_sitelib}/pyOpenSSL-%{version}-py*.egg-info/ %files doc %defattr(0644,root,root,0755) #%doc build/sphinx/html/ %doc examples/ %changelog * Mon May 16 2016 jmatejek@suse.com - added %%check section with testsuite - skip-networked-test.patch - mark a test as networked so that we can specify non-network test run - rsa128-i586.patch - sidestep a crasher bug on 32bit platforms by generating reasonably-sized RSA keys instead of small 128bit ones * Mon May 9 2016 hpj@urpla.net - update to 16.0.0 Backward-incompatible changes: * Python 3.2 support has been dropped. It never had significant real world usage and has been dropped by our main dependency cryptography. Affected users should upgrade to Python 3.3 or later. Deprecations: * The support for EGD has been removed. The only affected function OpenSSL.rand.egd() now uses os.urandom() to seed the internal PRNG instead. Please see pyca/cryptography#1636 for more background information on this decision. In accordance with our backward compatibility policy OpenSSL.rand.egd() will be removed no sooner than a year from the release of 16.0.0. * Please note that you should use urandom for all your secure random number needs. * Python 2.6 support has been deprecated. Our main dependency cryptography deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually dropping it. pyOpenSSL will drop Python 2.6 support once cryptography does. Changes: * Fixed OpenSSL.SSL.Context.set_session_id, OpenSSL.SSL.Connection.renegotiate, OpenSSL.SSL.Connection.renegotiate_pending, and OpenSSL.SSL.Context.load_client_ca. They were lacking an implementation since 0.14. #422 * Fixed segmentation fault when using keys larger than 4096-bit to sign data. [#428] * Fixed AttributeError when OpenSSL.SSL.Connection.get_app_data() was called before setting any app data. #304 * Added OpenSSL.crypto.dump_publickey() to dump OpenSSL.crypto.PKey objects that represent public keys, and OpenSSL.crypto.load_publickey() to load such objects from serialized representations. #382 * Added OpenSSL.crypto.dump_crl() to dump a certificate revocation list out to a string buffer. #368 * Added OpenSSL.SSL.Connection.get_state_string() using the OpenSSL binding state_string_long. #358 * Added support for the socket.MSG_PEEK flag to OpenSSL.SSL.Connection.recv() and OpenSSL.SSL.Connection.recv_into(). #294 * Added OpenSSL.SSL.Connection.get_protocol_version() and OpenSSL.SSL.Connection.get_protocol_version_name(). #244 * Switched to utf8string mask by default. OpenSSL formerly defaulted to a T61String if there were UTF-8 characters present. This was changed to default to UTF8String in the config around 2005, but the actual code didn’t change it until late last year. This will default us to the setting that actually works. To revert this you can call OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default"). #234 - fixed paths in bug-lp-1265482.diff - fixed doc generation - spec clean up * Tue Jul 14 2015 toddrme2178@gmail.com - Fix building on SLES 11 * Wed Apr 22 2015 mcihar@suse.cz - Do not hardcode version in file list * Wed Apr 22 2015 mcihar@suse.cz - udapte to 0.15.1 * OpenSSL/SSL.py, OpenSSL/test/test_ssl.py: Fix a regression present in 0.15, where when an error occurs and no errno() is set, a KeyError is raised. This happens, for example, if Connection.shutdown() is called when the underlying transport has gone away. * OpenSSL/rand.py, OpenSSL/SSL.py: APIs which previously accepted filenames only as bytes now accept them as either bytes or unicode (and respect sys.getfilesystemencoding()). * OpenSSL/SSL.py: Add Cory Benfield's next-protocol-negotiation (NPN) bindings. * OpenSSL/SSL.py: Add ``Connection.recv_into``, mirroring the builtin ``socket.recv_into``. Based on work from Cory Benfield. * OpenSSL/test/test_ssl.py: Add tests for ``recv_into``. * OpenSSL/crypto.py: Expose ``X509StoreContext`` for verifying certificates. * OpenSSL/test/test_crypto.py: Add intermediate certificates for * OpenSSL/SSL.py: ``Connection.shutdown`` now propagates errors from the underlying socket. * OpenSSL/SSL.py: Fixed a regression ``Context.check_privatekey`` causing it to always succeed - even if it should fail. * OpenSSL/crypto.py: Fixed a regression where calling ``load_pkcs7_data`` with ``FILETYPE_ASN1`` would fail with a ``NameError``. * OpenSSL/SSL.py: Fix a regression in which the first argument of * Mon Feb 24 2014 mvyskocil@suse.com - update to 0.14 * Support for TLSv1.1 and TLSv1.2 * First-class support for PyPy * New flags, such as MODE_RELEASE_BUFFERS and OP_NO_COMPRESSION * Some APIs to access to the SSL session cache * A variety of bug fixes for error handling cases * Documentation has been converted from LaTeX + python-pyOpenSSL-doc is now build from single spec file * pyOpenSSL now depends on cryptography, so it became pure-python module + changed to noarch package, add proper dependencies * Development moved to github + changed Url tag respectivelly - refreshed bug-lp-1265482.diff * Thu Jan 2 2014 dmueller@suse.com -Add bug-lp-1265482.diff; fix testsuite for SLE11 (bnc#855666) * Fri Sep 13 2013 jmatejek@suse.com - update to 0.13.1 * fixes NUL byte handling in subjectAltName (bnc#839107, CVE-2013-4314) * Fri Apr 5 2013 speilicke@suse.com - Package LICENSE * Tue Jul 10 2012 msuman@opensuse.org - Update to version 0.13 * Add OPENSSL_VERSION_NUMBER, SSLeay_version and related constants for retrieving version information about the underlying OpenSSL library. * Support OpenSSL 1.0.0a and related changes. * Remove SSLv2 support if the underlying OpenSSL library does not provide it. * Add a new method to the X509 type, get_signature_algorithm. * Add a new method to the Connection type, get_peer_cert_chain. * Add the PKey.check method to verify the internal consistency of a PKey instance. * Bug fixes. * Thu Sep 1 2011 saschpe@suse.de - Changed license to Apache-2.0, to fix bnc#715423 * Wed Aug 31 2011 saschpe@suse.de - Initial version, obsoletes 'python-openssl': * Builds properly on all SUSE version * Has real HTML documentation