# # spec file for package python-M2Crypto # # Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define skip_python2 1 %define skip_python36 1 %define skip_python38 1 %define skip_python39 1 %define skip_python311 1 %define oldpython python %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-M2Crypto Version: 0.38.0 Release: 6.4 Summary: Crypto and SSL toolkit for Python License: MIT Group: Development/Languages/Python URL: https://gitlab.com/m2crypto/m2crypto Source0: https://files.pythonhosted.org/packages/source/M/M2Crypto/M2Crypto-%{version}.tar.gz Source1: https://files.pythonhosted.org/packages/source/M/M2Crypto/M2Crypto-%{version}.tar.gz.asc Source99: python-M2Crypto.keyring # PATCH-FIX-UPSTREAM CVE-2020-25657-Bleichenbacher-attack.patch bsc#1178829 mcepl@suse.com # Mitigate the Bleichenbacher timing attacks in the RSA decryption API Patch0: CVE-2020-25657-Bleichenbacher-attack.patch # PATCH-FIX-UPSTREAM https://gitlab.com/m2crypto/m2crypto/-/merge_requests/271 Patch1: openssl-stop-parsing-header.patch # Patch-FIX-OPENSUSE add test skips for openssl 3.x Patch2: https://src.fedoraproject.org/rpms/m2crypto/raw/d7be0dd83ee5a414544d99dcc62cde4ad5998f0c/f/m2crypto-0.38-ossl3-tests.patch # PATCH-FIX-UPSTREAM https://gitlab.com/m2crypto/m2crypto/-/merge_requests/284 Patch3: openssl-adapt-tests-for-3.1.0.patch BuildRequires: %{python_module devel} BuildRequires: %{python_module parameterized} BuildRequires: %{python_module pytest} BuildRequires: %{python_module setuptools} BuildRequires: %{python_module typing} BuildRequires: %{python_module xml} BuildRequires: fdupes BuildRequires: openssl BuildRequires: openssl-devel BuildRequires: python-rpm-macros Requires: python-typing Requires: python-xml # hpj: SLES 12 and Leap 42.1 need swig3 to build this package %if 0%{?sle_version} == 120100 BuildRequires: swig3 %else BuildRequires: swig %endif %ifpython2 Provides: %{oldpython}-m2crypto = %{version} Obsoletes: %{oldpython}-m2crypto < %{version} %endif %python_subpackages %description M2Crypto is a crypto and SSL toolkit for Python featuring the following: RSA, DSA, DH, HMACs, message digests, symmetric ciphers (including AES). SSL functionality to implement clients and servers. HTTPS extensions to Python's httplib, urllib, and xmlrpclib. Unforgeable HMAC'ing AuthCookies for web session management. FTP/TLS client and server. S/MIME. ZServerSSL: A HTTPS server for Zope. ZSmime: An S/MIME messenger for Zope. %package -n %{name}-doc Summary: Documentation for the Crypto and SSL toolkit for Python Group: Development/Libraries/Python BuildArch: noarch %description -n %{name}-doc M2Crypto is a crypto and SSL toolkit for Python featuring the following: RSA, DSA, DH, HMACs, message digests, symmetric ciphers (including AES). SSL functionality to implement clients and servers. HTTPS extensions to Python's httplib, urllib, and xmlrpclib. Unforgeable HMAC'ing AuthCookies for web session management. FTP/TLS client and server. S/MIME. ZServerSSL: A HTTPS server for Zope. ZSmime: An S/MIME messenger for Zope. Documentation for the Crypto and SSL toolkit for Python %prep %autosetup -p1 -n M2Crypto-%{version} %build export CFLAGS="%{optflags}" %python_build %install %python_install %python_expand %fdupes %{buildroot}%{$python_sitearch} %check %python_expand ls -l %{buildroot}%{$python_sitearch}/M2Crypto/*.so* export PYTEST_ADDOPTS="--import-mode=append" %pytest_arch tests %files %{python_files} %doc CHANGES LICENCE README.rst %{python_sitearch}/* %files -n %{name}-doc %doc doc/*.rst %changelog * Thu Mar 16 2023 Otto Hollmann - Adapt tests for OpenSSL v3.1.0 * Add openssl-adapt-tests-for-3.1.0.patch * Mon Nov 7 2022 Dirk Müller - add openssl-stop-parsing-header.patch (bsc#1205042) - add m2crypto-0.38-ossl3-tests.patch * Wed Aug 3 2022 Dirk Müller - update CVE-2020-25657-Bleichenbacher-attack.patch to actually contain the fix rather than just being empty (CVE-2020-25657, bsc#1178829) * Tue Jul 12 2022 Matej Cepl - Add CVE-2020-25657-Bleichenbacher-attack.patch (CVE-2020-25657, bsc#1178829), which mitigates the Bleichenbacher timing attacks in the RSA decryption API. - Add python-M2Crypto.keyring to verify GPG signature of tarball. * Thu Apr 7 2022 Matej Cepl - Add missing bug references to this changelog. * Mon Jun 14 2021 Matej Cepl - Update to 0.38.0: - Remove the last use of setup.py test idiom. - Use m2_PyObject_AsReadBuffer instead of PyObject_AsReadBuffer. - Add support for arm64 big endian - Make support of RSA_SSLV23_PADDING optional (it has been deprecated). - Move project to src/ layout - Allow verify_cb_* to be called with ok=True - Be prepared if any of constants in x509_vfy.h is not available. - But we do support 3.8 - We DO NOT support Python 2.6. - All patches were upstreamed: - 293_sslv23_padding.patch - no-need-parameterized.patch - python-M2Crypto-Allow-on-UNABLE_TO_VERIFY_LEAF_SIGNATURE.patch * Thu Apr 22 2021 Matej Cepl - Add no-need-parameterized.patch ... we don't need run-time requirement of parameterized package (bsc#1185150). * Fri Feb 19 2021 Matej Cepl - Add 293_sslv23_padding.patch to avoid using RSA_SSLV23_PADDING (gl#m2crypto/m2crypto#293, gh#openssl/openssl#14216). * Wed Feb 17 2021 Pedro Monreal - OpenSSL allows the verificaton to continue on UNABLE_TO_VERIFY_LEAF_SIGNATURE * This unifies the behaviour of a single certificate with an unknown CA certificate with a self-signed certificate. - Add python-M2Crypto-Allow-on-UNABLE_TO_VERIFY_LEAF_SIGNATURE.patch (Thanks for Debian, https://salsa.debian.org/python-team/packages/m2crypto/-/commit/e0e9ad5cfff8) * Wed Feb 17 2021 Pedro Monreal - Add source signature file * Wed Jan 13 2021 Matej Cepl - Dr. Strangelove or: How I Learned to Stop Worrying and Love pytest * Tue Dec 8 2020 Matej Cepl - Update to 0.37.1: - Remove support for CentOS 6 and Python 2.6 (remove tests.vendor module). Python 2.7 is still fully supported. - Remodel CI: - on GitHub switched from Travis-CI to GH Actions - on GitLab-CI: stop testing 2.7 on Fedora, add centos7 - update appveyor.yml - Stop playing with swig in setup.py, we don't support swig 1.* anymore. - Fix dereferencing of pointers (gl#m2crypto/m2crypto#281) - Replace deprecated PyObject_AsReadBuffer with our own shim (thanks to Casey Deccio for saving my bacon there). - Use parametrized to create parametrized tests (new external dependency). - Only use DigestSign() and DigestUpdate() with OpenSSL >= 1.1.1 - Expose all the X509_V_FLAG - Add support for DigestSign* and DigestVerify* * Mon Jul 13 2020 Matej Cepl Update to 0.36.0: - wrap SocketIO in io.Buffered* for makefile - SSL.Connection.close accepts an argument to force the socket closing - SSL.Connection: make the clientPostConnectionCheck an instance attribute - Fixed bug with usage of unexisting method getreply at SSL_Transport - Add appveyor builds for python 3.7 and 3.8 - Fixed syntax warning on line 44. - Update M2Crypto.six to 1.13.0 - base64.decodestring() was finally removed in Python 3.8. - wrap SocketIO in io.Buffered* for makefile - NULL is legal argument for key and iv paramters of EVP_CipherInit(3) - Expose X509_V_FLAG_ALLOW_PROXY_CERTS verification flag and X509_STORE_SET_FLAGS function - Stop testing for 2.6 and 3.4 on Travis. Start testing 3.8 - Extend test cert validity to 2049 - Revert using typing module in 2.6. It is just not worthy. - Update Debian/stable SSL as well - Make tests pass again. - Stop using string module, which has been deprecated. - Tiny fixes to make pyls more happy - CI: Rework Fedora CI configuration - Remove upstream merged patch 001-fix-buffering-for-python38.patch. * Wed Apr 8 2020 Tomáš Chvátal - Do not pull in py2 pkg on doc subpkg * Mon Mar 9 2020 Marco Strigl - in python3.8 the fp is wrapped in a Buffer. SSL.Connection.makefile returns a socketIO which is no buffer. Added: 001-fix-buffering-for-python38.patch * Mon Jun 10 2019 Matej Cepl - Update to fix release 0.35.2 ... just fixing the test suite (bsc#1172226). * Sat Jun 8 2019 Matej Cepl - Replace fix_OpenSSL111c.patch with proper new release 0.35.1 (there is really not much more in it; bsc#1149792). * Fri Jun 7 2019 Matej Cepl - Add fix_OpenSSL111c.patch patch to ensure compatibility with OpenSSL 1.1.1c. gl#m2crypto/m2crypto#258 and jsc#SLE-9135. * Thu Jun 6 2019 Ondřej Súkup - Upgrade to 0.34.0 - no upstream changelog * Fri Apr 26 2019 Matej Cepl - Upgrade to 0.33.0 (bsc#1135009): - eb4525c - Stop pretending to support Python 3.4. - 6a89548 - Fix use of urlunsplit (25 hours ago) - 0a5a356 - tests/test_ssl: use -ciphercuites for TLS1.3 cipher in openssl1.1 - 8a0a3e3 - There are apparently multiword CPP variables. Taking that into account. - Remove 0001-tests-test_ssl-use-ciphercuites-for-TLS1.3-cipher-in.patch as it included in the latest release. * Thu Mar 7 2019 Matej Cepl - Fix for compatibility with OpenSSL 1.1.0h by adding the patch 0001-tests-test_ssl-use-ciphercuites-for-TLS1.3-cipher-in.patch * Tue Mar 5 2019 Matej Cepl - Update to 0.32.0: * 471582f - setup.py: use ${CPP} as path to cpp * efb1580 - Bump pipeline OpenSSL from 1.1.0i to 1.1.0j * 35bb71b - Stub wchar_t helpers and ignore unused WCHAR defs * effc7be - Add type comment to setup.py * Wed Dec 5 2018 Matej Cepl - Whoops! Here -devel dependency certainly should stay * Tue Dec 4 2018 Matej Cepl - Remove superfluous devel dependency for noarch package * Fri Nov 9 2018 mcepl@suse.com - Update to 0.31.0 released tarball: * Compatibility with OpenSSL 1.1.1 (partly workaround, maybe requires further investigation) * Fixes for Windows builds * Fixes of installs on AWS Lambda * Fixes of Mac OS X related failures * Fix Python 2.6 compatibility issues * Tue Nov 6 2018 mcepl@suse.com - pre-release of 0.31.0 tarball - add openssl-1_1_1-compat.patch to fix OpenSSL 1.1.1 compatibility. * Mon Sep 24 2018 Matěj Cepl - Update to 0.30.1: * Various small typos (Windows builds, Fix SSL.Connection.__del__) * The project is now Linux-distribution agnostic * Replace all old-style classes with the new ones (it shouldn't cause any problems, but feel free to file an issue, if it does) * Do not by-pass a potential transfer decoding in m2urllib2 * Update M2Crypto.six with 1.11.0 and replace our local workarounds with new functions. * SSLv3 just removed. * Don't support Python 2.6 on Windows anymore. Windows users don't have python as a system package, so they are usually more likely to upgrade anyway. * Fri Feb 23 2018 michael@stroeder.com - Update to 0.29.0 (Fixes of some small bugs) * Tue Feb 20 2018 tchvatal@suse.com - Require python-xml that is used by some parts of M2crypto * Fri Feb 9 2018 michael@stroeder.com - Update to 0.28.2: * Fix ppc builds * Fri Feb 9 2018 tchvatal@suse.com - Enable tests, fix docu install phase * Thu Feb 8 2018 michael@stroeder.com - Removed obsolete patches fix-build-python3.diff and fix-openssl-include-path.diff - Update to 0.28.1 * compability with Python 3 * building on Mac OS X should be now more reliable and automagic * Fix licence in metadata: it is MIT, not BSD * Fix and add tests for SWIG/_aes.i module * Bundle-in unittest2 for Python 2.6 * Remove all PGP modules * Wed Nov 8 2017 jmatejek@suse.com - use generic way to require python-typing now that python3 provides it * Wed Oct 25 2017 michael@stroeder.com - License set to MIT * Fri Oct 20 2017 alarrosa@suse.com - Remove unnecessary fdupes call * Wed Oct 18 2017 alarrosa@suse.com - Update to 0.27.0 * Fix licence: it is MIT, not BSD * At least minimal support of SNI in httpslib. * Small bugfixes and cleanups. * More effort to make build system more robust. * Restore m2.rsa_set_e() and m2.rsa_set_n(). * Make sure that every exceptional return throws and exception and viceversa. - Add patch fix-build-python3.diff to let it build with python3 - Add patch fix-openssl-include-path.diff to fix openssl include path (the code already includes the openssl/ part) - Create a new package python-M2Crypto-doc for documentation since rpmlint was complaining around 75%% of the package was documentation. * Tue Sep 26 2017 michael@stroeder.com - Update to 0.26.4 with fix for OpenSSL 1.1.0 and LibreSSL * Fri Sep 22 2017 michael@stroeder.com - Update to 0.26.3 with fix for a syntax error * Thu Sep 21 2017 michael@stroeder.com - Update to 0.26.2 * compatibility with OpenSSL 1.1.0 * Mon Jun 19 2017 sebix+novell.com@sebix.at - only require python3-typing if necessary * Sat May 6 2017 toddrme2178@gmail.com - It doesn't look like python3-m2crypto ever existed, so don't provide it. * Thu Apr 27 2017 alarrosa@suse.com - Add python-typing as a dependency * Wed Apr 26 2017 alarrosa@suse.com - Provide python-m2crypto in the python2 package * Tue Apr 18 2017 toddrme2178@gmail.com - Update to 0.26.0 * No changelog provided - Implement single-spec version. * Mon Sep 12 2016 dmueller@suse.com - use pypi.io as Source URL * Fri Jul 22 2016 michael@stroeder.com - update to 0.25.1 - set new dependency on package python-typing * Fri Jun 3 2016 jweberhofer@weberhofer.at - update to 0.24.0 (bsc#1001377) * No changelog provided - README is no longer included - Removed obsolete python-M2Crypto-SWIG-3.0.5.patch * Mon Dec 7 2015 opensuse@dstoecker.de - fix SSLv2 link error for 13.2 and Leap 42.1 (M2Crypto-0.22.5-SSLv2_link_error.patch) (bsc#969731) * Sat Dec 5 2015 opensuse@dstoecker.de - update to 0.22.5, fix URL - drop python-M2Crypto-SWIG-3.0.5.patch (functionality included upstream) * Thu Nov 26 2015 hpj@urpla.net - SLE12 requires swig3 for a successful build, too * Tue Nov 17 2015 hpj@urpla.net - fix build for openSUSE Leap 42.1 (requires swig3) * Tue Feb 24 2015 dimstar@opensuse.org - Add python-M2Crypto-SWIG-3.0.5.patch: Fix generation of M2Crypto module when using SWIG 3.0.5. - Manually install _m2crypto shadow file: setup.py misses it. (boo#917759, boo#917815). * Thu Apr 17 2014 hrvoje.senjan@gmail.com - Update to 0.22.3 * No changelog provided - Demos are no longer included * Thu Oct 24 2013 speilicke@suse.com - Require python-setuptools instead of distribute (upstreams merged) * Fri Sep 13 2013 jmatejek@suse.com - fixed %%fdupes creating dangling symlinks (bnc#835687) * Fri Apr 5 2013 idonmez@suse.com - Add Source URL, see https://en.opensuse.org/SourceUrls * Mon Jan 14 2013 saschpe@suse.de - Add requirement on python-pyOpenSSL, thinner than M2Crypto * Wed Oct 31 2012 saschpe@suse.de - Narrow the scops of fdupes (see bnc#784670) * Tue Jan 24 2012 bwiedemann@suse.com - fix Obsoletes * Tue Dec 13 2011 coolo@suse.com - fix license to be in spdx.org format * Thu Sep 22 2011 saschpe@suse.de - Use SPDX style license - Require python-distribute instead of python-setuptools - Don't package testsuite * Tue May 31 2011 saschpe@suse.de - Renamed to python-M2Crypto to match PyPI upstream name * Added Provides/Obsoletes for python-m2crypto - Fixed wrong-EOL, executable bit for docs rpmlint warnings * Mon Apr 18 2011 saschpe@suse.de - Update to 0.21.1 - Support OpenSSL 1.0. Thanks to Miloslav Trmac for figuring out how to fix test_smime.py - Rename m2.engine_init to engine_init_error so that ENGINE_init and ENGINE_finish can be exposed, thanks to Erlo - 0.20 started releasing Python locks even around some operations that interacted with the Python runtime, potentially causing crashes and other weirdness, fix by Miloslav Trmac - Make httpslib.ProxyHTTPSConnection work with Python 2.3 - Removed patches that are now upstream - Removed authors from spec * Tue Apr 20 2010 lnussel@suse.de - add some upstream patches to fix openssl 1.0 build * Tue Mar 30 2010 matejcik@suse.cz - update to 0.20.2 * PGP subpackage is deprecated * m2urllib now closes sockets properly * port is now integer in ProxyHTTPSConnection * many bugfixes * test coverage up to 80%% - enabled test suite in %%check phase (requires python-setuptools and openssl binary to run) * Fri Feb 27 2009 jblunck@suse.de - Update to M2Crypto 0.19.1. * Tue Jan 13 2009 matejcik@suse.cz - package taken from devel:languages:python in OBS