update to 2.6.1

2020-02-13 16:45:17 +08:00 · 2020-02-13 16:45:17 +08:00 · 391589c5d4
commit 391589c5d4
parent 2c63c933d1
5 changed files with 89 additions and 140 deletions
--- a/Fixed-4380-do-not-assume-TLSv1-is-available-in-OpenS.patch
+++ b/Fixed-4380-do-not-assume-TLSv1-is-available-in-OpenS.patch
@ -1,56 +0,0 @@
-From 525b6547e918e12c45119685d2e208aa0e51c4c9 Mon Sep 17 00:00:00 2001
-From: Alex Gaynor <alex.gaynor@gmail.com>
-Date: Sun, 12 Aug 2018 15:48:24 -0400
-Subject: [PATCH] Fixed #4380 -- do not assume TLSv1 is available in OpenSSL
- (#4389)
-
-* Fixed #4380 -- do not assume TLSv1 is available in OpenSSL
-
-Hallelujah! It's starting to become the case that some OpenSSLs are disabling it.
-
-* cover this file as well
---
- tests/hazmat/backends/test_openssl.py | 2 +-
- tests/hazmat/bindings/test_openssl.py | 6 ++++--
- 2 files changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
-index 31b34cd0..e77f5dc3 100644
--- a/tests/hazmat/backends/test_openssl.py
-+++ b/tests/hazmat/backends/test_openssl.py
-@@ -115,7 +115,7 @@ class TestOpenSSL(object):
-         assert len(errors) == 10
- 
-     def test_ssl_ciphers_registered(self):
-        meth = backend._lib.TLSv1_method()
-+        meth = backend._lib.SSLv23_method()
-         ctx = backend._lib.SSL_CTX_new(meth)
-         assert ctx != backend._ffi.NULL
-         backend._lib.SSL_CTX_free(ctx)
-diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py
-index 488f64e1..c0dbc9ba 100644
--- a/tests/hazmat/bindings/test_openssl.py
-+++ b/tests/hazmat/bindings/test_openssl.py
-@@ -37,7 +37,8 @@ class TestOpenSSL(object):
-         # Test that we're properly handling 32-bit unsigned on all platforms.
-         b = Binding()
-         assert b.lib.SSL_OP_ALL > 0
-        ctx = b.lib.SSL_CTX_new(b.lib.TLSv1_method())
-+        ctx = b.lib.SSL_CTX_new(b.lib.SSLv23_method())
-+        assert ctx != b.ffi.NULL
-         ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free)
-         current_options = b.lib.SSL_CTX_get_options(ctx)
-         resp = b.lib.SSL_CTX_set_options(ctx, b.lib.SSL_OP_ALL)
-@@ -49,7 +50,8 @@ class TestOpenSSL(object):
-         # Test that we're properly handling 32-bit unsigned on all platforms.
-         b = Binding()
-         assert b.lib.SSL_OP_ALL > 0
-        ctx = b.lib.SSL_CTX_new(b.lib.TLSv1_method())
-+        ctx = b.lib.SSL_CTX_new(b.lib.SSLv23_method())
-+        assert ctx != b.ffi.NULL
-         ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free)
-         ssl = b.lib.SSL_new(ctx)
-         ssl = b.ffi.gc(ssl, b.lib.SSL_free)
-- 
-2.19.1
-
--- a/cryptography-2.3.tar.gz
+++ b/cryptography-2.3.tar.gz
--- a/cryptography-2.6.1.tar.gz
+++ b/cryptography-2.6.1.tar.gz
--- a/python-cryptography.spec
+++ b/python-cryptography.spec
@ -1,106 +1,137 @@
-Name: python-cryptography
-Version: 2.3
-Release: 5
-Summary: a package designed to expose cryptographic primitives and recipes to Python developers.
-License: ASL 2.0 or BSD
-URL: https://cryptography.io
-Source0: https://pypi.io/packages/source/c/cryptography/cryptography-2.3.tar.gz
-Patch6000: Fixed-4380-do-not-assume-TLSv1-is-available-in-OpenS.patch
-Patch6001: sigh-missed-one-TLSv1-4392.patch
+%bcond_with python2
+%bcond_without python3

-BuildRequires: openssl-devel gcc python2-devel python2-pytest >= 3.2.1
-BuildRequires: python2-setuptools python2-pretend python2-iso8601
-BuildRequires: python2-cryptography-vectors = %{version} python2-pytz
-BuildRequires: python2-asn1crypto >= 0.21 python2-hypothesis >= 1.11.4
+Name:           python-cryptography
+Version:        2.6.1
+Release:        1
+Summary:        PyCA's cryptography library
+License:        ASL 2.0 or BSD
+URL:            https://cryptography.io/en/latest/
+Source0:        https://pypi.io/packages/source/c/cryptography/cryptography-%{version}.tar.gz
+
+BuildRequires:  openssl-devel
+BuildRequires:  gcc
+
+%if %{with python2}
+BuildRequires:  python2-devel python2-pytest >= 3.2.1 python2-setuptools
+BuildRequires:  python2-pretend python2-iso8601 python2-cryptography-vectors = %{version}
+BuildRequires:  python2-asn1crypto >= 0.21 python2-hypothesis >= 1.11.4 python2-pytz
 BuildRequires:  python2-idna >= 2.1 python2-six >= 1.4.1 python2-cffi >= 1.7
-BuildRequires: python2-enum34 python2-ipaddress python3-iso8601
-BuildRequires: python3-devel python3-setuptools python3-pretend
-BuildRequires: python3-pytest >= 3.2.1 python3-pytz python3-idna >= 2.1
-BuildRequires: python3-cryptography-vectors = %{version} python3-six >= 1.4.1
-BuildRequires: python3-asn1crypto >= 0.21 python3-hypothesis >= 1.11.4
-BuildRequires: python3-cffi >= 1.7
-BuildRequires: procps-ng net-tools openssl python2-pycparser python3-pycparser
+BuildRequires:  python2-enum34 python2-ipaddress
+%endif
+
+BuildRequires:  python%{python3_pkgversion}-devel
+BuildRequires:  python%{python3_pkgversion}-pytest >= 3.2.1
+BuildRequires:  python%{python3_pkgversion}-setuptools
+BuildRequires:  python%{python3_pkgversion}-pretend
+BuildRequires:  python%{python3_pkgversion}-iso8601
+BuildRequires:  python%{python3_pkgversion}-cryptography-vectors = %{version}
+BuildRequires:  python%{python3_pkgversion}-asn1crypto >= 0.21
+BuildRequires:  python%{python3_pkgversion}-hypothesis >= 1.11.4
+BuildRequires:  python%{python3_pkgversion}-pytz
+BuildRequires:  python%{python3_pkgversion}-idna >= 2.1
+BuildRequires:  python%{python3_pkgversion}-six >= 1.4.1
+BuildRequires:  python%{python3_pkgversion}-cffi >= 1.7

 %description
-cryptography is a package which provides cryptographic recipes and primitives
-to Python developers. Our goal is for it to be your "cryptographic standard
-library". It supports Python 2.7, Python 3.4+, and PyPy 5.4+.
+cryptography is a package designed to expose cryptographic primitives and
+recipes to Python developers.

+%if %{with python2}
 %package     -n python2-cryptography
-Summary: a package designed to expose cryptographic primitives and recipes to Python2 developers.
+Summary:        PyCA's cryptography library
+
+Requires:       openssl-libs python2-idna >= 2.1 python2-asn1crypto >= 0.21
+Requires:       python2-six >= 1.4.1 python2-cffi >= 1.7 python2-enum34
+Requires:       python2-ipaddress
+
 %{?python_provide:%python_provide python2-cryptography}
-Requires: openssl python2-idna >= 2.1 python2-asn1crypto >= 0.21
-Requires: python2-six >= 1.4.1 python2-cffi >= 1.7 python2-enum34 python2-ipaddress

 %description -n python2-cryptography
-cryptography is a package which provides cryptographic recipes and primitives
-to Python developers. Our goal is for it to be your "cryptographic standard
-library". It supports Python 2.7, Python 3.4+, and PyPy 5.4+.
+cryptography is a package designed to expose cryptographic primitives and
+recipes to Python developers.
+%endif

-%package -n  python3-cryptography
-Summary: a package designed to expose cryptographic primitives and recipes to Python3 developers.
-%{?python_provide:%python_provide python3-cryptography}
-Requires: openssl python3-idna >= 2.1 python3-asn1crypto >= 0.21
-Requires: python3-six >= 1.4.1 python3-cffi >= 1.7
+%package     -n python%{python3_pkgversion}-cryptography
+Summary:        PyCA's cryptography library

-%description -n python3-cryptography
-cryptography is a package which provides cryptographic recipes and primitives
-to Python developers. Our goal is for it to be your "cryptographic standard
-library". It supports Python 2.7, Python 3.4+, and PyPy 5.4+.
+Requires:       openssl-libs
+Requires:       python%{python3_pkgversion}-idna >= 2.1
+Requires:       python%{python3_pkgversion}-asn1crypto >= 0.21
+Requires:       python%{python3_pkgversion}-six >= 1.4.1
+Requires:       python%{python3_pkgversion}-cffi >= 1.7
+
+%{?python_provide:%python_provide python%{python3_pkgversion}-cryptography}
+
+%description -n python%{python3_pkgversion}-cryptography
+cryptography is a package designed to expose cryptographic primitives and
+recipes to Python developers.

 %package_help

 %prep
 %autosetup -n cryptography-%{version} -p1
+
 rm -rf %{py3dir}
 cp -a . %{py3dir}
 find %{py3dir} -name '*.py' | xargs sed -i '1s|^#!/usr/bin/python|#!%{__python3}|'

 %build
+%if %{with python2}
 %py2_build
+%endif
+
 pushd %{py3dir}
 %py3_build
 popd

 %install
+# Actually other *.c and *.h are appropriate
+# see https://github.com/pyca/cryptography/issues/1463
 find . -name .keep -print -delete
+
+%if %{with python2}
 %py2_install
+%endif
+
 pushd %{py3dir}
 %py3_install
 popd

 %check
-rm -f tests/hazmat/primitives/test_padding.py
-%{__python2} setup.py test
+# see https://github.com/pyca/cryptography/issues/4885 for the deselected test
+%if %{with python2}
+PYTHONPATH=%{buildroot}%{python2_sitearch} %{__python2} -m pytest -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve)"
+%endif
+
 pushd %{py3dir}
-rm -f tests/hazmat/primitives/test_padding.py
-%{__python3} setup.py test
+PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve)"
 popd

-%pre
-
-%preun
-
-%post
-
-%postun
-
+%if %{with python2}
 %files -n python2-cryptography
-%doc README.rst
-%license LICENSE LICENSE.APACHE LICENSE.BSD AUTHORS.rst
+%defattr(-,root,root)
+%doc AUTHORS.rst
+%license LICENSE LICENSE.APACHE LICENSE.BSD
 %{python2_sitearch}/cryptography
 %{python2_sitearch}/cryptography-%{version}-py*.egg-info
+%endif

-%files -n python3-cryptography
-%doc README.rst
-%license LICENSE LICENSE.APACHE LICENSE.BSD AUTHORS.rst
+%files -n python%{python3_pkgversion}-cryptography
+%defattr(-,root,root)
+%doc AUTHORS.rst
+%license LICENSE LICENSE.APACHE LICENSE.BSD
 %{python3_sitearch}/*
 %{python3_sitearch}/cryptography-%{version}-py*.egg-info

 %files help
-%doc docs
+%defattr(-,root,root)
+%doc README.rst docs

 %changelog
+* Thu Feb 13 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.6.1-1
+- Update to 2.6.1
+
 * Tue Oct 22 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.3-5
 - Package rebuild.

--- a/sigh-missed-one-TLSv1-4392.patch
+++ b/sigh-missed-one-TLSv1-4392.patch
@ -1,26 +0,0 @@
-From b1aad8f273dfec7641b31bfbeaebfb921e27122a Mon Sep 17 00:00:00 2001
-From: Alex Gaynor <alex.gaynor@gmail.com>
-Date: Sun, 12 Aug 2018 17:39:32 -0400
-Subject: [PATCH] sigh, missed one TLSv1 (#4392)
-
---
- tests/hazmat/bindings/test_openssl.py | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py
-index c0dbc9ba..f317f07f 100644
--- a/tests/hazmat/bindings/test_openssl.py
-+++ b/tests/hazmat/bindings/test_openssl.py
-@@ -65,7 +65,8 @@ class TestOpenSSL(object):
-         # Test that we're properly handling 32-bit unsigned on all platforms.
-         b = Binding()
-         assert b.lib.SSL_OP_ALL > 0
-        ctx = b.lib.SSL_CTX_new(b.lib.TLSv1_method())
-+        ctx = b.lib.SSL_CTX_new(b.lib.SSLv23_method())
-+        assert ctx != b.ffi.NULL
-         ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free)
-         ssl = b.lib.SSL_new(ctx)
-         ssl = b.ffi.gc(ssl, b.lib.SSL_free)
-- 
-2.19.1
-