From 2ca3596a3bfbe9e9ef53e753e0644e0309d67881 Mon Sep 17 00:00:00 2001 From: CentOS Buildsys Date: Jan 27 2014 20:32:11 +0000 Subject: import m2crypto-0.21.1-15.el7.src.rpm --- diff --git a/SOURCES/m2crypto-0.21.1-SSL_CTX_new.patch b/SOURCES/m2crypto-0.21.1-SSL_CTX_new.patch new file mode 100644 index 0000000..4be91ac --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-SSL_CTX_new.patch @@ -0,0 +1,22 @@ +diff -ur M2Crypto/SWIG/_ssl.i M2Crypto-0.21.1/SWIG/_ssl.i +--- M2Crypto/SWIG/_ssl.i 2013-12-07 05:11:09.638393899 +0100 ++++ M2Crypto-0.21.1/SWIG/_ssl.i 2013-12-07 05:54:06.791902199 +0100 +@@ -60,8 +60,18 @@ + %rename(tlsv1_method) TLSv1_method; + extern SSL_METHOD *TLSv1_method(void); + ++%typemap(out) SSL_CTX * { ++ if ($1 != NULL) ++ $result = SWIG_NewPointerObj($1, $1_descriptor, 0); ++ else { ++ PyErr_SetString(_ssl_err, ERR_reason_error_string(ERR_get_error())); ++ $result = NULL; ++ } ++} + %rename(ssl_ctx_new) SSL_CTX_new; + extern SSL_CTX *SSL_CTX_new(SSL_METHOD *); ++%typemap(out) SSL_CTX *; ++ + %rename(ssl_ctx_free) SSL_CTX_free; + extern void SSL_CTX_free(SSL_CTX *); + %rename(ssl_ctx_set_verify_depth) SSL_CTX_set_verify_depth; diff --git a/SOURCES/m2crypto-0.21.1-sni.patch b/SOURCES/m2crypto-0.21.1-sni.patch new file mode 100644 index 0000000..cfc40d7 --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-sni.patch @@ -0,0 +1,43 @@ +Based on https://bugzilla.osafoundation.org/attachment.cgi?id=5760 +by Sander Steffann . + +diff -ur M2Crypto/M2Crypto/SSL/Connection.py M2Crypto-0.21.1/M2Crypto/SSL/Connection.py +--- M2Crypto/M2Crypto/SSL/Connection.py 2013-12-17 02:01:49.843287273 +0100 ++++ M2Crypto-0.21.1/M2Crypto/SSL/Connection.py 2013-12-17 02:28:28.357633159 +0100 +@@ -368,3 +368,7 @@ + + def set_post_connection_check_callback(self, postConnectionCheck): + self.postConnectionCheck = postConnectionCheck ++ ++ def set_tlsext_host_name(self, name): ++ "Set the requested hostname for the SNI (Server Name Indication) extension" ++ m2.ssl_set_tlsext_host_name(self.ssl, name) +diff -ur M2Crypto/SWIG/_ssl.i M2Crypto-0.21.1/SWIG/_ssl.i +--- M2Crypto/SWIG/_ssl.i 2013-12-17 02:01:49.863287264 +0100 ++++ M2Crypto-0.21.1/SWIG/_ssl.i 2013-12-17 02:39:28.138364398 +0100 +@@ -15,6 +15,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -398,6 +399,17 @@ + return SSL_get_mode(ssl); + } + ++int ssl_set_tlsext_host_name(SSL *ssl, const char *name) { ++ long l; ++ ++ if (!(l = SSL_set_tlsext_host_name(ssl, name))) { ++ PyErr_SetString(_ssl_err, ERR_reason_error_string(ERR_get_error())); ++ return -1; ++ } ++ /* Return an "int" to match the 'typemap(out) int' in _lib.i */ ++ return 1; ++} ++ + void ssl_set_client_CA_list_from_file(SSL *ssl, const char *ca_file) { + SSL_set_client_CA_list(ssl, SSL_load_client_CA_file(ca_file)); + } diff --git a/SOURCES/m2crypto-0.21.1-supported-ec.patch b/SOURCES/m2crypto-0.21.1-supported-ec.patch new file mode 100644 index 0000000..8bff224 --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-supported-ec.patch @@ -0,0 +1,162 @@ +Modify the test suite to only use the EC curves supported by Fedora's +OpenSSL (and when having a choice, use the p256 curve). + +diff -ur M2Crypto/tests/ec.priv.pem M2Crypto-0.21.1/tests/ec.priv.pem +--- M2Crypto/tests/ec.priv.pem 2011-01-15 20:10:05.000000000 +0100 ++++ M2Crypto-0.21.1/tests/ec.priv.pem 2013-12-17 04:02:00.602961297 +0100 +@@ -1,5 +1,5 @@ + -----BEGIN EC PRIVATE KEY----- +-MG0CAQEEHXXhxMbflWHSfCjfxsqHTsIR+BVbREI6JFYGaUs0oAcGBSuBBAAaoUAD +-PgAEAdJXSN/xnRiDqc4wSiYbWB7LGabs71Y9zzIE1ZbzAcvb7uxtoyUxrmRQC8xD +-EO2qZX16mtpmgoNz3EeT ++MHcCAQEEIAdDwKEoKa3qnuvofjRFJgNul5Ldzy1EmoArNuY3jmKUoAoGCCqGSM49 ++AwEHoUQDQgAEA2q6LZM77EldCKF9mBszDIVJVxepXJt6QpjEDtsmetYsNB2e4D1z ++QOjQGGwz+8NeOSkDqhE+1rNAaCjx93CeRg== + -----END EC PRIVATE KEY----- +diff -ur M2Crypto/tests/ec.pub.pem M2Crypto-0.21.1/tests/ec.pub.pem +--- M2Crypto/tests/ec.pub.pem 2011-01-15 20:10:05.000000000 +0100 ++++ M2Crypto-0.21.1/tests/ec.pub.pem 2013-12-17 04:01:53.627964282 +0100 +@@ -1,4 +1,4 @@ + -----BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAdJXSN/xnRiDqc4wSiYbWB7LGabs71Y9 +-zzIE1ZbzAcvb7uxtoyUxrmRQC8xDEO2qZX16mtpmgoNz3EeT ++MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEA2q6LZM77EldCKF9mBszDIVJVxep ++XJt6QpjEDtsmetYsNB2e4D1zQOjQGGwz+8NeOSkDqhE+1rNAaCjx93CeRg== + -----END PUBLIC KEY----- +diff -ur M2Crypto/tests/test_ec_curves.py M2Crypto-0.21.1/tests/test_ec_curves.py +--- M2Crypto/tests/test_ec_curves.py 2011-01-15 20:10:05.000000000 +0100 ++++ M2Crypto-0.21.1/tests/test_ec_curves.py 2013-12-17 03:54:58.321142332 +0100 +@@ -25,75 +25,8 @@ + + + curves = [ +- ('secp112r1', 112), +- ('secp112r2', 112), +- ('secp128r1', 128), +- ('secp128r2', 128), +- ('secp160k1', 160), +- ('secp160r1', 160), +- ('secp160r2', 160), +- ('secp192k1', 192), +- ('secp224k1', 224), +- ('secp224r1', 224), +- ('secp256k1', 256), +- ('secp384r1', 384), +- ('secp521r1', 521), +- +- ('sect113r1', 113), +- ('sect113r2', 113), +- ('sect131r1', 131), +- ('sect131r2', 131), +- ('sect163k1', 163), +- ('sect163r1', 163), +- ('sect163r2', 163), +- ('sect193r1', 193), +- ('sect193r2', 193), +- ('sect233k1', 233), +- ('sect233r1', 233), +- ('sect239k1', 239), +- ('sect283k1', 283), +- ('sect283r1', 283), +- ('sect409k1', 409), +- ('sect409r1', 409), +- ('sect571k1', 571), +- ('sect571r1', 571), +- +- ('X9_62_prime192v1', 192), +- ('X9_62_prime192v2', 192), +- ('X9_62_prime192v3', 192), +- ('X9_62_prime239v1', 239), +- ('X9_62_prime239v2', 239), +- ('X9_62_prime239v3', 239), + ('X9_62_prime256v1', 256), +- +- ('X9_62_c2pnb163v1', 163), +- ('X9_62_c2pnb163v2', 163), +- ('X9_62_c2pnb163v3', 163), +- ('X9_62_c2pnb176v1', 176), +- ('X9_62_c2tnb191v1', 191), +- ('X9_62_c2tnb191v2', 191), +- ('X9_62_c2tnb191v3', 191), +- ('X9_62_c2pnb208w1', 208), +- ('X9_62_c2tnb239v1', 239), +- ('X9_62_c2tnb239v2', 239), +- ('X9_62_c2tnb239v3', 239), +- ('X9_62_c2pnb272w1', 272), +- ('X9_62_c2pnb304w1', 304), +- ('X9_62_c2tnb359v1', 359), +- ('X9_62_c2pnb368w1', 368), +- ('X9_62_c2tnb431r1', 431), +- +- ('wap_wsg_idm_ecid_wtls1', 113), +- ('wap_wsg_idm_ecid_wtls3', 163), +- ('wap_wsg_idm_ecid_wtls4', 113), +- ('wap_wsg_idm_ecid_wtls5', 163), +- ('wap_wsg_idm_ecid_wtls6', 112), +- ('wap_wsg_idm_ecid_wtls7', 160), +- ('wap_wsg_idm_ecid_wtls8', 112), +- ('wap_wsg_idm_ecid_wtls9', 160), +- ('wap_wsg_idm_ecid_wtls10', 233), +- ('wap_wsg_idm_ecid_wtls11', 233), +- ('wap_wsg_idm_ecid_wtls12', 224), ++ ('secp384r1', 384), + ] + + # The following two curves, according to OpenSSL, have a +diff -ur M2Crypto/tests/test_ecdh.py M2Crypto-0.21.1/tests/test_ecdh.py +--- M2Crypto/tests/test_ecdh.py 2011-01-15 20:10:05.000000000 +0100 ++++ M2Crypto-0.21.1/tests/test_ecdh.py 2013-12-17 04:02:25.980950434 +0100 +@@ -20,16 +20,16 @@ + + def test_compute_key(self): + a = EC.load_key(self.privkey) +- b = EC.gen_params(EC.NID_sect233k1) ++ b = EC.gen_params(EC.NID_X9_62_prime256v1) + b.gen_key() + ak = a.compute_dh_key(b.pub()) + bk = b.compute_dh_key(a.pub()) + assert ak == bk + + def test_pubkey_from_der(self): +- a = EC.gen_params(EC.NID_sect233k1) ++ a = EC.gen_params(EC.NID_X9_62_prime256v1) + a.gen_key() +- b = EC.gen_params(EC.NID_sect233k1) ++ b = EC.gen_params(EC.NID_X9_62_prime256v1) + b.gen_key() + a_pub_der = a.pub().get_der() + a_pub = EC.pub_key_from_der(a_pub_der) +diff -ur M2Crypto/tests/test_ecdsa.py M2Crypto-0.21.1/tests/test_ecdsa.py +--- M2Crypto/tests/test_ecdsa.py 2011-01-15 20:10:05.000000000 +0100 ++++ M2Crypto-0.21.1/tests/test_ecdsa.py 2013-12-17 04:02:46.709941569 +0100 +@@ -29,16 +29,16 @@ + + def test_loadkey(self): + ec = EC.load_key(self.privkey) +- assert len(ec) == 233 ++ assert len(ec) == 256 + + def test_loadpubkey(self): + # XXX more work needed + ec = EC.load_pub_key(self.pubkey) +- assert len(ec) == 233 ++ assert len(ec) == 256 + self.assertRaises(EC.ECError, EC.load_pub_key, self.errkey) + + def _test_sign_dsa(self): +- ec = EC.gen_params(EC.NID_sect233k1) ++ ec = EC.gen_params(EC.NID_X9_62_prime256v1) + # ec.gen_key() + self.assertRaises(EC.ECError, ec.sign_dsa, self.data) + ec = EC.load_key(self.privkey) +@@ -60,8 +60,8 @@ + assert not ec2.verify_dsa(self.data, s, r) + + def test_genparam(self): +- ec = EC.gen_params(EC.NID_sect233k1) +- assert len(ec) == 233 ++ ec = EC.gen_params(EC.NID_X9_62_prime256v1) ++ assert len(ec) == 256 + + + def suite(): diff --git a/SOURCES/m2crypto-0.21.1-tests-no-SIGHUP.patch b/SOURCES/m2crypto-0.21.1-tests-no-SIGHUP.patch new file mode 100644 index 0000000..89c76ca --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-tests-no-SIGHUP.patch @@ -0,0 +1,44 @@ +Koji, the Fedora build system, is apparently setting up the build +processes to ignore SIGHUP by default, leading the helper processes +used by test_ssl to never terminate. We could override the SIGHUP +handling, but sending SIGTERM is more correct anyway. + +diff -ur M2Crypto/tests/test_ssl.py M2Crypto-0.21.1/tests/test_ssl.py +--- M2Crypto/tests/test_ssl.py 2013-12-18 02:08:42.411669114 +0100 ++++ M2Crypto-0.21.1/tests/test_ssl.py 2013-12-18 02:10:57.877589271 +0100 +@@ -20,7 +20,7 @@ + - ThreadingSSLServer + """ + +-import os, socket, string, sys, tempfile, thread, time, unittest ++import os, signal, socket, string, sys, tempfile, thread, time, unittest + from M2Crypto import Rand, SSL, m2, Err + + from fips import fips_mode +@@ -95,7 +95,7 @@ + return pid + + def stop_server(self, pid): +- os.kill(pid, 1) ++ os.kill(pid, signal.SIGTERM) + os.waitpid(pid, 0) + + def http_get(self, s): +@@ -1039,7 +1039,7 @@ + finally: + self.stop_server(pid) + finally: +- os.kill(pipe_pid, 1) ++ os.kill(pipe_pid, signal.SIGTERM) + os.waitpid(pipe_pid, 0) + os.unlink('tests/' + FIFO_NAME) + +@@ -1154,7 +1154,7 @@ + chunk = string.split(ps) + pid, cmd = chunk[0], chunk[4] + if cmd == s: +- os.kill(int(pid), 1) ++ os.kill(int(pid), signal.SIGTERM) + f.close() + os.unlink(fn) + diff --git a/SOURCES/m2crypto-0.21.1-tests-no-export-ciphers.patch b/SOURCES/m2crypto-0.21.1-tests-no-export-ciphers.patch new file mode 100644 index 0000000..d123e72 --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-tests-no-export-ciphers.patch @@ -0,0 +1,14 @@ +Recent Fedora releases have disabled export ciphers by default, so +don't test that they work. + +diff -ur M2Crypto/tests/test_ssl.py M2Crypto-0.21.1/tests/test_ssl.py +--- M2Crypto/tests/test_ssl.py 2014-01-06 22:35:45.777935677 +0100 ++++ M2Crypto-0.21.1/tests/test_ssl.py 2014-01-06 22:43:34.025594902 +0100 +@@ -463,6 +463,7 @@ + finally: + self.stop_server(pid) + ++ @unittest.skip("Export ciphers are prohibited in recent Fedora releases") + def test_use_weak_cipher(self): + if fips_mode: # Weak ciphers are prohibited + return diff --git a/SOURCES/m2crypto-0.21.1-tests-random-ports.patch b/SOURCES/m2crypto-0.21.1-tests-random-ports.patch new file mode 100644 index 0000000..ecca9fa --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-tests-random-ports.patch @@ -0,0 +1,216 @@ +Pouze v M2Crypto-0.21.1: randpool.dat +diff -ur M2Crypto/tests/test_bio_ssl.py M2Crypto-0.21.1/tests/test_bio_ssl.py +--- M2Crypto/tests/test_bio_ssl.py 2011-01-15 20:10:05.000000000 +0100 ++++ M2Crypto-0.21.1/tests/test_bio_ssl.py 2014-01-06 23:31:47.709383892 +0100 +@@ -11,7 +11,7 @@ + from M2Crypto import Rand + from M2Crypto import threading as m2threading + +-from test_ssl import srv_host, srv_port ++from test_ssl import srv_host, allocate_srv_port + + class HandshakeClient(threading.Thread): + +@@ -113,6 +113,7 @@ + conn.set_bio(readbio, writebio) + conn.set_accept_state() + handshake_complete = False ++ srv_port = allocate_srv_port() + sock = socket.socket() + sock.bind((srv_host, srv_port)) + sock.listen(5) +diff -ur M2Crypto/tests/test_ssl.py M2Crypto-0.21.1/tests/test_ssl.py +--- M2Crypto/tests/test_ssl.py 2014-01-06 22:49:57.961307007 +0100 ++++ M2Crypto-0.21.1/tests/test_ssl.py 2014-01-06 23:30:13.856457390 +0100 +@@ -26,7 +26,16 @@ + from fips import fips_mode + + srv_host = 'localhost' +-srv_port = 64000 ++ ++def allocate_srv_port(): ++ s = socket.socket() ++ try: ++ s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) ++ s.bind((srv_host, 0)) ++ (host, port) = s.getsockname() ++ finally: ++ s.close() ++ return port + + def verify_cb_new_function(ok, store): + try: +@@ -113,17 +122,13 @@ + + def setUp(self): + self.srv_host = srv_host +- self.srv_port = srv_port +- self.srv_addr = (srv_host, srv_port) +- self.srv_url = 'https://%s:%s/' % (srv_host, srv_port) ++ self.srv_port = allocate_srv_port() ++ self.srv_addr = (srv_host, self.srv_port) ++ self.srv_url = 'https://%s:%s/' % (srv_host, self.srv_port) + self.args = ['s_server', '-quiet', '-www', + #'-cert', 'server.pem', Implicitly using this + '-accept', str(self.srv_port)] + +- def tearDown(self): +- global srv_port +- srv_port = srv_port - 1 +- + + class PassSSLClientTestCase(BaseSSLClientTestCase): + +@@ -136,7 +141,7 @@ + pid = self.start_server(self.args) + try: + from M2Crypto import httpslib +- c = httpslib.HTTPSConnection(srv_host, srv_port) ++ c = httpslib.HTTPSConnection(srv_host, self.srv_port) + c.request('GET', '/') + data = c.getresponse().read() + c.close() +@@ -153,7 +158,7 @@ + ctx.load_cert('tests/x509.pem') + ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 1) + ctx.set_session_cache_mode(m2.SSL_SESS_CACHE_CLIENT) +- c = httpslib.HTTPSConnection(srv_host, srv_port, ssl_context=ctx) ++ c = httpslib.HTTPSConnection(srv_host, self.srv_port, ssl_context=ctx) + c.request('GET', '/') + ses = c.get_session() + t = ses.as_text() +@@ -166,7 +171,7 @@ + ctx2.load_cert('tests/x509.pem') + ctx2.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 1) + ctx2.set_session_cache_mode(m2.SSL_SESS_CACHE_CLIENT) +- c2 = httpslib.HTTPSConnection(srv_host, srv_port, ssl_context=ctx2) ++ c2 = httpslib.HTTPSConnection(srv_host, self.srv_port, ssl_context=ctx2) + c2.set_session(ses) + c2.request('GET', '/') + ses2 = c2.get_session() +@@ -186,7 +191,7 @@ + ctx = SSL.Context() + ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9) + ctx.load_verify_locations('tests/ca.pem') +- c = httpslib.HTTPSConnection(srv_host, srv_port, ssl_context=ctx) ++ c = httpslib.HTTPSConnection(srv_host, self.srv_port, ssl_context=ctx) + c.request('GET', '/') + data = c.getresponse().read() + c.close() +@@ -201,7 +206,7 @@ + ctx = SSL.Context() + ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9) + ctx.load_verify_locations('tests/server.pem') +- c = httpslib.HTTPSConnection(srv_host, srv_port, ssl_context=ctx) ++ c = httpslib.HTTPSConnection(srv_host, self.srv_port, ssl_context=ctx) + self.assertRaises(SSL.SSLError, c.request, 'GET', '/') + c.close() + finally: +@@ -211,7 +216,7 @@ + pid = self.start_server(self.args) + try: + from M2Crypto import httpslib +- c = httpslib.HTTPS(srv_host, srv_port) ++ c = httpslib.HTTPS(srv_host, self.srv_port) + c.putrequest('GET', '/') + c.putheader('Accept', 'text/html') + c.putheader('Accept', 'text/plain') +@@ -232,7 +237,7 @@ + ctx = SSL.Context() + ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9) + ctx.load_verify_locations('tests/ca.pem') +- c = httpslib.HTTPS(srv_host, srv_port, ssl_context=ctx) ++ c = httpslib.HTTPS(srv_host, self.srv_port, ssl_context=ctx) + c.putrequest('GET', '/') + c.putheader('Accept', 'text/html') + c.putheader('Accept', 'text/plain') +@@ -253,7 +258,7 @@ + ctx = SSL.Context() + ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9) + ctx.load_verify_locations('tests/server.pem') +- c = httpslib.HTTPS(srv_host, srv_port, ssl_context=ctx) ++ c = httpslib.HTTPS(srv_host, self.srv_port, ssl_context=ctx) + c.putrequest('GET', '/') + c.putheader('Accept', 'text/html') + c.putheader('Accept', 'text/plain') +@@ -871,7 +876,7 @@ + from M2Crypto import m2urllib + url = m2urllib.FancyURLopener() + url.addheader('Connection', 'close') +- u = url.open('https://%s:%s/' % (srv_host, srv_port)) ++ u = url.open('https://%s:%s/' % (srv_host, self.srv_port)) + data = u.read() + u.close() + finally: +@@ -896,7 +901,7 @@ + from M2Crypto import m2urllib2 + opener = m2urllib2.build_opener() + opener.addheaders = [('Connection', 'close')] +- u = opener.open('https://%s:%s/' % (srv_host, srv_port)) ++ u = opener.open('https://%s:%s/' % (srv_host, self.srv_port)) + data = u.read() + u.close() + finally: +@@ -913,7 +918,7 @@ + from M2Crypto import m2urllib2 + opener = m2urllib2.build_opener(ctx) + opener.addheaders = [('Connection', 'close')] +- u = opener.open('https://%s:%s/' % (srv_host, srv_port)) ++ u = opener.open('https://%s:%s/' % (srv_host, self.srv_port)) + data = u.read() + u.close() + finally: +@@ -930,7 +935,7 @@ + from M2Crypto import m2urllib2 + opener = m2urllib2.build_opener(ctx) + opener.addheaders = [('Connection', 'close')] +- self.assertRaises(SSL.SSLError, opener.open, 'https://%s:%s/' % (srv_host, srv_port)) ++ self.assertRaises(SSL.SSLError, opener.open, 'https://%s:%s/' % (srv_host, self.srv_port)) + finally: + self.stop_server(pid) + +@@ -942,7 +947,7 @@ + from M2Crypto import m2urllib2 + opener = m2urllib2.build_opener(ctx, m2urllib2.HTTPBasicAuthHandler()) + m2urllib2.install_opener(opener) +- req = m2urllib2.Request('https://%s:%s/' % (srv_host, srv_port)) ++ req = m2urllib2.Request('https://%s:%s/' % (srv_host, self.srv_port)) + u = m2urllib2.urlopen(req) + data = u.read() + u.close() +@@ -963,7 +968,7 @@ + import gc + from M2Crypto import m2urllib2 + o = m2urllib2.build_opener() +- r = o.open('https://%s:%s/' % (srv_host, srv_port)) ++ r = o.open('https://%s:%s/' % (srv_host, self.srv_port)) + s = [r.fp._sock.fp] + r.close() + self.assertEqual(len(gc.get_referrers(s[0])), 1) +@@ -990,7 +995,7 @@ + pid = self.start_server(self.args) + try: + from M2Crypto import httpslib +- c = httpslib.HTTPS(srv_host, srv_port) ++ c = httpslib.HTTPS(srv_host, self.srv_port) + c.putrequest('GET', '/') + c.putheader('Accept', 'text/html') + c.putheader('Accept', 'text/plain') +@@ -1029,7 +1034,7 @@ + pid = self.start_server(self.args) + try: + from M2Crypto import httpslib +- c = httpslib.HTTPS(srv_host, srv_port) ++ c = httpslib.HTTPS(srv_host, self.srv_port) + c.putrequest('GET', '/' + FIFO_NAME) + c.putheader('Accept', 'text/html') + c.putheader('Accept', 'text/plain') +@@ -1086,7 +1091,7 @@ + + contextFactory = ContextFactory() + factory = EchoClientFactory() +- wrapper.connectSSL(srv_host, srv_port, factory, contextFactory) ++ wrapper.connectSSL(srv_host, self.srv_port, factory, contextFactory) + reactor.run() # This will block until reactor.stop() is called + finally: + self.stop_server(pid) diff --git a/SOURCES/m2crypto-0.21.1-timeouts.patch b/SOURCES/m2crypto-0.21.1-timeouts.patch index 374e76c..0f3e8b9 100644 --- a/SOURCES/m2crypto-0.21.1-timeouts.patch +++ b/SOURCES/m2crypto-0.21.1-timeouts.patch @@ -1,7 +1,7 @@ -diff -ur m2crypto-0.18/M2Crypto/SSL/Connection.py m2crypto/M2Crypto/SSL/Connection.py ---- m2crypto-0.18/M2Crypto/SSL/Connection.py 2007-06-15 23:34:05.000000000 +0200 -+++ m2crypto/M2Crypto/SSL/Connection.py 2007-07-31 23:30:51.000000000 +0200 -@@ -37,9 +37,11 @@ +diff -urN M2Crypto/M2Crypto/SSL/Connection.py M2Crypto-0.21.1/M2Crypto/SSL/Connection.py +--- M2Crypto/M2Crypto/SSL/Connection.py 2013-11-26 20:01:02.591964970 +0100 ++++ M2Crypto-0.21.1/M2Crypto/SSL/Connection.py 2013-11-26 20:01:19.204950349 +0100 +@@ -47,9 +47,11 @@ self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) self._fileno = self.socket.fileno() @@ -16,7 +16,7 @@ diff -ur m2crypto-0.18/M2Crypto/SSL/Connection.py m2crypto/M2Crypto/SSL/Connecti self.ssl_close_flag = m2.bio_noclose -@@ -137,7 +139,7 @@ +@@ -147,7 +149,7 @@ m2.ssl_set_accept_state(self.ssl) def accept_ssl(self): @@ -25,7 +25,7 @@ diff -ur m2crypto-0.18/M2Crypto/SSL/Connection.py m2crypto/M2Crypto/SSL/Connecti def accept(self): """Accept an SSL connection. The return value is a pair (ssl, addr) where -@@ -159,7 +161,7 @@ +@@ -169,7 +171,7 @@ m2.ssl_set_connect_state(self.ssl) def connect_ssl(self): @@ -34,7 +34,7 @@ diff -ur m2crypto-0.18/M2Crypto/SSL/Connection.py m2crypto/M2Crypto/SSL/Connecti def connect(self, addr): self.socket.connect(addr) -@@ -186,7 +188,7 @@ +@@ -196,7 +198,7 @@ return m2.ssl_pending(self.ssl) def _write_bio(self, data): @@ -43,7 +43,7 @@ diff -ur m2crypto-0.18/M2Crypto/SSL/Connection.py m2crypto/M2Crypto/SSL/Connecti def _write_nbio(self, data): return m2.ssl_write_nbio(self.ssl, data) -@@ -194,7 +196,7 @@ +@@ -204,7 +206,7 @@ def _read_bio(self, size=1024): if size <= 0: raise ValueError, 'size <= 0' @@ -52,7 +52,7 @@ diff -ur m2crypto-0.18/M2Crypto/SSL/Connection.py m2crypto/M2Crypto/SSL/Connecti def _read_nbio(self, size=1024): if size <= 0: -@@ -202,13 +204,13 @@ +@@ -212,13 +214,13 @@ return m2.ssl_read_nbio(self.ssl, size) def write(self, data): @@ -68,7 +68,7 @@ diff -ur m2crypto-0.18/M2Crypto/SSL/Connection.py m2crypto/M2Crypto/SSL/Connecti return self._read_bio(size) return self._read_nbio(size) recv = read -@@ -216,7 +218,17 @@ +@@ -226,7 +228,17 @@ def setblocking(self, mode): """Set this connection's underlying socket to _mode_.""" self.socket.setblocking(mode) @@ -87,7 +87,7 @@ diff -ur m2crypto-0.18/M2Crypto/SSL/Connection.py m2crypto/M2Crypto/SSL/Connecti def fileno(self): return self.socket.fileno() -@@ -293,15 +305,8 @@ +@@ -308,15 +320,8 @@ """Set the cipher suites for this connection.""" return m2.ssl_set_cipher_list(self.ssl, cipher_list) @@ -105,9 +105,9 @@ diff -ur m2crypto-0.18/M2Crypto/SSL/Connection.py m2crypto/M2Crypto/SSL/Connecti def getsockname(self): return self.socket.getsockname() -diff -ur m2crypto-0.18/M2Crypto/SSL/__init__.py m2crypto/M2Crypto/SSL/__init__.py ---- m2crypto-0.18/M2Crypto/SSL/__init__.py 2006-03-20 20:26:28.000000000 +0100 -+++ m2crypto/M2Crypto/SSL/__init__.py 2007-07-31 23:29:21.000000000 +0200 +diff -urN M2Crypto/M2Crypto/SSL/__init__.py M2Crypto-0.21.1/M2Crypto/SSL/__init__.py +--- M2Crypto/M2Crypto/SSL/__init__.py 2013-11-26 20:01:02.590964971 +0100 ++++ M2Crypto-0.21.1/M2Crypto/SSL/__init__.py 2013-11-26 20:01:19.204950349 +0100 @@ -2,11 +2,14 @@ Copyright (c) 1999-2004 Ng Pheng Siong. All rights reserved.""" @@ -124,10 +124,10 @@ diff -ur m2crypto-0.18/M2Crypto/SSL/__init__.py m2crypto/M2Crypto/SSL/__init__.p # M2Crypto.SSL from Cipher import Cipher, Cipher_Stack -diff -ur m2crypto-0.18/SWIG/_ssl.i m2crypto/SWIG/_ssl.i ---- m2crypto-0.18/SWIG/_ssl.i 2007-06-05 02:30:11.000000000 +0200 -+++ m2crypto/SWIG/_ssl.i 2007-08-01 00:06:34.000000000 +0200 -@@ -8,10 +8,13 @@ +diff -urN M2Crypto/SWIG/_ssl.i M2Crypto-0.21.1/SWIG/_ssl.i +--- M2Crypto/SWIG/_ssl.i 2013-11-26 20:01:02.612964952 +0100 ++++ M2Crypto-0.21.1/SWIG/_ssl.i 2013-11-26 20:01:19.205950348 +0100 +@@ -11,10 +11,13 @@ %{ #include @@ -141,7 +141,7 @@ diff -ur m2crypto-0.18/SWIG/_ssl.i m2crypto/SWIG/_ssl.i %} %apply Pointer NONNULL { SSL_CTX * }; -@@ -142,6 +145,11 @@ +@@ -155,6 +158,11 @@ %rename(ssl_session_get_timeout) SSL_SESSION_get_timeout; extern long SSL_SESSION_get_timeout(CONST SSL_SESSION *); @@ -153,7 +153,7 @@ diff -ur m2crypto-0.18/SWIG/_ssl.i m2crypto/SWIG/_ssl.i %constant int ssl_error_none = SSL_ERROR_NONE; %constant int ssl_error_ssl = SSL_ERROR_SSL; %constant int ssl_error_want_read = SSL_ERROR_WANT_READ; -@@ -197,14 +205,19 @@ +@@ -210,14 +218,19 @@ %constant int SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = SSL_MODE_ENABLE_PARTIAL_WRITE; %constant int SSL_MODE_AUTO_RETRY = SSL_MODE_AUTO_RETRY; @@ -174,7 +174,7 @@ diff -ur m2crypto-0.18/SWIG/_ssl.i m2crypto/SWIG/_ssl.i } void ssl_ctx_passphrase_callback(SSL_CTX *ctx, PyObject *pyfunc) { -@@ -358,36 +371,130 @@ +@@ -403,36 +416,130 @@ return ret; } @@ -319,7 +319,7 @@ diff -ur m2crypto-0.18/SWIG/_ssl.i m2crypto/SWIG/_ssl.i obj = NULL; break; } -@@ -396,36 +503,38 @@ +@@ -441,36 +548,38 @@ return obj; } @@ -372,7 +372,7 @@ diff -ur m2crypto-0.18/SWIG/_ssl.i m2crypto/SWIG/_ssl.i obj = NULL; break; } -@@ -438,10 +547,11 @@ +@@ -483,10 +592,11 @@ SSL_set_shutdown(ssl, mode); } @@ -386,7 +386,7 @@ diff -ur m2crypto-0.18/SWIG/_ssl.i m2crypto/SWIG/_ssl.i if (!(buf = PyMem_Malloc(num))) { PyErr_SetString(PyExc_MemoryError, "ssl_read"); -@@ -449,37 +559,44 @@ +@@ -494,37 +604,44 @@ } @@ -457,7 +457,7 @@ diff -ur m2crypto-0.18/SWIG/_ssl.i m2crypto/SWIG/_ssl.i } PyMem_Free(buf); -@@ -537,22 +654,26 @@ +@@ -582,22 +699,26 @@ return obj; } @@ -488,7 +488,7 @@ diff -ur m2crypto-0.18/SWIG/_ssl.i m2crypto/SWIG/_ssl.i case SSL_ERROR_NONE: case SSL_ERROR_ZERO_RETURN: ret = r; -@@ -560,20 +681,17 @@ +@@ -605,20 +726,17 @@ case SSL_ERROR_WANT_WRITE: case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_X509_LOOKUP: @@ -516,10 +516,10 @@ diff -ur m2crypto-0.18/SWIG/_ssl.i m2crypto/SWIG/_ssl.i default: ret = -1; } -diff -ur m2crypto-0.18/tests/test_ssl.py m2crypto/tests/test_ssl.py ---- m2crypto-0.18/tests/test_ssl.py 2007-07-02 22:25:45.000000000 +0200 -+++ m2crypto/tests/test_ssl.py 2007-07-31 23:29:21.000000000 +0200 -@@ -887,6 +887,53 @@ +diff -urN M2Crypto/tests/test_ssl.py M2Crypto-0.21.1/tests/test_ssl.py +--- M2Crypto/tests/test_ssl.py 2013-11-26 20:01:02.582964980 +0100 ++++ M2Crypto-0.21.1/tests/test_ssl.py 2013-11-26 20:01:33.268937969 +0100 +@@ -972,6 +972,77 @@ class TwistedSSLClientTestCase(BaseSSLClientTestCase): @@ -556,19 +556,43 @@ diff -ur m2crypto-0.18/tests/test_ssl.py m2crypto/tests/test_ssl.py + self.failIf(string.find(data, 's_server -quiet -www') == -1) + + def test_makefile_timeout_fires(self): -+ pid = self.start_server(self.args) ++ # This is convoluted because (openssl s_server -www) starts writing the ++ # response as soon as it receives the first line of the request, so it's ++ # possible for it to send the response before the request is sent and ++ # there would be no timeout. So, let the server spend time reading from ++ # an empty pipe ++ FIFO_NAME = 'test_makefile_timeout_fires_fifo' ++ os.mkfifo('tests/' + FIFO_NAME) ++ pipe_pid = os.fork() + try: -+ from M2Crypto import httpslib -+ c = httpslib.HTTPS(srv_host, srv_port) -+ c.putrequest('GET', '/') -+ c.putheader('Accept', 'text/html') -+ c.putheader('Accept', 'text/plain') -+ c.endheaders() -+ c._conn.sock.settimeout(0.0000000001) -+ self.assertRaises(socket.timeout, c.getreply) -+ c.close() ++ if pipe_pid == 0: ++ try: ++ f = open('tests/' + FIFO_NAME, 'w') ++ try: ++ time.sleep(sleepTime + 1) ++ f.write('Content\n') ++ finally: ++ f.close() ++ finally: ++ os._exit(0) ++ self.args[self.args.index('-www')] = '-WWW' ++ pid = self.start_server(self.args) ++ try: ++ from M2Crypto import httpslib ++ c = httpslib.HTTPS(srv_host, srv_port) ++ c.putrequest('GET', '/' + FIFO_NAME) ++ c.putheader('Accept', 'text/html') ++ c.putheader('Accept', 'text/plain') ++ c.endheaders() ++ c._conn.sock.settimeout(0.0000000001) ++ self.assertRaises(socket.timeout, c.getreply) ++ c.close() ++ finally: ++ self.stop_server(pid) + finally: -+ self.stop_server(pid) ++ os.kill(pipe_pid, 1) ++ os.waitpid(pipe_pid, 0) ++ os.unlink('tests/' + FIFO_NAME) + def test_twisted_wrapper(self): # Test only when twisted and ZopeInterfaces are present diff --git a/SPECS/m2crypto.spec b/SPECS/m2crypto.spec index 86cbaa9..41fd17c 100644 --- a/SPECS/m2crypto.spec +++ b/SPECS/m2crypto.spec @@ -6,7 +6,7 @@ Summary: Support for using OpenSSL in python scripts Name: m2crypto Version: 0.21.1 -Release: 11%{?dist} +Release: 15%{?dist} Source0: http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-%{version}.tar.gz # https://bugzilla.osafoundation.org/show_bug.cgi?id=2341 Patch0: m2crypto-0.21.1-timeouts.patch @@ -30,10 +30,22 @@ Patch8: m2crypto-0.21.1-https-proxy.patch Patch9: m2crypto-0.21.1-certs.patch # https://bugzilla.osafoundation.org/show_bug.cgi?id=13072 Patch10: m2crypto-0.21.1-ssl23.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=13098 +Patch11: m2crypto-0.21.1-SSL_CTX_new.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=13073 +Patch12: m2crypto-0.21.1-sni.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=13100 +Patch13: m2crypto-0.21.1-supported-ec.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=13101 +Patch14: m2crypto-0.21.1-tests-no-SIGHUP.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=13103 +Patch15: m2crypto-0.21.1-tests-no-export-ciphers.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=13104 +Patch16: m2crypto-0.21.1-tests-random-ports.patch License: MIT Group: System Environment/Libraries URL: http://wiki.osafoundation.org/bin/view/Projects/MeTooCrypto -BuildRequires: openssl, openssl-devel, python2-devel +BuildRequires: openssl, openssl-devel, python2-devel, python-setuptools BuildRequires: perl, pkgconfig, swig, which %filter_provides_in %{python_sitearch}/M2Crypto/__m2crypto.so @@ -56,6 +68,12 @@ This package allows you to call OpenSSL functions from python scripts. %patch9 -p0 -b .certs openssl x509 -in tests/x509.pem -out tests/x509.der -outform DER %patch10 -p0 -b .ssl23 +%patch11 -p1 -b .SSL_CTX_new +%patch12 -p1 -b .sni +%patch13 -p1 -b .supported-ec +%patch14 -p1 -b .tests-no-SIGHUP +%patch15 -p1 -b .tests-no-export-ciphers +%patch16 -p1 -b .tests-random-ports # Red Hat opensslconf.h #includes an architecture-specific file, but SWIG # doesn't follow the #include. @@ -111,12 +129,43 @@ grep -rl '/usr/bin/env python' demo tests \ rm tests/*.{pem,py}.* # Patch backup files +%check +%{__python} setup.py test + %files -%doc CHANGES LICENCE README demo tests +%doc CHANGES LICENCE README demo %{python_sitearch}/M2Crypto %{python_sitearch}/M2Crypto-*.egg-info %changelog +* Fri Jan 24 2014 Daniel Mach - 0.21.1-15 +- Mass rebuild 2014-01-24 + +* Mon Jan 6 2014 Miloslav Trmač - 0.21.1-14 +- Don't assume that export ciphers are enabled in the test suite + Resolves: #1048887 +- Let the kernel allocate free ports for use by the test suite + Resolves: #1048887 + +* Fri Dec 27 2013 Daniel Mach - 0.21.1-13 +- Mass rebuild 2013-12-27 + +* Thu Dec 19 2013 Miloslav Trmač - 0.21.1-12 +- Fix occasional spurious failures in test_makefile_timeout_fires + Resolves: #969077 +- Fix incorrect exception handling of SSL_CTX_new (manifesting in FIPS mode) + Resolves: #879043 +- Add minimal SNI support, based on a patch by Sander Steffann + + Resolves: #1038795 +- Use only ECC curves available in Fedora in the test suite + Related: #1038813 +- Fix terminating test suite helper processes when running in Koji + Related: #1038813 +- Run test suite in %%check, don't ship it in the package. Based on a patch by + Matěj Cepl . + Resolves: #1038813 + * Thu Feb 14 2013 Fedora Release Engineering - 0.21.1-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild