diff --git a/SOURCES/m2crypto-0.21.1-SAN-ip.patch b/SOURCES/m2crypto-0.21.1-SAN-ip.patch
new file mode 100644
index 0000000..ab593a8
--- /dev/null
+++ b/SOURCES/m2crypto-0.21.1-SAN-ip.patch
@@ -0,0 +1,57 @@
+diff -ur M2Crypto/M2Crypto/SSL/Checker.py M2Crypto-0.21.1/M2Crypto/SSL/Checker.py
+--- M2Crypto/M2Crypto/SSL/Checker.py 2011-01-15 20:10:05.000000000 +0100
++++ M2Crypto-0.21.1/M2Crypto/SSL/Checker.py 2015-07-07 16:41:53.887094222 +0200
+@@ -11,6 +11,7 @@
+ 'WrongHost', 'Checker']
+
+ from M2Crypto import util, EVP, m2
++import socket
+ import re
+
+ class SSLVerificationError(Exception):
+@@ -161,6 +162,10 @@
+ self.useSubjectAltNameOnly = True
+ if self._match(host, certHost[4:]):
+ return True
++ elif certHost[:11] == 'ip address:':
++ self.useSubjectAltNameOnly = True
++ if self._matchIPAddress(host, certHost[11:]):
++ return True
+ return False
+
+
+@@ -218,6 +223,34 @@
+
+ return False
+
++ def _matchIPAddress(self, host, certHost):
++ """
++ >>> check = Checker()
++ >>> check._matchIPAddress(host='my.example.com', certHost='my.example.com')
++ False
++ >>> check._matchIPAddress(host='1.2.3.4', certHost='1.2.3.4')
++ True
++ >>> check._matchIPAddress(host='1.2.3.4', certHost='*.2.3.4')
++ False
++ >>> check._matchIPAddress(host='1.2.3.4', certHost='1.2.3.40')
++ False
++ >>> check._matchIPAddress(host='::1', certHost='::1')
++ True
++ >>> check._matchIPAddress(host='::1', certHost='0:0:0:0:0:0:0:1')
++ True
++ >>> check._matchIPAddress(host='::1', certHost='::2')
++ False
++ """
++ try:
++ canonical = socket.getaddrinfo(host, 0, 0, socket.SOCK_STREAM, 0,
++ socket.AI_NUMERICHOST)
++ certCanonical = socket.getaddrinfo(certHost, 0, 0,
++ socket.SOCK_STREAM, 0,
++ socket.AI_NUMERICHOST)
++ except:
++ return False
++ return canonical == certCanonical
++
+
+ if __name__ == '__main__':
+ import doctest
diff --git a/SOURCES/m2crypto-0.21.1-test_cookie_str_changed.patch b/SOURCES/m2crypto-0.21.1-test_cookie_str_changed.patch
new file mode 100644
index 0000000..3b08256
--- /dev/null
+++ b/SOURCES/m2crypto-0.21.1-test_cookie_str_changed.patch
@@ -0,0 +1,30 @@
+diff -ur M2Crypto/tests/test_authcookie.py M2Crypto-0.21.1/tests/test_authcookie.py
+--- M2Crypto/tests/test_authcookie.py 2011-01-15 20:10:05.000000000 +0100
++++ M2Crypto-0.21.1/tests/test_authcookie.py 2015-07-07 14:42:20.713482088 +0200
+@@ -114,7 +114,7 @@
+ def test_cookie_str_changed_exp(self):
+ c = self.jar.makeCookie(self.exp, self.data)
+ cout = c.output()
+- str = cout[:26] + '2' + cout[27:]
++ str = cout[:26] + chr(ord(cout[26])^1) + cout[27:]
+ s = Cookie.SmartCookie()
+ s.load(str)
+ self.failIf(self.jar.isGoodCookieString(s.output()))
+@@ -122,7 +122,7 @@
+ def test_cookie_str_changed_data(self):
+ c = self.jar.makeCookie(self.exp, self.data)
+ cout = c.output()
+- str = cout[:36] + 'X' + cout[37:]
++ str = cout[:36] + chr(ord(cout[36])^1) + cout[37:]
+ s = Cookie.SmartCookie()
+ s.load(str)
+ self.failIf(self.jar.isGoodCookieString(s.output()))
+@@ -130,7 +130,7 @@
+ def test_cookie_str_changed_mac(self):
+ c = self.jar.makeCookie(self.exp, self.data)
+ cout = c.output()
+- str = cout[:76] + 'X' + cout[77:]
++ str = cout[:76] + chr(ord(cout[76])^1) + cout[77:]
+ s = Cookie.SmartCookie()
+ s.load(str)
+ self.failIf(self.jar.isGoodCookieString(s.output()))
diff --git a/SPECS/m2crypto.spec b/SPECS/m2crypto.spec
index 41fd17c..98f9088 100644
--- a/SPECS/m2crypto.spec
+++ b/SPECS/m2crypto.spec
@@ -1,12 +1,12 @@
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
# Keep this value in sync with the definition in openssl.spec.
-%global multilib_arches %{ix86} ia64 ppc ppc64 s390 s390x x86_64 sparc sparcv9 sparc64
+%global multilib_arches %{ix86} ia64 ppc %{power64} s390 s390x sparcv9 sparc64 x86_64
Summary: Support for using OpenSSL in python scripts
Name: m2crypto
Version: 0.21.1
-Release: 15%{?dist}
+Release: 17%{?dist}
Source0: http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-%{version}.tar.gz
# https://bugzilla.osafoundation.org/show_bug.cgi?id=2341
Patch0: m2crypto-0.21.1-timeouts.patch
@@ -42,6 +42,10 @@ Patch14: m2crypto-0.21.1-tests-no-SIGHUP.patch
Patch15: m2crypto-0.21.1-tests-no-export-ciphers.patch
# https://bugzilla.osafoundation.org/show_bug.cgi?id=13104
Patch16: m2crypto-0.21.1-tests-random-ports.patch
+# https://github.com/martinpaljak/M2Crypto/issues/70
+Patch17: m2crypto-0.21.1-test_cookie_str_changed.patch
+# https://github.com/martinpaljak/M2Crypto/issues/19
+Patch18: m2crypto-0.21.1-SAN-ip.patch
License: MIT
Group: System Environment/Libraries
URL: http://wiki.osafoundation.org/bin/view/Projects/MeTooCrypto
@@ -74,6 +78,8 @@ openssl x509 -in tests/x509.pem -out tests/x509.der -outform DER
%patch14 -p1 -b .tests-no-SIGHUP
%patch15 -p1 -b .tests-no-export-ciphers
%patch16 -p1 -b .tests-random-ports
+%patch17 -p1 -b .test_cookie_str_changed
+%patch18 -p1 -b .SAN-ip
# Red Hat opensslconf.h #includes an architecture-specific file, but SWIG
# doesn't follow the #include.
@@ -138,6 +144,16 @@ rm tests/*.{pem,py}.* # Patch backup files
%{python_sitearch}/M2Crypto-*.egg-info
%changelog
+* Tue Jul 7 2015 Miloslav Trmač <mitr@redhat.com> - 0.21.1-17
+- Fix spurious failures of test_cookie_str_changed_mac
+ Resolves: #1073950
+- Add support for IP addresses in subjectAltName
+ Resolves: #1080142
+
+* Wed Aug 20 2014 Miloslav Trmač <mitr@redhat.com> - 0.21.1-16
+- Sync %%multilib_arches with openssl.
+ Resolves: #1125603
+
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.21.1-15
- Mass rebuild 2014-01-24