diff --git a/.pyOpenSSL.metadata b/.pyOpenSSL.metadata new file mode 100644 index 0000000..2fcdbe6 --- /dev/null +++ b/.pyOpenSSL.metadata @@ -0,0 +1 @@ +60633ebb821d48d7132a436c897288ec0121b892 SOURCES/pyOpenSSL-0.13.1.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/pyOpenSSL-0.13-check-error.patch b/SOURCES/pyOpenSSL-0.13-check-error.patch new file mode 100644 index 0000000..3c7f01c --- /dev/null +++ b/SOURCES/pyOpenSSL-0.13-check-error.patch @@ -0,0 +1,77 @@ +diff -up pyOpenSSL-0.13/OpenSSL/crypto/crypto.c.error pyOpenSSL-0.13/OpenSSL/crypto/crypto.c +--- pyOpenSSL-0.13/OpenSSL/crypto/crypto.c.error 2011-09-02 17:46:13.000000000 +0200 ++++ pyOpenSSL-0.13/OpenSSL/crypto/crypto.c 2013-04-04 14:25:17.405118204 +0200 +@@ -45,12 +45,15 @@ global_passphrase_callback(char *buf, in + + func = (PyObject *)cb_arg; + argv = Py_BuildValue("(i)", rwflag); ++ if (argv == NULL) ++ return 0; + ret = PyEval_CallObject(func, argv); + Py_DECREF(argv); + if (ret == NULL) + return 0; + if (!PyBytes_Check(ret)) + { ++ Py_DECREF(ret); + PyErr_SetString(PyExc_ValueError, "String expected"); + return 0; + } +@@ -58,6 +61,7 @@ global_passphrase_callback(char *buf, in + if (nchars > len) + nchars = len; + strncpy(buf, PyBytes_AsString(ret), nchars); ++ Py_DECREF(ret); + return nchars; + } + +@@ -637,7 +641,10 @@ crypto_sign(PyObject *spam, PyObject *ar + return NULL; + } + +- EVP_SignInit(&md_ctx, digest); ++ if (EVP_SignInit(&md_ctx, digest) <= 0) { ++ exception_from_error_queue(crypto_Error); ++ return NULL; ++ } + EVP_SignUpdate(&md_ctx, data, data_len); + sig_len = sizeof(sig_buf); + err = EVP_SignFinal(&md_ctx, sig_buf, &sig_len, pkey->pkey); +@@ -692,7 +699,11 @@ crypto_verify(PyObject *spam, PyObject * + return NULL; + } + +- EVP_VerifyInit(&md_ctx, digest); ++ if (EVP_VerifyInit(&md_ctx, digest) <= 0) { ++ exception_from_error_queue(crypto_Error); ++ EVP_PKEY_free(pkey); ++ return NULL; ++ } + EVP_VerifyUpdate(&md_ctx, data, data_len); + err = EVP_VerifyFinal(&md_ctx, signature, sig_len, pkey); + EVP_PKEY_free(pkey); +diff -up pyOpenSSL-0.13/OpenSSL/crypto/x509.c.error pyOpenSSL-0.13/OpenSSL/crypto/x509.c +--- pyOpenSSL-0.13/OpenSSL/crypto/x509.c.error 2011-09-02 17:46:13.000000000 +0200 ++++ pyOpenSSL-0.13/OpenSSL/crypto/x509.c 2013-04-04 14:02:34.932847551 +0200 +@@ -656,6 +656,7 @@ crypto_X509_digest(crypto_X509Obj *self, + if (!X509_digest(self->x509,digest,fp,&len)) + { + exception_from_error_queue(crypto_Error); ++ return NULL; + } + tmp = malloc(3*len+1); + memset(tmp, 0, 3*len+1); +diff -up pyOpenSSL-0.13/OpenSSL/ssl/context.c.error pyOpenSSL-0.13/OpenSSL/ssl/context.c +--- pyOpenSSL-0.13/OpenSSL/ssl/context.c.error 2011-09-02 17:46:13.000000000 +0200 ++++ pyOpenSSL-0.13/OpenSSL/ssl/context.c 2013-04-04 14:02:34.932847551 +0200 +@@ -1215,6 +1215,10 @@ ssl_Context_init(ssl_ContextObj *self, i + } + + self->ctx = SSL_CTX_new(method); ++ if (self->ctx == NULL) { ++ exception_from_error_queue(ssl_Error); ++ return NULL; ++ } + Py_INCREF(Py_None); + self->passphrase_callback = Py_None; + Py_INCREF(Py_None); diff --git a/SOURCES/pyOpenSSL-elinks.patch b/SOURCES/pyOpenSSL-elinks.patch new file mode 100644 index 0000000..cdbefab --- /dev/null +++ b/SOURCES/pyOpenSSL-elinks.patch @@ -0,0 +1,33 @@ +diff -Nur pyOpenSSL-0.5.1.orig/doc/tools/mkhowto pyOpenSSL-0.5.1/doc/tools/mkhowto +--- pyOpenSSL-0.5.1.orig/doc/tools/mkhowto 2001-07-30 13:31:48.000000000 +0200 ++++ pyOpenSSL-0.5.1/doc/tools/mkhowto 2003-08-08 16:46:10.000000000 +0200 +@@ -56,7 +56,7 @@ + DVIPS_BINARY = "dvips" + LATEX_BINARY = "latex" + LATEX2HTML_BINARY = "latex2html" +-LYNX_BINARY = "lynx" ++LYNX_BINARY = "elinks" + MAKEINDEX_BINARY = "makeindex" + PDFLATEX_BINARY = "pdflatex" + PERL_BINARY = "perl" +@@ -397,7 +397,7 @@ + if tempdir is None: + tempdir = self.doc + indexfile = os.path.join(tempdir, "index.html") +- self.run("%s -nolist -dump %s >%s.txt" ++ self.run("%s -dump %s >%s.txt" + % (LYNX_BINARY, indexfile, self.doc)) + + def require_temps(self, binary=None): +diff -Nur pyOpenSSL-0.5.1.orig/setup.cfg pyOpenSSL-0.5.1/setup.cfg +--- pyOpenSSL-0.5.1.orig/setup.cfg 2002-09-10 00:05:21.000000000 +0200 ++++ pyOpenSSL-0.5.1/setup.cfg 2003-08-08 16:48:34.000000000 +0200 +@@ -4,7 +4,7 @@ + # bdist_rpm settings contributed by Mihai Ibanescu + [bdist_rpm] + release = 1 +-build-requires = lynx openssl-devel python-devel perl tetex-dvips tetex-latex ++build-requires = elinks openssl-devel python-devel perl tetex-dvips tetex-latex + group = Development/Libraries + build_script = rpm/build_script + doc-files = doc/pyOpenSSL.txt doc/pyOpenSSL.ps doc/html diff --git a/SOURCES/pyOpenSSL-nopdfout.patch b/SOURCES/pyOpenSSL-nopdfout.patch new file mode 100644 index 0000000..0c30083 --- /dev/null +++ b/SOURCES/pyOpenSSL-nopdfout.patch @@ -0,0 +1,46 @@ +--- pyOpenSSL-0.6/doc/tools/texinputs/howto.cls.nopdfout 2001-07-16 07:53:03.000000000 -0400 ++++ pyOpenSSL-0.6/doc/tools/texinputs/howto.cls 2005-03-14 20:22:34.745230000 -0500 +@@ -54,10 +54,16 @@ + % changes \\ to ', ' (comma-space), making it pass muster for + % generating document info in the PDF file. + \def\\{, } +- \pdfinfo{ +- /Author (\@author) +- /Title (\@title) +- } ++ \ifx\pdfoutput\relax ++ \else ++ \ifcase\pdfoutput ++ \else ++ \pdfinfo{ ++ /Author (\@author) ++ /Title (\@title) ++ } ++ \fi ++ \fi + }} + \begin{flushright} + {\rm\Huge\py@HeaderFamily \@title} \par +--- pyOpenSSL-0.6/doc/tools/texinputs/manual.cls.nopdfout 2005-03-14 09:32:50.000000000 -0500 ++++ pyOpenSSL-0.6/doc/tools/texinputs/manual.cls 2005-03-14 09:34:20.000000000 -0500 +@@ -69,10 +69,16 @@ + % changes \\ to ', ' (comma-space), making it pass muster for + % generating document info in the PDF file. + \def\\{, } +- \pdfinfo{ +- /Author (\@author) +- /Title (\@title) +- } ++ \ifx\pdfoutput\relax ++ \else ++ \ifcase\pdfoutput ++ \else ++ \pdfinfo{% ++ /Author (\@author) ++ /Title (\@title) ++ } ++ \fi ++ \fi + }} + \begin{flushright}% + {\rm\Huge\py@HeaderFamily \@title \par}% diff --git a/SPECS/pyOpenSSL.spec b/SPECS/pyOpenSSL.spec new file mode 100644 index 0000000..2fa5b84 --- /dev/null +++ b/SPECS/pyOpenSSL.spec @@ -0,0 +1,326 @@ +%if 0%{?fedora} > 12 +%global with_python3 1 +%endif + +Summary: Python wrapper module around the OpenSSL library +Name: pyOpenSSL +Version: 0.13.1 +Release: 1%{?dist} +Source0: http://pypi.python.org/packages/source/p/pyOpenSSL/pyOpenSSL-%{version}.tar.gz + +# Fedora specific patches + +Patch2: pyOpenSSL-elinks.patch +Patch3: pyOpenSSL-nopdfout.patch + +Patch10: pyOpenSSL-0.13-check-error.patch + +License: ASL 2.0 +Group: Development/Libraries +Url: http://pyopenssl.sourceforge.net/ + +BuildRequires: elinks +BuildRequires: openssl-devel +BuildRequires: tetex-dvips +BuildRequires: tetex-latex +BuildRequires: latex2html + +BuildRequires: python2-devel +%if 0%{?with_python3} +BuildRequires: python3-devel +%endif + +%description +High-level wrapper around a subset of the OpenSSL library, includes among others + * SSL.Connection objects, wrapping the methods of Python's portable + sockets + * Callbacks written in Python + * Extensive error-handling mechanism, mirroring OpenSSL's error codes + +%if 0%{?with_python3} +%package -n python3-pyOpenSSL +Summary: Python wrapper module around the OpenSSL library + +%description -n python3-pyOpenSSL +High-level wrapper around a subset of the OpenSSL library, includes among others + * SSL.Connection objects, wrapping the methods of Python's portable + sockets + * Callbacks written in Python + * Extensive error-handling mechanism, mirroring OpenSSL's error codes +%endif + +%package doc +Summary: Documentation for pyOpenSSL +BuildArch: noarch + +%description doc +Documentation for pyOpenSSL + +# we don't want to provide private python extension libs +%{?filter_setup: +%filter_provides_in %{python_sitearch}/.*\.so$ +%if 0%{?with_python3} +%filter_provides_in %{python3_sitearch}/.*\.so$ +%endif +%filter_requires_in %{_datadir}/doc/ +%filter_setup +} + +%prep +%setup -q -n pyOpenSSL-%{version} +%patch2 -p1 -b .elinks +%patch3 -p1 -b .nopdfout +%patch10 -p1 -b .error + +# Fix permissions for debuginfo package +%{__chmod} -x OpenSSL/ssl/connection.c + +%build +%if 0%{?with_python3} +rm -rf %{py3dir} +cp -a . %{py3dir} +find %{py3dir} -name '*.py' | xargs sed -i '1s|^#!python|#!%{__python3}|' +%endif + +find -name '*.py' | xargs sed -i '1s|^#!python|#!%{__python}|' + +CFLAGS="%{optflags} -fno-strict-aliasing" %{__python} setup.py build + +%if 0%{?with_python3} +pushd %{py3dir} +CFLAGS="%{optflags} -fno-strict-aliasing" %{__python3} setup.py build +popd +%endif + +%{__make} -C doc ps +%{__make} -C doc text html + +%install +%{__python} setup.py install --skip-build --root %{buildroot} + +%if 0%{?with_python3} +pushd %{py3dir} +%{__python3} setup.py install --skip-build --root %{buildroot} +popd +%endif + +%files +%{python_sitearch}/OpenSSL/ +%{python_sitearch}/pyOpenSSL-*.egg-info + +%if 0%{?with_python3} +%files -n python3-pyOpenSSL +%{python3_sitearch}/OpenSSL/ +%{python3_sitearch}/pyOpenSSL-*.egg-info +%endif + +%files doc +%doc README doc/pyOpenSSL.* doc/html + +%changelog +* Thu Sep 5 2013 Tomáš Mráz - 0.13.1-1 +- new upstream release fixing a security issue with string + formatting subjectAltName of a certificate + +* Tue Aug 06 2013 Jeffrey C. Ollie - 0.13-8 +- Python 3 subpackage +- Split documentation off into noarch subpackage + +* Sun Aug 04 2013 Fedora Release Engineering - 0.13-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Thu Apr 4 2013 Tomáš Mráz - 0.13-6 +- Check for error returns which cause segfaults in FIPS mode +- Fix missing error check and leak found by gcc-with-cpychecker (#800086) + +* Thu Feb 14 2013 Fedora Release Engineering - 0.13-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Fri Oct 12 2012 Petr Pisar - 0.13-4 +- Do not scan documentation for dependencies (bug #865806) + +* Mon Oct 08 2012 Dan Horák - 0.13-3 +- rebuilt because ARM packages had wrong Requires autodetected + +* Sat Jul 21 2012 Fedora Release Engineering - 0.13-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed Jun 20 2012 Tomas Mraz - 0.13-1 +- New upstream release + +* Sat Jan 14 2012 Fedora Release Engineering - 0.12-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Jun 28 2011 Tomas Mraz - 0.12-1 +- New upstream release + +* Tue Feb 08 2011 Fedora Release Engineering - 0.10-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Dec 7 2010 Toshio Kuratomi - 0.10-2 +- Fix incompatibility with python-2.7's socket module. + +* Mon Oct 4 2010 Tomas Mraz - 0.10-1 +- Merge-review cleanup by Parag Nemade (#226335) +- New upstream release + +* Wed Jul 21 2010 David Malcolm - 0.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Tue Sep 29 2009 Matěj Cepl - 0.9-1 +- New upstream release +- Fix BuildRequires to make Postscript documentation buildable + +* Fri Aug 21 2009 Tomas Mraz - 0.7-7 +- rebuilt with new openssl + +* Sun Jul 26 2009 Fedora Release Engineering - 0.7-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Thu Feb 26 2009 Fedora Release Engineering - 0.7-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Thu Jan 15 2009 Dennis Gilmore - 0.7-4 +- rebuild against now openssl + +* Sat Nov 29 2008 Ignacio Vazquez-Abrams - 0.7-3 +- Rebuild for Python 2.6 + +* Fri Sep 19 2008 Dennis Gilmore - 0.7-2 +- update threadsafe patch +- bug#462807 + +* Mon Sep 15 2008 Paul F. Johnson 0.7-1 +- bump to new release +- the inevitable patch fixes + + +* Wed Mar 26 2008 Tom "spot" Callaway - 0.6-4 +- fix horrific release tag +- fix license tag +- add egg-info + +* Tue Feb 19 2008 Fedora Release Engineering - 0.6-3.p24.9 +- Autorebuild for GCC 4.3 + +* Wed Dec 5 2007 Jeremy Katz - 0.6-2.p24.9 +- rebuild for new openssl + +* Mon Dec 11 2006 Paul Howarth - 0.6-1.p24.9 +- add missing buildreq latex2html, needed to build HTML docs +- rewrite to be more in line with Fedora python spec template and use + %%{python_sitearch} rather than a script-generated %%files list +- package is not relocatable - drop Prefix: tag +- buildreq perl not necessary +- fix permissions for files going into debuginfo package + +* Thu Dec 7 2006 Jeremy Katz - 0.6-1.p24.8 +- rebuild for python 2.5 + +* Wed Jul 12 2006 Jesse Keating - 0.6-1.p24.7.2.2 +- rebuild + +* Fri Feb 10 2006 Jesse Keating - 0.6-1.p24.7.2.1 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 0.6-1.p24.7.2 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Wed Nov 9 2005 Mihai Ibanescu - 0.6-1.p24.7 +- rebuilt against newer openssl + +* Wed Aug 24 2005 Jeremy Katz - 0.6-1.p24.6 +- add dcbw's patch to fix some threading problems + +* Wed Aug 03 2005 Karsten Hopp 0.6-1.p24.5 +- current rpm creates .pyo files, include them in filelist + +* Thu Mar 17 2005 Mihai Ibanescu 0.6-1.p24.4 +- rebuilt + +* Mon Mar 14 2005 Mihai Ibanescu 0.6-1.p24.3 +- rebuilt + +* Mon Mar 7 2005 Tomas Mraz 0.6-1.p23.2 +- rebuild with openssl-0.9.7e + +* Tue Nov 9 2004 Nalin Dahyabhai 0.6-1.p23.1 +- rebuild + +* Fri Aug 13 2004 Mihai Ibanescu 0.6-1 +- 0.6 is out + +* Tue Aug 10 2004 Mihai Ibanescu 0.6-0.90.rc1 +- release candidate + +* Thu Jun 24 2004 Mihai Ibanescu 0.5.1-24 +- rebuilt + +* Mon Jun 21 2004 Mihai Ibanescu 0.5.1-23 +- rebuilt + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Wed Nov 5 2003 Mihai Ibanescu 0.5.1-20 +- rebuilt against python 2.3.2 + +* Fri Aug 8 2003 Mihai Ibanescu 0.5.1-12 +- lynx no longer supported, using elinks instead (patch from + Michael Redinger , bug #101947 ) + +* Wed Jun 4 2003 Elliot Lee 0.5.1-11 +- Rebuilt + +* Wed Jun 4 2003 Mihai Ibanescu 0.5.1-10.7.x +- Built on 7.x + +* Mon Mar 3 2003 Mihai Ibanescu 0.5.1-9 +- bug #73967: Added Requires: python + +* Mon Feb 24 2003 Elliot Lee +- rebuilt + +* Fri Feb 21 2003 Mihai Ibanescu 0.5.1-7 +- bug #84803: Added patch to expose more flags + +* Fri Jan 31 2003 Mihai Ibanescu 0.5.1-5 +- installing to %%{_libdir} + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Tue Jan 7 2003 Nalin Dahyabhai 0.5.1-3 +- rebuild + +* Fri Jan 3 2003 Nalin Dahyabhai +- Add -I and -L flags for finding Kerberos headers and libraries, in case + they're referenced + +* Tue Dec 3 2002 Mihai Ibanescu +- Fix for bug 73967: site-packages/OpenSSL not owned by this package +- Adding hacks around the lack of latex2html on ia64 + +* Tue Sep 24 2002 Mihai Ibanescu +- 0.5.1 + +* Thu Aug 29 2002 Mihai Ibanescu +- Building 0.5.1rc1 with version number 0.5.0.91 (this should also fix the big + error of pushing 0.5pre previously, since it breaks rpm's version comparison + algorithm). +- We use %%{__python}. Too bad I can't pass --define's to distutils. + +* Fri Aug 16 2002 Mihai Ibanescu +- Building 0.5 + +* Fri Jun 14 2002 Mihai Ibanescu +- Added documentation