diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..0add08e --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/cryptography-1.7.2.tar.gz diff --git a/.python-cryptography.metadata b/.python-cryptography.metadata new file mode 100644 index 0000000..c0a6e12 --- /dev/null +++ b/.python-cryptography.metadata @@ -0,0 +1 @@ +2b5bc62fda71992633f83164b1a74c16a784acdf SOURCES/cryptography-1.7.2.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 98f42b4..0000000 --- a/README.md +++ /dev/null @@ -1,4 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/0001-Drop-minimal-setuptools-and-pytest-version-fron-setu.patch b/SOURCES/0001-Drop-minimal-setuptools-and-pytest-version-fron-setu.patch new file mode 100644 index 0000000..1328393 --- /dev/null +++ b/SOURCES/0001-Drop-minimal-setuptools-and-pytest-version-fron-setu.patch @@ -0,0 +1,34 @@ +From 061a06b4ec5aa942db5b5bdbfe392911d9b949e6 Mon Sep 17 00:00:00 2001 +From: Christian Heimes +Date: Mon, 14 Aug 2017 13:33:23 +0200 +Subject: [PATCH 1/4] Drop minimal setuptools and pytest version fron setup.py + +--- + setup.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/setup.py b/setup.py +index c5a99be5..0d951bb8 100644 +--- a/setup.py ++++ b/setup.py +@@ -37,7 +37,7 @@ requirements = [ + "idna>=2.0", + "pyasn1>=0.1.8", + "six>=1.4.1", +- "setuptools>=11.3", ++ "setuptools", + ] + setup_requirements = [] + +@@ -58,7 +58,7 @@ else: + setup_requirements.append("cffi>=1.4.1") + + test_requirements = [ +- "pytest>=2.9.0", ++ "pytest", + "pretend", + "iso8601", + "pyasn1_modules", +-- +2.13.5 + diff --git a/SOURCES/0002-Disable-unsupported-tests.patch b/SOURCES/0002-Disable-unsupported-tests.patch new file mode 100644 index 0000000..62337a4 --- /dev/null +++ b/SOURCES/0002-Disable-unsupported-tests.patch @@ -0,0 +1,42 @@ +From da48b31f7d1e247ed6e00ee09b8c80ca0231e507 Mon Sep 17 00:00:00 2001 +From: Christian Heimes +Date: Mon, 14 Aug 2017 13:34:17 +0200 +Subject: [PATCH 2/4] Disable unsupported tests + +pytest 2.7 does not support context manager for deprecated_call(). +--- + tests/test_x509.py | 3 ++- + tests/test_x509_ext.py | 3 ++- + 2 files changed, 4 insertions(+), 2 deletions(-) + +diff --git a/tests/test_x509.py b/tests/test_x509.py +index 966cba6f..fce617cc 100644 +--- a/tests/test_x509.py ++++ b/tests/test_x509.py +@@ -527,7 +527,8 @@ class TestRSACertificate(object): + assert cert.serial == 2 + assert cert.serial_number == 2 + +- def test_cert_serial_warning(self, backend): ++ def DISABLED_test_cert_serial_warning(self, backend): ++ # pytest 2.7 does not support context manager for deprecated_call() + cert = _load_cert( + os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"), + x509.load_der_x509_certificate, +diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py +index 7104121d..00cf0a6f 100644 +--- a/tests/test_x509_ext.py ++++ b/tests/test_x509_ext.py +@@ -3003,7 +3003,8 @@ class TestDistributionPoint(object): + with pytest.raises(ValueError): + x509.DistributionPoint("data", "notname", None, None) + +- def test_relative_name_name_value_deprecated(self): ++ def DISABLED_test_relative_name_name_value_deprecated(self): ++ # pytest 2.7 does not support context manager for deprecated_call() + with pytest.deprecated_call(): + x509.DistributionPoint( + None, +-- +2.13.5 + diff --git a/SOURCES/0003-Refactor-binding-initialization-to-allow-specified-e.patch b/SOURCES/0003-Refactor-binding-initialization-to-allow-specified-e.patch new file mode 100644 index 0000000..e6a0b31 --- /dev/null +++ b/SOURCES/0003-Refactor-binding-initialization-to-allow-specified-e.patch @@ -0,0 +1,77 @@ +From 53e182c619774669ad4e54d3ed9fc03155cd2741 Mon Sep 17 00:00:00 2001 +From: Christian Heimes +Date: Mon, 13 Feb 2017 21:28:02 -0600 +Subject: [PATCH 3/4] Refactor binding initialization to allow specified errors + (#3278) + +If pyca/cryptography sees any errors on the error stack during its own +initialization it immediately raises InternalError and refuses to +proceed. This was a safety measure since we weren't sure if it was +safe to proceed. However, reality has intervened and we have to +bow to the god of pragmatism and just clear the error queue. In +practice this is safe since we religiously check the error queue +in operation. + +Fixes RHBZ #1402235 +--- + src/cryptography/hazmat/bindings/openssl/binding.py | 7 ++++++- + tests/hazmat/bindings/test_openssl.py | 16 +++++++++++++++- + 2 files changed, 21 insertions(+), 2 deletions(-) + +diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py +index 39750abc..096faf5c 100644 +--- a/src/cryptography/hazmat/bindings/openssl/binding.py ++++ b/src/cryptography/hazmat/bindings/openssl/binding.py +@@ -111,7 +111,12 @@ class Binding(object): + + @classmethod + def _register_osrandom_engine(cls): +- _openssl_assert(cls.lib, cls.lib.ERR_peek_error() == 0) ++ # Clear any errors extant in the queue before we start. In many ++ # scenarios other things may be interacting with OpenSSL in the same ++ # process space and it has proven untenable to assume that they will ++ # reliably clear the error queue. Once we clear it here we will ++ # error on any subsequent unexpected item in the stack. ++ cls.lib.ERR_clear_error() + cls._osrandom_engine_id = cls.lib.Cryptography_osrandom_engine_id + cls._osrandom_engine_name = cls.lib.Cryptography_osrandom_engine_name + result = cls.lib.Cryptography_add_osrandom_engine() +diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py +index 3e01717c..854615f1 100644 +--- a/tests/hazmat/bindings/test_openssl.py ++++ b/tests/hazmat/bindings/test_openssl.py +@@ -8,7 +8,8 @@ import pytest + + from cryptography.exceptions import InternalError + from cryptography.hazmat.bindings.openssl.binding import ( +- Binding, _OpenSSLErrorWithText, _openssl_assert, _verify_openssl_version ++ Binding, _OpenSSLErrorWithText, _consume_errors, _openssl_assert, ++ _verify_openssl_version + ) + + +@@ -108,8 +109,21 @@ class TestOpenSSL(object): + ) + )] + ++ + def test_verify_openssl_version(self, monkeypatch): + monkeypatch.delenv("CRYPTOGRAPHY_ALLOW_OPENSSL_100", raising=False) + with pytest.raises(RuntimeError): + # OpenSSL 1.0.0 + _verify_openssl_version(0x100000F) ++ ++ def test_check_startup_errors_are_allowed(self): ++ b = Binding() ++ b.lib.ERR_put_error( ++ b.lib.ERR_LIB_EVP, ++ b.lib.EVP_F_EVP_ENCRYPTFINAL_EX, ++ b.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH, ++ b"", ++ -1 ++ ) ++ b._register_osrandom_engine() ++ assert _consume_errors(b.lib) == [] +-- +2.13.5 + diff --git a/SOURCES/0004-Enlarge-_oid2txt-buffer-to-handle-larger-OIDs-3612.patch b/SOURCES/0004-Enlarge-_oid2txt-buffer-to-handle-larger-OIDs-3612.patch new file mode 100644 index 0000000..0857640 --- /dev/null +++ b/SOURCES/0004-Enlarge-_oid2txt-buffer-to-handle-larger-OIDs-3612.patch @@ -0,0 +1,144 @@ +From fb637b7c58e42d7c99558276ffaabec1878bf97d Mon Sep 17 00:00:00 2001 +From: Christian Heimes +Date: Mon, 29 May 2017 16:33:20 -0500 +Subject: [PATCH 4/4] Enlarge _oid2txt buffer to handle larger OIDs (#3612) + +The OpenSSL manual recommends a buffer size of 80 for OBJ_oid2txt: +https://www.openssl.org/docs/crypto/OBJ_nid2ln.html#return_values. +But OIDs longer than this occur in real life (e.g. Active Directory +makes some very long OIDs). If the length of the stringified OID +exceeds the buffer size, allocate a new buffer that is big enough to +hold the stringified OID, and re-do the conversion into the new +buffer. + +NOTE: bigoid.pem has been moved to tests/. + +Fixes RHBZ #1455755 +--- + docs/development/test-vectors.rst | 3 ++ + .../hazmat/backends/openssl/decode_asn1.py | 14 ++++++++++ + tests/bigoid.pem | 32 ++++++++++++++++++++++ + tests/test_x509_ext.py | 19 +++++++++++++ + 4 files changed, 68 insertions(+) + create mode 100644 tests/bigoid.pem + +diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst +index fb72240d..bc72a470 100644 +--- a/docs/development/test-vectors.rst ++++ b/docs/development/test-vectors.rst +@@ -127,6 +127,9 @@ X.509 + * ``alternate-rsa-sha1-oid.pem`` - A certificate from an + `unknown signature OID`_ Mozilla bug that uses an alternate signature OID for + RSA with SHA1. ++* ``bigoid.pem`` - A certificate with a rather long OID in the ++ Certificate Policies extension. We need to make sure we can parse ++ long OIDs. + + Custom X.509 Vectors + ~~~~~~~~~~~~~~~~~~~~ +diff --git a/src/cryptography/hazmat/backends/openssl/decode_asn1.py b/src/cryptography/hazmat/backends/openssl/decode_asn1.py +index 2cbc349e..5a23da25 100644 +--- a/src/cryptography/hazmat/backends/openssl/decode_asn1.py ++++ b/src/cryptography/hazmat/backends/openssl/decode_asn1.py +@@ -24,9 +24,23 @@ from cryptography.x509.oid import ( + def _obj2txt(backend, obj): + # Set to 80 on the recommendation of + # https://www.openssl.org/docs/crypto/OBJ_nid2ln.html#return_values ++ # ++ # But OIDs longer than this occur in real life (e.g. Active ++ # Directory makes some very long OIDs). So we need to detect ++ # and properly handle the case where the default buffer is not ++ # big enough. ++ # + buf_len = 80 + buf = backend._ffi.new("char[]", buf_len) ++ ++ # 'res' is the number of bytes that *would* be written if the ++ # buffer is large enough. If 'res' > buf_len - 1, we need to ++ # alloc a big-enough buffer and go again. + res = backend._lib.OBJ_obj2txt(buf, buf_len, obj, 1) ++ if res > buf_len - 1: # account for terminating null byte ++ buf_len = res + 1 ++ buf = backend._ffi.new("char[]", buf_len) ++ res = backend._lib.OBJ_obj2txt(buf, buf_len, obj, 1) + backend.openssl_assert(res > 0) + return backend._ffi.buffer(buf, res)[:].decode() + +diff --git a/tests/bigoid.pem b/tests/bigoid.pem +new file mode 100644 +index 00000000..7bf865bf +--- /dev/null ++++ b/tests/bigoid.pem +@@ -0,0 +1,32 @@ ++-----BEGIN CERTIFICATE----- ++MIIFiTCCBHGgAwIBAgITSAAAAAd1bEC5lsOdnQAAAAAABzANBgkqhkiG9w0BAQsF ++ADBLMRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxEjAQBgoJkiaJk/IsZAEZFgJhZDEe ++MBwGA1UEAxMVYWQtV0lOLVBQSzAxNUY5TURRLUNBMB4XDTE3MDUyNTIzNDg0NVoX ++DTE5MDUyNTIzNTg0NVowNDESMBAGA1UEChMJSVBBLkxPQ0FMMR4wHAYDVQQDExVD ++ZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK ++AoIBAQDyyuty6irlL89hdaSW0UyAGLsOOMgAuJwBAeuRUorR159rsSnUXLcTHIsm ++EszKhwxp3NkkawRWx/s0UN1m2+RUwMl6gvlw+G80Mz0S77C77M+2lO8HRmZGm+Wu ++zBNcc9SANHuDQ1NISfZgLiscMS0+l0T3g6/Iqtg1kPWrq/tMevfh6tJEIedSBGo4 ++3xKEMSDkrvaeTuSVrgn/QT0m+WNccZa0c7X35L/hgR22/l5sr057Ef8F9vL8zUH5 ++TttFBIuiWJo8A8XX9I1zYIFhWjW3OVDZPBUnhGHH6yNyXGxXMRfcrrc74eTw8ivC ++080AQuRtgwvDErB/JPDJ5w5t/ielAgMBAAGjggJ7MIICdzA9BgkrBgEEAYI3FQcE ++MDAuBiYrBgEEAYI3FQiEoqJGhYq1PoGllQqGi+F4nacAgRODs5gfgozzAAIBZAIB ++BTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUnSrC ++yW3CR0e3ilJdN6kL06P3KHMwHwYDVR0jBBgwFoAUj69xtyUNwp8on+NWO+HlxKyg ++X7AwgdgGA1UdHwSB0DCBzTCByqCBx6CBxIaBwWxkYXA6Ly8vQ049YWQtV0lOLVBQ ++SzAxNUY5TURRLUNBLENOPVdJTi1QUEswMTVGOU1EUSxDTj1DRFAsQ049UHVibGlj ++JTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixE ++Qz1hZCxEQz1sb2NhbD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2Jq ++ZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwgcQGCCsGAQUFBwEBBIG3MIG0 ++MIGxBggrBgEFBQcwAoaBpGxkYXA6Ly8vQ049YWQtV0lOLVBQSzAxNUY5TURRLUNB ++LENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD ++Tj1Db25maWd1cmF0aW9uLERDPWFkLERDPWxvY2FsP2NBQ2VydGlmaWNhdGU/YmFz ++ZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MDMGA1UdIAQsMCow ++KAYmKwYBBAGCNxUIhKKiRoWKtT6BpZUKhovheJ2nAIEThrXzUYabpA4wDQYJKoZI ++hvcNAQELBQADggEBAIsFS+Qc/ufTrkuHbMmzksOpxq+OIi9rot8zy9/1Vmj6d+iP ++kB+vQ1u4/IhdQArJFNhsBzWSY9Pi8ZclovpepFeEZfXPUenyeRCU43HdMXcHXnlP ++YZfyLQWOugdo1WxK6S9qQSOSlC7BSGZWvKkiAPAwr4zNbbS+ROA2w0xaYMv0rr5W ++A4UAyzZAdqaGRJBRvCZ/uFHM5wMw0LzNCL4CqKW9jfZX0Fc2tdGx8zbTYxIdgr2D ++PL25as32r3S/m4uWqoQaK0lxK5Y97eusK2rrmidy32Jctzwl29UWq8kpjRAuD8iR ++CSc7sKqOf+fn3+fKITR2/DcSVvb0SGCr5fVVnjQ= ++-----END CERTIFICATE----- +diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py +index 00cf0a6f..91df35db 100644 +--- a/tests/test_x509_ext.py ++++ b/tests/test_x509_ext.py +@@ -409,6 +409,7 @@ class TestPolicyInformation(object): + assert pi != object() + + ++@pytest.mark.requires_backend_interface(interface=X509Backend) + class TestCertificatePolicies(object): + def test_invalid_policies(self): + pq = [u"string"] +@@ -481,6 +482,24 @@ class TestCertificatePolicies(object): + assert cp[-1] == cp[4] + assert cp[2:6:2] == [cp[2], cp[4]] + ++ def test_long_oid(self, backend): ++ """ ++ Test that parsing a CertificatePolicies ext with ++ a very long OID succeeds. ++ """ ++ here = os.path.dirname(os.path.abspath(__file__)) ++ with open(os.path.join(here, "bigoid.pem"), 'rb') as f: ++ cert = x509.load_pem_x509_certificate(f.read(), backend) ++ ext = cert.extensions.get_extension_for_class( ++ x509.CertificatePolicies) ++ ++ oid = x509.ObjectIdentifier( ++ "1.3.6.1.4.1.311.21.8.8950086.10656446.2706058" ++ ".12775672.480128.147.13466065.13029902" ++ ) ++ ++ assert ext.value[0].policy_identifier == oid ++ + + @pytest.mark.requires_backend_interface(interface=RSABackend) + @pytest.mark.requires_backend_interface(interface=X509Backend) +-- +2.13.5 + diff --git a/SPECS/python-cryptography.spec b/SPECS/python-cryptography.spec new file mode 100644 index 0000000..b53c3eb --- /dev/null +++ b/SPECS/python-cryptography.spec @@ -0,0 +1,245 @@ +%if 0%{?fedora} > 20 +%global with_python3 1 +%else +%{!?__python2: %global __python2 /usr/bin/python2} +%{!?python2_sitearch: %global python2_sitearch %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} +%endif + +Name: python-cryptography +Version: 1.7.2 +Release: 2%{?dist} +Summary: PyCA's cryptography library + +Group: Development/Libraries +License: ASL 2.0 or BSD +URL: https://cryptography.io/en/latest/ +Source0: https://files.pythonhosted.org/packages/source/c/cryptography/cryptography-%{version}.tar.gz +Patch0: 0001-Drop-minimal-setuptools-and-pytest-version-fron-setu.patch +Patch1: 0002-Disable-unsupported-tests.patch +Patch2: 0003-Refactor-binding-initialization-to-allow-specified-e.patch +Patch3: 0004-Enlarge-_oid2txt-buffer-to-handle-larger-OIDs-3612.patch + +# This package needs four brew build overrides for RHEL in order to provide +# build and test dependencies: +# python-pretend +# python-hypothesis +# python-iso8601 +# python-cryptography-vectors +# brew tag-build rhel-7.5-temp-override python-pretend-1.0.8-2.el7 python-hypothesis-3.1.3-1.el7 python-iso8601-0.1.11-2.el7 python-cryptography-vectors-1.7.2-1.el7 + +BuildRequires: openssl-devel + +BuildRequires: python-devel +BuildRequires: pytest +BuildRequires: python-setuptools +BuildRequires: python-pretend +BuildRequires: python-iso8601 +BuildRequires: python-cryptography-vectors = %{version} +BuildRequires: python-pyasn1-modules >= 0.1.8 +BuildRequires: python-hypothesis +BuildRequires: pytz + +BuildRequires: python-idna >= 2.0 +BuildRequires: python-pyasn1 >= 0.1.8 +BuildRequires: python-six >= 1.4.1 +BuildRequires: python-cffi >= 1.4.1 +BuildRequires: python-enum34 +BuildRequires: python-ipaddress + +%if 0%{?with_python3} +BuildRequires: python3-devel +BuildRequires: python3-pytest +BuildRequires: python3-setuptools +BuildRequires: python3-pretend +BuildRequires: python3-iso8601 +BuildRequires: python3-cryptography-vectors = %{version} +BuildRequires: python3-pyasn1-modules >= 0.1.8 +BuildRequires: python3-hypothesis +BuildRequires: python3-pytz + +BuildRequires: python3-idna >= 2.0 +BuildRequires: python3-pyasn1 >= 0.1.8 +BuildRequires: python3-six >= 1.4.1 +BuildRequires: python3-cffi >= 1.4.1 +%endif + +%description +cryptography is a package designed to expose cryptographic primitives and +recipes to Python developers. + +%package -n python2-cryptography +Group: Development/Libraries +Summary: PyCA's cryptography library +Obsoletes: python-cryptography <= %{version}-%{release} + +%if 0%{?fedora} +%{?python_provide:%python_provide python2-cryptography} +%else +Provides: python-cryptography = %{version}-%{release} +%endif + +Requires: openssl +Requires: python-idna >= 2.0 +Requires: python-pyasn1 >= 0.1.8 +Requires: python-six >= 1.4.1 +Requires: python-cffi >= 1.4.1 +Requires: python-enum34 +Requires: python-ipaddress +Requires: python-setuptools + +%description -n python2-cryptography +cryptography is a package designed to expose cryptographic primitives and +recipes to Python developers. + +%if 0%{?with_python3} +%package -n python3-cryptography +Group: Development/Libraries +Summary: PyCA's cryptography library +%{?python_provide:%python_provide python3-cryptography} + +Requires: openssl +Requires: python3-idna >= 2.0 +Requires: python3-pyasn1 >= 0.1.8 +Requires: python3-six >= 1.4.1 +Requires: python3-cffi >= 1.4.1 +Requires: python3-setuptools + +%description -n python3-cryptography +cryptography is a package designed to expose cryptographic primitives and +recipes to Python developers. +%endif + +%prep +%autosetup -p1 -n cryptography-%{version} + +%if 0%{?with_python3} +rm -rf %{py3dir} +cp -a . %{py3dir} +find %{py3dir} -name '*.py' | xargs sed -i '1s|^#!/usr/bin/python|#!%{__python3}|' +%endif + +%build +%{__python2} setup.py build + +%if 0%{?with_python3} +pushd %{py3dir} +%{__python3} setup.py build +popd +%endif + + +%install +# Actually other *.c and *.h are appropriate +# see https://github.com/pyca/cryptography/issues/1463 +find . -name .keep -print -delete + +%{__python2} setup.py install --skip-build --prefix=%{_prefix} --root %{buildroot} + +%if 0%{?with_python3} +pushd %{py3dir} +%{__python3} setup.py install --skip-build --prefix=%{_prefix} --root %{buildroot} +popd +%endif + + +%check +%{__python} setup.py test + +%if 0%{?with_python3} +pushd %{py3dir} +%{__python3} setup.py test +popd +%endif + + +%files -n python2-cryptography +%doc LICENSE LICENSE.APACHE LICENSE.BSD README.rst docs +%{python_sitearch}/* + + +%if 0%{?with_python3} +%files -n python3-cryptography +%doc LICENSE LICENSE.APACHE LICENSE.BSD README.rst docs +%{python3_sitearch}/* +%endif + + +%changelog +* Mon Aug 14 2017 Christian Heimes - 1.7.2-2 +- Ignore errors on OpenSSL's error stack when initializing, fixes RHBZ#1402235 +- Add depenency on python-setuptools, fixes RHBZ#1459947 +- Fix parsing of long OIDs, fixes RHBZ#1455755 + +* Tue Feb 14 2017 Christian Heimes - 1.7.2-1 +- Update to 1.7.2 +- Disable pytest.deprecated_call() tests +- Remove versioned pytest +- Add build requirements pytz + +* Tue May 10 2016 Nathaniel McCallum - 1.3.1-3 +- Remove versioned setuptools dependency + +* Tue May 10 2016 Nathaniel McCallum - 1.3.1-2 +- Make it easier to build on EL7 + +* Tue May 03 2016 Nathaniel McCallum - 1.3.1-1 +- Update to v1.3.1 + +* Thu Feb 04 2016 Fedora Release Engineering - 1.2.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Mon Jan 11 2016 Nathaniel McCallum - 1.2.1-2 +- Move python-cryptograph => python2-cryptography + +* Sat Jan 09 2016 Nathaniel McCallum - 1.2.1-1 +- Update to v1.2.1 + +* Wed Nov 11 2015 Robert Kuska - 1.1-1 +- Update to v1.1 + +* Wed Nov 04 2015 Robert Kuska - 1.0.2-2 +- Rebuilt for Python3.5 rebuild + +* Wed Sep 30 2015 Matěj Cepl - 1.0.2-1 +- New upstream release (fix #1267548) + +* Wed Aug 12 2015 Nathaniel McCallum - 1.0-1 +- New upstream release + +* Thu Jun 18 2015 Fedora Release Engineering - 0.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Thu May 14 2015 Nathaniel McCallum - 0.9-1 +- New upstream release +- Run tests on RHEL +- New deps: python-idna, python-ipaddress + +* Fri Apr 17 2015 Nathaniel McCallum - 0.8.2-1 +- New upstream release +- Add python3-pyasn1 Requires (#1211073) + +* Tue Apr 14 2015 Matej Cepl - 0.8-2 +- Add python-pyasn1 Requires (#1211073) + +* Fri Mar 13 2015 Nathaniel McCallum - 0.8-1 +- New upstream release +- Remove upstreamed patch + +* Wed Mar 04 2015 Nathaniel McCallum - 0.7.2-2 +- Add python3-cryptography-vectors build requires +- Add python-enum34 requires + +* Tue Feb 03 2015 Nathaniel McCallum - 0.7.2-1 +- New upstream release. BSD is now an optional license. +- Fix test running on python3 +- Add upstream patch to fix test paths + +* Fri Nov 07 2014 Matej Cepl - 0.6.1-2 +- Fix requires, for reasons why other development files were not + eliminated see https://github.com/pyca/cryptography/issues/1463. + +* Wed Nov 05 2014 Matej Cepl - 0.6.1-1 +- New upstream release. + +* Sun Jun 29 2014 Terry Chia 0.4-1 +- initial version