import python-cryptography-3.2.1-3.el8

2021-01-08 06:11:37 +00:00 · 2021-01-08 06:11:37 +00:00 · 5dfdc53f59
commit 5dfdc53f59
parent cd45deefcf
2 changed files with 86 additions and 1 deletions
--- a/SOURCES/0004-Revert-remove-NPN-bindings.patch
+++ b/SOURCES/0004-Revert-remove-NPN-bindings.patch
@ -0,0 +1,75 @@
+From e8ed37e0d24a1cc7482ab816ed5f25243395b2ef Mon Sep 17 00:00:00 2001
+From: Christian Heimes <cheimes@redhat.com>
+Date: Mon, 14 Dec 2020 14:13:53 +0100
+Subject: [PATCH] Revert "remove NPN bindings -- you should be using ALPN!
+ (#4765)"
+
+This reverts commit 99bf4e4605cbe54bad597da1ebe4cc323909083c.
+---
+ src/_cffi_src/openssl/ssl.py          | 20 +++++++++++++++++++-
+ tests/hazmat/bindings/test_openssl.py |  4 ++++
+ 2 files changed, 23 insertions(+), 1 deletion(-)
+
+diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py
+index c38e309a1..fa854f5dd 100644
+--- a/src/_cffi_src/openssl/ssl.py
+++ b/src/_cffi_src/openssl/ssl.py
+@@ -138,6 +138,8 @@ static const long SSL3_RANDOM_SIZE;
+ static const long TLS_ST_BEFORE;
+ static const long TLS_ST_OK;
+ 
+static const long OPENSSL_NPN_NEGOTIATED;
+
+ typedef ... SSL_METHOD;
+ typedef ... SSL_CTX;
+ 
+@@ -401,9 +403,25 @@ SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *);
+ 
+ long SSL_session_reused(SSL *);
+ 
+void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *,
+                                           int (*)(SSL *,
+                                                   const unsigned char **,
+                                                   unsigned int *,
+                                                   void *),
+                                           void *);
+void SSL_CTX_set_next_proto_select_cb(SSL_CTX *,
+                                      int (*)(SSL *,
+                                              unsigned char **,
+                                              unsigned char *,
+                                              const unsigned char *,
+                                              unsigned int,
+                                              void *),
+                                      void *);
+ int SSL_select_next_proto(unsigned char **, unsigned char *,
+                           const unsigned char *, unsigned int,
+                           const unsigned char *, unsigned int);
+void SSL_get0_next_proto_negotiated(const SSL *,
+                                    const unsigned char **, unsigned *);
+ 
+ int sk_SSL_CIPHER_num(Cryptography_STACK_OF_SSL_CIPHER *);
+ const SSL_CIPHER *sk_SSL_CIPHER_value(Cryptography_STACK_OF_SSL_CIPHER *, int);
+@@ -601,7 +619,7 @@ static const long Cryptography_HAS_TLSv1_2 = 1;
+ static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1;
+ static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1;
+ static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1;
+-static const long Cryptography_HAS_NEXTPROTONEG = 0;
+static const long Cryptography_HAS_NEXTPROTONEG = 1;
+ static const long Cryptography_HAS_ALPN = 1;
+ 
+ #if CRYPTOGRAPHY_IS_LIBRESSL
+diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py
+index ecee34091..aeb12a0dc 100644
+--- a/tests/hazmat/bindings/test_openssl.py
+++ b/tests/hazmat/bindings/test_openssl.py
+@@ -137,3 +137,7 @@ class TestOpenSSL(object):
+         )
+         with pytest.raises(RuntimeError):
+             _verify_openssl_version(lib)
+
+    def test_npn_binding(self):
+        b = Binding()
+        assert b.lib.Cryptography_HAS_NEXTPROTONEG
+-- 
+2.29.2
+
--- a/SPECS/python-cryptography.spec
+++ b/SPECS/python-cryptography.spec
@ -4,7 +4,7 @@

 Name:           python-%{srcname}
 Version:        3.2.1
-Release:        1%{?dist}
+Release:        3%{?dist}
 Summary:        PyCA's cryptography library

 Group:          Development/Libraries
@ -15,6 +15,7 @@ Source0:        https://pypi.io/packages/source/c/%{srcname}/%{srcname}-%{versio
 Patch0001:      0001-Re-add-deprecated-and-removed-features.patch
 Patch0002:      0002-Support-pytest-3.4.2.patch
 Patch0003:	0003-Skip-iso8601-test-cases.patch
+Patch0004:	0004-Revert-remove-NPN-bindings.patch

 BuildRequires:  openssl-devel
 BuildRequires:  gcc
@ -41,6 +42,8 @@ Summary:        PyCA's cryptography library
 Requires:       openssl-libs
 Requires:       python%{python3_pkgversion}-six >= 1.4.1
 Requires:       python%{python3_pkgversion}-cffi >= 1.7
+Conflicts:      python%{python3_pkgversion}-cryptography-vectors < %{version}
+Conflicts:      python%{python3_pkgversion}-cryptography-vectors > %{version}

 %description -n python%{python3_pkgversion}-%{srcname}
 cryptography is a package designed to expose cryptographic primitives and
@ -78,6 +81,13 @@ PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest


 %changelog
+* Mon Dec 14 17:24:01 CET 2020 Christian Heimes <cheimes@redhat.com> - 3.2.1-3
+- Conflict with non-matching vector package
+
+* Mon Dec 14 14:19:42 CET 2020 Christian Heimes <cheimes@redhat.com> - 3.2.1-2
+- Re-add remove NPN bindings, required for pyOpenSSL
+- Resolves: rhbz#1907429
+
 * Wed Oct 28 2020 Christian Heimes <cheimes@redhat.com> - 3.2.1-1
 - Rebase to upstream release 3.2.1
 - Resolves: rhbz#1873581