commit: 62ef99690296363865900424a0fb5150d6bed305
Author: Justin Lecher <jlec <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 17 17:17:31 2016 +0000
Commit: Justin Lecher <jlec <AT> gentoo <DOT> org>
CommitDate: Sun Jan 17 17:20:22 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=62ef9969
dev-python/pyopenssl: Backport fixes for openssl-1.0.2
Package-Manager: portage-2.2.26
Signed-off-by: Justin Lecher <jlec <AT> gentoo.org>
...pyopenssl-0.15.1-openssl-1.0.2-backport-1.patch | 19 +++++
...pyopenssl-0.15.1-openssl-1.0.2-backport-2.patch | 31 ++++++++
.../pyopenssl-0.15.1-openssl-1.0.2-backport.patch | 84 ++++++++++++++++++++++
dev-python/pyopenssl/pyopenssl-0.15.1-r1.ebuild | 57 +++++++++++++++
4 files changed, 191 insertions(+)
diff --git
a/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport-1.patch
b/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport-1.patch
new file mode 100644
index 0000000..3e2c06c
--- /dev/null
+++ b/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport-1.patch
@@ -0,0 +1,19 @@
+ OpenSSL/test/test_ssl.py | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/OpenSSL/test/test_ssl.py b/OpenSSL/test/test_ssl.py
+index bb1c9ae..d3bffe7 100644
+--- a/OpenSSL/test/test_ssl.py
++++ b/OpenSSL/test/test_ssl.py
+@@ -1416,6 +1416,11 @@ class ContextTests(TestCase, _LoopbackMixin):
+ """
+ context = Context(TLSv1_METHOD)
+ for curve in get_elliptic_curves():
++ if curve.name.startswith(u"Oakley-"):
++ # Setting Oakley-EC2N-4 and Oakley-EC2N-3 adds
++ # ('bignum routines', 'BN_mod_inverse', 'no inverse') to the
++ # error queue on OpenSSL 1.0.2.
++ continue
+ # The only easily "assertable" thing is that it does not raise an
+ # exception.
+ context.set_tmp_ecdh(curve)
diff --git
a/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport-2.patch
b/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport-2.patch
new file mode 100644
index 0000000..be3c180
--- /dev/null
+++ b/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport-2.patch
@@ -0,0 +1,31 @@
+ OpenSSL/crypto.py | 3 +++
+ OpenSSL/test/test_crypto.py | 2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/OpenSSL/crypto.py b/OpenSSL/crypto.py
+index 555ba24..2c1eddb 100644
+--- a/OpenSSL/crypto.py
++++ b/OpenSSL/crypto.py
+@@ -464,6 +464,9 @@ class X509Name(object):
+ if isinstance(value, _text_type):
+ value = value.encode('utf-8')
+
++ # Make it so OpenSSL generates utf-8 strings.
++ _lib.ASN1_STRING_set_default_mask_asc(b'utf8only')
++
+ add_result = _lib.X509_NAME_add_entry_by_NID(
+ self._name, nid, _lib.MBSTRING_UTF8, value, -1, -1, 0)
+ if not add_result:
+diff --git a/OpenSSL/test/test_crypto.py b/OpenSSL/test/test_crypto.py
+index 1620623..b817451 100644
+--- a/OpenSSL/test/test_crypto.py
++++ b/OpenSSL/test/test_crypto.py
+@@ -1003,7 +1003,7 @@ class X509NameTests(TestCase):
+ self.assertEqual(
+ a.der(),
+ b('0\x1b1\x0b0\t\x06\x03U\x04\x06\x13\x02US'
+- '1\x0c0\n\x06\x03U\x04\x03\x13\x03foo'))
++ '1\x0c0\n\x06\x03U\x04\x03\x0c\x03foo'))
+
+
+ def test_get_components(self):
diff --git
a/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport.patch
b/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport.patch
new file mode 100644
index 0000000..048ede2
--- /dev/null
+++ b/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport.patch
@@ -0,0 +1,84 @@
+From fc18f7bed12f58100c3a5eef3dbae29c9a26f18a Mon Sep 17 00:00:00 2001
+From: Jeff Tang <[email protected]>
+Date: Wed, 15 Apr 2015 17:42:33 -0400
+Subject: [PATCH] OpenSSL 1.0.2 Compatibility
+
+- Perform the time comparison in python to fix #192
+- Add root cert has_expired test
+- Self sign test cert to fix issue in #149
+- Change test case to verify digest of a valid certficate
+---
+ OpenSSL/crypto.py | 9 +++++----
+ OpenSSL/test/test_crypto.py | 15 +++++++++++++--
+ 2 files changed, 18 insertions(+), 6 deletions(-)
+
+diff --git a/OpenSSL/crypto.py b/OpenSSL/crypto.py
+index c7bdabc..1b1058e 100644
+--- a/OpenSSL/crypto.py
++++ b/OpenSSL/crypto.py
+@@ -1,5 +1,6 @@
+-from time import time
++from time import time, strptime
+ from base64 import b16encode
++from calendar import timegm
+ from functools import partial
+ from operator import __eq__, __ne__, __lt__, __le__, __gt__, __ge__
+ from warnings import warn as _warn
+@@ -1161,10 +1162,10 @@ def has_expired(self):
+ :return: True if the certificate has expired, false otherwise
+ """
+ now = int(time())
+- notAfter = _lib.X509_get_notAfter(self._x509)
+- return _lib.ASN1_UTCTIME_cmp_time_t(
+- _ffi.cast('ASN1_UTCTIME*', notAfter), now) < 0
++ notAfter = self.get_notAfter().decode('utf-8')
++ notAfterSecs = timegm(strptime(notAfter, '%Y%m%d%H%M%SZ'))
+
++ return now > notAfterSecs
+
+ def _get_boundary_time(self, which):
+ return _get_asn1_time(which(self._x509))
+diff --git a/OpenSSL/test/test_crypto.py b/OpenSSL/test/test_crypto.py
+index 73e9cc7..b817451 100644
+--- a/OpenSSL/test/test_crypto.py
++++ b/OpenSSL/test/test_crypto.py
+@@ -1562,19 +1562,29 @@ def test_has_not_expired(self):
+ cert.gmtime_adj_notAfter(2)
+ self.assertFalse(cert.has_expired())
+
++ def test_root_has_not_expired(self):
++ """
++ :py:obj:`X509Type.has_expired` returns :py:obj:`False` if the
certificate's not-after
++ time is in the future.
++ """
++ cert = load_certificate(FILETYPE_PEM, root_cert_pem)
++ self.assertFalse(cert.has_expired())
++
+
+ def test_digest(self):
+ """
+ :py:obj:`X509.digest` returns a string giving ":"-separated
hex-encoded words
+ of the digest of the certificate.
+ """
+- cert = X509()
++ cert = load_certificate(FILETYPE_PEM, root_cert_pem)
+ self.assertEqual(
+ # This is MD5 instead of GOOD_DIGEST because the digest algorithm
+ # actually matters to the assertion (ie, another arbitrary, good
+ # digest will not product the same digest).
++ # Digest verified with the command:
++ # openssl x509 -in root_cert.pem -noout -fingerprint -md5
+ cert.digest("MD5"),
+- b("A8:EB:07:F8:53:25:0A:F2:56:05:C5:A5:C4:C4:C7:15"))
++ b("19:B3:05:26:2B:F8:F2:FF:0B:8F:21:07:A8:28:B8:75"))
+
+
+ def _extcert(self, pkey, extensions):
+@@ -1587,6 +1597,7 @@ def _extcert(self, pkey, extensions):
+ cert.set_notAfter(when)
+
+ cert.add_extensions(extensions)
++ cert.sign(pkey, 'sha1')
+ return load_certificate(
+ FILETYPE_PEM, dump_certificate(FILETYPE_PEM, cert))
+
diff --git a/dev-python/pyopenssl/pyopenssl-0.15.1-r1.ebuild
b/dev-python/pyopenssl/pyopenssl-0.15.1-r1.ebuild
new file mode 100644
index 0000000..0391eff
--- /dev/null
+++ b/dev-python/pyopenssl/pyopenssl-0.15.1-r1.ebuild
@@ -0,0 +1,57 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+PYTHON_COMPAT=( python2_7 python3_{3,4,5} pypy )
+PYTHON_REQ_USE="threads(+)"
+
+inherit distutils-r1 flag-o-matic
+
+MY_PN=pyOpenSSL
+MY_P=${MY_PN}-${PV}
+
+DESCRIPTION="Python interface to the OpenSSL library"
+HOMEPAGE="
+ http://pyopenssl.sourceforge.net/
+ https://launchpad.net/pyopenssl
+ https://pypi.python.org/pypi/pyOpenSSL
+"
+SRC_URI="mirror://pypi/${MY_PN:0:1}/${MY_PN}/${MY_P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390
~sh ~sparc ~x86 ~x86-fbsd ~x86-freebsd ~x86-interix ~amd64-linux ~x86-linux
~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris"
+IUSE="doc examples"
+
+RDEPEND="
+ >=dev-python/six-1.5.2[${PYTHON_USEDEP}]
+ >=dev-python/cryptography-0.7[${PYTHON_USEDEP}]"
+DEPEND="${RDEPEND}
+ doc? ( dev-python/sphinx[${PYTHON_USEDEP}] )"
+
+S=${WORKDIR}/${MY_P}
+
+PATCHES=(
+ "${FILESDIR}"/${P}-openssl-1.0.2-backport.patch
+ "${FILESDIR}"/${P}-openssl-1.0.2-backport-1.patch
+ "${FILESDIR}"/${P}-openssl-1.0.2-backport-2.patch
+)
+
+python_compile_all() {
+ use doc && emake -C doc html
+}
+
+python_test() {
+ esetup.py test
+
+ # https://bugs.launchpad.net/pyopenssl/+bug/1237953
+ rm -rf tmp* *.key *.pem || die
+}
+
+python_install_all() {
+ use doc && local HTML_DOCS=( doc/_build/html/. )
+ use examples && local EXAMPLES=( examples/. )
+ distutils-r1_python_install_all
+}
