Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

python2-pyOpenSSL-17.5.0-lp152.6.1 RPM for noarch

From OpenSuSE Leap 15.2 for noarch

Name: python2-pyOpenSSL Distribution: openSUSE Leap 15.2
Version: 17.5.0 Vendor: openSUSE
Release: lp152.6.1 Build date: Thu Jan 9 11:55:11 2020
Group: Development/Languages/Python Build host: cloud135
Size: 609210 Source RPM: python-pyOpenSSL-17.5.0-lp152.6.1.src.rpm
Summary: Python wrapper module around the OpenSSL library
pyOpenSSL is a set of Python bindings for OpenSSL.  It includes some low-level
cryptography APIs but is primarily focused on providing an API for using the
TLS protocol from Python.

pyOpenSSL is now a pure-Python project with a dependency on a new project,
cryptography (<>), which provides (among
other things) a cffi-based interface to OpenSSL.






* Thu Jan 02 2020 Matej Cepl <>
  - Add fix-compilation-2020.patch (by Bernhard Wiedemann). Fixes
    bsc#1159989 (and its upstream equivalent
* Wed Sep 25 2019 Matej Cepl <>
  - Add openSSL_111d.patch (bsc#1149792) fixing incompatibility
    with OpenSSL 1.1.1d.
* Fri Oct 05 2018 Vítězslav Čížek <>
  - OpenSSL changed X509_STORE_add_cert in 1.1.0i such that it no longer
    raises an error if a duplicate cert is added (bsc#1110435)
    * add X509_STORE_add_cert.patch
* Fri Feb 02 2018
  - Update to 17.5.0:
    * The minimum cryptography version is now 2.1.4.
    * Fixed various memory leaks
    * Various fuzz fixes
    * See CHANGELOG.rst
* Wed Aug 23 2017
  - update to 17.2.0:
    - Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead.
    - Fixed a bug causing ``Context.set_default_verify_paths()`` to not work with
      cryptography ``manylinux1`` wheels on Python 3.x.
    - Fixed a crash with (EC)DSA signatures in some cases.
    - Removed the deprecated ``OpenSSL.rand.egd()`` function.
      Applications should prefer ``os.urandom()`` for random number generation.
    - Removed the deprecated default ``digest`` argument to ``OpenSSL.crypto.CRL.export()``.
      Callers must now always pass an explicit ``digest``.
    - Fixed a bug with ``ASN1_TIME`` casting in ``X509.set_notBefore()``,
      ``X509.set_notAfter()``, ``Revoked.set_rev_date()``, ``Revoked.set_nextUpdate()``,
      and ``Revoked.set_lastUpdate()``. You must now pass times in the form
      ``YYYYMMDDhhmmssZ``. ``YYYYMMDDhhmmss+hhmm`` and ``YYYYMMDDhhmmss-hhmm``
      will no longer work. `#612 <>`_
    - Deprecated the legacy "Type" aliases: ``ContextType``, ``ConnectionType``,
      ``PKeyType``, ``X509NameType``, ``X509ExtensionType``, ``X509ReqType``,
      ``X509Type``, ``X509StoreType``, ``CRLType``, ``PKCS7Type``, ``PKCS12Type``,
      The names without the "Type"-suffix should be used instead.
    - Added ``OpenSSL.crypto.X509.from_cryptography()`` and ``OpenSSL.crypto.X509.to_cryptography()``
      for converting X.509 certificate to and from pyca/cryptography objects.
    - Added ``OpenSSL.crypto.X509Req.from_cryptography()``, ``OpenSSL.crypto.X509Req.to_cryptography()``,
      ``OpenSSL.crypto.CRL.from_cryptography()``, and ``OpenSSL.crypto.CRL.to_cryptography()``
      for converting X.509 CSRs and CRLs to and from pyca/cryptography objects.
    - Added ``OpenSSL.debug`` that allows to get an overview of used library versions
      (including linked OpenSSL) and other useful runtime information using
      ``python -m OpenSSL.debug``.
    - Added a fallback path to ``Context.set_default_verify_paths()`` to accommodate
      the upcoming release of ``cryptography`` ``manylinux1`` wheels.
  - Drop python-pyOpenSSL=replace-expired-cert.patch . Applied upstream.
  - Drop python-pyOpenSSL-always-overflow.patch. Applied upstream.
* Thu Aug 10 2017
  - add patch to always trigger overflow in the testsuite
    (gh#pyca/pyopenssl#657) b3460c6a9a45a016d1ab65c149c606fa3f07096d
* Tue Jun 13 2017
  - Add python-pyOpenSSL=replace-expired-cert.patch: the root cert
    expired, mking the test suite fail. Replace the certificate with
    a new one, valid for 20 years (gh#pyca/pyopenssl#637).
* Fri May 05 2017
  - Fix Provides/Obsoletes.
* Wed Apr 26 2017
  - Implement single-spec version
  - Fix source URL
  - Update to 17.0.0
    * Added ``OpenSSL.X509Store.set_time()`` to set a custom
      verification time when verifying certificate chains.
    * Added a collection of functions for working with OCSP stapling.
      None of these functions make it possible to validate OCSP
      assertions, only to staple them into the handshake and to
      retrieve the stapled assertion if provided.
      Users will need to write their own code to handle OCSP
      We specifically added: ``Context.set_ocsp_server_callback``,
      ``Context.set_ocsp_client_callback``, and
    * Changed the ``SSL`` module's memory allocation policy to
      avoid zeroing memory it allocates when unnecessary.
      This reduces CPU usage and memory allocation time by an amount
      proportional to the size of the allocation.
      For applications that process a lot of TLS data or that use
      very lage allocations this can provide considerable performance
    * Automatically set ``SSL_CTX_set_ecdh_auto()`` on
    - Fix empty exceptions from ``OpenSSL.crypto.load_privatekey()``.
  - Rebase bug-lp-1265482.diff
  - Rebase rsa128-i586.patch
  - Rebase skip-networked-test.patch
* Wed Nov 16 2016
  - fix source url
* Tue Nov 15 2016
  - Change source url to
    * version 16.2.0 source tarball failed to download from
* Mon Nov 14 2016
  - Update to 16.2.0
    * Deprecations
    * * Dropped support for OpenSSL 0.9.8.
    * Changes
    * * Fix memory leak in OpenSSL.crypto.dump_privatekey() with FILETYPE_TEXT. #496
    * * Enable use of CRL (and more) in verify context. #483
    * * OpenSSL.crypto.PKey can now be constructed from cryptography objects and also
      exported as such. #439
    * * Support newer versions of cryptography which use opaque structs for OpenSSL
      1.1.0 compatibility.
    * * Fixed compatibility errors with OpenSSL 1.1.0.
    * * Fixed an issue that caused failures with subinterpreters and embedded Pythons.
* Mon May 16 2016
  - added %check section with testsuite
  - skip-networked-test.patch - mark a test as networked so that we can
    specify non-network test run
  - rsa128-i586.patch - sidestep a crasher bug on 32bit platforms
    by generating reasonably-sized RSA keys instead of small 128bit ones
* Mon May 09 2016
  - update to 16.0.0
    Backward-incompatible changes:
    * Python 3.2 support has been dropped. It never had significant real world
      usage and has been dropped by our main dependency cryptography. Affected
      users should upgrade to Python 3.3 or later.
    * The support for EGD has been removed. The only affected function
      OpenSSL.rand.egd() now uses os.urandom() to seed the internal PRNG instead.
      Please see pyca/cryptography#1636 for more background information on this
      decision. In accordance with our backward compatibility policy
      OpenSSL.rand.egd() will be removed no sooner than a year from the release of
    * Please note that you should use urandom for all your secure random number
    * Python 2.6 support has been deprecated. Our main dependency cryptography
      deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually
      dropping it. pyOpenSSL will drop Python 2.6 support once cryptography does.
    * Fixed OpenSSL.SSL.Context.set_session_id, OpenSSL.SSL.Connection.renegotiate,
      OpenSSL.SSL.Connection.renegotiate_pending, and
      OpenSSL.SSL.Context.load_client_ca. They were lacking an implementation since
      0.14. #422
    * Fixed segmentation fault when using keys larger than 4096-bit to sign data.
    * Fixed AttributeError when OpenSSL.SSL.Connection.get_app_data() was called
      before setting any app data. #304
    * Added OpenSSL.crypto.dump_publickey() to dump OpenSSL.crypto.PKey objects
      that represent public keys, and OpenSSL.crypto.load_publickey() to load such
      objects from serialized representations. #382
    * Added OpenSSL.crypto.dump_crl() to dump a certificate revocation list out to
      a string buffer. #368
    * Added OpenSSL.SSL.Connection.get_state_string() using the OpenSSL binding
      state_string_long. #358
    * Added support for the socket.MSG_PEEK flag to OpenSSL.SSL.Connection.recv()
      and OpenSSL.SSL.Connection.recv_into(). #294
    * Added OpenSSL.SSL.Connection.get_protocol_version() and
      OpenSSL.SSL.Connection.get_protocol_version_name(). #244
    * Switched to utf8string mask by default. OpenSSL formerly defaulted to a
      T61String if there were UTF-8 characters present. This was changed to
      default to UTF8String in the config around 2005, but the actual code didn’t
      change it until late last year. This will default us to the setting that
      actually works. To revert this you can call
      OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default"). #234
  - fixed paths in bug-lp-1265482.diff
  - fixed doc generation
  - spec clean up
* Tue Jul 14 2015
  - Fix building on SLES 11
* Wed Apr 22 2015
  - Do not hardcode version in file list
* Wed Apr 22 2015
  - udapte to 0.15.1
    * OpenSSL/, OpenSSL/test/ Fix a regression
    present in 0.15, where when an error occurs and no errno() is set,
    a KeyError is raised.  This happens, for example, if
    Connection.shutdown() is called when the underlying transport has
    gone away.
    * OpenSSL/, OpenSSL/ APIs which previously accepted
    filenames only as bytes now accept them as either bytes or
    unicode (and respect sys.getfilesystemencoding()).
    * OpenSSL/ Add Cory Benfield's next-protocol-negotiation
    (NPN) bindings.
    * OpenSSL/ Add ``Connection.recv_into``, mirroring the
    builtin ``socket.recv_into``.  Based on work from Cory Benfield.
    * OpenSSL/test/ Add tests for ``recv_into``.
    * OpenSSL/ Expose ``X509StoreContext`` for verifying certificates.
    * OpenSSL/test/ Add intermediate certificates for
    * OpenSSL/ ``Connection.shutdown`` now propagates errors from the
    underlying socket.
    * OpenSSL/ Fixed a regression ``Context.check_privatekey``
    causing it to always succeed - even if it should fail.
    * OpenSSL/ Fixed a regression where calling ``load_pkcs7_data``
    with ``FILETYPE_ASN1`` would fail with a ``NameError``.
    * OpenSSL/ Fix a regression in which the first argument of



Generated by rpm2html 1.8.1

Fabrice Bellet, Mon May 9 12:54:53 2022