commit python-cryptography for openSUSE:Factory

h_root Sat, 17 Oct 2015 07:38:19 -0700

Hello community,

here is the log from the commit of package python-cryptography for 
openSUSE:Factory checked in at 2015-10-17 16:37:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-cryptography (Old)
 and      /work/SRC/openSUSE:Factory/.python-cryptography.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "python-cryptography"

Changes:
--------
--- /work/SRC/openSUSE:Factory/python-cryptography/python-cryptography.changes  
2015-09-24 07:16:48.000000000 +0200
+++ 
/work/SRC/openSUSE:Factory/.python-cryptography.new/python-cryptography.changes 
    2015-10-17 16:37:54.000000000 +0200
@@ -1,0 +2,10 @@
+Wed Sep 30 12:01:27 UTC 2015 - [email protected]
+
+- require the cffi version it was built against to avoid (bsc#948198)
+
+-------------------------------------------------------------------
+Tue Sep 29 13:54:24 UTC 2015 - [email protected]
+
+- Add 2293.patch for "osrandom engine already registered" (bnc#947679)
+
+-------------------------------------------------------------------

New:
----
  2293.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-cryptography.spec ++++++
--- /var/tmp/diff_new_pack.qPntD0/_old  2015-10-17 16:37:55.000000000 +0200
+++ /var/tmp/diff_new_pack.qPntD0/_new  2015-10-17 16:37:55.000000000 +0200
@@ -30,6 +30,8 @@
 Source4:        
https://pypi.python.org/packages/source/c/cryptography-vectors/cryptography_vectors-%{version}.tar.gz.asc
 # PATCH-FIX-SLE disable-uneven-sizes-tests.patch bnc#944204
 Patch1:         disable-uneven-sizes-tests.patch
+# PATCH-FIX-UPSTREAM 2293.patch bnc#947679 -- 
https://github.com/pyca/cryptography/pull/2293
+Patch2:         2293.patch
 BuildRequires:  libopenssl-devel
 BuildRequires:  python-cffi >= 1.1.0
 BuildRequires:  python-devel
@@ -45,7 +47,7 @@
 BuildRequires:  python-pyasn1 >= 0.1.8
 BuildRequires:  python-pytest
 BuildRequires:  python-virtualenv
-Requires:       python-cffi >= 1.1.0
+%requires_eq    python-cffi
 Requires:       python-enum34
 Requires:       python-idna >= 2.0
 Requires:       python-ipaddress
@@ -71,6 +73,7 @@
 tar xvzf %{SOURCE3}
 
 %patch1 -p1
+%patch2 -p1
 
 %build
 CFLAGS="%{optflags} -fno-strict-aliasing" python setup.py build

++++++ 2293.patch ++++++
>From 9578e4cadb09f4bca86d66c8f5d7a9370f5bf41e Mon Sep 17 00:00:00 2001
From: Paul Kehrer <[email protected]>
Date: Mon, 24 Aug 2015 08:00:10 -0500
Subject: [PATCH 1/2] make engine addition idempotent

Weird threading issues keep cropping up. ENGINE_add already
acquires a lock at the C layer via CRYPTO_w_lock (provided you
have registered the locking callbacks) so let's just use that
---
 src/cryptography/hazmat/bindings/openssl/binding.py | 19 ++++++++++++++-----
 tests/hazmat/bindings/test_openssl.py               |  4 ++--
 2 files changed, 16 insertions(+), 7 deletions(-)

Index: cryptography-1.0/src/cryptography/hazmat/bindings/openssl/binding.py
===================================================================
--- cryptography-1.0.orig/src/cryptography/hazmat/bindings/openssl/binding.py
+++ cryptography-1.0/src/cryptography/hazmat/bindings/openssl/binding.py
@@ -65,10 +65,6 @@ class Binding(object):
     @classmethod
     def _register_osrandom_engine(cls):
         assert cls.lib.ERR_peek_error() == 0
-        looked_up_engine = cls.lib.ENGINE_by_id(cls._osrandom_engine_id)
-        if looked_up_engine != ffi.NULL:
-            raise RuntimeError("osrandom engine already registered")
-
         cls.lib.ERR_clear_error()
 
         engine = cls.lib.ENGINE_new()
@@ -81,7 +77,20 @@ class Binding(object):
             result = cls.lib.ENGINE_set_RAND(engine, cls._osrandom_method)
             assert result == 1
             result = cls.lib.ENGINE_add(engine)
-            assert result == 1
+            if result != 1:
+                # Engine already added. Clear the error stack.
+                errors = []
+                while True:
+                    code = cls.lib.ERR_get_error()
+                    if code == 0:
+                        break
+
+                    errors.append(code)
+
+                # the following error code corresponds to "conflicting engine
+                # id" in ENGINE_LIST_ADD
+                assert 638025831 in errors
+
         finally:
             result = cls.lib.ENGINE_free(engine)
             assert result == 1
@@ -133,3 +142,6 @@ class Binding(object):
                     mode, n, file, line
                 )
             )
+
+# init the static locks so we have a locking callback in C for engine init
+Binding.init_static_locks()
Index: cryptography-1.0/tests/hazmat/bindings/test_openssl.py
===================================================================
--- cryptography-1.0.orig/tests/hazmat/bindings/test_openssl.py
+++ cryptography-1.0/tests/hazmat/bindings/test_openssl.py
@@ -89,8 +89,8 @@ class TestOpenSSL(object):
 
     def test_add_engine_more_than_once(self):
         b = Binding()
-        with pytest.raises(RuntimeError):
-            b._register_osrandom_engine()
+        b._register_osrandom_engine()
+        assert b.lib.ERR_get_error() == 0
 
     def test_ssl_ctx_options(self):
         # Test that we're properly handling 32-bit unsigned on all platforms.

commit python-cryptography for openSUSE:Factory

Reply via email to