debian/0000775000000000000000000000000012316371345007175 5ustar debian/source/0000775000000000000000000000000011751650570010477 5ustar debian/source/format0000664000000000000000000000001411751617552011710 0ustar 3.0 (quilt) debian/copyright0000664000000000000000000000216211751617552011136 0ustar This package was debianized by Martin Sjögren on Mon, 7 Jan 2002 16:25:58 +0100. It was downloaded from http://launchpad.net/pyopenssl Upstream Author: Jean-Paul Calderone Copyright: Copyright (C) 2001-2004 AB Strakt Copyright (C) 2008-2010 Jean-Paul Calderone, All rights reserved License: Apache 2.0 A copy of the Apache License (version 2) can be found in /usr/share/common-licenses/Apache-2.0 on Debian systems. The Debian packaging is Copyright (C) 2008-2011, Sandro Tosi and is licensed under the same terms as upstream code. The following files have different copyright info: File: /src/crypto/netscape_spki.{c,h} Copyright (C) Tollef Fog Heen 2003 File: /src/crypto/x509ext.h Copyright (C) Awanim 2002 File: test/test_rand.py Copyright (C) Frederick Dean 2009, All rights reserved File: OpenSSL/crypto/crypto.c Copyright (C) AB Strakt Copyright (C) Keyphrene Copyright (C) Jean-Paul Calderone File: OpenSSL/test/util.py Copyright (C) Jean-Paul Calderone Copyright (C) Twisted Matrix Laboratories. debian/python-pyopenssl-dbg.install0000664000000000000000000000002111751617552014670 0ustar usr/lib/python2* debian/changelog0000664000000000000000000004324312316371345011055 0ustar pyopenssl (0.13-2ubuntu6) trusty; urgency=medium * No change rebuild to drop python3.3 compiled extension. -- Dimitri John Ledkov Mon, 31 Mar 2014 23:57:41 +0100 pyopenssl (0.13-2ubuntu5) trusty; urgency=medium * Rebuild for python3.4 as a supported python version. -- Matthias Klose Sat, 04 Jan 2014 18:31:58 +0000 pyopenssl (0.13-2ubuntu4) saucy; urgency=low * SECURITY UPDATE: incorrect ssl cert validation via NUL byte in subjectAltName - debian/patches/CVE-2013-4314.patch: fix leak in OpenSSL/crypto/x509.c, properly handle subjectAltName in OpenSSL/crypto/x509ext.c, added tests to OpenSSL/test/test_crypto.py. - CVE-2013-4314 -- Marc Deslauriers Fri, 20 Sep 2013 15:41:16 -0400 pyopenssl (0.13-2ubuntu3) raring; urgency=low * Rebuild to drop python3.2 extension. -- Matthias Klose Thu, 08 Nov 2012 11:15:59 +0000 pyopenssl (0.13-2ubuntu2) raring; urgency=low * No-change upload to build for python3.3. -- Matthias Klose Mon, 22 Oct 2012 17:47:29 +0200 pyopenssl (0.13-2ubuntu1) quantal; urgency=low * Merge from Debian. Remaining changes: - debian/control: + Removed python-support from Build-Depends + Bump build-depends for python-all-dev to >= 2.6.6-3~ + Remove tex4ht, w3m, texlive-latex-base, texlive-latex-recommended from Build-Depends - debian/rules: + Change dh_pysupport to dh_python2. - debian/patches/10_fix_doc_buildsystem.patch: + Disable this patch, reverting to upstream doc build process. htlatex is currently broken on Quantal. -- Barry Warsaw Sun, 06 May 2012 18:13:11 -0700 pyopenssl (0.13-2) unstable; urgency=low [ Barry Warsaw ] * Enable the Python 3 version of the package; Closes: #669301 [ Sandro Tosi ] * Fix several omissions for py3k packages introduction * debian/control - bump Standards-Version to 3.9.3 (no changes needed) * debian/rules - remove leftover from build process, so the package can be built twice in a row; thanks to Jakub Wilk for the report; Closes: #671191 -- Sandro Tosi Sat, 05 May 2012 17:30:52 +0200 pyopenssl (0.13-1ubuntu1) quantal; urgency=low * Merge from Debian unstable. Remaining and new changes: - debian/control: + Removed python-support from Build-Depends + Bump build-depends for python-all-dev to >= 2.6.6-3~ + Add support Python 3 versions (see Debian bug #669301) - debian/rules: + Change dh_pysupport to dh_python2. + Add support Python 3 versions (see Debian bug #669301) - debian/patches/10_fix_doc_buildsystem.patch: + Disable this patch, reverting to upstream doc build process. htlatex is currently broken on Quantal. -- Barry Warsaw Wed, 02 May 2012 17:02:21 -0400 pyopenssl (0.13-1) unstable; urgency=low * New upstream release -- Sandro Tosi Sun, 11 Sep 2011 16:46:29 +0200 pyopenssl (0.13~a1-1) unstable; urgency=low * New upstream (alpha) release * debian/patches/support_openssl_1.0 - removed, fix upstream * debian/patches/disable_test_set_default_verify_paths.patch - disable a test trying to connect to the web * debian/rules - fix build* targets * debian/control - drop Provides and XB-P-V fields from bin pkg -- Sandro Tosi Mon, 15 Aug 2011 18:44:39 +0200 pyopenssl (0.12-1ubuntu2) precise; urgency=low * Rebuild to drop python2.6 dependencies. -- Matthias Klose Sat, 31 Dec 2011 02:08:06 +0000 pyopenssl (0.12-1ubuntu1) oneiric; urgency=low * Merge from debian unstable. Remaining changes: - debian/rules: change dh_pysupport to dh_python2. - debian/control: + Removed python-support from Build-Depends, + Bump build-depends for python-all-dev to >= 2.6.6-3~ * drop debian/patches/30_py27_memoryview.patch, fixed upstream -- Michael Vogt Fri, 17 Jun 2011 10:26:19 +0200 pyopenssl (0.12-1) unstable; urgency=low * New upstream release * debian/watch - point to Pypi instead of launchpad * debian/copyright - updated packaging copyright years - updated upstream license to Apache 2.0 * debian/control - remove Provides/Conflicts/Replaces for python-pyopenssl - bump Standards-Version to 3.9.2 (no changes needed) * debian/source/format - converted to 3.0 (quilt) * Converted from dpatch to quilt * debian/patches/support_openssl_1.0 - support OpenSSL 1.0 and the removal of SSLv2 methods; Closes: #622154 -- Sandro Tosi Mon, 30 May 2011 14:55:33 +0200 pyopenssl (0.11-1) experimental; urgency=low * New upstream release * debian/watch - updated to use launchpad -- Sandro Tosi Thu, 04 Nov 2010 23:00:23 +0100 pyopenssl (0.11~a2-1) experimental; urgency=low * New (alpha) upstream release * debian/{control, copyright} - updated upstream project website location; thanks to Jonathan Davies for the report; Closes: #567654 * debian/copyright - updated upstream copyright years * debian/patches/20_spelling.dpatch - removed, merged upstream * debian/control - bump Standards-Version to 3.9.1 (no changes needed) - added 'openssl' to b-d, needed to run unit tests -- Sandro Tosi Mon, 25 Oct 2010 21:11:45 +0200 pyopenssl (0.10-1ubuntu3) natty; urgency=low * Add upstream patch so that sendall() uses a memoryview, which is required for Python 2.7 compatibility. Patch given in upstream bug report . (LP: #758037) -- Barry Warsaw Wed, 13 Apr 2011 08:39:18 -0400 pyopenssl (0.10-1ubuntu2) natty; urgency=low * No-change rebuild to prefer python2.7. -- Martin Pitt Wed, 22 Dec 2010 09:39:55 +0100 pyopenssl (0.10-1ubuntu1) natty; urgency=low * Rebuild with Python2.7. * debian/rules: change dh_pysupport to dh_python2. * debian/control: Removed python-support from Build-Depends. -- Daniel Holbach Mon, 29 Nov 2010 09:39:23 +0100 pyopenssl (0.10-1) unstable; urgency=low * New upstream release * debian/control - bump Standards-Version to 3.8.4 (no changes needed) - added ${misc:Depends} to -doc and -dbg packages * debian/watch - updated for new upstream project layout * debian/copyright - extended Debian packaging copyright notice - added copyright notice for new file 'test/test_rand.py' * debian/rules - Python 2.6 has changed the build directory layout when building with a debug interpreter, hence adjusting the location used to run tests; thanks to Jakub Wilk for alerting on IRC * debian/patches/20_spelling.dpatch - added to fix compatability/compatibility spelling error noticed by lintian -- Sandro Tosi Sat, 30 Jan 2010 00:09:59 +0100 pyopenssl (0.9-1) unstable; urgency=low [ Stephan Peijnik ] * debian/control - fixed Vcs-Browser and Vcs-Svn fields. - switched Vcs-Browser field to viewsvn. [ Sandro Tosi ] * New upstream release * debian/control - bump Standards-Version to 3.8.1 (no changes needed) - fixed section for -dbg package to 'debug' - removed transitional packages - bump minimum version for python packages to call install-layout=deb * debian/copyright - updated copyright years for upstream work * debian/rules - running tests at build time, still experimental support - refactored to use supported python version (and not python executables names) during loops - call setup.py --install with --install-layout=deb (patch from Ubuntu) -- Sandro Tosi Thu, 04 Jun 2009 00:43:41 +0200 pyopenssl (0.8-1) unstable; urgency=low * New upstream release * debian/control - updated my email address - removed XS-DM-Upload-Allowed field - enhanced -doc descriptions and added a note for -dbg that's the debug pkg * debian/patches/10_fix_doc_buildsystem.dpatch - added description * debian/copyright - fixed local license file to point to LGPL-2 - added copyright notice for my packaging activities (2008-2009) * debian/rules - merged 'rm' calls into 'dh_clean' one -- Sandro Tosi Sat, 21 Feb 2009 01:24:57 +0100 pyopenssl (0.7-2) unstable; urgency=medium * debian/control - added texlive-latex-base, texlive-latex-recommended to build-dep to fix a FTBFS; thanks to Lucas Nussbaum for the report; Closes: 486950 - bump Standards-Version to 3.8.0 * debian/README.source - added as requested by Policy 3.8.0 -- Sandro Tosi Thu, 19 Jun 2008 20:05:55 +0200 pyopenssl (0.7-1) unstable; urgency=low [ Sandro Tosi ] * New upstream release * debian/patches/01_restore_pristine_code.dpatch - removed since merged upstream * debian/rules - added doc creation at build-time * debian/patches/10_fix_doc_buildsystem.dpatch - added to allow doc build on debian * debian/control - added tex4ht and w3m build-dep needed to build doc * debian/python-openssl-doc.doc-base - updated for new index filename * debian/copyright - updated upstream author and copyright notices * debian/watch - fixed to correctly detect X.YaZ < X.Y [ Piotr Ożarowski ] * Added XS-DM-Upload-Allowed: yes -- Sandro Tosi Thu, 24 Apr 2008 20:00:36 +0200 pyopenssl (0.6-5) unstable; urgency=low * debian/control - fixed dependencies on documentation package * python-openssl-doc.doc-base - converted to UTF8 - changed Section to Programming -- Sandro Tosi Sat, 08 Mar 2008 23:06:19 +0100 pyopenssl (0.6-4) unstable; urgency=low [ Scott Kitterman ] * Add debug package (incorporate changes from Ubuntu) - Add build-dep on python-all-dbg - Suggest python-openssl-dbg - Add building debug variants to debian/rules * Add myself to uploaders [ Sandro Tosi ] * debian/rules - fixing commands to refer to new packages names [ Piotr Ożarowski ] * Add python-pyopenssl to python-openssl's Conflicts, Replaces and Provides -- Sandro Tosi Mon, 25 Feb 2008 22:39:45 +0100 pyopenssl (0.6-3) unstable; urgency=low [ Sandro Tosi ] * Adopting package (Closes: #465988) * Acknowledging NMUs (Closes: #373548, #355947, #351133, #347541) * debian/control - set DPMT as maintainer - set myself as uploader - bump Standards-Version to 3.7.3 - added Vcs-{Svn,Browser} tag - added misc:Depends - updated versioned build-dep on python-support - renamed doc package to python-openssl-doc (and added transitional package) - added Homepage field - added dpatch build-dep - changed short description (Closes: #410705) - changed long description - changed bin package name to python-openssl (and added transitional package) * debian/pycompat - removed * debian/rules - removed comment header - removed commented dh_* calls - removed dh_python calls - removed DH_COMPAT variable set - added dpatch stuff - build for all supported python version (Closes: #452616) * debian/python-openssl-doc.doc-base - renamed from debian/pyopenssl-doc.doc-base - corrected files location - reformatted description * debian/pyopenssl-doc.docs - removed * debian/python-openssl-doc.examples - renamed from debian/pyopenssl-doc.examples * debian/README.Debian - removed * debian/compat - created with value 5 * doc/pyOpenSSL.ps - restored to upstream file (changes only in generation dates) * debian/patches/01_restore_pristine_code.dpatch - added to restore upstream source code * debian/copyright - clear separation of copyright and license - upstream author, copyright and license indented with 4 spaces - added copyright info for 3 files, different from the main one [ Piotr Ożarowski ] * debian/watch - added -- Sandro Tosi Sun, 24 Feb 2008 22:38:11 +0100 pyopenssl (0.6-2.3) unstable; urgency=low * Non-maintainer upload. * Update Package for last python policy (Closes: #373548). -- Pierre Habouzit Fri, 30 Jun 2006 13:31:10 +0200 pyopenssl (0.6-2.2) unstable; urgency=low * Non-maintainer upload. * Include patch from Cyril Lacoux , fixing Segmentation fault when creating x509 extension. (Closes: #355947) -- Julien Danjou Fri, 12 May 2006 16:42:47 +0200 pyopenssl (0.6-2.1) unstable; urgency=low * Non-maintainer upload. * Stop building modules for python2.2. (Closes: #351133) * Also rebuild module using libssl0.9.8. (Closes: #347541) -- Pierre Habouzit Sun, 9 Apr 2006 19:45:16 +0200 pyopenssl (0.6-2) unstable; urgency=low * Add support for python 2.4. (Closes: #297870) * Build-depend on v0.9.7 of openssl. -- Martin Sjogren Mon, 14 Mar 2005 08:56:27 +0100 pyopenssl (0.6-1) unstable; urgency=low * New upstream release, including: - Add Netscape SPKI extensions. (Closes: #205132) - Add X509.subject_name_hash, X509.digest. (Closes: #205136) - Fix full names of exceptions. (Closes: #250342) - Add SSL.Context.use_certificate_chain_file. (Closes: #260134) * Docs are built upstream, so the build-deps have been trimmed. This also means that HTML and text documentation are back. * Bumped standards-version. * Use dh_python. -- Martin Sjogren Fri, 13 Aug 2004 20:53:27 +0200 pyopenssl (0.5.1-4) unstable; urgency=low * Drop HTML and text documentation since latex2html moved to non-free. This is a temporary solution, until I can hack mkhowto to use something else. (Closes: #221344) * Fix the copyright file to mention the copyright holder. -- Martin Sjogren Mon, 15 Dec 2003 20:16:25 +0100 pyopenssl (0.5.1-3) unstable; urgency=low * MANIFEST.in: Include the src/RATIONALE file. (Closes: #197401) * doc/pyOpenSSL.tex: Fix typo. (Closes: #197435) * Drop Python 1.5 and 2.1 support. * Make python-pyopenssl depend on python2.3-pyopenssl, which is no longer "experimental". -- Martin Sjogren Mon, 11 Aug 2003 18:37:07 +0200 pyopenssl (0.5.1-2) unstable; urgency=low * Make sure names in control and changelog match. Stupid changelogs, bleh. * Change section to 'python'. * Rebuild with openssl 0.9.7. (Closes: #189826) * __init__.py: Import tsafe module. * tsafe.py: Add some missing methods. * debian/copyright: Fix Author(s) boilerplate thingy to shut lintian up. -- Martin Sjogren Sun, 20 Apr 2003 17:50:24 +0200 pyopenssl (0.5.1-1) unstable; urgency=low * New upstream version. (Closes: #159530) * Added a python-pyopenssl dummy package. * Added an experimental python2.3-pyopenssl package. -- Martin Sjögren Sun, 25 Aug 2002 12:08:31 +0200 pyopenssl (0.5-1) unstable; urgency=low * New upstream version * Support for python1.5. * Fix stupid mistakes for python 1.5 and python 2.1. -- Martin Sjögren Wed, 24 Jul 2002 09:05:28 +0200 pyopenssl (0.4.1-8) unstable; urgency=low * Added examples to pyopenssl-doc -- Martin Sjögren Wed, 5 Jun 2002 14:58:04 +0200 pyopenssl (0.4.1-7) unstable; urgency=low * The cute arrow icons in the HTML documentation should be there now too. -- Martin Sjögren Thu, 30 May 2002 00:53:44 +0200 pyopenssl (0.4.1-6) unstable; urgency=low * Commented out some unused things in debian/rules -- Martin Sjögren Wed, 29 May 2002 11:20:33 +0200 pyopenssl (0.4.1-5) unstable; urgency=low * Adding to the build-depends. * Initial upload (Closes: #140687) -- Martin Sjögren Sat, 6 Apr 2002 14:15:49 +0200 pyopenssl (0.4.1-4) unstable; urgency=low * Fixes in packaging, it shouldn't be regarded a native package now. -- Martin Sjögren Sat, 6 Apr 2002 11:26:39 +0200 pyopenssl (0.4.1-3) unstable; urgency=low * Moved from non-US to main/devel -- Martin Sjögren Fri, 5 Apr 2002 22:44:10 +0200 pyopenssl (0.4.1-2) unstable; urgency=low * Fixes in the packaging, dependencies and build dependencies should be all right now. -- Martin Sjögren Thu, 10 Jan 2002 10:00:06 +0100 pyopenssl (0.4.1-1) unstable; urgency=low * New "upstream" release * New packaging, python2.1-pyopenssl, python2.2-pyopenssl, pyopenssl-doc -- Martin Sjögren Mon, 7 Jan 2002 15:38:51 +0100 pyopenssl (0.4-4) unstable; urgency=low * Grrr, this time then... -- Martin Sjögren Fri, 17 Aug 2001 14:53:19 +0200 pyopenssl (0.4-3) unstable; urgency=low * Fixed a big nasty bug -- Martin Sjögren Fri, 17 Aug 2001 14:33:06 +0200 pyopenssl (0.4-2) unstable; urgency=low * Fixes -- Martin Sjögren Fri, 17 Aug 2001 13:53:11 +0200 pyopenssl (0.4-1) unstable; urgency=low * New "upstream" version -- Martin Sjögren Thu, 9 Aug 2001 12:32:47 +0200 pyopenssl (0.3-3) unstable; urgency=low * X509 objects now has a has_expired method -- Martin Sjögren Tue, 7 Aug 2001 14:16:13 +0200 pyopenssl (0.3-2) unstable; urgency=low * X509Name objects now has a compare method -- Martin Sjögren Tue, 7 Aug 2001 10:53:58 +0200 pyopenssl (0.3-1) unstable; urgency=low * New "upstream" version -- Martin Sjögren Fri, 3 Aug 2001 16:36:26 +0200 pyopenssl (0.1-1) unstable; urgency=low * Initial version. -- Anders Hammarquist Mon, 23 Jul 2001 15:17:38 +0200 debian/control0000664000000000000000000000763011751620517010606 0ustar Source: pyopenssl Section: python Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Debian Python Modules Team Uploaders: Sandro Tosi Build-Depends: debhelper (>= 5.0.37.2), python-all-dev (>= 2.6.6-3~), python-all-dbg (>= 2.5.4-1~), python3-all-dev, python3-all-dbg, libssl-dev (>= 0.9.8), latex2html, lynx, openssl Standards-Version: 3.9.3 Homepage: http://launchpad.net/pyopenssl Vcs-Svn: svn://svn.debian.org/python-modules/packages/pyopenssl/trunk/ Vcs-Browser: http://svn.debian.org/viewsvn/python-modules/packages/pyopenssl/trunk/ XS-Python-Version: all X-Python3-Version: >= 3.2 Package: python-openssl Architecture: any Depends: ${python:Depends}, ${shlibs:Depends}, ${misc:Depends} Suggests: python-openssl-doc, python-openssl-dbg Description: Python 2 wrapper around the OpenSSL library High-level wrapper around a subset of the OpenSSL library, includes . * SSL.Connection objects, wrapping the methods of Python's portable sockets * Callbacks written in Python * Extensive error-handling mechanism, mirroring OpenSSL's error codes . A lot of the object methods do nothing more than calling a corresponding function in the OpenSSL library. Package: python-openssl-doc Section: doc Architecture: all Depends: ${misc:Depends} Suggests: python-openssl, python3-openssl Description: Python wrapper around the OpenSSL library (documentation package) High-level wrapper around a subset of the OpenSSL library, includes . * SSL.Connection objects, wrapping the methods of Python's portable sockets * Callbacks written in Python * Extensive error-handling mechanism, mirroring OpenSSL's error codes . A lot of the object methods do nothing more than calling a corresponding function in the OpenSSL library. . This package contains documentation for python-openssl. Package: python-openssl-dbg Priority: extra Section: debug Architecture: any Depends: ${misc:Depends}, python-openssl (= ${binary:Version}), python-dbg, ${shlibs:Depends} Description: Python 2 wrapper around the OpenSSL library (debug extension) High-level wrapper around a subset of the OpenSSL library, includes . * SSL.Connection objects, wrapping the methods of Python's portable sockets * Callbacks written in Python * Extensive error-handling mechanism, mirroring OpenSSL's error codes . A lot of the object methods do nothing more than calling a corresponding function in the OpenSSL library. . This package contains the debug extension for python-openssl. Package: python3-openssl Architecture: any Depends: ${python3:Depends}, ${shlibs:Depends}, ${misc:Depends} Suggests: python-openssl-doc, python3-openssl-dbg Description: Python 3 wrapper around the OpenSSL library High-level wrapper around a subset of the OpenSSL library, includes . * SSL.Connection objects, wrapping the methods of Python's portable sockets * Callbacks written in Python * Extensive error-handling mechanism, mirroring OpenSSL's error codes . A lot of the object methods do nothing more than calling a corresponding function in the OpenSSL library. . This package contains the Python 3 version of pyopenssl. Package: python3-openssl-dbg Priority: extra Section: debug Architecture: any Depends: ${misc:Depends}, python3-openssl (= ${binary:Version}), python3-dbg, ${shlibs:Depends} Description: Python 3 wrapper around the OpenSSL library (debug extension) High-level wrapper around a subset of the OpenSSL library, includes . * SSL.Connection objects, wrapping the methods of Python's portable sockets * Callbacks written in Python * Extensive error-handling mechanism, mirroring OpenSSL's error codes . A lot of the object methods do nothing more than calling a corresponding function in the OpenSSL library. . This package contains the debug extension for python3-openssl. debian/rules0000775000000000000000000000600011751620556010254 0ustar #!/usr/bin/make -f # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 PY2VERS := $(shell pyversions -r -v) PY3VERS := $(shell py3versions -r -v) PYVERS := $(PY2VERS) $(PY3VERS) build: build-arch build-indep build-arch: build-stamp build-indep: build-stamp build-stamp: dh_testdir set -e; \ for py in $(PYVERS); do \ python$$py setup.py build; \ python$$py-dbg setup.py build; \ done # run tests -for py in $(PYVERS); do \ for test in OpenSSL/test/test*; do \ echo "running $$test for python$$py ..."; \ PYTHONPATH=build/lib.$(DEB_BUILD_ARCH_OS)-$(shell uname -m)-$$py python$$py $$test; \ PYTHONPATH=`ls -d build/lib_d.*-$$py || ls -d build/lib.*-$$py-pydebug` python$$py-dbg $$test; \ done; \ done $(MAKE) -C doc all touch build-stamp clean: dh_testdir dh_testroot -for py in $(PYVERS); do \ python$$py setup.py clean --all; \ python$$py-dbg setup.py clean --all; \ done rm -rf build $(MAKE) -C doc clean rm -rf *.key *.pem tmp* dh_clean build-stamp version.pyc install: DH_OPTIONS= install: build dh_testdir dh_testroot dh_clean -k dh_installdirs set -e; \ for py in $(PY2VERS); do \ echo "installing for python$$py ..."; \ python$$py setup.py install --root=$(CURDIR)/debian/python-openssl --install-layout=deb; \ echo "installing for python$$py-dbg ..."; \ python$$py-dbg setup.py install --root=$(CURDIR)/debian/python-openssl-dbg --install-layout=deb; \ done set -e; \ for py in $(PY3VERS); do \ echo "installing for python$$py ..."; \ python$$py setup.py install --root=$(CURDIR)/debian/python3-openssl --install-layout=deb; \ echo "installing for python$$py-dbg ..."; \ python$$py-dbg setup.py install --root=$(CURDIR)/debian/python3-openssl-dbg --install-layout=deb; \ done find debian/python-openssl-dbg ! -type d ! -name '*_d.so' | xargs rm -f find debian/python-openssl-dbg -depth -empty -exec rmdir {} \; # Build architecture-independent files here. # Pass -i to all debhelper commands in this target to reduce clutter. binary-indep: build install dh_testdir -i dh_testroot -i dh_installdocs -i dh_installexamples -i dh_installchangelogs ChangeLog -i dh_compress -i dh_fixperms -i dh_python2 -i dh_python3 -i dh_installdeb -i dh_gencontrol -i dh_md5sums -i dh_builddeb -i # Build architecture-dependent files here. binary-arch: build install dh_testdir -a dh_testroot -a dh_installdocs -a dh_installexamples -a dh_installchangelogs ChangeLog -a dh_strip -ppython-openssl --dbg-package=python-openssl-dbg dh_strip -ppython3-openssl --dbg-package=python3-openssl-dbg rm -rf debian/python-openssl-dbg/usr/share/doc/python-openssl-dbg ln -s python-openssl debian/python-openssl-dbg/usr/share/doc/python-openssl-dbg dh_compress -a dh_fixperms -a dh_python2 -a dh_python3 -a dh_makeshlibs -a dh_installdeb -a dh_shlibdeps -a dh_gencontrol -a dh_md5sums -a dh_builddeb -a binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install debian/watch0000664000000000000000000000030611751617552010232 0ustar version=3 #https://launchpad.net/pyopenssl/+download http://launchpad.net/pyopenssl/main/.*/pyOpenSSL-([\d.]*)\.tar.gz http://pypi.python.org/packages/source/p/pyOpenSSL/pyOpenSSL-([\d.]*)\.tar.gz debian/python-openssl-doc.docs0000664000000000000000000000005411751617552013620 0ustar doc/pyOpenSSL.ps doc/pyOpenSSL.txt doc/html debian/python-openssl-doc.doc-base0000664000000000000000000000075211751617552014352 0ustar Document: python-openssl-manual Title: Python OpenSSL Manual Author: Martin Sjögren Abstract: Manual for the pyOpenSSL package. This module is a rather thin wrapper around (a subset of) the OpenSSL library. With thin wrapper I mean that a lot of the object methods do nothing more than calling a corresponding function in the OpenSSL library. Section: Programming Format: HTML Index: /usr/share/doc/python-openssl-doc/html/pyOpenSSL.html Files: /usr/share/doc/python-openssl-doc/html/* debian/python-openssl-doc.examples0000664000000000000000000000001311751617552014501 0ustar examples/* debian/patches/0000775000000000000000000000000012217122520010611 5ustar debian/patches/disable_test_set_default_verify_paths.patch0000664000000000000000000000351511751617552021462 0ustar Description: disable test_set_default_verify_paths since it tries to access the web Index: pyopenssl-0.13~a1/OpenSSL/test/test_ssl.py =================================================================== --- pyopenssl-0.13~a1.orig/OpenSSL/test/test_ssl.py 2011-08-15 18:23:31.612351434 +0200 +++ pyopenssl-0.13~a1/OpenSSL/test/test_ssl.py 2011-08-15 18:24:44.646743564 +0200 @@ -661,21 +661,22 @@ # internet which has such a certificate. Connecting to the network # in a unit test is bad, but it's the only way I can think of to # really test this. -exarkun + pass # Arg, verisign.com doesn't speak TLSv1 - context = Context(SSLv3_METHOD) - context.set_default_verify_paths() - context.set_verify( - VERIFY_PEER, - lambda conn, cert, errno, depth, preverify_ok: preverify_ok) - - client = socket() - client.connect(('verisign.com', 443)) - clientSSL = Connection(context, client) - clientSSL.set_connect_state() - clientSSL.do_handshake() - clientSSL.send('GET / HTTP/1.0\r\n\r\n') - self.assertTrue(clientSSL.recv(1024)) + #context = Context(SSLv3_METHOD) + #context.set_default_verify_paths() + #context.set_verify( + # VERIFY_PEER, + # lambda conn, cert, errno, depth, preverify_ok: preverify_ok) + # + #client = socket() + #client.connect(('verisign.com', 443)) + #clientSSL = Connection(context, client) + #clientSSL.set_connect_state() + #clientSSL.do_handshake() + #clientSSL.send('GET / HTTP/1.0\r\n\r\n') + #self.assertTrue(clientSSL.recv(1024)) def test_set_default_verify_paths_signature(self): debian/patches/CVE-2013-4314.patch0000664000000000000000000002034512217122520013227 0ustar Description: fix incorrect ssl cert validation via NUL byte in subjectAltName Origin: backport, http://bazaar.launchpad.net/~exarkun/pyopenssl/trunk/revision/169 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722055 Index: pyopenssl-0.13/OpenSSL/crypto/x509.c =================================================================== --- pyopenssl-0.13.orig/OpenSSL/crypto/x509.c 2011-09-02 11:46:13.000000000 -0400 +++ pyopenssl-0.13/OpenSSL/crypto/x509.c 2013-09-20 15:38:11.043547355 -0400 @@ -756,6 +756,7 @@ extobj = PyObject_New(crypto_X509ExtensionObj, &crypto_X509Extension_Type); extobj->x509_extension = X509_EXTENSION_dup(ext); + extobj->dealloc = 1; return (PyObject*)extobj; } Index: pyopenssl-0.13/OpenSSL/crypto/x509ext.c =================================================================== --- pyopenssl-0.13.orig/OpenSSL/crypto/x509ext.c 2011-09-02 11:46:13.000000000 -0400 +++ pyopenssl-0.13/OpenSSL/crypto/x509ext.c 2013-09-20 15:38:11.043547355 -0400 @@ -236,19 +236,92 @@ PyObject_Del(self); } + +/* Special handling of subjectAltName. OpenSSL's builtin formatter, + * X509V3_EXT_print, mishandles NUL bytes allowing a truncated display that + * does not accurately reflect what's in the extension. + */ +int +crypto_X509Extension_str_subjectAltName(crypto_X509ExtensionObj *self, BIO *bio) { + GENERAL_NAMES *names; + const X509V3_EXT_METHOD *method = NULL; + long i, length, num; + const unsigned char *p; + + method = X509V3_EXT_get(self->x509_extension); + if (method == NULL) { + return -1; + } + + p = self->x509_extension->value->data; + length = self->x509_extension->value->length; + if (method->it) { + names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length, + ASN1_ITEM_ptr(method->it))); + } else { + names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length)); + } + if (names == NULL) { + return -1; + } + + num = sk_GENERAL_NAME_num(names); + for (i = 0; i < num; i++) { + GENERAL_NAME *name; + ASN1_STRING *as; + name = sk_GENERAL_NAME_value(names, i); + switch (name->type) { + case GEN_EMAIL: + BIO_puts(bio, "email:"); + as = name->d.rfc822Name; + BIO_write(bio, ASN1_STRING_data(as), + ASN1_STRING_length(as)); + break; + case GEN_DNS: + BIO_puts(bio, "DNS:"); + as = name->d.dNSName; + BIO_write(bio, ASN1_STRING_data(as), + ASN1_STRING_length(as)); + break; + case GEN_URI: + BIO_puts(bio, "URI:"); + as = name->d.uniformResourceIdentifier; + BIO_write(bio, ASN1_STRING_data(as), + ASN1_STRING_length(as)); + break; + default: + /* use builtin print for GEN_OTHERNAME, GEN_X400, + * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID + */ + GENERAL_NAME_print(bio, name); + } + /* trailing ', ' except for last element */ + if (i < (num - 1)) { + BIO_puts(bio, ", "); + } + } + sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); + + return 0; +} + /* * Print a nice text representation of the certificate request. */ static PyObject * -crypto_X509Extension_str(crypto_X509ExtensionObj *self) -{ +crypto_X509Extension_str(crypto_X509ExtensionObj *self) { int str_len; char *tmp_str; PyObject *str; BIO *bio = BIO_new(BIO_s_mem()); - if (!X509V3_EXT_print(bio, self->x509_extension, 0, 0)) - { + if (OBJ_obj2nid(self->x509_extension->object) == NID_subject_alt_name) { + if (crypto_X509Extension_str_subjectAltName(self, bio) == -1) { + BIO_free(bio); + exception_from_error_queue(crypto_Error); + return NULL; + } + } else if (!X509V3_EXT_print(bio, self->x509_extension, 0, 0)) { BIO_free(bio); exception_from_error_queue(crypto_Error); return NULL; @@ -267,7 +340,7 @@ "X509Extension", sizeof(crypto_X509ExtensionObj), 0, - (destructor)crypto_X509Extension_dealloc, + (destructor)crypto_X509Extension_dealloc, NULL, /* print */ NULL, /* getattr */ NULL, /* setattr (setattrfunc)crypto_X509Name_setattr, */ Index: pyopenssl-0.13/OpenSSL/test/test_crypto.py =================================================================== --- pyopenssl-0.13.orig/OpenSSL/test/test_crypto.py 2011-09-02 11:46:13.000000000 -0400 +++ pyopenssl-0.13/OpenSSL/test/test_crypto.py 2013-09-20 15:40:54.055542869 -0400 @@ -266,6 +266,38 @@ """) +# certificate with NULL bytes in subjectAltName and common name + +nulbyteSubjectAltNamePEM = b("""-----BEGIN CERTIFICATE----- +MIIE2DCCA8CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBxTELMAkGA1UEBhMCVVMx +DzANBgNVBAgMBk9yZWdvbjESMBAGA1UEBwwJQmVhdmVydG9uMSMwIQYDVQQKDBpQ +eXRob24gU29mdHdhcmUgRm91bmRhdGlvbjEgMB4GA1UECwwXUHl0aG9uIENvcmUg +RGV2ZWxvcG1lbnQxJDAiBgNVBAMMG251bGwucHl0aG9uLm9yZwBleGFtcGxlLm9y +ZzEkMCIGCSqGSIb3DQEJARYVcHl0aG9uLWRldkBweXRob24ub3JnMB4XDTEzMDgw +NzEzMTE1MloXDTEzMDgwNzEzMTI1MlowgcUxCzAJBgNVBAYTAlVTMQ8wDQYDVQQI +DAZPcmVnb24xEjAQBgNVBAcMCUJlYXZlcnRvbjEjMCEGA1UECgwaUHl0aG9uIFNv +ZnR3YXJlIEZvdW5kYXRpb24xIDAeBgNVBAsMF1B5dGhvbiBDb3JlIERldmVsb3Bt +ZW50MSQwIgYDVQQDDBtudWxsLnB5dGhvbi5vcmcAZXhhbXBsZS5vcmcxJDAiBgkq +hkiG9w0BCQEWFXB5dGhvbi1kZXZAcHl0aG9uLm9yZzCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBALXq7cn7Rn1vO3aA3TrzA5QLp6bb7B3f/yN0CJ2XFj+j +pHs+Gw6WWSUDpybiiKnPec33BFawq3kyblnBMjBU61ioy5HwQqVkJ8vUVjGIUq3P +vX/wBmQfzCe4o4uM89gpHyUL9UYGG8oCRa17dgqcv7u5rg0Wq2B1rgY+nHwx3JIv +KRrgSwyRkGzpN8WQ1yrXlxWjgI9de0mPVDDUlywcWze1q2kwaEPTM3hLAmD1PESA +oY/n8A/RXoeeRs9i/Pm/DGUS8ZPINXk/yOzsR/XvvkTVroIeLZqfmFpnZeF0cHzL +08LODkVJJ9zjLdT7SA4vnne4FEbAxDbKAq5qkYzaL4UCAwEAAaOB0DCBzTAMBgNV +HRMBAf8EAjAAMB0GA1UdDgQWBBSIWlXAUv9hzVKjNQ/qWpwkOCL3XDALBgNVHQ8E +BAMCBeAwgZAGA1UdEQSBiDCBhYIeYWx0bnVsbC5weXRob24ub3JnAGV4YW1wbGUu +Y29tgSBudWxsQHB5dGhvbi5vcmcAdXNlckBleGFtcGxlLm9yZ4YpaHR0cDovL251 +bGwucHl0aG9uLm9yZwBodHRwOi8vZXhhbXBsZS5vcmeHBMAAAgGHECABDbgAAAAA +AAAAAAAAAAEwDQYJKoZIhvcNAQEFBQADggEBAKxPRe99SaghcI6IWT7UNkJw9aO9 +i9eo0Fj2MUqxpKbdb9noRDy2CnHWf7EIYZ1gznXPdwzSN4YCjV5d+Q9xtBaowT0j +HPERs1ZuytCNNJTmhyqZ8q6uzMLoht4IqH/FBfpvgaeC5tBTnTT0rD5A/olXeimk +kX4LxlEx5RAvpGB2zZVRGr6LobD9rVK91xuHYNIxxxfEGE8tCCWjp0+3ksri9SXx +VHWBnbM9YaL32u3hxm8sYB/Yb8WSBavJCWJJqRStVRHM1koZlJmXNx2BX4vPo6iW +RFEIPQsFZRLrtnCAiEhyT8bC2s/Njlu6ly9gtJZWSV46Q3ZjBL4q9sHKqZQ= +-----END CERTIFICATE-----""") + + class X509ExtTests(TestCase): """ Tests for L{OpenSSL.crypto.X509Extension}. @@ -856,6 +888,19 @@ [(b("CN"), b("foo")), (b("OU"), b("bar"))]) + def test_load_nul_byte_attribute(self): + """ + An :py:class:`OpenSSL.crypto.X509Name` from an + :py:class:`OpenSSL.crypto.X509` instance loaded from a file can have a + NUL byte in the value of one of its attributes. + """ + cert = load_certificate(FILETYPE_PEM, nulbyteSubjectAltNamePEM) + subject = cert.get_subject() + self.assertEqual( + "null.python.org\x00example.org", subject.commonName) + + + class _PKeyInteractionTestsMixin: """ Tests which involve another thing and a PKey. @@ -1382,6 +1427,24 @@ self.assertRaises(TypeError, cert.get_extension, "hello") + def test_nullbyte_subjectAltName(self): + """ + The fields of a `subjectAltName` extension on an X509 may contain NUL + bytes and this value is reflected in the string representation of the + extension object. + """ + cert = load_certificate(FILETYPE_PEM, nulbyteSubjectAltNamePEM) + + ext = cert.get_extension(3) + self.assertEqual(ext.get_short_name(), b('subjectAltName')) + self.assertEqual( + b("DNS:altnull.python.org\x00example.com, " + "email:null@python.org\x00user@example.org, " + "URI:http://null.python.org\x00http://example.org, " + "IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1\n"), + b(str(ext))) + + def test_invalid_digest_algorithm(self): """ L{X509.digest} raises L{ValueError} if called with an unrecognized hash debian/patches/10_fix_doc_buildsystem.patch0000664000000000000000000001363211751617552016216 0ustar Author: Sandro Tosi Description: Fix the doc build system, providing a working clean target and building the latex doc using htlatex (in main) instead of latex2html --- pyopenssl-0.12.orig/doc/Makefile +++ pyopenssl-0.12/doc/Makefile @@ -10,11 +10,11 @@ html: pyOpenSSL.tex $(MKHOWTO) --html --iconserver . $^ - -rm -rf html - mv pyOpenSSL html + -rm -rf html/ + mkdir html/ + mv *.html pyOpenSSL.css html/ clean: - rm -rf html pyOpenSSL.dvi pyOpenSSL.ps pyOpenSSL.txt \ - pyOpenSSL.l2h pyOpenSSL.how + rm -rf html/ *.html pyOpenSSL.[0-9a-su-z]* pyOpenSSL.txt pyOpenSSL.tmp .PHONY: default all html dvi ps text clean --- pyopenssl-0.12.orig/doc/tools/mkhowto +++ pyopenssl-0.12/doc/tools/mkhowto @@ -55,8 +55,8 @@ BIBTEX_BINARY = "bibtex" DVIPS_BINARY = "dvips" LATEX_BINARY = "latex" -LATEX2HTML_BINARY = "latex2html" -LYNX_BINARY = "lynx" +LATEX2HTML_BINARY = "htlatex" +LYNX_BINARY = "w3m" MAKEINDEX_BINARY = "makeindex" PDFLATEX_BINARY = "pdflatex" PERL_BINARY = "perl" @@ -232,33 +232,10 @@ self.build_ps() if "html" in formats: self.require_temps() - self.build_html(self.options.builddir or self.doc) - if self.options.icon_server == ".": - pattern = os.path.join(MYDIR, "html", "icons", - "*." + self.options.image_type) - imgs = glob.glob(pattern) - if not imgs: - self.warning( - "Could not locate support images of type %s." - % `self.options.image_type`) - for fn in imgs: - new_fn = os.path.join(self.doc, os.path.basename(fn)) - shutil.copyfile(fn, new_fn) + self.build_html() if "text" in formats: - self.require_temps() - tempdir = self.doc - need_html = "html" not in formats - if self.options.max_split_depth != 1: - fp = open(self.l2h_aux_init_file, "a") - fp.write("# re-hack this file for --text:\n") - l2hoption(fp, "MAX_SPLIT_DEPTH", "1") - fp.write("1;\n") - fp.close() - tempdir = self.doc + "-temp-html" - need_html = 1 - if need_html: - self.build_html(tempdir, max_split_depth=1) - self.build_text(tempdir) + self.build_html() + self.build_text() if self.options.discard_temps: self.cleanup() @@ -282,6 +259,10 @@ def build_pdf(self): self.use_latex(PDFLATEX_BINARY) + def build_html(self): + self.setup_texinputs() + self.run("%s %s" % (LATEX2HTML_BINARY, self.doc)) + def use_latex(self, binary): self.require_temps(binary=binary) if self.latex_runs < 2: @@ -333,72 +314,8 @@ def build_ps(self): self.run("%s -N0 -o %s.ps %s" % (DVIPS_BINARY, self.doc, self.doc)) - def build_html(self, builddir=None, max_split_depth=None): - if builddir is None: - builddir = self.doc - if max_split_depth is None: - max_split_depth = self.options.max_split_depth - texfile = None - for p in string.split(os.environ["TEXINPUTS"], os.pathsep): - fn = os.path.join(p, self.doc + ".tex") - if os.path.isfile(fn): - texfile = fn - break - if not texfile: - self.warning("Could not locate %s.tex; aborting." % self.doc) - sys.exit(1) - # remove leading ./ (or equiv.); might avoid problems w/ dvips - if texfile[:2] == os.curdir + os.sep: - texfile = texfile[2:] - # build the command line and run LaTeX2HTML: - if not os.path.isdir(builddir): - os.mkdir(builddir) - else: - for fname in glob.glob(os.path.join(builddir, "*.html")): - os.unlink(fname) - args = [LATEX2HTML_BINARY, - "-init_file", self.l2h_aux_init_file, - "-dir", builddir, - texfile - ] - self.run(string.join(args)) # XXX need quoting! - # ... postprocess - shutil.copyfile(self.options.style_file, - os.path.join(builddir, self.doc + ".css")) - shutil.copyfile(os.path.join(builddir, self.doc + ".html"), - os.path.join(builddir, "index.html")) - if max_split_depth != 1: - if self.options.numeric: - label_file = os.path.join(builddir, "labels.pl") - fp = open(label_file) - about_node = None - target = " = q/about/;\n" - x = len(target) - while 1: - line = fp.readline() - if not line: - break - if line[-x:] == target: - line = fp.readline() - m = re.search(r"\|(node\d+\.[a-z]+)\|", line) - about_node = m.group(1) - shutil.copyfile(os.path.join(builddir, about_node), - os.path.join(builddir, "about.html")) - break - else: - pwd = os.getcwd() - try: - os.chdir(builddir) - self.run("%s %s *.html" % (PERL_BINARY, NODE2LABEL_SCRIPT)) - finally: - os.chdir(pwd) - - def build_text(self, tempdir=None): - if tempdir is None: - tempdir = self.doc - indexfile = os.path.join(tempdir, "index.html") - self.run("%s -nolist -dump %s >%s.txt" - % (LYNX_BINARY, indexfile, self.doc)) + def build_text(self): + self.run("%s -dump %s > %s.txt" % (LYNX_BINARY, "pyOpenSSL.html", self.doc)) def require_temps(self, binary=None): if not self.latex_runs: debian/patches/series0000664000000000000000000000013612217122027012030 0ustar #10_fix_doc_buildsystem.patch disable_test_set_default_verify_paths.patch CVE-2013-4314.patch debian/README.source0000664000000000000000000000023111751617552011355 0ustar This package uses dpatch to handle patches against upstream source code; you can find additional information about dpatch at /usr/share/doc/dpatch/ debian/compat0000664000000000000000000000000211751617552010400 0ustar 5 debian/python-pyopenssl.install0000664000000000000000000000002111751617552014136 0ustar usr/lib/python2* debian/python3-pyopenssl-dbg.install0000664000000000000000000000002011751617552014752 0ustar usr/lib/python3 debian/python3-pyopenssl.install0000664000000000000000000000002011751617552014220 0ustar usr/lib/python3