[Pkg-freeipa-devel] [Git][freeipa-team/python-nss][master] 14 commits: Added tag PYNSS_RELEASE_1_0_0 for changeset 9a5cf0294fc1

Timo Aaltonen gitlab at salsa.debian.org
Thu Dec 3 15:39:35 GMT 2020



Timo Aaltonen pushed to branch master at FreeIPA packaging / python-nss


Commits:
3bf7e4a7 by John Dennis at 2016-09-02T13:06:18-04:00
Added tag PYNSS_RELEASE_1_0_0 for changeset 9a5cf0294fc1

- - - - -
ea420813 by John Dennis at 2016-10-11T13:42:47-04:00
Add doc/examples/ssl_cipher_info.py

- - - - -
9c44cdd5 by John Dennis at 2017-02-28T18:06:27-05:00
Add TLS 1.3 cipher suites

TLS 1.3 does not use any of the TLS 1.2 cipher suites but introduced a
new set of cipher suites. The new cipher suites no longer define key
agreement and authentication protocol.

Signed-off-by: Christian Heimes <cheimes at redhat.com>

- - - - -
58f07a78 by John Dennis at 2017-02-28T18:09:25-05:00
ssl_cipher_info: Try to enable TLS 1.3

Attempt to enable TLS version 1.3 in ssl_cipher_info.py example script.
At the moment NSS 3.28.1 and older have TLS 1.3 support disabled. With a
custom build of NSS, ssl_cipher_info.py is able to establish a TLS 1.3
connection to tls13.crypto.mozilla.org.

SSL connect to: tls13.crypto.mozilla.org
try connecting to: 52.32.149.186
connected to: 52.32.149.186
handshake complete, peer = 52.32.149.186, negotiated host = tls13.crypto.mozilla.org
Connection Info:
SSL Protocol Version: 3.4 (tls1.3)
Cipher:               128-bit AES-GCM
MAC:                  128-bit AEAD
Auth:                 2048-bit TLS 1.3
Key Exchange:         255-bit TLS 1.3
Compression:          NULL

Channel:
--------
Protocol Version:      3.4 (tls1.3)
Cipher Suite:          TLS_AES_128_GCM_SHA256 (0x1301)
Auth Key Bits:         2048
Key Exchange Key Bits: 255
Creation Time:         1970-01-01 01:00:00
Last Access Time:      1970-01-01 01:00:00
Expiration Time:       1970-01-01 01:00:00
Compression Method:    NULL (0x0)
Session ID:

Suite:
------
Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
    Auth Algorithm:               TLS 1.3 (0xa)
    Key Exchange Type:            TLS 1.3 (0x7)
    Symmetric Cipher:             AES-GCM (0xa)
    Symmetric Key Bits:           128
    Effective Symmetric Key Bits: 128
    Symmetric Key Space:          128
    MAC Algorithm:                AEAD (0x6)
    MAC Bits:                     128
    FIPS:                         True
    Exportable:                   False
    Nonstandard:                  False

Signed-off-by: Christian Heimes <cheimes at redhat.com>

- - - - -
70299bb8 by John Dennis at 2017-02-28T18:11:19-05:00
Fix bdist_wheel support to build python-nss as Python wheel

The '-d' argument is already reserved as alias for destination
directory. The bdist_wheel builder uses -d to build wheels in a
temporary directory.

Signed-off-by: Christian Heimes <cheimes at redhat.com>

- - - - -
caa3100b by John Dennis at 2017-02-28T18:13:34-05:00
Update changelog and bump version

Signed-off-by: Christian Heimes <cheimes at redhat.com>

- - - - -
f4a8fe06 by Timo Aaltonen at 2020-11-05T11:10:25+02:00
Merge branch 'upstream'

- - - - -
f8502548 by Timo Aaltonen at 2020-11-05T11:10:51+02:00
bump the version

- - - - -
b8491b1e by Timo Aaltonen at 2020-11-05T11:11:19+02:00
control: Migrate to debhelper-compat.

- - - - -
09007c2b by Timo Aaltonen at 2020-12-03T17:25:58+02:00
rules: Override auto_clean, complicates building the source.

- - - - -
c52f9636 by Timo Aaltonen at 2020-12-03T17:28:20+02:00
fix-ftbfs.diff: Fix type conflicts. (Closes: #973131)

- - - - -
be2e3eb0 by Timo Aaltonen at 2020-12-03T17:31:24+02:00
source: Upstream didn't bump the version in src/__init__.py, so ignore the diff to tarball.

- - - - -
5b11ffc8 by Timo Aaltonen at 2020-12-03T17:31:39+02:00
control: Bump policy to 4.5.1.

- - - - -
550f056d by Timo Aaltonen at 2020-12-03T17:31:49+02:00
releasing package python-nss version 1.0.1-1

- - - - -


12 changed files:

- .hgtags
- debian/changelog
- − debian/compat
- debian/control
- + debian/patches/fix-ftbfs.diff
- debian/patches/series
- debian/rules
- + debian/source/local-options
- doc/ChangeLog
- + doc/examples/ssl_cipher_info.py
- setup.py
- src/py_ssl.c


Changes:

=====================================
.hgtags
=====================================
@@ -35,3 +35,5 @@ bbe06f8d7b1bd897a9a836ec9ae977413e0e0c55 PYNSS_RELEASE_0_17_0
 84c4fa461e3040f7b3ecbdcb370de7ca921f87d4 PYNSS_RELEASE_1_0_0
 84c4fa461e3040f7b3ecbdcb370de7ca921f87d4 PYNSS_RELEASE_1_0_0
 96fff7c15b21fb0e25acfa9d68b9094623f5fcf4 PYNSS_RELEASE_1_0_0
+96fff7c15b21fb0e25acfa9d68b9094623f5fcf4 PYNSS_RELEASE_1_0_0
+9a5cf0294fc1f888d93f5a9bbf4e0217039036da PYNSS_RELEASE_1_0_0


=====================================
debian/changelog
=====================================
@@ -1,3 +1,15 @@
+python-nss (1.0.1-1) unstable; urgency=medium
+
+  * New upstream release.
+  * control: Migrate to debhelper-compat.
+  * rules: Override auto_clean, complicates building the source.
+  * fix-ftbfs.diff: Fix type conflicts. (Closes: #973131)
+  * source: Upstream didn't bump the version in src/__init__.py, so
+    ignore the diff to tarball.
+  * control: Bump policy to 4.5.1.
+
+ -- Timo Aaltonen <tjaalton at debian.org>  Thu, 03 Dec 2020 17:31:41 +0200
+
 python-nss (1.0.0-2) unstable; urgency=medium
 
   * Bump debhelper to 12.


=====================================
debian/compat deleted
=====================================
@@ -1 +0,0 @@
-12


=====================================
debian/control
=====================================
@@ -3,11 +3,11 @@ Section: python
 Priority: extra
 Maintainer: Debian FreeIPA Team <pkg-freeipa-devel at lists.alioth.debian.org>
 Uploaders: Timo Aaltonen <tjaalton at debian.org>
-Build-Depends: debhelper (>= 12),
+Build-Depends: debhelper-compat (= 12),
  dh-python,
  python3-all-dev,
  libnss3-dev,
-Standards-Version: 4.4.0
+Standards-Version: 4.5.1
 Homepage: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Python_binding_for_NSS
 Vcs-Git: https://salsa.debian.org/freeipa-team/python-nss.git
 Vcs-Browser: https://salsa.debian.org/freeipa-team/python-nss


=====================================
debian/patches/fix-ftbfs.diff
=====================================
@@ -0,0 +1,549 @@
+From 079d4f65a743fb9e952ab109c1a24997c15398a7 Mon Sep 17 00:00:00 2001
+From: Alexander Scheel <ascheel at redhat.com>
+Date: Thu, 3 Dec 2020 10:03:50 -0500
+Subject: [PATCH] Rename {DSA,RSA}PublicKey to Py{DSA,RSA}PublicKey
+
+These two structs have also been added to NSS as of v3.58. Because we
+duplicate the name with different members, we should prefix the
+python-nss classes with "Py" in the C code to distinguish them.
+
+Signed-off-by: Alexander Scheel <ascheel at redhat.com>
+---
+ src/py_nss.c | 180 +++++++++++++++++++++++++--------------------------
+ src/py_nss.h |   8 +--
+ 2 files changed, 94 insertions(+), 94 deletions(-)
+
+diff --git a/src/py_nss.c b/src/py_nss.c
+index 3e8ccdb..d033ac2 100644
+--- a/src/py_nss.c
++++ b/src/py_nss.c
+@@ -7091,7 +7091,7 @@ KEYPQGParams_new_from_SECKEYPQGParams(const SECKEYPQGParams *params)
+ }
+ 
+ /* ========================================================================== */
+-/* =========================== RSAPublicKey Class =========================== */
++/* ========================== PyRSAPublicKey Class ========================== */
+ /* ========================================================================== */
+ 
+ /* ============================ Attribute Access ============================ */
+@@ -7100,7 +7100,7 @@ KEYPQGParams_new_from_SECKEYPQGParams(const SECKEYPQGParams *params)
+ // via integer_secitem_to_pylong()
+ 
+ static PyObject *
+-RSAPublicKey_get_modulus(RSAPublicKey *self, void *closure)
++PyRSAPublicKey_get_modulus(PyRSAPublicKey *self, void *closure)
+ {
+     TraceMethodEnter(self);
+ 
+@@ -7109,7 +7109,7 @@ RSAPublicKey_get_modulus(RSAPublicKey *self, void *closure)
+ }
+ 
+ static PyObject *
+-RSAPublicKey_get_exponent(RSAPublicKey *self, void *closure)
++PyRSAPublicKey_get_exponent(PyRSAPublicKey *self, void *closure)
+ {
+     TraceMethodEnter(self);
+ 
+@@ -7118,20 +7118,20 @@ RSAPublicKey_get_exponent(RSAPublicKey *self, void *closure)
+ }
+ 
+ static
+-PyGetSetDef RSAPublicKey_getseters[] = {
+-    {"modulus",  (getter)RSAPublicKey_get_modulus,  (setter)NULL, "RSA modulus", NULL},
+-    {"exponent", (getter)RSAPublicKey_get_exponent, (setter)NULL, "RSA exponent", NULL},
++PyGetSetDef PyRSAPublicKey_getseters[] = {
++    {"modulus",  (getter)PyRSAPublicKey_get_modulus,  (setter)NULL, "RSA modulus", NULL},
++    {"exponent", (getter)PyRSAPublicKey_get_exponent, (setter)NULL, "RSA exponent", NULL},
+     {NULL}  /* Sentinel */
+ };
+ 
+-static PyMemberDef RSAPublicKey_members[] = {
++static PyMemberDef PyRSAPublicKey_members[] = {
+     {NULL}  /* Sentinel */
+ };
+ 
+ /* ============================== Class Methods ============================= */
+ 
+ static PyObject *
+-RSAPublicKey_format_lines(RSAPublicKey *self, PyObject *args, PyObject *kwds)
++PyRSAPublicKey_format_lines(PyRSAPublicKey *self, PyObject *args, PyObject *kwds)
+ {
+     static char *kwlist[] = {"level", NULL};
+     int level = 0;
+@@ -7147,12 +7147,12 @@ RSAPublicKey_format_lines(RSAPublicKey *self, PyObject *args, PyObject *kwds)
+         return NULL;
+     }
+ 
+-    if ((obj = RSAPublicKey_get_modulus(self, NULL)) == NULL) {
++    if ((obj = PyRSAPublicKey_get_modulus(self, NULL)) == NULL) {
+         goto fail;
+     }
+     FMT_SEC_INT_OBJ_APPEND_AND_CLEAR(lines, _("Modulus"), obj, level, fail);
+ 
+-    if ((obj = RSAPublicKey_get_exponent(self, NULL)) == NULL) {
++    if ((obj = PyRSAPublicKey_get_exponent(self, NULL)) == NULL) {
+         goto fail;
+     }
+     FMT_SEC_INT_OBJ_APPEND_AND_CLEAR(lines, _("Exponent"), obj, level, fail);
+@@ -7165,41 +7165,41 @@ RSAPublicKey_format_lines(RSAPublicKey *self, PyObject *args, PyObject *kwds)
+ }
+ 
+ static PyObject *
+-RSAPublicKey_format(RSAPublicKey *self, PyObject *args, PyObject *kwds)
++PyRSAPublicKey_format(PyRSAPublicKey *self, PyObject *args, PyObject *kwds)
+ {
+     TraceMethodEnter(self);
+ 
+-    return format_from_lines((format_lines_func)RSAPublicKey_format_lines, (PyObject *)self, args, kwds);
++    return format_from_lines((format_lines_func)PyRSAPublicKey_format_lines, (PyObject *)self, args, kwds);
+ }
+ 
+ static PyObject *
+-RSAPublicKey_str(RSAPublicKey *self)
++PyRSAPublicKey_str(PyRSAPublicKey *self)
+ {
+     PyObject *py_formatted_result = NULL;
+ 
+     TraceMethodEnter(self);
+ 
+-    py_formatted_result =  RSAPublicKey_format(self, empty_tuple, NULL);
++    py_formatted_result =  PyRSAPublicKey_format(self, empty_tuple, NULL);
+     return py_formatted_result;
+ 
+ }
+ 
+-static PyMethodDef RSAPublicKey_methods[] = {
+-    {"format_lines", (PyCFunction)RSAPublicKey_format_lines,   METH_VARARGS|METH_KEYWORDS, generic_format_lines_doc},
+-    {"format",       (PyCFunction)RSAPublicKey_format,         METH_VARARGS|METH_KEYWORDS, generic_format_doc},
++static PyMethodDef PyRSAPublicKey_methods[] = {
++    {"format_lines", (PyCFunction)PyRSAPublicKey_format_lines,   METH_VARARGS|METH_KEYWORDS, generic_format_lines_doc},
++    {"format",       (PyCFunction)PyRSAPublicKey_format,         METH_VARARGS|METH_KEYWORDS, generic_format_doc},
+     {NULL, NULL}  /* Sentinel */
+ };
+ 
+ /* =========================== Class Construction =========================== */
+ 
+ static PyObject *
+-RSAPublicKey_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
++PyRSAPublicKey_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
+ {
+-    RSAPublicKey *self;
++    PyRSAPublicKey *self;
+ 
+     TraceObjNewEnter(type);
+ 
+-    if ((self = (RSAPublicKey *)type->tp_alloc(type, 0)) == NULL) {
++    if ((self = (PyRSAPublicKey *)type->tp_alloc(type, 0)) == NULL) {
+         return NULL;
+     }
+ 
+@@ -7211,7 +7211,7 @@ RSAPublicKey_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
+ }
+ 
+ static int
+-RSAPublicKey_traverse(RSAPublicKey *self, visitproc visit, void *arg)
++PyRSAPublicKey_traverse(PyRSAPublicKey *self, visitproc visit, void *arg)
+ {
+     TraceMethodEnter(self);
+ 
+@@ -7221,7 +7221,7 @@ RSAPublicKey_traverse(RSAPublicKey *self, visitproc visit, void *arg)
+ }
+ 
+ static int
+-RSAPublicKey_clear(RSAPublicKey* self)
++PyRSAPublicKey_clear(PyRSAPublicKey* self)
+ {
+     TraceMethodEnter(self);
+ 
+@@ -7231,31 +7231,31 @@ RSAPublicKey_clear(RSAPublicKey* self)
+ }
+ 
+ static void
+-RSAPublicKey_dealloc(RSAPublicKey* self)
++PyRSAPublicKey_dealloc(PyRSAPublicKey* self)
+ {
+     TraceMethodEnter(self);
+ 
+-    RSAPublicKey_clear(self);
++    PyRSAPublicKey_clear(self);
+     Py_TYPE(self)->tp_free((PyObject*)self);
+ }
+ 
+-PyDoc_STRVAR(RSAPublicKey_doc,
++PyDoc_STRVAR(PyRSAPublicKey_doc,
+ "An object representing an RSA Public Key");
+ 
+ static int
+-RSAPublicKey_init(RSAPublicKey *self, PyObject *args, PyObject *kwds)
++PyRSAPublicKey_init(PyRSAPublicKey *self, PyObject *args, PyObject *kwds)
+ {
+     TraceMethodEnter(self);
+ 
+     return 0;
+ }
+ 
+-static PyTypeObject RSAPublicKeyType = {
++static PyTypeObject PyRSAPublicKeyType = {
+     PyVarObject_HEAD_INIT(NULL, 0)
+-    "nss.nss.RSAPublicKey",			/* tp_name */
+-    sizeof(RSAPublicKey),			/* tp_basicsize */
++    "nss.nss.PyRSAPublicKey",			/* tp_name */
++    sizeof(PyRSAPublicKey),			/* tp_basicsize */
+     0,						/* tp_itemsize */
+-    (destructor)RSAPublicKey_dealloc,		/* tp_dealloc */
++    (destructor)PyRSAPublicKey_dealloc,		/* tp_dealloc */
+     0,						/* tp_print */
+     0,						/* tp_getattr */
+     0,						/* tp_setattr */
+@@ -7266,39 +7266,39 @@ static PyTypeObject RSAPublicKeyType = {
+     0,						/* tp_as_mapping */
+     0,						/* tp_hash */
+     0,						/* tp_call */
+-    (reprfunc)RSAPublicKey_str,			/* tp_str */
++    (reprfunc)PyRSAPublicKey_str,			/* tp_str */
+     0,						/* tp_getattro */
+     0,						/* tp_setattro */
+     0,						/* tp_as_buffer */
+     Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE | Py_TPFLAGS_HAVE_GC,	/* tp_flags */
+-    RSAPublicKey_doc,				/* tp_doc */
+-    (traverseproc)RSAPublicKey_traverse,	/* tp_traverse */
+-    (inquiry)RSAPublicKey_clear,		/* tp_clear */
++    PyRSAPublicKey_doc,				/* tp_doc */
++    (traverseproc)PyRSAPublicKey_traverse,	/* tp_traverse */
++    (inquiry)PyRSAPublicKey_clear,		/* tp_clear */
+     0,						/* tp_richcompare */
+     0,						/* tp_weaklistoffset */
+     0,						/* tp_iter */
+     0,						/* tp_iternext */
+-    RSAPublicKey_methods,			/* tp_methods */
+-    RSAPublicKey_members,			/* tp_members */
+-    RSAPublicKey_getseters,			/* tp_getset */
++    PyRSAPublicKey_methods,			/* tp_methods */
++    PyRSAPublicKey_members,			/* tp_members */
++    PyRSAPublicKey_getseters,			/* tp_getset */
+     0,						/* tp_base */
+     0,						/* tp_dict */
+     0,						/* tp_descr_get */
+     0,						/* tp_descr_set */
+     0,						/* tp_dictoffset */
+-    (initproc)RSAPublicKey_init,		/* tp_init */
++    (initproc)PyRSAPublicKey_init,		/* tp_init */
+     0,						/* tp_alloc */
+-    RSAPublicKey_new,				/* tp_new */
++    PyRSAPublicKey_new,				/* tp_new */
+ };
+ 
+ PyObject *
+-RSAPublicKey_new_from_SECKEYRSAPublicKey(SECKEYRSAPublicKey *rsa)
++PyRSAPublicKey_new_from_SECKEYRSAPublicKey(SECKEYRSAPublicKey *rsa)
+ {
+-    RSAPublicKey *self = NULL;
++    PyRSAPublicKey *self = NULL;
+ 
+     TraceObjNewEnter(NULL);
+ 
+-    if ((self = (RSAPublicKey *) RSAPublicKeyType.tp_new(&RSAPublicKeyType, NULL, NULL)) == NULL) {
++    if ((self = (PyRSAPublicKey *) PyRSAPublicKeyType.tp_new(&PyRSAPublicKeyType, NULL, NULL)) == NULL) {
+         return NULL;
+     }
+ 
+@@ -7317,13 +7317,13 @@ RSAPublicKey_new_from_SECKEYRSAPublicKey(SECKEYRSAPublicKey *rsa)
+ }
+ 
+ /* ========================================================================== */
+-/* =========================== DSAPublicKey Class =========================== */
++/* ========================== PyDSAPublicKey Class ========================== */
+ /* ========================================================================== */
+ 
+ /* ============================ Attribute Access ============================ */
+ 
+ static PyObject *
+-DSAPublicKey_get_pqg_params(DSAPublicKey *self, void *closure)
++PyDSAPublicKey_get_pqg_params(PyDSAPublicKey *self, void *closure)
+ {
+     TraceMethodEnter(self);
+ 
+@@ -7332,7 +7332,7 @@ DSAPublicKey_get_pqg_params(DSAPublicKey *self, void *closure)
+ }
+ 
+ static PyObject *
+-DSAPublicKey_get_public_value(DSAPublicKey *self, void *closure)
++PyDSAPublicKey_get_public_value(PyDSAPublicKey *self, void *closure)
+ {
+     TraceMethodEnter(self);
+ 
+@@ -7341,20 +7341,20 @@ DSAPublicKey_get_public_value(DSAPublicKey *self, void *closure)
+ }
+ 
+ static
+-PyGetSetDef DSAPublicKey_getseters[] = {
+-    {"pqg_params",   (getter)DSAPublicKey_get_pqg_params,   (setter)NULL, "DSA P,Q,G params as a KEYPQGParams object", NULL},
+-    {"public_value", (getter)DSAPublicKey_get_public_value, (setter)NULL, "DSA public_value", NULL},
++PyGetSetDef PyDSAPublicKey_getseters[] = {
++    {"pqg_params",   (getter)PyDSAPublicKey_get_pqg_params,   (setter)NULL, "DSA P,Q,G params as a KEYPQGParams object", NULL},
++    {"public_value", (getter)PyDSAPublicKey_get_public_value, (setter)NULL, "DSA public_value", NULL},
+     {NULL}  /* Sentinel */
+ };
+ 
+-static PyMemberDef DSAPublicKey_members[] = {
++static PyMemberDef PyDSAPublicKey_members[] = {
+     {NULL}  /* Sentinel */
+ };
+ 
+ /* ============================== Class Methods ============================= */
+ 
+ static PyObject *
+-DSAPublicKey_format_lines(DSAPublicKey *self, PyObject *args, PyObject *kwds)
++PyDSAPublicKey_format_lines(PyDSAPublicKey *self, PyObject *args, PyObject *kwds)
+ {
+     static char *kwlist[] = {"level", NULL};
+     int level = 0;
+@@ -7371,13 +7371,13 @@ DSAPublicKey_format_lines(DSAPublicKey *self, PyObject *args, PyObject *kwds)
+         return NULL;
+     }
+ 
+-    if ((obj = DSAPublicKey_get_pqg_params(self, NULL)) == NULL) {
++    if ((obj = PyDSAPublicKey_get_pqg_params(self, NULL)) == NULL) {
+         goto fail;
+     }
+     CALL_FORMAT_LINES_AND_APPEND(lines, obj, level, fail);
+     Py_CLEAR(obj);
+ 
+-    if ((obj = DSAPublicKey_get_public_value(self, NULL)) == NULL) {
++    if ((obj = PyDSAPublicKey_get_public_value(self, NULL)) == NULL) {
+         goto fail;
+     }
+     FMT_SEC_INT_OBJ_APPEND_AND_CLEAR(lines, _("Public Value"), obj, level, fail);
+@@ -7390,41 +7390,41 @@ DSAPublicKey_format_lines(DSAPublicKey *self, PyObject *args, PyObject *kwds)
+ }
+ 
+ static PyObject *
+-DSAPublicKey_format(DSAPublicKey *self, PyObject *args, PyObject *kwds)
++PyDSAPublicKey_format(PyDSAPublicKey *self, PyObject *args, PyObject *kwds)
+ {
+     TraceMethodEnter(self);
+ 
+-    return format_from_lines((format_lines_func)DSAPublicKey_format_lines, (PyObject *)self, args, kwds);
++    return format_from_lines((format_lines_func)PyDSAPublicKey_format_lines, (PyObject *)self, args, kwds);
+ }
+ 
+ static PyObject *
+-DSAPublicKey_str(DSAPublicKey *self)
++PyDSAPublicKey_str(PyDSAPublicKey *self)
+ {
+     PyObject *py_formatted_result = NULL;
+ 
+     TraceMethodEnter(self);
+ 
+-    py_formatted_result =  DSAPublicKey_format(self, empty_tuple, NULL);
++    py_formatted_result =  PyDSAPublicKey_format(self, empty_tuple, NULL);
+     return py_formatted_result;
+ 
+ }
+ 
+-static PyMethodDef DSAPublicKey_methods[] = {
+-    {"format_lines", (PyCFunction)DSAPublicKey_format_lines,   METH_VARARGS|METH_KEYWORDS, generic_format_lines_doc},
+-    {"format",       (PyCFunction)DSAPublicKey_format,         METH_VARARGS|METH_KEYWORDS, generic_format_doc},
++static PyMethodDef PyDSAPublicKey_methods[] = {
++    {"format_lines", (PyCFunction)PyDSAPublicKey_format_lines,   METH_VARARGS|METH_KEYWORDS, generic_format_lines_doc},
++    {"format",       (PyCFunction)PyDSAPublicKey_format,         METH_VARARGS|METH_KEYWORDS, generic_format_doc},
+     {NULL, NULL}  /* Sentinel */
+ };
+ 
+ /* =========================== Class Construction =========================== */
+ 
+ static PyObject *
+-DSAPublicKey_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
++PyDSAPublicKey_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
+ {
+-    DSAPublicKey *self;
++    PyDSAPublicKey *self;
+ 
+     TraceObjNewEnter(type);
+ 
+-    if ((self = (DSAPublicKey *)type->tp_alloc(type, 0)) == NULL) {
++    if ((self = (PyDSAPublicKey *)type->tp_alloc(type, 0)) == NULL) {
+         return NULL;
+     }
+ 
+@@ -7436,7 +7436,7 @@ DSAPublicKey_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
+ }
+ 
+ static int
+-DSAPublicKey_traverse(DSAPublicKey *self, visitproc visit, void *arg)
++PyDSAPublicKey_traverse(PyDSAPublicKey *self, visitproc visit, void *arg)
+ {
+     TraceMethodEnter(self);
+ 
+@@ -7446,7 +7446,7 @@ DSAPublicKey_traverse(DSAPublicKey *self, visitproc visit, void *arg)
+ }
+ 
+ static int
+-DSAPublicKey_clear(DSAPublicKey* self)
++PyDSAPublicKey_clear(PyDSAPublicKey* self)
+ {
+     TraceMethodEnter(self);
+ 
+@@ -7456,31 +7456,31 @@ DSAPublicKey_clear(DSAPublicKey* self)
+ }
+ 
+ static void
+-DSAPublicKey_dealloc(DSAPublicKey* self)
++PyDSAPublicKey_dealloc(PyDSAPublicKey* self)
+ {
+     TraceMethodEnter(self);
+ 
+-    DSAPublicKey_clear(self);
++    PyDSAPublicKey_clear(self);
+     Py_TYPE(self)->tp_free((PyObject*)self);
+ }
+ 
+-PyDoc_STRVAR(DSAPublicKey_doc,
++PyDoc_STRVAR(PyDSAPublicKey_doc,
+ "A object representing a DSA Public Key");
+ 
+ static int
+-DSAPublicKey_init(DSAPublicKey *self, PyObject *args, PyObject *kwds)
++PyDSAPublicKey_init(PyDSAPublicKey *self, PyObject *args, PyObject *kwds)
+ {
+     TraceMethodEnter(self);
+ 
+     return 0;
+ }
+ 
+-static PyTypeObject DSAPublicKeyType = {
++static PyTypeObject PyDSAPublicKeyType = {
+     PyVarObject_HEAD_INIT(NULL, 0)
+-    "nss.nss.DSAPublicKey",			/* tp_name */
+-    sizeof(DSAPublicKey),			/* tp_basicsize */
++    "nss.nss.PyDSAPublicKey",			/* tp_name */
++    sizeof(PyDSAPublicKey),			/* tp_basicsize */
+     0,						/* tp_itemsize */
+-    (destructor)DSAPublicKey_dealloc,		/* tp_dealloc */
++    (destructor)PyDSAPublicKey_dealloc,		/* tp_dealloc */
+     0,						/* tp_print */
+     0,						/* tp_getattr */
+     0,						/* tp_setattr */
+@@ -7491,39 +7491,39 @@ static PyTypeObject DSAPublicKeyType = {
+     0,						/* tp_as_mapping */
+     0,						/* tp_hash */
+     0,						/* tp_call */
+-    (reprfunc)DSAPublicKey_str,			/* tp_str */
++    (reprfunc)PyDSAPublicKey_str,			/* tp_str */
+     0,						/* tp_getattro */
+     0,						/* tp_setattro */
+     0,						/* tp_as_buffer */
+     Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE | Py_TPFLAGS_HAVE_GC,	/* tp_flags */
+-    DSAPublicKey_doc,				/* tp_doc */
+-    (traverseproc)DSAPublicKey_traverse,	/* tp_traverse */
+-    (inquiry)DSAPublicKey_clear,		/* tp_clear */
++    PyDSAPublicKey_doc,				/* tp_doc */
++    (traverseproc)PyDSAPublicKey_traverse,	/* tp_traverse */
++    (inquiry)PyDSAPublicKey_clear,		/* tp_clear */
+     0,						/* tp_richcompare */
+     0,						/* tp_weaklistoffset */
+     0,						/* tp_iter */
+     0,						/* tp_iternext */
+-    DSAPublicKey_methods,			/* tp_methods */
+-    DSAPublicKey_members,			/* tp_members */
+-    DSAPublicKey_getseters,			/* tp_getset */
++    PyDSAPublicKey_methods,			/* tp_methods */
++    PyDSAPublicKey_members,			/* tp_members */
++    PyDSAPublicKey_getseters,			/* tp_getset */
+     0,						/* tp_base */
+     0,						/* tp_dict */
+     0,						/* tp_descr_get */
+     0,						/* tp_descr_set */
+     0,						/* tp_dictoffset */
+-    (initproc)DSAPublicKey_init,		/* tp_init */
++    (initproc)PyDSAPublicKey_init,		/* tp_init */
+     0,						/* tp_alloc */
+-    DSAPublicKey_new,				/* tp_new */
++    PyDSAPublicKey_new,				/* tp_new */
+ };
+ 
+ PyObject *
+-DSAPublicKey_new_from_SECKEYDSAPublicKey(SECKEYDSAPublicKey *dsa)
++PyDSAPublicKey_new_from_SECKEYDSAPublicKey(SECKEYDSAPublicKey *dsa)
+ {
+-    DSAPublicKey *self = NULL;
++    PyDSAPublicKey *self = NULL;
+ 
+     TraceObjNewEnter(NULL);
+ 
+-    if ((self = (DSAPublicKey *) DSAPublicKeyType.tp_new(&DSAPublicKeyType, NULL, NULL)) == NULL) {
++    if ((self = (PyDSAPublicKey *) PyDSAPublicKeyType.tp_new(&PyDSAPublicKeyType, NULL, NULL)) == NULL) {
+         return NULL;
+     }
+ 
+@@ -7882,8 +7882,8 @@ static
+ PyGetSetDef PublicKey_getseters[] = {
+     {"key_type",     (getter)PublicKey_get_key_type,     (setter)NULL, "key type (e.g. rsaKey, dsaKey, etc.) as an int", NULL},
+     {"key_type_str", (getter)PublicKey_get_key_type_str, (setter)NULL, "key type as a string", NULL},
+-    {"rsa",          (getter)PublicKey_get_rsa,          (setter)NULL, "RSA key as a RSAPublicKey object", NULL},
+-    {"dsa",          (getter)PublicKey_get_dsa,          (setter)NULL, "RSA key as a RSAPublicKey object", NULL},
++    {"rsa",          (getter)PublicKey_get_rsa,          (setter)NULL, "RSA key as a PyRSAPublicKey object", NULL},
++    {"dsa",          (getter)PublicKey_get_dsa,          (setter)NULL, "RSA key as a PyRSAPublicKey object", NULL},
+     {NULL}  /* Sentinel */
+ };
+ 
+@@ -8087,13 +8087,13 @@ PublicKey_new_from_SECKEYPublicKey(SECKEYPublicKey *pk)
+ 
+     switch(pk->keyType) {       /* FIXME: handle the other cases */
+     case rsaKey:
+-        if ((self->py_rsa_key = RSAPublicKey_new_from_SECKEYRSAPublicKey(&pk->u.rsa)) == NULL) {
++        if ((self->py_rsa_key = PyRSAPublicKey_new_from_SECKEYRSAPublicKey(&pk->u.rsa)) == NULL) {
+             Py_CLEAR(self);
+             return NULL;
+         }
+         break;
+     case dsaKey:
+-        if ((self->py_dsa_key = DSAPublicKey_new_from_SECKEYDSAPublicKey(&pk->u.dsa)) == NULL) {
++        if ((self->py_dsa_key = PyDSAPublicKey_new_from_SECKEYDSAPublicKey(&pk->u.dsa)) == NULL) {
+             Py_CLEAR(self);
+             return NULL;
+         }
+@@ -25310,8 +25310,8 @@ MOD_INIT(nss)
+     TYPE_READY(AlgorithmIDType);
+     TYPE_READY(RSAGenParamsType);
+     TYPE_READY(KEYPQGParamsType);
+-    TYPE_READY(RSAPublicKeyType);
+-    TYPE_READY(DSAPublicKeyType);
++    TYPE_READY(PyRSAPublicKeyType);
++    TYPE_READY(PyDSAPublicKeyType);
+     TYPE_READY(SignedDataType);
+     TYPE_READY(PublicKeyType);
+     TYPE_READY(SubjectPublicKeyInfoType);
+diff --git a/src/py_nss.h b/src/py_nss.h
+index c93b3a2..4bc94e6 100644
+--- a/src/py_nss.h
++++ b/src/py_nss.h
+@@ -116,24 +116,24 @@ typedef struct {
+ } SignedCRL;
+ 
+ /* ========================================================================== */
+-/* ============================ RSAPublicKey Class ========================== */
++/* =========================== PyRSAPublicKey Class ========================= */
+ /* ========================================================================== */
+ 
+ typedef struct {
+     PyObject_HEAD
+     PyObject *py_modulus;
+     PyObject *py_exponent;
+-} RSAPublicKey;
++} PyRSAPublicKey;
+ 
+ /* ========================================================================== */
+-/* ============================ DSAPublicKey Class ========================== */
++/* =========================== PyDSAPublicKey Class ========================= */
+ /* ========================================================================== */
+ 
+ typedef struct {
+     PyObject_HEAD
+     PyObject *py_pqg_params;
+     PyObject *py_public_value;
+-} DSAPublicKey;
++} PyDSAPublicKey;
+ 
+ /* ========================================================================== */
+ /* ============================ RSAGenParams Class ========================== */


=====================================
debian/patches/series
=====================================
@@ -1 +1 @@
-#placeholder
+fix-ftbfs.diff


=====================================
debian/rules
=====================================
@@ -9,6 +9,8 @@ export PYBUILD_NAME=nss
 %:
 	dh $@ --with python3 --buildsystem=pybuild
 
+override_dh_auto_clean:
+
 override_dh_auto_install:
 	dh_auto_install
 	rm -rf debian/python*-nss/usr/lib/python*/dist-packages/python_nss-*.egg-info


=====================================
debian/source/local-options
=====================================
@@ -0,0 +1 @@
+extend-diff-ignore = src/__init__.py


=====================================
doc/ChangeLog
=====================================
@@ -1,3 +1,18 @@
+2017-02-16  Christian Heimes  <cheimes at redhat.com> 1.0.1
+
+  * Add TLS 1.3 cipher suites.
+
+  * ssl_cipher_info.py now attempts to enable TLS 1.3.
+
+  * Fix build issue in setup.py. python-nss can now be build
+    as Python wheel, e.g. `pip wheel -w dist .`
+
+  * The following constants were added:
+
+    - ssl.TLS_AES_128_GCM_SHA256
+    - ssl.TLS_AES_256_GCM_SHA384
+    - ssl.TLS_CHACHA20_POLY1305_SHA256
+
 2016-09-01  John Dennis  <jdennis at redhat.com> 1.0.0
   * Official 1.0.0 release, only minor tweaks from 1.0.0.beta1
 


=====================================
doc/examples/ssl_cipher_info.py
=====================================
@@ -0,0 +1,208 @@
+from __future__ import absolute_import
+from __future__ import print_function
+
+import argparse
+import sys
+
+from nss.error import NSPRError
+import nss.io as io
+import nss.nss as nss
+import nss.ssl as ssl
+
+#-------------------------------------------------------------------------------
+
+TIMEOUT_SECS = 3
+
+REQUEST = '''\
+GET /index.html HTTP/1.0
+
+'''
+#-------------------------------------------------------------------------------
+
+def print_suite_info(suite):
+    print("Suite:")
+    print("------")
+
+    if not options.use_properties:
+        print(suite)
+    else:
+        print("cipher_suite_name:     %s"  % (suite.cipher_suite_name))
+        print("cipher_suite:          %#x" % (suite.cipher_suite))
+        print("auth_algorithm_name:   %s"  % (suite.auth_algorithm_name))
+        print("auth_algorithm:        %#x" % (suite.auth_algorithm))
+        print("kea_type_name:         %s"  % (suite.kea_type_name))
+        print("kea_type:              %#x" % (suite.kea_type))
+        print("symmetric_cipher_name: %s"  % (suite.symmetric_cipher_name))
+        print("symmetric_cipher:      %#x" % (suite.symmetric_cipher))
+        print("symmetric_key_bits:    %s"  % (suite.symmetric_key_bits))
+        print("symmetric_key_space:   %s"  % (suite.symmetric_key_space))
+        print("effective_key_bits:    %s"  % (suite.effective_key_bits))
+        print("mac_algorithm_name:    %s"  % (suite.mac_algorithm_name))
+        print("mac_algorithm:         %#x" % (suite.mac_algorithm))
+        print("mac_bits:              %s"  % (suite.mac_bits))
+        print("is_fips:               %s"  % (suite.is_fips))
+        print("is_exportable:         %s"  % (suite.is_exportable))
+        print("is_nonstandard:        %s"  % (suite.is_nonstandard))
+
+def print_channel_info(channel):
+    print("Channel:")
+    print("--------")
+
+    if not options.use_properties:
+        print(channel)
+    else:
+        print("protocol_version:        %#x" % (channel.protocol_version))
+        print("protocol_version string: %s"  % (channel.protocol_version_str))
+        print("protocol_version enum:   %#x" % (channel.protocol_version_enum))
+        print("major_protocol_version:  %s"  % (channel.major_protocol_version))
+        print("minor_protocol_version:  %s"  % (channel.minor_protocol_version))
+        print("cipher_suite:            %#x" % (channel.cipher_suite))
+        print("auth_key_bits:           %d"  % (channel.auth_key_bits))
+        print("kea_key_bits:            %d"  % (channel.kea_key_bits))
+        print("creation_time:           %s"  % (channel.creation_time))
+        print("last_access_time:        %s"  % (channel.last_access_time))
+        print("expiration_time:         %s"  % (channel.expiration_time))
+        print("creation_time_utc:       %s"  % (channel.creation_time_utc))
+        print("last_access_time_utc:    %s"  % (channel.last_access_time_utc))
+        print("expiration_time_utc:     %s"  % (channel.expiration_time_utc))
+        print("compression_method:      %#x" % (channel.compression_method))
+        print("compression_method_name: %s"  % (channel.compression_method_name))
+        print("session_id:              %s"  % (channel.session_id))
+
+def handshake_callback(sock):
+
+    print("handshake complete, peer = %s, negotiated host = %s" %
+          (sock.get_peer_name(), sock.get_negotiated_host()))
+    print("Connection Info:")
+    print(sock.connection_info_str())
+    print()
+
+    channel = sock.get_ssl_channel_info()
+    print_channel_info(channel)
+    print()
+
+    suite = ssl.get_cipher_suite_info(channel.cipher_suite)
+    print_suite_info(suite)
+
+def ssl_connect():
+    print("SSL connect to: %s" % options.hostname)
+
+    valid_addr = False
+    # Get the IP Address of our server
+    try:
+        addr_info = io.AddrInfo(options.hostname)
+    except:
+        print("ERROR: could not resolve hostname \"%s\"" % options.hostname)
+        return
+
+    for net_addr in addr_info:
+        net_addr.port = options.port
+        sock = ssl.SSLSocket(net_addr.family)
+        # Set client SSL socket options
+        sock.set_ssl_option(ssl.SSL_SECURITY, True)
+        sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True)
+        sock.set_hostname(options.hostname)
+        try:
+            sock.set_ssl_version_range("tls1.0", "tls1.3")
+        except NSPRError as e:
+            print("Cannot enable TLS 1.3, {}".format(e))
+
+        # Provide a callback which notifies us when the SSL handshake is
+        # complete
+        sock.set_handshake_callback(handshake_callback)
+
+        try:
+            print("try connecting to: %s" % (net_addr))
+            sock.connect(net_addr, timeout=io.seconds_to_interval(TIMEOUT_SECS))
+            print("connected to: %s" % (net_addr))
+            valid_addr = True
+            break
+        except:
+            continue
+
+    if not valid_addr:
+        print("ERROR: could not connect to \"%s\"" % options.hostname)
+        return
+
+    try:
+        # Talk to the server
+        n_received = 0
+        sock.send(REQUEST.encode('utf-8'))
+        while True:
+            buf = sock.recv(1024)
+            n_received += len(buf)
+            if not buf:
+                break
+    except Exception as e:
+        print(e)
+        sock.shutdown()
+        return
+
+    sock.shutdown()
+    return
+
+
+# -----------------------------------------------------------------------------
+
+parser = argparse.ArgumentParser(
+    description='Example showing how to enumerate cipher suites and '
+    'get their properties as well as how to get SSL channel information '
+    'after connecting including the cipher suite in use',
+    formatter_class=argparse.ArgumentDefaultsHelpFormatter)
+
+parser.add_argument('-d', '--db-name',
+                    help='NSS database name (e.g. "sql:pki")')
+
+parser.add_argument('-H', '--hostname',
+                    help='host to connect to')
+
+parser.add_argument('-p', '--port', type=int,
+                    help='host port')
+
+parser.add_argument('-E', '--no-enumerate-cipher-suites',
+                    dest='enumerate_cipher_suites',
+                    action='store_false',
+                    help='do not enumerate cipher suites')
+
+parser.add_argument('-S', '--no-ssl-connect',
+                    dest='ssl_connect',
+                    action='store_false',
+                    help='do not perform SSL connection')
+
+parser.add_argument('-P', '--use-properties',
+                    dest='use_properties',
+                    action='store_true',
+                    help='print using object properties')
+
+parser.set_defaults(db_name='sql:pki',
+                    hostname='www.verisign.com',
+                    port=443,
+                    enumerate_cipher_suites=True,
+                    ssl_connect=True,
+                    use_properties=False)
+
+options = parser.parse_args()
+
+# Perform basic configuration and setup
+try:
+    nss.nss_init(options.db_name)
+    ssl.set_domestic_policy()
+
+except Exception as e:
+    print(str(e), file=sys.stderr)
+    sys.exit(1)
+
+
+if options.enumerate_cipher_suites:
+    suite_info = ssl.get_cipher_suite_info(ssl.ssl_implemented_ciphers[0])
+
+    print("There are %d implemented ciphers" %
+          (len(ssl.ssl_implemented_ciphers)))
+
+    for cipher in ssl.ssl_implemented_ciphers:
+        suite_info = ssl.get_cipher_suite_info(cipher)
+        print(suite_info)
+        print()
+
+if options.ssl_connect:
+    ssl_connect()


=====================================
setup.py
=====================================
@@ -16,7 +16,7 @@ from distutils.util import subst_vars, change_root
 from distutils.command.build_py import build_py as _build_py
 from distutils.command.sdist import sdist as _sdist
 
-version = "1.0.0"
+version = "1.0.1"
 
 doc_manifest = [
     [['include README LICENSE* doc/ChangeLog',
@@ -318,7 +318,7 @@ def main(argv):
     include_roots = []
 
     for arg in argv[:]:
-        if arg in ('-d', '--debug'):
+        if arg in ('--debug', ):
             print("compiling with debug")
             extra_compile_args += debug_compile_args
             argv.remove(arg)


=====================================
src/py_ssl.c
=====================================
@@ -4718,6 +4718,13 @@ if (_AddIntConstantWithLookup(m, #constant, constant, \
     ExportConstant(TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256);
 #endif
 
+    /* TLS 1.3 cipher suites */
+#ifdef TLS_AES_128_GCM_SHA256
+    ExportConstant(TLS_AES_128_GCM_SHA256);
+    ExportConstant(TLS_AES_256_GCM_SHA384);
+    ExportConstant(TLS_CHACHA20_POLY1305_SHA256);
+#endif
+
     /* Netscape "experimental" cipher suites. */
     ExportConstant(SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA);
     ExportConstant(SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA);



View it on GitLab: https://salsa.debian.org/freeipa-team/python-nss/-/compare/2179a2952179f7725f5ceec7e5171e578a5b9098...550f056daa080ab7934a8c8b608be370768b8315

-- 
View it on GitLab: https://salsa.debian.org/freeipa-team/python-nss/-/compare/2179a2952179f7725f5ceec7e5171e578a5b9098...550f056daa080ab7934a8c8b608be370768b8315
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20201203/9d86d1ad/attachment-0001.html>


More information about the Pkg-freeipa-devel mailing list