# Detect the distribution in use %global __despace head -n 1 | tr -d '[:space:]' | sed -e 's/[(].*[)]//g' %global __lower4 cut -c 1-4 | tr '[:upper:]' '[:lower:]' %global __distfile %([ -f /etc/SuSE-release ] && echo /etc/SuSE-release || echo /etc/redhat-release) %global __distinit %(sed -e 's/ release .*//' -e 's/\\([A-Za-z]\\)[^ ]*/\\1/g' %{__distfile} | %{__despace} | %{__lower4}) %global __distvers %(sed -e 's/.* release \\([^. ]*\\).*/\\1/' %{__distfile} | %{__despace}) # Identify Alma, CentOS, CentOS Stream and Rocky Linux as rhel %if "%{__distinit}" == "a" || "%{__distinit}" == "c" || "%{__distinit}" == "cl" || "%{__distinit}" == "cs" || "%{__distinit}" == "rl" %global __distinit rhel %endif # Dist tag for Fedora is still "fc" %if "%{__distinit}" == "f" %global __distinit fc %endif %global pythonver %(%{__python} -c "import sys; print sys.version[:3]" 2>/dev/null || echo 0.0) # Python3 introduced in Fedora 13 %global with_python3 %([ "(" "%{__distinit}" == "fc" -a %{__distvers} -gt 12 ")" ] && echo 1 || echo 0) Summary: Cryptography library for Python Name: python-crypto Version: 2.6.1 Release: 3.%{__distinit}%{__distvers} # Mostly Public Domain apart from parts of HMAC.py and setup.py, which are Python License: Public Domain and Python URL: http://www.pycrypto.org/ Source0: http://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-%{version}.tar.gz Patch0: python-crypto-2.4-optflags.patch Patch1: python-crypto-2.4-fix-pubkey-size-divisions.patch Patch2: pycrypto-2.6.1-CVE-2013-7459.patch Patch4: pycrypto-2.6.1-CVE-2018-6594.patch Provides: pycrypto = %{version}-%{release} BuildRequires: coreutils BuildRequires: findutils BuildRequires: gcc BuildRequires: gmp-devel >= 4.1 BuildRequires: python2-devel >= 2.4 %if %{with_python3} BuildRequires: python-tools BuildRequires: python3-devel %endif # Don't want provides for python shared objects %{?filter_provides_in: %filter_provides_in %{python_sitearch}/Crypto/.*\.so} %if %{with_python3} %{?filter_provides_in: %filter_provides_in %{python3_sitearch}/Crypto/.*\.so} %endif %{?filter_setup} %description PyCrypto is a collection of both secure hash functions (such as MD5 and SHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.). %if %{with_python3} %package -n python3-crypto Summary: Cryptography library for Python 3 %description -n python3-crypto PyCrypto is a collection of both secure hash functions (such as MD5 and SHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.). This is the Python 3 build of the package. %endif %prep %setup -n pycrypto-%{version} -q # Use distribution compiler flags rather than upstream's %patch0 -p1 # Fix divisions within benchmarking suite: %patch1 -p1 # AES.new with invalid parameter crashes python # https://github.com/dlitz/pycrypto/issues/176 # CVE-2013-7459 %patch2 -p1 # When creating ElGamal keys, the generator wasn't a square residue: ElGamal # encryption done with those keys cannot be secure under the DDH assumption # https://bugzilla.redhat.com/show_bug.cgi?id=1542313 (CVE-2018-6594) # https://github.com/TElgamal/attack-on-pycrypto-elgamal # https://github.com/Legrandin/pycryptodome/issues/90 # https://github.com/dlitz/pycrypto/issues/253 # Patch based on this commit from cryptodome: # https://github.com/Legrandin/pycryptodome/commit/99c27a3b %patch4 # Prepare python3 build (setup.py doesn't run 2to3 on pct-speedtest.py) %if %{with_python3} cp -a . %{py3dir} 2to3 -wn %{py3dir}/pct-speedtest.py %endif %build CFLAGS="%{optflags} -fno-strict-aliasing" %{__python} setup.py build %if %{with_python3} cd %{py3dir} CFLAGS="%{optflags} -fno-strict-aliasing" %{__python3} setup.py build cd - %endif %install %{__python} setup.py install -O1 --skip-build --root %{buildroot} # Remove group write permissions on shared objects find %{buildroot}%{python_sitearch} -name '*.so' -exec chmod -c g-w {} \; # Build for python3 too %if %{with_python3} cd %{py3dir} %{__python3} setup.py install -O1 --skip-build --root %{buildroot} cd - find %{buildroot}%{python3_sitearch} -name '*.so' -exec chmod -c g-w {} \; %endif %check %{__python} setup.py test PYTHONPATH=%{buildroot}%{python_sitearch} %{__python} pct-speedtest.py # Test the python3 build too %if %{with_python3} cd %{py3dir} %{__python3} setup.py test PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} pct-speedtest.py cd - %endif %files %doc COPYRIGHT LEGAL/ %doc README TODO ACKS ChangeLog Doc/ %{python_sitearch}/Crypto/ %{python_sitearch}/pycrypto-%{version}-py%{pythonver}.egg-info %if %{with_python3} %files -n python3-crypto %doc COPYRIGHT LEGAL/ %doc README TODO ACKS ChangeLog Doc/ %{python3_sitearch}/Crypto/ %{python3_sitearch}/pycrypto-*py3.*.egg-info %endif %changelog * Fri Feb 23 2018 Paul Howarth - 2.6.1-3 - When creating ElGamal keys, the generator wasn't a square residue: ElGamal encryption done with those keys cannot be secure under the DDH assumption https://bugzilla.redhat.com/show_bug.cgi?id=1542313 (CVE-2018-6594) https://github.com/TElgamal/attack-on-pycrypto-elgamal https://github.com/Legrandin/pycryptodome/issues/90 https://github.com/dlitz/pycrypto/issues/253 - Drop support for EOL distributions prior to F-13 - Drop BuildRoot: and Group: tags - Drop explicit buildroot cleaning in %%install section - Drop explicit %%clean section - Drop Python 2.3 support - There is always egg-info and %%{python_sitearch} definition * Wed Jan 18 2017 Paul Howarth - 2.6.1-2 - AES.new with invalid parameter crashes python (CVE-2013-7459) (https://github.com/dlitz/pycrypto/issues/176) - Drop %%defattr, redundant since rpm 4.4 * Fri Oct 18 2013 Paul Howarth - 2.6.1-1 - Update to 2.6.1 - Fix PRNG not correctly reseeded in some situations (CVE-2013-1445) * Sun Aug 5 2012 Paul Howarth - 2.6-4 - Rebuild for https://fedoraproject.org/wiki/Features/Python_3.3 * Sun Aug 5 2012 Paul Howarth - 2.6-3 - EL-7's python3 support will be done a different way (http://lists.fedoraproject.org/pipermail/python-devel/2012-July/000407.html) * Sat Jul 21 2012 Paul Howarth - 2.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Thu May 24 2012 Paul Howarth - 2.6-1 - Update to 2.6 - Fix insecure ElGamal key generation (launchpad bug #985164, CVE-2012-2417) - Huge documentation cleanup - Added more tests, including test vectors from NIST 800-38A - Remove broken MODE_PGP, which never actually worked properly - A new mode, MODE_OPENPGP, has been added for people wishing to write OpenPGP implementations (see also launchpad bug #996814) - Fix: getPrime with invalid input causes Python to abort with fatal error (launchpad bug #988431) - Fix: Segfaults within error-handling paths (launchpad bug #934294) - Fix: Block ciphers allow empty string as IV (launchpad bug #997464) - Fix DevURandomRNG to work with Python3's new I/O stack - Remove automagic dependencies on libgmp and libmpir; let the caller disable them using args - Many other minor bug fixes and improvements - Drop upstream patches - Drop support for python 2.2 * Sat Feb 18 2012 Paul Howarth - 2.5-2 - Add upstream fixes for issues found by Dave Malcolm's experimental static analysis tool (#790584) * Mon Jan 16 2012 Paul Howarth - 2.5-1 - Update to 2.5 - Added PKCS#1 encryption schemes (v1.5 and OAEP); we now have a decent, easy-to-use non-textbook RSA implementation - Added PKCS#1 signature schemes (v1.5 and PSS); v1.5 required some extensive changes to Hash modules to contain the algorithm-specific ASN.1 OID, and to that end we now always have a (thin) Python module to hide the one in pure C - Added 2 standard Key Derivation Functions (PBKDF1 and PBKDF2) - Added export/import of RSA keys in OpenSSH and PKCS#8 formats - Added password-protected export/import of RSA keys (one old method for PKCS#8 PEM only) - Added ability to generate RSA key pairs with configurable public exponent e - Added ability to construct an RSA key pair even if only the private exponent d is known, and not p and q - Added SHA-2 C source code (fully from Lorenz Quack) - Unit tests for all the above - Updates to documentation (both inline and in Doc/pycrypt.rst) - Minor bug fixes (setup.py and tests) - Upstream no longer ships python-3-changes.txt * Mon Nov 7 2011 Paul Howarth - 2.4.1-1 - Update to 2.4.1 - Fix "error: Setup script exited with error: src/config.h: No such file or directory" when installing via easy_install * Wed Nov 2 2011 Paul Howarth - 2.4-3 - Rebuild for new libgmp in Rawhide * Tue Oct 25 2011 Paul Howarth - 2.4-2 - Add python3-crypto subpackage (based on patch from Dave Malcolm - #748529) * Mon Oct 24 2011 Paul Howarth - 2.4-1 - Update to 2.4 - Python 3 support! PyCrypto now supports every version of Python from 2.1 through to 3.2 - Timing-attack countermeasures in _fastmath: when built against libgmp version 5 or later, we use mpz_powm_sec instead of mpz_powm, which should prevent the timing attack described by Geremy Condra at PyCon 2011 - New hash modules (for Python ≥ 2.5 only): SHA224, SHA384 and SHA512 - Configuration using GNU autoconf, which should help fix a bunch of build issues - Support using MPIR as an alternative to GMP - Improve the test command in setup.py, by allowing tests to be performed on a single sub-package or module only - Fix double-decref of "counter" when Cipher object initialization fails - Apply patches from Debian's python-crypto 2.3-3 package: - fix-RSA-generate-exception.patch - epydoc-exclude-introspect.patch - no-usr-local.patch - Fix launchpad bug #702835: "Import key code is not compatible with GMP library" - More tests, better documentation, various bugfixes - Update patch for imposing our own compiler optimization flags - Drop lib64 patch, no longer needed - No longer need to fix up permissions and remove shellbangs * Thu Aug 4 2011 Paul Howarth - 2.3-6 - Fix dist tag for CentOS 6 and Scientific Linux * Wed May 11 2011 Paul Howarth - 2.3-5 - Upstream rolled new tarball with top-level directory restored - Nobody else likes macros for commands * Fri Oct 1 2010 Paul Howarth - 2.3-3 - Rebuild for gcc bug (#634757) * Fri Sep 24 2010 Paul Howarth - 2.3-2 - Add "-fno-strict-aliasing" to compilation flags * Fri Aug 27 2010 Paul Howarth - 2.3-1 - Update to 2.3 - Fix NameError when attempting to use deprecated getRandomNumber() function - _slowmath: Compute RSA u parameter when it's not given to RSA.construct; this makes _slowmath behave the same as _fastmath in this regard - Make RSA.generate raise a more user-friendly exception message when the user tries to generate a bogus-length key - Add -c option to %%setup because upstream tarball has dropped the top-level directory - Run benchmark as part of %%check if we have python 2.4 or later - BR: python2-devel rather than just python-devel - Add patch to make sure we can find libgmp in 64-bit multilib environments * Tue Aug 3 2010 Paul Howarth - 2.2-1 - Update to 2.2 - Deprecated Crypto.Util.number.getRandomNumber() - It's been replaced by getRandomNBitInteger and getRandomInteger - Better isPrime() and getPrime() implementations - getStrongPrime() implementation for generating RSA primes - Support for importing and exporting RSA keys in DER and PEM format - Fix PyCrypto when floor division (python -Qnew) is enabled - When building using gcc, use -std=c99 for compilation - Update optflags patch * Wed Jul 28 2010 Paul Howarth - 2.1.0-2.1 - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild * Fri May 14 2010 Paul Howarth - 2.1.0-2 - Fix dist tag for RHEL-6 Beta * Tue Feb 16 2010 Paul Howarth - 2.1.0-1 - Update to 2.1.0 (see ChangeLog for details) - Remove patches (no longer needed) - Upstream has replaced LICENSE with LEGAL/ and COPYRIGHT - Clarify that license is mostly Public Domain, partly Python - Add %%check section and run the test suite in it - Remove upstream's fiddling with compiler optimization flags so we get usable debuginfo - Filter out unwanted provides for python shared objects - Dist tag for Rawhide no longer needs special-casing * Wed Aug 12 2009 Paul Howarth - 2.0.1-8 - Define RPM macros in global scope - Tidy up egg-info handling * Mon Feb 16 2009 Paul Howarth - 2.0.1-7 - Use patches in upstream git instead of our own to fix #484473 * Fri Feb 13 2009 Paul Howarth - 2.0.1-6 - Merge some updates from Fedora - Use sed rather than a patch to fix builds for systems with lib ≠ %%{lib} - License is Public Domain, not Python - Provide pycrypto - Add patch to hashlib instead of deprecated md5 and sha modules (#484473) - Add patch to fix buffer overflow in ARC2 (#485298 / CVE-2009-0544) * Thu Oct 30 2008 Paul Howarth - 2.0.1-5 - Include egg-info where available - Tweak dist tag macros to work on current Rawhide with three-part releasenum - Apply 64-bit patch on any arch that needs it - Silence rpmlint warnings about permissions of .so files * Sun Mar 18 2007 Paul Howarth - 2.0.1-4 - Fix dist tag for development and CentOS builds - Include .pyo files - Remove buildroot unconditionally in %%clean and %%install - Define %%{__id_u} in a more portable way - Hardcode command paths - Silence rpmlint by removing spurious shellbangs and fixing permissions * Mon Sep 19 2005 Paul Howarth - 2.0.1-3 - Generate correct deps for python-2.2 based distros * Thu Aug 18 2005 Paul Howarth - 2.0.1-2 - Import from Fedora Extras to provide FC2 build * Wed Aug 17 2005 Thorsten Leemhuis - 0:2.0.1-1 - Update to 2.0.1 - Use Dist - Drop python-crypto-64bit-unclean.patch, similar patch was applied upstream * Thu May 05 2005 Thorsten Leemhuis - 0:2.0-4 - add python-crypto-64bit-unclean.patch (#156173) * Mon Mar 21 2005 Seth Vidal - 0:2.0-3 - iterate release for build on python 2.4 based systems * Sat Dec 18 2004 Thorsten Leemhuis - 0:2.0-2 - Fix build on x86_64: use python_sitearch for files and patch source to find gmp * Thu Aug 26 2004 Thorsten Leemhuis - 0:2.0-0.fdr.1 - Update to 2.00 * Fri Aug 13 2004 Ville Skytta - 0:1.9-0.fdr.6.a6 - Don't use get_python_version(), it's available in Python >= 2.3 only. * Thu Aug 12 2004 Thorsten Leemhuis 0:1.9-0.fdr.5.a6 - Own dir python_sitearch/Crypto/ * Wed Aug 11 2004 Thorsten Leemhuis 0:1.9-0.fdr.4.a6 - Match python spec template more * Sat Jul 17 2004 Thorsten Leemhuis 0:1.9-0.fdr.3.a6 - Own _libdir/python/site-packages/Crypto/ * Wed Mar 24 2004 Panu Matilainen 0.3.2-0.fdr.2.a6 - generate .pyo files during install - require exact version of python used to build the package - include more docs + demos - fix dependency on /usr/local/bin/python - use fedora.us style buildroot - buildrequires gmp-devel - use description from README * Sun Jan 11 2004 Ryan Boder 0.3.2-0.fdr.1.a6 - Initial build.