import python-crypto-2.6.1-42.el9

.gitignore

@@ -0,0 +1 @@
+SOURCES/pycrypto-2.6.1.tar.gz

.python-crypto.metadata

@@ -0,0 +1 @@
+aeda3ed41caf1766409d4efc689b9ca30ad6aeb2  SOURCES/pycrypto-2.6.1.tar.gz

SOURCES/pycrypto-2.6.1-CVE-2013-7459.patch

@@ -0,0 +1,106 @@
+From 8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 Mon Sep 17 00:00:00 2001
+From: Legrandin <helderijs@gmail.com>
+Date: Sun, 22 Dec 2013 22:24:46 +0100
+Subject: [PATCH] Throw exception when IV is used with ECB or CTR
+
+The IV parameter is currently ignored when initializing
+a cipher in ECB or CTR mode.
+
+For CTR mode, it is confusing: it takes some time to see
+that a different parameter is needed (the counter).
+
+For ECB mode, it is outright dangerous.
+
+This patch forces an exception to be raised.
+---
+ lib/Crypto/SelfTest/Cipher/common.py | 31 +++++++++++++++++++++++--------
+ src/block_template.c                 | 11 +++++++++++
+ 2 files changed, 34 insertions(+), 8 deletions(-)
+
+diff --git a/lib/Crypto/SelfTest/Cipher/common.py b/lib/Crypto/SelfTest/Cipher/common.py
+index 420b6ff..a5f8a88 100644
+--- a/lib/Crypto/SelfTest/Cipher/common.py
++++ b/lib/Crypto/SelfTest/Cipher/common.py
+@@ -239,16 +239,30 @@ class RoundtripTest(unittest.TestCase):
+         return """%s .decrypt() output of .encrypt() should not be garbled""" % (self.module_name,)
+ 
+     def runTest(self):
+-        for mode in (self.module.MODE_ECB, self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB, self.module.MODE_OPENPGP):
++
++        ## ECB mode
++        mode = self.module.MODE_ECB
++        encryption_cipher = self.module.new(a2b_hex(self.key), mode)
++        ciphertext = encryption_cipher.encrypt(self.plaintext)
++        decryption_cipher = self.module.new(a2b_hex(self.key), mode)
++        decrypted_plaintext = decryption_cipher.decrypt(ciphertext)
++        self.assertEqual(self.plaintext, decrypted_plaintext)
++
++        ## OPENPGP mode
++        mode = self.module.MODE_OPENPGP
++        encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
++        eiv_ciphertext = encryption_cipher.encrypt(self.plaintext)
++        eiv = eiv_ciphertext[:self.module.block_size+2]
++        ciphertext = eiv_ciphertext[self.module.block_size+2:]
++        decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv)
++        decrypted_plaintext = decryption_cipher.decrypt(ciphertext)
++        self.assertEqual(self.plaintext, decrypted_plaintext)
++
++        ## All other non-AEAD modes (but CTR)
++        for mode in (self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB):
+             encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
+             ciphertext = encryption_cipher.encrypt(self.plaintext)
+-            
+-            if mode != self.module.MODE_OPENPGP:
+-                decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
+-            else:
+-                eiv = ciphertext[:self.module.block_size+2]
+-                ciphertext = ciphertext[self.module.block_size+2:]
+-                decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv)
++            decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
+             decrypted_plaintext = decryption_cipher.decrypt(ciphertext)
+             self.assertEqual(self.plaintext, decrypted_plaintext)
+ 
+diff --git a/src/block_template.c b/src/block_template.c
+index f940e0e..d555ceb 100644
+--- a/src/block_template.c
++++ b/src/block_template.c
+@@ -170,6 +170,17 @@ ALGnew(PyObject *self, PyObject *args, PyObject *kwdict)
+ 				"Key cannot be the null string");
+ 		return NULL;
+ 	}
++	if (IVlen != 0 && mode == MODE_ECB)
++	{
++		PyErr_Format(PyExc_ValueError, "ECB mode does not use IV");
++		return NULL;
++	}
++	if (IVlen != 0 && mode == MODE_CTR)
++	{
++		PyErr_Format(PyExc_ValueError,
++			"CTR mode needs counter parameter, not IV");
++		return NULL;
++	}
+ 	if (IVlen != BLOCK_SIZE && mode != MODE_ECB && mode != MODE_CTR)
+ 	{
+ 		PyErr_Format(PyExc_ValueError,
+From 58de28a5d32bc10e15766e5a59f41b07397cc6cb Mon Sep 17 00:00:00 2001
+From: Richard Mitchell <richard.j.mitchell@gmail.com>
+Date: Mon, 28 Apr 2014 16:58:27 +0100
+Subject: [PATCH] Fix speedtest run for ECB modes.
+
+---
+ pct-speedtest.py | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/pct-speedtest.py b/pct-speedtest.py
+index 4ce18be..c7b893a 100644
+--- a/pct-speedtest.py
++++ b/pct-speedtest.py
+@@ -121,6 +121,8 @@ class Benchmark:
+         blocks = self.random_blocks(16384, 1000)
+         if mode is None:
+             cipher = module.new(key)
++        elif mode==module.MODE_ECB:
++            cipher = module.new(key, module.MODE_ECB)
+         else:
+             cipher = module.new(key, mode, iv)
+ 

SOURCES/pycrypto-2.6.1-CVE-2018-6594.patch

@@ -0,0 +1,51 @@
+--- lib/Crypto/PublicKey/ElGamal.py
++++ lib/Crypto/PublicKey/ElGamal.py
+@@ -153,33 +153,33 @@ def generate(bits, randfunc, progress_fu
+         if number.isPrime(obj.p, randfunc=randfunc):
+             break
+     # Generate generator g
+-    # See Algorithm 4.80 in Handbook of Applied Cryptography
+-    # Note that the order of the group is n=p-1=2q, where q is prime
+     if progress_func:
+         progress_func('g\n')
+     while 1:
++        # Choose a square residue; it will generate a cyclic group of order q.
++        obj.g = pow(number.getRandomRange(2, obj.p, randfunc), 2, obj.p)
++
+         # We must avoid g=2 because of Bleichenbacher's attack described
+         # in "Generating ElGamal signatures without knowning the secret key",
+         # 1996
+-        #
+-        obj.g = number.getRandomRange(3, obj.p, randfunc)
+-        safe = 1
+-        if pow(obj.g, 2, obj.p)==1:
+-            safe=0
+-        if safe and pow(obj.g, q, obj.p)==1:
+-            safe=0
++        if obj.g in (1, 2):
++            continue
++
+         # Discard g if it divides p-1 because of the attack described
+         # in Note 11.67 (iii) in HAC
+-        if safe and divmod(obj.p-1, obj.g)[1]==0:
+-            safe=0
++        if (obj.p - 1) % obj.g == 0:
++            continue
++
+         # g^{-1} must not divide p-1 because of Khadir's attack
+         # described in "Conditions of the generator for forging ElGamal
+         # signature", 2011
+         ginv = number.inverse(obj.g, obj.p)
+-        if safe and divmod(obj.p-1, ginv)[1]==0:
+-            safe=0
+-        if safe:
+-            break
++        if (obj.p - 1) % ginv == 0:
++            continue
++
++        # Found
++        break
++
+     # Generate private key x
+     if progress_func:
+         progress_func('x\n')

SOURCES/pycrypto-2.6.1-drop-py2.1-support.patch

@@ -0,0 +1,296 @@
+--- lib/Crypto/Cipher/blockalgo.py
++++ lib/Crypto/Cipher/blockalgo.py
+@@ -22,8 +22,6 @@
+ """Module with definitions common to all block ciphers."""
+ 
+ import sys
+-if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+-    from Crypto.Util.py21compat import *
+ from Crypto.Util.py3compat import *
+ 
+ #: *Electronic Code Book (ECB)*.
+--- lib/Crypto/PublicKey/DSA.py
++++ lib/Crypto/PublicKey/DSA.py
+@@ -82,8 +82,6 @@ __revision__ = "$Id$"
+ __all__ = ['generate', 'construct', 'error', 'DSAImplementation', '_DSAobj']
+ 
+ import sys
+-if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+-    from Crypto.Util.py21compat import *
+ 
+ from Crypto.PublicKey import _DSA, _slowmath, pubkey
+ from Crypto import Random
+--- lib/Crypto/PublicKey/RSA.py
++++ lib/Crypto/PublicKey/RSA.py
+@@ -68,8 +68,6 @@ __revision__ = "$Id$"
+ __all__ = ['generate', 'construct', 'error', 'importKey', 'RSAImplementation', '_RSAobj']
+ 
+ import sys
+-if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+-    from Crypto.Util.py21compat import *
+ from Crypto.Util.py3compat import *
+ #from Crypto.Util.python_compat import *
+ from Crypto.Util.number import getRandomRange, bytes_to_long, long_to_bytes
+--- lib/Crypto/PublicKey/_slowmath.py
++++ lib/Crypto/PublicKey/_slowmath.py
+@@ -30,8 +30,6 @@ __all__ = ['rsa_construct']
+ 
+ import sys
+ 
+-if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+-    from Crypto.Util.py21compat import *
+ from Crypto.Util.number import size, inverse, GCD
+ 
+ class error(Exception):
+--- lib/Crypto/Random/Fortuna/FortunaAccumulator.py
++++ lib/Crypto/Random/Fortuna/FortunaAccumulator.py
+@@ -25,8 +25,6 @@
+ __revision__ = "$Id$"
+ 
+ import sys
+-if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+-    from Crypto.Util.py21compat import *
+ from Crypto.Util.py3compat import *
+     
+ from binascii import b2a_hex
+--- lib/Crypto/Random/Fortuna/FortunaGenerator.py
++++ lib/Crypto/Random/Fortuna/FortunaGenerator.py
+@@ -25,8 +25,6 @@
+ __revision__ = "$Id$"
+ 
+ import sys
+-if sys.version_info[0] is 2 and  sys.version_info[1] is 1:
+-    from Crypto.Util.py21compat import *
+ from Crypto.Util.py3compat import *
+ 
+ import struct
+--- lib/Crypto/Random/Fortuna/SHAd256.py
++++ lib/Crypto/Random/Fortuna/SHAd256.py
+@@ -32,8 +32,6 @@ __revision__ = "$Id$"
+ __all__ = ['new', 'digest_size']
+ 
+ import sys
+-if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+-    from Crypto.Util.py21compat import *
+ from Crypto.Util.py3compat import *
+ 
+ from binascii import b2a_hex
+--- lib/Crypto/Random/random.py
++++ lib/Crypto/Random/random.py
+@@ -29,8 +29,6 @@ __all__ = ['StrongRandom', 'getrandbits'
+ 
+ from Crypto import Random
+ import sys
+-if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+-    from Crypto.Util.py21compat import *
+ 
+ class StrongRandom(object):
+     def __init__(self, rng=None, randfunc=None):
+--- lib/Crypto/SelfTest/PublicKey/test_DSA.py
++++ lib/Crypto/SelfTest/PublicKey/test_DSA.py
+@@ -28,8 +28,6 @@ __revision__ = "$Id$"
+ 
+ import sys
+ import os
+-if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+-    from Crypto.Util.py21compat import *
+ from Crypto.Util.py3compat import *
+ 
+ import unittest
+--- lib/Crypto/SelfTest/PublicKey/test_RSA.py
++++ lib/Crypto/SelfTest/PublicKey/test_RSA.py
+@@ -28,8 +28,6 @@ __revision__ = "$Id$"
+ 
+ import sys
+ import os
+-if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+-    from Crypto.Util.py21compat import *
+ from Crypto.Util.py3compat import *
+ 
+ import unittest
+--- lib/Crypto/SelfTest/Random/Fortuna/test_FortunaAccumulator.py
++++ lib/Crypto/SelfTest/Random/Fortuna/test_FortunaAccumulator.py
+@@ -27,8 +27,6 @@
+ __revision__ = "$Id$"
+ 
+ import sys
+-if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+-    from Crypto.Util.py21compat import *
+ from Crypto.Util.py3compat import *
+ 
+ import unittest
+--- lib/Crypto/SelfTest/Random/Fortuna/test_FortunaGenerator.py
++++ lib/Crypto/SelfTest/Random/Fortuna/test_FortunaGenerator.py
+@@ -27,8 +27,6 @@
+ __revision__ = "$Id$"
+ 
+ import sys
+-if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+-    from Crypto.Util.py21compat import *
+ from Crypto.Util.py3compat import *
+ 
+ import unittest
+--- lib/Crypto/SelfTest/Random/test_random.py
++++ lib/Crypto/SelfTest/Random/test_random.py
+@@ -28,8 +28,6 @@ __revision__ = "$Id$"
+ 
+ import unittest
+ import sys
+-if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+-    from Crypto.Util.py21compat import *
+ from Crypto.Util.py3compat import *
+ 
+ class SimpleTest(unittest.TestCase):
+--- lib/Crypto/SelfTest/st_common.py
++++ lib/Crypto/SelfTest/st_common.py
+@@ -29,8 +29,6 @@ __revision__ = "$Id$"
+ import unittest
+ import binascii
+ import sys
+-if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+-    from Crypto.Util.py21compat import *
+ from Crypto.Util.py3compat import *
+ 
+ class _list_testloader(unittest.TestLoader):
+--- lib/Crypto/SelfTest/Util/test_Counter.py
++++ lib/Crypto/SelfTest/Util/test_Counter.py
+@@ -27,8 +27,6 @@
+ __revision__ = "$Id$"
+ 
+ import sys
+-if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+-    from Crypto.Util.py21compat import *
+ from Crypto.Util.py3compat import *
+ 
+ import unittest
+--- lib/Crypto/SelfTest/Util/test_number.py
++++ lib/Crypto/SelfTest/Util/test_number.py
+@@ -27,8 +27,6 @@
+ __revision__ = "$Id$"
+ 
+ import sys
+-if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+-    from Crypto.Util.py21compat import *
+ 
+ import unittest
+ 
+--- lib/Crypto/Signature/PKCS1_PSS.py
++++ lib/Crypto/Signature/PKCS1_PSS.py
+@@ -67,8 +67,6 @@ __revision__ = "$Id$"
+ __all__ = [ 'new', 'PSS_SigScheme' ]
+ 
+ from Crypto.Util.py3compat import *
+-if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+-    from Crypto.Util.py21compat import *
+ import Crypto.Util.number
+ from Crypto.Util.number import ceil_shift, ceil_div, long_to_bytes
+ from Crypto.Util.strxor import strxor
+--- lib/Crypto/Util/Counter.py
++++ lib/Crypto/Util/Counter.py
+@@ -52,8 +52,6 @@ An example of usage is the following:
+ :undocumented: __package__
+ """
+ import sys
+-if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+-    from Crypto.Util.py21compat import *
+ from Crypto.Util.py3compat import *
+ 
+ from Crypto.Util import _counter
+--- lib/Crypto/Util/_number_new.py
++++ lib/Crypto/Util/_number_new.py
+@@ -28,8 +28,6 @@ __revision__ = "$Id$"
+ __all__ = ['ceil_shift', 'ceil_div', 'floor_div', 'exact_log2', 'exact_div']
+ 
+ import sys
+-if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+-    from Crypto.Util.py21compat import *
+ 
+ def ceil_shift(n, b):
+     """Return ceil(n / 2**b) without performing any floating-point or division operations.
+--- lib/Crypto/Util/py21compat.py
++++ /dev/null
+@@ -1,84 +0,0 @@
+-# -*- coding: utf-8 -*-
+-#
+-#  Util/py21compat.py : Compatibility code for Python 2.1
+-#
+-# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+-#
+-# ===================================================================
+-# The contents of this file are dedicated to the public domain.  To
+-# the extent that dedication to the public domain is not available,
+-# everyone is granted a worldwide, perpetual, royalty-free,
+-# non-exclusive license to exercise all rights associated with the
+-# contents of this file for any purpose whatsoever.
+-# No rights are reserved.
+-#
+-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+-# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+-# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+-# SOFTWARE.
+-# ===================================================================
+-
+-"""Compatibility code for Python 2.1
+-
+-Currently, this just defines:
+-    - True and False
+-    - object
+-    - isinstance
+-"""
+-
+-__revision__ = "$Id$"
+-__all__ = []
+-
+-import sys
+-import __builtin__
+-
+-# 'True' and 'False' aren't defined in Python 2.1.  Define them.
+-try:
+-    True, False
+-except NameError:
+-    (True, False) = (1, 0)
+-    __all__ += ['True', 'False']
+-
+-# New-style classes were introduced in Python 2.2.  Defining "object" in Python
+-# 2.1 lets us use new-style classes in versions of Python that support them,
+-# while still maintaining backward compatibility with old-style classes
+-try:
+-    object
+-except NameError:
+-    class object: pass
+-    __all__ += ['object']
+-
+-# Starting with Python 2.2, isinstance allows a tuple for the second argument.
+-# Also, builtins like "tuple", "list", "str", "unicode", "int", and "long"
+-# became first-class types, rather than functions.  We want to support
+-# constructs like:
+-#   isinstance(x, (int, long))
+-# So we hack it for Python 2.1.
+-try:
+-    isinstance(5, (int, long))
+-except TypeError:
+-    __all__ += ['isinstance']
+-    _builtin_type_map = {
+-        tuple: type(()),
+-        list: type([]),
+-        str: type(""),
+-        unicode: type(u""),
+-        int: type(0),
+-        long: type(0L),
+-    }
+-    def isinstance(obj, t):
+-        if not __builtin__.isinstance(t, type(())):
+-            # t is not a tuple
+-            return __builtin__.isinstance(obj, _builtin_type_map.get(t, t))
+-        else:
+-            # t is a tuple
+-            for typ in t:
+-                if __builtin__.isinstance(obj, _builtin_type_map.get(typ, typ)):
+-                    return True
+-            return False
+-
+-# vim:set ts=4 sw=4 sts=4 expandtab:

SOURCES/pycrypto-2.6.1-unbundle-libtomcrypt.patch

@@ -0,0 +1,30 @@
+--- setup.py
++++ setup.py
+@@ -390,10 +390,12 @@ kw = {'name':"pycrypto",
+                       include_dirs=['src/'],
+                       sources=["src/CAST.c"]),
+             Extension("Crypto.Cipher._DES",
+-                      include_dirs=['src/', 'src/libtom/'],
++                      include_dirs=['src/'],
++                      libraries=['tomcrypt'],
+                       sources=["src/DES.c"]),
+             Extension("Crypto.Cipher._DES3",
+-                      include_dirs=['src/', 'src/libtom/'],
++                      include_dirs=['src/'],
++                      libraries=['tomcrypt'],
+                       sources=["src/DES3.c"]),
+ 
+             # Stream ciphers
+--- src/DES.c
++++ src/DES.c
+@@ -28,8 +28,8 @@
+  * assert-like LTC_ARGCHK macro fails. */
+ #define ARGTYPE 4
+ 
+-/* Include the actial DES implementation */
+-#include "libtom/tomcrypt_des.c"
++/* Access the actual DES implementation */
++#include "tomcrypt.h"
+ 
+ #undef DES  /* this is needed because tomcrypt_custom.h defines DES to an empty string */
+ 

SOURCES/python-crypto-2.4-fix-pubkey-size-divisions.patch

@@ -0,0 +1,46 @@
+setup.py for Python 3 doesn't invoke 2to3 on pct-speedtest.py, which runs
+into problems:
+
+Traceback (most recent call last):
+  File "pct-speedtest.py", line 218, in <module>
+    Benchmark().run()
+  File "pct-speedtest.py", line 200, in run
+    self.test_pubkey_setup(pubkey_name, module, key_bytes)
+  File "pct-speedtest.py", line 85, in test_pubkey_setup
+    keys = self.random_keys(key_bytes)[:5]
+  File "pct-speedtest.py", line 49, in random_keys
+    return self.random_blocks(bytes, 10**5)     # 100k
+  File "pct-speedtest.py", line 53, in random_blocks
+    data = self.random_data(bytes)
+  File "pct-speedtest.py", line 62, in random_data
+    self.__random_data = self._random_bytes(bytes)
+  File "pct-speedtest.py", line 73, in _random_bytes
+    return os.urandom(b)
+  File "/usr/lib64/python3.2/os.py", line 777, in urandom
+    bs += read(_urandomfd, n - len(bs))
+TypeError: integer argument expected, got float
+
+This is due to the divisions in the pubkey_specs table, which in Python 3 is
+true division, returning a float.
+
+As it happens, 2to3 can't convert these divisions, see:
+http://bugs.python.org/issue12831
+
+Change them to explicitly be floor divisions (supported in Python 2.2
+onwards; see PEP 0238)
+
+--- pycrypto/pct-speedtest.py
++++ pycrypto/pct-speedtest.py
+@@ -165,9 +165,9 @@
+ 
+     def run(self):
+         pubkey_specs = [
+-            ("RSA(1024)", RSA, 1024/8),
+-            ("RSA(2048)", RSA, 2048/8),
+-            ("RSA(4096)", RSA, 4096/8),
++            ("RSA(1024)", RSA, 1024//8),
++            ("RSA(2048)", RSA, 2048//8),
++            ("RSA(4096)", RSA, 4096//8),
+             ]
+         block_specs = [
+             ("DES", DES, 8),

SOURCES/python-crypto-2.4-optflags.patch

@@ -0,0 +1,31 @@
+--- pycrypto/setup.py
++++ pycrypto/setup.py
+@@ -165,28 +165,6 @@
+             # Make assert() statements always work
+             self.__remove_compiler_option("-DNDEBUG")
+ 
+-            # Choose our own optimization options
+-            for opt in ["-O", "-O0", "-O1", "-O2", "-O3", "-Os"]:
+-                self.__remove_compiler_option(opt)
+-            if self.debug:
+-                # Basic optimization is still needed when debugging to compile
+-                # the libtomcrypt code.
+-                self.__add_compiler_option("-O")
+-            else:
+-                # Speed up execution by tweaking compiler options.  This
+-                # especially helps the DES modules.
+-                self.__add_compiler_option("-O3")
+-                self.__add_compiler_option("-fomit-frame-pointer")
+-                # Don't include debug symbols unless debugging
+-                self.__remove_compiler_option("-g")
+-                # Don't include profiling information (incompatible with
+-                # -fomit-frame-pointer)
+-                self.__remove_compiler_option("-pg")
+-            if USE_GCOV:
+-                self.__add_compiler_option("-fprofile-arcs")
+-                self.__add_compiler_option("-ftest-coverage")
+-                self.compiler.libraries += ['gcov']
+-
+         # Call the superclass's build_extensions method
+         build_ext.build_extensions(self)
+ 

SOURCES/python-crypto-2.6.1-SyntaxWarning.patch

@@ -0,0 +1,11 @@
+--- lib/Crypto/SelfTest/Random/test_random.py
++++ lib/Crypto/SelfTest/Random/test_random.py
+@@ -102,7 +102,7 @@ class SimpleTest(unittest.TestCase):
+         for i in range(10):
+             self.assertEqual(random.choice((1,2,3)) in (1,2,3), True)
+         self.assertEqual(random.choice([1,2,3]) in [1,2,3], True)
+-        if sys.version_info[0] is 3:
++        if sys.version_info[0] == 3:
+             self.assertEqual(random.choice(bytearray(b('123'))) in bytearray(b('123')), True)
+         self.assertEqual(1, random.choice([1]))
+         self.assertRaises(IndexError, random.choice, [])

SOURCES/python-crypto-2.6.1-link.patch

@@ -0,0 +1,13 @@
+log() function not available in libgmp, need libm too
+
+--- setup.py
++++ setup.py
+@@ -349,7 +349,7 @@ kw = {'name':"pycrypto",
+             # _fastmath (uses GNU mp library)
+             Extension("Crypto.PublicKey._fastmath",
+                       include_dirs=['src/','/usr/include/'],
+-                      libraries=['gmp'],
++                      libraries=['gmp','m'],
+                       sources=["src/_fastmath.c"]),
+ 
+             # Hash functions

SOURCES/python-crypto-2.6.1-no-distutils.patch

@@ -0,0 +1,78 @@
+--- lib/Crypto/SelfTest/PublicKey/test_DSA.py
++++ lib/Crypto/SelfTest/PublicKey/test_DSA.py
+@@ -223,7 +223,7 @@ def get_tests(config={}):
+         from Crypto.PublicKey import _fastmath
+         tests += list_test_cases(DSAFastMathTest)
+     except ImportError:
+-        from distutils.sysconfig import get_config_var
++        from sysconfig import get_config_var
+         import inspect
+         _fm_path = os.path.normpath(os.path.dirname(os.path.abspath(
+             inspect.getfile(inspect.currentframe())))
+--- lib/Crypto/SelfTest/PublicKey/test_RSA.py
++++ lib/Crypto/SelfTest/PublicKey/test_RSA.py
+@@ -393,7 +393,7 @@ def get_tests(config={}):
+         from Crypto.PublicKey import _fastmath
+         tests += list_test_cases(RSAFastMathTest)
+     except ImportError:
+-        from distutils.sysconfig import get_config_var
++        from sysconfig import get_config_var
+         import inspect
+         _fm_path = os.path.normpath(os.path.dirname(os.path.abspath(
+             inspect.getfile(inspect.currentframe())))
+--- lib/Crypto/Util/number.py
++++ lib/Crypto/Util/number.py
+@@ -41,7 +41,7 @@ except ImportError:
+     # see an exception raised if _fastmath exists but cannot be imported,
+     # uncomment the below
+     #
+-    # from distutils.sysconfig import get_config_var
++    # from sysconfig import get_config_var
+     # import inspect, os
+     # _fm_path = os.path.normpath(os.path.dirname(os.path.abspath(
+         # inspect.getfile(inspect.currentframe())))
+--- setup.py
++++ setup.py
+@@ -1,6 +1,6 @@
+ #! /usr/bin/env python
+ #
+-#  setup.py : Distutils setup script
++#  setup.py : setuptools setup script
+ #
+ #  Part of the Python Cryptography Toolkit
+ #
+@@ -36,11 +36,10 @@
+ 
+ __revision__ = "$Id$"
+ 
+-from distutils import core
+-from distutils.ccompiler import new_compiler
+-from distutils.core import Extension, Command
+-from distutils.command.build import build
+-from distutils.command.build_ext import build_ext
++from setuptools import setup
++from setuptools.command.build_ext import new_compiler
++from setuptools import Extension, Command
++from setuptools.command.build_ext import build_ext
+ import os, sys, re
+ import struct
+ 
+@@ -53,8 +52,7 @@ if sys.version[0:1] != '3':
+ # .gcov files
+ USE_GCOV = 0
+ 
+-
+-from distutils.command.build_py import build_py
++from setuptools.command.build_py import build_py
+ 
+ # Work around the print / print() issue with Python 2.x and 3.x. We only need
+ # to print at one point of the code, which makes this easy
+@@ -385,7 +383,7 @@ kw = {'name':"pycrypto",
+     ]
+ }
+ 
+-core.setup(**kw)
++setup(**kw)
+ 
+ def touch(path):
+     import os, time

SOURCES/python-crypto-2.6.1-python3.10.patch

@@ -0,0 +1,289 @@
+--- src/AES.c
++++ src/AES.c
+@@ -26,6 +26,7 @@
+ 
+ #include <assert.h>
+ #include <stdlib.h>
++#define PY_SSIZE_T_CLEAN
+ #include "Python.h"
+ 
+ #define MODULE_NAME _AES
+--- src/ARC2.c
++++ src/ARC2.c
+@@ -42,6 +42,7 @@
+  */
+ 
+ #include <string.h>  
++#define PY_SSIZE_T_CLEAN
+ #include "Python.h"
+ 
+ #define MODULE_NAME _ARC2
+--- src/block_template.c
++++ src/block_template.c
+@@ -33,6 +33,7 @@
+ #include <string.h>
+ #endif
+ 
++#define PY_SSIZE_T_CLEAN
+ #include "Python.h"
+ #include "pycrypto_compat.h"
+ #include "modsupport.h" 
+@@ -123,7 +124,8 @@ ALGnew(PyObject *self, PyObject *args, P
+ {
+ 	unsigned char *key, *IV;
+ 	ALGobject * new=NULL;
+-	int keylen, IVlen=0, mode=MODE_ECB, segment_size=0;
++	Py_ssize_t keylen, IVlen=0;
++	int mode=MODE_ECB, segment_size=0;
+ 	PyObject *counter = NULL;
+ 	int counter_shortcut = 0;
+ #ifdef PCT_ARC2_MODULE
+@@ -161,7 +163,7 @@ ALGnew(PyObject *self, PyObject *args, P
+ 	{
+ 		PyErr_Format(PyExc_ValueError,
+ 			     "Key must be %i bytes long, not %i",
+-			     KEY_SIZE, keylen);
++			     KEY_SIZE, (int)keylen);
+ 		return NULL;
+ 	}
+ 	if (KEY_SIZE==0 && keylen==0)
+@@ -242,7 +244,7 @@ ALGnew(PyObject *self, PyObject *args, P
+         new->st.effective_keylen = effective_keylen;
+ #endif
+ 
+-	block_init(&(new->st), key, keylen);
++	block_init(&(new->st), key, (int)keylen);
+ 	if (PyErr_Occurred())
+ 	{
+ 		Py_DECREF(new);
+@@ -250,7 +252,7 @@ ALGnew(PyObject *self, PyObject *args, P
+ 	}
+ 	memset(new->IV, 0, BLOCK_SIZE);
+ 	memset(new->oldCipher, 0, BLOCK_SIZE);
+-	memcpy(new->IV, IV, IVlen);
++	memcpy(new->IV, IV, (size_t)IVlen);
+ 	new->mode = mode;
+ 	new->count=BLOCK_SIZE;   /* stores how many bytes in new->oldCipher have been used */
+ 	return new;
+@@ -264,7 +266,8 @@ ALG_Encrypt(ALGobject *self, PyObject *a
+ {
+ 	unsigned char *buffer, *str;
+ 	unsigned char temp[BLOCK_SIZE];
+-	int i, j, len;
++	int i, j;
++	Py_ssize_t len;
+ 	PyObject *result;
+   
+ 	if (!PyArg_Parse(args, "s#", &str, &len))
+@@ -292,7 +295,7 @@ ALG_Encrypt(ALGobject *self, PyObject *a
+ 		return NULL;
+ 	}
+ 
+-	buffer=malloc(len);
++	buffer=malloc((size_t)len);
+ 	if (buffer==NULL) 
+ 	{
+ 		PyErr_SetString(PyExc_MemoryError, 
+@@ -496,7 +499,8 @@ ALG_Decrypt(ALGobject *self, PyObject *a
+ {
+ 	unsigned char *buffer, *str;
+ 	unsigned char temp[BLOCK_SIZE];
+-	int i, j, len;
++	int i, j;
++	Py_ssize_t len;
+ 	PyObject *result;
+ 
+ 	/* CTR mode decryption is identical to encryption */
+@@ -525,7 +529,7 @@ ALG_Decrypt(ALGobject *self, PyObject *a
+ 			     self->segment_size/8);
+ 		return NULL;
+ 	}
+-	buffer=malloc(len);
++	buffer=malloc((size_t)len);
+ 	if (buffer==NULL) 
+ 	{
+ 		PyErr_SetString(PyExc_MemoryError, 
+--- src/Blowfish.c
++++ src/Blowfish.c
+@@ -36,6 +36,7 @@
+ #endif
+ #include <assert.h>
+ #include <string.h>
++#define PY_SSIZE_T_CLEAN
+ #include "Python.h"
+ 
+ #include "Blowfish-tables.h"
+--- src/CAST.c
++++ src/CAST.c
+@@ -42,6 +42,7 @@
+ 
+ */
+ 
++#define PY_SSIZE_T_CLEAN
+ #include "Python.h"
+ 
+ #define MODULE_NAME _CAST
+--- src/DES.c
++++ src/DES.c
+@@ -34,6 +34,7 @@
+ #undef DES  /* this is needed because tomcrypt_custom.h defines DES to an empty string */
+ 
+ #include <assert.h>
++#define PY_SSIZE_T_CLEAN
+ #include "Python.h"
+ 
+ typedef struct {
+--- src/hash_template.c
++++ src/hash_template.c
+@@ -30,6 +30,7 @@
+ #ifdef _HAVE_STDC_HEADERS
+ #include <string.h>
+ #endif
++#define PY_SSIZE_T_CLEAN
+ #include "Python.h"
+ #include "pycrypto_compat.h"
+ 
+@@ -163,7 +164,7 @@ static PyObject *
+ ALG_update(ALGobject *self, PyObject *args)
+ {
+ 	unsigned char *cp;
+-	int len;
++	Py_ssize_t len;
+ 
+ 	if (!PyArg_ParseTuple(args, "s#", &cp, &len))
+ 		return NULL;
+@@ -273,7 +274,7 @@ ALG_new(PyObject *self, PyObject *args)
+ {
+         ALGobject *new;
+ 	unsigned char *cp = NULL;
+-	int len;
++	Py_ssize_t len;
+ 	
+ 	if ((new = newALGobject()) == NULL)
+ 		return NULL;
+--- src/MD2.c
++++ src/MD2.c
+@@ -28,6 +28,7 @@
+   
+ 
+ #include <string.h>
++#define PY_SSIZE_T_CLEAN
+ #include "Python.h"
+ #include "pycrypto_compat.h"
+ 
+--- src/MD4.c
++++ src/MD4.c
+@@ -28,6 +28,7 @@
+   
+ 
+ #include <string.h>
++#define PY_SSIZE_T_CLEAN
+ #include "Python.h"
+ #include "pycrypto_compat.h"
+ 
+--- src/RIPEMD160.c
++++ src/RIPEMD160.c
+@@ -54,6 +54,7 @@
+ 
+ #include <assert.h>
+ #include <string.h>
++#define PY_SSIZE_T_CLEAN
+ #include "Python.h"
+ #include "pycrypto_compat.h"
+ 
+--- src/stream_template.c
++++ src/stream_template.c
+@@ -33,6 +33,7 @@
+ #include <string.h>
+ #endif
+ 
++#define PY_SSIZE_T_CLEAN
+ #include "Python.h"
+ #include "pycrypto_compat.h"
+ #include "modsupport.h"
+@@ -100,7 +101,7 @@ ALGnew(PyObject *self, PyObject *args, P
+ {
+ 	unsigned char *key;
+ 	ALGobject * new;
+-	int keylen;
++	Py_ssize_t keylen;
+ 
+ 	new = newALGobject();
+ 	if (!PyArg_ParseTupleAndKeywords(args, kwdict, "s#", kwlist, 
+@@ -124,7 +125,7 @@ ALGnew(PyObject *self, PyObject *args, P
+ 				"the null string (0 bytes long)");
+ 		return NULL;
+ 	}
+-	stream_init(&(new->st), key, keylen);
++	stream_init(&(new->st), key, (int)keylen);
+ 	if (PyErr_Occurred())
+ 	{
+ 		Py_DECREF(new);
+@@ -140,7 +141,7 @@ static PyObject *
+ ALG_Encrypt(ALGobject *self, PyObject *args)
+ {
+ 	unsigned char *buffer, *str;
+-	int len;
++	Py_ssize_t len;
+ 	PyObject *result;
+ 
+ 	if (!PyArg_Parse(args, "s#", &str, &len))
+@@ -149,7 +150,7 @@ ALG_Encrypt(ALGobject *self, PyObject *a
+ 	{
+ 		return PyBytes_FromStringAndSize(NULL, 0);
+ 	}
+-	buffer = malloc(len);
++	buffer = malloc((size_t)len);
+ 	if (buffer == NULL)
+ 	{
+ 		PyErr_SetString(PyExc_MemoryError, "No memory available in "
+@@ -157,8 +158,8 @@ ALG_Encrypt(ALGobject *self, PyObject *a
+ 		return NULL;
+ 	}
+ 	Py_BEGIN_ALLOW_THREADS;
+-	memcpy(buffer, str, len);
+-	stream_encrypt(&(self->st), buffer, len);
++	memcpy(buffer, str, (size_t)len);
++	stream_encrypt(&(self->st), buffer, (int)len);
+ 	Py_END_ALLOW_THREADS;
+ 	result = PyBytes_FromStringAndSize((char *)buffer, len);
+ 	free(buffer);
+@@ -172,7 +173,7 @@ static PyObject *
+ ALG_Decrypt(ALGobject *self, PyObject *args)
+ {
+ 	unsigned char *buffer, *str;
+-	int len;
++	Py_ssize_t len;
+ 	PyObject *result;
+ 
+ 	if (!PyArg_Parse(args, "s#", &str, &len))
+@@ -181,7 +182,7 @@ ALG_Decrypt(ALGobject *self, PyObject *a
+ 	{
+ 		return PyBytes_FromStringAndSize(NULL, 0);
+ 	}
+-	buffer = malloc(len);
++	buffer = malloc((size_t)len);
+ 	if (buffer == NULL)
+ 	{
+ 		PyErr_SetString(PyExc_MemoryError, "No memory available in "
+@@ -189,8 +190,8 @@ ALG_Decrypt(ALGobject *self, PyObject *a
+ 		return NULL;
+ 	}
+ 	Py_BEGIN_ALLOW_THREADS;
+-	memcpy(buffer, str, len);
+-	stream_decrypt(&(self->st), buffer, len);
++	memcpy(buffer, str, (size_t)len);
++	stream_decrypt(&(self->st), buffer, (int)len);
+ 	Py_END_ALLOW_THREADS;
+ 	result = PyBytes_FromStringAndSize((char *)buffer, len);
+ 	free(buffer);
+--- src/XOR.c
++++ src/XOR.c
+@@ -24,6 +24,7 @@
+  * =======================================================================
+  */
+ 
++#define PY_SSIZE_T_CLEAN
+ #include "Python.h"
+ 
+ #define MODULE_NAME _XOR

SOURCES/python-crypto-2.6.1-python3.11.patch

@@ -0,0 +1,10 @@
+--- src/_fastmath.c
++++ src/_fastmath.c
+@@ -30,7 +30,6 @@
+ #include <string.h>
+ #include "Python.h"
+ #include "pycrypto_compat.h"
+-#include <longintrepr.h>				/* for conversions */
+ #include "config.h"
+ #if HAVE_LIBGMP
+ # include <gmp.h>

SPECS/python-crypto.spec

@@ -0,0 +1,543 @@
+# Share docs between packages for multiple python versions
+%global _docdir_fmt %{name}
+
+# Single python3 version in Fedora, python3_pkgversion macro not available
+%{!?python3_pkgversion:%global python3_pkgversion 3}
+
+Summary:	Cryptography library for Python
+Name:		python-crypto
+Version:	2.6.1
+Release:	42%{?dist}
+# Mostly Public Domain apart from parts of HMAC.py and setup.py, which are Python
+License:	Public Domain and Python
+URL:		http://www.pycrypto.org/
+Source0:	http://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-%{version}.tar.gz
+Patch0:		python-crypto-2.4-optflags.patch
+Patch1:		python-crypto-2.4-fix-pubkey-size-divisions.patch
+Patch2:		pycrypto-2.6.1-CVE-2013-7459.patch
+Patch3:		pycrypto-2.6.1-unbundle-libtomcrypt.patch
+Patch4:		python-crypto-2.6.1-link.patch
+Patch5:		pycrypto-2.6.1-CVE-2018-6594.patch
+Patch6:		pycrypto-2.6.1-use-os-random.patch
+Patch7:		pycrypto-2.6.1-drop-py2.1-support.patch
+Patch8:		python-crypto-2.6.1-python3.10.patch
+Patch9:		python-crypto-2.6.1-python3.11.patch
+Patch10:	python-crypto-2.6.1-python3only.patch
+Patch11:	python-crypto-2.6.1-no-distutils.patch
+Patch12:	python-crypto-2.6.1-SyntaxWarning.patch
+BuildRequires:	coreutils
+BuildRequires:	findutils
+BuildRequires:	gcc
+BuildRequires:	gmp-devel >= 4.1
+BuildRequires:	libtomcrypt-devel >= 1.16
+BuildRequires:	python%{python3_pkgversion}-devel
+BuildRequires:	python%{python3_pkgversion}-setuptools
+
+%description
+PyCrypto is a collection of both secure hash functions (such as MD5 and
+SHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.).
+
+This software is no longer maintained upstream. Please use the Cryptography
+or PyCryptodome software instead.
+
+%package -n python%{python3_pkgversion}-crypto
+Summary:	Cryptography library for Python 3
+%{?python_provide:%python_provide python%{python3_pkgversion}-crypto}
+
+%description -n python%{python3_pkgversion}-crypto
+PyCrypto is a collection of both secure hash functions (such as MD5 and
+SHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.).
+
+This is the Python 3 build of the package.
+
+This software is no longer maintained upstream. Please use the Cryptography
+or PyCryptodome software instead.
+
+%prep
+%setup -n pycrypto-%{version} -q
+
+# Use distribution compiler flags rather than upstream's
+%patch0 -p1
+
+# Fix divisions within benchmarking suite:
+%patch1 -p1
+
+# AES.new with invalid parameter crashes python
+# https://github.com/dlitz/pycrypto/issues/176
+# CVE-2013-7459
+%patch2 -p1
+
+# Unbundle libtomcrypt (#1087557)
+rm -rf src/libtom
+%patch3
+
+# log() not available in libgmp, need libm too
+%patch4
+
+# When creating ElGamal keys, the generator wasn't a square residue: ElGamal
+# encryption done with those keys cannot be secure under the DDH assumption
+# https://bugzilla.redhat.com/show_bug.cgi?id=1542313 (CVE-2018-6594)
+# https://github.com/TElgamal/attack-on-pycrypto-elgamal
+# https://github.com/Legrandin/pycryptodome/issues/90
+# https://github.com/dlitz/pycrypto/issues/253
+# Patch based on this commit from cryptodome:
+# https://github.com/Legrandin/pycryptodome/commit/99c27a3b
+# Converted to pull request for pycrypto:
+# https://github.com/dlitz/pycrypto/pull/256
+%patch5
+
+# Replace the user-space RNG with a thin wrapper to os.urandom
+# Based on https://github.com/Legrandin/pycryptodome/commit/afd6328f
+# Fixes compatibility with Python 3.8 (#1718332)
+%patch6
+
+# We already require Python 2.4 or later, so drop support for Python 2.1
+# in the code
+%patch7
+
+# Fix Python 3.10 compatibility
+# https://bugzilla.redhat.com/show_bug.cgi?id=1897544
+%patch8
+
+# Fix Python 3.11 compatibility
+# https://bugzilla.redhat.com/show_bug.cgi?id=2021808
+%patch9
+
+# Convert all code to Python 3 before the ability to use 2to3 goes away
+%patch10
+
+# Drop use of deprecated distutils, going away in Python 3.12
+%patch11
+
+# Get rid of a SyntaxWarning in test_random.py
+%patch12
+
+%build
+%global optflags %{optflags} -fno-strict-aliasing
+%py3_build
+
+%install
+%py3_install
+
+# Remove group write permissions on shared objects
+find %{buildroot}%{python3_sitearch} -name '*.so' -exec chmod -c g-w {} \;
+
+%check
+%{__python3} setup.py test
+
+# Benchmark
+PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} pct-speedtest.py
+
+%files -n python%{python3_pkgversion}-crypto
+%license COPYRIGHT LEGAL/
+%doc README TODO ACKS ChangeLog Doc/
+%{python3_sitearch}/Crypto/
+%{python3_sitearch}/pycrypto-%{version}-py3.*.egg-info
+
+%changelog
+* Wed Oct 04 2023 Arkady L. Shane <tigro@msvsphere-os.ru> - 2.6.1-42
+- Rebuilt for MSVSphere 9.2
+
+* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-42
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-41
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 2.6.1-40
+- Rebuilt for Python 3.11
+
+* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-39
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Nov 11 2021 Paul Howarth <paul@city-fan.org> - 2.6.1-38
+- Convert all code to Python 3 before the ability to use 2to3 goes away
+- Drop use of deprecated distutils, going away in Python 3.12
+- Get rid of a SyntaxWarning in test_random.py
+
+* Wed Nov 10 2021 Paul Howarth <paul@city-fan.org> - 2.6.1-37
+- Fix Python 3.11 compatibility (#2021808)
+
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-36
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 2.6.1-35
+- Rebuilt for Python 3.10
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-34
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Fri Nov 20 2020 Paul Howarth <paul@city-fan.org> - 2.6.1-33
+- Fix Python 3.10 compatibility (#1897544)
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-32
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 2.6.1-31
+- Rebuilt for Python 3.9
+
+* Wed Jan 29 2020 Paul Howarth <paul@city-fan.org> - 2.6.1-30
+- Drop Python 2 support
+
+* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 2.6.1-29
+- Rebuilt for Python 3.8.0rc1 (#1748018)
+
+* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 2.6.1-28
+- Rebuilt for Python 3.8
+
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-27
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Jun  7 2019 Paul Howarth <paul@city-fan.org> - 2.6.1-26
+- Replace the user-space RNG with a thin wrapper to os.urandom
+  - Based on https://github.com/Legrandin/pycryptodome/commit/afd6328f
+  - Fixes compatibility with Python 3.8 (#1718332)
+- Drop support for Python 2.1
+
+* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-25
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-24
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 2.6.1-23
+- Rebuilt for Python 3.7
+
+* Fri Feb 23 2018 Paul Howarth <paul@city-fan.org> - 2.6.1-22
+- When creating ElGamal keys, the generator wasn't a square residue: ElGamal
+  encryption done with those keys cannot be secure under the DDH assumption
+  https://bugzilla.redhat.com/show_bug.cgi?id=1542313 (CVE-2018-6594)
+  https://github.com/TElgamal/attack-on-pycrypto-elgamal
+  https://github.com/Legrandin/pycryptodome/issues/90
+  https://github.com/dlitz/pycrypto/issues/253
+  https://github.com/dlitz/pycrypto/pull/256
+
+* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-21
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Thu Jan 25 2018 Paul Howarth <paul@city-fan.org> - 2.6.1-20
+- log() not available in libgmp, need libm too
+
+* Mon Oct 23 2017 Simone Caronni <negativo17@gmail.com> - 2.6.1-19
+- Rebuild for libtomcrypt update
+
+* Tue Sep 05 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.6.1-18
+- Depend on %%{_bindir}/2to3 instead of python2-tools
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-17
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-16
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Thu Jun 29 2017 Paul Howarth <paul@city-fan.org> - 2.6.1-15
+- BR: python2-tools (for 2to3) rather than plain python-tools
+
+* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Wed Jan 18 2017 Paul Howarth <paul@city-fan.org> - 2.6.1-13
+- AES.new with invalid parameter crashes python (CVE-2013-7459)
+  (https://github.com/dlitz/pycrypto/issues/176)
+
+* Fri Dec 09 2016 Charalampos Stratakis <cstratak@redhat.com> - 2.6.1-12
+- Rebuild for Python 3.6
+
+* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.1-11
+- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Wed Dec 30 2015 Paul Howarth <paul@city-fan.org> - 2.6.1-9
+- Enable python3 builds from EPEL-7 (#1110373)
+- Modernize spec
+
+* Wed Nov 04 2015 Matej Stuchlik <mstuchli@redhat.com> - 2.6.1-8
+- Rebuilt for Python 3.5
+
+* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.1-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.1-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Tue May 27 2014 Paul Howarth <paul@city-fan.org> - 2.6.1-4
+- Rebuild for python3 3.4 in Rawhide again
+
+* Wed May 14 2014 Paul Howarth <paul@city-fan.org> - 2.6.1-3
+- Unbundle libtomcrypt (#1087557)
+- Drop %%defattr, redundant since rpm 4.4
+
+* Wed May 14 2014 Bohuslav Kabrda <bkabrda@redhat.com> - 2.6.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4
+
+* Fri Oct 18 2013 Paul Howarth <paul@city-fan.org> - 2.6.1-1
+- Update to 2.6.1
+  - Fix PRNG not correctly reseeded in some situations (CVE-2013-1445)
+
+* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Fri Aug 03 2012 David Malcolm <dmalcolm@redhat.com> - 2.6-4
+- rebuild for https://fedoraproject.org/wiki/Features/Python_3.3
+
+* Fri Aug  3 2012 David Malcolm <dmalcolm@redhat.com> - 2.6-3
+- remove rhel logic from with_python3 conditional
+
+* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Thu May 24 2012 Paul Howarth <paul@city-fan.org> - 2.6-1
+- Update to 2.6
+  - Fix insecure ElGamal key generation (launchpad bug #985164, CVE-2012-2417)
+  - Huge documentation cleanup
+  - Added more tests, including test vectors from NIST 800-38A
+  - Remove broken MODE_PGP, which never actually worked properly
+  - A new mode, MODE_OPENPGP, has been added for people wishing to write
+    OpenPGP implementations (see also launchpad bug #996814)
+  - Fix: getPrime with invalid input causes Python to abort with fatal error
+    (launchpad bug #988431)
+  - Fix: Segfaults within error-handling paths (launchpad bug #934294)
+  - Fix: Block ciphers allow empty string as IV (launchpad bug #997464)
+  - Fix DevURandomRNG to work with Python3's new I/O stack
+  - Remove automagic dependencies on libgmp and libmpir; let the caller
+    disable them using args
+  - Many other minor bug fixes and improvements
+- Drop upstream patches
+
+* Sat Feb 18 2012 Paul Howarth <paul@city-fan.org> - 2.5-2
+- Add upstream fixes for issues found by Dave Malcolm's experimental static
+  analysis tool (#790584)
+
+* Mon Jan 16 2012 Paul Howarth <paul@city-fan.org> - 2.5-1
+- Update to 2.5
+  - Added PKCS#1 encryption schemes (v1.5 and OAEP); we now have a decent,
+    easy-to-use non-textbook RSA implementation
+  - Added PKCS#1 signature schemes (v1.5 and PSS); v1.5 required some
+    extensive changes to Hash modules to contain the algorithm-specific ASN.1
+    OID, and to that end we now always have a (thin) Python module to hide the
+    one in pure C
+  - Added 2 standard Key Derivation Functions (PBKDF1 and PBKDF2)
+  - Added export/import of RSA keys in OpenSSH and PKCS#8 formats
+  - Added password-protected export/import of RSA keys (one old method for
+    PKCS#8 PEM only)
+  - Added ability to generate RSA key pairs with configurable public
+    exponent e
+  - Added ability to construct an RSA key pair even if only the private
+    exponent d is known, and not p and q
+  - Added SHA-2 C source code (fully from Lorenz Quack)
+  - Unit tests for all the above
+  - Updates to documentation (both inline and in Doc/pycrypt.rst)
+  - Minor bug fixes (setup.py and tests)
+- Upstream no longer ships python-3-changes.txt
+
+* Sat Jan  7 2012 Paul Howarth <paul@city-fan.org> - 2.4.1-2
+- Rebuild with gcc 4.7
+
+* Mon Nov  7 2011 Paul Howarth <paul@city-fan.org> - 2.4.1-1
+- Update to 2.4.1
+  - Fix "error: Setup script exited with error: src/config.h: No such file or
+    directory" when installing via easy_install
+
+* Wed Oct 26 2011 Marcela Mašláňová <mmaslano@redhat.com> - 2.4-2.1
+- Rebuild with new gmp without compat lib
+
+* Tue Oct 25 2011 Paul Howarth <paul@city-fan.org> - 2.4-2
+- Add python3-crypto subpackage (based on patch from Dave Malcolm - #748529)
+
+* Mon Oct 24 2011 Paul Howarth <paul@city-fan.org> - 2.4-1
+- Update to 2.4
+  - Python 3 support! PyCrypto now supports every version of Python from 2.1
+    through to 3.2
+  - Timing-attack countermeasures in _fastmath: when built against libgmp
+    version 5 or later, we use mpz_powm_sec instead of mpz_powm, which should
+    prevent the timing attack described by Geremy Condra at PyCon 2011
+  - New hash modules (for Python ≥ 2.5 only): SHA224, SHA384 and SHA512
+  - Configuration using GNU autoconf, which should help fix a bunch of build
+    issues
+  - Support using MPIR as an alternative to GMP
+  - Improve the test command in setup.py, by allowing tests to be performed on
+    a single sub-package or module only
+  - Fix double-decref of "counter" when Cipher object initialization fails
+  - Apply patches from Debian's python-crypto 2.3-3 package:
+    - fix-RSA-generate-exception.patch
+    - epydoc-exclude-introspect.patch
+    - no-usr-local.patch
+  - Fix launchpad bug #702835: "Import key code is not compatible with GMP
+    library"
+  - More tests, better documentation, various bugfixes
+- Update patch for imposing our own compiler optimization flags
+- Drop lib64 patch, no longer needed
+- No longer need to fix up permissions and remove shellbangs
+
+* Wed Oct 12 2011 Peter Schiffer <pschiffe@redhat.com> - 2.3-5.1
+- Rebuild with new gmp
+
+* Wed May 11 2011 Paul Howarth <paul@city-fan.org> - 2.3-5
+- Upstream rolled new tarball with top-level directory restored
+- Nobody else likes macros for commands
+
+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Wed Sep 29 2010 jkeating - 2.3-3
+- Rebuilt for gcc bug 634757
+
+* Fri Sep 24 2010 David Malcolm <dmalcolm@redhat.com> - 2.3-2
+- Add "-fno-strict-aliasing" to compilation flags
+
+* Fri Aug 27 2010 Paul Howarth <paul@city-fan.org> - 2.3-1
+- Update to 2.3
+  - Fix NameError when attempting to use deprecated getRandomNumber() function
+  - _slowmath: Compute RSA u parameter when it's not given to RSA.construct;
+    this makes _slowmath behave the same as _fastmath in this regard
+  - Make RSA.generate raise a more user-friendly exception message when the
+    user tries to generate a bogus-length key
+- Add -c option to %%setup because upstream tarball has dropped the top-level
+  directory
+- Run benchmark as part of %%check if we have python 2.4 or later
+- BR: python2-devel rather than just python-devel
+- Add patch to make sure we can find libgmp in 64-bit multilib environments
+
+* Tue Aug  3 2010 Paul Howarth <paul@city-fan.org> - 2.2-1
+- Update to 2.2
+  - Deprecated Crypto.Util.number.getRandomNumber()
+  - It's been replaced by getRandomNBitInteger and getRandomInteger
+  - Better isPrime() and getPrime() implementations
+  - getStrongPrime() implementation for generating RSA primes
+  - Support for importing and exporting RSA keys in DER and PEM format
+  - Fix PyCrypto when floor division (python -Qnew) is enabled
+  - When building using gcc, use -std=c99 for compilation
+- Update optflags patch
+
+* Thu Jul 22 2010 David Malcolm <dmalcolm@redhat.com> - 2.1.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
+
+* Tue Feb 16 2010 Paul Howarth <paul@city-fan.org> - 2.1.0-1
+- Update to 2.1.0 (see ChangeLog for details)
+- Remove patches (no longer needed)
+- Use new upstream URLs
+- Upstream has replaced LICENSE with LEGAL/ and COPYRIGHT
+- Clarify that license is mostly Public Domain, partly Python
+- Add %%check section and run the test suite in it
+- Remove upstream's fiddling with compiler optimization flags so we get
+  usable debuginfo
+- Filter out unwanted provides for python shared objects
+- Tidy up egg-info handling
+- Simplify %%files list
+- Pacify rpmlint as much as is reasonable
+- Add dist tag
+
+* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.1-19
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.1-18
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Fri Feb 13 2009 Stewart Adam <s.adam at diffingo.com> - 2.0.1-17
+- Use patches in upstream git to fix #484473
+
+* Fri Feb 13 2009 Thorsten Leemhuis <fedora[AT]leemhuis[DOT]info> - 2.0.1-16.1
+- add patch to fix #485298 / CVE-2009-0544
+
+* Sat Feb 7 2009 Stewart Adam <s.adam at diffingo.com> - 2.0.1-15.1
+- Oops, actually apply the patch
+- Modify patch so modules remain compatible with PEP 247
+
+* Sat Feb 7 2009 Stewart Adam <s.adam at diffingo.com> - 2.0.1-15
+- Add patch to hashlib instead of deprecated md5 and sha modules (#484473)
+
+* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 2.0.1-14.1
+- Rebuild for Python 2.6
+
+* Sun May 04 2008 Thorsten Leemhuis <fedora[AT]leemhuis[DOT]info> - 2.0.1-13
+- provide pycrypto
+
+* Sat Feb 09 2008 Thorsten Leemhuis <fedora[AT]leemhuis[DOT]info> - 2.0.1-12
+- rebuilt
+
+* Fri Jan 04 2008 Thorsten Leemhuis <fedora [AT] leemhuis [DOT] info> - 2.0.1-11
+- egg-info file in python_sitearch and not in python_sitelib
+
+* Fri Jan 04 2008 Thorsten Leemhuis <fedora [AT] leemhuis [DOT] info> - 2.0.1-10
+- ship egg-file
+
+* Tue Aug 21 2007 Thorsten Leemhuis <fedora [AT] leemhuis [DOT] info> - 2.0.1-9
+- Remove the old and outdated python-abi hack
+
+* Fri Aug 03 2007 Thorsten Leemhuis <fedora [AT] leemhuis [DOT] info>
+- Update License field due to the "Licensing guidelines changes"
+
+* Mon Jun 04 2007 David Woodhouse <dwmw2@infradead.org> - 2.0.1-8
+- Fix libdir handling so it works on more arches than x86_64
+
+* Wed Apr 18 2007 Thorsten Leemhuis <fedora[AT]leemhuis.info> - 2.0.1-7
+- Fix typo
+
+* Wed Apr 18 2007 Thorsten Leemhuis <fedora[AT]leemhuis.info> - 2.0.1-6
+- Remove dist
+- rebuild, because the older version was much bigger, as it was build when
+  distutils was doing static links of libpython
+
+* Sat Dec 09 2006 Thorsten Leemhuis <fedora[AT]leemhuis.info> - 2.0.1-5
+- Rebuild for python 2.5
+
+* Thu Sep 07 2006 Thorsten Leemhuis <fedora[AT]leemhuis.info> - 2.0.1-4
+- Don't ghost pyo files (#205408)
+
+* Tue Aug 29 2006 Thorsten Leemhuis <fedora[AT]leemhuis.info> - 2.0.1-3
+- Rebuild for Fedora Extras 6
+
+* Mon Feb 13 2006 Thorsten Leemhuis <fedora[AT]leemhuis.info> - 2.0.1-2
+- Rebuild for Fedora Extras 5
+
+* Wed Aug 17 2005 Thorsten Leemhuis <fedora at leemhuis dot info> - 0:2.0.1-1
+- Update to 2.0.1
+- Use Dist
+- Drop python-crypto-64bit-unclean.patch, similar patch was applied
+  upstream
+
+* Thu May 05 2005 Thorsten Leemhuis <fedora at leemhuis dot info> - 0:2.0-4
+- add python-crypto-64bit-unclean.patch (#156173)
+
+* Mon Mar 21 2005 Seth Vidal <skvidal at phy.duke.edu> - 0:2.0-3
+- iterate release for build on python 2.4 based systems
+
+* Sat Dec 18 2004 Thorsten Leemhuis <fedora at leemhuis dot info> - 0:2.0-2
+- Fix build on x86_64: use python_sitearch for files and patch source
+  to find gmp
+
+* Thu Aug 26 2004 Thorsten Leemhuis <fedora at leemhuis dot info> - 0:2.0-0.fdr.1
+- Update to 2.00
+
+* Fri Aug 13 2004 Ville Skytta <ville.skytta at iki.fi> - 0:1.9-0.fdr.6.a6
+- Don't use get_python_version(), it's available in Python >= 2.3 only.
+
+* Thu Aug 12 2004 Thorsten Leemhuis <fedora at leemhuis dot info> 0:1.9-0.fdr.5.a6
+- Own dir python_sitearch/Crypto/
+
+* Wed Aug 11 2004 Thorsten Leemhuis <fedora at leemhuis dot info> 0:1.9-0.fdr.4.a6
+- Match python spec template more
+
+* Sat Jul 17 2004 Thorsten Leemhuis <fedora at leemhuis dot info> 0:1.9-0.fdr.3.a6
+- Own _libdir/python/site-packages/Crypto/
+
+* Wed Mar 24 2004 Panu Matilainen <pmatilai@welho.com> 0.3.2-0.fdr.2.a6
+- generate .pyo files during install
+- require exact version of python used to build the package
+- include more docs + demos
+- fix dependency on /usr/local/bin/python
+- use fedora.us style buildroot
+- buildrequires gmp-devel
+- use description from README
+
+* Sun Jan 11 2004 Ryan Boder <icanoop@bitwiser.org>  0.3.2-0.fdr.1.a6
+- Initial build.
+