%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}

Summary:	Cryptography library for Python
Name:		python-crypto
Version:	2.0.1
Release:	5%{?dist}
License:	Public Domain
Group:		Development/Libraries
URL:		http://www.pycrypto.org/

# The original tarball:
#  http://www.amk.ca/files/python/crypto/pycrypto-2.0.1.tar.gz
# contains support for IDEA and RC5.
# 
# We remove it in the tarball we ship, using a "hobble-python-crypto" script.
Source:		pycrypto-2.0.1-hobbled.tar.gz

# patch taken from 
# http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b
Patch0:		%{name}-fix_buffer_overflow.patch

# Remove references to IDEA and RC5:
Patch1:		python-crypto-hobble.patch

# Backport to pycrypto 2.0.1 of:
# https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2
Patch2:		pycrypto-2.0.1-CVE-2012-2417.patch

BuildRequires:	python >= 2.2
BuildRequires:	python-devel >= 2.2
BuildRequires:	gmp-devel >= 4.1
BuildRoot:	%{_tmppath}/%{name}-%{version}-buildroot-%(%{__id_u} -n)
Requires:	python-abi = %(%{__python} -c "import sys ; print sys.version[:3]")

Provides:	pycrypto = %{version}-%{release}

%description
Python-crypto is a collection of both secure hash functions (such as MD5 and
SHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.).


%prep
%setup -n pycrypto-%{version} -q

# C source should not be executable
find . -name '*.c' | xargs chmod -c -x

# Remove redundant shellbang
sed -i -e '/#!\/usr\/local\/bin\/python/d' Util/RFC1751.py

# Fix setup.py for lib64 if necessary
sed -i -e 's|/lib|/%_lib|g' setup.py

%patch0 -b .patch0 -p1
%patch1 -p1
%patch2

%build
CFLAGS="$RPM_OPT_FLAGS" %{__python} setup.py build

%install
rm -rf $RPM_BUILD_ROOT
%{__python} setup.py install -O1 --skip-build --root $RPM_BUILD_ROOT

# Remove group write permissions on shared objects
find %{buildroot}%{python_sitearch} -name '*.so' -exec chmod -c g-w {} \;

%check
%{__python} test.py


%clean
rm -rf $RPM_BUILD_ROOT


%files
%defattr(-,root,root,-)
%doc README TODO ACKS ChangeLog LICENSE Doc
%{python_sitearch}/Crypto/*.py*
%{python_sitearch}/Crypto/Cipher/*.so
%{python_sitearch}/Crypto/Cipher/*.py*
%{python_sitearch}/Crypto/Hash/*.so
%{python_sitearch}/Crypto/Hash/*.py*
%{python_sitearch}/Crypto/Protocol/*.py*
%{python_sitearch}/Crypto/PublicKey/*.so
%{python_sitearch}/Crypto/PublicKey/*.py*
%{python_sitearch}/Crypto/Util/*.py*
%dir %{python_sitearch}/Crypto
%dir %{python_sitearch}/Crypto/Cipher/
%dir %{python_sitearch}/Crypto/Hash/
%dir %{python_sitearch}/Crypto/Protocol/
%dir %{python_sitearch}/Crypto/PublicKey/
%dir %{python_sitearch}/Crypto/Util/


%changelog
* Fri May 25 2012 Paul Howarth <paul@city-fan.org> - 2.0.1-5
- Fix LP#985164: insecure ElGamal key generation (#825165, CVE-2012-2417)
- Update URL
- Fix shellbangs and permissions of installed files

* Wed Sep 22 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.1-4.2
- remove IDEA and RC5 implementations
- add %%check section

* Fri Feb 13 2009 Thorsten Leemhuis <fedora[AT]leemhuis[DOT]info> - 2.0.1-4.1
- some improvements from fedora branch
  - add patch to fix #485298 / CVE-2009-0544
  - provide pycrypto
  - drop patch0 and fix libdir handling so it works on more arches than x86_64

* Thu Sep 07 2006 Thorsten Leemhuis <fedora[AT]leemhuis.info> - 2.0.1-4
- Don't ghost pyo files (#205408)

* Tue Aug 29 2006 Thorsten Leemhuis <fedora[AT]leemhuis.info> - 2.0.1-3
- Rebuild for Fedora Extras 6

* Mon Feb 13 2006 Thorsten Leemhuis <fedora[AT]leemhuis.info> - 2.0.1-2
- Rebuild for Fedora Extras 5

* Wed Aug 17 2005 Thorsten Leemhuis <fedora at leemhuis dot info> - 0:2.0.1-1
- Update to 2.0.1
- Use Dist
- Drop python-crypto-64bit-unclean.patch, similar patch was applied 
  upstream

* Thu May 05 2005 Thorsten Leemhuis <fedora at leemhuis dot info> - 0:2.0-4
- add python-crypto-64bit-unclean.patch (#156173)

* Mon Mar 21 2005 Seth Vidal <skvidal at phy.duke.edu> - 0:2.0-3
- iterate release for build on python 2.4 based systems

* Sat Dec 18 2004 Thorsten Leemhuis <fedora at leemhuis dot info> - 0:2.0-2
- Fix build on x86_64: use python_sitearch for files and patch source
  to find gmp

* Thu Aug 26 2004 Thorsten Leemhuis <fedora at leemhuis dot info> - 0:2.0-0.fdr.1
- Update to 2.00

* Fri Aug 13 2004 Ville Skytta <ville.skytta at iki.fi> - 0:1.9-0.fdr.6.a6
- Don't use get_python_version(), it's available in Python >= 2.3 only.

* Thu Aug 12 2004 Thorsten Leemhuis <fedora at leemhuis dot info> 0:1.9-0.fdr.5.a6
- Own dir python_sitearch/Crypto/

* Wed Aug 11 2004 Thorsten Leemhuis <fedora at leemhuis dot info> 0:1.9-0.fdr.4.a6
- Match python spec template more

* Sat Jul 17 2004 Thorsten Leemhuis <fedora at leemhuis dot info> 0:1.9-0.fdr.3.a6
- Own _libdir/python/site-packages/Crypto/

* Wed Mar 24 2004 Panu Matilainen <pmatilai@welho.com> 0.3.2-0.fdr.2.a6
- generate .pyo files during install
- require exact version of python used to build the package
- include more docs + demos
- fix dependency on /usr/local/bin/python
- use fedora.us style buildroot
- buildrequires gmp-devel
- use description from README

* Sun Jan 11 2004 Ryan Boder <icanoop@bitwiser.org>  0.3.2-0.fdr.1.a6
- Initial build.