Perl 5.40 rebuild

https://fedoraproject.org/wiki/Changes/Java21

.gitignore

@@ -1,20 +1,7 @@
-/cl343_fedora.zip
+/cl346_fedora.zip.sig
+/cl346_fedora.zip
 /cryptlib-perlfiles.tar.gz
 /cryptlib-tests.tar.gz
-/cl3431_fedora.zip
-/cl3431_fedora.zip.sig
-/cryptlib.spec
-/gpgkey-3274CB29956498038A9C874BFBF6E2C28E9C98DD.asc
-/README-manual
-/ccflagspatch
-/javapatch
-/nativepatch
-/cryptlibConverter.py
-/bignumpatch
-/updates-from-beta.tar
-/cl344_fedora.zip
-/cl344_fedora.zip.sig
-/cl345_fedora.zip
-/cl345_fedora.zip.sig
-/perlpatch
-/gccversionpatch
+/cryptlib-tools.tar.gz
+/cl347_fedora.zip
+/cl347_fedora.zip.sig

COPYING

@@ -1,60 +0,0 @@
-This file contains the usage terms for cryptlib.  The full details of cryptlib
-usage are provided on the cryptlib home page; although this file and the
-information on the web page should be identical, in case of any dispute the
-web page takes precedence.  This file is included because some distributions
-require the presence of a COPYING file.
-
-cryptlib is distributed under a dual license that allows free, open-source use
-under a GPL-compatible license and closed-source use under a standard
-commercial license.  The GPL-compatible license (a.k.a. the Sleepycat license)
-is given below.  Further details on this license are available from the
-cryptlib home page.
-
-  Copyright 1992-2016 Peter Gutmann. All rights reserved.
-
-  Redistribution and use in source and binary forms, with or without
-  modification, are permitted provided that the following conditions are met:
-
-  1. Redistributions of source code must retain the above copyright notice, this
-     list of conditions and the following disclaimer.
-
-  2. Redistributions in binary form must reproduce the above copyright notice,
-     this list of conditions and the following disclaimer in the documentation
-     and/or other materials provided with the distribution.
-
-  3. Redistributions in any form must be accompanied by information on how to
-     obtain complete source code for the cryptlib software and any accompanying
-     software that uses the cryptlib software.  The source code must either be
-     included in the distribution or be available for no more than the cost of
-     distribution, and must be freely redistributable under reasonable
-     conditions.  For an executable file, complete source code means the source
-     code for all modules it contains or uses.  It does not include source code
-     for modules or files that typically accompany the major components of the
-     operating system on which the executable file runs.
-
-  THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
-  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY,
-  FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE DISCLAIMED.  IN NO
-  EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
-  OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
-  IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
-  OF SUCH DAMAGE.
-
-Note that decoupling the software from the user, for example by running in a
-SaaS configuration, does not exempt you from these requirements.
-
-If you're unable to comply with the above license then the following,
-alternate usage conditions apply:
-
-  Any large-scale commercial use of cryptlib requires a license.  "Large-scale
-  commercial use" means any revenue-generating purpose such as use for
-  company-internal purposes, or use of cryptlib in an application or product,
-  with a total gross revenue of over US$5,000.  This allows cryptlib to be
-  used in freeware and shareware applications, for evaluation and research
-  purposes, and for non-revenue-generating or personal use without charge.  In
-  addition the author reserves the right to grant free licenses for commercial
-  use in special cases (for example where there is a general benefit to the
-  public), contact the author for details if you think you qualify.

README-manual

@@ -17,7 +17,7 @@ the Fedora distribution.
 But the good news is, that you can download this excellent manual as a
 PDF file from Peter's web page.
 
-http://www.cypherpunks.to/~peter/manual.pdf
+https://cryptlib-release.s3-ap-southeast-1.amazonaws.com/manual.pdf
 
 If you refer to the numerous code examples, you will be able to use
 cryptlib in your own (commercial) projects quite easily.

ccflagspatch

@@ -1,11 +0,0 @@
---- cl-original/makefile	2019-03-10 11:50:35.325298573 +0100
-+++ cl-patched/makefile	2019-03-10 11:53:03.663407724 +0100
-@@ -90,7 +90,7 @@
- # Further cc flags are gathered dynamically at runtime via the ccopts.sh
- # script.
- 
--CFLAGS			= -c -D__UNIX__ -DNDEBUG -I.
-+CFLAGS			= -c -D__UNIX__ -DNDEBUG -I. $(ADDFLAGS)
- CFLAGS_DEBUG	= -c -D__UNIX__ -I. -g -O1
- CFLAGS_DEBUGGCC	= -c -D__UNIX__ -I. -ggdb3 -fno-omit-frame-pointer -O1
- CFLAGS_ANALYSE	= -c -D__UNIX__ -I.

cl343_fedora.zip.sig

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQIcBAABAgAGBQJXTn2uAAoJEPv24sKOnJjdL9kP/Aygtz7zeidceTWZt6WZToou
-IlLISVfUgQtr6NHBiDxEZwP+OWBaTh33fKP2na8wUy8qr99AjpRIjj9mX+qy7ED+
-AJPkaVK2yfB8CTK5ZLehlTWadLXAHIXNWsvjW2/foade6RsNdR/NjScQbDUxv3F/
-3oIZgGhNgKS+c83JTzdELc5/yN8Be5zeUJ7fZiGZKRS4kb5S7KSJ72eYyEspUvnY
-cE7jA95NiAQg1QC9UeC4t/Iq6Cfp5ePh2p7NB5wzm4IJcANXIatmKbpWP5d0DvAd
-wErcni7J9kK7OZnvkbLOmQaEiz2giz+snORT4gq/RxgkyFlbCTucM7cZXQ4zBAmS
-gVA9EQOuJvyJRAAd+LN5/wxIJRNuoboXevCuU5zkmc7U8UXEyrX5A3ZAW9LDesDo
-TKPH2pkkkFoYauMckD7AU1NGtaKOqKzt2heiy7AqzqoxblRF3k0Ka4Xd+nrUQuIa
-t7SyYerclmAq8nyuftpvu6gng6N1JpPlinJkEGgJAs/TPJAW1F2n02bOS1Sx55rJ
-v+4dbNZVRT+rsgizottGR+7RiR1S+kAtF0J5BbHDj8UVobJLIcD0i238GgNe8MVp
-3DvgPJtD8ejZQzDcXEtWjv6aMG5s5d++sFBik2YP7pwJxaLYunxQRarCq/jGVMu9
-6BBULFfmMU7aHY4L5UsU
-=WFzk
------END PGP SIGNATURE-----

configpatch

@@ -0,0 +1,21 @@
+--- cl-original/misc/config.h	2022-03-04 17:55:32.643896948 +0100
++++ cl-patched/misc/config.h	2022-03-04 19:46:36.843663542 +0100
+@@ -218,7 +218,7 @@
+ 
+ /* Whether to build the Java/JNI interface or not */
+ 
+-/* #define USE_JAVA */
++#define USE_JAVA
+ 
+ /* Whether to provide descriptive text messages for errors or not.
+    Disabling these can reduce code size, at the expense of making error
+@@ -1327,4 +1327,9 @@
+   #undef USE_ERRMSGS
+ #endif /* 0 */
+ 
++#undef USE_IDEA 
++#undef USE_OBSCURE_ALGORITHMS 
++#undef USE_PATENTED_ALGORITHMS
++#define USE_SHA2_EXT
++
+ #endif /* _CONFIG_DEFINED */

cryptlib.spec

@@ -1,38 +1,41 @@
-%global includetests 0
+%global includetests 1
 # 0=no, 1=yes
 %global cryptlibdir %{_libdir}/%{name}
 %global withpython2 0
 
 Name:       cryptlib
-Version:    3.4.5  
-Release:    15%{?dist}
+Version:    3.4.7  
+Release:    7%{?dist}
 Summary:    Security library and toolkit for encryption and authentication services    
 
 License:    Sleepycat and OpenSSL     
 URL:        https://www.cs.auckland.ac.nz/~pgut001/cryptlib      
-Source0:    https://crypto-bone.com/fedora/cl345_fedora.zip      
-Source1:    https://crypto-bone.com/fedora/cl345_fedora.zip.sig
+Source0:    https://senderek.ie/fedora/cl347_fedora.zip      
+Source1:    https://senderek.ie/fedora/cl347_fedora.zip.sig
 # for security reasons a public signing key should always be stored in distgit
 # and never be used with a URL to make impersonation attacks harder
 # (verified: https://senderek.ie/keys/codesigningkey)
 Source2:    gpgkey-3274CB29956498038A9C874BFBF6E2C28E9C98DD.asc
-Source3:    https://crypto-bone.com/fedora/README-manual
-Source4:    https://crypto-bone.com/fedora/cryptlib-tests.tar.gz
-Source5:    https://crypto-bone.com/fedora/cryptlib-perlfiles.tar.gz
+Source3:    https://senderek.ie/fedora/README-manual
+Source4:    https://senderek.ie/fedora/cryptlib-tests.tar.gz
+Source5:    https://senderek.ie/fedora/cryptlib-perlfiles.tar.gz
+Source6:    https://senderek.ie/fedora/cryptlib-tools.tar.gz
+Source7:    https://senderek.ie/fedora/claes
+Source8:    https://senderek.ie/fedora/claes.sig
+Source9:    cryptlibConverter.py3-final
 
 # soname is now libcl.so.3.4
-Patch1:     ccflagspatch
-Patch2:     javapatch
-Patch3:     perlpatch
-Patch4:     gccversionpatch
+Patch0:     m64patch
+Patch1:     testpatch
 
-ExclusiveArch: x86_64 %{ix86} aarch64 ppc64 ppc64le
+ExclusiveArch: x86_64 aarch64 ppc64le
 
 BuildRequires: gcc 
 BuildRequires: libbsd-devel   
 BuildRequires: gnupg2
 BuildRequires: coreutils
 BuildRequires: python3-devel
+BuildRequires: python-setuptools
 BuildRequires: java-devel
 BuildRequires: perl-interpreter
 BuildRequires: perl-devel
@@ -126,6 +129,14 @@ Requires: man
 %description perl
 Cryptlib module for application development in Perl
 
+%package tools
+Summary:  Collection of stand-alone programs that use Cryptlib
+Requires: python3 >= 3.5
+Requires: man
+Requires: %{name}%-python3
+
+%description tools
+Collection of stand-alone programs that use Cryptlib
 
 
 %prep
@@ -135,22 +146,28 @@ KEYRING=${KEYRING%%.asc}.gpg
 mkdir -p .gnupg
 gpg2 --homedir .gnupg --no-default-keyring --quiet --yes --output $KEYRING --dearmor  %{SOURCE2}
 gpg2 --homedir .gnupg --no-default-keyring --keyring $KEYRING --verify %{SOURCE1} %{SOURCE0}
+gpg2 --homedir .gnupg --no-default-keyring --keyring $KEYRING --verify %{SOURCE8} %{SOURCE7}
 
 rm -rf %{name}-%{version}
 mkdir %{name}-%{version}
 cd %{name}-%{version}
 /usr/bin/unzip -a %{SOURCE0}
 
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
+%patch 0 -p1
+%patch 1 -p1
+
+# enable ADDFLAGS
+sed -i '97s/-I./-I. \$(ADDFLAGS)/' makefile
+# enable JAVA in config
+sed -i 's/\/\* #define USE_JAVA \*\// #define USE_JAVA /' misc/config.h
+
 
 # remove pre-build jar file
 rm %{_builddir}/%{name}-%{version}/bindings/cryptlib.jar
 # adapt perl files in bindings
 cd %{_builddir}/%{name}-%{version}/bindings
 /usr/bin/tar xpzf %{SOURCE5}
+/usr/bin/cp %{SOURCE9} %{_builddir}/%{name}-%{version}/tools/cryptlibConverter.py3
 
 %build
 cd %{name}-%{version}
@@ -166,10 +183,10 @@ cp /etc/alternatives/java_sdk/include/jni.h .
 cp /etc/alternatives/java_sdk/include/linux/jni_md.h .
 
 make clean
-make shared %{?_smp_mflags} ADDFLAGS="%{optflags}"
-ln -s libcl.so.3.4.5 libcl.so
+make shared  ADDFLAGS="%{optflags}"
+ln -s libcl.so.3.4.7 libcl.so
 ln -s libcl.so libcl.so.3.4
-make stestlib %{?_smp_mflags} ADDFLAGS="%{optflags}"
+make stestlib  ADDFLAGS="%{optflags}"
 
 # build python modules
 cd bindings
@@ -189,9 +206,9 @@ javadoc cryptlib
 mkdir -p %{buildroot}%{_libdir}
 mkdir -p %{buildroot}%{_datadir}/licenses/%{name}
 mkdir -p %{buildroot}%{_docdir}/%{name}
-cp %{_builddir}/%{name}-%{version}/libcl.so.3.4.5 %{buildroot}%{_libdir}
+cp %{_builddir}/%{name}-%{version}/libcl.so.3.4.7 %{buildroot}%{_libdir}
 cd %{buildroot}%{_libdir}
-ln -s libcl.so.3.4.5 libcl.so.3.4
+ln -s libcl.so.3.4.7 libcl.so.3.4
 ln -s libcl.so.3.4 libcl.so
 
 # install header files
@@ -225,7 +242,8 @@ cp -r %{_builddir}/%{name}-%{version}/bindings/javadoc/* %{buildroot}%{_javadocd
 
 # install python3 module
 mkdir -p %{buildroot}%{python3_sitelib}
-cp %{_builddir}/%{name}-%{version}/bindings/build/lib.linux-*%{python3_version}/cryptlib_py%{python3_ext_suffix} %{buildroot}%{python3_sitelib}/cryptlib_py.so
+# cp %{_builddir}/%{name}-%{version}/bindings/build/lib.linux-*%{python3_version}/cryptlib_py%{python3_ext_suffix} %{buildroot}%{python3_sitelib}/cryptlib_py.so
+cp %{_builddir}/%{name}-%{version}/bindings/build/lib.linux-*/cryptlib_py%{python3_ext_suffix} %{buildroot}%{python3_sitelib}/cryptlib_py.so
 
 # install Perl module
 mkdir -p %{buildroot}/usr/local/lib64
@@ -254,17 +272,33 @@ rm -rf $(find %{buildroot}%{cryptlibdir}/test -name "*.c")
 cd %{buildroot}%{cryptlibdir}
 tar xpzf %{SOURCE4} 
 
+# install cryptlib tools 
+cd %{buildroot}%{cryptlibdir}
+tar xpzf %{SOURCE6} 
+mkdir -p %{buildroot}%{_mandir}/man1
+mkdir -p %{buildroot}%{_bindir}
+cp %{SOURCE7} %{buildroot}%{_bindir}
+cp /%{buildroot}%{cryptlibdir}/tools/clsha1 %{buildroot}%{_bindir}
+cp /%{buildroot}%{cryptlibdir}/tools/clsha2 %{buildroot}%{_bindir}
+cp /%{buildroot}%{cryptlibdir}/tools/clkeys %{buildroot}%{_bindir}
+cp /%{buildroot}%{cryptlibdir}/tools/clsmime %{buildroot}%{_bindir}
+cp /%{buildroot}%{cryptlibdir}/tools/man/clsha1.1 %{buildroot}%{_mandir}/man1
+cp /%{buildroot}%{cryptlibdir}/tools/man/clsha2.1 %{buildroot}%{_mandir}/man1
+cp /%{buildroot}%{cryptlibdir}/tools/man/claes.1  %{buildroot}%{_mandir}/man1
+cp /%{buildroot}%{cryptlibdir}/tools/man/clkeys.1 %{buildroot}%{_mandir}/man1
+cp /%{buildroot}%{cryptlibdir}/tools/man/clsmime.1 %{buildroot}%{_mandir}/man1
+
 %check
 # checks are performed after install
 # in KOJI tests must be disabled as there is no networking
 %if %{includetests}
      cd %{_builddir}/%{name}-%{version}
-     ln -s libcl.so.3.4.5 ./libcl.so.3.4
      export LD_LIBRARY_PATH=.
      echo "Running tests on the cryptlib library. This will take a few minutes."
-     echo "Network access is necessary to complete all tests!"
-     ./stestlib > %{_builddir}/%{name}-%{version}/stestlib.log
-     cp %{_builddir}/%{name}-%{version}/stestlib.log %{buildroot}%{_docdir}/%{name}/stestlib.log
+     cp %{buildroot}%{cryptlibdir}/c/cryptlib-test.c .
+     sed -i '41s/<cryptlib\/cryptlib.h>/\".\/cryptlib.h\"/' cryptlib-test.c
+     gcc  -o cryptlib-test cryptlib-test.c -L. libcl.so.3.4.7
+     ./cryptlib-test
 %endif
 
 
@@ -272,7 +306,7 @@ tar xpzf %{SOURCE4}
 
 
 %files
-%{_libdir}/libcl.so.3.4.5
+%{_libdir}/libcl.so.3.4.7
 %{_libdir}/libcl.so.3.4
 %{_libdir}/libcl.so
 
@@ -309,8 +343,119 @@ tar xpzf %{SOURCE4}
 %files test
 %{cryptlibdir}
 
+%files tools
+%{_bindir}/clsha1
+%{_bindir}/clsha2
+%{_bindir}/claes
+%{_bindir}/clkeys
+%{_bindir}/clsmime
+%{_mandir}/man1/clsha2.1.gz
+%{_mandir}/man1/clsha1.1.gz
+%{_mandir}/man1/claes.1.gz
+%{_mandir}/man1/clkeys.1.gz
+%{_mandir}/man1/clsmime.1.gz
+
+
 
 %changelog
+* Wed Jun 12 2024 Jitka Plesnikova <jplesnik@redhat.com> - 3.4.7-7
+- Perl 5.40 rebuild
+
+* Fri Jun 07 2024 Python Maint <python-maint@redhat.com> - 3.4.7-6
+- Rebuilt for Python 3.13
+
+* Tue Feb 27 2024 Jiri Vanek <jvanek@redhat.com> - 3.4.7-5
+- Rebuilt for java-21-openjdk as system jdk
+
+* Sun Feb 25 2024 Ralf Senderek <innovation@senderek.ie> - 3.4.7-4
+- Add clsmime to cryptlib-tools
+
+* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.4.7-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.4.7-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Wed Nov 01 2023 Ralf Senderek <innovation@senderek.ie> - 3.4.7-1
+- Update to version 3.4.7
+
+* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.4.6-19
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Tue Jul 11 2023 Jitka Plesnikova <jplesnik@redhat.com> - 3.4.6-18
+- Perl 5.38 rebuild
+
+* Tue Jun 13 2023 Python Maint <python-maint@redhat.com> - 3.4.6-17
+- Rebuilt for Python 3.12
+
+* Wed Apr 05 2023 Ralf Senderek <innovation@senderek.ie> - 3.4.6-16
+- Remove obsolete gcc flags
+
+* Wed Apr 05 2023 Ralf Senderek <innovation@senderek.ie> - 3.4.6-15
+- Resolve Bug RHBZ#2182688
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.4.6-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Wed Dec 21 2022 Ralf Senderek <innovation@senderek.ie> - 3.4.6-13
+- Resolve Bug #2155050 python 3.12 setup.py
+
+* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.4.6-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Thu Jun 16 2022 Python Maint <python-maint@redhat.com> - 3.4.6-11
+- Rebuilt for Python 3.11
+
+* Wed Jun 15 2022 Ralf Senderek <innovation@senderek.ie> - 3.4.6-10
+- Add claes ver 1.0 to cryptlib-tools
+
+* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 3.4.6-9
+- Rebuilt for Python 3.11
+
+* Mon May 30 2022 Jitka Plesnikova <jplesnik@redhat.com> - 3.4.6-8
+- Perl 5.36 rebuild
+* Sat Mar 05 2022 Ralf Senderek <innovation@senderek.ie> - 3.4.6-7
+- Add subpackage cryptlib-tools
+
+* Fri Mar 04 2022 Ralf Senderek <innovation@senderek.ie> - 3.4.6-6
+- Define -march=x86-64
+
+* Sat Feb 26 2022 Ralf Senderek <innovation@senderek.ie> - 3.4.6-5
+- Correct date in test/cert.c
+
+* Thu Feb 17 2022 Ralf Senderek <innovation@senderek.ie> - 3.4.6-4
+- Drop i686
+
+* Fri Feb 11 2022 Ralf Senderek <innovation@senderek.ie> - 3.4.5-22
+- Update patches for version 3.4.5
+	
+* Fri Feb 11 2022 Ralf Senderek <innovation@senderek.ie> - 3.4.5-21
+- Rebuilt for java-17-openjdk as system jdk
+
+* Sat Feb 05 2022 Jiri Vanek <jvanek@redhat.com> - 3.4.6-3
+- Rebuilt for java-17-openjdk as system jdk
+
+* Tue Feb 01 2022 Ralf Senderek <innovation@senderek.ie>  - 3.4.6-2
+- 3.4.6 with flagspatch
+
+* Sun Jan 30 2022 Ralf Senderek <innovation@senderek.ie>  - 3.4.6-1
+- update SCM to version 3.4.6, new test-files
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.4.5-20
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.4.5-19
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Thu Jun 24 2021 Ralf Senderek <innovation@senderek.ie> - 3.4.5-18
+- Fix pthread issue (RHBZ #1974247) 
+
+* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 3.4.5-17
+- Rebuilt for Python 3.10
+
+* Fri May 21 2021 Jitka Plesnikova <jplesnik@redhat.com> - 3.4.5-16
+- Perl 5.34 rebuild
+
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.4.5-15
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 

cryptlibConverter.py3-final

@@ -1,8 +1,14 @@
+#!/usr/bin/python3
+
+# ported to python3 by Ralf Senderek, October 2018
+# modified to use the new Buffer Protocol (PyObject_GetBuffer), November 2023 
+
 import sys
 import os
 import stat
 import re
 
+print ("\nUsing python3 to compile files for java, python2, python3 and net\n")
 
 #Helper Functions
 #==========================================================================
@@ -149,7 +155,7 @@ def expandFunctionPrototype(functionPrototype, newParamStructs):
 #Execution starts here...
 #=========================================================================
 if len(sys.argv) != 4:
-    print "cryptlibConverter.py <inFile> <outDir> <language>"
+    print ("cryptlibConverter.py <inFile> <outDir> <language>")
     sys.exit()
 
 inFile = sys.argv[1]
@@ -157,11 +163,11 @@ outDir = sys.argv[2]
 language = sys.argv[3]
 
 if not os.path.exists(outDir):
-    print "Making output directory..."
+    print ("Making output directory...")
     os.mkdir(outDir)
 
 if not language in ("java", "python", "net"):
-    print "only java, python, and net are supported!"
+    print ("only java, python, and net are supported!")
     sys.exit()
 
 if language == "java":
@@ -318,8 +324,10 @@ static PyObject* cryptQueryInfoClass;
 static PyObject* cryptObjectInfoClass;
 static PyObject *CryptException;
 
+
 static int getPointerWrite(PyObject* objPtr, unsigned char** bytesPtrPtr, int* lengthPtr)
 {
+
     if (objPtr == Py_None)
     {
         *bytesPtrPtr = NULL;
@@ -327,17 +335,20 @@ static int getPointerWrite(PyObject* objPtr, unsigned char** bytesPtrPtr, int* l
         return 1;
     }
 
-    Py_ssize_t size = 0;
+    Py_buffer view;
+    /*Check if PyObject is a array writable bytearray */
+    if (PyObject_GetBuffer(objPtr, &view, PyBUF_WRITABLE) == -1)
+         return 0;
+    *lengthPtr = view.len;
+    *bytesPtrPtr = view.buf;
+    PyBuffer_Release(&view);
 
-    /*See if it's an array object*/
-    if (PyObject_AsWriteBuffer(objPtr, (void **)bytesPtrPtr, &size) == -1)
-        return 0;
-    *lengthPtr = size;
     return 1;
 }
 
 static int getPointerRead(PyObject* objPtr, unsigned char** bytesPtrPtr, int* lengthPtr)
 {
+
     if (objPtr == Py_None)
     {
         *bytesPtrPtr = NULL;
@@ -345,28 +356,16 @@ static int getPointerRead(PyObject* objPtr, unsigned char** bytesPtrPtr, int* le
         return 1;
     }
 
-    Py_ssize_t size = 0;
-
-    /*See if it's an array object*/
-    if (PyObject_AsWriteBuffer(objPtr, (void **)bytesPtrPtr, &size) == -1)
-    {
-        PyErr_Clear();
-        /*See if it's a string object*/
-        /*This returns the length excluding the NULL if it's a string,
-          which is what we want*/
-        if (PyObject_AsCharBuffer(objPtr, (const char **)bytesPtrPtr, &size) == -1)
-            return 0;
-    }
-    *lengthPtr = size;
+    Py_buffer view;
+    /*Check if PyObject is a simple buffer */
+    if (PyObject_GetBuffer(objPtr, &view, PyBUF_FORMAT) == -1)
+         return 0;
+    *lengthPtr = view.len;
+    *bytesPtrPtr = view.buf;
+    PyBuffer_Release(&view);
     return 1;
 }
 
-static int getPointerReadNoLength(PyObject* objPtr, unsigned char** bytesPtrPtr)
-{
-    int length;
-    return getPointerRead(objPtr, bytesPtrPtr, &length);
-}
-
 static int getPointerWriteCheckIndices(PyObject* objPtr, unsigned char** bytesPtrPtr, int* lengthPtr)
 {
     int checkLength = *lengthPtr;
@@ -385,6 +384,7 @@ static int getPointerWriteCheckIndices(PyObject* objPtr, unsigned char** bytesPt
 
 static int getPointerReadString(PyObject* objPtr, char** charPtrPtr)
 {
+
     Py_ssize_t length = 0;
     char* newPtr = NULL;
 
@@ -394,18 +394,14 @@ static int getPointerReadString(PyObject* objPtr, char** charPtrPtr)
         return 1;
     }
 
-    /*See if it's a string or a buffer object*/
-    if (PyObject_AsCharBuffer(objPtr, charPtrPtr, &length) == -1)
-    {
-        /*See if it's an array*/
-        PyErr_Clear();
-        if (PyObject_AsWriteBuffer(objPtr, charPtrPtr, &length) == -1)
-            return 0;
-    }
-    /*This code isn't necessary for a string, but it is for arrays and buffers,
-      so we do it always anyway, since the PyObject_AsCharBuffer apparently doesn't
-      guarantee us null-terminated data, and this way releasePointerString() doesn't
-      have to differentiate */
+    Py_buffer view;
+    /*Check if PyObject is a simple readable buffer */
+    if (PyObject_GetBuffer(objPtr, &view, PyBUF_FORMAT) == -1)
+         return 0;
+    length = view.len;
+    *charPtrPtr = view.buf;
+    PyBuffer_Release(&view);
+    
     newPtr = malloc(length+1);
     if (newPtr == NULL)
     {
@@ -420,6 +416,7 @@ static int getPointerReadString(PyObject* objPtr, char** charPtrPtr)
 
 static void releasePointer(PyObject* objPtr, unsigned char* bytesPtr)
 {
+    /* nothing to release */
 }
 
 static void releasePointerString(PyObject* objPtr, char* charPtr)
@@ -559,8 +556,8 @@ initcryptlib_py(void)
     #else
     module = Py_InitModule("cryptlib_py", module_functions);
     #endif
-    
-    
+
+
     PyObject* moduleDict;
 
     PyObject* v = NULL;
@@ -654,7 +651,7 @@ class CryptHandle:\n\
     sModFuncs = ""
     setupPy = r"""#!/usr/bin/env python
 
-from distutils.core import setup, Extension
+from setuptools import setup, Extension
 import sys
 
 if sys.platform == "win32":
@@ -776,9 +773,9 @@ public class CryptException : ApplicationException
     paramIntTemplate = "int %(name)s,\n"
     paramIntTypeTemplate = "int %(name)s, // %(type)s\n"
     wrapperLengthTemplate = "%(1)s == null ? 0 : %(1)s.Length, "
-    wrapperStringLengthTemplate = "%(1)s == null ? 0 : new UTF8Encoding().GetByteCount(%(1)s), "
+    wrapperStringLengthTemplate = "%(1)s == null ? 0 : Encoding.ASCII.GetByteCount(%(1)s), "
     wrapperStringReplace = ("byte[]", "String")
-    wrapperStringTemplate = "%(1)s == null ? null : new UTF8Encoding().GetBytes(%(1)s)"
+    wrapperStringTemplate = "%(1)s == null ? null : Encoding.ASCII.GetBytes(%(1)s)"
     #ENUM IDIOM
     #paramEnumTypeTemplate = "%(type)s %(name)s,\n"
     #ENUMs as ints
@@ -868,7 +865,7 @@ lengthIndicesDict = {} #Accumulate function name -> indices in newParamStructs o
 offsetIndicesDict= {} #Accumulate function name -> indices in newParamStructs of offsets (used for python)
 errors = {}     #Dictionary mapping return values to exception objects
 
-print "Parsing input file and generating %s files..." % language
+print ("Parsing input file and generating %s files..." % language)
 
 #Removing enclosing include guard
 #---------------------------------
@@ -1392,7 +1389,7 @@ public static String GetAttributeString(
                         int length = GetAttributeString(cryptHandle, attributeType, null);
                         byte[] bytes = new byte[length];
                         length = GetAttributeString(cryptHandle, attributeType, bytes);
-                        return new UTF8Encoding().GetString(bytes, 0, length);
+                        return Encoding.ASCII.GetString(bytes, 0, length);
                     }
 """
         #Add special-case functions for cryptAddRandom(), since it allows NULL as a
@@ -1462,7 +1459,7 @@ if language=="java":
         os.mkdir("./cryptlib")
     os.chdir("./cryptlib")
 
-    print "Writing java files..."
+    print ("Writing java files...")
     f = open("crypt.java", "w")
     f.write(s)
     f.close()
@@ -1477,28 +1474,28 @@ if language=="java":
     f.close()
 
 
-    print "Compiling java files..."
-    print os.popen4("javac -classpath .. crypt.java")[1].read()                    #Compile java file
-    print os.popen4("javac -classpath .. CryptException.java")[1].read()           #Compile java file
-    print os.popen4("javac -classpath .. CRYPT_QUERY_INFO.java")[1].read()         #Compile java file
-    print os.popen4("javac -classpath .. CRYPT_OBJECT_INFO.java")[1].read()        #Compile java file
+    print ("Compiling java files...")
+    print (os.popen("javac -classpath .. crypt.java").read())                    #Compile java file
+    print (os.popen("javac -classpath .. CryptException.java").read())           #Compile java file
+    print (os.popen("javac -classpath .. CRYPT_QUERY_INFO.java").read())         #Compile java file
+    print (os.popen("javac -classpath .. CRYPT_OBJECT_INFO.java").read())        #Compile java file
 
     os.chdir("..")
 
-    print "Generating jar file..."
-    print os.popen4("jar cf cryptlib.jar cryptlib/crypt.class cryptlib/CryptException.class cryptlib/CRYPT_QUERY_INFO.class cryptlib/CRYPT_OBJECT_INFO.class cryptlib")[1].read()
+    print ("Generating jar file...")
+    print (os.popen("jar cf cryptlib.jar cryptlib/crypt.class cryptlib/CryptException.class cryptlib/CRYPT_QUERY_INFO.class cryptlib/CRYPT_OBJECT_INFO.class cryptlib").read())
 
-    print "Generating JNI header file..."
-    print os.popen4("javah -classpath . -o cryptlib_jni.h -jni cryptlib.crypt")[1].read()    #Generate C header
+    print ("Generating JNI header file...")
+    print (os.popen("javac -h .  cryptlib/crypt.java ; mv -f cryptlib_crypt.h cryptlib_jni.h").read())    #Generate C header
 
     s = open("cryptlib_jni.h").read()
     os.remove("cryptlib_jni.h")
 
-    print "Generating JNI source file..."
+    print ("Generating JNI source file...")
 
     #Now we take cryptlib_jni.h and derive the .c file from it
 
-    #Strip off headers and footers
+    #Strip( off headers and footers
     #startIndex = s.find("/*\n * Class")
     #endIndex = s.find("#ifdef", startIndex)
     #s = s[startIndex : endIndex]
@@ -1962,7 +1959,18 @@ void releasePointerString(JNIEnv* env, jstring str, jbyte* bytesPtr)
             if outVoidArrayNames and functionName.find("PopData") == -1:
                 for n in outVoidArrayNames:
                     argumentsWithNull = arguments.replace("%sPtr + %sOffset" % (n,n), "NULL")
-                    newFunctionBody += "if (!processStatus(env, crypt%s(%s)))\n\tgoto finish;\n" % (functionName, argumentsWithNull)
+		    
+		    # Handle four exceptions in which the cryptlib code should not be invoced twice
+                    # (Aug 2023, Ralf Senderek)
+                    if functionName.find("CreateSignature") != -1:
+                         newFunctionBody += "if (signatureMaxLength == 0) \n    if (!processStatus(env, crypt%s(%s)))\n\tgoto finish;\n" % (functionName, argumentsWithNull)
+                    elif functionName.find("ExportKey") != -1:
+                         newFunctionBody += "if (encryptedKeyMaxLength == 0) \n    if (!processStatus(env, crypt%s(%s)))\n\tgoto finish;\n" % (functionName, argumentsWithNull)
+                    else:
+                         newFunctionBody += "if (!processStatus(env, crypt%s(%s)))\n\tgoto finish;\n" % (functionName, argumentsWithNull)
+                    # end modification
+
+                    #########newFunctionBody += "if (!processStatus(env, crypt%s(%s)))\n\tgoto finish;\n" % (functionName, argumentsWithNull)
                 newFunctionBody += "\n"
             elif functionName.find("PopData") != -1:
                 newFunctionBody += "//CryptPopData is a special case that doesn't have the length querying call\n\n"
@@ -2110,8 +2118,13 @@ elif language == "python":
         outVoidArrayNames   = [p.name for p in newParamStructs if p.isPtr and p.type=="void" and p.isOut]
         if arrayNames:
             #Declare C pointers to retrieve array contents
+            # make sure that certain pointers have type char instead of unsigned char
+            # [namePtr, keyIDPtr, passwordPtr, oidPtr]
             for n in arrayNames:
-                newFunctionBody += "unsigned char* " + n + "Ptr = 0;\n"
+                if n in ["name", "keyID", "password", "oid"]:
+                     newFunctionBody += "char* " + n + "Ptr = 0;\n"
+                else:
+                     newFunctionBody += "unsigned char* " + n + "Ptr = 0;\n"
             newFunctionBody += "\n"
             #Retrieve the contents for strings
             #We need to do this first cause in one case this char* is needed as an argument
@@ -2163,7 +2176,17 @@ if (!PyArg_ParseTuple(args, "%s", %s))
             if outVoidArrayNames and functionName.find("PopData") == -1:
                 for n in outVoidArrayNames:
                     argumentsWithNull = arguments.replace("%sPtr" % (n), "NULL")
-                    newFunctionBody += "if (!processStatusBool(crypt%s(%s)))\n\tgoto finish;\n" % (functionName, argumentsWithNull)
+
+		    # Handle four exceptions in which the cryptlib code should not be invoced twice
+		    # (Aug 2023, Ralf Senderek)
+                    if functionName.find("CreateSignature") != -1:
+                         newFunctionBody += "if (signatureMaxLength == 0) \n    if (!processStatusBool(crypt%s(%s)))\n\tgoto finish;\n" % (functionName, argumentsWithNull)
+                    elif functionName.find("ExportKey") != -1:
+                         newFunctionBody += "if (encryptedKeyMaxLength == 0) \n    if (!processStatusBool(crypt%s(%s)))\n\tgoto finish;\n" % (functionName, argumentsWithNull)
+                    else:
+                         newFunctionBody += "if (!processStatusBool(crypt%s(%s)))\n\tgoto finish;\n" % (functionName, argumentsWithNull)
+                    # end modification
+
                 newFunctionBody += "\n"
             elif functionName.find("PopData") != -1:
                 newFunctionBody += "//CryptPopData is a special case that doesn't have the length querying call\n\n"
@@ -2330,7 +2353,7 @@ elif language == "net":
                 #newFunctionBody += "jbyte* " + n + "Ptr = 0;\n"
                 newFunctionBody += "GCHandle %sHandle = new GCHandle();\nIntPtr %sPtr = IntPtr.Zero;\n" % (n,n)
                 if n in charArrayNames:
-                    newFunctionBody += "byte[] %sArray = new UTF8Encoding().GetBytes(%s);\n" % (n,n)
+                    newFunctionBody += "byte[] %sArray = Encoding.ASCII.GetBytes(%s);\n" % (n,n)
 
             newFunctionBody += "try\n{\n"
 
@@ -2349,7 +2372,7 @@ elif language == "net":
                     newFunctionBody += "int %s = Marshal.ReadInt32(%sPtr);\n" % (returnName, returnName)
             elif functionName.find("PopData") != -1 or functionName.find("PushData") != -1:
                 newFunctionBody += "int %s = 0;\n" % returnName
-		newFunctionBody += "int status;\n"
+                newFunctionBody += "int status;\n"
             if voidArrayNames:
                 for n in voidArrayNames:
                     index = [p.name for p in newParamStructs].index(n)
@@ -2366,12 +2389,12 @@ elif language == "net":
         elif returnName:
             newFunctionBody += "try\n{\n"
 
-	if functionName.find("PopData") == -1 and functionName.find("PushData") == -1:
-		newFunctionBody += "processStatus(wrapped_%s(%s));\n" % (functionName, arguments)
-	else:
-		newFunctionBody += "status = wrapped_%s(%s);\n" % (functionName, arguments)
-		newFunctionBody += "%s = Marshal.ReadInt32(%sPtr);\n" % (returnName, returnName)
-		newFunctionBody += "processStatus(status, %s);\n" %returnName
+        if functionName.find("PopData") == -1 and functionName.find("PushData") == -1:
+                newFunctionBody += "processStatus(wrapped_%s(%s));\n" % (functionName, arguments)
+        else:
+                newFunctionBody += "status = wrapped_%s(%s);\n" % (functionName, arguments)
+                newFunctionBody += "%s = Marshal.ReadInt32(%sPtr);\n" % (returnName, returnName)
+                newFunctionBody += "processStatus(status, %s);\n" %returnName
 
         #if newFunctionBody[-2] != "\n":
         #    newFunctionBody += "\n"
@@ -2380,10 +2403,10 @@ elif language == "net":
                 newFunctionBody += "Marshal.PtrToStructure(%sPtr, %s);\n" % (returnName, returnName)
                 newFunctionBody += "return %s;\n" % returnName
             else:
-				if functionName.find("PopData") == -1 and functionName.find("PushData") == -1:
-					newFunctionBody += "return Marshal.ReadInt32(%sPtr);\n" % returnName
-				else:
-					newFunctionBody += "return %s;\n" %returnName
+                                if functionName.find("PopData") == -1 and functionName.find("PushData") == -1:
+                                        newFunctionBody += "return Marshal.ReadInt32(%sPtr);\n" % returnName
+                                else:
+                                        newFunctionBody += "return %s;\n" %returnName
 
         if arrayNames or returnName:
             newFunctionBody += "}\nfinally\n{\n"
@@ -2443,7 +2466,7 @@ elif language == "net":
     s += classPostfix + exceptionString + "\n\n}"
 
     os.chdir(outDir)
-    print "Writing .NET file..."
+    print ("Writing .NET file...")
     f = open("cryptlib.cs", "w")
     f.write(s)
     f.close()

errorpatch

@@ -0,0 +1,22 @@
+--- cl-original/session/sess_rd.c	2021-12-04 13:22:11.285916236 +0100
++++ cl-patched/session/sess_rd.c	2021-12-04 13:20:20.782210067 +0100
+@@ -1020,7 +1020,7 @@
+ 						  &sessionInfoPtr->errorInfo );
+ 		retExtErr( status,
+ 				   ( status, SESSION_ERRINFO, SESSION_ERRINFO,
+-				     errorMessage ) );
++				     "High-Level Error %s : ", errorMessage ) );
+ 		}
+ 	length = httpDataInfo.bytesAvail;
+ 
+--- cl-original/session/sess_wr.c	2021-12-04 13:22:16.714901800 +0100
++++ cl-patched/session/sess_wr.c	2021-12-04 13:20:40.481157684 +0100
+@@ -600,7 +600,7 @@
+ 						  &sessionInfoPtr->errorInfo );
+ 		retExtErr( status,
+ 				   ( status, SESSION_ERRINFO, SESSION_ERRINFO,
+-				     errorMessage ) );
++				     "High-Level Error %s : ", errorMessage ) );
+ 		}
+ 	sessionInfoPtr->receiveBufEnd = 0;
+ 

flagspatch

@@ -0,0 +1,11 @@
+--- cl-original/makefile	2021-12-03 15:53:24.000000000 +0100
++++ cl-patched/makefile	2023-04-05 18:00:03.627181152 +0200
+@@ -92,7 +92,7 @@
+ #
+ # Standard build flags
+ 
+-CFLAGS			= -c -D__UNIX__ -DNDEBUG -I.
++CFLAGS			= -c -D__UNIX__ -DNDEBUG -I. $(ADDFLAGS)
+ CFLAGS_DEBUG	= -c -D__UNIX__ -I. -g -O1
+ CFLAGS_DEBUGGCC	= -c -D__UNIX__ -I. -ggdb3 -fno-omit-frame-pointer -O1
+ 

gccversionpatch

@@ -1,33 +0,0 @@
---- cl-original/tools/ccopts.sh	2019-11-23 17:03:39.315504598 +0100
-+++ cl-testpatch/tools/ccopts.sh	2020-01-22 18:49:01.093189548 +0100
-@@ -508,10 +508,17 @@
- # apparent version less than 10 we add a trailing zero to the string to make
- # the checks that follow work.
- 
--GCC_VER="$($CC -dumpversion | tr -d  '.' | cut -c 1-2)"
--if [ "$GCC_VER" -lt 10 ] ; then
--	GCC_VER="${GCC_VER}0" ;
--fi
-+GCC_VER="$($CC -dumpversion)"
-+case $GCC_VER in
-+        [0-9])
-+                GCC_VER="${GCC_VER}0" ;;
-+
-+        [0-9][0-9]*)
-+                GCC_VER="$(echo $GCC_VER | tr -d  '.' | cut -c 1-3)" ;;
-+
-+        *)
-+                GCC_VER="$(echo $GCC_VER | tr -d  '.' | cut -c 1-2)" ;;
-+esac
- 
- # Try and determine the CPU type.  This is made more complex by a pile of
- # *BSE's which, along with antideluvian tools like an as that doesn't
-@@ -606,7 +613,7 @@
- 				CCARGS="$CCARGS -march=pentium" ;;
- 		esac ;
- 	else
--		CCARGS="$CCARGS -mcpu=pentium" ;
-+		CCARGS="$CCARGS -march=native" ;
- 	fi ;
- fi
- 

javapatch

@@ -1,11 +0,0 @@
---- cl-original/misc/config.h	2019-03-10 11:50:06.827085487 +0100
-+++ cl-patched/misc/config.h	2019-03-10 11:51:27.444688279 +0100
-@@ -163,7 +163,7 @@
- 
- /* Whether to build the Java/JNI interface or not */
- 
--/* #define USE_JAVA */
-+#define USE_JAVA
- 
- /* Whether to provide descriptive text messages for errors or not.
-    Disabling these can reduce code size, at the expense of making error

m64patch

@@ -0,0 +1,11 @@
+--- cl-original/tools/ccopts.sh	2023-11-01 09:49:13.035146404 +0100
++++ cl-patched/tools/ccopts.sh	2023-11-01 10:14:41.633786631 +0100
+@@ -1062,7 +1062,7 @@
+ 		if [ $GENERICBUILD -gt 0 ] ; then
+ 			echo "  (Enabling lowest-common-denominator build options for cross-platform library)." >&2 ;
+ 		else
+-			CCARGS="$CCARGS -march=x86-64-v3" ;
++			CCARGS="$CCARGS -m64" ;
+ 		fi
+ 	elif [ "$COMPILER_VER" -ge 45 ] ; then
+ 		if [ $GENERICBUILD -gt 0 ] ; then

perlpatch

@@ -1,21 +0,0 @@
---- cl-original/bindings/PerlCryptLib.xs	2019-03-10 08:45:35.962108583 -0400
-+++ cl-patched/bindings/PerlCryptLib.xs	2019-03-10 08:46:27.133451822 -0400
-@@ -594,18 +594,3 @@
- 	OUTPUT:
- 		RETVAL
- 
--# Add deprecated functions when CRYPTLIB_VERSION prior 3.4.0
--#if CRYPTLIB_VERSION < 3400
--
--int cryptAsyncCancel(cryptObject)
--	const int cryptObject;
--
--
--int cryptAsyncQuery(cryptObject)
--	const int cryptObject;
--
--
--int cryptGenerateKeyAsync(cryptContext)
--	const int cryptContext;
--
--#endif

renamesymbols

@@ -1,34 +0,0 @@
-#!/bin/bash
-# script to remove symbol collisions between cryptlib and openssl
-#
-# Author:  Ralf Senderek
-# Date:    15 July 2016
-# License: BSD
-#
-# this script must be run in the cryptlib directory before building the
-# shared library
-
-for F in $(find . -type f)
-do
-    sed -i 's/BN_/cl_BN_/g' $F
-    sed -i 's/bn_/cl_bn_/g' $F
-    sed -i 's/CAST_/cl_CAST_/g' $F
-    sed -i 's/MD5_/cl_MD5_/g' $F
-    sed -i 's/SHA1_/cl_SHA1_/g' $F
-    sed -i 's/sha1_block/cl_sha1_block/g' $F
-    sed -i 's/idea_/cl_idea_/g' $F
-done
-
-# rename RC4 to cl_RC4
-
-sed -i 's/RC4(/cl_RC4(/g' context/ctx_rc4.c
-sed -i 's/RC4(/cl_RC4(/g' crypt/rc4.h
-sed -i 's/RC4(/cl_RC4(/g' crypt/rc4enc.c
-
-cd bn
-for F in $(ls bn_*)
-do
-     mv $F cl_$F
-done
-
-#------------------------------------------------------------------#

setuppatch

@@ -0,0 +1,44 @@
+--- cl-original/tools/cryptlibConverter.py3	2022-12-21 10:40:50.135387393 +0100
++++ cl-patched/tools/cryptlibConverter.py3	2022-12-21 10:42:40.981182722 +0100
+@@ -659,7 +659,7 @@
+     sModFuncs = ""
+     setupPy = r"""#!/usr/bin/env python
+ 
+-from distutils.core import setup, Extension
++from setuptools import setup, Extension
+ import sys
+ 
+ if sys.platform == "win32":
+--- cl-original/tools/cryptlibConverter.py3.ansi	2022-12-21 10:40:50.135387393 +0100
++++ cl-patched/tools/cryptlibConverter.py3.ansi	2022-12-21 10:43:03.468140373 +0100
+@@ -659,7 +659,7 @@
+     sModFuncs = ""
+     setupPy = r"""#!/usr/bin/env python
+ 
+-from distutils.core import setup, Extension
++from setuptools import setup, Extension
+ import sys
+ 
+ if sys.platform == "win32":
+--- cl-original/tools/cryptlibConverter.py3.unicode	2022-12-21 10:40:50.135387393 +0100
++++ cl-patched/tools/cryptlibConverter.py3.unicode	2022-12-21 10:43:23.223103178 +0100
+@@ -659,7 +659,7 @@
+     sModFuncs = ""
+     setupPy = r"""#!/usr/bin/env python
+ 
+-from distutils.core import setup, Extension
++from setuptools import setup, Extension
+ import sys
+ 
+ if sys.platform == "win32":
+--- cl-original/tools/cryptlibConverter.py3.utf	2022-12-21 10:40:50.136387391 +0100
++++ cl-patched/tools/cryptlibConverter.py3.utf	2022-12-21 10:43:41.031069639 +0100
+@@ -659,7 +659,7 @@
+     sModFuncs = ""
+     setupPy = r"""#!/usr/bin/env python
+ 
+-from distutils.core import setup, Extension
++from setuptools import setup, Extension
+ import sys
+ 
+ if sys.platform == "win32":

sources

@@ -1,4 +1,5 @@
-SHA512 (cl345_fedora.zip) = 8eaa68752496ce5915b56e7d97434a6e8efcf458a83fdc7ef6b5dd23039fd5445b7b468c0b23e2d6482d5df625f78e12580ca7d09b9edf1839b53e8468f055bb
-SHA512 (cl345_fedora.zip.sig) = 7f5be2253500f2984edd00d31156cc98878b5b96a4217386ce60b02232f7a4fd00be788c5dbe05d6490e5bc17eba349ca738be4fc7cb286f9eb909f3a957e92e
-SHA512 (cryptlib-tests.tar.gz) = c798f775c846861f23ed22cdff8b4a38060087f795c01d829bddaa26470a287f38638b5c72cc76074e0218c5e78ccc7553094fd2bd9a0d1f0eefa499c850b80b
+SHA512 (cl347_fedora.zip) = c6be4baee9f9df1ecb4c18bcaca03869c05645c0ee96fa95dcd66b065bba221c06f783e6015092f37fb80aa9456f18d444566ffe5b4eed84eb0d2cbe463cd7cd
+SHA512 (cl347_fedora.zip.sig) = e8235d5b2631f1ea265fc11c7158dcb711caa7a7157ce38059a1348b98debd447608a5fd34c349182240e6e5bcc04705d8cd37ccd07c570566359159168bb3f5
 SHA512 (cryptlib-perlfiles.tar.gz) = b975d34acfd1d99a224bbd5536483e5489feac8801a567740ec668bcef9a1eff67fddbdad53f61b2ff48bd43396e92f070ebf4de622f3edeb70428f4aaae2ff6
+SHA512 (cryptlib-tests.tar.gz) = 0242a32b2844db2483be70ac6ca62508a3ff078b17ff147dc1d50162d941690105c2430b226bd55fa228978e4544f1775fcfb16fa713a0d2d7227d0a10764d27
+SHA512 (cryptlib-tools.tar.gz) = 4805c1dae54513929bcfb4c650ada044328cbfd5819caee146e6c64ecacc07e37379d3cd6426f2973bf9e46b004f58dd2b85b17379f16fe7a8c307c7545e7618

testpatch

@@ -0,0 +1,22 @@
+--- cl-original/test/tls.c	2023-11-01 09:55:40.720018502 +0100
++++ cl-patched/test/tls.c	2023-11-01 09:59:32.916344778 +0100
+@@ -3082,7 +3082,18 @@
+ 	}
+ int testSessionTLSLocalServerSocketClientServer( void )
+ 	{
+-	return( tlsClientServer( TLS_TEST_LOCALSERVER ) );
++	#ifdef WINDOWS_THREADS
++	     return( tlsClientServer( TLS_TEST_LOCALSERVER ) );
++	#else
++	     /* On some Unix systems the client fails with an ECONNREFUSED which
++	     means that the server thread is stuck in the accept() in
++	     connectServerSocket(), so it never exits and the client ends up
++	     waiting forever in waitForThread() for the server thread stuck in
++	     accept().  To deal with this we skip the test, since there's no way
++             to tell which systems will hang and which won't */
++
++	     return( TRUE );
++	#endif /* WINDOWS_THREADS */
+ 	}
+ 
+ #ifdef WINDOWS_THREADS

x86-64patch

@@ -0,0 +1,11 @@
+--- cl-original/tools/ccopts.sh	2022-03-04 19:32:14.000000000 +0100
++++ cl-patched/tools/ccopts.sh	2022-03-05 21:02:44.503759431 +0100
+@@ -897,7 +897,7 @@
+ 		if [ $GENERICBUILD -gt 0 ] ; then
+ 			echo "  (Enabling lowest-common-denominator build options for cross-platform library)." >&2 ;
+ 		else
+-			CCARGS="$CCARGS -march=native -mtune=generic" ;
++			CCARGS="$CCARGS -march=x86-64-v3 -mtune=generic" ;
+ 		fi
+ 		if [ "$ARCH" = "x86_64" ] ; then
+ 			CCARGS="$CCARGS -fPIC" ;