From 2220bc3f080af3e3a474ad8ffcd8ae79bf020ee6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
Date: Tue, 28 May 2024 13:29:39 +0200
Subject: [PATCH] Revert "Update to 42.0.5, resolves RHBZ#2251816"

This reverts commit 2b20ce4281d9888f5ab5931b8a2d4ddaeb1b5977.
---
 .gitignore                      |  2 -
 ouroboros-0.17.patch            | 13 ++++++
 pyo3-0.19.patch                 | 52 +++++++++++++++++++++++
 python-cryptography.spec        | 38 ++++++++---------
 skip-overflow-tests-32bit.patch | 73 ---------------------------------
 sources                         |  4 +-
 vendor_rust.py                  |  2 +-
 7 files changed, 84 insertions(+), 100 deletions(-)
 create mode 100644 ouroboros-0.17.patch
 create mode 100644 pyo3-0.19.patch
 delete mode 100644 skip-overflow-tests-32bit.patch

diff --git a/.gitignore b/.gitignore
index 578df22..c4051ad 100644
--- a/.gitignore
+++ b/.gitignore
@@ -61,5 +61,3 @@
 /cryptography-41.0.5.tar.gz
 /cryptography-41.0.7.tar.gz
 /cryptography-41.0.7-vendor.tar.bz2
-/cryptography-42.0.5.tar.gz
-/cryptography-42.0.5-vendor.tar.bz2
diff --git a/ouroboros-0.17.patch b/ouroboros-0.17.patch
new file mode 100644
index 0000000..a41a2c3
--- /dev/null
+++ b/ouroboros-0.17.patch
@@ -0,0 +1,13 @@
+diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml
+index 9dd060f8b..8004c7e76 100644
+--- a/src/rust/Cargo.toml
++++ b/src/rust/Cargo.toml
+@@ -15,7 +15,7 @@ cryptography-cffi = { path = "cryptography-cffi" }
+ cryptography-x509 = { path = "cryptography-x509" }
+ cryptography-openssl = { path = "cryptography-openssl" }
+ pem = "1.1"
+-ouroboros = "0.15"
++ouroboros = "0.17"
+ openssl = "0.10.54"
+ openssl-sys = "0.9.88"
+ foreign-types-shared = "0.1"
diff --git a/pyo3-0.19.patch b/pyo3-0.19.patch
new file mode 100644
index 0000000..692232a
--- /dev/null
+++ b/pyo3-0.19.patch
@@ -0,0 +1,52 @@
+diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml
+index 01fba147e..9dd060f8b 100644
+--- a/src/rust/Cargo.toml
++++ b/src/rust/Cargo.toml
+@@ -9,7 +9,7 @@ rust-version = "1.56.0"
+ 
+ [dependencies]
+ once_cell = "1"
+-pyo3 = { version = "0.18", features = ["abi3-py37"] }
++pyo3 = { version = "0.19", features = ["abi3-py37"] }
+ asn1 = { version = "0.15.2", default-features = false }
+ cryptography-cffi = { path = "cryptography-cffi" }
+ cryptography-x509 = { path = "cryptography-x509" }
+diff --git a/src/rust/cryptography-cffi/Cargo.toml b/src/rust/cryptography-cffi/Cargo.toml
+index 65051c2a4..24e53991b 100644
+--- a/src/rust/cryptography-cffi/Cargo.toml
++++ b/src/rust/cryptography-cffi/Cargo.toml
+@@ -8,7 +8,7 @@ publish = false
+ rust-version = "1.56.0"
+ 
+ [dependencies]
+-pyo3 = { version = "0.18", features = ["abi3-py37"] }
++pyo3 = { version = "0.19", features = ["abi3-py37"] }
+ openssl-sys = "0.9.88"
+ 
+ [build-dependencies]
+diff --git a/src/rust/src/x509/crl.rs b/src/rust/src/x509/crl.rs
+index 923015035..1380d6eb8 100644
+--- a/src/rust/src/x509/crl.rs
++++ b/src/rust/src/x509/crl.rs
+@@ -145,7 +145,7 @@ impl CertificateRevocationList {
+             revoked_certs
+         });
+ 
+-        if idx.is_instance_of::<pyo3::types::PySlice>()? {
++        if idx.is_instance_of::<pyo3::types::PySlice>() {
+             let indices = idx
+                 .downcast::<pyo3::types::PySlice>()?
+                 .indices(self.len().try_into().unwrap())?;
+diff --git a/src/rust/src/x509/extensions.rs b/src/rust/src/x509/extensions.rs
+index 98d1bd63b..dcf28833f 100644
+--- a/src/rust/src/x509/extensions.rs
++++ b/src/rust/src/x509/extensions.rs
+@@ -211,7 +211,7 @@ fn encode_certificate_policies(
+             let mut qualifiers = vec![];
+             for py_qualifier in py_policy_qualifiers.iter()? {
+                 let py_qualifier = py_qualifier?;
+-                let qualifier = if py_qualifier.is_instance_of::<pyo3::types::PyString>()? {
++                let qualifier = if py_qualifier.is_instance_of::<pyo3::types::PyString>() {
+                     let cps_uri = match asn1::IA5String::new(py_qualifier.extract()?) {
+                         Some(s) => s,
+                         None => {
diff --git a/python-cryptography.spec b/python-cryptography.spec
index 8a592eb..0f4f843 100644
--- a/python-cryptography.spec
+++ b/python-cryptography.spec
@@ -5,7 +5,7 @@
 %global srcname cryptography
 
 Name:           python-%{srcname}
-Version:        42.0.5
+Version:        41.0.7
 Release:        1%{?dist}
 Summary:        PyCA's cryptography library
 
@@ -19,7 +19,8 @@ Source0:        https://github.com/pyca/cryptography/archive/%{version}/%{srcnam
 Source1:        cryptography-%{version}-vendor.tar.bz2
 Source2:        conftest-skipper.py
 
-Patch1:         skip-overflow-tests-32bit.patch
+Patch1:         pyo3-0.19.patch
+Patch2:         ouroboros-0.17.patch
 
 ExclusiveArch:  %{rust_arches}
 
@@ -28,6 +29,8 @@ BuildRequires:  gcc
 BuildRequires:  gnupg2
 %if 0%{?fedora}
 BuildRequires:  rust-packaging
+# test_load_with_other_sections in 40.0 fails with pem 1.1.0
+BuildRequires:  rust-pem-devel >= 1.1.1
 %else
 BuildRequires:  rust-toolset
 %endif
@@ -45,7 +48,6 @@ BuildRequires:  python%{python3_pkgversion}-pretend
 BuildRequires:  python%{python3_pkgversion}-pytest-xdist
 BuildRequires:  python%{python3_pkgversion}-pytz
 %endif
-BuildRequires:  python%{python3_pkgversion}-certifi
 BuildRequires:  python%{python3_pkgversion}-pytest >= 6.2.0
 BuildRequires:  python%{python3_pkgversion}-pytest-benchmark
 BuildRequires:  python%{python3_pkgversion}-pytest-subtests >= 0.5.0
@@ -71,8 +73,10 @@ recipes to Python developers.
 
 %prep
 %autosetup -p1 -N -n %{srcname}-%{version}
-%autopatch -p1 1
 %if 0%{?fedora}
+# patch pyo3 and ouroboros depedency
+%autopatch -p1 1
+%autopatch -p1 2
 %cargo_prep
 rm src/rust/Cargo.lock
 %else
@@ -80,33 +84,27 @@ rm src/rust/Cargo.lock
 %cargo_prep -V 1
 %endif
 
-# Remove cosmetical pytest-subtests 0.10.0 option
-sed -i 's,--no-subtests-shortletter,,' pyproject.toml
-
-
-%generate_buildrequires
-%pyproject_buildrequires -t
 %if 0%{?fedora}
+%generate_buildrequires
 # Fedora: use RPMified crates
 cd src/rust
 %cargo_generate_buildrequires
 cd ../..
 %endif
 
+# Remove cosmetical pytest-subtests 0.10.0 option
+sed -i 's,--no-subtests-shortletter,,' pyproject.toml
 
 %build
 export RUSTFLAGS="%build_rustflags"
 export OPENSSL_NO_VENDOR=1
-%pyproject_wheel
-
+%py3_build
 
 %install
 # Actually other *.c and *.h are appropriate
 # see https://github.com/pyca/cryptography/issues/1463
 find . -name .keep -print -delete
-%pyproject_install
-%pyproject_save_files %{srcname}
-
+%py3_install
 
 %check
 %if %{with tests}
@@ -132,17 +130,13 @@ PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \
     -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve or test_decrypt_invalid_decrypt or test_openssl_memleak or test_load_invalid_ec_key_from_pem)"
 %endif
 
-
-%files -n python%{python3_pkgversion}-%{srcname} -f %{pyproject_files}
+%files -n python%{python3_pkgversion}-%{srcname}
 %doc README.rst docs
 %license LICENSE LICENSE.APACHE LICENSE.BSD
-
+%{python3_sitearch}/%{srcname}
+%{python3_sitearch}/%{srcname}-%{version}-py*.egg-info
 
 %changelog
-* Wed Mar 06 2024 Christian Heimes <cheimes@redhat.com> - 42.0.1-5
-- Update to 42.0.5, resolves RHBZ#2251816
-- Modernize spec file to use pyproject RPM macros
-
 * Thu Feb 01 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 41.0.7-1
 - Update to 41.0.7, fixes rhbz#2255351, CVE-2023-49083
 
diff --git a/skip-overflow-tests-32bit.patch b/skip-overflow-tests-32bit.patch
deleted file mode 100644
index 1dec3d9..0000000
--- a/skip-overflow-tests-32bit.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From d741901dddd731895346636c0d3556c6fa51fbe6 Mon Sep 17 00:00:00 2001
-From: Paul Kehrer <paul.l.kehrer@gmail.com>
-Date: Thu, 8 Feb 2024 09:11:21 -0600
-Subject: [PATCH] skip overflow aead tests on 32-bit systems
-
----
- tests/hazmat/primitives/test_aead.py | 18 ++++++++++++------
- 1 file changed, 12 insertions(+), 6 deletions(-)
-
-diff --git a/tests/hazmat/primitives/test_aead.py b/tests/hazmat/primitives/test_aead.py
-index a1f99ab815ed..2f0d52d82682 100644
---- a/tests/hazmat/primitives/test_aead.py
-+++ b/tests/hazmat/primitives/test_aead.py
-@@ -56,7 +56,8 @@ def test_chacha20poly1305_unsupported_on_older_openssl(backend):
- )
- class TestChaCha20Poly1305:
-     @pytest.mark.skipif(
--        sys.platform not in {"linux", "darwin"}, reason="mmap required"
-+        sys.platform not in {"linux", "darwin"} or sys.maxsize < 2**31,
-+        reason="mmap and 64-bit platform required",
-     )
-     def test_data_too_large(self):
-         key = ChaCha20Poly1305.generate_key()
-@@ -197,7 +198,8 @@ def test_buffer_protocol(self, backend):
- )
- class TestAESCCM:
-     @pytest.mark.skipif(
--        sys.platform not in {"linux", "darwin"}, reason="mmap required"
-+        sys.platform not in {"linux", "darwin"} or sys.maxsize < 2**31,
-+        reason="mmap and 64-bit platform required",
-     )
-     def test_data_too_large(self):
-         key = AESCCM.generate_key(128)
-@@ -378,7 +380,8 @@ def _load_gcm_vectors():
- 
- class TestAESGCM:
-     @pytest.mark.skipif(
--        sys.platform not in {"linux", "darwin"}, reason="mmap required"
-+        sys.platform not in {"linux", "darwin"} or sys.maxsize < 2**31,
-+        reason="mmap and 64-bit platform required",
-     )
-     def test_data_too_large(self):
-         key = AESGCM.generate_key(128)
-@@ -525,7 +528,8 @@ def test_aesocb3_unsupported_on_older_openssl(backend):
- )
- class TestAESOCB3:
-     @pytest.mark.skipif(
--        sys.platform not in {"linux", "darwin"}, reason="mmap required"
-+        sys.platform not in {"linux", "darwin"} or sys.maxsize < 2**31,
-+        reason="mmap and 64-bit platform required",
-     )
-     def test_data_too_large(self):
-         key = AESOCB3.generate_key(128)
-@@ -700,7 +704,8 @@ def test_buffer_protocol(self, backend):
- )
- class TestAESSIV:
-     @pytest.mark.skipif(
--        sys.platform not in {"linux", "darwin"}, reason="mmap required"
-+        sys.platform not in {"linux", "darwin"} or sys.maxsize < 2**31,
-+        reason="mmap and 64-bit platform required",
-     )
-     def test_data_too_large(self):
-         key = AESSIV.generate_key(256)
-@@ -844,7 +849,8 @@ def test_buffer_protocol(self, backend):
- )
- class TestAESGCMSIV:
-     @pytest.mark.skipif(
--        sys.platform not in {"linux", "darwin"}, reason="mmap required"
-+        sys.platform not in {"linux", "darwin"} or sys.maxsize < 2**31,
-+        reason="mmap and 64-bit platform required",
-     )
-     def test_data_too_large(self):
-         key = AESGCMSIV.generate_key(256)
diff --git a/sources b/sources
index 0e97b72..44bd6ba 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (cryptography-42.0.5.tar.gz) = 112a1f6395e0c9bf646118100c6285684eabf021d7c8912bbdbc165d5c27fbf9f9f2fffb144d63453b21f8461a172ab49d2b79ed2b80f409489a07d5ddc54bc9
-SHA512 (cryptography-42.0.5-vendor.tar.bz2) = 5c8da064f28183d759f0e39077f671297abedd43b40461a6e9fe2390e142945dc5ee54cdf4cfbbc33d9973a9bd95f33312dd5888e2422569f18b4a17ff75f6c4
+SHA512 (cryptography-41.0.7.tar.gz) = 9a870d45296de6af1331e73b102226b8269892216cd7bc0adfb2f63ce1ca7021d338effd09182128253d8d8df154bbd19d46c47f10ddac86e739fcbf6df78307
+SHA512 (cryptography-41.0.7-vendor.tar.bz2) = dbf750a1ada4a9330939e3dae8311007a9e25808eb64c124c99981187d1bc04baba3a7d3b838c0cd9491e8350c382fb0f789a11abb21c633f2d78e8aba819b9e
diff --git a/vendor_rust.py b/vendor_rust.py
index eb53abd..cd8355e 100755
--- a/vendor_rust.py
+++ b/vendor_rust.py
@@ -12,7 +12,7 @@ import sys
 
 VENDOR_DIR = "vendor"
 CARGO_TOML = "src/rust/Cargo.toml"
-RE_VERSION = re.compile(r"Version:\s*(.*)")
+RE_VERSION = re.compile("Version:\s*(.*)")
 
 parser = argparse.ArgumentParser(description="Vendor Rust packages")
 parser.add_argument(