rpms/python-cryptography
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: rpms:f40
Branches Tags
rpms:rawhide
rpms:main
rpms:f43
rpms:f40
rpms:f41
rpms:f42
rpms:f39
rpms:rhbz2239707
rpms:rhbz2211237
rpms:f36
rpms:f37
rpms:f38
rpms:eln-sha1
rpms:f35
rpms:bz1952522
rpms:f34
rpms:f33
rpms:f32
rpms:f31
rpms:f30
rpms:f29
rpms:f27
rpms:f28
rpms:f26
rpms:f25
rpms:f24
rpms:f23
rpms:f22
rpms:epel7
rpms:f21
rpms:f20
rpms:el6
...
pull from: rpms:rawhide
Branches Tags
rpms:main
rpms:rawhide
rpms:f43
rpms:f40
rpms:f41
rpms:f42
rpms:f39
rpms:rhbz2239707
rpms:rhbz2211237
rpms:f36
rpms:f37
rpms:f38
rpms:eln-sha1
rpms:f35
rpms:bz1952522
rpms:f34
rpms:f33
rpms:f32
rpms:f31
rpms:f30
rpms:f29
rpms:f27
rpms:f28
rpms:f26
rpms:f25
rpms:f24
rpms:f23
rpms:f22
rpms:epel7
rpms:f21
rpms:f20
rpms:el6
Sign in to create a new pull request.

30 commits
f40 ... rawhide

Author SHA1 Message Date
Peter Robinson
1a3a50b8d3 Drop pytz test req, only needed for py < 3.9 
The pytz requirement now is only used for CI for py < 3.9:
pytz==2025.2 ; python_full_version < '3.9'

Also drop no longer valid comment snippet
 2025-10-22 13:04:27 +01:00
Python Maint
5e1fd8e20d Rebuilt for Python 3.14.0rc3 bytecode 2025-09-19 13:05:04 +02:00
Python Maint
5e51185593 Rebuilt for Python 3.14.0rc2 bytecode 2025-08-15 13:32:38 +02:00
Fedora Release Engineering
22e34bf150 Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild 2025-07-25 07:25:06 +00:00
Jeremy Cline
8034f94f77
 		Update to v45.0.4 
The upstream release fixes a single issue:

- Fixed decrypting PKCS#8 files encrypted with SHA1-RC4. (This is not
  considered secure, and is supported only for backwards compatibility.)

Fixes rhbz #2371350
 2025-06-11 09:31:07 -04:00
Python Maint
65da927d85 Rebuilt for Python 3.14 2025-06-04 18:30:16 +02:00
Python Maint
2fadd7bb9a Bootstrap for Python 3.14 2025-06-03 13:37:55 +02:00
Jeremy Cline
adc63ac786
 		Update to v45.0.3 
This fixes two issues from v45:

  - Fixed decrypting PKCS#8 files encrypted with long salts (this impacts keys encrypted by Bouncy Castle).
  - Fixed decrypting PKCS#8 files encrypted with DES-CBC-MD5. While wildly insecure, this remains prevalent.
 2025-05-25 12:49:30 -04:00
Jeremy Cline
f06f4c2804
 		Update to v45.0.2 
This update includes two backwards-incompatible changes with v44:

  - Made SSH private key loading more consistent with other private key
    loading:
    :func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`
    now raises a TypeError if the key is unencrypted but a password is
    provided (previously no exception was raised), and raises a
    TypeError if the key is encrypted but no password is provided
    (previously a ValueError was raised).
  - The :meth:`VerifiedClient.subject
    <cryptography.x509.verification.VerifiedClient.subjects>` property
    can now be None since a custom extension policy may allow
    certificates without a Subject Alternative Name extension.

Full changelog: https://github.com/pyca/cryptography/blob/45.0.2/CHANGELOG.rst
 2025-05-19 10:55:53 -04:00
Yaakov Selkowitz
683f73c2b8 Modernize Rust macro usage 
This adds automatically generated licensing data, and bundled provides for
vendored dependencies in the RHEL builds.
 2025-03-06 14:29:08 -05:00
Yaakov Selkowitz
25b75b110c Do not delete tests/x509 on RHEL 
tests/x509 now provides imports used by tests in other directories,
and no longer require pytz.
 2025-03-03 23:22:02 -05:00
Fabio Valentini
606ff1ca7e
 		Rebuild for openssl crate >= v0.10.70 (RUSTSEC-2025-0004) 2025-02-06 13:47:30 +01:00
Jeremy Cline
78a1779124
 		Include fix to exclude Cargo.toml from wheels 
Merged upstream at https://github.com/pyca/cryptography/pull/12091

[skip changelog]
 2025-01-21 18:39:23 +00:00
Jeremy Cline
83987f70ef
 		Update to v44.0.0 
This release is largely adding new features. One behavioral which might
cause issues is:

- Enforce the RFC 5280 requirement that extended key usage extensions must not be empty.

Complete changelog: https://github.com/pyca/cryptography/blob/44.0.0/CHANGELOG.rst
 2025-01-21 15:51:57 +00:00
Fedora Release Engineering
bc4d913fc3 Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild 2025-01-18 13:19:11 +00:00
Francisco Trivino
ed6d65f516 allow sha1 in OAEP 
In FIPS mode, RSA OAEP padding is refused with an error message:
"This combination of padding and hash algorithm is not supported
by this backend."

It picks up the patch in https://github.com/pyca/cryptography/pull/11536
to allow sha1 in OAEP.

Fixes: https://github.com/pyca/cryptography/issues/11512
Related: https://issues.redhat.com/browse/RHEL-40210
Signed-off-by: Francisco Trivino <ftrivino@redhat.com>
 2024-09-04 17:54:40 +02:00
Jeremy Cline
fdf62093b4
 		Flip off lock = true maturin config 
Upstream switched to maturin in v43[0]. Since we fiddle with the
lockfile maturin wants to update it since upstream configures `lock =
true`. Turn that off.

This fixes the v43 build in rawhide.

[0] https://github.com/pyca/cryptography/pull/8815

[skip changelog]
 2024-07-30 11:17:39 -04:00
Jeremy Cline
696a6afd84
 		Update to v43.0.0 
Additionally, this builds the package with OPENSSL_NO_ENGINE=1

This drops the skip-overflow-tests-32bit.patch as its included in
v43.0.0. It picks up the patch in
https://github.com/pyca/cryptography/pull/11328 to allow building with
OPENSSL_NO_ENGINE=1.
 2024-07-24 16:50:41 -04:00
Jeremy Cline
4dc6d7b0ba
 		Automatically apply all patches during autosetup 
Commit 7b18e1445d ("Update to 41.0.3") introduces a patch that was
applied behind a conditional. This is no longer the case, so revert back
to letting autosetup apply all patches.

[skip changelog]
 2024-07-24 16:45:52 -04:00
Fedora Release Engineering
bc9adfb4de Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild 2024-07-19 10:44:42 +00:00
Yaakov Selkowitz
cf26149d18 Remove unused pytest-subtests dependency 
This dependency was switched out for a built-in miniature replacement as of
version 41.0.0:

22759dbab0
 2024-07-12 10:57:13 -04:00
Yaakov Selkowitz
1483ac22f7 Skip benchmark tests on RHEL 
This avoids dependencies on the otherwise unnecessary certifi and
pytest-benchmark.
 2024-07-12 10:47:14 -04:00
Jeremy Cline
143d2e3463
 		Fix the build for ELN 
PyO3 doesn't support Python 3.13 until 0.22, but cryptography 0.42 is
using 0.20 at the moment. Use ABI3 forward compatibility for ELN builds
until cryptography updates.

The Rawhide build is using crates from the distro which must be setting
this in some way, but I'm not familiar enough with PyO3 or Fedora's Rust
packaging to find it quickly.

Fixes rhbz#2295602
 2024-07-03 14:43:42 -04:00
Miro Hrončok
4dcec288f2 Drop unneeded dependency on tox 
There is no additional dependency generated by it, other than tox and tox-current-env.
There is no tox configuration in the source tarball.

If desired, there is a [test] extra, so we could use -x test instead,
but that would break the %if 0%{?fedora} tests dependencies separation.
 2024-07-03 16:55:22 +00:00
Jeremy Cline
3d1bdaeb45
 		Switch to autorelease and autochangelog macros 
I forgot to bump manually add a changelog entry for the 42.0.8 update.
Let's make that impossible in the future.

[skip changelog]
 2024-07-03 10:27:54 -04:00
Jeremy Cline
cb16ef22f9
 		Update to 42.0.8, resolves RHBZ#2251816" 
This reverts commit 2220bc3f08 and bumps
the version up from 42.0.5 to 42.0.8.

Additionally, a dependency on the openssl-devel-engine is necessary.
Longer-term this should be dropped[0].

[0] https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine

Co-authored-by: Christian Heimes <cheimes@redhat.com>
 2024-07-03 09:25:42 -04:00
Python Maint
a7c29b32fa Rebuilt for Python 3.13 2024-06-08 08:13:50 +02:00
Python Maint
1eecfff494 Bootstrap for Python 3.13 2024-06-07 22:03:00 +02:00
Miro Hrončok
2220bc3f08 Revert "Update to 42.0.5, resolves RHBZ#2251816" 
This reverts commit 2b20ce4281.
 2024-05-28 13:29:39 +02:00
Christian Heimes
2b20ce4281 Update to 42.0.5, resolves RHBZ#2251816 2024-03-06 10:23:38 +01:00
7 changed files with 309 additions and 336 deletions
Download patch file Download diff file Expand all files Collapse all files

14
.gitignore vendored
View file

@ -61,3 +61,17 @@
/cryptography-41.0.5.tar.gz
/cryptography-41.0.7.tar.gz
/cryptography-41.0.7-vendor.tar.bz2
/cryptography-42.0.5.tar.gz
/cryptography-42.0.5-vendor.tar.bz2
/cryptography-42.0.8.tar.gz
/cryptography-42.0.8-vendor.tar.bz2
/cryptography-43.0.0.tar.gz
/cryptography-43.0.0-vendor.tar.bz2
/cryptography-44.0.0.tar.gz
/cryptography-44.0.0-vendor.tar.bz2
/cryptography-45.0.2.tar.gz
/cryptography-45.0.2-vendor.tar.bz2
/cryptography-45.0.3.tar.gz
/cryptography-45.0.3-vendor.tar.bz2
/cryptography-45.0.4.tar.gz
/cryptography-45.0.4-vendor.tar.bz2

248
changelog Normal file
View file

@ -0,0 +1,248 @@
* Tue Jul 02 2024 Jeremy Cline <jeremycline@linux.microsoft.com> - 42.0.8-1
- Update to 42.0.8, fixes rhbz#2251816
* Sat Jun 08 2024 Python Maint <python-maint@redhat.com> - 41.0.7-3
- Rebuilt for Python 3.13
* Fri Jun 07 2024 Python Maint <python-maint@redhat.com> - 41.0.7-2
- Bootstrap for Python 3.13
* Thu Feb 01 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 41.0.7-1
- Update to 41.0.7, fixes rhbz#2255351, CVE-2023-49083
* Fri Jan 26 2024 Fedora Release Engineering <releng@fedoraproject.org> - 41.0.5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 41.0.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Dec 01 2023 Fabio Valentini <decathorpe@gmail.com> - 41.0.5-2
- Rebuild for openssl crate >= v0.10.60 (RUSTSEC-2023-0044, RUSTSEC-2023-0072)
* Thu Oct 26 2023 Christian Heimes <cheimes@redhat.com> - 41.0.5-1
- Update to 41.0.5, resolves RHBZ#2239707
* Mon Aug 14 2023 Christian Heimes <cheimes@redhat.com> - 41.0.3-2
- Build with ouroboros 0.17, fixes rhbz#2214228 / RUSTSEC-2023-0042
* Wed Aug 09 2023 Christian Heimes <cheimes@redhat.com> - 41.0.3-1
- Update to 41.0.3, resolves rhbz#2211237
- Use pyo3 0.19
* Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 40.0.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Mon Jul 10 2023 Python Maint <python-maint@redhat.com> - 40.0.2-4
- Rebuilt for Python 3.12
* Wed Jun 14 2023 Python Maint <python-maint@redhat.com> - 40.0.2-3
- Bootstrap for Python 3.12
* Tue Jun 13 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 40.0.2-2
- Use vendored rust-pem in RHEL builds
* Tue Apr 18 2023 Christian Heimes <cheimes@redhat.com> - 40.0.2-1
- Update to 40.0.2, resolves rhbz#2181430
* Thu Mar 09 2023 Miro Hrončok <mhroncok@redhat.com> - 39.0.2-2
- Don't run tests requiring pytz on RHEL
- Don't try to run tests of vendored dependencies in %%check
* Sat Mar 04 2023 Christian Heimes <cheimes@redhat.com> - 39.0.2-1
- Update to 39.0.2, resolves rhbz#2124729
* Tue Feb 28 2023 Fabio Valentini <decathorpe@gmail.com> - 37.0.2-9
- Ensure correct compiler flags are used for Rust code.
* Wed Feb 22 2023 Christian Heimes <cheimes@redhat.com> - 37.0.2-8
- Fix CVE-2023-23931: Don't allow update_into to mutate immutable objects, resolves rhbz#2171820
- Fix FTBFS due to failing test_load_invalid_ec_key_from_pem and test_decrypt_invalid_decrypt, resolves rhbz#2171661
* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 37.0.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Dec 09 2022 Christian Heimes <cheimes@redhat.com> - 37.0.2-6
- Enable SHA1 signatures in test suite (ELN-only)
* Wed Aug 17 2022 Miro Hrončok <mhroncok@redhat.com> - 37.0.2-5
- Drop unused requirement of python3-six
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 37.0.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jun 14 2022 Python Maint <python-maint@redhat.com> - 37.0.2-3
- Rebuilt for Python 3.11
* Tue Jun 14 2022 Python Maint <python-maint@redhat.com> - 37.0.2-2
- Bootstrap for Python 3.11
* Thu May 05 2022 Christian Heimes <cheimes@redhat.com> - 37.0.2-1
- Update to 37.0.2, resolves rhbz#2078968
* Thu Jan 27 2022 Christian Heimes <cheimes@redhat.com> - 36.0.0-3
- Skip unstable memleak tests, resolves: RHBZ#2042413
* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 36.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Mon Nov 22 2021 Christian Heimes <cheimes@redhat.com> - 36.0.0-1
- Update to 36.0.0, fixes RHBZ#2025347
* Thu Sep 30 2021 Christian Heimes <cheimes@redhat.com> - 35.0.0-2
- Require rust-asn1 >= 0.6.4
* Thu Sep 30 2021 Christian Heimes <cheimes@redhat.com> - 35.0-1
- Update to 35.0.0 (#2009117)
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 3.4.7-6
- Rebuilt with OpenSSL 3.0.0
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.4.7-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Thu Jun 10 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.4.7-4
- Don't conditionalize Source: directives
* Wed Jun 02 2021 Python Maint <python-maint@redhat.com> - 3.4.7-3
- Rebuilt for Python 3.10
* Tue May 11 2021 Christian Heimes <cheimes@redhat.com> - 3.4.7-2
- Fix compatibility issue with Python 3.10. Enums now use same
representation as on Python 3.9. (#1952522)
- Backport OpenSSL 3.0.0 compatibility patches.
* Wed Apr 21 2021 Christian Heimes <cheimes@redhat.com> - 3.4.7-1
- Update to 3.4.7
- Remove dependency on python-cryptography-vectors package and use vectors
directly from Github source tar ball. (#1952024)
* Wed Mar 03 2021 Christian Heimes <cheimes@redhat.com> - 3.4.6-1
- Update to 3.4.6 (#1927044)
* Mon Feb 15 2021 Christian Heimes <cheimes@redhat.com> - 3.4.5-1
- Update to 3.4.5 (#1927044)
* Fri Feb 12 2021 Christian Heimes <cheimes@redhat.com> - 3.4.4-3
- Skip iso8601 and pretend tests on RHEL
* Fri Feb 12 2021 Christian Heimes <cheimes@redhat.com> - 3.4.4-2
- Provide RHEL build infrastructure
* Wed Feb 10 2021 Christian Heimes <cheimes@redhat.com> - 3.4.4-1
- Update to 3.4.4 (#1927044)
* Mon Feb 08 2021 Christian Heimes <cheimes@redhat.com> - 3.4.2-1
- Update to 3.4.2 (#1926339)
- Package no longer depends on Rust (#1926181)
* Mon Feb 08 2021 Fabio Valentini <decathorpe@gmail.com> - 3.4.1-2
- Use dynamically generated BuildRequires for PyO3 Rust module.
- Drop unnecessary CARGO_NET_OFFLINE environment variable.
* Sun Feb 07 2021 Christian Heimes <cheimes@redhat.com> - 3.4.1-1
- Update to 3.4.1 (#1925953)
* Sun Feb 07 2021 Christian Heimes <cheimes@redhat.com> - 3.4-2
- Add missing abi3 and pytest dependencies
* Sun Feb 07 2021 Christian Heimes <cheimes@redhat.com> - 3.4-1
- Update to 3.4 (#1925953)
- Remove Python 2 support
- Remove unused python-idna dependency
- Add Rust support
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Thu Dec 10 2020 Christian Heimes <cheimes@redhat.com> - 3.3.1-1
- Update to 3.3.1 (#1905756)
* Wed Oct 28 2020 Christian Heimes <cheimes@redhat.com> - 3.2.1-1
- Update to 3.2.1 (#1892153)
* Mon Oct 26 2020 Christian Heimes <cheimes@redhat.com> - 3.2-1
- Update to 3.2 (#1891378)
* Mon Sep 07 2020 Christian Heimes <cheimes@redhat.com> - 3.1-1
- Update to 3.1 (#1872978)
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 21 2020 Christian Heimes <cheimes@redhat.com> - 3.0-1
- Update to 3.0 (#185897)
* Sat May 23 2020 Miro Hrončok <mhroncok@redhat.com> - 2.9-3
- Rebuilt for Python 3.9
* Tue May 12 2020 Felix Schwarz <fschwarz@fedoraproject.org> - 2.9-2
- add source file verification
* Fri Apr 03 2020 Christian Heimes <cheimes@redhat.com> - 2.9-1
- Update to 2.9 (#1820348)
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Jan 13 2020 Christian Heimes <cheimes@redhat.com> - 2.8-2
- cryptography 2.8+ no longer depends on python-asn1crypto
* Thu Oct 17 2019 Christian Heimes <cheimes@redhat.com> - 2.8-1
- Update to 2.8
- Resolves: rhbz#1762779
* Sun Oct 13 2019 Christian Heimes <cheimes@redhat.com> - 2.7-3
- Skip unit tests that fail with OpenSSL 1.1.1.d
- Resolves: rhbz#1761194
- Fix and simplify Python 3 packaging
* Sat Oct 12 2019 Christian Heimes <cheimes@redhat.com> - 2.7-2
- Drop Python 2 package
- Resolves: rhbz#1761081
* Tue Sep 03 2019 Randy Barlow <bowlofeggs@fedoraproject.org> - 2.7-1
- Update to 2.7 (#1715680).
* Fri Aug 16 2019 Miro Hrončok <mhroncok@redhat.com> - 2.6.1-3
- Rebuilt for Python 3.8
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Feb 28 2019 Christian Heimes <cheimes@redhat.com> - 2.6.1-1
- New upstream release 2.6.1, resolves RHBZ#1683691
* Wed Feb 13 2019 Alfredo Moralejo <amoralej@redhat.com> - 2.5-1
- Updated to 2.5.
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Aug 13 2018 Christian Heimes <cheimes@redhat.com> - 2.3-2
- Use TLSv1.2 in test as workaround for RHBZ#1615143
* Wed Jul 18 2018 Christian Heimes <cheimes@redhat.com> - 2.3-1
- New upstream release 2.3
- Fix AEAD tag truncation bug, RHBZ#1602752
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Jun 15 2018 Miro Hrončok <mhroncok@redhat.com> - 2.2.1-2
- Rebuilt for Python 3.7
* Wed Mar 21 2018 Christian Heimes <cheimes@redhat.com> - 2.2.1-1
- New upstream release 2.2.1
* Sun Feb 18 2018 Christian Heimes <cheimes@redhat.com> - 2.1.4-1
- New upstream release 2.1.4
* Sun Feb 18 2018 Christian Heimes <cheimes@redhat.com> - 2.1.3-4
- Build requires gcc
* Mon Feb 12 2018 Iryna Shcherbina <ishcherb@redhat.com> - 2.1.3-3
- Update Python 2 dependency declarations to new packaging standards
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

13
ouroboros-0.17.patch
View file

@ -1,13 +0,0 @@
diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml
index 9dd060f8b..8004c7e76 100644
--- a/src/rust/Cargo.toml
+++ b/src/rust/Cargo.toml
@@ -15,7 +15,7 @@ cryptography-cffi = { path = "cryptography-cffi" }
cryptography-x509 = { path = "cryptography-x509" }
cryptography-openssl = { path = "cryptography-openssl" }
pem = "1.1"
-ouroboros = "0.15"
+ouroboros = "0.17"
openssl = "0.10.54"
openssl-sys = "0.9.88"
foreign-types-shared = "0.1"

52
pyo3-0.19.patch
View file

@ -1,52 +0,0 @@
diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml
index 01fba147e..9dd060f8b 100644
--- a/src/rust/Cargo.toml
+++ b/src/rust/Cargo.toml
@@ -9,7 +9,7 @@ rust-version = "1.56.0"
[dependencies]
once_cell = "1"
-pyo3 = { version = "0.18", features = ["abi3-py37"] }
+pyo3 = { version = "0.19", features = ["abi3-py37"] }
asn1 = { version = "0.15.2", default-features = false }
cryptography-cffi = { path = "cryptography-cffi" }
cryptography-x509 = { path = "cryptography-x509" }
diff --git a/src/rust/cryptography-cffi/Cargo.toml b/src/rust/cryptography-cffi/Cargo.toml
index 65051c2a4..24e53991b 100644
--- a/src/rust/cryptography-cffi/Cargo.toml
+++ b/src/rust/cryptography-cffi/Cargo.toml
@@ -8,7 +8,7 @@ publish = false
rust-version = "1.56.0"
[dependencies]
-pyo3 = { version = "0.18", features = ["abi3-py37"] }
+pyo3 = { version = "0.19", features = ["abi3-py37"] }
openssl-sys = "0.9.88"
[build-dependencies]
diff --git a/src/rust/src/x509/crl.rs b/src/rust/src/x509/crl.rs
index 923015035..1380d6eb8 100644
--- a/src/rust/src/x509/crl.rs
+++ b/src/rust/src/x509/crl.rs
@@ -145,7 +145,7 @@ impl CertificateRevocationList {
revoked_certs
});
- if idx.is_instance_of::<pyo3::types::PySlice>()? {
+ if idx.is_instance_of::<pyo3::types::PySlice>() {
let indices = idx
.downcast::<pyo3::types::PySlice>()?
.indices(self.len().try_into().unwrap())?;
diff --git a/src/rust/src/x509/extensions.rs b/src/rust/src/x509/extensions.rs
index 98d1bd63b..dcf28833f 100644
--- a/src/rust/src/x509/extensions.rs
+++ b/src/rust/src/x509/extensions.rs
@@ -211,7 +211,7 @@ fn encode_certificate_policies(
let mut qualifiers = vec![];
for py_qualifier in py_policy_qualifiers.iter()? {
let py_qualifier = py_qualifier?;
- let qualifier = if py_qualifier.is_instance_of::<pyo3::types::PyString>()? {
+ let qualifier = if py_qualifier.is_instance_of::<pyo3::types::PyString>() {
let cps_uri = match asn1::IA5String::new(py_qualifier.extract()?) {
Some(s) => s,
None => {

312
python-cryptography.spec
View file

@ -5,23 +5,26 @@
%global srcname cryptography
Name: python-%{srcname}
Version: 41.0.7
Release: 1%{?dist}
Version: 45.0.4
Release: %autorelease
Summary: PyCA's cryptography library
# cryptography is dual licensed under the Apache-2.0 and BSD-3-Clause,
# as well as the Python Software Foundation license for the OS random
# engine derived by CPython.
License: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0
# Rust crate dependency licenses:
# Apache-2.0
# Apache-2.0 OR MIT
# BSD-3-Clause
# MIT
# MIT OR Apache-2.0
License: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 AND Apache-2.0 AND BSD-3-Clause AND MIT AND (MIT OR Apache-2.0)
URL: https://cryptography.io/en/latest/
Source0: https://github.com/pyca/cryptography/archive/%{version}/%{srcname}-%{version}.tar.gz
# created by ./vendor_rust.py helper script
Source1: cryptography-%{version}-vendor.tar.bz2
Source2: conftest-skipper.py
Patch1: pyo3-0.19.patch
Patch2: ouroboros-0.17.patch
ExclusiveArch: %{rust_arches}
BuildRequires: openssl-devel
@ -29,8 +32,6 @@ BuildRequires: gcc
BuildRequires: gnupg2
%if 0%{?fedora}
BuildRequires: rust-packaging
# test_load_with_other_sections in 40.0 fails with pem 1.1.0
BuildRequires: rust-pem-devel >= 1.1.1
%else
BuildRequires: rust-toolset
%endif
@ -42,15 +43,14 @@ BuildRequires: python%{python3_pkgversion}-setuptools-rust >= 0.11.4
%if %{with tests}
%if 0%{?fedora}
BuildRequires: python%{python3_pkgversion}-certifi
BuildRequires: python%{python3_pkgversion}-hypothesis >= 1.11.4
BuildRequires: python%{python3_pkgversion}-iso8601
BuildRequires: python%{python3_pkgversion}-pretend
BuildRequires: python%{python3_pkgversion}-pytest-benchmark
BuildRequires: python%{python3_pkgversion}-pytest-xdist
BuildRequires: python%{python3_pkgversion}-pytz
%endif
BuildRequires: python%{python3_pkgversion}-pytest >= 6.2.0
BuildRequires: python%{python3_pkgversion}-pytest-benchmark
BuildRequires: python%{python3_pkgversion}-pytest-subtests >= 0.5.0
%endif
%description
@ -72,45 +72,55 @@ cryptography is a package designed to expose cryptographic primitives and
recipes to Python developers.
%prep
%autosetup -p1 -N -n %{srcname}-%{version}
%autosetup -p1 %{!?fedora:-a1} -n %{srcname}-%{version}
%if 0%{?fedora}
# patch pyo3 and ouroboros depedency
%autopatch -p1 1
%autopatch -p1 2
%cargo_prep
rm src/rust/Cargo.lock
sed -i 's/locked = true//g' pyproject.toml
%else
# RHEL: use vendored Rust crates
%cargo_prep -V 1
%cargo_prep -v vendor
%endif
%if 0%{?fedora}
%if ! 0%{?fedora}
sed -i 's,--benchmark-disable,,' pyproject.toml
%endif
%generate_buildrequires
%pyproject_buildrequires
%if 0%{?fedora}
# Fedora: use RPMified crates
cd src/rust
%cargo_generate_buildrequires
cd ../..
%endif
# Remove cosmetical pytest-subtests 0.10.0 option
sed -i 's,--no-subtests-shortletter,,' pyproject.toml
%build
export RUSTFLAGS="%build_rustflags"
export OPENSSL_NO_VENDOR=1
%py3_build
export CFLAGS="${CFLAGS} -DOPENSSL_NO_ENGINE=1 "
%pyproject_wheel
%cargo_license_summary
%{cargo_license} > LICENSE.dependencies
%if ! 0%{?fedora}
%cargo_vendor_manifest
%endif
%install
# Actually other *.c and *.h are appropriate
# see https://github.com/pyca/cryptography/issues/1463
find . -name .keep -print -delete
%py3_install
find . -name Cargo.toml -print -delete
%pyproject_install
%pyproject_save_files %{srcname}
%check
%if %{with tests}
%if 0%{?rhel}
# skip hypothesis and pytz tests on RHEL
rm -rf tests/hypothesis tests/x509
# skip benchmark and hypothesis tests on RHEL
rm -rf tests/bench tests/hypothesis
# append skipper to skip iso8601 and pretend tests
cat < %{SOURCE2} >> tests/conftest.py
%endif
@ -130,249 +140,15 @@ PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \
-k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve or test_decrypt_invalid_decrypt or test_openssl_memleak or test_load_invalid_ec_key_from_pem)"
%endif
%files -n python%{python3_pkgversion}-%{srcname}
%files -n python%{python3_pkgversion}-%{srcname} -f %{pyproject_files}
%doc README.rst docs
%license LICENSE LICENSE.APACHE LICENSE.BSD
%{python3_sitearch}/%{srcname}
%{python3_sitearch}/%{srcname}-%{version}-py*.egg-info
%license LICENSE.dependencies
%if ! 0%{?fedora}
%license cargo-vendor.txt
%endif
%changelog
* Thu Feb 01 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 41.0.7-1
- Update to 41.0.7, fixes rhbz#2255351, CVE-2023-49083
* Fri Jan 26 2024 Fedora Release Engineering <releng@fedoraproject.org> - 41.0.5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 41.0.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Dec 01 2023 Fabio Valentini <decathorpe@gmail.com> - 41.0.5-2
- Rebuild for openssl crate >= v0.10.60 (RUSTSEC-2023-0044, RUSTSEC-2023-0072)
* Thu Oct 26 2023 Christian Heimes <cheimes@redhat.com> - 41.0.5-1
- Update to 41.0.5, resolves RHBZ#2239707
* Mon Aug 14 2023 Christian Heimes <cheimes@redhat.com> - 41.0.3-2
- Build with ouroboros 0.17, fixes rhbz#2214228 / RUSTSEC-2023-0042
* Wed Aug 09 2023 Christian Heimes <cheimes@redhat.com> - 41.0.3-1
- Update to 41.0.3, resolves rhbz#2211237
- Use pyo3 0.19
* Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 40.0.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Mon Jul 10 2023 Python Maint <python-maint@redhat.com> - 40.0.2-4
- Rebuilt for Python 3.12
* Wed Jun 14 2023 Python Maint <python-maint@redhat.com> - 40.0.2-3
- Bootstrap for Python 3.12
* Tue Jun 13 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 40.0.2-2
- Use vendored rust-pem in RHEL builds
* Tue Apr 18 2023 Christian Heimes <cheimes@redhat.com> - 40.0.2-1
- Update to 40.0.2, resolves rhbz#2181430
* Thu Mar 09 2023 Miro Hrončok <mhroncok@redhat.com> - 39.0.2-2
- Don't run tests requiring pytz on RHEL
- Don't try to run tests of vendored dependencies in %%check
* Sat Mar 04 2023 Christian Heimes <cheimes@redhat.com> - 39.0.2-1
- Update to 39.0.2, resolves rhbz#2124729
* Tue Feb 28 2023 Fabio Valentini <decathorpe@gmail.com> - 37.0.2-9
- Ensure correct compiler flags are used for Rust code.
* Wed Feb 22 2023 Christian Heimes <cheimes@redhat.com> - 37.0.2-8
- Fix CVE-2023-23931: Don't allow update_into to mutate immutable objects, resolves rhbz#2171820
- Fix FTBFS due to failing test_load_invalid_ec_key_from_pem and test_decrypt_invalid_decrypt, resolves rhbz#2171661
* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 37.0.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Dec 09 2022 Christian Heimes <cheimes@redhat.com> - 37.0.2-6
- Enable SHA1 signatures in test suite (ELN-only)
* Wed Aug 17 2022 Miro Hrončok <mhroncok@redhat.com> - 37.0.2-5
- Drop unused requirement of python3-six
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 37.0.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jun 14 2022 Python Maint <python-maint@redhat.com> - 37.0.2-3
- Rebuilt for Python 3.11
* Tue Jun 14 2022 Python Maint <python-maint@redhat.com> - 37.0.2-2
- Bootstrap for Python 3.11
* Thu May 05 2022 Christian Heimes <cheimes@redhat.com> - 37.0.2-1
- Update to 37.0.2, resolves rhbz#2078968
* Thu Jan 27 2022 Christian Heimes <cheimes@redhat.com> - 36.0.0-3
- Skip unstable memleak tests, resolves: RHBZ#2042413
* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 36.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Mon Nov 22 2021 Christian Heimes <cheimes@redhat.com> - 36.0.0-1
- Update to 36.0.0, fixes RHBZ#2025347
* Thu Sep 30 2021 Christian Heimes <cheimes@redhat.com> - 35.0.0-2
- Require rust-asn1 >= 0.6.4
* Thu Sep 30 2021 Christian Heimes <cheimes@redhat.com> - 35.0-1
- Update to 35.0.0 (#2009117)
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 3.4.7-6
- Rebuilt with OpenSSL 3.0.0
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.4.7-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Thu Jun 10 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.4.7-4
- Don't conditionalize Source: directives
* Wed Jun 02 2021 Python Maint <python-maint@redhat.com> - 3.4.7-3
- Rebuilt for Python 3.10
* Tue May 11 2021 Christian Heimes <cheimes@redhat.com> - 3.4.7-2
- Fix compatibility issue with Python 3.10. Enums now use same
representation as on Python 3.9. (#1952522)
- Backport OpenSSL 3.0.0 compatibility patches.
* Wed Apr 21 2021 Christian Heimes <cheimes@redhat.com> - 3.4.7-1
- Update to 3.4.7
- Remove dependency on python-cryptography-vectors package and use vectors
directly from Github source tar ball. (#1952024)
* Wed Mar 03 2021 Christian Heimes <cheimes@redhat.com> - 3.4.6-1
- Update to 3.4.6 (#1927044)
* Mon Feb 15 2021 Christian Heimes <cheimes@redhat.com> - 3.4.5-1
- Update to 3.4.5 (#1927044)
* Fri Feb 12 2021 Christian Heimes <cheimes@redhat.com> - 3.4.4-3
- Skip iso8601 and pretend tests on RHEL
* Fri Feb 12 2021 Christian Heimes <cheimes@redhat.com> - 3.4.4-2
- Provide RHEL build infrastructure
* Wed Feb 10 2021 Christian Heimes <cheimes@redhat.com> - 3.4.4-1
- Update to 3.4.4 (#1927044)
* Mon Feb 08 2021 Christian Heimes <cheimes@redhat.com> - 3.4.2-1
- Update to 3.4.2 (#1926339)
- Package no longer depends on Rust (#1926181)
* Mon Feb 08 2021 Fabio Valentini <decathorpe@gmail.com> - 3.4.1-2
- Use dynamically generated BuildRequires for PyO3 Rust module.
- Drop unnecessary CARGO_NET_OFFLINE environment variable.
* Sun Feb 07 2021 Christian Heimes <cheimes@redhat.com> - 3.4.1-1
- Update to 3.4.1 (#1925953)
* Sun Feb 07 2021 Christian Heimes <cheimes@redhat.com> - 3.4-2
- Add missing abi3 and pytest dependencies
* Sun Feb 07 2021 Christian Heimes <cheimes@redhat.com> - 3.4-1
- Update to 3.4 (#1925953)
- Remove Python 2 support
- Remove unused python-idna dependency
- Add Rust support
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Thu Dec 10 2020 Christian Heimes <cheimes@redhat.com> - 3.3.1-1
- Update to 3.3.1 (#1905756)
* Wed Oct 28 2020 Christian Heimes <cheimes@redhat.com> - 3.2.1-1
- Update to 3.2.1 (#1892153)
* Mon Oct 26 2020 Christian Heimes <cheimes@redhat.com> - 3.2-1
- Update to 3.2 (#1891378)
* Mon Sep 07 2020 Christian Heimes <cheimes@redhat.com> - 3.1-1
- Update to 3.1 (#1872978)
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 21 2020 Christian Heimes <cheimes@redhat.com> - 3.0-1
- Update to 3.0 (#185897)
* Sat May 23 2020 Miro Hrončok <mhroncok@redhat.com> - 2.9-3
- Rebuilt for Python 3.9
* Tue May 12 2020 Felix Schwarz <fschwarz@fedoraproject.org> - 2.9-2
- add source file verification
* Fri Apr 03 2020 Christian Heimes <cheimes@redhat.com> - 2.9-1
- Update to 2.9 (#1820348)
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Jan 13 2020 Christian Heimes <cheimes@redhat.com> - 2.8-2
- cryptography 2.8+ no longer depends on python-asn1crypto
* Thu Oct 17 2019 Christian Heimes <cheimes@redhat.com> - 2.8-1
- Update to 2.8
- Resolves: rhbz#1762779
* Sun Oct 13 2019 Christian Heimes <cheimes@redhat.com> - 2.7-3
- Skip unit tests that fail with OpenSSL 1.1.1.d
- Resolves: rhbz#1761194
- Fix and simplify Python 3 packaging
* Sat Oct 12 2019 Christian Heimes <cheimes@redhat.com> - 2.7-2
- Drop Python 2 package
- Resolves: rhbz#1761081
* Tue Sep 03 2019 Randy Barlow <bowlofeggs@fedoraproject.org> - 2.7-1
- Update to 2.7 (#1715680).
* Fri Aug 16 2019 Miro Hrončok <mhroncok@redhat.com> - 2.6.1-3
- Rebuilt for Python 3.8
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Feb 28 2019 Christian Heimes <cheimes@redhat.com> - 2.6.1-1
- New upstream release 2.6.1, resolves RHBZ#1683691
* Wed Feb 13 2019 Alfredo Moralejo <amoralej@redhat.com> - 2.5-1
- Updated to 2.5.
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Aug 13 2018 Christian Heimes <cheimes@redhat.com> - 2.3-2
- Use TLSv1.2 in test as workaround for RHBZ#1615143
* Wed Jul 18 2018 Christian Heimes <cheimes@redhat.com> - 2.3-1
- New upstream release 2.3
- Fix AEAD tag truncation bug, RHBZ#1602752
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Jun 15 2018 Miro Hrončok <mhroncok@redhat.com> - 2.2.1-2
- Rebuilt for Python 3.7
* Wed Mar 21 2018 Christian Heimes <cheimes@redhat.com> - 2.2.1-1
- New upstream release 2.2.1
* Sun Feb 18 2018 Christian Heimes <cheimes@redhat.com> - 2.1.4-1
- New upstream release 2.1.4
* Sun Feb 18 2018 Christian Heimes <cheimes@redhat.com> - 2.1.3-4
- Build requires gcc
* Mon Feb 12 2018 Iryna Shcherbina <ishcherb@redhat.com> - 2.1.3-3
- Update Python 2 dependency declarations to new packaging standards
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
%autochangelog

4
sources
View file

@ -1,2 +1,2 @@
SHA512 (cryptography-41.0.7.tar.gz) = 9a870d45296de6af1331e73b102226b8269892216cd7bc0adfb2f63ce1ca7021d338effd09182128253d8d8df154bbd19d46c47f10ddac86e739fcbf6df78307
SHA512 (cryptography-41.0.7-vendor.tar.bz2) = dbf750a1ada4a9330939e3dae8311007a9e25808eb64c124c99981187d1bc04baba3a7d3b838c0cd9491e8350c382fb0f789a11abb21c633f2d78e8aba819b9e
SHA512 (cryptography-45.0.4.tar.gz) = 08b35f414d81f83ee242f5d208f8aabc12dc53f1a0cbffc5be1ed7f9173e9c9863225a7eb5cff4e9f3dacf5e9fcb3e8701e33c441e1562ee13f9e3927fafb3df
SHA512 (cryptography-45.0.4-vendor.tar.bz2) = 5ff616412e65bd342d2b98110d0b058aaa1719ddf0d1a1164b49451b8f5bc49def81cf4913b6b4c2917f28a33cef28a74ad4391b303c2e36752b81f491a4da06

2
vendor_rust.py
View file

@ -12,7 +12,7 @@ import sys
VENDOR_DIR = "vendor"
CARGO_TOML = "src/rust/Cargo.toml"
RE_VERSION = re.compile("Version:\s*(.*)")
RE_VERSION = re.compile(r"Version:\s*(.*)")
parser = argparse.ArgumentParser(description="Vendor Rust packages")
parser.add_argument(