Revert "Update to 42.0.5"

This reverts commit 1df274c401. Fedora 39 is missing recent versions of python-setuptools-rust, rust-pem, and rust-openssl.
Update to 42.0.5
2024-03-21 11:43:03 +01:00 · 2024-03-21 11:25:23 +01:00 · 2024-02-04 16:56:24 +01:00 · 2024-02-04 11:21:20 +01:00 · 2024-02-04 11:21:20 +01:00 · 2024-02-04 11:21:18 +01:00
5 changed files with 95 additions and 5 deletions
--- a/.gitignore
+++ b/.gitignore
@ -55,3 +55,9 @@
 /cryptography-40.0.1-vendor.tar.bz2
 /cryptography-40.0.2.tar.gz
 /cryptography-40.0.2-vendor.tar.bz2
+/cryptography-41.0.3.tar.gz
+/cryptography-41.0.3-vendor.tar.bz2
+/cryptography-41.0.5-vendor.tar.bz2
+/cryptography-41.0.5.tar.gz
+/cryptography-41.0.7.tar.gz
+/cryptography-41.0.7-vendor.tar.bz2
--- a/ouroboros-0.17.patch
+++ b/ouroboros-0.17.patch
@ -0,0 +1,13 @@
+diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml
+index 9dd060f8b..8004c7e76 100644
+--- a/src/rust/Cargo.toml
+++ b/src/rust/Cargo.toml
+@@ -15,7 +15,7 @@ cryptography-cffi = { path = "cryptography-cffi" }
+ cryptography-x509 = { path = "cryptography-x509" }
+ cryptography-openssl = { path = "cryptography-openssl" }
+ pem = "1.1"
+-ouroboros = "0.15"
+ouroboros = "0.17"
+ openssl = "0.10.54"
+ openssl-sys = "0.9.88"
+ foreign-types-shared = "0.1"
--- a/pyo3-0.19.patch
+++ b/pyo3-0.19.patch
@ -0,0 +1,52 @@
+diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml
+index 01fba147e..9dd060f8b 100644
+--- a/src/rust/Cargo.toml
+++ b/src/rust/Cargo.toml
+@@ -9,7 +9,7 @@ rust-version = "1.56.0"
+ 
+ [dependencies]
+ once_cell = "1"
+-pyo3 = { version = "0.18", features = ["abi3-py37"] }
+pyo3 = { version = "0.19", features = ["abi3-py37"] }
+ asn1 = { version = "0.15.2", default-features = false }
+ cryptography-cffi = { path = "cryptography-cffi" }
+ cryptography-x509 = { path = "cryptography-x509" }
+diff --git a/src/rust/cryptography-cffi/Cargo.toml b/src/rust/cryptography-cffi/Cargo.toml
+index 65051c2a4..24e53991b 100644
+--- a/src/rust/cryptography-cffi/Cargo.toml
+++ b/src/rust/cryptography-cffi/Cargo.toml
+@@ -8,7 +8,7 @@ publish = false
+ rust-version = "1.56.0"
+ 
+ [dependencies]
+-pyo3 = { version = "0.18", features = ["abi3-py37"] }
+pyo3 = { version = "0.19", features = ["abi3-py37"] }
+ openssl-sys = "0.9.88"
+ 
+ [build-dependencies]
+diff --git a/src/rust/src/x509/crl.rs b/src/rust/src/x509/crl.rs
+index 923015035..1380d6eb8 100644
+--- a/src/rust/src/x509/crl.rs
+++ b/src/rust/src/x509/crl.rs
+@@ -145,7 +145,7 @@ impl CertificateRevocationList {
+             revoked_certs
+         });
+ 
+-        if idx.is_instance_of::<pyo3::types::PySlice>()? {
+        if idx.is_instance_of::<pyo3::types::PySlice>() {
+             let indices = idx
+                 .downcast::<pyo3::types::PySlice>()?
+                 .indices(self.len().try_into().unwrap())?;
+diff --git a/src/rust/src/x509/extensions.rs b/src/rust/src/x509/extensions.rs
+index 98d1bd63b..dcf28833f 100644
+--- a/src/rust/src/x509/extensions.rs
+++ b/src/rust/src/x509/extensions.rs
+@@ -211,7 +211,7 @@ fn encode_certificate_policies(
+             let mut qualifiers = vec![];
+             for py_qualifier in py_policy_qualifiers.iter()? {
+                 let py_qualifier = py_qualifier?;
+-                let qualifier = if py_qualifier.is_instance_of::<pyo3::types::PyString>()? {
+                let qualifier = if py_qualifier.is_instance_of::<pyo3::types::PyString>() {
+                     let cps_uri = match asn1::IA5String::new(py_qualifier.extract()?) {
+                         Some(s) => s,
+                         None => {
--- a/python-cryptography.spec
+++ b/python-cryptography.spec
@ -5,8 +5,8 @@
 %global srcname cryptography

 Name:           python-%{srcname}
-Version:        40.0.2
-Release:        5%{?dist}
+Version:        41.0.7
+Release:        1%{?dist}
 Summary:        PyCA's cryptography library

 # cryptography is dual licensed under the Apache-2.0 and BSD-3-Clause,
@ -19,6 +19,9 @@ Source0:        https://github.com/pyca/cryptography/archive/%{version}/%{srcnam
 Source1:        cryptography-%{version}-vendor.tar.bz2
 Source2:        conftest-skipper.py

+Patch1:         pyo3-0.19.patch
+Patch2:         ouroboros-0.17.patch
+
 ExclusiveArch:  %{rust_arches}

 BuildRequires:  openssl-devel
@ -69,8 +72,11 @@ cryptography is a package designed to expose cryptographic primitives and
 recipes to Python developers.

 %prep
-%autosetup -p1 -n %{srcname}-%{version}
+%autosetup -p1 -N -n %{srcname}-%{version}
 %if 0%{?fedora}
+# patch pyo3 and ouroboros depedency
+%autopatch -p1 1
+%autopatch -p1 2
 %cargo_prep
 rm src/rust/Cargo.lock
 %else
@ -131,6 +137,19 @@ PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \
 %{python3_sitearch}/%{srcname}-%{version}-py*.egg-info

 %changelog
+* Thu Feb 01 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 41.0.7-1
+- Update to 41.0.7, fixes rhbz#2255351, CVE-2023-49083
+
+* Thu Feb 01 2024 Christian Heimes <cheimes@redhat.com> - 41.0.5-1
+- Update to 41.0.5, resolves RHBZ#2239707
+
+* Fri Dec 01 2023 Fabio Valentini <decathorpe@gmail.com> - 41.0.3-2
+- Rebuild for openssl crate >= v0.10.60 (RUSTSEC-2023-0044, RUSTSEC-2023-0072)
+
+* Wed Aug 09 2023 Christian Heimes <cheimes@redhat.com> - 41.0.3-1
+- Update to 41.0.3, resolves rhbz#2211237
+- Use pyo3 0.19
+
 * Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 40.0.2-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (cryptography-40.0.2.tar.gz) = 4f49a71cc7348cf90ff4e67d73486a07e065efdc3e321c7f2a642dd459057a90b1c26055bdbed076ebe5b8ea4ec544aaa62b9811fd62f0d818af7e0687b4aa9e
-SHA512 (cryptography-40.0.2-vendor.tar.bz2) = d45692545b50a1995837ec61b193f395bf4de021e3c4f059e3c3cc705b1b09628b1e8f00efd1d0f3f0936dc66e39cb2ac9defe484f952552e7b0e402e947fd6d
+SHA512 (cryptography-41.0.7.tar.gz) = 9a870d45296de6af1331e73b102226b8269892216cd7bc0adfb2f63ce1ca7021d338effd09182128253d8d8df154bbd19d46c47f10ddac86e739fcbf6df78307
+SHA512 (cryptography-41.0.7-vendor.tar.bz2) = dbf750a1ada4a9330939e3dae8311007a9e25808eb64c124c99981187d1bc04baba3a7d3b838c0cd9491e8350c382fb0f789a11abb21c633f2d78e8aba819b9e
Author	SHA1	Message	Date
Christian Heimes	df910351fd	Revert "Update to 42.0.5" This reverts commit `1df274c401`. Fedora 39 is missing recent versions of python-setuptools-rust, rust-pem, and rust-openssl.	2024-03-21 11:43:03 +01:00
Christian Heimes	1df274c401	Update to 42.0.5 resolves: rhbz#2251816 resolves: rhbz#2269618, CVE-2024-26130 Signed-off-by: Christian Heimes <cheimes@redhat.com>	2024-03-21 11:25:23 +01:00
Miro Hrončok	a637ff79d8	Fixup the %changelog dates	2024-02-04 16:56:24 +01:00
Benjamin A. Beasley	6ba28cbde7	Update to 41.0.7, fixes rhbz#2255351, CVE-2023-49083	2024-02-04 11:21:20 +01:00
Christian Heimes	1c95190536	Update to 41.0.5, resolves RHBZ#2239707	2024-02-04 11:21:20 +01:00
Christian Heimes	f238d21253	Build with ouroboros 0.17, fixes rhbz#2214228 / RUSTSEC-2023-0042	2024-02-04 11:21:18 +01:00
Fabio Valentini	bd9ff8df3f	Rebuild for openssl crate >= v0.10.60 (RUSTSEC-2023-0044, RUSTSEC-2023-0072)	2023-12-01 21:21:31 +01:00
Christian Heimes	542249a161	Update to 41.0.3 - Update to upstream version 41.0.3 - Use pyo3 0.19 Resolves: rhbz#2211237	2023-08-10 19:39:43 +02:00