Compare commits
2 commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
3c5ffc257b |
||
|
189a558764 |
7 changed files with 101 additions and 84 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
|
@ -61,3 +61,5 @@
|
|||
/cryptography-41.0.5.tar.gz
|
||||
/cryptography-41.0.7.tar.gz
|
||||
/cryptography-41.0.7-vendor.tar.bz2
|
||||
/cryptography-42.0.5.tar.gz
|
||||
/cryptography-42.0.5-vendor.tar.bz2
|
||||
|
|
|
|||
|
|
@ -1,13 +0,0 @@
|
|||
diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml
|
||||
index 9dd060f8b..8004c7e76 100644
|
||||
--- a/src/rust/Cargo.toml
|
||||
+++ b/src/rust/Cargo.toml
|
||||
@@ -15,7 +15,7 @@ cryptography-cffi = { path = "cryptography-cffi" }
|
||||
cryptography-x509 = { path = "cryptography-x509" }
|
||||
cryptography-openssl = { path = "cryptography-openssl" }
|
||||
pem = "1.1"
|
||||
-ouroboros = "0.15"
|
||||
+ouroboros = "0.17"
|
||||
openssl = "0.10.54"
|
||||
openssl-sys = "0.9.88"
|
||||
foreign-types-shared = "0.1"
|
||||
|
|
@ -1,52 +0,0 @@
|
|||
diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml
|
||||
index 01fba147e..9dd060f8b 100644
|
||||
--- a/src/rust/Cargo.toml
|
||||
+++ b/src/rust/Cargo.toml
|
||||
@@ -9,7 +9,7 @@ rust-version = "1.56.0"
|
||||
|
||||
[dependencies]
|
||||
once_cell = "1"
|
||||
-pyo3 = { version = "0.18", features = ["abi3-py37"] }
|
||||
+pyo3 = { version = "0.19", features = ["abi3-py37"] }
|
||||
asn1 = { version = "0.15.2", default-features = false }
|
||||
cryptography-cffi = { path = "cryptography-cffi" }
|
||||
cryptography-x509 = { path = "cryptography-x509" }
|
||||
diff --git a/src/rust/cryptography-cffi/Cargo.toml b/src/rust/cryptography-cffi/Cargo.toml
|
||||
index 65051c2a4..24e53991b 100644
|
||||
--- a/src/rust/cryptography-cffi/Cargo.toml
|
||||
+++ b/src/rust/cryptography-cffi/Cargo.toml
|
||||
@@ -8,7 +8,7 @@ publish = false
|
||||
rust-version = "1.56.0"
|
||||
|
||||
[dependencies]
|
||||
-pyo3 = { version = "0.18", features = ["abi3-py37"] }
|
||||
+pyo3 = { version = "0.19", features = ["abi3-py37"] }
|
||||
openssl-sys = "0.9.88"
|
||||
|
||||
[build-dependencies]
|
||||
diff --git a/src/rust/src/x509/crl.rs b/src/rust/src/x509/crl.rs
|
||||
index 923015035..1380d6eb8 100644
|
||||
--- a/src/rust/src/x509/crl.rs
|
||||
+++ b/src/rust/src/x509/crl.rs
|
||||
@@ -145,7 +145,7 @@ impl CertificateRevocationList {
|
||||
revoked_certs
|
||||
});
|
||||
|
||||
- if idx.is_instance_of::<pyo3::types::PySlice>()? {
|
||||
+ if idx.is_instance_of::<pyo3::types::PySlice>() {
|
||||
let indices = idx
|
||||
.downcast::<pyo3::types::PySlice>()?
|
||||
.indices(self.len().try_into().unwrap())?;
|
||||
diff --git a/src/rust/src/x509/extensions.rs b/src/rust/src/x509/extensions.rs
|
||||
index 98d1bd63b..dcf28833f 100644
|
||||
--- a/src/rust/src/x509/extensions.rs
|
||||
+++ b/src/rust/src/x509/extensions.rs
|
||||
@@ -211,7 +211,7 @@ fn encode_certificate_policies(
|
||||
let mut qualifiers = vec![];
|
||||
for py_qualifier in py_policy_qualifiers.iter()? {
|
||||
let py_qualifier = py_qualifier?;
|
||||
- let qualifier = if py_qualifier.is_instance_of::<pyo3::types::PyString>()? {
|
||||
+ let qualifier = if py_qualifier.is_instance_of::<pyo3::types::PyString>() {
|
||||
let cps_uri = match asn1::IA5String::new(py_qualifier.extract()?) {
|
||||
Some(s) => s,
|
||||
None => {
|
||||
|
|
@ -5,7 +5,7 @@
|
|||
%global srcname cryptography
|
||||
|
||||
Name: python-%{srcname}
|
||||
Version: 41.0.7
|
||||
Version: 42.0.5
|
||||
Release: 1%{?dist}
|
||||
Summary: PyCA's cryptography library
|
||||
|
||||
|
|
@ -19,8 +19,7 @@ Source0: https://github.com/pyca/cryptography/archive/%{version}/%{srcnam
|
|||
Source1: cryptography-%{version}-vendor.tar.bz2
|
||||
Source2: conftest-skipper.py
|
||||
|
||||
Patch1: pyo3-0.19.patch
|
||||
Patch2: ouroboros-0.17.patch
|
||||
Patch1: skip-overflow-tests-32bit.patch
|
||||
|
||||
ExclusiveArch: %{rust_arches}
|
||||
|
||||
|
|
@ -29,8 +28,6 @@ BuildRequires: gcc
|
|||
BuildRequires: gnupg2
|
||||
%if 0%{?fedora}
|
||||
BuildRequires: rust-packaging
|
||||
# test_load_with_other_sections in 40.0 fails with pem 1.1.0
|
||||
BuildRequires: rust-pem-devel >= 1.1.1
|
||||
%else
|
||||
BuildRequires: rust-toolset
|
||||
%endif
|
||||
|
|
@ -48,6 +45,7 @@ BuildRequires: python%{python3_pkgversion}-pretend
|
|||
BuildRequires: python%{python3_pkgversion}-pytest-xdist
|
||||
BuildRequires: python%{python3_pkgversion}-pytz
|
||||
%endif
|
||||
BuildRequires: python%{python3_pkgversion}-certifi
|
||||
BuildRequires: python%{python3_pkgversion}-pytest >= 6.2.0
|
||||
BuildRequires: python%{python3_pkgversion}-pytest-benchmark
|
||||
BuildRequires: python%{python3_pkgversion}-pytest-subtests >= 0.5.0
|
||||
|
|
@ -73,10 +71,8 @@ recipes to Python developers.
|
|||
|
||||
%prep
|
||||
%autosetup -p1 -N -n %{srcname}-%{version}
|
||||
%if 0%{?fedora}
|
||||
# patch pyo3 and ouroboros depedency
|
||||
%autopatch -p1 1
|
||||
%autopatch -p1 2
|
||||
%if 0%{?fedora}
|
||||
%cargo_prep
|
||||
rm src/rust/Cargo.lock
|
||||
%else
|
||||
|
|
@ -84,27 +80,33 @@ rm src/rust/Cargo.lock
|
|||
%cargo_prep -V 1
|
||||
%endif
|
||||
|
||||
%if 0%{?fedora}
|
||||
# Remove cosmetical pytest-subtests 0.10.0 option
|
||||
sed -i 's,--no-subtests-shortletter,,' pyproject.toml
|
||||
|
||||
|
||||
%generate_buildrequires
|
||||
%pyproject_buildrequires -t
|
||||
%if 0%{?fedora}
|
||||
# Fedora: use RPMified crates
|
||||
cd src/rust
|
||||
%cargo_generate_buildrequires
|
||||
cd ../..
|
||||
%endif
|
||||
|
||||
# Remove cosmetical pytest-subtests 0.10.0 option
|
||||
sed -i 's,--no-subtests-shortletter,,' pyproject.toml
|
||||
|
||||
%build
|
||||
export RUSTFLAGS="%build_rustflags"
|
||||
export OPENSSL_NO_VENDOR=1
|
||||
%py3_build
|
||||
%pyproject_wheel
|
||||
|
||||
|
||||
%install
|
||||
# Actually other *.c and *.h are appropriate
|
||||
# see https://github.com/pyca/cryptography/issues/1463
|
||||
find . -name .keep -print -delete
|
||||
%py3_install
|
||||
%pyproject_install
|
||||
%pyproject_save_files %{srcname}
|
||||
|
||||
|
||||
%check
|
||||
%if %{with tests}
|
||||
|
|
@ -130,13 +132,18 @@ PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \
|
|||
-k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve or test_decrypt_invalid_decrypt or test_openssl_memleak or test_load_invalid_ec_key_from_pem)"
|
||||
%endif
|
||||
|
||||
%files -n python%{python3_pkgversion}-%{srcname}
|
||||
|
||||
%files -n python%{python3_pkgversion}-%{srcname} -f %{pyproject_files}
|
||||
%doc README.rst docs
|
||||
%license LICENSE LICENSE.APACHE LICENSE.BSD
|
||||
%{python3_sitearch}/%{srcname}
|
||||
%{python3_sitearch}/%{srcname}-%{version}-py*.egg-info
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Mar 06 2024 Christian Heimes <cheimes@redhat.com> - 42.0.1-5
|
||||
- Update to 42.0.5, resolves RHBZ#2251816
|
||||
- fixes rhbz#2269618, CVE-2024-26130
|
||||
- Modernize spec file to use pyproject RPM macros
|
||||
|
||||
* Thu Feb 01 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 41.0.7-1
|
||||
- Update to 41.0.7, fixes rhbz#2255351, CVE-2023-49083
|
||||
|
||||
|
|
|
|||
73
skip-overflow-tests-32bit.patch
Normal file
73
skip-overflow-tests-32bit.patch
Normal file
|
|
@ -0,0 +1,73 @@
|
|||
From d741901dddd731895346636c0d3556c6fa51fbe6 Mon Sep 17 00:00:00 2001
|
||||
From: Paul Kehrer <paul.l.kehrer@gmail.com>
|
||||
Date: Thu, 8 Feb 2024 09:11:21 -0600
|
||||
Subject: [PATCH] skip overflow aead tests on 32-bit systems
|
||||
|
||||
---
|
||||
tests/hazmat/primitives/test_aead.py | 18 ++++++++++++------
|
||||
1 file changed, 12 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/tests/hazmat/primitives/test_aead.py b/tests/hazmat/primitives/test_aead.py
|
||||
index a1f99ab815ed..2f0d52d82682 100644
|
||||
--- a/tests/hazmat/primitives/test_aead.py
|
||||
+++ b/tests/hazmat/primitives/test_aead.py
|
||||
@@ -56,7 +56,8 @@ def test_chacha20poly1305_unsupported_on_older_openssl(backend):
|
||||
)
|
||||
class TestChaCha20Poly1305:
|
||||
@pytest.mark.skipif(
|
||||
- sys.platform not in {"linux", "darwin"}, reason="mmap required"
|
||||
+ sys.platform not in {"linux", "darwin"} or sys.maxsize < 2**31,
|
||||
+ reason="mmap and 64-bit platform required",
|
||||
)
|
||||
def test_data_too_large(self):
|
||||
key = ChaCha20Poly1305.generate_key()
|
||||
@@ -197,7 +198,8 @@ def test_buffer_protocol(self, backend):
|
||||
)
|
||||
class TestAESCCM:
|
||||
@pytest.mark.skipif(
|
||||
- sys.platform not in {"linux", "darwin"}, reason="mmap required"
|
||||
+ sys.platform not in {"linux", "darwin"} or sys.maxsize < 2**31,
|
||||
+ reason="mmap and 64-bit platform required",
|
||||
)
|
||||
def test_data_too_large(self):
|
||||
key = AESCCM.generate_key(128)
|
||||
@@ -378,7 +380,8 @@ def _load_gcm_vectors():
|
||||
|
||||
class TestAESGCM:
|
||||
@pytest.mark.skipif(
|
||||
- sys.platform not in {"linux", "darwin"}, reason="mmap required"
|
||||
+ sys.platform not in {"linux", "darwin"} or sys.maxsize < 2**31,
|
||||
+ reason="mmap and 64-bit platform required",
|
||||
)
|
||||
def test_data_too_large(self):
|
||||
key = AESGCM.generate_key(128)
|
||||
@@ -525,7 +528,8 @@ def test_aesocb3_unsupported_on_older_openssl(backend):
|
||||
)
|
||||
class TestAESOCB3:
|
||||
@pytest.mark.skipif(
|
||||
- sys.platform not in {"linux", "darwin"}, reason="mmap required"
|
||||
+ sys.platform not in {"linux", "darwin"} or sys.maxsize < 2**31,
|
||||
+ reason="mmap and 64-bit platform required",
|
||||
)
|
||||
def test_data_too_large(self):
|
||||
key = AESOCB3.generate_key(128)
|
||||
@@ -700,7 +704,8 @@ def test_buffer_protocol(self, backend):
|
||||
)
|
||||
class TestAESSIV:
|
||||
@pytest.mark.skipif(
|
||||
- sys.platform not in {"linux", "darwin"}, reason="mmap required"
|
||||
+ sys.platform not in {"linux", "darwin"} or sys.maxsize < 2**31,
|
||||
+ reason="mmap and 64-bit platform required",
|
||||
)
|
||||
def test_data_too_large(self):
|
||||
key = AESSIV.generate_key(256)
|
||||
@@ -844,7 +849,8 @@ def test_buffer_protocol(self, backend):
|
||||
)
|
||||
class TestAESGCMSIV:
|
||||
@pytest.mark.skipif(
|
||||
- sys.platform not in {"linux", "darwin"}, reason="mmap required"
|
||||
+ sys.platform not in {"linux", "darwin"} or sys.maxsize < 2**31,
|
||||
+ reason="mmap and 64-bit platform required",
|
||||
)
|
||||
def test_data_too_large(self):
|
||||
key = AESGCMSIV.generate_key(256)
|
||||
4
sources
4
sources
|
|
@ -1,2 +1,2 @@
|
|||
SHA512 (cryptography-41.0.7.tar.gz) = 9a870d45296de6af1331e73b102226b8269892216cd7bc0adfb2f63ce1ca7021d338effd09182128253d8d8df154bbd19d46c47f10ddac86e739fcbf6df78307
|
||||
SHA512 (cryptography-41.0.7-vendor.tar.bz2) = dbf750a1ada4a9330939e3dae8311007a9e25808eb64c124c99981187d1bc04baba3a7d3b838c0cd9491e8350c382fb0f789a11abb21c633f2d78e8aba819b9e
|
||||
SHA512 (cryptography-42.0.5.tar.gz) = 112a1f6395e0c9bf646118100c6285684eabf021d7c8912bbdbc165d5c27fbf9f9f2fffb144d63453b21f8461a172ab49d2b79ed2b80f409489a07d5ddc54bc9
|
||||
SHA512 (cryptography-42.0.5-vendor.tar.bz2) = 5c8da064f28183d759f0e39077f671297abedd43b40461a6e9fe2390e142945dc5ee54cdf4cfbbc33d9973a9bd95f33312dd5888e2422569f18b4a17ff75f6c4
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ import sys
|
|||
|
||||
VENDOR_DIR = "vendor"
|
||||
CARGO_TOML = "src/rust/Cargo.toml"
|
||||
RE_VERSION = re.compile("Version:\s*(.*)")
|
||||
RE_VERSION = re.compile(r"Version:\s*(.*)")
|
||||
|
||||
parser = argparse.ArgumentParser(description="Vendor Rust packages")
|
||||
parser.add_argument(
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue