Sync from SUSE:ALP:Source:Standard:1.0 python-cryptography revision 172113e5a04401a808a6d0332995a6b0

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

_multibuild

@@ -0,0 +1,3 @@
+<multibuild>
+  <package>test</package>
+</multibuild>

_service

@@ -0,0 +1,9 @@
+<services>
+  <service name="download_files" mode="manual"/>
+  <service name="cargo_vendor" mode="manual">
+    <param name="srcdir">cryptography-41.0.7/src/rust</param>
+    <param name="compression">zst</param>
+  </service>
+  <service name="cargo_audit" mode="manual">
+  </service>
+</services>

cargo_config

@@ -0,0 +1,5 @@
+[source.crates-io]
+replace-with = "vendored-sources"
+
+[source.vendored-sources]
+directory = "vendor"

no-pytest_benchmark.patch

@@ -0,0 +1,273 @@
+---
+ pyproject.toml                         |   31 -------------------------
+ src/cryptography.egg-info/requires.txt |    2 -
+ tests/bench/test_aead.py               |   40 ++++++++++++++++-----------------
+ tests/bench/test_ec_load.py            |    8 +++---
+ tests/bench/test_hashes.py             |    4 +--
+ tests/bench/test_hmac.py               |    4 +--
+ tests/bench/test_x509.py               |   16 ++++++-------
+ 7 files changed, 37 insertions(+), 68 deletions(-)
+
+--- a/pyproject.toml
++++ b/pyproject.toml
+@@ -69,8 +69,6 @@ ssh = ["bcrypt >=3.1.5"]
+ nox = ["nox"]
+ test = [
+     "pytest >=6.2.0",
+-    "pytest-benchmark",
+-    "pytest-cov",
+     "pytest-xdist",
+     "pretend",
+ ]
+@@ -85,7 +83,7 @@ line-length = 79
+ target-version = ["py37"]
+ 
+ [tool.pytest.ini_options]
+-addopts = "-r s --capture=no --strict-markers --benchmark-disable"
++addopts = "-r s --capture=no --strict-markers"
+ console_output_style = "progress-even-when-capture-no"
+ markers = [
+     "skip_fips: this test is not executed in FIPS mode",
+@@ -107,33 +105,6 @@ module = [
+ ]
+ ignore_missing_imports = true
+ 
+-[tool.coverage.run]
+-branch = true
+-relative_files = true
+-source = [
+-    "cryptography",
+-    "tests/",
+-]
+-
+-[tool.coverage.paths]
+-source = [
+-   "src/cryptography",
+-   "*.nox/*/lib*/python*/site-packages/cryptography",
+-   "*.nox\\*\\Lib\\site-packages\\cryptography",
+-   "*.nox/pypy/site-packages/cryptography",
+-]
+-tests =[
+-   "tests/",
+-   "*tests\\",
+-]
+-
+-[tool.coverage.report]
+-exclude_lines = [
+-    "@abc.abstractmethod",
+-    "@typing.overload",
+-    "if typing.TYPE_CHECKING",
+-]
+-
+ [tool.ruff]
+ # UP006: Minimum Python 3.9
+ # UP007, UP038: Minimum Python 3.10
+--- a/src/cryptography.egg-info/requires.txt
++++ b/src/cryptography.egg-info/requires.txt
+@@ -26,8 +26,6 @@ bcrypt>=3.1.5
+ 
+ [test]
+ pytest>=6.2.0
+-pytest-benchmark
+-pytest-cov
+ pytest-xdist
+ pretend
+ 
+--- a/tests/bench/test_aead.py
++++ b/tests/bench/test_aead.py
+@@ -19,84 +19,84 @@ from ..hazmat.primitives.test_aead impor
+     not _aead_supported(ChaCha20Poly1305),
+     reason="Requires OpenSSL with ChaCha20Poly1305 support",
+ )
+-def test_chacha20poly1305_encrypt(benchmark):
++def test_chacha20poly1305_encrypt():
+     chacha = ChaCha20Poly1305(b"\x00" * 32)
+-    benchmark(chacha.encrypt, b"\x00" * 12, b"hello world plaintext", b"")
++    chacha.encrypt(b"\x00" * 12, b"hello world plaintext", b"")
+ 
+ 
+ @pytest.mark.skipif(
+     not _aead_supported(ChaCha20Poly1305),
+     reason="Requires OpenSSL with ChaCha20Poly1305 support",
+ )
+-def test_chacha20poly1305_decrypt(benchmark):
++def test_chacha20poly1305_decrypt():
+     chacha = ChaCha20Poly1305(b"\x00" * 32)
+     ct = chacha.encrypt(b"\x00" * 12, b"hello world plaintext", b"")
+-    benchmark(chacha.decrypt, b"\x00" * 12, ct, b"")
++    chacha.decrypt(b"\x00" * 12, ct, b"")
+ 
+ 
+-def test_aesgcm_encrypt(benchmark):
++def test_aesgcm_encrypt():
+     aes = AESGCM(b"\x00" * 32)
+-    benchmark(aes.encrypt, b"\x00" * 12, b"hello world plaintext", None)
++    aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
+ 
+ 
+-def test_aesgcm_decrypt(benchmark):
++def test_aesgcm_decrypt():
+     aes = AESGCM(b"\x00" * 32)
+     ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
+-    benchmark(aes.decrypt, b"\x00" * 12, ct, None)
++    aes.decrypt(b"\x00" * 12, ct, None)
+ 
+ 
+ @pytest.mark.skipif(
+     not _aead_supported(AESSIV),
+     reason="Requires OpenSSL with AES-SIV support",
+ )
+-def test_aessiv_encrypt(benchmark):
++def test_aessiv_encrypt():
+     aes = AESSIV(b"\x00" * 32)
+-    benchmark(aes.encrypt, b"hello world plaintext", None)
++    aes.encrypt(b"hello world plaintext", None)
+ 
+ 
+ @pytest.mark.skipif(
+     not _aead_supported(AESSIV),
+     reason="Requires OpenSSL with AES-SIV support",
+ )
+-def test_aessiv_decrypt(benchmark):
++def test_aessiv_decrypt():
+     aes = AESSIV(b"\x00" * 32)
+     ct = aes.encrypt(b"hello world plaintext", None)
+-    benchmark(aes.decrypt, ct, None)
++    aes.decrypt(ct, None)
+ 
+ 
+ @pytest.mark.skipif(
+     not _aead_supported(AESOCB3),
+     reason="Requires OpenSSL with AES-OCB3 support",
+ )
+-def test_aesocb3_encrypt(benchmark):
++def test_aesocb3_encrypt():
+     aes = AESOCB3(b"\x00" * 32)
+-    benchmark(aes.encrypt, b"\x00" * 12, b"hello world plaintext", None)
++    aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
+ 
+ 
+ @pytest.mark.skipif(
+     not _aead_supported(AESOCB3),
+     reason="Requires OpenSSL with AES-OCB3 support",
+ )
+-def test_aesocb3_decrypt(benchmark):
++def test_aesocb3_decrypt():
+     aes = AESOCB3(b"\x00" * 32)
+     ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
+-    benchmark(aes.decrypt, b"\x00" * 12, ct, None)
++    aes.decrypt(b"\x00" * 12, ct, None)
+ 
+ 
+ @pytest.mark.skipif(
+     not _aead_supported(AESCCM),
+     reason="Requires OpenSSL with AES-CCM support",
+ )
+-def test_aesccm_encrypt(benchmark):
++def test_aesccm_encrypt():
+     aes = AESCCM(b"\x00" * 32)
+-    benchmark(aes.encrypt, b"\x00" * 12, b"hello world plaintext", None)
++    aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
+ 
+ 
+ @pytest.mark.skipif(
+     not _aead_supported(AESCCM),
+     reason="Requires OpenSSL with AES-CCM support",
+ )
+-def test_aesccm_decrypt(benchmark):
++def test_aesccm_decrypt():
+     aes = AESCCM(b"\x00" * 32)
+     ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
+-    benchmark(aes.decrypt, b"\x00" * 12, ct, None)
++    aes.decrypt(b"\x00" * 12, ct, None)
+--- a/tests/bench/test_ec_load.py
++++ b/tests/bench/test_ec_load.py
+@@ -5,9 +5,9 @@
+ from ..hazmat.primitives.fixtures_ec import EC_KEY_SECP256R1
+ 
+ 
+-def test_load_ec_public_numbers(benchmark):
+-    benchmark(EC_KEY_SECP256R1.public_numbers.public_key)
++def test_load_ec_public_numbers():
++    EC_KEY_SECP256R1.public_numbers.public_key()
+ 
+ 
+-def test_load_ec_private_numbers(benchmark):
+-    benchmark(EC_KEY_SECP256R1.private_key)
++def test_load_ec_private_numbers():
++    EC_KEY_SECP256R1.private_key()
+--- a/tests/bench/test_hashes.py
++++ b/tests/bench/test_hashes.py
+@@ -5,10 +5,10 @@
+ from cryptography.hazmat.primitives import hashes
+ 
+ 
+-def test_sha256(benchmark):
++def test_sha256():
+     def bench():
+         h = hashes.Hash(hashes.SHA256())
+         h.update(b"I love hashing. So much. The best.")
+         return h.finalize()
+ 
+-    benchmark(bench)
++    bench()
+--- a/tests/bench/test_hmac.py
++++ b/tests/bench/test_hmac.py
+@@ -5,10 +5,10 @@
+ from cryptography.hazmat.primitives import hashes, hmac
+ 
+ 
+-def test_hmac_sha256(benchmark):
++def test_hmac_sha256():
+     def bench():
+         h = hmac.HMAC(b"my extremely secure key", hashes.SHA256())
+         h.update(b"I love hashing. So much. The best.")
+         return h.finalize()
+ 
+-    benchmark(bench)
++    bench()
+--- a/tests/bench/test_x509.py
++++ b/tests/bench/test_x509.py
+@@ -9,34 +9,34 @@ from cryptography import x509
+ from ..utils import load_vectors_from_file
+ 
+ 
+-def test_object_identier_constructor(benchmark):
+-    benchmark(x509.ObjectIdentifier, "1.3.6.1.4.1.11129.2.4.5")
++def test_object_identier_constructor():
++    x509.ObjectIdentifier("1.3.6.1.4.1.11129.2.4.5")
+ 
+ 
+-def test_aki_public_bytes(benchmark):
++def test_aki_public_bytes():
+     aki = x509.AuthorityKeyIdentifier(
+         key_identifier=b"\x00" * 16,
+         authority_cert_issuer=None,
+         authority_cert_serial_number=None,
+     )
+-    benchmark(aki.public_bytes)
++    aki.public_bytes()
+ 
+ 
+-def test_load_der_certificate(benchmark):
++def test_load_der_certificate():
+     cert_bytes = load_vectors_from_file(
+         os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
+         loader=lambda pemfile: pemfile.read(),
+         mode="rb",
+     )
+ 
+-    benchmark(x509.load_der_x509_certificate, cert_bytes)
++    x509.load_der_x509_certificate(cert_bytes)
+ 
+ 
+-def test_load_pem_certificate(benchmark):
++def test_load_pem_certificate():
+     cert_bytes = load_vectors_from_file(
+         os.path.join("x509", "cryptography.io.pem"),
+         loader=lambda pemfile: pemfile.read(),
+         mode="rb",
+     )
+ 
+-    benchmark(x509.load_pem_x509_certificate, cert_bytes)
++    x509.load_pem_x509_certificate(cert_bytes)

python-cryptography.keyring

@@ -0,0 +1,34 @@
+pub   2048R/29F9ED98 2013-09-01
+uid                  Paul Kehrer <paul.l.kehrer@gmail.com>
+sub   2048R/9714E575 2013-09-01
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.22 (GNU/Linux)
+
+mQENBFIirTsBCADAeRXlWJkJ9SaKmR6+ox2aXOF3TCyfgtoJpf6WvBxbtoEpD//m
+5789KO9lPHQrJGR34E36kOkmkHfrLLtmnELCx/UNvLm3VuW31rL3RvTTrxe1Fyft
+5JQyYF/WSm6Bnj9yu8fVJUhSGe12SvODD7053bY1bSleMX5I6tGeIXJtih8b5u9u
+1WNv0rxZqGLKaYTzgmtNcyKGK9jLKtkRwPivpjgrjeGQ+OHf/mwFY+HEOQUw+Cj4
+5FsCo6jvj+n4r9mYu+Ut6zDOx0cWf66QhZvawDyB2TSSulJsudUETDmoJJ5X9PqH
+F/bHBdzc5I6HYy+CezSvDmjC+3DnIB//nXMPABEBAAG0JVBhdWwgS2VocmVyIDxw
+YXVsLmwua2VocmVyQGdtYWlsLmNvbT6JATgEEwECACIFAlIirTsCGwMGCwkIBwMC
+BhUIAgkKCwQWAgMBAh4BAheAAAoJECNa5fEp+e2YnM0H/i8bU3gQ/lMGli97Puui
+Sm5es3AwE+dC/ubaAB8Hcdm8UH50uOI6JcmLYYcjglnFEQSDzrKg649Dcvjx7hDN
+XoCx5V6dC8LcTVES5gGrRr/+ZXtsCVZn2TcLUMQ9bq1yb3jAYxOmWQ1rUvu0Kq+Z
+1j9IERKpt3MZcXBlOxHP6zIhaaerLLRn5+SjCHCAZQYsKh9f6fMoRvbmaLyKrLBn
+/n9/esn1b0joWEphwOER8UF5fckqDopovGojDXyNEKGGkXTkWtLk69AcaXcBI97X
+SqYUmzvnHcAPilpKmfdnvcGPrS/wSY/F4T71aeQ+1QoE83CfavNMQ09g4rETSr3e
+Vlq5AQ0EUiKtOwEIANRWXywm/B46dy2paG/dd1ApwdX3siIfnCKXEsLB1iTA5/HW
+BZ5+hHRYmI24RyBj9lVhS9UJzpKZE+KLOZRFwMGGp3TxntInflamuI3iC1N7XqCz
+gLMFJdHPO60LctbvOHTOx1Scb+AycmymF1HuUFbj1jlYUkwRPOiPvHHWkYQlfeUP
+MPFo/M7Ae5FxKA4PYfJRQl62wsBRNE5k7IwOmstyUUnDZXIxpB+wNvpxQpAvWT8B
+IyAvtlrkrE53frfyd0KUOR0iSHNcWcUL0L6XvsaOYb4i20bP7YE5XoVzzANbXTa1
+wVtz2yNoI7/8BLb2NMIacykUxryYtu6E9cmnwkkAEQEAAYkBHwQYAQIACQUCUiKt
+OwIbDAAKCRAjWuXxKfntmM/yB/91f/17kL4iAS05WgM1xvgmyYJ3FOgP3hyqD5Ur
+YkkmoFoF+r6bfBlW8AeOawYTvXinKdv9sM6q0EmiO+iqAuRRfaXZWCDqZdEpy+lv
+Ev3jhVyuf8O+d8VEILsKia0cmzn6F1UMdp3E9TDgXr1/hMCuABvbfWzEkRQrGHc2
+cWLXXxko3mykZMLkl0MPGjmzEh87RE55hLk5HroXaMtdyz1knfybVnXgOUxMuqc+
++wj499FP1jHvTEEknRopxsMe59+CdsoFBR9xs0Ets7K011P4CMKZZAXVwxF551QL
+xnqe0Tn1t76rxPJKpyvUM+WtakEVPffuQqSkU8dIJgwwXrZo
+=3pQn
+-----END PGP PUBLIC KEY BLOCK-----

python-cryptography.spec

@@ -0,0 +1,123 @@
+#
+# spec file
+#
+# Copyright (c) 2023 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%global rustflags '-Clink-arg=-Wl,-z,relro,-z,now'
+%global flavor @BUILD_FLAVOR@%{nil}
+%if "%{flavor}" == "test"
+%define psuffix -test
+%bcond_without test
+%else
+%define psuffix %{nil}
+%bcond_with test
+%endif
+%{?sle15_python_module_pythons}
+Name:           python-cryptography%{psuffix}
+Version:        41.0.7
+Release:        0
+Summary:        Python library which exposes cryptographic recipes and primitives
+License:        Apache-2.0 OR BSD-3-Clause
+Group:          Development/Languages/Python
+URL:            https://cryptography.io/en/latest/
+Source0:        https://files.pythonhosted.org/packages/source/c/cryptography/cryptography-%{version}.tar.gz
+# use `osc service disabledrun` to regenerate
+Source2:        vendor.tar.zst
+# use `osc service disabledrun` to regenerate
+Source3:        cargo_config
+Source4:        python-cryptography.keyring
+Patch2:         skip_openssl_memleak_test.patch
+# PATCH-FEATURE-OPENSUSE no-pytest_benchmark.patch mcepl@suse.com
+# We don't need no benchmarking and coverage measurement
+Patch4:         no-pytest_benchmark.patch
+BuildRequires:  %{python_module cffi >= 1.12}
+BuildRequires:  %{python_module devel}
+BuildRequires:  %{python_module exceptiongroup}
+BuildRequires:  %{python_module setuptools-rust}
+BuildRequires:  %{python_module setuptools}
+BuildRequires:  cargo >= 1.56.0
+BuildRequires:  fdupes
+BuildRequires:  libopenssl-devel
+BuildRequires:  pkgconfig
+BuildRequires:  python-rpm-macros
+BuildRequires:  rust >= 1.56.0
+BuildRequires:  zstd
+BuildRequires:  pkgconfig(libffi)
+# python-base is not enough, we need the _ssl module
+Requires:       python
+%requires_eq    python-cffi
+%if %{with test}
+BuildRequires:  %{python_module cryptography >= %{version}}
+BuildRequires:  %{python_module cryptography-vectors = %{version}}
+BuildRequires:  %{python_module hypothesis >= 1.11.4}
+BuildRequires:  %{python_module iso8601}
+BuildRequires:  %{python_module pretend}
+BuildRequires:  %{python_module pytest > 6.0}
+BuildRequires:  %{python_module pytest-subtests}
+BuildRequires:  %{python_module pytest-xdist}
+BuildRequires:  %{python_module pytz}
+%endif
+%python_subpackages
+
+%description
+cryptography is a package designed to expose cryptographic
+recipes and primitives to Python developers.  Our goal is
+for it to be your "cryptographic standard library". It
+supports Python 2.7, Python 3.4+, and PyPy-5.3+.
+
+cryptography includes both high level recipes, and low
+level interfaces to common cryptographic algorithms such as
+symmetric ciphers, message digests and key derivation
+functions.
+
+%prep
+%autosetup -a2 -p1 -n cryptography-%{version}
+cp %{SOURCE3} .cargo/config
+rm -v src/rust/Cargo.lock
+
+%build
+# https://github.com/pyca/cryptography/issues/9023
+%global _lto_cflags %{nil}
+export RUSTFLAGS=%{rustflags}
+export CFLAGS="%{optflags} -fno-strict-aliasing"
+%python_build
+
+%install
+%if !%{with test}
+export RUSTFLAGS=%{rustflags}
+# Actually other *.c and *.h are appropriate
+# see https://github.com/pyca/cryptography/issues/1463
+find . -name .keep -print -delete
+
+%python_install
+%python_expand %fdupes %{buildroot}%{$python_sitearch}
+%endif
+
+%if %{with test}
+%check
+# won't work for cryptography
+%pytest_arch -n auto --ignore-glob=vendor/*
+%endif
+
+%if !%{with test}
+%files %{python_files}
+%license LICENSE LICENSE.APACHE LICENSE.BSD
+%doc CONTRIBUTING.rst CHANGELOG.rst README.rst
+%{python_sitearch}/cryptography
+%{python_sitearch}/cryptography-%{version}*-info
+%endif
+
+%changelog

skip_openssl_memleak_test.patch

@@ -0,0 +1,23 @@
+---
+ tests/hazmat/backends/test_openssl_memleak.py |   10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+--- a/tests/hazmat/backends/test_openssl_memleak.py
++++ b/tests/hazmat/backends/test_openssl_memleak.py
+@@ -203,12 +203,10 @@ def assert_no_memory_leaks(s, argv=[]):
+ 
+ 
+ def skip_if_memtesting_not_supported():
+-    return pytest.mark.skipif(
+-        not Binding().lib.Cryptography_HAS_MEM_FUNCTIONS
+-        or platform.python_implementation() == "PyPy",
+-        reason="Requires OpenSSL memory functions (>=1.1.0) and not PyPy",
+-    )
+-
++    return pytest.mark.skip(
++        reason="Our FIPS openssl startup code invokes CRYPTO_malloc() which prevents later debugging via CRYPTO_set_mem_functions()"
++     )
++
+ 
+ @pytest.mark.skip_fips(reason="FIPS self-test sets allow_customize = 0")
+ @skip_if_memtesting_not_supported()