SLFO-pool/python-cryptography
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:1.1 python-cryptography revision 8d8e3e25d91408e1046f56c99c1064e0

Browse Source
This commit is contained in:
Adrian Schröter
2025-04-16 00:45:32 +02:00
parent c0ae9d6437
commit 9eb7c01d68
7 changed files with 85 additions and 249 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
_service
View File

@@ -1,7 +1,7 @@
<services>
<service name="download_files" mode="manual"/>
<service name="cargo_vendor" mode="manual">
<param name="srcdir">cryptography-*</param>
<param name="srcdir">cryptography-42.0.2/src/rust</param>
<param name="compression">zst</param>
</service>
</services>

BIN
cryptography-42.0.4.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
cryptography-44.0.0.tar.gz (Stored with Git LFS)
View File

Binary file not shown.

109
no-pytest_benchmark.patch
View File

@@ -1,17 +1,28 @@
diff -ruN cryptography-44.0.0.orig/pyproject.toml cryptography-44.0.0/pyproject.toml
--- cryptography-44.0.0.orig/pyproject.toml 2025-01-26 18:48:58.157318687 +0800
+++ cryptography-44.0.0/pyproject.toml 2025-01-26 18:56:46.010819868 +0800
@@ -67,8 +67,6 @@
---
pyproject.toml | 31 -------------------------
src/cryptography.egg-info/requires.txt | 2 -
tests/bench/test_aead.py | 40 ++++++++++++++++-----------------
tests/bench/test_ec_load.py | 8 +++---
tests/bench/test_hashes.py | 4 +--
tests/bench/test_hmac.py | 4 +--
tests/bench/test_x509.py | 16 ++++++-------
7 files changed, 37 insertions(+), 68 deletions(-)
Index: cryptography-42.0.1/pyproject.toml
===================================================================
--- cryptography-42.0.1.orig/pyproject.toml
+++ cryptography-42.0.1/pyproject.toml
@@ -71,8 +71,6 @@ ssh = ["bcrypt >=3.1.5"]
nox = ["nox"]
test = [
"cryptography_vectors==44.0.0",
"pytest >=7.4.0",
- "pytest-benchmark >=4.0",
- "pytest-cov >=2.10.1",
"pytest-xdist >=3.5.0",
"pretend >=0.7",
"certifi >=2024",
@@ -118,7 +116,7 @@
]
"pytest >=6.2.0",
- "pytest-benchmark",
- "pytest-cov",
"pytest-xdist",
"pretend",
"certifi",
@@ -92,7 +90,7 @@ rust-version = ">=1.63.0"
[tool.pytest.ini_options]
-addopts = "-r s --capture=no --strict-markers --benchmark-disable"
@@ -19,7 +30,7 @@ diff -ruN cryptography-44.0.0.orig/pyproject.toml cryptography-44.0.0/pyproject.
console_output_style = "progress-even-when-capture-no"
markers = [
"skip_fips: this test is not executed in FIPS mode",
@@ -140,33 +138,6 @@
@@ -114,33 +112,6 @@ module = [
]
ignore_missing_imports = true
@@ -33,14 +44,14 @@ diff -ruN cryptography-44.0.0.orig/pyproject.toml cryptography-44.0.0/pyproject.
-
-[tool.coverage.paths]
-source = [
- "src/cryptography",
- "*.nox/*/lib*/python*/site-packages/cryptography",
- "*.nox\\*\\Lib\\site-packages\\cryptography",
- "*.nox/pypy/site-packages/cryptography",
- "src/cryptography",
- "*.nox/*/lib*/python*/site-packages/cryptography",
- "*.nox\\*\\Lib\\site-packages\\cryptography",
- "*.nox/pypy/site-packages/cryptography",
-]
-tests = [
- "tests/",
- "*tests\\",
-tests =[
- "tests/",
- "*tests\\",
-]
-
-[tool.coverage.report]
@@ -51,12 +62,26 @@ diff -ruN cryptography-44.0.0.orig/pyproject.toml cryptography-44.0.0/pyproject.
-]
-
[tool.ruff]
line-length = 79
ignore = ['N818']
select = ['E', 'F', 'I', 'N', 'W', 'UP', 'RUF']
Index: cryptography-42.0.1/src/cryptography.egg-info/requires.txt
===================================================================
--- cryptography-42.0.1.orig/src/cryptography.egg-info/requires.txt
+++ cryptography-42.0.1/src/cryptography.egg-info/requires.txt
@@ -28,8 +28,6 @@ bcrypt>=3.1.5
diff -ruN cryptography-44.0.0.orig/tests/bench/test_aead.py cryptography-44.0.0/tests/bench/test_aead.py
--- cryptography-44.0.0.orig/tests/bench/test_aead.py 2025-01-26 18:48:58.218037106 +0800
+++ cryptography-44.0.0/tests/bench/test_aead.py 2025-01-26 18:57:45.747649958 +0800
@@ -26,84 +26,84 @@
[test]
pytest>=6.2.0
-pytest-benchmark
-pytest-cov
pytest-xdist
pretend
certifi
Index: cryptography-42.0.1/tests/bench/test_aead.py
===================================================================
--- cryptography-42.0.1.orig/tests/bench/test_aead.py
+++ cryptography-42.0.1/tests/bench/test_aead.py
@@ -26,84 +26,84 @@ def _aead_supported(cls):
not _aead_supported(ChaCha20Poly1305),
reason="Requires OpenSSL with ChaCha20Poly1305 support",
)
@@ -161,9 +186,10 @@ diff -ruN cryptography-44.0.0.orig/tests/bench/test_aead.py cryptography-44.0.0/
ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
- benchmark(aes.decrypt, b"\x00" * 12, ct, None)
+ aes.decrypt(b"\x00" * 12, ct, None)
diff -ruN cryptography-44.0.0.orig/tests/bench/test_ec_load.py cryptography-44.0.0/tests/bench/test_ec_load.py
--- cryptography-44.0.0.orig/tests/bench/test_ec_load.py 2025-01-26 18:48:58.218037106 +0800
+++ cryptography-44.0.0/tests/bench/test_ec_load.py 2025-01-26 18:57:45.748641371 +0800
Index: cryptography-42.0.1/tests/bench/test_ec_load.py
===================================================================
--- cryptography-42.0.1.orig/tests/bench/test_ec_load.py
+++ cryptography-42.0.1/tests/bench/test_ec_load.py
@@ -5,9 +5,9 @@
from ..hazmat.primitives.fixtures_ec import EC_KEY_SECP256R1
@@ -178,9 +204,10 @@ diff -ruN cryptography-44.0.0.orig/tests/bench/test_ec_load.py cryptography-44.0
- benchmark(EC_KEY_SECP256R1.private_key)
+def test_load_ec_private_numbers():
+ EC_KEY_SECP256R1.private_key()
diff -ruN cryptography-44.0.0.orig/tests/bench/test_hashes.py cryptography-44.0.0/tests/bench/test_hashes.py
--- cryptography-44.0.0.orig/tests/bench/test_hashes.py 2025-01-26 18:48:58.218037106 +0800
+++ cryptography-44.0.0/tests/bench/test_hashes.py 2025-01-26 18:57:45.748943321 +0800
Index: cryptography-42.0.1/tests/bench/test_hashes.py
===================================================================
--- cryptography-42.0.1.orig/tests/bench/test_hashes.py
+++ cryptography-42.0.1/tests/bench/test_hashes.py
@@ -5,10 +5,10 @@
from cryptography.hazmat.primitives import hashes
@@ -194,9 +221,10 @@ diff -ruN cryptography-44.0.0.orig/tests/bench/test_hashes.py cryptography-44.0.
- benchmark(bench)
+ bench()
diff -ruN cryptography-44.0.0.orig/tests/bench/test_hmac.py cryptography-44.0.0/tests/bench/test_hmac.py
--- cryptography-44.0.0.orig/tests/bench/test_hmac.py 2025-01-26 18:48:58.218037106 +0800
+++ cryptography-44.0.0/tests/bench/test_hmac.py 2025-01-26 18:57:45.749219559 +0800
Index: cryptography-42.0.1/tests/bench/test_hmac.py
===================================================================
--- cryptography-42.0.1.orig/tests/bench/test_hmac.py
+++ cryptography-42.0.1/tests/bench/test_hmac.py
@@ -5,10 +5,10 @@
from cryptography.hazmat.primitives import hashes, hmac
@@ -210,10 +238,11 @@ diff -ruN cryptography-44.0.0.orig/tests/bench/test_hmac.py cryptography-44.0.0/
- benchmark(bench)
+ bench()
diff -ruN cryptography-44.0.0.orig/tests/bench/test_x509.py cryptography-44.0.0/tests/bench/test_x509.py
--- cryptography-44.0.0.orig/tests/bench/test_x509.py 2025-01-26 18:48:58.218037106 +0800
+++ cryptography-44.0.0/tests/bench/test_x509.py 2025-01-26 18:57:45.749471922 +0800
@@ -13,40 +13,40 @@
Index: cryptography-42.0.1/tests/bench/test_x509.py
===================================================================
--- cryptography-42.0.1.orig/tests/bench/test_x509.py
+++ cryptography-42.0.1/tests/bench/test_x509.py
@@ -13,40 +13,40 @@ from cryptography import x509
from ..utils import load_vectors_from_file
@@ -263,7 +292,7 @@ diff -ruN cryptography-44.0.0.orig/tests/bench/test_x509.py cryptography-44.0.0/
limbo_root = pytestconfig.getoption("--x509-limbo-root", skip=True)
with open(os.path.join(limbo_root, "limbo.json"), "rb") as f:
[testcase] = [
@@ -78,4 +78,4 @@
@@ -78,4 +78,4 @@ def test_verify_docs_python_org(benchmar
)
verifier.verify(leaf, intermediates)

187
python-cryptography.changes
View File

@@ -1,190 +1,3 @@
-------------------------------------------------------------------
Sun Jan 26 10:59:13 UTC 2025 - Soc Virnyl Estela <uncomfyhalomacro@opensuse.org>
- Update to version 44.0.0:
* BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.9.
* Deprecated Python 3.7 support. Python 3.7 is no longer supported by
the Python core team. Support for Python 3.7 will be removed in a future
cryptography release.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.0.
* macOS wheels are now built against the macOS 10.13 SDK. Users on older
versions of macOS should upgrade, or they will need to build cryptography
themselves.
* Enforce the RFC 5280 requirement that extended key usage extensions must not be empty.
* Added support for timestamp extraction to the :class:`~cryptography.fernet.MultiFernet` class.
* Relax the Authority Key Identifier requirements on root CA certificates
during X.509 verification to allow fields permitted by RFC 5280 but
forbidden by the CA/Browser BRs.
* Added support for
:class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id` when using
OpenSSL 3.2.0+.
* Added support for the :class:`~cryptography.x509.Admissions` certificate extension.
* Added basic support for PKCS7 decryption (including S/MIME 3.2) via
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_der`,
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_pem`,
and :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_smime`.
- Update specfile to accommodate new project structure at version 44.0.0
- Update no-pytest_benchmark.patch
-------------------------------------------------------------------
Fri Nov 8 10:08:46 UTC 2024 - Ben Greiner <code@bnavigator.de>
- Fix requires_eq replacement for distributions which do not have
python3-cffi installed (such as SLE15 python module pythons)
* gh#openSUSE/python-rpm-macros#185
- Remove outdated section in description
-------------------------------------------------------------------
Tue Nov 5 08:03:40 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Avoid using requires_eq, which after the last modifications
conflicts with python singlespec (order of expansion).
-------------------------------------------------------------------
Tue Oct 22 13:26:21 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 43.0.3:
* Fixed release metadata for cryptography-vectors
* Fixed compilation when using LibreSSL 4.0.0.
-------------------------------------------------------------------
Sat Sep 28 19:45:04 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 43.0.1:
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.3.2.
-------------------------------------------------------------------
Sun Sep 15 08:51:52 UTC 2024 - Andreas Schneider <asn@cryptomilk.org>
- Fix building on SLE based distributions
-------------------------------------------------------------------
Mon Aug 12 20:36:00 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
- Fix building optimized binaries with debuginfo.
-------------------------------------------------------------------
Wed Jul 31 21:45:43 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
- Update building of Rust modules to use modern cargo_vendor
service
- Remove unneeded use-offline-build.patch
-------------------------------------------------------------------
Fri Jul 26 10:33:45 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 43.0.0:
* BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e
has been removed. Users on older version of OpenSSL will
need to upgrade.
* BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8.
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.3.1.
* Updated the minimum supported Rust version (MSRV) to 1.65.0,
from 1.63.0.
* :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generat
e_private_key` now enforces a minimum RSA key size of
1024-bit. Note that 1024-bit is still considered insecure,
users should generally use a key size of 2048-bits.
* :func:`~cryptography.hazmat.primitives.serialization.pkcs7.se
rialize_certificates` now emits ASN.1 that more closely
follows the recommendations in RFC 2315.
* Added new :doc:`/hazmat/decrepit/index` module which contains
outdated and insecure cryptographic primitives. :class:`~cryp
tography.hazmat.primitives.ciphers.algorithms.CAST5`, :class:
`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`, :c
lass:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA
`, and :class:`~cryptography.hazmat.primitives.ciphers.algori
thms.Blowfish`, which were deprecated in 37.0.0, have been
added to this module. They will be removed from the cipher
module in 45.0.0.
* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorit
hms.TripleDES` and :class:`~cryptography.hazmat.primitives.ci
phers.algorithms.ARC4` into :doc:`/hazmat/decrepit/index` and
deprecated them in the cipher module. They will be removed
from the cipher module in 48.0.0.
* Added support for deterministic
:class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDSA`
(RFC 6979)
* Added support for client certificate verification to the
:mod:`X.509 path validation <cryptography.x509.verification>`
APIs in the form of
:class:`~cryptography.x509.verification.ClientVerifier`,
:class:`~cryptography.x509.verification.VerifiedClient`, and
PolicyBuilder :meth:`~cryptography.x509.verification.PolicyBu
ilder.build_client_verifier`.
* Added Certificate :attr:`~cryptography.x509.Certificate.publi
c_key_algorithm_oid` and Certificate Signing Request :attr:`~
cryptography.x509.CertificateSigningRequest.public_key_algori
thm_oid` to determine the
:class:`~cryptography.hazmat._oid.PublicKeyAlgorithmOID`
Object Identifier of the public key found inside the
certificate.
* Added :attr:`~cryptography.x509.InvalidityDate.invalidity_dat
e_utc`, a timezone-aware alternative to the naïve datetime
attribute
:attr:`~cryptography.x509.InvalidityDate.invalidity_date`.
* Added support for parsing empty DN string in
:meth:`~cryptography.x509.Name.from_rfc4514_string`.
* Added the following properties that return timezone-aware
datetime objects:
:meth:`~cryptography.x509.ocsp.OCSPResponse.produced_at_utc`,
:meth:`~cryptography.x509.ocsp.OCSPResponse.revocation_time_u
tc`,
:meth:`~cryptography.x509.ocsp.OCSPResponse.this_update_utc`,
:meth:`~cryptography.x509.ocsp.OCSPResponse.next_update_utc`,
:meth:`~cryptography.x509.ocsp.OCSPSingleResponse.revocation_
time_utc`, :meth:`~cryptography.x509.ocsp.OCSPSingleResponse.
this_update_utc`, :meth:`~cryptography.x509.ocsp.OCSPSingleRe
sponse.next_update_utc`, These are timezone-aware variants of
existing properties that return naïve datetime objects.
* Added :func:`~cryptography.hazmat.primitives.asymmetric.rsa.r
sa_recover_private_exponent`
* Added :meth:`~cryptography.hazmat.primitives.ciphers.CipherCo
ntext.reset_nonce` for altering the nonce of a cipher context
without initializing a new instance. See the docs for
additional restrictions.
* :class:`~cryptography.x509.NameAttribute` now raises an
exception when attempting to create a common name whose
length is shorter or longer than RFC 5280 permits.
* Added basic support for PKCS7 encryption (including SMIME)
via :class:`~cryptography.hazmat.primitives.serialization.pkc
s7.PKCS7EnvelopeBuilder`.
- add use-offline-build.patch
-------------------------------------------------------------------
Sat Jun 8 12:04:15 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 42.0.8:
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.2.2.
-------------------------------------------------------------------
Tue May 7 16:14:05 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 42.0.7:
* Restored Windows 7 compatibility for our pre-built wheels.
Note that we do not test on Windows 7 and wheels for our next
release will not support it. Microsoft no longer provides
support for Windows 7 and users are encouraged to upgrade.
-------------------------------------------------------------------
Tue May 7 07:34:43 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 42.0.6:
* Fixed compilation when using LibreSSL 3.9.1.
-------------------------------------------------------------------
Tue Apr 2 13:19:19 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 42.0.5:
* Limit the number of name constraint checks that will be
performed in :mod:`X.509 path validation
<cryptography.x509.verification>` to protect against denial
of service attacks.
* Upgrade pyo3 version, which fixes building on PowerPC.
-------------------------------------------------------------------
Thu Feb 22 17:10:39 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>

26
python-cryptography.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package python-cryptography
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -27,8 +27,7 @@
%endif
%{?sle15_python_module_pythons}
Name: python-cryptography%{psuffix}
# ALWAYS KEEP IN SYNC WITH python-cryptography-vectors!
Version: 44.0.0
Version: 42.0.4
Release: 0
Summary: Python library which exposes cryptographic recipes and primitives
License: Apache-2.0 OR BSD-3-Clause
@@ -44,13 +43,11 @@ Patch4: no-pytest_benchmark.patch
BuildRequires: %{python_module cffi >= 1.12}
BuildRequires: %{python_module devel}
BuildRequires: %{python_module exceptiongroup}
BuildRequires: %{python_module maturin}
BuildRequires: %{python_module pip}
BuildRequires: %{python_module setuptools-rust >= 1.7.0}
BuildRequires: %{python_module setuptools}
BuildRequires: %{python_module wheel}
BuildRequires: cargo >= 1.56.0
BuildRequires: cargo-packaging
BuildRequires: fdupes
BuildRequires: libopenssl-devel
BuildRequires: pkgconfig
@@ -60,10 +57,8 @@ BuildRequires: zstd
BuildRequires: pkgconfig(libffi)
# python-base is not enough, we need the _ssl module
Requires: python
Requires: python-bcrypt
Requires: python-cffi = %(rpm -q --whatprovides python-cffi --qf "%%{version}")
%requires_eq python-cffi
%if %{with test}
BuildRequires: %{python_module bcrypt}
BuildRequires: %{python_module certifi}
BuildRequires: %{python_module cryptography >= %{version}}
BuildRequires: %{python_module cryptography-vectors = %{version}}
@@ -71,7 +66,6 @@ BuildRequires: %{python_module hypothesis >= 1.11.4}
BuildRequires: %{python_module iso8601}
BuildRequires: %{python_module pretend}
BuildRequires: %{python_module pytest > 6.0}
BuildRequires: %{python_module pytest-benchmark}
BuildRequires: %{python_module pytest-subtests}
BuildRequires: %{python_module pytest-xdist}
BuildRequires: %{python_module pytz}
@@ -79,6 +73,11 @@ BuildRequires: %{python_module pytz}
%python_subpackages
%description
cryptography is a package designed to expose cryptographic
recipes and primitives to Python developers. Our goal is
for it to be your "cryptographic standard library". It
supports Python 2.7, Python 3.4+, and PyPy-5.3+.
cryptography includes both high level recipes, and low
level interfaces to common cryptographic algorithms such as
symmetric ciphers, message digests and key derivation
@@ -86,13 +85,10 @@ functions.
%prep
%autosetup -a2 -p1 -n cryptography-%{version}
rm -v src/rust/Cargo.lock
%build
export CARGO_NET_OFFLINE=true
export CARGO_PROFILE_RELEASE_DEBUG=true
export CARGO_PROFILE_RELEASE_SPLIT_DEBUGINFO=off
# https://pyo3.rs/main/building-and-distribution#configuring-the-python-version
%python_expand export PYO3_PYTHON="%{_bindir}/$python"
# https://github.com/pyca/cryptography/issues/9023
%global _lto_cflags %{nil}
export RUSTFLAGS=%{rustflags}
export CFLAGS="%{optflags} -fno-strict-aliasing"
@@ -115,7 +111,6 @@ find . -name .keep -print -delete
# fails with OverflowError on 32bit platform
%ifarch %ix86 %arm ppc
rm -v tests/hazmat/primitives/test_aead.py
rm -v tests/hazmat/primitives/test_ciphers.py
# imports test_aead so we need to remove also these
rm -v tests/wycheproof/test_aes.py
rm -v tests/wycheproof/test_chacha20poly1305.py
@@ -128,7 +123,6 @@ rm -v tests/wycheproof/test_chacha20poly1305.py
%license LICENSE LICENSE.APACHE LICENSE.BSD
%doc CONTRIBUTING.rst CHANGELOG.rst README.rst
%{python_sitearch}/cryptography
%{python_sitearch}/rust
%{python_sitearch}/cryptography-%{version}.dist-info
%endif

BIN
vendor.tar.zst (Stored with Git LFS)
View File

Binary file not shown.