From bb42863a6e6ea579f7bbdaebf204eb671aadb75974e50cd46b842c98425d137e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 13 Dec 2024 11:18:10 +0100 Subject: [PATCH] Sync from SUSE:SLFO:Main python-cryptography revision 6fc21b13b166c01e15dbff57091c8b70 --- _service | 3 +- cryptography-42.0.4.tar.gz | 3 - cryptography-43.0.3.tar.gz | 3 + no-pytest_benchmark.patch | 62 ++++++--------- python-cryptography.changes | 145 ++++++++++++++++++++++++++++++++++++ python-cryptography.spec | 20 ++++- vendor.tar.zst | 4 +- 7 files changed, 194 insertions(+), 46 deletions(-) delete mode 100644 cryptography-42.0.4.tar.gz create mode 100644 cryptography-43.0.3.tar.gz diff --git a/_service b/_service index 27e9eda..0544aa1 100644 --- a/_service +++ b/_service @@ -1,7 +1,8 @@ - cryptography-42.0.2/src/rust + cryptography-* + src/rust/Cargo.toml zst diff --git a/cryptography-42.0.4.tar.gz b/cryptography-42.0.4.tar.gz deleted file mode 100644 index db54313..0000000 --- a/cryptography-42.0.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:831a4b37accef30cccd34fcb916a5d7b5be3cbbe27268a02832c3e450aea39cb -size 670311 diff --git a/cryptography-43.0.3.tar.gz b/cryptography-43.0.3.tar.gz new file mode 100644 index 0000000..422826a --- /dev/null +++ b/cryptography-43.0.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:315b9001266a492a6ff443b61238f956b214dbec9910a081ba5b6646a055a805 +size 686989 diff --git a/no-pytest_benchmark.patch b/no-pytest_benchmark.patch index 4e6322a..a1dd680 100644 --- a/no-pytest_benchmark.patch +++ b/no-pytest_benchmark.patch @@ -1,6 +1,5 @@ --- pyproject.toml | 31 ------------------------- - src/cryptography.egg-info/requires.txt | 2 - tests/bench/test_aead.py | 40 ++++++++++++++++----------------- tests/bench/test_ec_load.py | 8 +++--- tests/bench/test_hashes.py | 4 +-- @@ -8,21 +7,21 @@ tests/bench/test_x509.py | 16 ++++++------- 7 files changed, 37 insertions(+), 68 deletions(-) -Index: cryptography-42.0.1/pyproject.toml +Index: cryptography-43.0.3/pyproject.toml =================================================================== ---- cryptography-42.0.1.orig/pyproject.toml -+++ cryptography-42.0.1/pyproject.toml -@@ -71,8 +71,6 @@ ssh = ["bcrypt >=3.1.5"] - nox = ["nox"] +--- cryptography-43.0.3.orig/pyproject.toml ++++ cryptography-43.0.3/pyproject.toml +@@ -66,8 +66,6 @@ nox = ["nox"] test = [ + "cryptography_vectors==43.0.3", "pytest >=6.2.0", - "pytest-benchmark", - "pytest-cov", "pytest-xdist", "pretend", "certifi", -@@ -92,7 +90,7 @@ rust-version = ">=1.63.0" - +@@ -117,7 +115,7 @@ exclude = [ + ] [tool.pytest.ini_options] -addopts = "-r s --capture=no --strict-markers --benchmark-disable" @@ -30,7 +29,7 @@ Index: cryptography-42.0.1/pyproject.toml console_output_style = "progress-even-when-capture-no" markers = [ "skip_fips: this test is not executed in FIPS mode", -@@ -114,33 +112,6 @@ module = [ +@@ -139,33 +137,6 @@ module = [ ] ignore_missing_imports = true @@ -62,25 +61,12 @@ Index: cryptography-42.0.1/pyproject.toml -] - [tool.ruff] - ignore = ['N818'] - select = ['E', 'F', 'I', 'N', 'W', 'UP', 'RUF'] -Index: cryptography-42.0.1/src/cryptography.egg-info/requires.txt -=================================================================== ---- cryptography-42.0.1.orig/src/cryptography.egg-info/requires.txt -+++ cryptography-42.0.1/src/cryptography.egg-info/requires.txt -@@ -28,8 +28,6 @@ bcrypt>=3.1.5 + line-length = 79 - [test] - pytest>=6.2.0 --pytest-benchmark --pytest-cov - pytest-xdist - pretend - certifi -Index: cryptography-42.0.1/tests/bench/test_aead.py +Index: cryptography-43.0.3/tests/bench/test_aead.py =================================================================== ---- cryptography-42.0.1.orig/tests/bench/test_aead.py -+++ cryptography-42.0.1/tests/bench/test_aead.py +--- cryptography-43.0.3.orig/tests/bench/test_aead.py ++++ cryptography-43.0.3/tests/bench/test_aead.py @@ -26,84 +26,84 @@ def _aead_supported(cls): not _aead_supported(ChaCha20Poly1305), reason="Requires OpenSSL with ChaCha20Poly1305 support", @@ -186,10 +172,10 @@ Index: cryptography-42.0.1/tests/bench/test_aead.py ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None) - benchmark(aes.decrypt, b"\x00" * 12, ct, None) + aes.decrypt(b"\x00" * 12, ct, None) -Index: cryptography-42.0.1/tests/bench/test_ec_load.py +Index: cryptography-43.0.3/tests/bench/test_ec_load.py =================================================================== ---- cryptography-42.0.1.orig/tests/bench/test_ec_load.py -+++ cryptography-42.0.1/tests/bench/test_ec_load.py +--- cryptography-43.0.3.orig/tests/bench/test_ec_load.py ++++ cryptography-43.0.3/tests/bench/test_ec_load.py @@ -5,9 +5,9 @@ from ..hazmat.primitives.fixtures_ec import EC_KEY_SECP256R1 @@ -204,10 +190,10 @@ Index: cryptography-42.0.1/tests/bench/test_ec_load.py - benchmark(EC_KEY_SECP256R1.private_key) +def test_load_ec_private_numbers(): + EC_KEY_SECP256R1.private_key() -Index: cryptography-42.0.1/tests/bench/test_hashes.py +Index: cryptography-43.0.3/tests/bench/test_hashes.py =================================================================== ---- cryptography-42.0.1.orig/tests/bench/test_hashes.py -+++ cryptography-42.0.1/tests/bench/test_hashes.py +--- cryptography-43.0.3.orig/tests/bench/test_hashes.py ++++ cryptography-43.0.3/tests/bench/test_hashes.py @@ -5,10 +5,10 @@ from cryptography.hazmat.primitives import hashes @@ -221,10 +207,10 @@ Index: cryptography-42.0.1/tests/bench/test_hashes.py - benchmark(bench) + bench() -Index: cryptography-42.0.1/tests/bench/test_hmac.py +Index: cryptography-43.0.3/tests/bench/test_hmac.py =================================================================== ---- cryptography-42.0.1.orig/tests/bench/test_hmac.py -+++ cryptography-42.0.1/tests/bench/test_hmac.py +--- cryptography-43.0.3.orig/tests/bench/test_hmac.py ++++ cryptography-43.0.3/tests/bench/test_hmac.py @@ -5,10 +5,10 @@ from cryptography.hazmat.primitives import hashes, hmac @@ -238,10 +224,10 @@ Index: cryptography-42.0.1/tests/bench/test_hmac.py - benchmark(bench) + bench() -Index: cryptography-42.0.1/tests/bench/test_x509.py +Index: cryptography-43.0.3/tests/bench/test_x509.py =================================================================== ---- cryptography-42.0.1.orig/tests/bench/test_x509.py -+++ cryptography-42.0.1/tests/bench/test_x509.py +--- cryptography-43.0.3.orig/tests/bench/test_x509.py ++++ cryptography-43.0.3/tests/bench/test_x509.py @@ -13,40 +13,40 @@ from cryptography import x509 from ..utils import load_vectors_from_file diff --git a/python-cryptography.changes b/python-cryptography.changes index 7e40637..5f1d3dc 100644 --- a/python-cryptography.changes +++ b/python-cryptography.changes @@ -1,3 +1,148 @@ +------------------------------------------------------------------- +Tue Oct 22 13:26:21 UTC 2024 - Dirk Müller + +- update to 43.0.3: + * Fixed release metadata for cryptography-vectors + * Fixed compilation when using LibreSSL 4.0.0. + +------------------------------------------------------------------- +Sat Sep 28 19:45:04 UTC 2024 - Dirk Müller + +- update to 43.0.1: + * Updated Windows, macOS, and Linux wheels to be compiled with + OpenSSL 3.3.2. + +------------------------------------------------------------------- +Sun Sep 15 08:51:52 UTC 2024 - Andreas Schneider + +- Fix building on SLE based distributions + +------------------------------------------------------------------- +Mon Aug 12 20:36:00 UTC 2024 - Matej Cepl + +- Fix building optimized binaries with debuginfo. + +------------------------------------------------------------------- +Wed Jul 31 21:45:43 UTC 2024 - Matej Cepl + +- Update building of Rust modules to use modern cargo_vendor + service +- Remove unneeded use-offline-build.patch + +------------------------------------------------------------------- +Fri Jul 26 10:33:45 UTC 2024 - Dirk Müller + +- update to 43.0.0: + * BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e + has been removed. Users on older version of OpenSSL will + need to upgrade. + * BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8. + * Updated Windows, macOS, and Linux wheels to be compiled with + OpenSSL 3.3.1. + * Updated the minimum supported Rust version (MSRV) to 1.65.0, + from 1.63.0. + * :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generat + e_private_key` now enforces a minimum RSA key size of + 1024-bit. Note that 1024-bit is still considered insecure, + users should generally use a key size of 2048-bits. + * :func:`~cryptography.hazmat.primitives.serialization.pkcs7.se + rialize_certificates` now emits ASN.1 that more closely + follows the recommendations in RFC 2315. + * Added new :doc:`/hazmat/decrepit/index` module which contains + outdated and insecure cryptographic primitives. :class:`~cryp + tography.hazmat.primitives.ciphers.algorithms.CAST5`, :class: + `~cryptography.hazmat.primitives.ciphers.algorithms.SEED`, :c + lass:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA + `, and :class:`~cryptography.hazmat.primitives.ciphers.algori + thms.Blowfish`, which were deprecated in 37.0.0, have been + added to this module. They will be removed from the cipher + module in 45.0.0. + * Moved :class:`~cryptography.hazmat.primitives.ciphers.algorit + hms.TripleDES` and :class:`~cryptography.hazmat.primitives.ci + phers.algorithms.ARC4` into :doc:`/hazmat/decrepit/index` and + deprecated them in the cipher module. They will be removed + from the cipher module in 48.0.0. + * Added support for deterministic + :class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDSA` + (RFC 6979) + * Added support for client certificate verification to the + :mod:`X.509 path validation ` + APIs in the form of + :class:`~cryptography.x509.verification.ClientVerifier`, + :class:`~cryptography.x509.verification.VerifiedClient`, and + PolicyBuilder :meth:`~cryptography.x509.verification.PolicyBu + ilder.build_client_verifier`. + * Added Certificate :attr:`~cryptography.x509.Certificate.publi + c_key_algorithm_oid` and Certificate Signing Request :attr:`~ + cryptography.x509.CertificateSigningRequest.public_key_algori + thm_oid` to determine the + :class:`~cryptography.hazmat._oid.PublicKeyAlgorithmOID` + Object Identifier of the public key found inside the + certificate. + * Added :attr:`~cryptography.x509.InvalidityDate.invalidity_dat + e_utc`, a timezone-aware alternative to the naïve datetime + attribute + :attr:`~cryptography.x509.InvalidityDate.invalidity_date`. + * Added support for parsing empty DN string in + :meth:`~cryptography.x509.Name.from_rfc4514_string`. + * Added the following properties that return timezone-aware + datetime objects: + :meth:`~cryptography.x509.ocsp.OCSPResponse.produced_at_utc`, + :meth:`~cryptography.x509.ocsp.OCSPResponse.revocation_time_u + tc`, + :meth:`~cryptography.x509.ocsp.OCSPResponse.this_update_utc`, + :meth:`~cryptography.x509.ocsp.OCSPResponse.next_update_utc`, + :meth:`~cryptography.x509.ocsp.OCSPSingleResponse.revocation_ + time_utc`, :meth:`~cryptography.x509.ocsp.OCSPSingleResponse. + this_update_utc`, :meth:`~cryptography.x509.ocsp.OCSPSingleRe + sponse.next_update_utc`, These are timezone-aware variants of + existing properties that return naïve datetime objects. + * Added :func:`~cryptography.hazmat.primitives.asymmetric.rsa.r + sa_recover_private_exponent` + * Added :meth:`~cryptography.hazmat.primitives.ciphers.CipherCo + ntext.reset_nonce` for altering the nonce of a cipher context + without initializing a new instance. See the docs for + additional restrictions. + * :class:`~cryptography.x509.NameAttribute` now raises an + exception when attempting to create a common name whose + length is shorter or longer than RFC 5280 permits. + * Added basic support for PKCS7 encryption (including SMIME) + via :class:`~cryptography.hazmat.primitives.serialization.pkc + s7.PKCS7EnvelopeBuilder`. +- add use-offline-build.patch + +------------------------------------------------------------------- +Sat Jun 8 12:04:15 UTC 2024 - Dirk Müller + +- update to 42.0.8: + * Updated Windows, macOS, and Linux wheels to be compiled with + OpenSSL 3.2.2. + +------------------------------------------------------------------- +Tue May 7 16:14:05 UTC 2024 - Dirk Müller + +- update to 42.0.7: + * Restored Windows 7 compatibility for our pre-built wheels. + Note that we do not test on Windows 7 and wheels for our next + release will not support it. Microsoft no longer provides + support for Windows 7 and users are encouraged to upgrade. + +------------------------------------------------------------------- +Tue May 7 07:34:43 UTC 2024 - Dirk Müller + +- update to 42.0.6: + * Fixed compilation when using LibreSSL 3.9.1. + +------------------------------------------------------------------- +Tue Apr 2 13:19:19 UTC 2024 - Dirk Müller + +- update to 42.0.5: + * Limit the number of name constraint checks that will be + performed in :mod:`X.509 path validation + ` to protect against denial + of service attacks. + * Upgrade pyo3 version, which fixes building on PowerPC. + ------------------------------------------------------------------- Thu Feb 22 17:10:39 UTC 2024 - Daniel Garcia diff --git a/python-cryptography.spec b/python-cryptography.spec index 7a5dd0d..0ff25e7 100644 --- a/python-cryptography.spec +++ b/python-cryptography.spec @@ -27,7 +27,8 @@ %endif %{?sle15_python_module_pythons} Name: python-cryptography%{psuffix} -Version: 42.0.4 +# ALWAYS KEEP IN SYNC WITH python-cryptography-vectors! +Version: 43.0.3 Release: 0 Summary: Python library which exposes cryptographic recipes and primitives License: Apache-2.0 OR BSD-3-Clause @@ -43,11 +44,13 @@ Patch4: no-pytest_benchmark.patch BuildRequires: %{python_module cffi >= 1.12} BuildRequires: %{python_module devel} BuildRequires: %{python_module exceptiongroup} +BuildRequires: %{python_module maturin} BuildRequires: %{python_module pip} BuildRequires: %{python_module setuptools-rust >= 1.7.0} BuildRequires: %{python_module setuptools} BuildRequires: %{python_module wheel} BuildRequires: cargo >= 1.56.0 +BuildRequires: cargo-packaging BuildRequires: fdupes BuildRequires: libopenssl-devel BuildRequires: pkgconfig @@ -57,8 +60,10 @@ BuildRequires: zstd BuildRequires: pkgconfig(libffi) # python-base is not enough, we need the _ssl module Requires: python +Requires: python-bcrypt %requires_eq python-cffi %if %{with test} +BuildRequires: %{python_module bcrypt} BuildRequires: %{python_module certifi} BuildRequires: %{python_module cryptography >= %{version}} BuildRequires: %{python_module cryptography-vectors = %{version}} @@ -66,6 +71,7 @@ BuildRequires: %{python_module hypothesis >= 1.11.4} BuildRequires: %{python_module iso8601} BuildRequires: %{python_module pretend} BuildRequires: %{python_module pytest > 6.0} +BuildRequires: %{python_module pytest-benchmark} BuildRequires: %{python_module pytest-subtests} BuildRequires: %{python_module pytest-xdist} BuildRequires: %{python_module pytz} @@ -85,9 +91,19 @@ functions. %prep %autosetup -a2 -p1 -n cryptography-%{version} -rm -v src/rust/Cargo.lock %build +export CARGO_NET_OFFLINE=true +export CARGO_PROFILE_RELEASE_DEBUG=true +export CARGO_PROFILE_RELEASE_SPLIT_DEBUGINFO=off +# https://pyo3.rs/main/building-and-distribution#configuring-the-python-version +%python_expand export PYO3_PYTHON="%{_bindir}/$python" +cd src/rust +tar xfv %{S:2} +rm -v Cargo.lock +%cargo_build +cd - + # https://github.com/pyca/cryptography/issues/9023 %global _lto_cflags %{nil} export RUSTFLAGS=%{rustflags} diff --git a/vendor.tar.zst b/vendor.tar.zst index ed35a00..62edfe7 100644 --- a/vendor.tar.zst +++ b/vendor.tar.zst @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:8e06af528b28e87cdd465b889d18afb398871bf9592bd46153c2c94b3d61a8f7 -size 4912304 +oid sha256:dfcf0bf7d3157582b488524714f7b1a36f8d1d0cf4e549186c85f2eaec4ba492 +size 2005993