Sync from SUSE:SLFO:Main python-cryptography revision 6fc21b13b166c01e15dbff57091c8b70

_service

@@ -1,7 +1,8 @@
 <services>
   <service name="download_files" mode="manual"/>
   <service name="cargo_vendor" mode="manual">
-    <param name="srcdir">cryptography-42.0.2/src/rust</param>
+    <param name="srcdir">cryptography-*</param>
+    <param name="cargotoml">src/rust/Cargo.toml</param>
     <param name="compression">zst</param>
   </service>
 </services>

no-pytest_benchmark.patch

@@ -1,6 +1,5 @@
 ---
  pyproject.toml                         |   31 -------------------------
- src/cryptography.egg-info/requires.txt |    2 -
  tests/bench/test_aead.py               |   40 ++++++++++++++++-----------------
  tests/bench/test_ec_load.py            |    8 +++---
  tests/bench/test_hashes.py             |    4 +--
@@ -8,21 +7,21 @@
  tests/bench/test_x509.py               |   16 ++++++-------
  7 files changed, 37 insertions(+), 68 deletions(-)
 
-Index: cryptography-42.0.1/pyproject.toml
+Index: cryptography-43.0.3/pyproject.toml
 ===================================================================
---- cryptography-42.0.1.orig/pyproject.toml
+--- cryptography-43.0.3.orig/pyproject.toml
-+++ cryptography-42.0.1/pyproject.toml
++++ cryptography-43.0.3/pyproject.toml
-@@ -71,8 +71,6 @@ ssh = ["bcrypt >=3.1.5"]
+@@ -66,8 +66,6 @@ nox = ["nox"]
- nox = ["nox"]
  test = [
+     "cryptography_vectors==43.0.3",
      "pytest >=6.2.0",
 -    "pytest-benchmark",
 -    "pytest-cov",
      "pytest-xdist",
      "pretend",
      "certifi",
-@@ -92,7 +90,7 @@ rust-version = ">=1.63.0"
+@@ -117,7 +115,7 @@ exclude = [
- 
+ ]
  
  [tool.pytest.ini_options]
 -addopts = "-r s --capture=no --strict-markers --benchmark-disable"
@@ -30,7 +29,7 @@ Index: cryptography-42.0.1/pyproject.toml
  console_output_style = "progress-even-when-capture-no"
  markers = [
      "skip_fips: this test is not executed in FIPS mode",
-@@ -114,33 +112,6 @@ module = [
+@@ -139,33 +137,6 @@ module = [
  ]
  ignore_missing_imports = true
  
@@ -62,25 +61,12 @@ Index: cryptography-42.0.1/pyproject.toml
 -]
 -
  [tool.ruff]
- ignore = ['N818']
+ line-length = 79
- select = ['E', 'F', 'I', 'N', 'W', 'UP', 'RUF']
-Index: cryptography-42.0.1/src/cryptography.egg-info/requires.txt
-===================================================================
---- cryptography-42.0.1.orig/src/cryptography.egg-info/requires.txt
-+++ cryptography-42.0.1/src/cryptography.egg-info/requires.txt
-@@ -28,8 +28,6 @@ bcrypt>=3.1.5
  
- [test]
+Index: cryptography-43.0.3/tests/bench/test_aead.py
- pytest>=6.2.0
--pytest-benchmark
--pytest-cov
- pytest-xdist
- pretend
- certifi
-Index: cryptography-42.0.1/tests/bench/test_aead.py
 ===================================================================
---- cryptography-42.0.1.orig/tests/bench/test_aead.py
+--- cryptography-43.0.3.orig/tests/bench/test_aead.py
-+++ cryptography-42.0.1/tests/bench/test_aead.py
++++ cryptography-43.0.3/tests/bench/test_aead.py
 @@ -26,84 +26,84 @@ def _aead_supported(cls):
      not _aead_supported(ChaCha20Poly1305),
      reason="Requires OpenSSL with ChaCha20Poly1305 support",
@@ -186,10 +172,10 @@ Index: cryptography-42.0.1/tests/bench/test_aead.py
      ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
 -    benchmark(aes.decrypt, b"\x00" * 12, ct, None)
 +    aes.decrypt(b"\x00" * 12, ct, None)
-Index: cryptography-42.0.1/tests/bench/test_ec_load.py
+Index: cryptography-43.0.3/tests/bench/test_ec_load.py
 ===================================================================
---- cryptography-42.0.1.orig/tests/bench/test_ec_load.py
+--- cryptography-43.0.3.orig/tests/bench/test_ec_load.py
-+++ cryptography-42.0.1/tests/bench/test_ec_load.py
++++ cryptography-43.0.3/tests/bench/test_ec_load.py
 @@ -5,9 +5,9 @@
  from ..hazmat.primitives.fixtures_ec import EC_KEY_SECP256R1
  
@@ -204,10 +190,10 @@ Index: cryptography-42.0.1/tests/bench/test_ec_load.py
 -    benchmark(EC_KEY_SECP256R1.private_key)
 +def test_load_ec_private_numbers():
 +    EC_KEY_SECP256R1.private_key()
-Index: cryptography-42.0.1/tests/bench/test_hashes.py
+Index: cryptography-43.0.3/tests/bench/test_hashes.py
 ===================================================================
---- cryptography-42.0.1.orig/tests/bench/test_hashes.py
+--- cryptography-43.0.3.orig/tests/bench/test_hashes.py
-+++ cryptography-42.0.1/tests/bench/test_hashes.py
++++ cryptography-43.0.3/tests/bench/test_hashes.py
 @@ -5,10 +5,10 @@
  from cryptography.hazmat.primitives import hashes
  
@@ -221,10 +207,10 @@ Index: cryptography-42.0.1/tests/bench/test_hashes.py
  
 -    benchmark(bench)
 +    bench()
-Index: cryptography-42.0.1/tests/bench/test_hmac.py
+Index: cryptography-43.0.3/tests/bench/test_hmac.py
 ===================================================================
---- cryptography-42.0.1.orig/tests/bench/test_hmac.py
+--- cryptography-43.0.3.orig/tests/bench/test_hmac.py
-+++ cryptography-42.0.1/tests/bench/test_hmac.py
++++ cryptography-43.0.3/tests/bench/test_hmac.py
 @@ -5,10 +5,10 @@
  from cryptography.hazmat.primitives import hashes, hmac
  
@@ -238,10 +224,10 @@ Index: cryptography-42.0.1/tests/bench/test_hmac.py
  
 -    benchmark(bench)
 +    bench()
-Index: cryptography-42.0.1/tests/bench/test_x509.py
+Index: cryptography-43.0.3/tests/bench/test_x509.py
 ===================================================================
---- cryptography-42.0.1.orig/tests/bench/test_x509.py
+--- cryptography-43.0.3.orig/tests/bench/test_x509.py
-+++ cryptography-42.0.1/tests/bench/test_x509.py
++++ cryptography-43.0.3/tests/bench/test_x509.py
 @@ -13,40 +13,40 @@ from cryptography import x509
  from ..utils import load_vectors_from_file
  

python-cryptography.changes

@@ -1,3 +1,148 @@
+-------------------------------------------------------------------
+Tue Oct 22 13:26:21 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 43.0.3:
+  * Fixed release metadata for cryptography-vectors
+  * Fixed compilation when using LibreSSL 4.0.0.
+
+-------------------------------------------------------------------
+Sat Sep 28 19:45:04 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 43.0.1:
+  * Updated Windows, macOS, and Linux wheels to be compiled with
+    OpenSSL 3.3.2.
+
+-------------------------------------------------------------------
+Sun Sep 15 08:51:52 UTC 2024 - Andreas Schneider <asn@cryptomilk.org>
+
+- Fix building on SLE based distributions
+
+-------------------------------------------------------------------
+Mon Aug 12 20:36:00 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
+
+- Fix building optimized binaries with debuginfo.
+
+-------------------------------------------------------------------
+Wed Jul 31 21:45:43 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
+
+- Update building of Rust modules to use modern cargo_vendor
+  service
+- Remove unneeded use-offline-build.patch
+
+-------------------------------------------------------------------
+Fri Jul 26 10:33:45 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 43.0.0:
+  * BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e
+    has been removed.  Users on older version of OpenSSL will
+    need to upgrade.
+  * BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8.
+  * Updated Windows, macOS, and Linux wheels to be compiled with
+    OpenSSL 3.3.1.
+  * Updated the minimum supported Rust version (MSRV) to 1.65.0,
+    from 1.63.0.
+  * :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generat
+    e_private_key` now enforces a minimum RSA key size of
+    1024-bit. Note that 1024-bit is still considered insecure,
+    users should generally use a key size of 2048-bits.
+  * :func:`~cryptography.hazmat.primitives.serialization.pkcs7.se
+    rialize_certificates` now emits ASN.1 that more closely
+    follows the recommendations in RFC 2315.
+  * Added new :doc:`/hazmat/decrepit/index` module which contains
+    outdated and insecure cryptographic primitives. :class:`~cryp
+    tography.hazmat.primitives.ciphers.algorithms.CAST5`, :class:
+    `~cryptography.hazmat.primitives.ciphers.algorithms.SEED`, :c
+    lass:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA
+    `, and :class:`~cryptography.hazmat.primitives.ciphers.algori
+    thms.Blowfish`, which were deprecated in 37.0.0, have been
+    added to this module. They will be removed from the cipher
+    module in 45.0.0.
+  * Moved :class:`~cryptography.hazmat.primitives.ciphers.algorit
+    hms.TripleDES` and :class:`~cryptography.hazmat.primitives.ci
+    phers.algorithms.ARC4` into :doc:`/hazmat/decrepit/index` and
+    deprecated them in the cipher module. They will be removed
+    from the cipher module in 48.0.0.
+  * Added support for deterministic
+    :class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDSA`
+    (RFC 6979)
+  * Added support for client certificate verification to the
+    :mod:`X.509 path validation <cryptography.x509.verification>`
+    APIs in the form of
+    :class:`~cryptography.x509.verification.ClientVerifier`,
+    :class:`~cryptography.x509.verification.VerifiedClient`, and
+    PolicyBuilder :meth:`~cryptography.x509.verification.PolicyBu
+    ilder.build_client_verifier`.
+  * Added Certificate :attr:`~cryptography.x509.Certificate.publi
+    c_key_algorithm_oid` and Certificate Signing Request :attr:`~
+    cryptography.x509.CertificateSigningRequest.public_key_algori
+    thm_oid` to determine the
+    :class:`~cryptography.hazmat._oid.PublicKeyAlgorithmOID`
+    Object Identifier of the public key found inside the
+    certificate.
+  * Added :attr:`~cryptography.x509.InvalidityDate.invalidity_dat
+    e_utc`, a timezone-aware alternative to the naïve datetime
+    attribute
+    :attr:`~cryptography.x509.InvalidityDate.invalidity_date`.
+  * Added support for parsing empty DN string in
+    :meth:`~cryptography.x509.Name.from_rfc4514_string`.
+  * Added the following properties that return timezone-aware
+    datetime objects:
+    :meth:`~cryptography.x509.ocsp.OCSPResponse.produced_at_utc`,
+    :meth:`~cryptography.x509.ocsp.OCSPResponse.revocation_time_u
+    tc`,
+    :meth:`~cryptography.x509.ocsp.OCSPResponse.this_update_utc`,
+    :meth:`~cryptography.x509.ocsp.OCSPResponse.next_update_utc`,
+    :meth:`~cryptography.x509.ocsp.OCSPSingleResponse.revocation_
+    time_utc`, :meth:`~cryptography.x509.ocsp.OCSPSingleResponse.
+    this_update_utc`, :meth:`~cryptography.x509.ocsp.OCSPSingleRe
+    sponse.next_update_utc`, These are timezone-aware variants of
+    existing properties that return naïve datetime objects.
+  * Added :func:`~cryptography.hazmat.primitives.asymmetric.rsa.r
+    sa_recover_private_exponent`
+  * Added :meth:`~cryptography.hazmat.primitives.ciphers.CipherCo
+    ntext.reset_nonce` for altering the nonce of a cipher context
+    without initializing a new instance. See the docs for
+    additional restrictions.
+  * :class:`~cryptography.x509.NameAttribute` now raises an
+    exception when attempting to create a common name whose
+    length is shorter or longer than RFC 5280 permits.
+  * Added basic support for PKCS7 encryption (including SMIME)
+    via :class:`~cryptography.hazmat.primitives.serialization.pkc
+    s7.PKCS7EnvelopeBuilder`.
+- add use-offline-build.patch
+
+-------------------------------------------------------------------
+Sat Jun  8 12:04:15 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 42.0.8:
+  * Updated Windows, macOS, and Linux wheels to be compiled with
+    OpenSSL 3.2.2.
+
+-------------------------------------------------------------------
+Tue May  7 16:14:05 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 42.0.7:
+  * Restored Windows 7 compatibility for our pre-built wheels.
+    Note that we do not test on Windows 7 and wheels for our next
+    release will not support it. Microsoft no longer provides
+    support for Windows 7 and users are encouraged to upgrade.
+
+-------------------------------------------------------------------
+Tue May  7 07:34:43 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 42.0.6:
+  * Fixed compilation when using LibreSSL 3.9.1.
+
+-------------------------------------------------------------------
+Tue Apr  2 13:19:19 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 42.0.5:
+  * Limit the number of name constraint checks that will be
+    performed in :mod:`X.509 path validation
+    <cryptography.x509.verification>` to protect against denial
+    of service attacks.
+  * Upgrade pyo3 version, which fixes building on PowerPC.
+
 -------------------------------------------------------------------
 Thu Feb 22 17:10:39 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
 

python-cryptography.spec

@@ -27,7 +27,8 @@
 %endif
 %{?sle15_python_module_pythons}
 Name:           python-cryptography%{psuffix}
-Version:        42.0.4
+# ALWAYS KEEP IN SYNC WITH python-cryptography-vectors!
+Version:        43.0.3
 Release:        0
 Summary:        Python library which exposes cryptographic recipes and primitives
 License:        Apache-2.0 OR BSD-3-Clause
@@ -43,11 +44,13 @@ Patch4:         no-pytest_benchmark.patch
 BuildRequires:  %{python_module cffi >= 1.12}
 BuildRequires:  %{python_module devel}
 BuildRequires:  %{python_module exceptiongroup}
+BuildRequires:  %{python_module maturin}
 BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module setuptools-rust >= 1.7.0}
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  %{python_module wheel}
 BuildRequires:  cargo >= 1.56.0
+BuildRequires:  cargo-packaging
 BuildRequires:  fdupes
 BuildRequires:  libopenssl-devel
 BuildRequires:  pkgconfig
@@ -57,8 +60,10 @@ BuildRequires:  zstd
 BuildRequires:  pkgconfig(libffi)
 # python-base is not enough, we need the _ssl module
 Requires:       python
+Requires:       python-bcrypt
 %requires_eq    python-cffi
 %if %{with test}
+BuildRequires:  %{python_module bcrypt}
 BuildRequires:  %{python_module certifi}
 BuildRequires:  %{python_module cryptography >= %{version}}
 BuildRequires:  %{python_module cryptography-vectors = %{version}}
@@ -66,6 +71,7 @@ BuildRequires:  %{python_module hypothesis >= 1.11.4}
 BuildRequires:  %{python_module iso8601}
 BuildRequires:  %{python_module pretend}
 BuildRequires:  %{python_module pytest > 6.0}
+BuildRequires:  %{python_module pytest-benchmark}
 BuildRequires:  %{python_module pytest-subtests}
 BuildRequires:  %{python_module pytest-xdist}
 BuildRequires:  %{python_module pytz}
@@ -85,9 +91,19 @@ functions.
 
 %prep
 %autosetup -a2 -p1 -n cryptography-%{version}
-rm -v src/rust/Cargo.lock
 
 %build
+export CARGO_NET_OFFLINE=true
+export CARGO_PROFILE_RELEASE_DEBUG=true
+export CARGO_PROFILE_RELEASE_SPLIT_DEBUGINFO=off
+# https://pyo3.rs/main/building-and-distribution#configuring-the-python-version
+%python_expand export PYO3_PYTHON="%{_bindir}/$python"
+cd src/rust
+tar xfv %{S:2}
+rm -v Cargo.lock
+%cargo_build
+cd -
+
 # https://github.com/pyca/cryptography/issues/9023
 %global _lto_cflags %{nil}
 export RUSTFLAGS=%{rustflags}