Sync from SUSE:SLFO:Main python-cryptography revision fd4e6ec21a65cebeef3c0e41ba79114f

_service

@@ -2,7 +2,6 @@
   <service name="download_files" mode="manual"/>
   <service name="cargo_vendor" mode="manual">
     <param name="srcdir">cryptography-*</param>
-    <param name="cargotoml">src/rust/Cargo.toml</param>
     <param name="compression">zst</param>
   </service>
 </services>

no-pytest_benchmark.patch

@@ -1,26 +1,16 @@
----
- pyproject.toml                         |   31 -------------------------
- tests/bench/test_aead.py               |   40 ++++++++++++++++-----------------
- tests/bench/test_ec_load.py            |    8 +++---
- tests/bench/test_hashes.py             |    4 +--
- tests/bench/test_hmac.py               |    4 +--
- tests/bench/test_x509.py               |   16 ++++++-------
- 7 files changed, 37 insertions(+), 68 deletions(-)
-
-Index: cryptography-43.0.3/pyproject.toml
-===================================================================
---- cryptography-43.0.3.orig/pyproject.toml
-+++ cryptography-43.0.3/pyproject.toml
-@@ -66,8 +66,6 @@ nox = ["nox"]
+diff -ruN cryptography-44.0.0.orig/pyproject.toml cryptography-44.0.0/pyproject.toml
+--- cryptography-44.0.0.orig/pyproject.toml	2025-01-26 18:48:58.157318687 +0800
++++ cryptography-44.0.0/pyproject.toml	2025-01-26 18:56:46.010819868 +0800
+@@ -67,8 +67,6 @@
  test = [
-     "cryptography_vectors==43.0.3",
-     "pytest >=6.2.0",
--    "pytest-benchmark",
--    "pytest-cov",
-     "pytest-xdist",
-     "pretend",
-     "certifi",
-@@ -117,7 +115,7 @@ exclude = [
+     "cryptography_vectors==44.0.0",
+     "pytest >=7.4.0",
+-    "pytest-benchmark >=4.0",
+-    "pytest-cov >=2.10.1",
+     "pytest-xdist >=3.5.0",
+     "pretend >=0.7",
+     "certifi >=2024",
+@@ -118,7 +116,7 @@
  ]
  
  [tool.pytest.ini_options]
@@ -29,7 +19,7 @@ Index: cryptography-43.0.3/pyproject.toml
  console_output_style = "progress-even-when-capture-no"
  markers = [
      "skip_fips: this test is not executed in FIPS mode",
-@@ -139,33 +137,6 @@ module = [
+@@ -140,33 +138,6 @@
  ]
  ignore_missing_imports = true
  
@@ -43,14 +33,14 @@ Index: cryptography-43.0.3/pyproject.toml
 -
 -[tool.coverage.paths]
 -source = [
--   "src/cryptography",
--   "*.nox/*/lib*/python*/site-packages/cryptography",
--   "*.nox\\*\\Lib\\site-packages\\cryptography",
--   "*.nox/pypy/site-packages/cryptography",
+-    "src/cryptography",
+-    "*.nox/*/lib*/python*/site-packages/cryptography",
+-    "*.nox\\*\\Lib\\site-packages\\cryptography",
+-    "*.nox/pypy/site-packages/cryptography",
 -]
--tests =[
--   "tests/",
--   "*tests\\",
+-tests = [
+-    "tests/",
+-    "*tests\\",
 -]
 -
 -[tool.coverage.report]
@@ -63,11 +53,10 @@ Index: cryptography-43.0.3/pyproject.toml
  [tool.ruff]
  line-length = 79
  
-Index: cryptography-43.0.3/tests/bench/test_aead.py
-===================================================================
---- cryptography-43.0.3.orig/tests/bench/test_aead.py
-+++ cryptography-43.0.3/tests/bench/test_aead.py
-@@ -26,84 +26,84 @@ def _aead_supported(cls):
+diff -ruN cryptography-44.0.0.orig/tests/bench/test_aead.py cryptography-44.0.0/tests/bench/test_aead.py
+--- cryptography-44.0.0.orig/tests/bench/test_aead.py	2025-01-26 18:48:58.218037106 +0800
++++ cryptography-44.0.0/tests/bench/test_aead.py	2025-01-26 18:57:45.747649958 +0800
+@@ -26,84 +26,84 @@
      not _aead_supported(ChaCha20Poly1305),
      reason="Requires OpenSSL with ChaCha20Poly1305 support",
  )
@@ -172,10 +161,9 @@ Index: cryptography-43.0.3/tests/bench/test_aead.py
      ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
 -    benchmark(aes.decrypt, b"\x00" * 12, ct, None)
 +    aes.decrypt(b"\x00" * 12, ct, None)
-Index: cryptography-43.0.3/tests/bench/test_ec_load.py
-===================================================================
---- cryptography-43.0.3.orig/tests/bench/test_ec_load.py
-+++ cryptography-43.0.3/tests/bench/test_ec_load.py
+diff -ruN cryptography-44.0.0.orig/tests/bench/test_ec_load.py cryptography-44.0.0/tests/bench/test_ec_load.py
+--- cryptography-44.0.0.orig/tests/bench/test_ec_load.py	2025-01-26 18:48:58.218037106 +0800
++++ cryptography-44.0.0/tests/bench/test_ec_load.py	2025-01-26 18:57:45.748641371 +0800
 @@ -5,9 +5,9 @@
  from ..hazmat.primitives.fixtures_ec import EC_KEY_SECP256R1
  
@@ -190,10 +178,9 @@ Index: cryptography-43.0.3/tests/bench/test_ec_load.py
 -    benchmark(EC_KEY_SECP256R1.private_key)
 +def test_load_ec_private_numbers():
 +    EC_KEY_SECP256R1.private_key()
-Index: cryptography-43.0.3/tests/bench/test_hashes.py
-===================================================================
---- cryptography-43.0.3.orig/tests/bench/test_hashes.py
-+++ cryptography-43.0.3/tests/bench/test_hashes.py
+diff -ruN cryptography-44.0.0.orig/tests/bench/test_hashes.py cryptography-44.0.0/tests/bench/test_hashes.py
+--- cryptography-44.0.0.orig/tests/bench/test_hashes.py	2025-01-26 18:48:58.218037106 +0800
++++ cryptography-44.0.0/tests/bench/test_hashes.py	2025-01-26 18:57:45.748943321 +0800
 @@ -5,10 +5,10 @@
  from cryptography.hazmat.primitives import hashes
  
@@ -207,10 +194,9 @@ Index: cryptography-43.0.3/tests/bench/test_hashes.py
  
 -    benchmark(bench)
 +    bench()
-Index: cryptography-43.0.3/tests/bench/test_hmac.py
-===================================================================
---- cryptography-43.0.3.orig/tests/bench/test_hmac.py
-+++ cryptography-43.0.3/tests/bench/test_hmac.py
+diff -ruN cryptography-44.0.0.orig/tests/bench/test_hmac.py cryptography-44.0.0/tests/bench/test_hmac.py
+--- cryptography-44.0.0.orig/tests/bench/test_hmac.py	2025-01-26 18:48:58.218037106 +0800
++++ cryptography-44.0.0/tests/bench/test_hmac.py	2025-01-26 18:57:45.749219559 +0800
 @@ -5,10 +5,10 @@
  from cryptography.hazmat.primitives import hashes, hmac
  
@@ -224,11 +210,10 @@ Index: cryptography-43.0.3/tests/bench/test_hmac.py
  
 -    benchmark(bench)
 +    bench()
-Index: cryptography-43.0.3/tests/bench/test_x509.py
-===================================================================
---- cryptography-43.0.3.orig/tests/bench/test_x509.py
-+++ cryptography-43.0.3/tests/bench/test_x509.py
-@@ -13,40 +13,40 @@ from cryptography import x509
+diff -ruN cryptography-44.0.0.orig/tests/bench/test_x509.py cryptography-44.0.0/tests/bench/test_x509.py
+--- cryptography-44.0.0.orig/tests/bench/test_x509.py	2025-01-26 18:48:58.218037106 +0800
++++ cryptography-44.0.0/tests/bench/test_x509.py	2025-01-26 18:57:45.749471922 +0800
+@@ -13,40 +13,40 @@
  from ..utils import load_vectors_from_file
  
  
@@ -278,7 +263,7 @@ Index: cryptography-43.0.3/tests/bench/test_x509.py
      limbo_root = pytestconfig.getoption("--x509-limbo-root", skip=True)
      with open(os.path.join(limbo_root, "limbo.json"), "rb") as f:
          [testcase] = [
-@@ -78,4 +78,4 @@ def test_verify_docs_python_org(benchmar
+@@ -78,4 +78,4 @@
          )
          verifier.verify(leaf, intermediates)
  

python-cryptography.changes

@@ -1,3 +1,45 @@
+-------------------------------------------------------------------
+Sun Jan 26 10:59:13 UTC 2025 - Soc Virnyl Estela <uncomfyhalomacro@opensuse.org>
+
+- Update to version 44.0.0:
+  * BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.9.
+  * Deprecated Python 3.7 support. Python 3.7 is no longer supported by
+    the Python core team. Support for Python 3.7 will be removed in a future
+    cryptography release.
+  * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.0.
+  * macOS wheels are now built against the macOS 10.13 SDK. Users on older
+    versions of macOS should upgrade, or they will need to build cryptography
+    themselves.
+  * Enforce the RFC 5280 requirement that extended key usage extensions must not be empty.
+  * Added support for timestamp extraction to the :class:`~cryptography.fernet.MultiFernet` class.
+  * Relax the Authority Key Identifier requirements on root CA certificates
+    during X.509 verification to allow fields permitted by RFC 5280 but
+    forbidden by the CA/Browser BRs.
+  * Added support for
+    :class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id` when using
+    OpenSSL 3.2.0+.
+  * Added support for the :class:`~cryptography.x509.Admissions` certificate extension.
+  * Added basic support for PKCS7 decryption (including S/MIME 3.2) via 
+    :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_der`, 
+    :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_pem`,
+    and :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_smime`.
+- Update specfile to accommodate new project structure at version 44.0.0
+- Update no-pytest_benchmark.patch
+
+-------------------------------------------------------------------
+Fri Nov  8 10:08:46 UTC 2024 - Ben Greiner <code@bnavigator.de>
+
+- Fix requires_eq replacement for distributions which do not have
+  python3-cffi installed (such as SLE15 python module pythons)
+  * gh#openSUSE/python-rpm-macros#185
+- Remove outdated section in description
+
+-------------------------------------------------------------------
+Tue Nov  5 08:03:40 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Avoid using requires_eq, which after the last modifications
+  conflicts with python singlespec (order of expansion).
+
 -------------------------------------------------------------------
 Tue Oct 22 13:26:21 UTC 2024 - Dirk Müller <dmueller@suse.com>
 

python-cryptography.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-cryptography
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -28,7 +28,7 @@
 %{?sle15_python_module_pythons}
 Name:           python-cryptography%{psuffix}
 # ALWAYS KEEP IN SYNC WITH python-cryptography-vectors!
-Version:        43.0.3
+Version:        44.0.0
 Release:        0
 Summary:        Python library which exposes cryptographic recipes and primitives
 License:        Apache-2.0 OR BSD-3-Clause
@@ -61,7 +61,7 @@ BuildRequires:  pkgconfig(libffi)
 # python-base is not enough, we need the _ssl module
 Requires:       python
 Requires:       python-bcrypt
-%requires_eq    python-cffi
+Requires:       python-cffi = %(rpm -q --whatprovides python-cffi --qf "%%{version}")
 %if %{with test}
 BuildRequires:  %{python_module bcrypt}
 BuildRequires:  %{python_module certifi}
@@ -79,11 +79,6 @@ BuildRequires:  %{python_module pytz}
 %python_subpackages
 
 %description
-cryptography is a package designed to expose cryptographic
-recipes and primitives to Python developers.  Our goal is
-for it to be your "cryptographic standard library". It
-supports Python 2.7, Python 3.4+, and PyPy-5.3+.
-
 cryptography includes both high level recipes, and low
 level interfaces to common cryptographic algorithms such as
 symmetric ciphers, message digests and key derivation
@@ -98,13 +93,6 @@ export CARGO_PROFILE_RELEASE_DEBUG=true
 export CARGO_PROFILE_RELEASE_SPLIT_DEBUGINFO=off
 # https://pyo3.rs/main/building-and-distribution#configuring-the-python-version
 %python_expand export PYO3_PYTHON="%{_bindir}/$python"
-cd src/rust
-tar xfv %{S:2}
-rm -v Cargo.lock
-%cargo_build
-cd -
-
-# https://github.com/pyca/cryptography/issues/9023
 %global _lto_cflags %{nil}
 export RUSTFLAGS=%{rustflags}
 export CFLAGS="%{optflags} -fno-strict-aliasing"
@@ -127,6 +115,7 @@ find . -name .keep -print -delete
 # fails with OverflowError on 32bit platform
 %ifarch %ix86 %arm ppc
 rm -v tests/hazmat/primitives/test_aead.py
+rm -v tests/hazmat/primitives/test_ciphers.py
 # imports test_aead so we need to remove also these
 rm -v tests/wycheproof/test_aes.py
 rm -v tests/wycheproof/test_chacha20poly1305.py
@@ -139,6 +128,7 @@ rm -v tests/wycheproof/test_chacha20poly1305.py
 %license LICENSE LICENSE.APACHE LICENSE.BSD
 %doc CONTRIBUTING.rst CHANGELOG.rst README.rst
 %{python_sitearch}/cryptography
+%{python_sitearch}/rust
 %{python_sitearch}/cryptography-%{version}.dist-info
 %endif