- update to 42.0.4 (bsc#1220210, CVE-2024-26130):

* Fixed a null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle. Credit to Alexander-Programming for reporting the issue. CVE-2024-26130 * Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields SMIMECapabilities and SignatureAlgorithmIdentifier should now be correctly encoded according to the definitions in :rfc:2633 :rfc:3370. - update to 42.0.3: * Fixed an initialization issue that caused key loading failures for some users. - Drop patch skip_openssl_memleak_test.patch not needed anymore. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=209
2024-02-22 17:38:15 +00:00 · 2024-02-22 17:38:15 +00:00 · 22718d2516
commit 22718d2516
parent 1baef87c05
6 changed files with 22 additions and 30 deletions
--- a/cryptography-42.0.2.tar.gz
+++ b/cryptography-42.0.2.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e0ec52ba3c7f1b7d813cd52649a5b3ef1fc0d433219dc8c93827c57eab6cf888
-size 672761
--- a/cryptography-42.0.4.tar.gz
+++ b/cryptography-42.0.4.tar.gz
--- a/python-cryptography.changes
+++ b/python-cryptography.changes
@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Thu Feb 22 17:10:39 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
+
+- update to 42.0.4 (bsc#1220210, CVE-2024-26130):
+  * Fixed a null-pointer-dereference and segfault that could occur
+    when creating a PKCS#12 bundle. Credit to Alexander-Programming
+    for reporting the issue. CVE-2024-26130
+  * Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields
+    SMIMECapabilities and SignatureAlgorithmIdentifier should now be
+    correctly encoded according to the definitions in :rfc:2633
+    :rfc:3370.
+- update to 42.0.3:
+  * Fixed an initialization issue that caused key loading failures for some
+    users.
+- Drop patch skip_openssl_memleak_test.patch not needed anymore.
+
 -------------------------------------------------------------------
 Wed Jan 31 17:24:29 UTC 2024 - Dirk Müller <dmueller@suse.com>

--- a/python-cryptography.spec
+++ b/python-cryptography.spec
@ -27,7 +27,7 @@
 %endif
 %{?sle15_python_module_pythons}
 Name:           python-cryptography%{psuffix}
-Version:        42.0.2
+Version:        42.0.4
 Release:        0
 Summary:        Python library which exposes cryptographic recipes and primitives
 License:        Apache-2.0 OR BSD-3-Clause
@ -37,7 +37,6 @@ Source0:        https://files.pythonhosted.org/packages/source/c/cryptography/cr
 # use `osc service manualrun` to regenerate
 Source2:        vendor.tar.zst
 Source4:        python-cryptography.keyring
-Patch2:         skip_openssl_memleak_test.patch
 # PATCH-FEATURE-OPENSUSE no-pytest_benchmark.patch mcepl@suse.com
 # We don't need no benchmarking and coverage measurement
 Patch4:         no-pytest_benchmark.patch
--- a/skip_openssl_memleak_test.patch
+++ b/skip_openssl_memleak_test.patch
@ -1,23 +0,0 @@
---
- tests/hazmat/backends/test_openssl_memleak.py |   10 ++++------
- 1 file changed, 4 insertions(+), 6 deletions(-)
-
-Index: cryptography-42.0.1/tests/hazmat/backends/test_openssl_memleak.py
-===================================================================
--- cryptography-42.0.1.orig/tests/hazmat/backends/test_openssl_memleak.py
-+++ cryptography-42.0.1/tests/hazmat/backends/test_openssl_memleak.py
-@@ -199,11 +199,9 @@ def assert_no_memory_leaks(s, argv=[]):
- 
- 
- def skip_if_memtesting_not_supported():
-    return pytest.mark.skipif(
-        not Binding().lib.Cryptography_HAS_MEM_FUNCTIONS
-        or platform.python_implementation() == "PyPy",
-        reason="Requires OpenSSL memory functions (>=1.1.0) and not PyPy",
-    )
-+    return pytest.mark.skip(
-+        reason="Our FIPS openssl startup code invokes CRYPTO_malloc() which prevents later debugging via CRYPTO_set_mem_functions()"
-+     )
- 
- 
- @pytest.mark.skip_fips(reason="FIPS self-test sets allow_customize = 0")
--- a/vendor.tar.zst
+++ b/vendor.tar.zst