diff --git a/cryptography-42.0.2.tar.gz b/cryptography-42.0.2.tar.gz deleted file mode 100644 index c3cccdb..0000000 --- a/cryptography-42.0.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e0ec52ba3c7f1b7d813cd52649a5b3ef1fc0d433219dc8c93827c57eab6cf888 -size 672761 diff --git a/cryptography-42.0.4.tar.gz b/cryptography-42.0.4.tar.gz new file mode 100644 index 0000000..db54313 --- /dev/null +++ b/cryptography-42.0.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:831a4b37accef30cccd34fcb916a5d7b5be3cbbe27268a02832c3e450aea39cb +size 670311 diff --git a/python-cryptography.changes b/python-cryptography.changes index 48532bf..7e40637 100644 --- a/python-cryptography.changes +++ b/python-cryptography.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Thu Feb 22 17:10:39 UTC 2024 - Daniel Garcia + +- update to 42.0.4 (bsc#1220210, CVE-2024-26130): + * Fixed a null-pointer-dereference and segfault that could occur + when creating a PKCS#12 bundle. Credit to Alexander-Programming + for reporting the issue. CVE-2024-26130 + * Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields + SMIMECapabilities and SignatureAlgorithmIdentifier should now be + correctly encoded according to the definitions in :rfc:2633 + :rfc:3370. +- update to 42.0.3: + * Fixed an initialization issue that caused key loading failures for some + users. +- Drop patch skip_openssl_memleak_test.patch not needed anymore. + ------------------------------------------------------------------- Wed Jan 31 17:24:29 UTC 2024 - Dirk Müller diff --git a/python-cryptography.spec b/python-cryptography.spec index 5f771f3..22cd45b 100644 --- a/python-cryptography.spec +++ b/python-cryptography.spec @@ -27,7 +27,7 @@ %endif %{?sle15_python_module_pythons} Name: python-cryptography%{psuffix} -Version: 42.0.2 +Version: 42.0.4 Release: 0 Summary: Python library which exposes cryptographic recipes and primitives License: Apache-2.0 OR BSD-3-Clause @@ -37,7 +37,6 @@ Source0: https://files.pythonhosted.org/packages/source/c/cryptography/cr # use `osc service manualrun` to regenerate Source2: vendor.tar.zst Source4: python-cryptography.keyring -Patch2: skip_openssl_memleak_test.patch # PATCH-FEATURE-OPENSUSE no-pytest_benchmark.patch mcepl@suse.com # We don't need no benchmarking and coverage measurement Patch4: no-pytest_benchmark.patch diff --git a/skip_openssl_memleak_test.patch b/skip_openssl_memleak_test.patch deleted file mode 100644 index 19d253b..0000000 --- a/skip_openssl_memleak_test.patch +++ /dev/null @@ -1,23 +0,0 @@ ---- - tests/hazmat/backends/test_openssl_memleak.py | 10 ++++------ - 1 file changed, 4 insertions(+), 6 deletions(-) - -Index: cryptography-42.0.1/tests/hazmat/backends/test_openssl_memleak.py -=================================================================== ---- cryptography-42.0.1.orig/tests/hazmat/backends/test_openssl_memleak.py -+++ cryptography-42.0.1/tests/hazmat/backends/test_openssl_memleak.py -@@ -199,11 +199,9 @@ def assert_no_memory_leaks(s, argv=[]): - - - def skip_if_memtesting_not_supported(): -- return pytest.mark.skipif( -- not Binding().lib.Cryptography_HAS_MEM_FUNCTIONS -- or platform.python_implementation() == "PyPy", -- reason="Requires OpenSSL memory functions (>=1.1.0) and not PyPy", -- ) -+ return pytest.mark.skip( -+ reason="Our FIPS openssl startup code invokes CRYPTO_malloc() which prevents later debugging via CRYPTO_set_mem_functions()" -+ ) - - - @pytest.mark.skip_fips(reason="FIPS self-test sets allow_customize = 0") diff --git a/vendor.tar.zst b/vendor.tar.zst index e8953a0..ed35a00 100644 --- a/vendor.tar.zst +++ b/vendor.tar.zst @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:f866111f24143602745f8866645019ef7e13130c6ae2e4220c9dae90a22dda77 -size 4918483 +oid sha256:8e06af528b28e87cdd465b889d18afb398871bf9592bd46153c2c94b3d61a8f7 +size 4912304