- update to 42.0.4 (bsc#1220210, CVE-2024-26130):

* Fixed a null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle. Credit to Alexander-Programming for reporting the issue. CVE-2024-26130 * Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields SMIMECapabilities and SignatureAlgorithmIdentifier should now be correctly encoded according to the definitions in :rfc:2633 :rfc:3370. - update to 42.0.3: * Fixed an initialization issue that caused key loading failures for some users. - Drop patch skip_openssl_memleak_test.patch not needed anymore. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=209
2024-02-22 17:38:15 +00:00 · 2024-02-22 17:38:15 +00:00 · 22718d2516
commit 22718d2516
parent 1baef87c05
6 changed files with 22 additions and 30 deletions
--- a/cryptography-42.0.2.tar.gz
+++ b/cryptography-42.0.2.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:e0ec52ba3c7f1b7d813cd52649a5b3ef1fc0d433219dc8c93827c57eab6cf888
 size 672761
--- a/cryptography-42.0.4.tar.gz
+++ b/cryptography-42.0.4.tar.gz
--- a/python-cryptography.changes
+++ b/python-cryptography.changes
@ -1,3 +1,19 @@
 -------------------------------------------------------------------
 Thu Feb 22 17:10:39 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
 - update to 42.0.4 (bsc#1220210, CVE-2024-26130):
  * Fixed a null-pointer-dereference and segfault that could occur
    when creating a PKCS#12 bundle. Credit to Alexander-Programming
    for reporting the issue. CVE-2024-26130
  * Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields
    SMIMECapabilities and SignatureAlgorithmIdentifier should now be
    correctly encoded according to the definitions in :rfc:2633
    :rfc:3370.
 - update to 42.0.3:
  * Fixed an initialization issue that caused key loading failures for some
    users.
 - Drop patch skip_openssl_memleak_test.patch not needed anymore.
 -------------------------------------------------------------------
 Wed Jan 31 17:24:29 UTC 2024 - Dirk Müller <dmueller@suse.com>
--- a/python-cryptography.spec
+++ b/python-cryptography.spec
@ -27,7 +27,7 @@
 %endif
 %{?sle15_python_module_pythons}
 Name:           python-cryptography%{psuffix}
-Version:        42.0.2
+Version:        42.0.4
 Release:        0
 Summary:        Python library which exposes cryptographic recipes and primitives
 License:        Apache-2.0 OR BSD-3-Clause
@ -37,7 +37,6 @@ Source0:        https://files.pythonhosted.org/packages/source/c/cryptography/cr
 # use `osc service manualrun` to regenerate
 Source2:        vendor.tar.zst
 Source4:        python-cryptography.keyring
 Patch2:         skip_openssl_memleak_test.patch
 # PATCH-FEATURE-OPENSUSE no-pytest_benchmark.patch mcepl@suse.com
 # We don't need no benchmarking and coverage measurement
 Patch4:         no-pytest_benchmark.patch
--- a/skip_openssl_memleak_test.patch
+++ b/skip_openssl_memleak_test.patch
@ -1,23 +0,0 @@
 ---
 tests/hazmat/backends/test_openssl_memleak.py |   10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)
 Index: cryptography-42.0.1/tests/hazmat/backends/test_openssl_memleak.py
 ===================================================================
 --- cryptography-42.0.1.orig/tests/hazmat/backends/test_openssl_memleak.py
 +++ cryptography-42.0.1/tests/hazmat/backends/test_openssl_memleak.py
@@ -199,11 +199,9 @@ def assert_no_memory_leaks(s, argv=[]):
 def skip_if_memtesting_not_supported():
 -    return pytest.mark.skipif(
 -        not Binding().lib.Cryptography_HAS_MEM_FUNCTIONS
 -        or platform.python_implementation() == "PyPy",
 -        reason="Requires OpenSSL memory functions (>=1.1.0) and not PyPy",
 -    )
 +    return pytest.mark.skip(
 +        reason="Our FIPS openssl startup code invokes CRYPTO_malloc() which prevents later debugging via CRYPTO_set_mem_functions()"
 +     )
 @pytest.mark.skip_fips(reason="FIPS self-test sets allow_customize = 0")
--- a/vendor.tar.zst
+++ b/vendor.tar.zst