diff --git a/_service b/_service
new file mode 100644
index 0000000..ac2b21f
--- /dev/null
+++ b/_service
@@ -0,0 +1,7 @@
+
+
+ cryptography-36.0.0/src/rust
+
+
+
+
diff --git a/cargo_config b/cargo_config
new file mode 100644
index 0000000..6fb4ff4
--- /dev/null
+++ b/cargo_config
@@ -0,0 +1,5 @@
+[source.crates-io]
+replace-with = "vendored-sources"
+
+[source.vendored-sources]
+directory = "vendor"
\ No newline at end of file
diff --git a/cryptography-3.4.8.tar.gz b/cryptography-3.4.8.tar.gz
deleted file mode 100644
index 58b9f30..0000000
--- a/cryptography-3.4.8.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:94cc5ed4ceaefcbe5bf38c8fba6a21fc1d365bb8fb826ea1688e3370b2e24a1c
-size 546907
diff --git a/cryptography-3.4.8.tar.gz.asc b/cryptography-3.4.8.tar.gz.asc
deleted file mode 100644
index 2cb44df..0000000
--- a/cryptography-3.4.8.tar.gz.asc
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCAAdFiEEBf2foWz3VzUNkaVgI1rl8Sn57ZgFAmElKd0ACgkQI1rl8Sn5
-7Zj4mwf6AoZkFckXshuEY9KYUNAd6rrt/J7MKvTXya3zxdH1nCvj+e9VMa3ariCt
-/VZ1f7YEM/brN2YnVe9uN+x1CE5Kt9pL2RANXg6AuT0KWwP2FA7e8alSkG7eHfyv
-zvWfCb8C7IhcoiVGByGF55vRxDQ02n+6/AikBlxQ+3hjQc9HMvjf74SJEhdiCCnu
-D+PHmHuTu1aYw04MzTzhN3UQQewjzttX8xVYpD8nF/N9IxlEZHIAiyiSLUQ44SNR
-S8zbkEHe0yQTx8t39w7Hr0yyFTBW9uNsnyc6+HV9+m3FsAsgVd6ZmpM5JH9vKrYb
-tp8A0Tv5mX5Di0u5ZGjDjjdp+ZeLoQ==
-=aP3q
------END PGP SIGNATURE-----
diff --git a/cryptography-36.0.0.tar.gz b/cryptography-36.0.0.tar.gz
new file mode 100644
index 0000000..a0150f6
--- /dev/null
+++ b/cryptography-36.0.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:52f769ecb4ef39865719aedc67b4b7eae167bafa48dbc2a26dd36fa56460507f
+size 571931
diff --git a/cryptography-36.0.0.tar.gz.asc b/cryptography-36.0.0.tar.gz.asc
new file mode 100644
index 0000000..ece7b42
--- /dev/null
+++ b/cryptography-36.0.0.tar.gz.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCAAdFiEEBf2foWz3VzUNkaVgI1rl8Sn57ZgFAmGavAgACgkQI1rl8Sn5
+7ZjVMwf/Vv0L4kJu2aTH6fqLLxZiDXUnjm3O1Pat2zG4oXbVC9+n4azPicg7Rlv7
+MRCkZ9GelHErxv6u1yGyj6vY/sM/uk9uQPvoi1iP/4JxPKBj0bHROgN/LqEjfOsF
+75JhM5E0QsifbnUuvcHNp8JNpolMAxxbtqxNs/QUymBAu1UPXRk6drDX3PKYcrpR
+9umfuzflKDulyn6wCnAOivceRzekSgnPh+c71FpNuTpmdrJS5AcdOLnyiKbh47LG
+6N2POSh2OdYq2jWNURxfxOSFMxpN5KMRljTE9IwyQXVBJsc7jKNDWK19dS5t5Rs7
+i+9t3V7CWXFln7bxginWQ2A1SbH6PA==
+=ztCF
+-----END PGP SIGNATURE-----
diff --git a/disable-RustExtension.patch b/disable-RustExtension.patch
deleted file mode 100644
index 15b1d22..0000000
--- a/disable-RustExtension.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-Index: cryptography-3.4.8/setup.py
-===================================================================
---- cryptography-3.4.8.orig/setup.py
-+++ cryptography-3.4.8/setup.py
-@@ -13,18 +13,9 @@ from setuptools import find_packages, se
- try:
- from setuptools_rust import RustExtension
- except ImportError:
-- print(
-- """
-- =============================DEBUG ASSISTANCE==========================
-- If you are seeing an error here please try the following to
-- successfully install cryptography:
--
-- Upgrade to the latest pip and try again. This will fix errors for most
-- users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip
-- =============================DEBUG ASSISTANCE==========================
-- """
-- )
-- raise
-+ print("Could not find setuptools_rust."
-+ "Set CRYPTOGRAPHY_DONT_BUILD_RUST in order to not build with Rust")
-+ RustExtension = None
-
-
- base_dir = os.path.dirname(__file__)
-@@ -41,9 +32,9 @@ with open(os.path.join(src_dir, "cryptog
-
- # `install_requirements` and `setup_requirements` must be kept in sync with
- # `pyproject.toml`
--setuptools_rust = "setuptools-rust>=0.11.4"
-+setuptools_rust = ["setuptools-rust>=0.11.4"] if RustExtension else []
- install_requirements = ["cffi>=1.12"]
--setup_requirements = install_requirements + [setuptools_rust]
-+setup_requirements = install_requirements + setuptools_rust
-
- if os.environ.get("CRYPTOGRAPHY_DONT_BUILD_RUST"):
- rust_extensions = []
-@@ -129,9 +120,7 @@ try:
- "twine >= 1.12.0",
- "sphinxcontrib-spelling >= 4.0.1",
- ],
-- "sdist": [
-- setuptools_rust,
-- ],
-+ "sdist": setuptools_rust,
- "pep8test": [
- "black",
- "flake8",
diff --git a/disable-uneven-sizes-tests.patch b/disable-uneven-sizes-tests.patch
deleted file mode 100644
index 4b90fa9..0000000
--- a/disable-uneven-sizes-tests.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-Index: cryptography-3.0/tests/hazmat/primitives/test_rsa.py
-===================================================================
---- cryptography-3.0.orig/tests/hazmat/primitives/test_rsa.py
-+++ cryptography-3.0/tests/hazmat/primitives/test_rsa.py
-@@ -174,7 +174,8 @@ class TestRSA(object):
- ("public_exponent", "key_size"),
- itertools.product(
- (3, 65537),
-- (1024, 1025, 1026, 1027, 1028, 1029, 1030, 1031, 1536, 2048),
-+ #(1024, 1025, 1026, 1027, 1028, 1029, 1030, 1031, 1536, 2048),
-+ (1024, 1026, 1028, 1030, 1536, 2048),
- ),
- )
- def test_generate_rsa_keys(self, backend, public_exponent, key_size):
diff --git a/python-cryptography.changes b/python-cryptography.changes
index 0212bfa..8951fdc 100644
--- a/python-cryptography.changes
+++ b/python-cryptography.changes
@@ -1,3 +1,85 @@
+-------------------------------------------------------------------
+Sat Nov 27 15:56:28 UTC 2021 - Dirk Müller
+
+- update to 36.0.0:
+ * FINAL DEPRECATION Support for verifier and signer on our asymmetric key
+ classes was deprecated in version 2.1. These functions had an extended
+ deprecation due to usage, however the next version of cryptography will
+ drop support. Users should migrate to sign and verify.
+ * The entire X.509 layer is now written in Rust. This allows alternate
+ asymmetric key implementations that can support cloud key management
+ services or hardware security modules provided they implement the necessary
+ interface (for example: EllipticCurvePrivateKey).
+ * Deprecated the backend argument for all functions.
+ * Added support for AESOCB3.
+ * Added support for iterating over arbitrary request attributes.
+ * Deprecated the get_attribute_for_oid method on CertificateSigningRequest in
+ favor of get_attribute_for_oid() on the new Attributes object.
+ * Fixed handling of PEM files to allow loading when certificate and key are
+ in the same file.
+ * Fixed parsing of CertificatePolicies extensions containing legacy BMPString values in their explicitText.
+ * Allow parsing of negative serial numbers in certificates. Negative serial
+ numbers are prohibited by RFC 5280 so a deprecation warning will be raised
+ whenever they are encountered. A future version of cryptography will drop
+ support for parsing them.
+ * Added support for parsing PKCS12 files with friendly names for all
+ certificates with load_pkcs12(), which will return an object of type
+ PKCS12KeyAndCertificates.
+ * rfc4514_string() and related methods now have an optional
+ attr_name_overrides parameter to supply custom OID to name mappings, which
+ can be used to match vendor-specific extensions.
+ * BACKWARDS INCOMPATIBLE: Reverted the nonstandard formatting of email
+ address fields as E in rfc4514_string() methods from version 35.0.
+ * The previous behavior can be restored with:
+ name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"})
+ * Allow X25519PublicKey and X448PublicKey to be used as public keys when
+ parsing certificates or creating them with CertificateBuilder. These key
+ types must be signed with a different signing algorithm as X25519 and X448
+ do not support signing.
+ * Extension values can now be serialized to a DER byte string by calling public_bytes().
+ * Added experimental support for compiling against BoringSSL. As BoringSSL
+ does not commit to a stable API, cryptography tests against the latest
+ commit only. Please note that several features are not available when
+ building against BoringSSL.
+ * Parsing CertificateSigningRequest from DER and PEM now, for a limited time
+ period, allows the Extension critical field to be incorrectly encoded. See
+ the issue for complete details. This will be reverted in a future
+ cryptography release.
+ * When OCSPNonce are parsed and generated their value is now correctly
+ wrapped in an ASN.1 OCTET STRING. This conforms to RFC 6960 but conflicts
+ with the original behavior specified in RFC 2560. For a temporary period
+ for backwards compatibility, we will also parse values that are encoded as
+ specified in RFC 2560 but this behavior will be removed in a future
+ release.
+ * Changed the version scheme. This will result in us incrementing the major
+ version more frequently, but does not change our existing backwards
+ compatibility policy.
+ * BACKWARDS INCOMPATIBLE: The X.509 PEM parsers now require that the PEM
+ string passed have PEM delimiters of the correct type. For example, parsing
+ a private key PEM concatenated with a certificate PEM will no longer be
+ accepted by the PEM certificate parser.
+ * BACKWARDS INCOMPATIBLE: The X.509 certificate parser no longer allows
+ negative serial numbers. RFC 5280 has always prohibited these.
+ * BACKWARDS INCOMPATIBLE: Additional forms of invalid ASN.1 found during
+ X.509 parsing will raise an error on initial parse rather than when the
+ malformed field is accessed.
+ * Rust is now required for building cryptography, the
+ CRYPTOGRAPHY_DONT_BUILD_RUST environment variable is no longer respected.
+ * Parsers for X.509 no longer use OpenSSL and have been rewritten in Rust.
+ This should be backwards compatible (modulo the items listed above) and
+ improve both security and performance.
+ * Added support for OpenSSL 3.0.0 as a compilation target.
+ * Added support for SM3 and SM4, when using OpenSSL 1.1.1. These algorithms
+ are provided for compatibility in regions where they may be required, and
+ are not generally recommended.
+ * We now ship manylinux_2_24 and musllinux_1_1 wheels, in addition to our
+ manylinux2010 and manylinux2014 wheels. Users on distributions like Alpine
+ Linux should ensure they upgrade to the latest pip to correctly receive
+ wheels.
+ * Added rfc4514_attribute_name attribute to x509.NameAttribute.
+- drop disable-uneven-sizes-tests.patch (upstream)
+- drop disable-RustExtension.patch: building rust extension now
+
-------------------------------------------------------------------
Tue Oct 12 18:54:25 UTC 2021 - Ben Greiner
diff --git a/python-cryptography.spec b/python-cryptography.spec
index 43a1bc2..dcd7c3c 100644
--- a/python-cryptography.spec
+++ b/python-cryptography.spec
@@ -18,10 +18,9 @@
%{?!python_module:%define python_module() python3-%{**}}
%define skip_python2 1
-# disabled in order to avoid pulling dependencies -- adrian@suse.de
-%bcond_with rust
+%global rustflags '-Clink-arg=-Wl,-z,relro,-z,now'
Name: python-cryptography
-Version: 3.4.8
+Version: 36.0.0
Release: 0
Summary: Python library which exposes cryptographic recipes and primitives
License: Apache-2.0 OR BSD-3-Clause
@@ -29,22 +28,24 @@ Group: Development/Languages/Python
URL: https://cryptography.io/en/latest/
Source0: https://files.pythonhosted.org/packages/source/c/cryptography/cryptography-%{version}.tar.gz
Source1: https://files.pythonhosted.org/packages/source/c/cryptography/cryptography-%{version}.tar.gz.asc
-Source2: %{name}.keyring
+# use `osc service disabledrun` to regenerate
+Source2: vendor.tar.xz
+# use `osc service disabledrun` to regenerate
+Source3: cargo_config
+Source4: %{name}.keyring
# PATCH-FIX-SLE disable-uneven-sizes-tests.patch bnc#944204
-Patch1: disable-uneven-sizes-tests.patch
+#Patch1: disable-uneven-sizes-tests.patch
Patch2: skip_openssl_memleak_test.patch
-# PATCH-FEATURE-OPENSUSE disable-RustExtension.patch -- disable setuptools_rust requirement if not building with rust
-Patch3: disable-RustExtension.patch
BuildRequires: %{python_module cffi >= 1.12}
BuildRequires: %{python_module devel}
+BuildRequires: %{python_module setuptools-rust}
BuildRequires: %{python_module setuptools}
-%if %{with rust}
-BuildRequires: %{python_module setuptools_rust}
-%endif
+BuildRequires: cargo >= 1.41.0
BuildRequires: fdupes
BuildRequires: libopenssl-devel
BuildRequires: pkgconfig
BuildRequires: python-rpm-macros
+BuildRequires: rust >= 1.41.0
BuildRequires: pkgconfig(libffi)
%requires_eq python-cffi
# python-base is not enough, we need the _ssl module
@@ -73,23 +74,21 @@ symmetric ciphers, message digests and key derivation
functions.
%prep
-%autosetup -p1 -n cryptography-%{version}
+%autosetup -a2 -p1 -n cryptography-%{version}
+mkdir .cargo
+cp %{SOURCE3} .cargo/config
%build
-%if ! %{with rust}
-export CRYPTOGRAPHY_DONT_BUILD_RUST=1
-%endif
+export RUSTFLAGS=%{rustflags}
export CFLAGS="%{optflags} -fno-strict-aliasing"
%python_build
%install
+export RUSTFLAGS=%{rustflags}
# Actually other *.c and *.h are appropriate
# see https://github.com/pyca/cryptography/issues/1463
find . -name .keep -print -delete
-%if ! %{with rust}
-export CRYPTOGRAPHY_DONT_BUILD_RUST=1
-%endif
%python_install
%python_expand %fdupes %{buildroot}%{$python_sitearch}
diff --git a/vendor.tar.xz b/vendor.tar.xz
new file mode 100644
index 0000000..ecda7d3
--- /dev/null
+++ b/vendor.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1927ba06344a149b43901db90858a8f86b81ee33219ba0329fdf6ef1c1d170c7
+size 5896808