pool/python-cryptography
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1098185 from devel:languages:python

Browse Source 
- update to 41.0.2:
  * Fixed bugs in creating and parsing SSH certificates where
    critical options with values were handled incorrectly.
    Certificates are now created correctly and parsing accepts
    correct values as well as the previously generated
    invalid forms with a warning. In the next release, support
    for parsing these invalid forms will be removed.

- remove patch remove_python_3_6_deprecation_warning.patch as the
  warning was already removed upstream

- Add no-pytest_benchmark.patch, which remove dependency on
  pytest-benchmark and coveralls (We don't need no benchmarking
  and coverage measurement; bsc#1213005).

OBS-URL: https://build.opensuse.org/request/show/1098185
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=79
This commit is contained in:
Dominique Leuenberger 2023-07-12 15:26:20 +00:00 committed by Git OBS Bridge
commit a8612f6bc4
9 changed files with 313 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_service
View File

@ -1,7 +1,7 @@
<services>
<service name="download_files" mode="disabled"/>
<service name="cargo_vendor" mode="disabled">
<param name="srcdir">cryptography-41.0.1/src/rust</param>
<param name="srcdir">cryptography-41.0.2/src/rust</param>
<param name="compression">zst</param>
</service>
<service name="cargo_audit" mode="disabled">

3
cryptography-41.0.1.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d34579085401d3f49762d2f7d6634d6b6c2ae1242202e860f4d26b046e3a1006
size 629124

BIN
cryptography-41.0.2.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

273
no-pytest_benchmark.patch Normal file
View File

@ -0,0 +1,273 @@
---
pyproject.toml | 31 -------------------------
src/cryptography.egg-info/requires.txt | 2 -
tests/bench/test_aead.py | 40 ++++++++++++++++-----------------
tests/bench/test_ec_load.py | 8 +++---
tests/bench/test_hashes.py | 4 +--
tests/bench/test_hmac.py | 4 +--
tests/bench/test_x509.py | 16 ++++++-------
7 files changed, 37 insertions(+), 68 deletions(-)
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -69,8 +69,6 @@ ssh = ["bcrypt >=3.1.5"]
nox = ["nox"]
test = [
"pytest >=6.2.0",
- "pytest-benchmark",
- "pytest-cov",
"pytest-xdist",
"pretend",
]
@@ -85,7 +83,7 @@ line-length = 79
target-version = ["py37"]
[tool.pytest.ini_options]
-addopts = "-r s --capture=no --strict-markers --benchmark-disable"
+addopts = "-r s --capture=no --strict-markers"
console_output_style = "progress-even-when-capture-no"
markers = [
"skip_fips: this test is not executed in FIPS mode",
@@ -107,33 +105,6 @@ module = [
]
ignore_missing_imports = true
-[tool.coverage.run]
-branch = true
-relative_files = true
-source = [
- "cryptography",
- "tests/",
-]
-
-[tool.coverage.paths]
-source = [
- "src/cryptography",
- "*.nox/*/lib*/python*/site-packages/cryptography",
- "*.nox\\*\\Lib\\site-packages\\cryptography",
- "*.nox/pypy/site-packages/cryptography",
-]
-tests =[
- "tests/",
- "*tests\\",
-]
-
-[tool.coverage.report]
-exclude_lines = [
- "@abc.abstractmethod",
- "@typing.overload",
- "if typing.TYPE_CHECKING",
-]
-
[tool.ruff]
# UP006: Minimum Python 3.9
# UP007, UP038: Minimum Python 3.10
--- a/src/cryptography.egg-info/requires.txt
+++ b/src/cryptography.egg-info/requires.txt
@@ -26,8 +26,6 @@ bcrypt>=3.1.5
[test]
pytest>=6.2.0
-pytest-benchmark
-pytest-cov
pytest-xdist
pretend
--- a/tests/bench/test_aead.py
+++ b/tests/bench/test_aead.py
@@ -19,84 +19,84 @@ from ..hazmat.primitives.test_aead impor
not _aead_supported(ChaCha20Poly1305),
reason="Requires OpenSSL with ChaCha20Poly1305 support",
)
-def test_chacha20poly1305_encrypt(benchmark):
+def test_chacha20poly1305_encrypt():
chacha = ChaCha20Poly1305(b"\x00" * 32)
- benchmark(chacha.encrypt, b"\x00" * 12, b"hello world plaintext", b"")
+ chacha.encrypt(b"\x00" * 12, b"hello world plaintext", b"")
@pytest.mark.skipif(
not _aead_supported(ChaCha20Poly1305),
reason="Requires OpenSSL with ChaCha20Poly1305 support",
)
-def test_chacha20poly1305_decrypt(benchmark):
+def test_chacha20poly1305_decrypt():
chacha = ChaCha20Poly1305(b"\x00" * 32)
ct = chacha.encrypt(b"\x00" * 12, b"hello world plaintext", b"")
- benchmark(chacha.decrypt, b"\x00" * 12, ct, b"")
+ chacha.decrypt(b"\x00" * 12, ct, b"")
-def test_aesgcm_encrypt(benchmark):
+def test_aesgcm_encrypt():
aes = AESGCM(b"\x00" * 32)
- benchmark(aes.encrypt, b"\x00" * 12, b"hello world plaintext", None)
+ aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
-def test_aesgcm_decrypt(benchmark):
+def test_aesgcm_decrypt():
aes = AESGCM(b"\x00" * 32)
ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
- benchmark(aes.decrypt, b"\x00" * 12, ct, None)
+ aes.decrypt(b"\x00" * 12, ct, None)
@pytest.mark.skipif(
not _aead_supported(AESSIV),
reason="Requires OpenSSL with AES-SIV support",
)
-def test_aessiv_encrypt(benchmark):
+def test_aessiv_encrypt():
aes = AESSIV(b"\x00" * 32)
- benchmark(aes.encrypt, b"hello world plaintext", None)
+ aes.encrypt(b"hello world plaintext", None)
@pytest.mark.skipif(
not _aead_supported(AESSIV),
reason="Requires OpenSSL with AES-SIV support",
)
-def test_aessiv_decrypt(benchmark):
+def test_aessiv_decrypt():
aes = AESSIV(b"\x00" * 32)
ct = aes.encrypt(b"hello world plaintext", None)
- benchmark(aes.decrypt, ct, None)
+ aes.decrypt(ct, None)
@pytest.mark.skipif(
not _aead_supported(AESOCB3),
reason="Requires OpenSSL with AES-OCB3 support",
)
-def test_aesocb3_encrypt(benchmark):
+def test_aesocb3_encrypt():
aes = AESOCB3(b"\x00" * 32)
- benchmark(aes.encrypt, b"\x00" * 12, b"hello world plaintext", None)
+ aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
@pytest.mark.skipif(
not _aead_supported(AESOCB3),
reason="Requires OpenSSL with AES-OCB3 support",
)
-def test_aesocb3_decrypt(benchmark):
+def test_aesocb3_decrypt():
aes = AESOCB3(b"\x00" * 32)
ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
- benchmark(aes.decrypt, b"\x00" * 12, ct, None)
+ aes.decrypt(b"\x00" * 12, ct, None)
@pytest.mark.skipif(
not _aead_supported(AESCCM),
reason="Requires OpenSSL with AES-CCM support",
)
-def test_aesccm_encrypt(benchmark):
+def test_aesccm_encrypt():
aes = AESCCM(b"\x00" * 32)
- benchmark(aes.encrypt, b"\x00" * 12, b"hello world plaintext", None)
+ aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
@pytest.mark.skipif(
not _aead_supported(AESCCM),
reason="Requires OpenSSL with AES-CCM support",
)
-def test_aesccm_decrypt(benchmark):
+def test_aesccm_decrypt():
aes = AESCCM(b"\x00" * 32)
ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
- benchmark(aes.decrypt, b"\x00" * 12, ct, None)
+ aes.decrypt(b"\x00" * 12, ct, None)
--- a/tests/bench/test_ec_load.py
+++ b/tests/bench/test_ec_load.py
@@ -5,9 +5,9 @@
from ..hazmat.primitives.fixtures_ec import EC_KEY_SECP256R1
-def test_load_ec_public_numbers(benchmark):
- benchmark(EC_KEY_SECP256R1.public_numbers.public_key)
+def test_load_ec_public_numbers():
+ EC_KEY_SECP256R1.public_numbers.public_key()
-def test_load_ec_private_numbers(benchmark):
- benchmark(EC_KEY_SECP256R1.private_key)
+def test_load_ec_private_numbers():
+ EC_KEY_SECP256R1.private_key()
--- a/tests/bench/test_hashes.py
+++ b/tests/bench/test_hashes.py
@@ -5,10 +5,10 @@
from cryptography.hazmat.primitives import hashes
-def test_sha256(benchmark):
+def test_sha256():
def bench():
h = hashes.Hash(hashes.SHA256())
h.update(b"I love hashing. So much. The best.")
return h.finalize()
- benchmark(bench)
+ bench()
--- a/tests/bench/test_hmac.py
+++ b/tests/bench/test_hmac.py
@@ -5,10 +5,10 @@
from cryptography.hazmat.primitives import hashes, hmac
-def test_hmac_sha256(benchmark):
+def test_hmac_sha256():
def bench():
h = hmac.HMAC(b"my extremely secure key", hashes.SHA256())
h.update(b"I love hashing. So much. The best.")
return h.finalize()
- benchmark(bench)
+ bench()
--- a/tests/bench/test_x509.py
+++ b/tests/bench/test_x509.py
@@ -9,34 +9,34 @@ from cryptography import x509
from ..utils import load_vectors_from_file
-def test_object_identier_constructor(benchmark):
- benchmark(x509.ObjectIdentifier, "1.3.6.1.4.1.11129.2.4.5")
+def test_object_identier_constructor():
+ x509.ObjectIdentifier("1.3.6.1.4.1.11129.2.4.5")
-def test_aki_public_bytes(benchmark):
+def test_aki_public_bytes():
aki = x509.AuthorityKeyIdentifier(
key_identifier=b"\x00" * 16,
authority_cert_issuer=None,
authority_cert_serial_number=None,
)
- benchmark(aki.public_bytes)
+ aki.public_bytes()
-def test_load_der_certificate(benchmark):
+def test_load_der_certificate():
cert_bytes = load_vectors_from_file(
os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
loader=lambda pemfile: pemfile.read(),
mode="rb",
)
- benchmark(x509.load_der_x509_certificate, cert_bytes)
+ x509.load_der_x509_certificate(cert_bytes)
-def test_load_pem_certificate(benchmark):
+def test_load_pem_certificate():
cert_bytes = load_vectors_from_file(
os.path.join("x509", "cryptography.io.pem"),
loader=lambda pemfile: pemfile.read(),
mode="rb",
)
- benchmark(x509.load_pem_x509_certificate, cert_bytes)
+ x509.load_pem_x509_certificate(cert_bytes)

24
python-cryptography.changes
View File

@ -1,3 +1,27 @@
-------------------------------------------------------------------
Tue Jul 11 13:44:14 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 41.0.2:
* Fixed bugs in creating and parsing SSH certificates where
critical options with values were handled incorrectly.
Certificates are now created correctly and parsing accepts
correct values as well as the previously generated
invalid forms with a warning. In the next release, support
for parsing these invalid forms will be removed.
-------------------------------------------------------------------
Tue Jul 11 11:44:23 UTC 2023 - Johannes Kastl <kastl@b1-systems.de>
- remove patch remove_python_3_6_deprecation_warning.patch as the
warning was already removed upstream
-------------------------------------------------------------------
Mon Jul 10 22:52:18 UTC 2023 - Matej Cepl <mcepl@suse.com>
- Add no-pytest_benchmark.patch, which remove dependency on
pytest-benchmark and coveralls (We don't need no benchmarking
and coverage measurement; bsc#1213005).
-------------------------------------------------------------------
Mon Jun 19 20:41:45 UTC 2023 - Dirk Müller <dmueller@suse.com>

9
python-cryptography.spec
View File

@ -27,7 +27,7 @@
%endif
%{?sle15_python_module_pythons}
Name: python-cryptography%{psuffix}
Version: 41.0.1
Version: 41.0.2
Release: 0
Summary: Python library which exposes cryptographic recipes and primitives
License: Apache-2.0 OR BSD-3-Clause
@ -40,9 +40,9 @@ Source2: vendor.tar.zst
Source3: cargo_config
Source4: python-cryptography.keyring
Patch2: skip_openssl_memleak_test.patch
%if 0%{?sle_version} && 0%{?sle_version} <= 150400
Patch3: remove_python_3_6_deprecation_warning.patch
%endif
# PATCH-FEATURE-OPENSUSE no-pytest_benchmark.patch mcepl@suse.com
# We don't need no benchmarking and coverage measurement
Patch4: no-pytest_benchmark.patch
BuildRequires: %{python_module cffi >= 1.12}
BuildRequires: %{python_module devel}
BuildRequires: %{python_module exceptiongroup}
@ -66,7 +66,6 @@ BuildRequires: %{python_module hypothesis >= 1.11.4}
BuildRequires: %{python_module iso8601}
BuildRequires: %{python_module pretend}
BuildRequires: %{python_module pytest > 6.0}
BuildRequires: %{python_module pytest-benchmark}
BuildRequires: %{python_module pytest-subtests}
BuildRequires: %{python_module pytest-xdist}
BuildRequires: %{python_module pytz}

30
remove_python_3_6_deprecation_warning.patch
View File

@ -1,30 +0,0 @@
From 0848826019cdcf3cf783095cb26b3fb394ae6d92 Mon Sep 17 00:00:00 2001
From: Johannes Kastl <kastl@b1-systems.de>
Date: Thu, 12 Jan 2023 11:12:53 +0100
Subject: [PATCH] remove python3.6 deprecation warning
Signed-off-by: Johannes Kastl <kastl@b1-systems.de>
---
src/cryptography/__init__.py | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/src/cryptography/__init__.py b/src/cryptography/__init__.py
index 7f8a25c6e..91b624bf0 100644
--- a/src/cryptography/__init__.py
+++ b/src/cryptography/__init__.py
@@ -13,12 +13,3 @@ __all__ = [
"__author__",
"__copyright__",
]
-
-if sys.version_info[:2] == (3, 6):
- warnings.warn(
- "Python 3.6 is no longer supported by the Python core team. "
- "Therefore, support for it is deprecated in cryptography. The next "
- "release of cryptography will remove support for Python 3.6.",
- CryptographyDeprecationWarning,
- stacklevel=2,
- )
--
2.40.0

14
skip_openssl_memleak_test.patch
View File

@ -1,12 +1,10 @@
---
tests/hazmat/backends/test_openssl_memleak.py | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
tests/hazmat/backends/test_openssl_memleak.py | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
Index: cryptography-40.0.1/tests/hazmat/backends/test_openssl_memleak.py
===================================================================
--- cryptography-40.0.1.orig/tests/hazmat/backends/test_openssl_memleak.py
+++ cryptography-40.0.1/tests/hazmat/backends/test_openssl_memleak.py
@@ -204,12 +204,10 @@ def assert_no_memory_leaks(s, argv=[]):
--- a/tests/hazmat/backends/test_openssl_memleak.py
+++ b/tests/hazmat/backends/test_openssl_memleak.py
@@ -203,12 +203,10 @@ def assert_no_memory_leaks(s, argv=[]):
def skip_if_memtesting_not_supported():
@ -19,7 +17,7 @@ Index: cryptography-40.0.1/tests/hazmat/backends/test_openssl_memleak.py
+ return pytest.mark.skip(
+ reason="Our FIPS openssl startup code invokes CRYPTO_malloc() which prevents later debugging via CRYPTO_set_mem_functions()"
+ )
+
+
@pytest.mark.skip_fips(reason="FIPS self-test sets allow_customize = 0")
@skip_if_memtesting_not_supported()

BIN
vendor.tar.zst (Stored with Git LFS)
View File

Binary file not shown.