Accepting request 1189786 from devel:languages:python

- update to 43.0.0: * BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e has been removed. Users on older version of OpenSSL will need to upgrade. * BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.1. * Updated the minimum supported Rust version (MSRV) to 1.65.0, from 1.63.0. * :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generat e_private_key` now enforces a minimum RSA key size of 1024-bit. Note that 1024-bit is still considered insecure, users should generally use a key size of 2048-bits. * :func:`~cryptography.hazmat.primitives.serialization.pkcs7.se rialize_certificates` now emits ASN.1 that more closely follows the recommendations in RFC 2315. * Added new :doc:`/hazmat/decrepit/index` module which contains outdated and insecure cryptographic primitives. :class:`~cryp tography.hazmat.primitives.ciphers.algorithms.CAST5`, :class: `~cryptography.hazmat.primitives.ciphers.algorithms.SEED`, :c lass:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA `, and :class:`~cryptography.hazmat.primitives.ciphers.algori thms.Blowfish`, which were deprecated in 37.0.0, have been added to this module. They will be removed from the cipher module in 45.0.0. * Moved :class:`~cryptography.hazmat.primitives.ciphers.algorit hms.TripleDES` and :class:`~cryptography.hazmat.primitives.ci phers.algorithms.ARC4` into :doc:`/hazmat/decrepit/index` and deprecated them in the cipher module. They will be removed from the cipher module in 48.0.0. OBS-URL: https://build.opensuse.org/request/show/1189786 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=91
2024-07-31 11:28:09 +00:00 · 2024-07-31 11:28:09 +00:00 · e2573595d6
commit e2573595d6
parent 81867a0a54 9afb0c1aec
8 changed files with 147 additions and 44 deletions
--- a/4
+++ b/4
@ -1,7 +1,9 @@
 <services>
  <service name="download_files" mode="manual"/>
  <service name="cargo_vendor" mode="manual">
-    <param name="srcdir">cryptography-42.0.8/src/rust</param>
+    <param name="src">cryptography-43.0.0/src/rust</param>
    <param name="cargotoml">Cargo.toml</param>
    <param name="compression">zst</param>
    <param name="update">false</param>
  </service>
 </services>
--- a/cryptography-42.0.8.tar.gz
+++ b/cryptography-42.0.8.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:8d09d05439ce7baa8e9e95b07ec5b6c886f548deb7e0f69ef25f64b3bce842f2
 size 671250
--- a/cryptography-43.0.0.tar.gz
+++ b/cryptography-43.0.0.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:b88075ada2d51aa9f18283532c9f60e72170041bba88d7f37e49cbb10275299e
 size 686873
--- a/no-pytest_benchmark.patch
+++ b/no-pytest_benchmark.patch
@ -8,21 +8,21 @@
 tests/bench/test_x509.py               |   16 ++++++-------
 7 files changed, 37 insertions(+), 68 deletions(-)
-Index: cryptography-42.0.1/pyproject.toml
+Index: cryptography-43.0.0/pyproject.toml
 ===================================================================
--- cryptography-42.0.1.orig/pyproject.toml
+--- cryptography-43.0.0.orig/pyproject.toml
-+++ cryptography-42.0.1/pyproject.toml
+++ cryptography-43.0.0/pyproject.toml
-@@ -71,8 +71,6 @@ ssh = ["bcrypt >=3.1.5"]
+@@ -66,8 +66,6 @@ nox = ["nox"]
 nox = ["nox"]
 test = [
     "cryptography_vectors==43.0.0",
     "pytest >=6.2.0",
 -    "pytest-benchmark",
 -    "pytest-cov",
     "pytest-xdist",
     "pretend",
     "certifi",
-@@ -92,7 +90,7 @@ rust-version = ">=1.63.0"
+@@ -118,7 +116,7 @@ exclude = [
- 
+ ]
 [tool.pytest.ini_options]
 -addopts = "-r s --capture=no --strict-markers --benchmark-disable"
@ -30,7 +30,7 @@ Index: cryptography-42.0.1/pyproject.toml
 console_output_style = "progress-even-when-capture-no"
 markers = [
     "skip_fips: this test is not executed in FIPS mode",
-@@ -114,33 +112,6 @@ module = [
+@@ -140,33 +138,6 @@ module = [
 ]
 ignore_missing_imports = true
@ -62,25 +62,12 @@ Index: cryptography-42.0.1/pyproject.toml
 -]
 -
 [tool.ruff]
- ignore = ['N818']
+ line-length = 79
 select = ['E', 'F', 'I', 'N', 'W', 'UP', 'RUF']
 Index: cryptography-42.0.1/src/cryptography.egg-info/requires.txt
 ===================================================================
 --- cryptography-42.0.1.orig/src/cryptography.egg-info/requires.txt
 +++ cryptography-42.0.1/src/cryptography.egg-info/requires.txt
@@ -28,8 +28,6 @@ bcrypt>=3.1.5
- [test]
+Index: cryptography-43.0.0/tests/bench/test_aead.py
 pytest>=6.2.0
 -pytest-benchmark
 -pytest-cov
 pytest-xdist
 pretend
 certifi
 Index: cryptography-42.0.1/tests/bench/test_aead.py
 ===================================================================
--- cryptography-42.0.1.orig/tests/bench/test_aead.py
+--- cryptography-43.0.0.orig/tests/bench/test_aead.py
-+++ cryptography-42.0.1/tests/bench/test_aead.py
+++ cryptography-43.0.0/tests/bench/test_aead.py
@@ -26,84 +26,84 @@ def _aead_supported(cls):
     not _aead_supported(ChaCha20Poly1305),
     reason="Requires OpenSSL with ChaCha20Poly1305 support",
@ -186,10 +173,10 @@ Index: cryptography-42.0.1/tests/bench/test_aead.py
     ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
 -    benchmark(aes.decrypt, b"\x00" * 12, ct, None)
 +    aes.decrypt(b"\x00" * 12, ct, None)
-Index: cryptography-42.0.1/tests/bench/test_ec_load.py
+Index: cryptography-43.0.0/tests/bench/test_ec_load.py
 ===================================================================
--- cryptography-42.0.1.orig/tests/bench/test_ec_load.py
+--- cryptography-43.0.0.orig/tests/bench/test_ec_load.py
-+++ cryptography-42.0.1/tests/bench/test_ec_load.py
+++ cryptography-43.0.0/tests/bench/test_ec_load.py
@@ -5,9 +5,9 @@
 from ..hazmat.primitives.fixtures_ec import EC_KEY_SECP256R1
@ -204,10 +191,10 @@ Index: cryptography-42.0.1/tests/bench/test_ec_load.py
 -    benchmark(EC_KEY_SECP256R1.private_key)
 +def test_load_ec_private_numbers():
 +    EC_KEY_SECP256R1.private_key()
-Index: cryptography-42.0.1/tests/bench/test_hashes.py
+Index: cryptography-43.0.0/tests/bench/test_hashes.py
 ===================================================================
--- cryptography-42.0.1.orig/tests/bench/test_hashes.py
+--- cryptography-43.0.0.orig/tests/bench/test_hashes.py
-+++ cryptography-42.0.1/tests/bench/test_hashes.py
+++ cryptography-43.0.0/tests/bench/test_hashes.py
@@ -5,10 +5,10 @@
 from cryptography.hazmat.primitives import hashes
@ -221,10 +208,10 @@ Index: cryptography-42.0.1/tests/bench/test_hashes.py
 -    benchmark(bench)
 +    bench()
-Index: cryptography-42.0.1/tests/bench/test_hmac.py
+Index: cryptography-43.0.0/tests/bench/test_hmac.py
 ===================================================================
--- cryptography-42.0.1.orig/tests/bench/test_hmac.py
+--- cryptography-43.0.0.orig/tests/bench/test_hmac.py
-+++ cryptography-42.0.1/tests/bench/test_hmac.py
+++ cryptography-43.0.0/tests/bench/test_hmac.py
@@ -5,10 +5,10 @@
 from cryptography.hazmat.primitives import hashes, hmac
@ -238,10 +225,10 @@ Index: cryptography-42.0.1/tests/bench/test_hmac.py
 -    benchmark(bench)
 +    bench()
-Index: cryptography-42.0.1/tests/bench/test_x509.py
+Index: cryptography-43.0.0/tests/bench/test_x509.py
 ===================================================================
--- cryptography-42.0.1.orig/tests/bench/test_x509.py
+--- cryptography-43.0.0.orig/tests/bench/test_x509.py
-+++ cryptography-42.0.1/tests/bench/test_x509.py
+++ cryptography-43.0.0/tests/bench/test_x509.py
@@ -13,40 +13,40 @@ from cryptography import x509
 from ..utils import load_vectors_from_file
@ -298,3 +285,16 @@ Index: cryptography-42.0.1/tests/bench/test_x509.py
 -    benchmark(bench)
 +    bench
 Index: cryptography-43.0.0/tests/bench/test_fernet.py
 ===================================================================
 --- cryptography-43.0.0.orig/tests/bench/test_fernet.py
 +++ cryptography-43.0.0/tests/bench/test_fernet.py
@@ -5,6 +5,6 @@
 from cryptography import fernet
 -def test_fernet_encrypt(benchmark):
 +def test_fernet_encrypt():
     f = fernet.Fernet(fernet.Fernet.generate_key())
 -    benchmark(f.encrypt, b"\x00" * 256)
 +    f.encrypt(b"\x00" * 256)
--- a/python-cryptography.changes
+++ b/python-cryptography.changes
@ -1,3 +1,85 @@
 -------------------------------------------------------------------
 Fri Jul 26 10:33:45 UTC 2024 - Dirk Müller <dmueller@suse.com>
 - update to 43.0.0:
  * BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e
    has been removed.  Users on older version of OpenSSL will
    need to upgrade.
  * BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8.
  * Updated Windows, macOS, and Linux wheels to be compiled with
    OpenSSL 3.3.1.
  * Updated the minimum supported Rust version (MSRV) to 1.65.0,
    from 1.63.0.
  * :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generat
    e_private_key` now enforces a minimum RSA key size of
    1024-bit. Note that 1024-bit is still considered insecure,
    users should generally use a key size of 2048-bits.
  * :func:`~cryptography.hazmat.primitives.serialization.pkcs7.se
    rialize_certificates` now emits ASN.1 that more closely
    follows the recommendations in RFC 2315.
  * Added new :doc:`/hazmat/decrepit/index` module which contains
    outdated and insecure cryptographic primitives. :class:`~cryp
    tography.hazmat.primitives.ciphers.algorithms.CAST5`, :class:
    `~cryptography.hazmat.primitives.ciphers.algorithms.SEED`, :c
    lass:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA
    `, and :class:`~cryptography.hazmat.primitives.ciphers.algori
    thms.Blowfish`, which were deprecated in 37.0.0, have been
    added to this module. They will be removed from the cipher
    module in 45.0.0.
  * Moved :class:`~cryptography.hazmat.primitives.ciphers.algorit
    hms.TripleDES` and :class:`~cryptography.hazmat.primitives.ci
    phers.algorithms.ARC4` into :doc:`/hazmat/decrepit/index` and
    deprecated them in the cipher module. They will be removed
    from the cipher module in 48.0.0.
  * Added support for deterministic
    :class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDSA`
    (RFC 6979)
  * Added support for client certificate verification to the
    :mod:`X.509 path validation <cryptography.x509.verification>`
    APIs in the form of
    :class:`~cryptography.x509.verification.ClientVerifier`,
    :class:`~cryptography.x509.verification.VerifiedClient`, and
    PolicyBuilder :meth:`~cryptography.x509.verification.PolicyBu
    ilder.build_client_verifier`.
  * Added Certificate :attr:`~cryptography.x509.Certificate.publi
    c_key_algorithm_oid` and Certificate Signing Request :attr:`~
    cryptography.x509.CertificateSigningRequest.public_key_algori
    thm_oid` to determine the
    :class:`~cryptography.hazmat._oid.PublicKeyAlgorithmOID`
    Object Identifier of the public key found inside the
    certificate.
  * Added :attr:`~cryptography.x509.InvalidityDate.invalidity_dat
    e_utc`, a timezone-aware alternative to the naïve datetime
    attribute
    :attr:`~cryptography.x509.InvalidityDate.invalidity_date`.
  * Added support for parsing empty DN string in
    :meth:`~cryptography.x509.Name.from_rfc4514_string`.
  * Added the following properties that return timezone-aware
    datetime objects:
    :meth:`~cryptography.x509.ocsp.OCSPResponse.produced_at_utc`,
    :meth:`~cryptography.x509.ocsp.OCSPResponse.revocation_time_u
    tc`,
    :meth:`~cryptography.x509.ocsp.OCSPResponse.this_update_utc`,
    :meth:`~cryptography.x509.ocsp.OCSPResponse.next_update_utc`,
    :meth:`~cryptography.x509.ocsp.OCSPSingleResponse.revocation_
    time_utc`, :meth:`~cryptography.x509.ocsp.OCSPSingleResponse.
    this_update_utc`, :meth:`~cryptography.x509.ocsp.OCSPSingleRe
    sponse.next_update_utc`, These are timezone-aware variants of
    existing properties that return naïve datetime objects.
  * Added :func:`~cryptography.hazmat.primitives.asymmetric.rsa.r
    sa_recover_private_exponent`
  * Added :meth:`~cryptography.hazmat.primitives.ciphers.CipherCo
    ntext.reset_nonce` for altering the nonce of a cipher context
    without initializing a new instance. See the docs for
    additional restrictions.
  * :class:`~cryptography.x509.NameAttribute` now raises an
    exception when attempting to create a common name whose
    length is shorter or longer than RFC 5280 permits.
  * Added basic support for PKCS7 encryption (including SMIME)
    via :class:`~cryptography.hazmat.primitives.serialization.pkc
    s7.PKCS7EnvelopeBuilder`.
 - add use-offline-build.patch
 -------------------------------------------------------------------
 Sat Jun  8 12:04:15 UTC 2024 - Dirk Müller <dmueller@suse.com>
--- a/python-cryptography.spec
+++ b/python-cryptography.spec
@ -27,7 +27,7 @@
 %endif
 %{?sle15_python_module_pythons}
 Name:           python-cryptography%{psuffix}
-Version:        42.0.8
+Version:        43.0.0
 Release:        0
 Summary:        Python library which exposes cryptographic recipes and primitives
 License:        Apache-2.0 OR BSD-3-Clause
@ -37,14 +37,19 @@ Source0:        https://files.pythonhosted.org/packages/source/c/cryptography/cr
 # use `osc service manualrun` to regenerate
 Source2:        vendor.tar.zst
 Source4:        python-cryptography.keyring
 Patch1:         use-offline-build.patch
 # PATCH-FEATURE-OPENSUSE no-pytest_benchmark.patch mcepl@suse.com
 # We don't need no benchmarking and coverage measurement
 Patch4:         no-pytest_benchmark.patch
 BuildRequires:  %{python_module cffi >= 1.12}
 BuildRequires:  %{python_module devel}
 BuildRequires:  %{python_module exceptiongroup}
 BuildRequires:  %{python_module maturin}
 BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module setuptools-rust >= 1.7.0}
 BuildRequires:  %{python_module setuptools-rust >= 1.7.0}
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  %{python_module wheel}
 BuildRequires:  cargo >= 1.56.0
--- a/use-offline-build.patch
+++ b/use-offline-build.patch
@ -0,0 +1,14 @@
 Index: cryptography-43.0.0/pyproject.toml
 ===================================================================
 --- cryptography-43.0.0.orig/pyproject.toml
 +++ cryptography-43.0.0/pyproject.toml
@@ -84,7 +84,8 @@ python-source = "src"
 python-packages = ["cryptography"]
 manifest-path = "src/rust/Cargo.toml"
 module-name = "cryptography.hazmat.bindings._rust"
 -locked = true
 +locked = false
 +offline = true
 sdist-generator = "git"
 features = ["pyo3/abi3-py37"]
 include = [
--- a/vendor.tar.zst
+++ b/vendor.tar.zst
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:9839d58f58507ae33f08c2a78c19a2334d709b8caac522131276c395469b9c34
+oid sha256:60c28d9dc8f864cd112b91c911f7ddc7718117540c4b94c87c335289200aad9e
-size 5429762
+size 1948651