Dirk Mueller
9dcbf03b03
- Update to 46.0.5 (fixes CVE-2026-26007, bsc#1258074)
* An attacker could create a malicious public key that reveals portions of
your private key when using certain uncommon elliptic curves (binary
curves). This version now includes additional security checks to prevent
this attack. This issue only affects binary elliptic curves, which are
rarely used in real-world applications. Credit to XlabAI Team of Tencent
Xuanwu Lab and Atuin Automated Vulnerability Discovery Engine for reporting
the issue. CVE-2026-26007
* Support for SECT* binary elliptic curves is deprecated and will be removed
in the next release.
- Update to 46.0.4
* Dropped support for win_arm64 wheels.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.
- Update to 46.0.3
* Fixed compilation when using LibreSSL 4.2.0.
OBS-URL: https://build.opensuse.org/request/show/1332821
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=260
138 lines
4.8 KiB
RPMSpec
138 lines
4.8 KiB
RPMSpec
#
|
|
# spec file for package python-cryptography
|
|
#
|
|
# Copyright (c) 2026 SUSE LLC and contributors
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
%global rustflags '-Clink-arg=-Wl,-z,relro,-z,now'
|
|
%global flavor @BUILD_FLAVOR@%{nil}
|
|
%if "%{flavor}" == "test"
|
|
%define psuffix -test
|
|
%bcond_without test
|
|
%else
|
|
%define psuffix %{nil}
|
|
%bcond_with test
|
|
%endif
|
|
%{?sle15_python_module_pythons}
|
|
Name: python-cryptography%{psuffix}
|
|
# ALWAYS KEEP IN SYNC WITH python-cryptography-vectors!
|
|
Version: 46.0.5
|
|
Release: 0
|
|
Summary: Python library which exposes cryptographic recipes and primitives
|
|
License: Apache-2.0 OR BSD-3-Clause
|
|
Group: Development/Languages/Python
|
|
URL: https://cryptography.io/en/latest/
|
|
Source0: https://files.pythonhosted.org/packages/source/c/cryptography/cryptography-%{version}.tar.gz
|
|
# use `osc service manualrun` to regenerate
|
|
Source2: vendor.tar.zst
|
|
Source4: python-cryptography.keyring
|
|
# PATCH-FEATURE-OPENSUSE no-pytest_benchmark.patch mcepl@suse.com
|
|
# We don't need no benchmarking and coverage measurement
|
|
Patch4: no-pytest_benchmark.patch
|
|
# PATCH-FIX-OPENSUSE Make-unsafe-subinterpreter-support-available-via-cfg.patch boo#1248987
|
|
Patch5: Make-unsafe-subinterpreter-support-available-via-cfg.patch
|
|
BuildRequires: %{python_module cffi >= 1.12}
|
|
BuildRequires: %{python_module devel}
|
|
BuildRequires: %{python_module exceptiongroup}
|
|
BuildRequires: %{python_module maturin}
|
|
BuildRequires: %{python_module pip}
|
|
BuildRequires: %{python_module setuptools-rust >= 1.7.0}
|
|
BuildRequires: %{python_module setuptools}
|
|
BuildRequires: %{python_module wheel}
|
|
BuildRequires: cargo >= 1.56.0
|
|
BuildRequires: cargo-packaging
|
|
BuildRequires: fdupes
|
|
BuildRequires: libopenssl-3-devel
|
|
BuildRequires: pkgconfig
|
|
BuildRequires: python-rpm-macros
|
|
BuildRequires: rust >= 1.56.0
|
|
BuildRequires: zstd
|
|
BuildRequires: pkgconfig(libffi)
|
|
# python-base is not enough, we need the _ssl module
|
|
Requires: python
|
|
Requires: python-bcrypt
|
|
Requires: python-cffi = %(rpm -q --whatprovides python-cffi --qf "%%{version}")
|
|
%if %{with test}
|
|
BuildRequires: %{python_module bcrypt}
|
|
BuildRequires: %{python_module certifi}
|
|
BuildRequires: %{python_module cryptography >= %{version}}
|
|
BuildRequires: %{python_module cryptography-vectors = %{version}}
|
|
BuildRequires: %{python_module hypothesis >= 1.11.4}
|
|
BuildRequires: %{python_module iso8601}
|
|
BuildRequires: %{python_module pretend}
|
|
BuildRequires: %{python_module pytest > 6.0}
|
|
BuildRequires: %{python_module pytest-benchmark}
|
|
BuildRequires: %{python_module pytest-subtests if %python-pytest < 9}
|
|
BuildRequires: %{python_module pytest-xdist}
|
|
BuildRequires: %{python_module pytz}
|
|
%endif
|
|
%python_subpackages
|
|
|
|
%description
|
|
cryptography includes both high level recipes, and low
|
|
level interfaces to common cryptographic algorithms such as
|
|
symmetric ciphers, message digests and key derivation
|
|
functions.
|
|
|
|
%prep
|
|
%autosetup -a2 -p1 -n cryptography-%{version}
|
|
|
|
%build
|
|
export CARGO_NET_OFFLINE=true
|
|
export CARGO_PROFILE_RELEASE_DEBUG=true
|
|
export CARGO_PROFILE_RELEASE_SPLIT_DEBUGINFO=off
|
|
# https://pyo3.rs/main/building-and-distribution#configuring-the-python-version
|
|
%python_expand export PYO3_PYTHON="%{_bindir}/$python"
|
|
%global _lto_cflags %{nil}
|
|
RUSTFLAGS=%{rustflags}
|
|
export RUSTFLAGS="$RUSTFLAGS --cfg pyo3_unsafe_allow_subinterpreters"
|
|
export CFLAGS="%{optflags} -fno-strict-aliasing"
|
|
%pyproject_wheel
|
|
|
|
%install
|
|
%if !%{with test}
|
|
export RUSTFLAGS=%{rustflags}
|
|
# Actually other *.c and *.h are appropriate
|
|
# see https://github.com/pyca/cryptography/issues/1463
|
|
find . -name .keep -print -delete
|
|
|
|
%pyproject_install
|
|
%python_expand %fdupes %{buildroot}%{$python_sitearch}
|
|
%endif
|
|
|
|
%if %{with test}
|
|
%check
|
|
# won't work for cryptography
|
|
# fails with OverflowError on 32bit platform
|
|
%ifarch %ix86 %arm ppc
|
|
rm -v tests/hazmat/primitives/test_aead.py
|
|
rm -v tests/hazmat/primitives/test_ciphers.py
|
|
# imports test_aead so we need to remove also these
|
|
rm -v tests/wycheproof/test_aes.py
|
|
rm -v tests/wycheproof/test_chacha20poly1305.py
|
|
%endif
|
|
%pytest_arch -n auto --ignore-glob=vendor/*
|
|
%endif
|
|
|
|
%if !%{with test}
|
|
%files %{python_files}
|
|
%license LICENSE LICENSE.APACHE LICENSE.BSD
|
|
%doc CONTRIBUTING.rst CHANGELOG.rst README.rst
|
|
%{python_sitearch}/cryptography
|
|
%{python_sitearch}/cryptography-%{version}.dist-info
|
|
%endif
|
|
|
|
%changelog
|