From 7f457c695e9b5dd7aefb2f98bec0adbcb5fb8f1cef8eee50d5e09e5f48ff611a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mark=C3=A9ta=20Machov=C3=A1?= <mmachova@suse.com>
Date: Fri, 7 May 2021 09:05:53 +0000
Subject: [PATCH] Accepting request 891081 from home:susnux:branches:security

Update to version 0.9.1

OBS-URL: https://build.opensuse.org/request/show/891081
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-fido2?expand=0&rev=19
---
 0001-Don-t-use-enum.auto-Python-2.patch       |  42 +++++++++
 ...tests-on-older-Cryptography-versions.patch |  86 ++++++++++++++++++
 fido2-0.8.1.tar.gz                            |   3 -
 fido2-0.8.1.tar.gz.sig                        | Bin 310 -> 0 bytes
 fido2-0.9.1.tar.gz                            |   3 +
 fido2-0.9.1.tar.gz.sig                        | Bin 0 -> 310 bytes
 python-fido2.changes                          |  21 +++++
 python-fido2.spec                             |  17 ++--
 8 files changed, 163 insertions(+), 9 deletions(-)
 create mode 100644 0001-Don-t-use-enum.auto-Python-2.patch
 create mode 100644 0001-Skip-tests-on-older-Cryptography-versions.patch
 delete mode 100644 fido2-0.8.1.tar.gz
 delete mode 100644 fido2-0.8.1.tar.gz.sig
 create mode 100644 fido2-0.9.1.tar.gz
 create mode 100644 fido2-0.9.1.tar.gz.sig

diff --git a/0001-Don-t-use-enum.auto-Python-2.patch b/0001-Don-t-use-enum.auto-Python-2.patch
new file mode 100644
index 0000000..5cd7c68
--- /dev/null
+++ b/0001-Don-t-use-enum.auto-Python-2.patch
@@ -0,0 +1,42 @@
+From ce19ba598a077dd09d164c2bef05169e01b69eaf Mon Sep 17 00:00:00 2001
+From: Dain Nilsson <dain@yubico.com>
+Date: Tue, 16 Mar 2021 14:59:59 +0100
+Subject: [PATCH] Don't use enum.auto (Python 2).
+
+---
+ fido2/attestation/base.py | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/fido2/attestation/base.py b/fido2/attestation/base.py
+index 6f7d173..e631c48 100644
+--- a/fido2/attestation/base.py
++++ b/fido2/attestation/base.py
+@@ -25,7 +25,7 @@
+ # ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ # POSSIBILITY OF SUCH DAMAGE.
+ 
+-from enum import Enum, auto
++from enum import Enum
+ from cryptography import x509
+ from cryptography.hazmat.backends import default_backend
+ from cryptography.hazmat.primitives.asymmetric import padding, ec, rsa
+@@ -67,11 +67,11 @@ AttestationResult = namedtuple("AttestationResult", ["attestation_type", "trust_
+ 
+ 
+ class AttestationType(Enum):
+-    BASIC = auto()
+-    SELF = auto()
+-    ATT_CA = auto()
+-    ANON_CA = auto()
+-    NONE = auto
++    BASIC = 1
++    SELF = 2
++    ATT_CA = 3
++    ANON_CA = 4
++    NONE = 0
+ 
+ 
+ def catch_builtins(f):
+-- 
+2.26.2
+
diff --git a/0001-Skip-tests-on-older-Cryptography-versions.patch b/0001-Skip-tests-on-older-Cryptography-versions.patch
new file mode 100644
index 0000000..db59494
--- /dev/null
+++ b/0001-Skip-tests-on-older-Cryptography-versions.patch
@@ -0,0 +1,86 @@
+From 2e3224d7a8be8625b05e88c10efdbf57b646107c Mon Sep 17 00:00:00 2001
+From: Dain Nilsson <dain@yubico.com>
+Date: Tue, 16 Feb 2021 08:41:30 +0100
+Subject: [PATCH] Skip tests on older Cryptography versions.
+
+---
+ test/test_cose.py | 25 +++++++++++++------------
+ test/utils.py     |  5 +++++
+ 2 files changed, 18 insertions(+), 12 deletions(-)
+
+diff --git a/test/test_cose.py b/test/test_cose.py
+index 4ce0fd7..4ae0479 100644
+--- a/test/test_cose.py
++++ b/test/test_cose.py
+@@ -30,7 +30,8 @@ from __future__ import absolute_import, unicode_literals
+ 
+ from fido2 import cbor
+ from fido2.cose import CoseKey, ES256, RS256, EdDSA, UnsupportedKey
+-from cryptography.exceptions import UnsupportedAlgorithm
++from cryptography import __version__ as cryptography_version
++from distutils.version import LooseVersion
+ from binascii import a2b_hex
+ 
+ import unittest
+@@ -100,6 +101,9 @@ class TestCoseKey(unittest.TestCase):
+         )
+ 
+     def test_EdDSA_parse_verify(self):
++        if LooseVersion(cryptography_version) < LooseVersion("2.6"):
++            self.skipTest("EdDSA support missing")
++
+         key = CoseKey.parse(cbor.decode(_EdDSA_KEY))
+         self.assertIsInstance(key, EdDSA)
+         self.assertEqual(
+@@ -113,17 +117,14 @@ class TestCoseKey(unittest.TestCase):
+                 ),
+             },
+         )
+-        try:
+-            key.verify(
+-                a2b_hex(
+-                    b"a379a6f6eeafb9a55e378c118034e2751e682fab9f2d30ab13d2125586ce1947010000000500a11a323057d1103784ddff99a354ddd42348c2f00e88d8977b916cabf92268"  # noqa E501
+-                ),
+-                a2b_hex(
+-                    b"e8c927ef1a57c738ff4ba8d6f90e06d837a5219eee47991f96b126b0685d512520c9c2eedebe4b88ff2de2b19cb5f8686efc7c4261e9ed1cb3ac5de50869be0a"  # noqa E501
+-                ),
+-            )
+-        except UnsupportedAlgorithm:
+-            self.skipTest("EdDSA support missing")
++        key.verify(
++            a2b_hex(
++                b"a379a6f6eeafb9a55e378c118034e2751e682fab9f2d30ab13d2125586ce1947010000000500a11a323057d1103784ddff99a354ddd42348c2f00e88d8977b916cabf92268"  # noqa E501
++            ),
++            a2b_hex(
++                b"e8c927ef1a57c738ff4ba8d6f90e06d837a5219eee47991f96b126b0685d512520c9c2eedebe4b88ff2de2b19cb5f8686efc7c4261e9ed1cb3ac5de50869be0a"  # noqa E501
++            ),
++        )
+ 
+     def test_unsupported_key(self):
+         key = CoseKey.parse({1: 4711, 3: 4712, -1: b"123", -2: b"456"})
+diff --git a/test/utils.py b/test/utils.py
+index d649cb2..f50898d 100644
+--- a/test/utils.py
++++ b/test/utils.py
+@@ -1,4 +1,5 @@
+ import six
++import unittest
+ from binascii import a2b_hex
+ 
+ from cryptography.hazmat.backends import default_backend
+@@ -17,8 +18,12 @@ class U2FDevice(object):
+     )
+ 
+     def __init__(self, credential_id, app_id):
++        if not hasattr(serialization.Encoding, "X962"):
++            raise unittest.SkipTest("Requires Cryptography >= 2.5")
++
+         assert isinstance(credential_id, six.binary_type)
+         assert isinstance(app_id, six.binary_type)
++
+         # Note: do not use in production, no garantees is provided this is
+         # cryptographically safe to use.
+         priv_key_params = ConcatKDFHash(
+-- 
+2.26.2
+
diff --git a/fido2-0.8.1.tar.gz b/fido2-0.8.1.tar.gz
deleted file mode 100644
index c50e3db..0000000
--- a/fido2-0.8.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:449068f6876f397c8bb96ebc6a75c81c2692f045126d3f13ece21d409acdf7c3
-size 201198
diff --git a/fido2-0.8.1.tar.gz.sig b/fido2-0.8.1.tar.gz.sig
deleted file mode 100644
index eccfc9218a7d58d0b3de24c353d4e3c596f84afc939e6e8dccca7862b24da377..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 310
zcmV-60m=S}0W$;u0SW*e79j*6?lN13s2j`E<!6}iLuUzZx|Qe!0$tn0nE(n25b#51
z32(ZU=>1{`{TJ~_U3sF}lW!Y!-UeaR5qWptJrCyn5<gvseiT$iC(0=@Em#gMS0|Ii
z9Kc45=j=PW;Ra7by^gU?p)Vou^|e#muE_y6fXo@LlPBf4NYocnwy}PuKmw9BD2rtb
z1LL=&P>a(tL<}=CTd4MX-ZCJ(ZS0D?#c%B&Bi-_Mm5)9&LIwYy{9o<29=}@4XO!2w
zwIWRwvz-v%<HES0(H8Y;6x`A?6KMa>2JHCwZk4Lb1<-J#xU0`}u>G74GU2bMrkW1!
zR97^#WSLGc^z|oWD%#!sURj<tVN>39&FmONY2~I@czN%E;kzW6ns?V22+#&ZZE-og
I_>D_l4}2Px!vFvP

diff --git a/fido2-0.9.1.tar.gz b/fido2-0.9.1.tar.gz
new file mode 100644
index 0000000..51c5ab3
--- /dev/null
+++ b/fido2-0.9.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8680ee25238e2307596eb3900a0f8c0d9cc91189146ed8039544f1a3a69dfe6e
+size 206395
diff --git a/fido2-0.9.1.tar.gz.sig b/fido2-0.9.1.tar.gz.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..343cbdc542a5334160a20ac1cd9535dda6b38c9a1920a21fa14fcd06ce9a9353
GIT binary patch
literal 310
zcmV-60m=S}0W$;u0SW*e79j*6?lN13s2j`E<!6}iLuUzZx|Qe!0$>_weE<px5b#51
z32(ZU=y}x$0F|+!hnk2pm1u344Bxykh#1aQQ>rIN0=JftGyV}i)^QB<u)a_JX`30m
zDGklYFibD|k=BjNMPyW6y->%^HfMf>Ux(LnzCs8=$D~%CGbUA-o@IxSy-<fx3=fhz
zm>KCuQ8v?bHF_=~N&_~#OO*$3(<~_BwUes`;t<>jxK^!I8?5b-pQMf6f>;$Dk@|l`
z@BR6_GR=OPTw{yJ3w#WljQ%0(5W$^cA6Ae2yDoAw*rD$HS9~RzYC4xs9ZMM>kpH8m
zZRI~K1;-m_(nzjA!FFQ87p@mWjhVsv%+E;;&4A!O@7><k1Guh8vhhPNqdeJS<s7{*
IF6sD@aUHFYO#lD@

literal 0
HcmV?d00001

diff --git a/python-fido2.changes b/python-fido2.changes
index 6965b1f..44fd115 100644
--- a/python-fido2.changes
+++ b/python-fido2.changes
@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Thu May  6 14:23:34 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
+
+- Update to version 0.9.1
+  * Add new CTAP error codes and improve handling of unknown codes.
+  * Client: API changes to better support extensions.
+  * Client.make_credential now returns a AuthenticatorAttestationResponse,
+    which holds the AttestationObject and ClientData, as well as any
+    client extension results for the credential.
+  * Client.get_assertion now returns an AssertionSelection object,
+    which is used to select between multiple assertions
+  * Renames: The CTAP1 and CTAP2 classes have been renamed to
+    Ctap1 and Ctap2, respectively.
+  * ClientPin: The ClientPin API has been restructured to support
+    multiple PIN protocols, UV tokens, and token permissions.
+  * CTAP 2.1 PRE: Several new features have been added for CTAP 2.1
+  * HID: The platform specific HID code has been revamped
+- Add 0001-Don-t-use-enum.auto-Python-2.patch from upstream
+- Add 0001-Skip-tests-on-older-Cryptography-versions.patch from
+  upstream
+
 -------------------------------------------------------------------
 Mon Apr 20 12:42:34 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
 
diff --git a/python-fido2.spec b/python-fido2.spec
index b2abe3c..4d84d1a 100644
--- a/python-fido2.spec
+++ b/python-fido2.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package python-fido2
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,14 +19,18 @@
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 %bcond_without python2
 Name:           python-fido2
-Version:        0.8.1
+Version:        0.9.1
 Release:        0
 Summary:        Python-based FIDO 2.0 library
 License:        BSD-2-Clause AND BSD-3-Clause AND Apache-2.0 AND MPL-2.0
 Group:          Development/Languages/Python
 URL:            https://github.com/Yubico/python-fido2
-Source0:        https://github.com/Yubico/python-fido2/releases/download/%{version}/fido2-%{version}.tar.gz
-Source1:        https://github.com/Yubico/python-fido2/releases/download/%{version}/fido2-%{version}.tar.gz.sig
+Source0:        %{URL}/releases/download/%{version}/fido2-%{version}.tar.gz
+Source1:        %{URL}/releases/download/%{version}/fido2-%{version}.tar.gz.sig
+# PATCH-FIX-UPSTREAM 0001-Don-t-use-enum.auto-Python-2.patch -- https://github.com/Yubico/python-fido2/commit/ce19ba598a077dd09d164c2bef05169e01b69eaf
+Patch0:         0001-Don-t-use-enum.auto-Python-2.patch
+# PATCH-FIX-UPSTREAM 0001-Skip-tests-on-older-Cryptography-versions.patch -- https://github.com/Yubico/python-fido2/commit/2e3224d7a8be8625b05e88c10efdbf57b646107c
+Patch1:         0001-Skip-tests-on-older-Cryptography-versions.patch
 BuildRequires:  %{python_module cryptography >= 1.5}
 BuildRequires:  %{python_module mock >= 1.0.1}
 BuildRequires:  %{python_module pyfakefs >= 3.4}
@@ -52,7 +56,7 @@ In addition to this low-level device access, classes defined in the fido2.client
 implement higher level device operations.
 
 %prep
-%setup -q -n fido2-%{version}
+%autosetup -p1 -n fido2-%{version}
 
 %build
 %python_build
@@ -62,7 +66,8 @@ implement higher level device operations.
 %python_expand %fdupes %{buildroot}%{$python_sitelib}
 
 %check
-%python_exec setup.py test
+# %%pyunittest
+%python_expand $python -m unittest
 
 %files %{python_files}
 %doc NEWS* README*