diff --git a/pyopenssl-24.2.1.tar.gz b/pyopenssl-24.2.1.tar.gz
deleted file mode 100644
index e34e812..0000000
--- a/pyopenssl-24.2.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4247f0dbe3748d560dcbb2ff3ea01af0f9a1a001ef5f7c4c647956ed8cbf0e95
-size 184323
diff --git a/pyopenssl-25.0.0.tar.gz b/pyopenssl-25.0.0.tar.gz
new file mode 100644
index 0000000..251ef46
--- /dev/null
+++ b/pyopenssl-25.0.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cd2cef799efa3936bb08e8ccb9433a575722b9dd986023f1cabc4ae64e9dac16
+size 179573
diff --git a/python-pyOpenSSL.changes b/python-pyOpenSSL.changes
index d7e6559..5f8ab0d 100644
--- a/python-pyOpenSSL.changes
+++ b/python-pyOpenSSL.changes
@@ -1,3 +1,48 @@
+-------------------------------------------------------------------
+Thu Jan 30 01:28:29 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Switch to pyproject macros.
+- Add typing-extensions to Requires for 3.11 and 3.12.
+
+-------------------------------------------------------------------
+Wed Jan 29 15:05:24 UTC 2025 - ecsos <ecsos@opensuse.org>
+
+- Update to 25.0.0
+  * Backward-incompatible changes: -
+  * Deprecations: -
+  * Changes:
+    - Corrected type annotations on Context.set_alpn_select_callback,
+      Context.set_session_cache_mode, Context.set_options, Context.set_mode,
+      X509.subject_name_hash, and X509Store.load_locations.
+    - Deprecated APIs are now marked using warnings.deprecated. mypy will emit deprecation notices
+      for them when used with --enable-error-code deprecated.
+- Changes from 24.3.0
+  * Backward-incompatible changes:
+    - Removed the deprecated OpenSSL.crypto.CRL, OpenSSL.crypto.Revoked, OpenSSL.crypto.dump_crl,
+      and OpenSSL.crypto.load_crl. cryptography.x509's CRL functionality should be used instead.
+    - Removed the deprecated OpenSSL.crypto.sign and OpenSSL.crypto.verify.
+      cryptography.hazmat.primitives.asymmetric's signature APIs should be used instead.
+  * Deprecations:
+    - Deprecated OpenSSL.rand - callers should use os.urandom() instead.
+    - Deprecated add_extensions and get_extensions on OpenSSL.crypto.X509Req and OpenSSL.crypto.X509.
+      These should have been deprecated at the same time X509Extension was. Users should use pyca/cryptography's X.509 APIs instead.
+    - Deprecated OpenSSL.crypto.get_elliptic_curves and OpenSSL.crypto.get_elliptic_curve,
+      as well as passing the reult of them to OpenSSL.SSL.Context.set_tmp_ecdh,
+      users should instead pass curves from cryptography.
+    - Deprecated passing X509 objects to OpenSSL.SSL.Context.use_certificate, OpenSSL.SSL.Connection.use_certificate,
+      OpenSSL.SSL.Context.add_extra_chain_cert, and OpenSSL.SSL.Context.add_client_ca, users should instead
+      pass cryptography.x509.Certificate instances. This is in preparation for deprecating pyOpenSSL's X509 entirely.
+    - Deprecated passing PKey objects to OpenSSL.SSL.Context.use_privatekey and OpenSSL.SSL.Connection.use_privatekey,
+      users should instead pass cryptography priate key instances. This is in preparation for deprecating pyOpenSSL's PKey entirely.
+  * Changes:
+    - cryptography maximum version has been increased to 44.0.x.
+    - OpenSSL.SSL.Connection.get_certificate, OpenSSL.SSL.Connection.get_peer_certificate,
+      OpenSSL.SSL.Connection.get_peer_cert_chain, and OpenSSL.SSL.Connection.get_verified_chain
+      now take an as_cryptography keyword-argument. When True is passed then
+      cryptography.x509.Certificate are returned, instead of OpenSSL.crypto.X509.
+      In the future, passing False (the default) will be deprecated.
+- Rebase skip-networked-test.patch.
+
 -------------------------------------------------------------------
 Mon Jan 13 22:33:05 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
 
diff --git a/python-pyOpenSSL.spec b/python-pyOpenSSL.spec
index 8a3cfaf..9789307 100644
--- a/python-pyOpenSSL.spec
+++ b/python-pyOpenSSL.spec
@@ -26,7 +26,7 @@
 %endif
 %{?sle15_python_module_pythons}
 Name:           python-pyOpenSSL%{psuffix}
-Version:        24.2.1
+Version:        25.0.0
 Release:        0
 Summary:        Python wrapper module around the OpenSSL library
 License:        Apache-2.0
@@ -35,18 +35,23 @@ Source:         https://files.pythonhosted.org/packages/source/p/pyopenssl/pyope
 # PATCH-FIX-UPSTREAM skip-networked-test.patch gh#pyca/pyopenssl#68 mcepl@suse.com
 # Mark tests requiring network access
 Patch0:         skip-networked-test.patch
+BuildRequires:  %{python_module base >= 3.7}
 BuildRequires:  %{python_module cffi}
+BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
 Requires:       python-cffi
-Requires:       (python-cryptography >= 41.0.5 with python-cryptography < 44)
+Requires:       (python-cryptography >= 41.0.5 with python-cryptography < 45)
+%if %{python_version_nodots} < 313
+Requires:       python-typing-extensions >= 4.9
+%endif
 Provides:       pyOpenSSL = %{version}
 Provides:       pyopenssl = %{version}-%release
 %if %{without test}
 BuildArch:      noarch
 %else
-BuildRequires:  %{python_module cryptography >= 41.0.5 with %python-cryptography < 44}
+BuildRequires:  %{python_module cryptography >= 41.0.5 with %python-cryptography < 45}
 BuildRequires:  %{python_module pretend}
 BuildRequires:  %{python_module pyOpenSSL >= %version}
 BuildRequires:  %{python_module pytest >= 3.0.1}
@@ -69,19 +74,19 @@ other things) a cffi-based interface to OpenSSL.
 %autosetup -p1 -n pyopenssl-%{version}
 
 %build
-%python_build
+%pyproject_wheel
 
 %install
 %if !%{with test}
-%python_install
+%pyproject_install
 %python_expand %fdupes %{buildroot}%{$python_sitelib}
 %endif
 
 %check
 %if %{with test}
-SKIPPED_TESTS="network"
+SKIPPED_TESTS="(network or test_set_tmp_ecdh)"
 %if %{__isa_bits} == 32
-SKIPPED_TESTS="(network or test_verify_with_time)"
+SKIPPED_TESTS="(network or test_verify_with_time or test_set_tmp_ecdh)"
 %endif
 export LC_ALL=en_US.UTF-8
 %pytest -k "not $SKIPPED_TESTS"
@@ -92,7 +97,7 @@ export LC_ALL=en_US.UTF-8
 %license LICENSE
 %doc *.rst
 %{python_sitelib}/OpenSSL/
-%{python_sitelib}/pyOpenSSL-%{version}*-info
+%{python_sitelib}/pyOpenSSL-%{version}.dist-info
 %endif
 
 %changelog
diff --git a/skip-networked-test.patch b/skip-networked-test.patch
index a491498..8f2db65 100644
--- a/skip-networked-test.patch
+++ b/skip-networked-test.patch
@@ -1,29 +1,29 @@
-Index: pyOpenSSL-24.1.0/tests/test_ssl.py
+Index: pyopenssl-25.0.0/tests/test_ssl.py
 ===================================================================
---- pyOpenSSL-24.1.0.orig/tests/test_ssl.py
-+++ pyOpenSSL-24.1.0/tests/test_ssl.py
-@@ -1249,6 +1249,7 @@ class TestContext:
+--- pyopenssl-25.0.0.orig/tests/test_ssl.py
++++ pyopenssl-25.0.0/tests/test_ssl.py
+@@ -1303,6 +1303,7 @@ class TestContext:
          reason="set_default_verify_paths appears not to work on Windows.  "
          "See LP#404343 and LP#404344.",
      )
 +    @pytest.mark.network
-     def test_set_default_verify_paths(self):
+     def test_set_default_verify_paths(self) -> None:
          """
          `Context.set_default_verify_paths` causes the platform-specific CA
-Index: pyOpenSSL-24.1.0/setup.cfg
+Index: pyopenssl-25.0.0/setup.cfg
 ===================================================================
---- pyOpenSSL-24.1.0.orig/setup.cfg
-+++ pyOpenSSL-24.1.0/setup.cfg
+--- pyopenssl-25.0.0.orig/setup.cfg
++++ pyopenssl-25.0.0/setup.cfg
 @@ -11,4 +11,3 @@ doc_files = doc/_build/html
  [egg_info]
  tag_build = 
  tag_date = 0
 -
-Index: pyOpenSSL-24.1.0/pyproject.toml
+Index: pyopenssl-25.0.0/pyproject.toml
 ===================================================================
---- pyOpenSSL-24.1.0.orig/pyproject.toml
-+++ pyOpenSSL-24.1.0/pyproject.toml
-@@ -42,6 +42,9 @@ ignore_missing_imports = true
+--- pyopenssl-25.0.0.orig/pyproject.toml
++++ pyopenssl-25.0.0/pyproject.toml
+@@ -39,6 +39,9 @@ ignore_missing_imports = true
  [tool.pytest.ini_options]
  addopts = "-r s --strict-markers"
  testpaths = ["tests"]