Accepting request 1243130 from devel:languages:python

- Switch to pyproject macros. - Add typing-extensions to Requires for 3.11 and 3.12. - Update to 25.0.0 * Backward-incompatible changes: - * Deprecations: - * Changes: - Corrected type annotations on Context.set_alpn_select_callback, Context.set_session_cache_mode, Context.set_options, Context.set_mode, X509.subject_name_hash, and X509Store.load_locations. - Deprecated APIs are now marked using warnings.deprecated. mypy will emit deprecation notices for them when used with --enable-error-code deprecated. - Changes from 24.3.0 * Backward-incompatible changes: - Removed the deprecated OpenSSL.crypto.CRL, OpenSSL.crypto.Revoked, OpenSSL.crypto.dump_crl, and OpenSSL.crypto.load_crl. cryptography.x509's CRL functionality should be used instead. - Removed the deprecated OpenSSL.crypto.sign and OpenSSL.crypto.verify. cryptography.hazmat.primitives.asymmetric's signature APIs should be used instead. * Deprecations: - Deprecated OpenSSL.rand - callers should use os.urandom() instead. - Deprecated add_extensions and get_extensions on OpenSSL.crypto.X509Req and OpenSSL.crypto.X509. These should have been deprecated at the same time X509Extension was. Users should use pyca/cryptography's X.509 APIs instead. - Deprecated OpenSSL.crypto.get_elliptic_curves and OpenSSL.crypto.get_elliptic_curve, as well as passing the reult of them to OpenSSL.SSL.Context.set_tmp_ecdh, users should instead pass curves from cryptography. - Deprecated passing X509 objects to OpenSSL.SSL.Context.use_certificate, OpenSSL.SSL.Connection.use_certificate, OpenSSL.SSL.Context.add_extra_chain_cert, and OpenSSL.SSL.Context.add_client_ca, users should instead pass cryptography.x509.Certificate instances. This is in preparation for deprecating pyOpenSSL's X509 entirely. - Deprecated passing PKey objects to OpenSSL.SSL.Context.use_privatekey and OpenSSL.SSL.Connection.use_privatekey, users should instead pass cryptography priate key instances. This is in preparation for deprecating pyOpenSSL's PKey entirely. OBS-URL: https://build.opensuse.org/request/show/1243130 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-pyOpenSSL?expand=0&rev=57
2025-02-06 21:01:55 +00:00 · 2025-02-06 21:01:55 +00:00 · 2563439415
commit 2563439415
parent 3799fc3dc0 497fb68de5
5 changed files with 73 additions and 23 deletions
--- a/pyopenssl-24.2.1.tar.gz
+++ b/pyopenssl-24.2.1.tar.gz
--- a/pyopenssl-25.0.0.tar.gz
+++ b/pyopenssl-25.0.0.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cd2cef799efa3936bb08e8ccb9433a575722b9dd986023f1cabc4ae64e9dac16
+size 179573
--- a/python-pyOpenSSL.changes
+++ b/python-pyOpenSSL.changes
@ -1,3 +1,48 @@
+-------------------------------------------------------------------
+Thu Jan 30 01:28:29 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Switch to pyproject macros.
+- Add typing-extensions to Requires for 3.11 and 3.12.
+
+-------------------------------------------------------------------
+Wed Jan 29 15:05:24 UTC 2025 - ecsos <ecsos@opensuse.org>
+
+- Update to 25.0.0
+  * Backward-incompatible changes: -
+  * Deprecations: -
+  * Changes:
+    - Corrected type annotations on Context.set_alpn_select_callback,
+      Context.set_session_cache_mode, Context.set_options, Context.set_mode,
+      X509.subject_name_hash, and X509Store.load_locations.
+    - Deprecated APIs are now marked using warnings.deprecated. mypy will emit deprecation notices
+      for them when used with --enable-error-code deprecated.
+- Changes from 24.3.0
+  * Backward-incompatible changes:
+    - Removed the deprecated OpenSSL.crypto.CRL, OpenSSL.crypto.Revoked, OpenSSL.crypto.dump_crl,
+      and OpenSSL.crypto.load_crl. cryptography.x509's CRL functionality should be used instead.
+    - Removed the deprecated OpenSSL.crypto.sign and OpenSSL.crypto.verify.
+      cryptography.hazmat.primitives.asymmetric's signature APIs should be used instead.
+  * Deprecations:
+    - Deprecated OpenSSL.rand - callers should use os.urandom() instead.
+    - Deprecated add_extensions and get_extensions on OpenSSL.crypto.X509Req and OpenSSL.crypto.X509.
+      These should have been deprecated at the same time X509Extension was. Users should use pyca/cryptography's X.509 APIs instead.
+    - Deprecated OpenSSL.crypto.get_elliptic_curves and OpenSSL.crypto.get_elliptic_curve,
+      as well as passing the reult of them to OpenSSL.SSL.Context.set_tmp_ecdh,
+      users should instead pass curves from cryptography.
+    - Deprecated passing X509 objects to OpenSSL.SSL.Context.use_certificate, OpenSSL.SSL.Connection.use_certificate,
+      OpenSSL.SSL.Context.add_extra_chain_cert, and OpenSSL.SSL.Context.add_client_ca, users should instead
+      pass cryptography.x509.Certificate instances. This is in preparation for deprecating pyOpenSSL's X509 entirely.
+    - Deprecated passing PKey objects to OpenSSL.SSL.Context.use_privatekey and OpenSSL.SSL.Connection.use_privatekey,
+      users should instead pass cryptography priate key instances. This is in preparation for deprecating pyOpenSSL's PKey entirely.
+  * Changes:
+    - cryptography maximum version has been increased to 44.0.x.
+    - OpenSSL.SSL.Connection.get_certificate, OpenSSL.SSL.Connection.get_peer_certificate,
+      OpenSSL.SSL.Connection.get_peer_cert_chain, and OpenSSL.SSL.Connection.get_verified_chain
+      now take an as_cryptography keyword-argument. When True is passed then
+      cryptography.x509.Certificate are returned, instead of OpenSSL.crypto.X509.
+      In the future, passing False (the default) will be deprecated.
+- Rebase skip-networked-test.patch.
+
 -------------------------------------------------------------------
 Mon Jan 13 22:33:05 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>

--- a/python-pyOpenSSL.spec
+++ b/python-pyOpenSSL.spec
@ -26,7 +26,7 @@
 %endif
 %{?sle15_python_module_pythons}
 Name:           python-pyOpenSSL%{psuffix}
-Version:        24.2.1
+Version:        25.0.0
 Release:        0
 Summary:        Python wrapper module around the OpenSSL library
 License:        Apache-2.0
@ -35,18 +35,23 @@ Source:         https://files.pythonhosted.org/packages/source/p/pyopenssl/pyope
 # PATCH-FIX-UPSTREAM skip-networked-test.patch gh#pyca/pyopenssl#68 mcepl@suse.com
 # Mark tests requiring network access
 Patch0:         skip-networked-test.patch
+BuildRequires:  %{python_module base >= 3.7}
 BuildRequires:  %{python_module cffi}
+BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
 Requires:       python-cffi
-Requires:       (python-cryptography >= 41.0.5 with python-cryptography < 44)
+Requires:       (python-cryptography >= 41.0.5 with python-cryptography < 45)
+%if %{python_version_nodots} < 313
+Requires:       python-typing-extensions >= 4.9
+%endif
 Provides:       pyOpenSSL = %{version}
 Provides:       pyopenssl = %{version}-%release
 %if %{without test}
 BuildArch:      noarch
 %else
-BuildRequires:  %{python_module cryptography >= 41.0.5 with %python-cryptography < 44}
+BuildRequires:  %{python_module cryptography >= 41.0.5 with %python-cryptography < 45}
 BuildRequires:  %{python_module pretend}
 BuildRequires:  %{python_module pyOpenSSL >= %version}
 BuildRequires:  %{python_module pytest >= 3.0.1}
@ -69,19 +74,19 @@ other things) a cffi-based interface to OpenSSL.
 %autosetup -p1 -n pyopenssl-%{version}

 %build
-%python_build
+%pyproject_wheel

 %install
 %if !%{with test}
-%python_install
+%pyproject_install
 %python_expand %fdupes %{buildroot}%{$python_sitelib}
 %endif

 %check
 %if %{with test}
-SKIPPED_TESTS="network"
+SKIPPED_TESTS="(network or test_set_tmp_ecdh)"
 %if %{__isa_bits} == 32
-SKIPPED_TESTS="(network or test_verify_with_time)"
+SKIPPED_TESTS="(network or test_verify_with_time or test_set_tmp_ecdh)"
 %endif
 export LC_ALL=en_US.UTF-8
 %pytest -k "not $SKIPPED_TESTS"
@ -92,7 +97,7 @@ export LC_ALL=en_US.UTF-8
 %license LICENSE
 %doc *.rst
 %{python_sitelib}/OpenSSL/
-%{python_sitelib}/pyOpenSSL-%{version}*-info
+%{python_sitelib}/pyOpenSSL-%{version}.dist-info
 %endif

 %changelog
--- a/skip-networked-test.patch
+++ b/skip-networked-test.patch
@ -1,29 +1,29 @@
-Index: pyOpenSSL-24.1.0/tests/test_ssl.py
+Index: pyopenssl-25.0.0/tests/test_ssl.py
 ===================================================================
--- pyOpenSSL-24.1.0.orig/tests/test_ssl.py
-+++ pyOpenSSL-24.1.0/tests/test_ssl.py
-@@ -1249,6 +1249,7 @@ class TestContext:
+--- pyopenssl-25.0.0.orig/tests/test_ssl.py
+++ pyopenssl-25.0.0/tests/test_ssl.py
+@@ -1303,6 +1303,7 @@ class TestContext:
         reason="set_default_verify_paths appears not to work on Windows.  "
         "See LP#404343 and LP#404344.",
     )
 +    @pytest.mark.network
-     def test_set_default_verify_paths(self):
+     def test_set_default_verify_paths(self) -> None:
         """
         `Context.set_default_verify_paths` causes the platform-specific CA
-Index: pyOpenSSL-24.1.0/setup.cfg
+Index: pyopenssl-25.0.0/setup.cfg
 ===================================================================
--- pyOpenSSL-24.1.0.orig/setup.cfg
-+++ pyOpenSSL-24.1.0/setup.cfg
+--- pyopenssl-25.0.0.orig/setup.cfg
+++ pyopenssl-25.0.0/setup.cfg
@@ -11,4 +11,3 @@ doc_files = doc/_build/html
 [egg_info]
 tag_build = 
 tag_date = 0
 -
-Index: pyOpenSSL-24.1.0/pyproject.toml
+Index: pyopenssl-25.0.0/pyproject.toml
 ===================================================================
--- pyOpenSSL-24.1.0.orig/pyproject.toml
-+++ pyOpenSSL-24.1.0/pyproject.toml
-@@ -42,6 +42,9 @@ ignore_missing_imports = true
+--- pyopenssl-25.0.0.orig/pyproject.toml
+++ pyopenssl-25.0.0/pyproject.toml
+@@ -39,6 +39,9 @@ ignore_missing_imports = true
 [tool.pytest.ini_options]
 addopts = "-r s --strict-markers"
 testpaths = ["tests"]