From 5622a86892e3bd9537bac977385530eb42a6827a980b91500a1e865e89dbf555 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20S=C3=BAkup?= Date: Tue, 28 Jul 2020 17:32:18 +0000 Subject: [PATCH] =?UTF-8?q?-=20update=20to=203.0=20-=20refreshed=20disable?= =?UTF-8?q?-uneven-sizes-tests.patch=20and=20=20skip=5Fopenssl=5Fmemleak?= =?UTF-8?q?=5Ftest.patch=20=20*=20Removed=20support=20for=20passing=20an?= =?UTF-8?q?=20Extension=20instance=20=20=20=20=20to=20from=5Fissuer=5Fsubj?= =?UTF-8?q?ect=5Fkey=5Fidentifier(),=20as=20per=20our=20deprecation=20poli?= =?UTF-8?q?cy.=20=20*=20Support=20for=20LibreSSL=202.7.x,=202.8.x,=20and?= =?UTF-8?q?=202.9.0=20has=20been=20removed=20=20*=20Dropped=20support=20fo?= =?UTF-8?q?r=20macOS=2010.9,=20macOS=20users=20must=20upgrade=20to=2010.10?= =?UTF-8?q?=20or=20newer.=20=20*=20RSA=20generate=5Fprivate=5Fkey()=20no?= =?UTF-8?q?=20longer=20accepts=20public=5Fexponent=20values=20except=20=20?= =?UTF-8?q?=20=20=2065537=20and=203=20(the=20latter=20for=20legacy=20purpo?= =?UTF-8?q?ses).=20=20*=20X.509=20certificate=20parsing=20now=20enforces?= =?UTF-8?q?=20that=20the=20version=20field=20contains=20=20=20=20=20a=20va?= =?UTF-8?q?lid=20value,=20rather=20than=20deferring=20this=20check=20until?= =?UTF-8?q?=20version=20is=20accessed.=20=20*=20Deprecated=20support=20for?= =?UTF-8?q?=20Python=202=20=20*=20Added=20support=20for=20OpenSSH=20serial?= =?UTF-8?q?ization=20format=20for=20ec,=20ed25519,=20rsa=20and=20dsa=20=20?= =?UTF-8?q?=20=20=20private=20keys:=20load=5Fssh=5Fprivate=5Fkey()=20for?= =?UTF-8?q?=20loading=20and=20OpenSSH=20for=20writing.=20=20*=20Added=20su?= =?UTF-8?q?pport=20for=20OpenSSH=20certificates=20to=20load=5Fssh=5Fpublic?= =?UTF-8?q?=5Fkey().=20=20*=20Added=20encrypt=5Fat=5Ftime()=20and=20decryp?= =?UTF-8?q?t=5Fat=5Ftime()=20to=20Fernet.=20=20*=20Added=20support=20for?= =?UTF-8?q?=20the=20SubjectInformationAccess=20X.509=20extension.=20=20*?= =?UTF-8?q?=20Added=20support=20for=20parsing=20SignedCertificateTimestamp?= =?UTF-8?q?s=20in=20OCSP=20responses.=20=20*=20Added=20support=20for=20par?= =?UTF-8?q?sing=20attributes=20in=20certificate=20signing=20requests=20via?= =?UTF-8?q?=20get=5Fattribute=5Ffor=5Foid().=20=20*=20Added=20support=20fo?= =?UTF-8?q?r=20encoding=20attributes=20in=20certificate=20signing=20reques?= =?UTF-8?q?ts=20via=20add=5Fattribute().=20=20*=20On=20OpenSSL=201.1.1d=20?= =?UTF-8?q?and=20higher=20cryptography=20now=20uses=20OpenSSL=E2=80=99s=20?= =?UTF-8?q?built-in=20CSPRNG=20=20=20=20=20instead=20of=20its=20own=20OS?= =?UTF-8?q?=20random=20engine=20because=20these=20versions=20of=20OpenSSL?= =?UTF-8?q?=20properly=20reseed=20on=20fork.=20=20*=20Added=20initial=20su?= =?UTF-8?q?pport=20for=20creating=20PKCS12=20files=20with=20serialize=5Fke?= =?UTF-8?q?y=5Fand=5Fcertificates().?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=122 --- cryptography-2.9.2.tar.gz | 3 --- cryptography-2.9.2.tar.gz.asc | 11 ----------- cryptography-3.0.tar.gz | 3 +++ cryptography-3.0.tar.gz.asc | 11 +++++++++++ disable-uneven-sizes-tests.patch | 18 +++++++++--------- python-cryptography.changes | 26 ++++++++++++++++++++++++++ python-cryptography.spec | 4 ++-- skip_openssl_memleak_test.patch | 16 +++++++++------- 8 files changed, 60 insertions(+), 32 deletions(-) delete mode 100644 cryptography-2.9.2.tar.gz delete mode 100644 cryptography-2.9.2.tar.gz.asc create mode 100644 cryptography-3.0.tar.gz create mode 100644 cryptography-3.0.tar.gz.asc diff --git a/cryptography-2.9.2.tar.gz b/cryptography-2.9.2.tar.gz deleted file mode 100644 index 8135f4d..0000000 --- a/cryptography-2.9.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a0c30272fb4ddda5f5ffc1089d7405b7a71b0b0f51993cb4e5dbb4590b2fc229 -size 517571 diff --git a/cryptography-2.9.2.tar.gz.asc b/cryptography-2.9.2.tar.gz.asc deleted file mode 100644 index df9d34e..0000000 --- a/cryptography-2.9.2.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEyBAABCAAdFiEEBf2foWz3VzUNkaVgI1rl8Sn57ZgFAl6gzhQACgkQI1rl8Sn5 -7Zh0nAf4ggT/Ld981REP/HrVwJKGp6gn9ViqmToHOacI3XeP70Rz+7h4eg/548Bf -F4oH0IAkwV4TRUXtJV/fsi5OmnCD8EktQqxpzUQ9yNfT3thj/X2594GUD5+Tm/O9 -162xy/mFqa8XgIjXB5NaAySrpegMEf6lPpOOf7hI0mHcsQ3b4EYp5/of0dj0MgQV -HgrAKtdpLKWSeFLL19bqXHpBloYOj9kFuQs+2qVYtu0gIzsavGC8kKrvw6ir8i5o -FqNumdvcXYWHjkF/46BICd5ZUNY5YrYGGsK39CBQRFgEkoD+ElVsh9anwoNeUvxu -qilLKGLbD6NteTWcxjnqJJGnO2+7 -=VVJo ------END PGP SIGNATURE----- diff --git a/cryptography-3.0.tar.gz b/cryptography-3.0.tar.gz new file mode 100644 index 0000000..158a2f6 --- /dev/null +++ b/cryptography-3.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8e924dbc025206e97756e8903039662aa58aa9ba357d8e1d8fc29e3092322053 +size 534725 diff --git a/cryptography-3.0.tar.gz.asc b/cryptography-3.0.tar.gz.asc new file mode 100644 index 0000000..d17911b --- /dev/null +++ b/cryptography-3.0.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEBf2foWz3VzUNkaVgI1rl8Sn57ZgFAl8WGscACgkQI1rl8Sn5 +7ZiG/Af/dlShgMX5PLP6G+S9iXdSX9Zu6rlJUeQ8QkoaL268KoBe6Y+LHRwDoblk +8iIwN3KYxNqVqEVrve/nr3ju5YoFWXjrA755W13j5ehLN1Tn+s9Apxe2Ye8OhSNa +MrIdzWAMaEl2DpArr2zBxockEuLqb06Uj29YfYQKcmSKwFvzmJtozw1VscwyQS70 +GJ4MzWnbvIIbwpDlwNDiHkR8OE3JR5aDDuYdX0ADWHxK2ExCKS6kP4gI9pamVt6L +RgmJKHfjrbv/hhgrg64PjXH8WRXMKDXs6j5zGRo6Gvg4gnyISvQF7+1piaIsp9bP +BFyuqnIGeMqhwcC/dtGsq/fxJOHurw== +=mZPL +-----END PGP SIGNATURE----- diff --git a/disable-uneven-sizes-tests.patch b/disable-uneven-sizes-tests.patch index 2a932b1..4b90fa9 100644 --- a/disable-uneven-sizes-tests.patch +++ b/disable-uneven-sizes-tests.patch @@ -1,14 +1,14 @@ -Index: cryptography-1.0/tests/hazmat/primitives/test_rsa.py +Index: cryptography-3.0/tests/hazmat/primitives/test_rsa.py =================================================================== ---- cryptography-1.0.orig/tests/hazmat/primitives/test_rsa.py -+++ cryptography-1.0/tests/hazmat/primitives/test_rsa.py -@@ -91,7 +91,8 @@ class TestRSA(object): +--- cryptography-3.0.orig/tests/hazmat/primitives/test_rsa.py ++++ cryptography-3.0/tests/hazmat/primitives/test_rsa.py +@@ -174,7 +174,8 @@ class TestRSA(object): ("public_exponent", "key_size"), itertools.product( - (3, 5, 65537), -- (1024, 1025, 1026, 1027, 1028, 1029, 1030, 1031, 1536, 2048) -+ #(1024, 1025, 1026, 1027, 1028, 1029, 1030, 1031, 1536, 2048) -+ (1024, 1026, 1028, 1030, 1536, 2048) - ) + (3, 65537), +- (1024, 1025, 1026, 1027, 1028, 1029, 1030, 1031, 1536, 2048), ++ #(1024, 1025, 1026, 1027, 1028, 1029, 1030, 1031, 1536, 2048), ++ (1024, 1026, 1028, 1030, 1536, 2048), + ), ) def test_generate_rsa_keys(self, backend, public_exponent, key_size): diff --git a/python-cryptography.changes b/python-cryptography.changes index ede2f37..17e50e0 100644 --- a/python-cryptography.changes +++ b/python-cryptography.changes @@ -1,3 +1,29 @@ +------------------------------------------------------------------- +Tue Jul 28 17:16:47 UTC 2020 - Ondřej Súkup + +- update to 3.0 +- refreshed disable-uneven-sizes-tests.patch and skip_openssl_memleak_test.patch + * Removed support for passing an Extension instance + to from_issuer_subject_key_identifier(), as per our deprecation policy. + * Support for LibreSSL 2.7.x, 2.8.x, and 2.9.0 has been removed + * Dropped support for macOS 10.9, macOS users must upgrade to 10.10 or newer. + * RSA generate_private_key() no longer accepts public_exponent values except + 65537 and 3 (the latter for legacy purposes). + * X.509 certificate parsing now enforces that the version field contains + a valid value, rather than deferring this check until version is accessed. + * Deprecated support for Python 2 + * Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa + private keys: load_ssh_private_key() for loading and OpenSSH for writing. + * Added support for OpenSSH certificates to load_ssh_public_key(). + * Added encrypt_at_time() and decrypt_at_time() to Fernet. + * Added support for the SubjectInformationAccess X.509 extension. + * Added support for parsing SignedCertificateTimestamps in OCSP responses. + * Added support for parsing attributes in certificate signing requests via get_attribute_for_oid(). + * Added support for encoding attributes in certificate signing requests via add_attribute(). + * On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL’s built-in CSPRNG + instead of its own OS random engine because these versions of OpenSSL properly reseed on fork. + * Added initial support for creating PKCS12 files with serialize_key_and_certificates(). + ------------------------------------------------------------------- Fri May 15 08:44:10 UTC 2020 - Michael Ströder diff --git a/python-cryptography.spec b/python-cryptography.spec index f092976..480b051 100644 --- a/python-cryptography.spec +++ b/python-cryptography.spec @@ -1,7 +1,7 @@ # # spec file for package python-cryptography # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} %bcond_without python2 Name: python-cryptography -Version: 2.9.2 +Version: 3.0 Release: 0 Summary: Python library which exposes cryptographic recipes and primitives License: Apache-2.0 OR BSD-3-Clause diff --git a/skip_openssl_memleak_test.patch b/skip_openssl_memleak_test.patch index b80c87c..96c4d5f 100644 --- a/skip_openssl_memleak_test.patch +++ b/skip_openssl_memleak_test.patch @@ -1,16 +1,18 @@ -diff --git a/tests/hazmat/backends/test_openssl_memleak.py b/tests/hazmat/backends/test_openssl_memleak.py -index 6e92e34..3280c47 100644 ---- a/tests/hazmat/backends/test_openssl_memleak.py -+++ b/tests/hazmat/backends/test_openssl_memleak.py -@@ -118,9 +118,8 @@ def assert_no_memory_leaks(s, argv=[]): +Index: cryptography-3.0/tests/hazmat/backends/test_openssl_memleak.py +=================================================================== +--- cryptography-3.0.orig/tests/hazmat/backends/test_openssl_memleak.py ++++ cryptography-3.0/tests/hazmat/backends/test_openssl_memleak.py +@@ -153,10 +153,9 @@ def assert_no_memory_leaks(s, argv=[]): def skip_if_memtesting_not_supported(): - return pytest.mark.skipif( - not Binding().lib.Cryptography_HAS_MEM_FUNCTIONS, -- reason="Requires OpenSSL memory functions (>=1.1.0)" +- reason="Requires OpenSSL memory functions (>=1.1.0)", +- ) + return pytest.mark.skip( + reason="Our FIPS openssl startup code invokes CRYPTO_malloc() which prevents later debugging via CRYPTO_set_mem_functions()" - ) ++ ) + @pytest.mark.skip_fips(reason="FIPS self-test sets allow_customize = 0")