diff --git a/_service b/_service index 28fd155..97a96c3 100644 --- a/_service +++ b/_service @@ -1,7 +1,7 @@ - cryptography-41.0.1/src/rust + cryptography-41.0.2/src/rust zst diff --git a/cryptography-41.0.1.tar.gz b/cryptography-41.0.1.tar.gz deleted file mode 100644 index 633feec..0000000 --- a/cryptography-41.0.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d34579085401d3f49762d2f7d6634d6b6c2ae1242202e860f4d26b046e3a1006 -size 629124 diff --git a/cryptography-41.0.2.tar.gz b/cryptography-41.0.2.tar.gz new file mode 100644 index 0000000..c0060e1 --- /dev/null +++ b/cryptography-41.0.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7d230bf856164de164ecb615ccc14c7fc6de6906ddd5b491f3af90d3514c925c +size 630080 diff --git a/no-pytest_benchmark.patch b/no-pytest_benchmark.patch new file mode 100644 index 0000000..a3fc3c7 --- /dev/null +++ b/no-pytest_benchmark.patch @@ -0,0 +1,273 @@ +--- + pyproject.toml | 31 ------------------------- + src/cryptography.egg-info/requires.txt | 2 - + tests/bench/test_aead.py | 40 ++++++++++++++++----------------- + tests/bench/test_ec_load.py | 8 +++--- + tests/bench/test_hashes.py | 4 +-- + tests/bench/test_hmac.py | 4 +-- + tests/bench/test_x509.py | 16 ++++++------- + 7 files changed, 37 insertions(+), 68 deletions(-) + +--- a/pyproject.toml ++++ b/pyproject.toml +@@ -69,8 +69,6 @@ ssh = ["bcrypt >=3.1.5"] + nox = ["nox"] + test = [ + "pytest >=6.2.0", +- "pytest-benchmark", +- "pytest-cov", + "pytest-xdist", + "pretend", + ] +@@ -85,7 +83,7 @@ line-length = 79 + target-version = ["py37"] + + [tool.pytest.ini_options] +-addopts = "-r s --capture=no --strict-markers --benchmark-disable" ++addopts = "-r s --capture=no --strict-markers" + console_output_style = "progress-even-when-capture-no" + markers = [ + "skip_fips: this test is not executed in FIPS mode", +@@ -107,33 +105,6 @@ module = [ + ] + ignore_missing_imports = true + +-[tool.coverage.run] +-branch = true +-relative_files = true +-source = [ +- "cryptography", +- "tests/", +-] +- +-[tool.coverage.paths] +-source = [ +- "src/cryptography", +- "*.nox/*/lib*/python*/site-packages/cryptography", +- "*.nox\\*\\Lib\\site-packages\\cryptography", +- "*.nox/pypy/site-packages/cryptography", +-] +-tests =[ +- "tests/", +- "*tests\\", +-] +- +-[tool.coverage.report] +-exclude_lines = [ +- "@abc.abstractmethod", +- "@typing.overload", +- "if typing.TYPE_CHECKING", +-] +- + [tool.ruff] + # UP006: Minimum Python 3.9 + # UP007, UP038: Minimum Python 3.10 +--- a/src/cryptography.egg-info/requires.txt ++++ b/src/cryptography.egg-info/requires.txt +@@ -26,8 +26,6 @@ bcrypt>=3.1.5 + + [test] + pytest>=6.2.0 +-pytest-benchmark +-pytest-cov + pytest-xdist + pretend + +--- a/tests/bench/test_aead.py ++++ b/tests/bench/test_aead.py +@@ -19,84 +19,84 @@ from ..hazmat.primitives.test_aead impor + not _aead_supported(ChaCha20Poly1305), + reason="Requires OpenSSL with ChaCha20Poly1305 support", + ) +-def test_chacha20poly1305_encrypt(benchmark): ++def test_chacha20poly1305_encrypt(): + chacha = ChaCha20Poly1305(b"\x00" * 32) +- benchmark(chacha.encrypt, b"\x00" * 12, b"hello world plaintext", b"") ++ chacha.encrypt(b"\x00" * 12, b"hello world plaintext", b"") + + + @pytest.mark.skipif( + not _aead_supported(ChaCha20Poly1305), + reason="Requires OpenSSL with ChaCha20Poly1305 support", + ) +-def test_chacha20poly1305_decrypt(benchmark): ++def test_chacha20poly1305_decrypt(): + chacha = ChaCha20Poly1305(b"\x00" * 32) + ct = chacha.encrypt(b"\x00" * 12, b"hello world plaintext", b"") +- benchmark(chacha.decrypt, b"\x00" * 12, ct, b"") ++ chacha.decrypt(b"\x00" * 12, ct, b"") + + +-def test_aesgcm_encrypt(benchmark): ++def test_aesgcm_encrypt(): + aes = AESGCM(b"\x00" * 32) +- benchmark(aes.encrypt, b"\x00" * 12, b"hello world plaintext", None) ++ aes.encrypt(b"\x00" * 12, b"hello world plaintext", None) + + +-def test_aesgcm_decrypt(benchmark): ++def test_aesgcm_decrypt(): + aes = AESGCM(b"\x00" * 32) + ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None) +- benchmark(aes.decrypt, b"\x00" * 12, ct, None) ++ aes.decrypt(b"\x00" * 12, ct, None) + + + @pytest.mark.skipif( + not _aead_supported(AESSIV), + reason="Requires OpenSSL with AES-SIV support", + ) +-def test_aessiv_encrypt(benchmark): ++def test_aessiv_encrypt(): + aes = AESSIV(b"\x00" * 32) +- benchmark(aes.encrypt, b"hello world plaintext", None) ++ aes.encrypt(b"hello world plaintext", None) + + + @pytest.mark.skipif( + not _aead_supported(AESSIV), + reason="Requires OpenSSL with AES-SIV support", + ) +-def test_aessiv_decrypt(benchmark): ++def test_aessiv_decrypt(): + aes = AESSIV(b"\x00" * 32) + ct = aes.encrypt(b"hello world plaintext", None) +- benchmark(aes.decrypt, ct, None) ++ aes.decrypt(ct, None) + + + @pytest.mark.skipif( + not _aead_supported(AESOCB3), + reason="Requires OpenSSL with AES-OCB3 support", + ) +-def test_aesocb3_encrypt(benchmark): ++def test_aesocb3_encrypt(): + aes = AESOCB3(b"\x00" * 32) +- benchmark(aes.encrypt, b"\x00" * 12, b"hello world plaintext", None) ++ aes.encrypt(b"\x00" * 12, b"hello world plaintext", None) + + + @pytest.mark.skipif( + not _aead_supported(AESOCB3), + reason="Requires OpenSSL with AES-OCB3 support", + ) +-def test_aesocb3_decrypt(benchmark): ++def test_aesocb3_decrypt(): + aes = AESOCB3(b"\x00" * 32) + ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None) +- benchmark(aes.decrypt, b"\x00" * 12, ct, None) ++ aes.decrypt(b"\x00" * 12, ct, None) + + + @pytest.mark.skipif( + not _aead_supported(AESCCM), + reason="Requires OpenSSL with AES-CCM support", + ) +-def test_aesccm_encrypt(benchmark): ++def test_aesccm_encrypt(): + aes = AESCCM(b"\x00" * 32) +- benchmark(aes.encrypt, b"\x00" * 12, b"hello world plaintext", None) ++ aes.encrypt(b"\x00" * 12, b"hello world plaintext", None) + + + @pytest.mark.skipif( + not _aead_supported(AESCCM), + reason="Requires OpenSSL with AES-CCM support", + ) +-def test_aesccm_decrypt(benchmark): ++def test_aesccm_decrypt(): + aes = AESCCM(b"\x00" * 32) + ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None) +- benchmark(aes.decrypt, b"\x00" * 12, ct, None) ++ aes.decrypt(b"\x00" * 12, ct, None) +--- a/tests/bench/test_ec_load.py ++++ b/tests/bench/test_ec_load.py +@@ -5,9 +5,9 @@ + from ..hazmat.primitives.fixtures_ec import EC_KEY_SECP256R1 + + +-def test_load_ec_public_numbers(benchmark): +- benchmark(EC_KEY_SECP256R1.public_numbers.public_key) ++def test_load_ec_public_numbers(): ++ EC_KEY_SECP256R1.public_numbers.public_key() + + +-def test_load_ec_private_numbers(benchmark): +- benchmark(EC_KEY_SECP256R1.private_key) ++def test_load_ec_private_numbers(): ++ EC_KEY_SECP256R1.private_key() +--- a/tests/bench/test_hashes.py ++++ b/tests/bench/test_hashes.py +@@ -5,10 +5,10 @@ + from cryptography.hazmat.primitives import hashes + + +-def test_sha256(benchmark): ++def test_sha256(): + def bench(): + h = hashes.Hash(hashes.SHA256()) + h.update(b"I love hashing. So much. The best.") + return h.finalize() + +- benchmark(bench) ++ bench() +--- a/tests/bench/test_hmac.py ++++ b/tests/bench/test_hmac.py +@@ -5,10 +5,10 @@ + from cryptography.hazmat.primitives import hashes, hmac + + +-def test_hmac_sha256(benchmark): ++def test_hmac_sha256(): + def bench(): + h = hmac.HMAC(b"my extremely secure key", hashes.SHA256()) + h.update(b"I love hashing. So much. The best.") + return h.finalize() + +- benchmark(bench) ++ bench() +--- a/tests/bench/test_x509.py ++++ b/tests/bench/test_x509.py +@@ -9,34 +9,34 @@ from cryptography import x509 + from ..utils import load_vectors_from_file + + +-def test_object_identier_constructor(benchmark): +- benchmark(x509.ObjectIdentifier, "1.3.6.1.4.1.11129.2.4.5") ++def test_object_identier_constructor(): ++ x509.ObjectIdentifier("1.3.6.1.4.1.11129.2.4.5") + + +-def test_aki_public_bytes(benchmark): ++def test_aki_public_bytes(): + aki = x509.AuthorityKeyIdentifier( + key_identifier=b"\x00" * 16, + authority_cert_issuer=None, + authority_cert_serial_number=None, + ) +- benchmark(aki.public_bytes) ++ aki.public_bytes() + + +-def test_load_der_certificate(benchmark): ++def test_load_der_certificate(): + cert_bytes = load_vectors_from_file( + os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"), + loader=lambda pemfile: pemfile.read(), + mode="rb", + ) + +- benchmark(x509.load_der_x509_certificate, cert_bytes) ++ x509.load_der_x509_certificate(cert_bytes) + + +-def test_load_pem_certificate(benchmark): ++def test_load_pem_certificate(): + cert_bytes = load_vectors_from_file( + os.path.join("x509", "cryptography.io.pem"), + loader=lambda pemfile: pemfile.read(), + mode="rb", + ) + +- benchmark(x509.load_pem_x509_certificate, cert_bytes) ++ x509.load_pem_x509_certificate(cert_bytes) diff --git a/python-cryptography.changes b/python-cryptography.changes index 79156f3..159e977 100644 --- a/python-cryptography.changes +++ b/python-cryptography.changes @@ -1,3 +1,27 @@ +------------------------------------------------------------------- +Tue Jul 11 13:44:14 UTC 2023 - Dirk Müller + +- update to 41.0.2: + * Fixed bugs in creating and parsing SSH certificates where + critical options with values were handled incorrectly. + Certificates are now created correctly and parsing accepts + correct values as well as the previously generated + invalid forms with a warning. In the next release, support + for parsing these invalid forms will be removed. + +------------------------------------------------------------------- +Tue Jul 11 11:44:23 UTC 2023 - Johannes Kastl + +- remove patch remove_python_3_6_deprecation_warning.patch as the + warning was already removed upstream + +------------------------------------------------------------------- +Mon Jul 10 22:52:18 UTC 2023 - Matej Cepl + +- Add no-pytest_benchmark.patch, which remove dependency on + pytest-benchmark and coveralls (We don't need no benchmarking + and coverage measurement; bsc#1213005). + ------------------------------------------------------------------- Mon Jun 19 20:41:45 UTC 2023 - Dirk Müller diff --git a/python-cryptography.spec b/python-cryptography.spec index e034e88..ef3c0ab 100644 --- a/python-cryptography.spec +++ b/python-cryptography.spec @@ -27,7 +27,7 @@ %endif %{?sle15_python_module_pythons} Name: python-cryptography%{psuffix} -Version: 41.0.1 +Version: 41.0.2 Release: 0 Summary: Python library which exposes cryptographic recipes and primitives License: Apache-2.0 OR BSD-3-Clause @@ -40,9 +40,9 @@ Source2: vendor.tar.zst Source3: cargo_config Source4: python-cryptography.keyring Patch2: skip_openssl_memleak_test.patch -%if 0%{?sle_version} && 0%{?sle_version} <= 150400 -Patch3: remove_python_3_6_deprecation_warning.patch -%endif +# PATCH-FEATURE-OPENSUSE no-pytest_benchmark.patch mcepl@suse.com +# We don't need no benchmarking and coverage measurement +Patch4: no-pytest_benchmark.patch BuildRequires: %{python_module cffi >= 1.12} BuildRequires: %{python_module devel} BuildRequires: %{python_module exceptiongroup} @@ -66,7 +66,6 @@ BuildRequires: %{python_module hypothesis >= 1.11.4} BuildRequires: %{python_module iso8601} BuildRequires: %{python_module pretend} BuildRequires: %{python_module pytest > 6.0} -BuildRequires: %{python_module pytest-benchmark} BuildRequires: %{python_module pytest-subtests} BuildRequires: %{python_module pytest-xdist} BuildRequires: %{python_module pytz} diff --git a/remove_python_3_6_deprecation_warning.patch b/remove_python_3_6_deprecation_warning.patch deleted file mode 100644 index 6cfc7a9..0000000 --- a/remove_python_3_6_deprecation_warning.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 0848826019cdcf3cf783095cb26b3fb394ae6d92 Mon Sep 17 00:00:00 2001 -From: Johannes Kastl -Date: Thu, 12 Jan 2023 11:12:53 +0100 -Subject: [PATCH] remove python3.6 deprecation warning - -Signed-off-by: Johannes Kastl ---- - src/cryptography/__init__.py | 9 --------- - 1 file changed, 9 deletions(-) - -diff --git a/src/cryptography/__init__.py b/src/cryptography/__init__.py -index 7f8a25c6e..91b624bf0 100644 ---- a/src/cryptography/__init__.py -+++ b/src/cryptography/__init__.py -@@ -13,12 +13,3 @@ __all__ = [ - "__author__", - "__copyright__", - ] -- --if sys.version_info[:2] == (3, 6): -- warnings.warn( -- "Python 3.6 is no longer supported by the Python core team. " -- "Therefore, support for it is deprecated in cryptography. The next " -- "release of cryptography will remove support for Python 3.6.", -- CryptographyDeprecationWarning, -- stacklevel=2, -- ) --- -2.40.0 - diff --git a/skip_openssl_memleak_test.patch b/skip_openssl_memleak_test.patch index 5e642da..101f065 100644 --- a/skip_openssl_memleak_test.patch +++ b/skip_openssl_memleak_test.patch @@ -1,12 +1,10 @@ --- - tests/hazmat/backends/test_openssl_memleak.py | 7 +++---- - 1 file changed, 3 insertions(+), 4 deletions(-) + tests/hazmat/backends/test_openssl_memleak.py | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) -Index: cryptography-40.0.1/tests/hazmat/backends/test_openssl_memleak.py -=================================================================== ---- cryptography-40.0.1.orig/tests/hazmat/backends/test_openssl_memleak.py -+++ cryptography-40.0.1/tests/hazmat/backends/test_openssl_memleak.py -@@ -204,12 +204,10 @@ def assert_no_memory_leaks(s, argv=[]): +--- a/tests/hazmat/backends/test_openssl_memleak.py ++++ b/tests/hazmat/backends/test_openssl_memleak.py +@@ -203,12 +203,10 @@ def assert_no_memory_leaks(s, argv=[]): def skip_if_memtesting_not_supported(): @@ -19,7 +17,7 @@ Index: cryptography-40.0.1/tests/hazmat/backends/test_openssl_memleak.py + return pytest.mark.skip( + reason="Our FIPS openssl startup code invokes CRYPTO_malloc() which prevents later debugging via CRYPTO_set_mem_functions()" + ) -+ ++ @pytest.mark.skip_fips(reason="FIPS self-test sets allow_customize = 0") @skip_if_memtesting_not_supported() diff --git a/vendor.tar.zst b/vendor.tar.zst index fb9f6c1..6bfefe0 100644 --- a/vendor.tar.zst +++ b/vendor.tar.zst @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:db2566256b8e495a97af1192916c64e758d5f1a52ed3870ac36701193f56ce9e -size 6149053 +oid sha256:f9203263f072cf9d91d7eb424cdc451a7650679edeeb0ab7f3457bf71c9312c2 +size 6108785