From 9a5eb8ae606c0d2f3a170a8af4298b15d96481da6eac54bd1fce3cc9628ad858 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 11 Jul 2023 05:55:34 +0000 Subject: [PATCH 1/3] Accepting request 1098044 from home:mcepl:branches:devel:languages:python - Add no-pytest_benchmark.patch, which remove dependency on pytest-benchmark and coveralls (We don't need no benchmarking and coverage measurement; bsc#1213005). OBS-URL: https://build.opensuse.org/request/show/1098044 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=188 --- no-pytest_benchmark.patch | 273 ++++++++++++++++++++++++++++++++ python-cryptography.changes | 7 + python-cryptography.spec | 10 +- skip_openssl_memleak_test.patch | 14 +- 4 files changed, 292 insertions(+), 12 deletions(-) create mode 100644 no-pytest_benchmark.patch diff --git a/no-pytest_benchmark.patch b/no-pytest_benchmark.patch new file mode 100644 index 0000000..a3fc3c7 --- /dev/null +++ b/no-pytest_benchmark.patch @@ -0,0 +1,273 @@ +--- + pyproject.toml | 31 ------------------------- + src/cryptography.egg-info/requires.txt | 2 - + tests/bench/test_aead.py | 40 ++++++++++++++++----------------- + tests/bench/test_ec_load.py | 8 +++--- + tests/bench/test_hashes.py | 4 +-- + tests/bench/test_hmac.py | 4 +-- + tests/bench/test_x509.py | 16 ++++++------- + 7 files changed, 37 insertions(+), 68 deletions(-) + +--- a/pyproject.toml ++++ b/pyproject.toml +@@ -69,8 +69,6 @@ ssh = ["bcrypt >=3.1.5"] + nox = ["nox"] + test = [ + "pytest >=6.2.0", +- "pytest-benchmark", +- "pytest-cov", + "pytest-xdist", + "pretend", + ] +@@ -85,7 +83,7 @@ line-length = 79 + target-version = ["py37"] + + [tool.pytest.ini_options] +-addopts = "-r s --capture=no --strict-markers --benchmark-disable" ++addopts = "-r s --capture=no --strict-markers" + console_output_style = "progress-even-when-capture-no" + markers = [ + "skip_fips: this test is not executed in FIPS mode", +@@ -107,33 +105,6 @@ module = [ + ] + ignore_missing_imports = true + +-[tool.coverage.run] +-branch = true +-relative_files = true +-source = [ +- "cryptography", +- "tests/", +-] +- +-[tool.coverage.paths] +-source = [ +- "src/cryptography", +- "*.nox/*/lib*/python*/site-packages/cryptography", +- "*.nox\\*\\Lib\\site-packages\\cryptography", +- "*.nox/pypy/site-packages/cryptography", +-] +-tests =[ +- "tests/", +- "*tests\\", +-] +- +-[tool.coverage.report] +-exclude_lines = [ +- "@abc.abstractmethod", +- "@typing.overload", +- "if typing.TYPE_CHECKING", +-] +- + [tool.ruff] + # UP006: Minimum Python 3.9 + # UP007, UP038: Minimum Python 3.10 +--- a/src/cryptography.egg-info/requires.txt ++++ b/src/cryptography.egg-info/requires.txt +@@ -26,8 +26,6 @@ bcrypt>=3.1.5 + + [test] + pytest>=6.2.0 +-pytest-benchmark +-pytest-cov + pytest-xdist + pretend + +--- a/tests/bench/test_aead.py ++++ b/tests/bench/test_aead.py +@@ -19,84 +19,84 @@ from ..hazmat.primitives.test_aead impor + not _aead_supported(ChaCha20Poly1305), + reason="Requires OpenSSL with ChaCha20Poly1305 support", + ) +-def test_chacha20poly1305_encrypt(benchmark): ++def test_chacha20poly1305_encrypt(): + chacha = ChaCha20Poly1305(b"\x00" * 32) +- benchmark(chacha.encrypt, b"\x00" * 12, b"hello world plaintext", b"") ++ chacha.encrypt(b"\x00" * 12, b"hello world plaintext", b"") + + + @pytest.mark.skipif( + not _aead_supported(ChaCha20Poly1305), + reason="Requires OpenSSL with ChaCha20Poly1305 support", + ) +-def test_chacha20poly1305_decrypt(benchmark): ++def test_chacha20poly1305_decrypt(): + chacha = ChaCha20Poly1305(b"\x00" * 32) + ct = chacha.encrypt(b"\x00" * 12, b"hello world plaintext", b"") +- benchmark(chacha.decrypt, b"\x00" * 12, ct, b"") ++ chacha.decrypt(b"\x00" * 12, ct, b"") + + +-def test_aesgcm_encrypt(benchmark): ++def test_aesgcm_encrypt(): + aes = AESGCM(b"\x00" * 32) +- benchmark(aes.encrypt, b"\x00" * 12, b"hello world plaintext", None) ++ aes.encrypt(b"\x00" * 12, b"hello world plaintext", None) + + +-def test_aesgcm_decrypt(benchmark): ++def test_aesgcm_decrypt(): + aes = AESGCM(b"\x00" * 32) + ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None) +- benchmark(aes.decrypt, b"\x00" * 12, ct, None) ++ aes.decrypt(b"\x00" * 12, ct, None) + + + @pytest.mark.skipif( + not _aead_supported(AESSIV), + reason="Requires OpenSSL with AES-SIV support", + ) +-def test_aessiv_encrypt(benchmark): ++def test_aessiv_encrypt(): + aes = AESSIV(b"\x00" * 32) +- benchmark(aes.encrypt, b"hello world plaintext", None) ++ aes.encrypt(b"hello world plaintext", None) + + + @pytest.mark.skipif( + not _aead_supported(AESSIV), + reason="Requires OpenSSL with AES-SIV support", + ) +-def test_aessiv_decrypt(benchmark): ++def test_aessiv_decrypt(): + aes = AESSIV(b"\x00" * 32) + ct = aes.encrypt(b"hello world plaintext", None) +- benchmark(aes.decrypt, ct, None) ++ aes.decrypt(ct, None) + + + @pytest.mark.skipif( + not _aead_supported(AESOCB3), + reason="Requires OpenSSL with AES-OCB3 support", + ) +-def test_aesocb3_encrypt(benchmark): ++def test_aesocb3_encrypt(): + aes = AESOCB3(b"\x00" * 32) +- benchmark(aes.encrypt, b"\x00" * 12, b"hello world plaintext", None) ++ aes.encrypt(b"\x00" * 12, b"hello world plaintext", None) + + + @pytest.mark.skipif( + not _aead_supported(AESOCB3), + reason="Requires OpenSSL with AES-OCB3 support", + ) +-def test_aesocb3_decrypt(benchmark): ++def test_aesocb3_decrypt(): + aes = AESOCB3(b"\x00" * 32) + ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None) +- benchmark(aes.decrypt, b"\x00" * 12, ct, None) ++ aes.decrypt(b"\x00" * 12, ct, None) + + + @pytest.mark.skipif( + not _aead_supported(AESCCM), + reason="Requires OpenSSL with AES-CCM support", + ) +-def test_aesccm_encrypt(benchmark): ++def test_aesccm_encrypt(): + aes = AESCCM(b"\x00" * 32) +- benchmark(aes.encrypt, b"\x00" * 12, b"hello world plaintext", None) ++ aes.encrypt(b"\x00" * 12, b"hello world plaintext", None) + + + @pytest.mark.skipif( + not _aead_supported(AESCCM), + reason="Requires OpenSSL with AES-CCM support", + ) +-def test_aesccm_decrypt(benchmark): ++def test_aesccm_decrypt(): + aes = AESCCM(b"\x00" * 32) + ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None) +- benchmark(aes.decrypt, b"\x00" * 12, ct, None) ++ aes.decrypt(b"\x00" * 12, ct, None) +--- a/tests/bench/test_ec_load.py ++++ b/tests/bench/test_ec_load.py +@@ -5,9 +5,9 @@ + from ..hazmat.primitives.fixtures_ec import EC_KEY_SECP256R1 + + +-def test_load_ec_public_numbers(benchmark): +- benchmark(EC_KEY_SECP256R1.public_numbers.public_key) ++def test_load_ec_public_numbers(): ++ EC_KEY_SECP256R1.public_numbers.public_key() + + +-def test_load_ec_private_numbers(benchmark): +- benchmark(EC_KEY_SECP256R1.private_key) ++def test_load_ec_private_numbers(): ++ EC_KEY_SECP256R1.private_key() +--- a/tests/bench/test_hashes.py ++++ b/tests/bench/test_hashes.py +@@ -5,10 +5,10 @@ + from cryptography.hazmat.primitives import hashes + + +-def test_sha256(benchmark): ++def test_sha256(): + def bench(): + h = hashes.Hash(hashes.SHA256()) + h.update(b"I love hashing. So much. The best.") + return h.finalize() + +- benchmark(bench) ++ bench() +--- a/tests/bench/test_hmac.py ++++ b/tests/bench/test_hmac.py +@@ -5,10 +5,10 @@ + from cryptography.hazmat.primitives import hashes, hmac + + +-def test_hmac_sha256(benchmark): ++def test_hmac_sha256(): + def bench(): + h = hmac.HMAC(b"my extremely secure key", hashes.SHA256()) + h.update(b"I love hashing. So much. The best.") + return h.finalize() + +- benchmark(bench) ++ bench() +--- a/tests/bench/test_x509.py ++++ b/tests/bench/test_x509.py +@@ -9,34 +9,34 @@ from cryptography import x509 + from ..utils import load_vectors_from_file + + +-def test_object_identier_constructor(benchmark): +- benchmark(x509.ObjectIdentifier, "1.3.6.1.4.1.11129.2.4.5") ++def test_object_identier_constructor(): ++ x509.ObjectIdentifier("1.3.6.1.4.1.11129.2.4.5") + + +-def test_aki_public_bytes(benchmark): ++def test_aki_public_bytes(): + aki = x509.AuthorityKeyIdentifier( + key_identifier=b"\x00" * 16, + authority_cert_issuer=None, + authority_cert_serial_number=None, + ) +- benchmark(aki.public_bytes) ++ aki.public_bytes() + + +-def test_load_der_certificate(benchmark): ++def test_load_der_certificate(): + cert_bytes = load_vectors_from_file( + os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"), + loader=lambda pemfile: pemfile.read(), + mode="rb", + ) + +- benchmark(x509.load_der_x509_certificate, cert_bytes) ++ x509.load_der_x509_certificate(cert_bytes) + + +-def test_load_pem_certificate(benchmark): ++def test_load_pem_certificate(): + cert_bytes = load_vectors_from_file( + os.path.join("x509", "cryptography.io.pem"), + loader=lambda pemfile: pemfile.read(), + mode="rb", + ) + +- benchmark(x509.load_pem_x509_certificate, cert_bytes) ++ x509.load_pem_x509_certificate(cert_bytes) diff --git a/python-cryptography.changes b/python-cryptography.changes index 79156f3..ddbb302 100644 --- a/python-cryptography.changes +++ b/python-cryptography.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Jul 10 22:52:18 UTC 2023 - Matej Cepl + +- Add no-pytest_benchmark.patch, which remove dependency on + pytest-benchmark and coveralls (We don't need no benchmarking + and coverage measurement; bsc#1213005). + ------------------------------------------------------------------- Mon Jun 19 20:41:45 UTC 2023 - Dirk Müller diff --git a/python-cryptography.spec b/python-cryptography.spec index e034e88..0f0f674 100644 --- a/python-cryptography.spec +++ b/python-cryptography.spec @@ -40,9 +40,9 @@ Source2: vendor.tar.zst Source3: cargo_config Source4: python-cryptography.keyring Patch2: skip_openssl_memleak_test.patch -%if 0%{?sle_version} && 0%{?sle_version} <= 150400 -Patch3: remove_python_3_6_deprecation_warning.patch -%endif +# PATCH-FEATURE-OPENSUSE no-pytest_benchmark.patch mcepl@suse.com +# We don't need no benchmarking and coverage measurement +Patch4: no-pytest_benchmark.patch BuildRequires: %{python_module cffi >= 1.12} BuildRequires: %{python_module devel} BuildRequires: %{python_module exceptiongroup} @@ -59,6 +59,9 @@ BuildRequires: pkgconfig(libffi) # python-base is not enough, we need the _ssl module Requires: python %requires_eq python-cffi +%if 0%{?sle_version} && 0%{?sle_version} <= 150400 +Patch3: remove_python_3_6_deprecation_warning.patch +%endif %if %{with test} BuildRequires: %{python_module cryptography >= %{version}} BuildRequires: %{python_module cryptography-vectors = %{version}} @@ -66,7 +69,6 @@ BuildRequires: %{python_module hypothesis >= 1.11.4} BuildRequires: %{python_module iso8601} BuildRequires: %{python_module pretend} BuildRequires: %{python_module pytest > 6.0} -BuildRequires: %{python_module pytest-benchmark} BuildRequires: %{python_module pytest-subtests} BuildRequires: %{python_module pytest-xdist} BuildRequires: %{python_module pytz} diff --git a/skip_openssl_memleak_test.patch b/skip_openssl_memleak_test.patch index 5e642da..101f065 100644 --- a/skip_openssl_memleak_test.patch +++ b/skip_openssl_memleak_test.patch @@ -1,12 +1,10 @@ --- - tests/hazmat/backends/test_openssl_memleak.py | 7 +++---- - 1 file changed, 3 insertions(+), 4 deletions(-) + tests/hazmat/backends/test_openssl_memleak.py | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) -Index: cryptography-40.0.1/tests/hazmat/backends/test_openssl_memleak.py -=================================================================== ---- cryptography-40.0.1.orig/tests/hazmat/backends/test_openssl_memleak.py -+++ cryptography-40.0.1/tests/hazmat/backends/test_openssl_memleak.py -@@ -204,12 +204,10 @@ def assert_no_memory_leaks(s, argv=[]): +--- a/tests/hazmat/backends/test_openssl_memleak.py ++++ b/tests/hazmat/backends/test_openssl_memleak.py +@@ -203,12 +203,10 @@ def assert_no_memory_leaks(s, argv=[]): def skip_if_memtesting_not_supported(): @@ -19,7 +17,7 @@ Index: cryptography-40.0.1/tests/hazmat/backends/test_openssl_memleak.py + return pytest.mark.skip( + reason="Our FIPS openssl startup code invokes CRYPTO_malloc() which prevents later debugging via CRYPTO_set_mem_functions()" + ) -+ ++ @pytest.mark.skip_fips(reason="FIPS self-test sets allow_customize = 0") @skip_if_memtesting_not_supported() From af1b2b2d21bb956ccb04a20d6227d75898faa1384d91a6b10e47f0fa47ab5bee Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Tue, 11 Jul 2023 13:39:26 +0000 Subject: [PATCH 2/3] Accepting request 1098106 from home:ojkastl_buildservice:Branch_devel_languages_python - remove patch remove_python_3_6_deprecation_warning.patch as the warning was already removed upstream OBS-URL: https://build.opensuse.org/request/show/1098106 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=189 --- python-cryptography.changes | 6 +++++ python-cryptography.spec | 3 --- remove_python_3_6_deprecation_warning.patch | 30 --------------------- 3 files changed, 6 insertions(+), 33 deletions(-) delete mode 100644 remove_python_3_6_deprecation_warning.patch diff --git a/python-cryptography.changes b/python-cryptography.changes index ddbb302..d3cd6b0 100644 --- a/python-cryptography.changes +++ b/python-cryptography.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Jul 11 11:44:23 UTC 2023 - Johannes Kastl + +- remove patch remove_python_3_6_deprecation_warning.patch as the + warning was already removed upstream + ------------------------------------------------------------------- Mon Jul 10 22:52:18 UTC 2023 - Matej Cepl diff --git a/python-cryptography.spec b/python-cryptography.spec index 0f0f674..2fabcf4 100644 --- a/python-cryptography.spec +++ b/python-cryptography.spec @@ -59,9 +59,6 @@ BuildRequires: pkgconfig(libffi) # python-base is not enough, we need the _ssl module Requires: python %requires_eq python-cffi -%if 0%{?sle_version} && 0%{?sle_version} <= 150400 -Patch3: remove_python_3_6_deprecation_warning.patch -%endif %if %{with test} BuildRequires: %{python_module cryptography >= %{version}} BuildRequires: %{python_module cryptography-vectors = %{version}} diff --git a/remove_python_3_6_deprecation_warning.patch b/remove_python_3_6_deprecation_warning.patch deleted file mode 100644 index 6cfc7a9..0000000 --- a/remove_python_3_6_deprecation_warning.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 0848826019cdcf3cf783095cb26b3fb394ae6d92 Mon Sep 17 00:00:00 2001 -From: Johannes Kastl -Date: Thu, 12 Jan 2023 11:12:53 +0100 -Subject: [PATCH] remove python3.6 deprecation warning - -Signed-off-by: Johannes Kastl ---- - src/cryptography/__init__.py | 9 --------- - 1 file changed, 9 deletions(-) - -diff --git a/src/cryptography/__init__.py b/src/cryptography/__init__.py -index 7f8a25c6e..91b624bf0 100644 ---- a/src/cryptography/__init__.py -+++ b/src/cryptography/__init__.py -@@ -13,12 +13,3 @@ __all__ = [ - "__author__", - "__copyright__", - ] -- --if sys.version_info[:2] == (3, 6): -- warnings.warn( -- "Python 3.6 is no longer supported by the Python core team. " -- "Therefore, support for it is deprecated in cryptography. The next " -- "release of cryptography will remove support for Python 3.6.", -- CryptographyDeprecationWarning, -- stacklevel=2, -- ) --- -2.40.0 - From 985179992e2474c548bee625c3671b352bb3eaaa1e7effb65e3cba3502cc995f Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Tue, 11 Jul 2023 13:46:03 +0000 Subject: [PATCH 3/3] - update to 41.0.2: * Fixed bugs in creating and parsing SSH certificates where critical options with values were handled incorrectly. Certificates are now created correctly and parsing accepts correct values as well as the previously generated invalid forms with a warning. In the next release, support for parsing these invalid forms will be removed. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=190 --- _service | 2 +- cryptography-41.0.1.tar.gz | 3 --- cryptography-41.0.2.tar.gz | 3 +++ python-cryptography.changes | 11 +++++++++++ python-cryptography.spec | 2 +- vendor.tar.zst | 4 ++-- 6 files changed, 18 insertions(+), 7 deletions(-) delete mode 100644 cryptography-41.0.1.tar.gz create mode 100644 cryptography-41.0.2.tar.gz diff --git a/_service b/_service index 28fd155..97a96c3 100644 --- a/_service +++ b/_service @@ -1,7 +1,7 @@ - cryptography-41.0.1/src/rust + cryptography-41.0.2/src/rust zst diff --git a/cryptography-41.0.1.tar.gz b/cryptography-41.0.1.tar.gz deleted file mode 100644 index 633feec..0000000 --- a/cryptography-41.0.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d34579085401d3f49762d2f7d6634d6b6c2ae1242202e860f4d26b046e3a1006 -size 629124 diff --git a/cryptography-41.0.2.tar.gz b/cryptography-41.0.2.tar.gz new file mode 100644 index 0000000..c0060e1 --- /dev/null +++ b/cryptography-41.0.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7d230bf856164de164ecb615ccc14c7fc6de6906ddd5b491f3af90d3514c925c +size 630080 diff --git a/python-cryptography.changes b/python-cryptography.changes index d3cd6b0..159e977 100644 --- a/python-cryptography.changes +++ b/python-cryptography.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Tue Jul 11 13:44:14 UTC 2023 - Dirk Müller + +- update to 41.0.2: + * Fixed bugs in creating and parsing SSH certificates where + critical options with values were handled incorrectly. + Certificates are now created correctly and parsing accepts + correct values as well as the previously generated + invalid forms with a warning. In the next release, support + for parsing these invalid forms will be removed. + ------------------------------------------------------------------- Tue Jul 11 11:44:23 UTC 2023 - Johannes Kastl diff --git a/python-cryptography.spec b/python-cryptography.spec index 2fabcf4..ef3c0ab 100644 --- a/python-cryptography.spec +++ b/python-cryptography.spec @@ -27,7 +27,7 @@ %endif %{?sle15_python_module_pythons} Name: python-cryptography%{psuffix} -Version: 41.0.1 +Version: 41.0.2 Release: 0 Summary: Python library which exposes cryptographic recipes and primitives License: Apache-2.0 OR BSD-3-Clause diff --git a/vendor.tar.zst b/vendor.tar.zst index fb9f6c1..6bfefe0 100644 --- a/vendor.tar.zst +++ b/vendor.tar.zst @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:db2566256b8e495a97af1192916c64e758d5f1a52ed3870ac36701193f56ce9e -size 6149053 +oid sha256:f9203263f072cf9d91d7eb424cdc451a7650679edeeb0ab7f3457bf71c9312c2 +size 6108785