Accepting request 1311087 from devel:languages:python

- update to 46.0.2:
  * Updated Windows, macOS, and Linux wheels to be compiled with
    OpenSSL 3.5.4.
  * Fixed an issue where users installing via pip on Python 3.14
    development versions would not properly install a dependency.
  * Fixed an issue building the free-threaded macOS 3.14 wheels.
  * BACKWARDS INCOMPATIBLE: Support for Python 3.7 has been
    removed.
  * Support for OpenSSL < 3.0 is deprecated and will be removed
    in the next release.
  * Support for x86_64 macOS (including publishing wheels) is
    deprecated and will be removed in two releases. We will
    switch to publishing an arm64 only wheel for macOS.
  * Support for 32-bit Windows (including publishing wheels) is
    deprecated and will be removed in two releases. Users should
    move to a 64-bit Python installation.
  * Updated Windows, macOS, and Linux wheels to be compiled with
    OpenSSL 3.5.3.
  * We now build ppc64le manylinux wheels and publish them to
    PyPI.
  * We now build win_arm64 (Windows on Arm) wheels and publish
    them to PyPI.
  * Added support for free-threaded Python 3.14.
  * Removed the deprecated get_attribute_for_oid method on
    :class:`~cryptography.x509.CertificateSigningRequest`. Users
    should use
    :meth:`~cryptography.x509.Attributes.get_attribute_for_oid`
    instead.
  * Removed the deprecated CAST5, SEED, IDEA, and Blowfish
    classes from the cipher module. These are still available in

OBS-URL: https://build.opensuse.org/request/show/1311087
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=105

Make-unsafe-subinterpreter-support-available-via-cfg.patch

@@ -0,0 +1,46 @@
+From d59176bc05aa37838fd4a8dd253f47c962f61118 Mon Sep 17 00:00:00 2001
+From: Fabio Valentini <decathorpe@gmail.com>
+Date: Tue, 23 Jul 2024 14:41:04 +0200
+Subject: [PATCH] Make unsafe subinterpreter support available via cfg flag
+
+---
+ src/impl_/pymodule.rs | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: cryptography-46.0.2/vendor/pyo3-0.26.0/src/impl_/pymodule.rs
+===================================================================
+--- cryptography-46.0.2.orig/vendor/pyo3-0.26.0/src/impl_/pymodule.rs
++++ cryptography-46.0.2/vendor/pyo3-0.26.0/src/impl_/pymodule.rs
+@@ -100,7 +100,7 @@ impl ModuleDef {
+         // that static data is not reused across interpreters.
+         //
+         // PyPy does not have subinterpreters, so no need to check interpreter ID.
+-        #[cfg(not(any(PyPy, GraalPy)))]
++        #[cfg(not(any(PyPy, GraalPy, pyo3_unsafe_allow_subinterpreters)))]
+         {
+             // PyInterpreterState_Get is only available on 3.9 and later, but is missing
+             // from python3.dll for Windows stable API on 3.9
+Index: cryptography-46.0.2/Cargo.toml
+===================================================================
+--- cryptography-46.0.2.orig/Cargo.toml
++++ cryptography-46.0.2/Cargo.toml
+@@ -29,3 +29,6 @@ openssl-sys = "0.9.108"
+ 
+ [profile.release]
+ overflow-checks = true
++
++[patch.crates-io]
++pyo3 = { path="vendor/pyo3-0.26.0" }
+Index: cryptography-46.0.2/Cargo.lock
+===================================================================
+--- cryptography-46.0.2.orig/Cargo.lock
++++ cryptography-46.0.2/Cargo.lock
+@@ -276,8 +276,6 @@ dependencies = [
+ [[package]]
+ name = "pyo3"
+ version = "0.26.0"
+-source = "registry+https://github.com/rust-lang/crates.io-index"
+-checksum = "7ba0117f4212101ee6544044dae45abe1083d30ce7b29c4b5cbdfa2354e07383"
+ dependencies = [
+  "indoc",
+  "libc",

_service

@@ -2,7 +2,6 @@
   <service name="download_files" mode="manual"/>
   <service name="cargo_vendor" mode="manual">
     <param name="srcdir">cryptography-*</param>
-    <param name="cargotoml">src/rust/Cargo.toml</param>
     <param name="compression">zst</param>
   </service>
 </services>

cryptography-43.0.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b88075ada2d51aa9f18283532c9f60e72170041bba88d7f37e49cbb10275299e
-size 686873

cryptography-46.0.2.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:21b6fc8c71a3f9a604f028a329e5560009cc4a3a828bfea5fcba8eb7647d88fe
+size 749293

no-pytest_benchmark.patch

@@ -1,26 +1,17 @@
----
- pyproject.toml                         |   31 -------------------------
- tests/bench/test_aead.py               |   40 ++++++++++++++++-----------------
- tests/bench/test_ec_load.py            |    8 +++---
- tests/bench/test_hashes.py             |    4 +--
- tests/bench/test_hmac.py               |    4 +--
- tests/bench/test_x509.py               |   16 ++++++-------
- 7 files changed, 37 insertions(+), 68 deletions(-)
-
-Index: cryptography-43.0.0/pyproject.toml
+Index: cryptography-46.0.2/pyproject.toml
 ===================================================================
---- cryptography-43.0.0.orig/pyproject.toml
-+++ cryptography-43.0.0/pyproject.toml
-@@ -66,8 +66,6 @@ nox = ["nox"]
+--- cryptography-46.0.2.orig/pyproject.toml
++++ cryptography-46.0.2/pyproject.toml
+@@ -72,8 +72,6 @@ nox = ["nox[uv] >=2024.04.15"]
  test = [
-     "cryptography_vectors==43.0.0",
-     "pytest >=6.2.0",
--    "pytest-benchmark",
--    "pytest-cov",
-     "pytest-xdist",
-     "pretend",
-     "certifi",
-@@ -117,7 +115,7 @@ exclude = [
+     "cryptography_vectors==46.0.2",
+     "pytest >=7.4.0",
+-    "pytest-benchmark >=4.0",
+-    "pytest-cov >=2.10.1",
+     "pytest-xdist >=3.5.0",
+     "pretend >=0.7",
+     "certifi >=2024",
+@@ -134,7 +132,7 @@ exclude = [
  ]
  
  [tool.pytest.ini_options]
@@ -29,29 +20,23 @@ Index: cryptography-43.0.0/pyproject.toml
  console_output_style = "progress-even-when-capture-no"
  markers = [
      "skip_fips: this test is not executed in FIPS mode",
-@@ -139,33 +137,6 @@ module = [
- ]
+@@ -155,30 +153,6 @@ strict_bytes = true
+ module = ["pretend"]
  ignore_missing_imports = true
  
 -[tool.coverage.run]
 -branch = true
 -relative_files = true
--source = [
--    "cryptography",
--    "tests/",
--]
+-source = ["cryptography", "tests/"]
 -
 -[tool.coverage.paths]
 -source = [
--   "src/cryptography",
--   "*.nox/*/lib*/python*/site-packages/cryptography",
--   "*.nox\\*\\Lib\\site-packages\\cryptography",
--   "*.nox/pypy/site-packages/cryptography",
--]
--tests =[
--   "tests/",
--   "*tests\\",
+-    "src/cryptography",
+-    "*.nox/*/lib*/python*/site-packages/cryptography",
+-    "*.nox\\*\\Lib\\site-packages\\cryptography",
+-    "*.nox/pypy/site-packages/cryptography",
 -]
+-tests = ["tests/", "*tests\\"]
 -
 -[tool.coverage.report]
 -exclude_lines = [
@@ -59,14 +44,17 @@ Index: cryptography-43.0.0/pyproject.toml
 -    "@typing.overload",
 -    "if typing.TYPE_CHECKING",
 -]
+-
+-[tool.coverage.html]
+-show_contexts = true
 -
  [tool.ruff]
  line-length = 79
  
-Index: cryptography-43.0.0/tests/bench/test_aead.py
+Index: cryptography-46.0.2/tests/bench/test_aead.py
 ===================================================================
---- cryptography-43.0.0.orig/tests/bench/test_aead.py
-+++ cryptography-43.0.0/tests/bench/test_aead.py
+--- cryptography-46.0.2.orig/tests/bench/test_aead.py
++++ cryptography-46.0.2/tests/bench/test_aead.py
 @@ -26,84 +26,84 @@ def _aead_supported(cls):
      not _aead_supported(ChaCha20Poly1305),
      reason="Requires OpenSSL with ChaCha20Poly1305 support",
@@ -172,10 +160,10 @@ Index: cryptography-43.0.0/tests/bench/test_aead.py
      ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
 -    benchmark(aes.decrypt, b"\x00" * 12, ct, None)
 +    aes.decrypt(b"\x00" * 12, ct, None)
-Index: cryptography-43.0.0/tests/bench/test_ec_load.py
+Index: cryptography-46.0.2/tests/bench/test_ec_load.py
 ===================================================================
---- cryptography-43.0.0.orig/tests/bench/test_ec_load.py
-+++ cryptography-43.0.0/tests/bench/test_ec_load.py
+--- cryptography-46.0.2.orig/tests/bench/test_ec_load.py
++++ cryptography-46.0.2/tests/bench/test_ec_load.py
 @@ -5,9 +5,9 @@
  from ..hazmat.primitives.fixtures_ec import EC_KEY_SECP256R1
  
@@ -190,10 +178,10 @@ Index: cryptography-43.0.0/tests/bench/test_ec_load.py
 -    benchmark(EC_KEY_SECP256R1.private_key)
 +def test_load_ec_private_numbers():
 +    EC_KEY_SECP256R1.private_key()
-Index: cryptography-43.0.0/tests/bench/test_hashes.py
+Index: cryptography-46.0.2/tests/bench/test_hashes.py
 ===================================================================
---- cryptography-43.0.0.orig/tests/bench/test_hashes.py
-+++ cryptography-43.0.0/tests/bench/test_hashes.py
+--- cryptography-46.0.2.orig/tests/bench/test_hashes.py
++++ cryptography-46.0.2/tests/bench/test_hashes.py
 @@ -5,10 +5,10 @@
  from cryptography.hazmat.primitives import hashes
  
@@ -207,10 +195,10 @@ Index: cryptography-43.0.0/tests/bench/test_hashes.py
  
 -    benchmark(bench)
 +    bench()
-Index: cryptography-43.0.0/tests/bench/test_hmac.py
+Index: cryptography-46.0.2/tests/bench/test_hmac.py
 ===================================================================
---- cryptography-43.0.0.orig/tests/bench/test_hmac.py
-+++ cryptography-43.0.0/tests/bench/test_hmac.py
+--- cryptography-46.0.2.orig/tests/bench/test_hmac.py
++++ cryptography-46.0.2/tests/bench/test_hmac.py
 @@ -5,10 +5,10 @@
  from cryptography.hazmat.primitives import hashes, hmac
  
@@ -224,10 +212,10 @@ Index: cryptography-43.0.0/tests/bench/test_hmac.py
  
 -    benchmark(bench)
 +    bench()
-Index: cryptography-43.0.0/tests/bench/test_x509.py
+Index: cryptography-46.0.2/tests/bench/test_x509.py
 ===================================================================
---- cryptography-43.0.0.orig/tests/bench/test_x509.py
-+++ cryptography-43.0.0/tests/bench/test_x509.py
+--- cryptography-46.0.2.orig/tests/bench/test_x509.py
++++ cryptography-46.0.2/tests/bench/test_x509.py
 @@ -13,40 +13,40 @@ from cryptography import x509
  from ..utils import load_vectors_from_file
  

python-cryptography.changes

@@ -1,3 +1,255 @@
+-------------------------------------------------------------------
+Mon Oct 13 09:32:39 UTC 2025 - Dirk Müller <dmueller@suse.com>
+
+- update to 46.0.2:
+  * Updated Windows, macOS, and Linux wheels to be compiled with
+    OpenSSL 3.5.4.
+  * Fixed an issue where users installing via pip on Python 3.14
+    development versions would not properly install a dependency.
+  * Fixed an issue building the free-threaded macOS 3.14 wheels.
+  * BACKWARDS INCOMPATIBLE: Support for Python 3.7 has been
+    removed.
+  * Support for OpenSSL < 3.0 is deprecated and will be removed
+    in the next release.
+  * Support for x86_64 macOS (including publishing wheels) is
+    deprecated and will be removed in two releases. We will
+    switch to publishing an arm64 only wheel for macOS.
+  * Support for 32-bit Windows (including publishing wheels) is
+    deprecated and will be removed in two releases. Users should
+    move to a 64-bit Python installation.
+  * Updated Windows, macOS, and Linux wheels to be compiled with
+    OpenSSL 3.5.3.
+  * We now build ppc64le manylinux wheels and publish them to
+    PyPI.
+  * We now build win_arm64 (Windows on Arm) wheels and publish
+    them to PyPI.
+  * Added support for free-threaded Python 3.14.
+  * Removed the deprecated get_attribute_for_oid method on
+    :class:`~cryptography.x509.CertificateSigningRequest`. Users
+    should use
+    :meth:`~cryptography.x509.Attributes.get_attribute_for_oid`
+    instead.
+  * Removed the deprecated CAST5, SEED, IDEA, and Blowfish
+    classes from the cipher module. These are still available in
+    :doc:`/hazmat/decrepit/index`.
+  * In X.509, when performing a PSS signature with a SHA-3 hash,
+    it is now encoded with the official NIST SHA3 OID.
+
+-------------------------------------------------------------------
+Sun Sep 14 20:45:39 UTC 2025 - Dirk Müller <dmueller@suse.com>
+
+- update to 45.0.7:
+  * Added a function to support an upcoming pyOpenSSL release.
+
+-------------------------------------------------------------------
+Mon Sep  1 14:46:55 UTC 2025 - James Oakley <jfunk@opensuse.org>
+
+- Add Make-unsafe-subinterpreter-support-available-via-cfg.patch
+  to allow ceph-mgr to load modules (boo#1248987)
+
+-------------------------------------------------------------------
+Sat Jul 12 08:36:08 UTC 2025 - Dirk Müller <dmueller@suse.com>
+
+- update to 45.0.5:
+  * Updated Windows, macOS, and Linux wheels to be compiled with
+    OpenSSL 3.5.1.
+  * Fixed decrypting PKCS#8 files encrypted with SHA1-RC4. (This
+    is not considered secure, and is supported only for backwards
+    compatibility.)
+  * Fixed decrypting PKCS#8 files encrypted with long salts (this
+    impacts keys encrypted by Bouncy Castle).
+  * Fixed decrypting PKCS#8 files encrypted with DES-CBC-MD5.
+    While wildly insecure, this remains prevalent.
+  * Fixed using mypy with cryptography on older versions of
+    Python.
+  * Updated Windows, macOS, and Linux wheels to be compiled with
+    OpenSSL 3.5.0.
+  * Support for Python 3.7 is deprecated and will be removed in
+    the next cryptography release.
+  * Updated the minimum supported Rust version (MSRV) to 1.74.0,
+    from 1.65.0.
+  * Added support for serialization of PKCS#12 Java truststores
+    in :func:`~cryptography.hazmat.primitives.serialization.pkcs1
+    2.serialize_java_truststore`
+  * Added :meth:`~cryptography.hazmat.primitives.kdf.argon2.Argon
+    2id.derive_phc_encoded` and :meth:`~cryptography.hazmat.primi
+    tives.kdf.argon2.Argon2id.verify_phc_encoded` methods to
+    support password hashing in the PHC string format
+  * Added support for PKCS7 decryption and encryption using
+    AES-256 as the content algorithm, in addition to AES-128.
+  * BACKWARDS INCOMPATIBLE: Made SSH private key loading more
+    consistent with other private key loading: :func:`~cryptograp
+    hy.hazmat.primitives.serialization.load_ssh_private_key` now
+    raises a TypeError if the key is unencrypted but a password
+    is provided (previously no exception was raised), and raises
+    a TypeError if the key is encrypted but no password is
+    provided (previously a ValueError was raised).
+  * Added __copy__ to the :class:`~cryptography.hazmat.primitives
+    .asymmetric.ec.EllipticCurvePrivateKey`, :class:`~cryptograph
+    y.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`, :c
+    lass:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25
+    519PublicKey`, :class:`~cryptography.hazmat.primitives.asymme
+    tric.ed25519.Ed25519PrivateKey`, :class:`~cryptography.hazmat
+    .primitives.asymmetric.ed448.Ed448PublicKey`, :class:`~crypto
+    graphy.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey`, :
+    class:`~cryptography.hazmat.primitives.asymmetric.x25519.X255
+    19PublicKey`, :class:`~cryptography.hazmat.primitives.asymmet
+    ric.x25519.X25519PrivateKey`, :class:`~cryptography.hazmat.pr
+    imitives.asymmetric.x448.X448PublicKey`, :class:`~cryptograph
+    y.hazmat.primitives.asymmetric.x448.X448PrivateKey`, :class:`
+    ~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`
+    , :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAP
+    ublicKey`, :class:`~cryptography.hazmat.primitives.asymmetric
+    .dsa.DSAPrivateKey`, :class:`~cryptography.hazmat.primitives.
+    asymmetric.dsa.DSAPublicKey`, :class:`~cryptography.hazmat.pr
+    imitives.asymmetric.dh.DHPrivateKey`, and :class:`~cryptograp
+    hy.hazmat.primitives.asymmetric.dh.DHPublicKey` abstract base
+    classes.
+  * We significantly refactored how private key loading ( :func:`
+    ~cryptography.hazmat.primitives.serialization.load_pem_privat
+    e_key` and :func:`~cryptography.hazmat.primitives.serializati
+    on.load_der_private_key`) works. This is intended to be
+    backwards compatible for all well-formed keys, therefore if
+    you discover a key that now raises an exception, please file
+    a bug with instructions for reproducing.
+  * Added unsafe_skip_rsa_key_validation keyword-argument to :fun
+    c:`~cryptography.hazmat.primitives.serialization.load_ssh_pri
+    vate_key`.
+  * Added :class:`~cryptography.hazmat.primitives.hashes.XOFHash`
+    to support repeated :meth:`~cryptography.hazmat.primitives.ha
+    shes.XOFHash.squeeze` operations on extendable output
+    functions.
+  * Added :meth:`~cryptography.x509.ocsp.OCSPResponseBuilder.add_
+    response_by_hash` method to allow creating OCSP responses
+    using certificate hash values rather than full certificates.
+  * Extended the :mod:`X.509 path validation
+    <cryptography.x509.verification>` API to support user-
+    configured extension policies via the
+    :meth:`PolicyBuilder.extension_policies <cryptography.x509.ve
+    rification.PolicyBuilder.extension_policies>` method.
+  * Deprecated the subject, verification_time and max_chain_depth
+    properties on
+    :class:`~cryptography.x509.verification.ClientVerifier` and
+    :class:`~cryptography.x509.verification.ServerVerifier` in
+    favor of a new policy property. These properties will be
+    removed in the next release of cryptography.
+  * BACKWARDS INCOMPATIBLE: The :meth:`VerifiedClient.subject
+    <cryptography.x509.verification.VerifiedClient.subjects>`
+    property can now be None since a custom extension policy may
+    allow certificates without a Subject Alternative Name
+    extension.
+  * Changed the behavior when the OpenSSL 3 legacy provider fails
+    to load. Instead of raising an exception, a warning is now
+    emitted. The CRYPTOGRAPHY_OPENSSL_NO_LEGACY environment
+    variable can still be used to disable the legacy provider at
+    runtime.
+  * Added support for the CRYPTOGRAPHY_BUILD_OPENSSL_NO_LEGACY
+    environment variable during build time, which prevents the
+    library from ever attempting to load the legacy provider.
+  * Added support for the
+    :class:`~cryptography.x509.PrivateKeyUsagePeriod` X.509
+    extension. This extension defines the period during which the
+    private key corresponding to the certificate's public key may
+    be used.
+  * Added support for compiling against `aws-lc`_.
+  * Parsing X.509 structures now more strictly enforces that Name
+    structures do not have malformed ASN.1.
+  * We now publish py311 wheels that utilize the faster
+    pyo3::buffer::PyBuffer interface, resulting in significantly
+    improved performance for operations involving small buffers.
+  * Added :func:`~cryptography.hazmat.primitives.serialization.ss
+    h_key_fingerprint` for computing fingerprints of SSH public
+    keys.
+  * Added support for deterministic ECDSA signing via the new
+    keyword-only argument ecdsa_deterministic in
+    :meth:`~cryptography.x509.CertificateBuilder.sign`, :meth:`~c
+    ryptography.x509.CertificateRevocationListBuilder.sign` and :
+    meth:`~cryptography.x509.CertificateSigningRequestBuilder.sig
+    n`.
+
+-------------------------------------------------------------------
+Wed May  7 15:45:10 UTC 2025 - Nico Krapp <nico.krapp@suse.com>
+
+- Update to 44.0.3
+  * Fixed compilation when using LibreSSL 4.1.0.
+
+-------------------------------------------------------------------
+Sun Mar 23 21:40:26 UTC 2025 - Dirk Müller <dmueller@suse.com>
+
+- update to 44.0.2:
+  * We now build wheels for PyPy 3.11.
+
+-------------------------------------------------------------------
+Wed Feb 26 09:41:24 UTC 2025 - Dirk Müller <dmueller@suse.com>
+
+- update to 44.0.1:
+  * Updated Windows, macOS, and Linux wheels to be compiled with
+    OpenSSL 3.4.1.
+  * We now build armv7l manylinux wheels and publish them to
+    PyPI.
+  * We now build manylinux_2_34 wheels and publish them to PyPI.
+
+-------------------------------------------------------------------
+Sun Jan 26 10:59:13 UTC 2025 - Soc Virnyl Estela <uncomfyhalomacro@opensuse.org>
+
+- Update to version 44.0.0:
+  * BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.9.
+  * Deprecated Python 3.7 support. Python 3.7 is no longer supported by
+    the Python core team. Support for Python 3.7 will be removed in a future
+    cryptography release.
+  * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.0.
+  * macOS wheels are now built against the macOS 10.13 SDK. Users on older
+    versions of macOS should upgrade, or they will need to build cryptography
+    themselves.
+  * Enforce the RFC 5280 requirement that extended key usage extensions must not be empty.
+  * Added support for timestamp extraction to the :class:`~cryptography.fernet.MultiFernet` class.
+  * Relax the Authority Key Identifier requirements on root CA certificates
+    during X.509 verification to allow fields permitted by RFC 5280 but
+    forbidden by the CA/Browser BRs.
+  * Added support for
+    :class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id` when using
+    OpenSSL 3.2.0+.
+  * Added support for the :class:`~cryptography.x509.Admissions` certificate extension.
+  * Added basic support for PKCS7 decryption (including S/MIME 3.2) via
+    :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_der`,
+    :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_pem`,
+    and :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_smime`.
+- Update specfile to accommodate new project structure at version 44.0.0
+- Update no-pytest_benchmark.patch
+
+-------------------------------------------------------------------
+Fri Nov  8 10:08:46 UTC 2024 - Ben Greiner <code@bnavigator.de>
+
+- Fix requires_eq replacement for distributions which do not have
+  python3-cffi installed (such as SLE15 python module pythons)
+  * gh#openSUSE/python-rpm-macros#185
+- Remove outdated section in description
+
+-------------------------------------------------------------------
+Tue Nov  5 08:03:40 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Avoid using requires_eq, which after the last modifications
+  conflicts with python singlespec (order of expansion).
+
+-------------------------------------------------------------------
+Tue Oct 22 13:26:21 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 43.0.3:
+  * Fixed release metadata for cryptography-vectors
+  * Fixed compilation when using LibreSSL 4.0.0.
+
+-------------------------------------------------------------------
+Sat Sep 28 19:45:04 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 43.0.1:
+  * Updated Windows, macOS, and Linux wheels to be compiled with
+    OpenSSL 3.3.2.
+
+-------------------------------------------------------------------
+Sun Sep 15 08:51:52 UTC 2024 - Andreas Schneider <asn@cryptomilk.org>
+
+- Fix building on SLE based distributions
+
 -------------------------------------------------------------------
 Mon Aug 12 20:36:00 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
 

python-cryptography.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-cryptography
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -27,7 +27,8 @@
 %endif
 %{?sle15_python_module_pythons}
 Name:           python-cryptography%{psuffix}
-Version:        43.0.0
+# ALWAYS KEEP IN SYNC WITH python-cryptography-vectors!
+Version:        46.0.2
 Release:        0
 Summary:        Python library which exposes cryptographic recipes and primitives
 License:        Apache-2.0 OR BSD-3-Clause
@@ -40,6 +41,8 @@ Source4:        python-cryptography.keyring
 # PATCH-FEATURE-OPENSUSE no-pytest_benchmark.patch mcepl@suse.com
 # We don't need no benchmarking and coverage measurement
 Patch4:         no-pytest_benchmark.patch
+# PATCH-FIX-OPENSUSE Make-unsafe-subinterpreter-support-available-via-cfg.patch boo#1248987
+Patch5:         Make-unsafe-subinterpreter-support-available-via-cfg.patch
 BuildRequires:  %{python_module cffi >= 1.12}
 BuildRequires:  %{python_module devel}
 BuildRequires:  %{python_module exceptiongroup}
@@ -60,7 +63,7 @@ BuildRequires:  pkgconfig(libffi)
 # python-base is not enough, we need the _ssl module
 Requires:       python
 Requires:       python-bcrypt
-%requires_eq    python-cffi
+Requires:       python-cffi = %(rpm -q --whatprovides python-cffi --qf "%%{version}")
 %if %{with test}
 BuildRequires:  %{python_module bcrypt}
 BuildRequires:  %{python_module certifi}
@@ -78,11 +81,6 @@ BuildRequires:  %{python_module pytz}
 %python_subpackages
 
 %description
-cryptography is a package designed to expose cryptographic
-recipes and primitives to Python developers.  Our goal is
-for it to be your "cryptographic standard library". It
-supports Python 2.7, Python 3.4+, and PyPy-5.3+.
-
 cryptography includes both high level recipes, and low
 level interfaces to common cryptographic algorithms such as
 symmetric ciphers, message digests and key derivation
@@ -95,15 +93,11 @@ functions.
 export CARGO_NET_OFFLINE=true
 export CARGO_PROFILE_RELEASE_DEBUG=true
 export CARGO_PROFILE_RELEASE_SPLIT_DEBUGINFO=off
-cd src/rust
-tar xfv %{S:2}
-rm -v Cargo.lock
-%cargo_build
-cd -
-
-# https://github.com/pyca/cryptography/issues/9023
+# https://pyo3.rs/main/building-and-distribution#configuring-the-python-version
+%python_expand export PYO3_PYTHON="%{_bindir}/$python"
 %global _lto_cflags %{nil}
-export RUSTFLAGS=%{rustflags}
+RUSTFLAGS=%{rustflags}
+export RUSTFLAGS="$RUSTFLAGS --cfg pyo3_unsafe_allow_subinterpreters"
 export CFLAGS="%{optflags} -fno-strict-aliasing"
 %pyproject_wheel
 
@@ -124,6 +118,7 @@ find . -name .keep -print -delete
 # fails with OverflowError on 32bit platform
 %ifarch %ix86 %arm ppc
 rm -v tests/hazmat/primitives/test_aead.py
+rm -v tests/hazmat/primitives/test_ciphers.py
 # imports test_aead so we need to remove also these
 rm -v tests/wycheproof/test_aes.py
 rm -v tests/wycheproof/test_chacha20poly1305.py

vendor.tar.zst

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:0189963d634540b54819a21f8a5ebac6b2a60f54e21369ba98259e743e8b08a7
-size 1950998
+oid sha256:ea523052eeeb087bbce1ae07a0202f4ec17c525855d21d34e9162b51bc30f50d
+size 2684695