Accepting request 1276716 from devel:languages:python

OBS-URL: https://build.opensuse.org/request/show/1276716
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=101

_service

@@ -2,7 +2,6 @@
   <service name="download_files" mode="manual"/>
   <service name="cargo_vendor" mode="manual">
     <param name="srcdir">cryptography-*</param>
-    <param name="cargotoml">src/rust/Cargo.toml</param>
     <param name="compression">zst</param>
   </service>
 </services>

cryptography-43.0.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b88075ada2d51aa9f18283532c9f60e72170041bba88d7f37e49cbb10275299e
-size 686873

no-pytest_benchmark.patch

@@ -1,26 +1,17 @@
----
- pyproject.toml                         |   31 -------------------------
- tests/bench/test_aead.py               |   40 ++++++++++++++++-----------------
- tests/bench/test_ec_load.py            |    8 +++---
- tests/bench/test_hashes.py             |    4 +--
- tests/bench/test_hmac.py               |    4 +--
- tests/bench/test_x509.py               |   16 ++++++-------
- 7 files changed, 37 insertions(+), 68 deletions(-)
-
-Index: cryptography-43.0.0/pyproject.toml
+Index: cryptography-44.0.3/pyproject.toml
 ===================================================================
---- cryptography-43.0.0.orig/pyproject.toml
-+++ cryptography-43.0.0/pyproject.toml
-@@ -66,8 +66,6 @@ nox = ["nox"]
+--- cryptography-44.0.3.orig/pyproject.toml
++++ cryptography-44.0.3/pyproject.toml
+@@ -67,8 +67,6 @@ nox = ["nox >=2024.04.15", "nox[uv] >=20
  test = [
-     "cryptography_vectors==43.0.0",
-     "pytest >=6.2.0",
--    "pytest-benchmark",
--    "pytest-cov",
-     "pytest-xdist",
-     "pretend",
-     "certifi",
-@@ -117,7 +115,7 @@ exclude = [
+     "cryptography_vectors==44.0.3",
+     "pytest >=7.4.0",
+-    "pytest-benchmark >=4.0",
+-    "pytest-cov >=2.10.1",
+     "pytest-xdist >=3.5.0",
+     "pretend >=0.7",
+     "certifi >=2024",
+@@ -118,7 +116,7 @@ exclude = [
  ]
  
  [tool.pytest.ini_options]
@@ -29,7 +20,7 @@ Index: cryptography-43.0.0/pyproject.toml
  console_output_style = "progress-even-when-capture-no"
  markers = [
      "skip_fips: this test is not executed in FIPS mode",
-@@ -139,33 +137,6 @@ module = [
+@@ -140,33 +138,6 @@ module = [
  ]
  ignore_missing_imports = true
  
@@ -43,14 +34,14 @@ Index: cryptography-43.0.0/pyproject.toml
 -
 -[tool.coverage.paths]
 -source = [
--   "src/cryptography",
--   "*.nox/*/lib*/python*/site-packages/cryptography",
--   "*.nox\\*\\Lib\\site-packages\\cryptography",
--   "*.nox/pypy/site-packages/cryptography",
+-    "src/cryptography",
+-    "*.nox/*/lib*/python*/site-packages/cryptography",
+-    "*.nox\\*\\Lib\\site-packages\\cryptography",
+-    "*.nox/pypy/site-packages/cryptography",
 -]
--tests =[
--   "tests/",
--   "*tests\\",
+-tests = [
+-    "tests/",
+-    "*tests\\",
 -]
 -
 -[tool.coverage.report]
@@ -63,10 +54,10 @@ Index: cryptography-43.0.0/pyproject.toml
  [tool.ruff]
  line-length = 79
  
-Index: cryptography-43.0.0/tests/bench/test_aead.py
+Index: cryptography-44.0.3/tests/bench/test_aead.py
 ===================================================================
---- cryptography-43.0.0.orig/tests/bench/test_aead.py
-+++ cryptography-43.0.0/tests/bench/test_aead.py
+--- cryptography-44.0.3.orig/tests/bench/test_aead.py
++++ cryptography-44.0.3/tests/bench/test_aead.py
 @@ -26,84 +26,84 @@ def _aead_supported(cls):
      not _aead_supported(ChaCha20Poly1305),
      reason="Requires OpenSSL with ChaCha20Poly1305 support",
@@ -172,10 +163,10 @@ Index: cryptography-43.0.0/tests/bench/test_aead.py
      ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
 -    benchmark(aes.decrypt, b"\x00" * 12, ct, None)
 +    aes.decrypt(b"\x00" * 12, ct, None)
-Index: cryptography-43.0.0/tests/bench/test_ec_load.py
+Index: cryptography-44.0.3/tests/bench/test_ec_load.py
 ===================================================================
---- cryptography-43.0.0.orig/tests/bench/test_ec_load.py
-+++ cryptography-43.0.0/tests/bench/test_ec_load.py
+--- cryptography-44.0.3.orig/tests/bench/test_ec_load.py
++++ cryptography-44.0.3/tests/bench/test_ec_load.py
 @@ -5,9 +5,9 @@
  from ..hazmat.primitives.fixtures_ec import EC_KEY_SECP256R1
  
@@ -190,10 +181,10 @@ Index: cryptography-43.0.0/tests/bench/test_ec_load.py
 -    benchmark(EC_KEY_SECP256R1.private_key)
 +def test_load_ec_private_numbers():
 +    EC_KEY_SECP256R1.private_key()
-Index: cryptography-43.0.0/tests/bench/test_hashes.py
+Index: cryptography-44.0.3/tests/bench/test_hashes.py
 ===================================================================
---- cryptography-43.0.0.orig/tests/bench/test_hashes.py
-+++ cryptography-43.0.0/tests/bench/test_hashes.py
+--- cryptography-44.0.3.orig/tests/bench/test_hashes.py
++++ cryptography-44.0.3/tests/bench/test_hashes.py
 @@ -5,10 +5,10 @@
  from cryptography.hazmat.primitives import hashes
  
@@ -207,10 +198,10 @@ Index: cryptography-43.0.0/tests/bench/test_hashes.py
  
 -    benchmark(bench)
 +    bench()
-Index: cryptography-43.0.0/tests/bench/test_hmac.py
+Index: cryptography-44.0.3/tests/bench/test_hmac.py
 ===================================================================
---- cryptography-43.0.0.orig/tests/bench/test_hmac.py
-+++ cryptography-43.0.0/tests/bench/test_hmac.py
+--- cryptography-44.0.3.orig/tests/bench/test_hmac.py
++++ cryptography-44.0.3/tests/bench/test_hmac.py
 @@ -5,10 +5,10 @@
  from cryptography.hazmat.primitives import hashes, hmac
  
@@ -224,10 +215,10 @@ Index: cryptography-43.0.0/tests/bench/test_hmac.py
  
 -    benchmark(bench)
 +    bench()
-Index: cryptography-43.0.0/tests/bench/test_x509.py
+Index: cryptography-44.0.3/tests/bench/test_x509.py
 ===================================================================
---- cryptography-43.0.0.orig/tests/bench/test_x509.py
-+++ cryptography-43.0.0/tests/bench/test_x509.py
+--- cryptography-44.0.3.orig/tests/bench/test_x509.py
++++ cryptography-44.0.3/tests/bench/test_x509.py
 @@ -13,40 +13,40 @@ from cryptography import x509
  from ..utils import load_vectors_from_file
  

python-cryptography.changes

@@ -1,3 +1,86 @@
+-------------------------------------------------------------------
+Wed May  7 15:45:10 UTC 2025 - Nico Krapp <nico.krapp@suse.com>
+
+- Update to 44.0.3
+  * Fixed compilation when using LibreSSL 4.1.0.
+
+-------------------------------------------------------------------
+Sun Mar 23 21:40:26 UTC 2025 - Dirk Müller <dmueller@suse.com>
+
+- update to 44.0.2:
+  * We now build wheels for PyPy 3.11.
+
+-------------------------------------------------------------------
+Wed Feb 26 09:41:24 UTC 2025 - Dirk Müller <dmueller@suse.com>
+
+- update to 44.0.1:
+  * Updated Windows, macOS, and Linux wheels to be compiled with
+    OpenSSL 3.4.1.
+  * We now build armv7l manylinux wheels and publish them to
+    PyPI.
+  * We now build manylinux_2_34 wheels and publish them to PyPI.
+
+-------------------------------------------------------------------
+Sun Jan 26 10:59:13 UTC 2025 - Soc Virnyl Estela <uncomfyhalomacro@opensuse.org>
+
+- Update to version 44.0.0:
+  * BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.9.
+  * Deprecated Python 3.7 support. Python 3.7 is no longer supported by
+    the Python core team. Support for Python 3.7 will be removed in a future
+    cryptography release.
+  * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.0.
+  * macOS wheels are now built against the macOS 10.13 SDK. Users on older
+    versions of macOS should upgrade, or they will need to build cryptography
+    themselves.
+  * Enforce the RFC 5280 requirement that extended key usage extensions must not be empty.
+  * Added support for timestamp extraction to the :class:`~cryptography.fernet.MultiFernet` class.
+  * Relax the Authority Key Identifier requirements on root CA certificates
+    during X.509 verification to allow fields permitted by RFC 5280 but
+    forbidden by the CA/Browser BRs.
+  * Added support for
+    :class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id` when using
+    OpenSSL 3.2.0+.
+  * Added support for the :class:`~cryptography.x509.Admissions` certificate extension.
+  * Added basic support for PKCS7 decryption (including S/MIME 3.2) via 
+    :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_der`, 
+    :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_pem`,
+    and :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_smime`.
+- Update specfile to accommodate new project structure at version 44.0.0
+- Update no-pytest_benchmark.patch
+
+-------------------------------------------------------------------
+Fri Nov  8 10:08:46 UTC 2024 - Ben Greiner <code@bnavigator.de>
+
+- Fix requires_eq replacement for distributions which do not have
+  python3-cffi installed (such as SLE15 python module pythons)
+  * gh#openSUSE/python-rpm-macros#185
+- Remove outdated section in description
+
+-------------------------------------------------------------------
+Tue Nov  5 08:03:40 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Avoid using requires_eq, which after the last modifications
+  conflicts with python singlespec (order of expansion).
+
+-------------------------------------------------------------------
+Tue Oct 22 13:26:21 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 43.0.3:
+  * Fixed release metadata for cryptography-vectors
+  * Fixed compilation when using LibreSSL 4.0.0.
+
+-------------------------------------------------------------------
+Sat Sep 28 19:45:04 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 43.0.1:
+  * Updated Windows, macOS, and Linux wheels to be compiled with
+    OpenSSL 3.3.2.
+
+-------------------------------------------------------------------
+Sun Sep 15 08:51:52 UTC 2024 - Andreas Schneider <asn@cryptomilk.org>
+
+- Fix building on SLE based distributions
+
 -------------------------------------------------------------------
 Mon Aug 12 20:36:00 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
 

python-cryptography.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-cryptography
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -27,7 +27,8 @@
 %endif
 %{?sle15_python_module_pythons}
 Name:           python-cryptography%{psuffix}
-Version:        43.0.0
+# ALWAYS KEEP IN SYNC WITH python-cryptography-vectors!
+Version:        44.0.3
 Release:        0
 Summary:        Python library which exposes cryptographic recipes and primitives
 License:        Apache-2.0 OR BSD-3-Clause
@@ -60,7 +61,7 @@ BuildRequires:  pkgconfig(libffi)
 # python-base is not enough, we need the _ssl module
 Requires:       python
 Requires:       python-bcrypt
-%requires_eq    python-cffi
+Requires:       python-cffi = %(rpm -q --whatprovides python-cffi --qf "%%{version}")
 %if %{with test}
 BuildRequires:  %{python_module bcrypt}
 BuildRequires:  %{python_module certifi}
@@ -78,11 +79,6 @@ BuildRequires:  %{python_module pytz}
 %python_subpackages
 
 %description
-cryptography is a package designed to expose cryptographic
-recipes and primitives to Python developers.  Our goal is
-for it to be your "cryptographic standard library". It
-supports Python 2.7, Python 3.4+, and PyPy-5.3+.
-
 cryptography includes both high level recipes, and low
 level interfaces to common cryptographic algorithms such as
 symmetric ciphers, message digests and key derivation
@@ -95,13 +91,8 @@ functions.
 export CARGO_NET_OFFLINE=true
 export CARGO_PROFILE_RELEASE_DEBUG=true
 export CARGO_PROFILE_RELEASE_SPLIT_DEBUGINFO=off
-cd src/rust
-tar xfv %{S:2}
-rm -v Cargo.lock
-%cargo_build
-cd -
-
-# https://github.com/pyca/cryptography/issues/9023
+# https://pyo3.rs/main/building-and-distribution#configuring-the-python-version
+%python_expand export PYO3_PYTHON="%{_bindir}/$python"
 %global _lto_cflags %{nil}
 export RUSTFLAGS=%{rustflags}
 export CFLAGS="%{optflags} -fno-strict-aliasing"
@@ -124,6 +115,7 @@ find . -name .keep -print -delete
 # fails with OverflowError on 32bit platform
 %ifarch %ix86 %arm ppc
 rm -v tests/hazmat/primitives/test_aead.py
+rm -v tests/hazmat/primitives/test_ciphers.py
 # imports test_aead so we need to remove also these
 rm -v tests/wycheproof/test_aes.py
 rm -v tests/wycheproof/test_chacha20poly1305.py
@@ -136,6 +128,7 @@ rm -v tests/wycheproof/test_chacha20poly1305.py
 %license LICENSE LICENSE.APACHE LICENSE.BSD
 %doc CONTRIBUTING.rst CHANGELOG.rst README.rst
 %{python_sitearch}/cryptography
+%{python_sitearch}/rust
 %{python_sitearch}/cryptography-%{version}.dist-info
 %endif