Update to 39.0.2

Resolves: rhbz#2124729

.gitignore

@@ -45,3 +45,5 @@
 /cryptography-36.0.0-vendor.tar.bz2
 /cryptography-37.0.2.tar.gz
 /cryptography-37.0.2-vendor.tar.bz2
+/cryptography-39.0.2.tar.gz
+/cryptography-39.0.2-vendor.tar.bz2

CVE-2023-23931.patch

@@ -1,42 +0,0 @@
-From 94a50a9731f35405f0357fa5f3b177d46a726ab3 Mon Sep 17 00:00:00 2001
-From: Alex Gaynor <alex.gaynor@gmail.com>
-Date: Tue, 31 Jan 2023 08:33:54 -0500
-Subject: [PATCH] Don't allow update_into to mutate immutable objects
-
----
- src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +-
- tests/hazmat/primitives/test_ciphers.py             | 8 ++++++++
- 2 files changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py
-index 286583f9325..075d68fb905 100644
---- a/src/cryptography/hazmat/backends/openssl/ciphers.py
-+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
-@@ -156,7 +156,7 @@ def update_into(self, data: bytes, buf: bytes) -> int:
-         data_processed = 0
-         total_out = 0
-         outlen = self._backend._ffi.new("int *")
--        baseoutbuf = self._backend._ffi.from_buffer(buf)
-+        baseoutbuf = self._backend._ffi.from_buffer(buf, require_writable=True)
-         baseinbuf = self._backend._ffi.from_buffer(data)
- 
-         while data_processed != total_data_len:
-diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py
-index 02127dd9cab..bf3b047dec2 100644
---- a/tests/hazmat/primitives/test_ciphers.py
-+++ b/tests/hazmat/primitives/test_ciphers.py
-@@ -318,6 +318,14 @@ def test_update_into_buffer_too_small(self, backend):
-         with pytest.raises(ValueError):
-             encryptor.update_into(b"testing", buf)
- 
-+    def test_update_into_immutable(self, backend):
-+        key = b"\x00" * 16
-+        c = ciphers.Cipher(AES(key), modes.ECB(), backend)
-+        encryptor = c.encryptor()
-+        buf = b"\x00" * 32
-+        with pytest.raises((TypeError, BufferError)):
-+            encryptor.update_into(b"testing", buf)
-+
-     @pytest.mark.supported(
-         only_if=lambda backend: backend.cipher_supported(
-             AES(b"\x00" * 16), modes.GCM(b"\x00" * 12)

python-cryptography.spec

@@ -5,8 +5,8 @@
 %global srcname cryptography
 
 Name:           python-%{srcname}
-Version:        37.0.2
-Release:        9%{?dist}
+Version:        39.0.2
+Release:        1%{?dist}
 Summary:        PyCA's cryptography library
 
 # cryptography is dual licensed under the Apache-2.0 and BSD-3-Clause,
@@ -19,9 +19,6 @@ Source0:        https://github.com/pyca/cryptography/archive/%{version}/%{srcnam
 Source1:        cryptography-%{version}-vendor.tar.bz2
 Source2:        conftest-skipper.py
 
-# https://github.com/pyca/cryptography/pull/8230
-Patch1:         CVE-2023-23931.patch
-
 ExclusiveArch:  %{rust_arches}
 
 BuildRequires:  openssl-devel
@@ -33,10 +30,10 @@ BuildRequires:  rust-packaging
 BuildRequires:  rust-toolset
 %endif
 
-BuildRequires:  python%{python3_pkgversion}-cffi >= 1.7
+BuildRequires:  python%{python3_pkgversion}-cffi >= 1.12
 BuildRequires:  python%{python3_pkgversion}-devel
 BuildRequires:  python%{python3_pkgversion}-setuptools
-BuildRequires:  python%{python3_pkgversion}-setuptools-rust >= 0.11.3
+BuildRequires:  python%{python3_pkgversion}-setuptools-rust >= 0.11.4
 
 %if %{with tests}
 %if 0%{?fedora}
@@ -45,7 +42,7 @@ BuildRequires:  python%{python3_pkgversion}-iso8601
 BuildRequires:  python%{python3_pkgversion}-pretend
 BuildRequires:  python%{python3_pkgversion}-pytest-xdist
 %endif
-BuildRequires:  python%{python3_pkgversion}-pytest >= 6.0
+BuildRequires:  python%{python3_pkgversion}-pytest >= 6.2.0
 BuildRequires:  python%{python3_pkgversion}-pytest-benchmark
 BuildRequires:  python%{python3_pkgversion}-pytest-subtests >= 0.3.2
 BuildRequires:  python%{python3_pkgversion}-pytz
@@ -129,6 +126,9 @@ PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \
 %{python3_sitearch}/%{srcname}-%{version}-py*.egg-info
 
 %changelog
+* Sat Mar 04 2023 Christian Heimes <cheimes@redhat.com> - 39.0.2-1
+- Update to 39.0.2, resolves rhbz#2124729
+
 * Tue Feb 28 2023 Fabio Valentini <decathorpe@gmail.com> - 37.0.2-9
 - Ensure correct compiler flags are used for Rust code.
 

sources

@@ -1,2 +1,2 @@
-SHA512 (cryptography-37.0.2.tar.gz) = ca6b1e983e79a130b47b1f7cdabeb6041a6102f57483f0820f7bcc6a67e0112b7691f09caa7f391de5aed0a2fee26f394688823da2cd4c8beab553732ac6a305
-SHA512 (cryptography-37.0.2-vendor.tar.bz2) = d100fff9406063c7eb1d0caf7f389c15e49715928ae6c9ec7fd60e97f363ea3590d145e8e7f74958ce4857f60e9e4cd28ac69ef44f9e0dc0730e5d08b073bd9b
+SHA512 (cryptography-39.0.2.tar.gz) = 06ae3e2c0c2a5fa9e80dab7181a7c8b64aa9359bfd149837f179e65372a90acc905aae7476516ba8da4c4137bd25ba115d911728858551d2862280352b09b95e
+SHA512 (cryptography-39.0.2-vendor.tar.bz2) = 4e92ec50e01f99e160ab6c5e12fbd7e1297aaa2dfb5f0f35019308a44661e938a082c9a4ce0d9b5fbe1ed94cde49ae6b193c3f3f7035e9f5f5a97f2108595667