diff --git a/.gitignore b/.gitignore index 617462f..8299792 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -SOURCES/cryptography-3.2.1.tar.gz +cryptography-43.0.0-vendor.tar.bz2 +cryptography-43.0.0.tar.gz diff --git a/.python-cryptography.metadata b/.python-cryptography.metadata deleted file mode 100644 index 5035b80..0000000 --- a/.python-cryptography.metadata +++ /dev/null @@ -1 +0,0 @@ -20708a4955dcf7e2bb53d05418273d2bc0f80ab4 SOURCES/cryptography-3.2.1.tar.gz diff --git a/11328.patch b/11328.patch new file mode 100644 index 0000000..3dd1aee --- /dev/null +++ b/11328.patch @@ -0,0 +1,36 @@ +From 7a1927b07343ee0e873017c3f5d58c56ea9e9ab1 Mon Sep 17 00:00:00 2001 +From: Christian Heimes +Date: Mon, 22 Jul 2024 09:09:05 +0200 +Subject: [PATCH] Don't include engine.h when OPENSSL_NO_ENGINE is defined + +Fedora 41 and RHEL 10 are deprecating and phasing out OpenSSL ENGINE +support. Downstream has moved `openssl/engine.h` into a separate RPM +package and is recompiling packages with `-DOPENSSL_NO_ENGINE=1`. The +compiler flag disables PyCA cryptography's ENGINE support successfully. +We also like to build the downstream package without the `engine.h` +header file present. + +This commit makes the include conditional. The `ENGINE` type is +defined in `openssl/types.h`. + +See: https://src.fedoraproject.org/rpms/openssl/c/e67e9d9c40cd2cb9547e539c658e2b63f2736762?branch=rawhide +See: https://issues.redhat.com/browse/RHEL-33747 +Signed-off-by: Christian Heimes +--- + src/_cffi_src/openssl/engine.py | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/_cffi_src/openssl/engine.py b/src/_cffi_src/openssl/engine.py +index 9629a2c8f929..f47e20327003 100644 +--- a/src/_cffi_src/openssl/engine.py ++++ b/src/_cffi_src/openssl/engine.py +@@ -5,7 +5,9 @@ + from __future__ import annotations + + INCLUDES = """ ++#if !defined(OPENSSL_NO_ENGINE) || CRYPTOGRAPHY_IS_LIBRESSL + #include ++#endif + """ + + TYPES = """ diff --git a/11536.patch b/11536.patch new file mode 100644 index 0000000..b18f149 --- /dev/null +++ b/11536.patch @@ -0,0 +1,26 @@ +From aa3e70e086b1f36f55d58a0d84eae0b51dbe7dc6 Mon Sep 17 00:00:00 2001 +From: Alex Gaynor +Date: Tue, 3 Sep 2024 20:19:02 -0400 +Subject: [PATCH] allow sha1 in OAEP (#11536) + +fixes #11512 +--- + src/rust/src/backend/rsa.rs | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/rust/src/backend/rsa.rs b/src/rust/src/backend/rsa.rs +index 3c01e7421..066b1412a 100644 +--- a/src/rust/src/backend/rsa.rs ++++ b/src/rust/src/backend/rsa.rs +@@ -70,7 +70,7 @@ fn generate_private_key(public_exponent: u32, key_size: u32) -> CryptographyResu + } + + fn oaep_hash_supported(md: &openssl::hash::MessageDigest) -> bool { +- (!cryptography_openssl::fips::is_enabled() && md == &openssl::hash::MessageDigest::sha1()) ++ md == &openssl::hash::MessageDigest::sha1() + || md == &openssl::hash::MessageDigest::sha224() + || md == &openssl::hash::MessageDigest::sha256() + || md == &openssl::hash::MessageDigest::sha384() +-- +2.46.0 + diff --git a/SOURCES/0001-Re-add-deprecated-and-removed-features.patch b/SOURCES/0001-Re-add-deprecated-and-removed-features.patch deleted file mode 100644 index 149b43e..0000000 --- a/SOURCES/0001-Re-add-deprecated-and-removed-features.patch +++ /dev/null @@ -1,254 +0,0 @@ -From e3e043ab363387033ddfdcaf3c15d8cf8dda17ed Mon Sep 17 00:00:00 2001 -From: Christian Heimes -Date: Tue, 27 Oct 2020 16:42:15 +0100 -Subject: [PATCH 1] Re-add deprecated and removed features - -* encode_rfc6979_signature() -* decode_rfc6979_signature() -* Certificate.serial property -* MACContext -* osrandom engine is disabled - -Signed-off-by: Christian Heimes ---- - .../hazmat/backends/openssl/cmac.py | 3 +- - .../hazmat/backends/openssl/hmac.py | 3 +- - .../hazmat/backends/openssl/x509.py | 4 ++ - .../hazmat/primitives/asymmetric/utils.py | 8 ++++ - src/cryptography/hazmat/primitives/cmac.py | 3 +- - src/cryptography/hazmat/primitives/hmac.py | 3 +- - src/cryptography/hazmat/primitives/mac.py | 37 +++++++++++++++++++ - src/cryptography/x509/extensions.py | 6 ++- - tests/hazmat/backends/test_openssl.py | 3 ++ - tests/hazmat/primitives/test_asym_utils.py | 9 +++++ - tests/x509/test_x509.py | 1 + - tests/x509/test_x509_ext.py | 5 +++ - 12 files changed, 80 insertions(+), 5 deletions(-) - create mode 100644 src/cryptography/hazmat/primitives/mac.py - -diff --git a/src/cryptography/hazmat/backends/openssl/cmac.py b/src/cryptography/hazmat/backends/openssl/cmac.py -index 195fc230f..5281f634d 100644 ---- a/src/cryptography/hazmat/backends/openssl/cmac.py -+++ b/src/cryptography/hazmat/backends/openssl/cmac.py -@@ -11,10 +11,11 @@ from cryptography.exceptions import ( - UnsupportedAlgorithm, - _Reasons, - ) --from cryptography.hazmat.primitives import constant_time -+from cryptography.hazmat.primitives import constant_time, mac - from cryptography.hazmat.primitives.ciphers.modes import CBC - - -+@utils.register_interface(mac.MACContext) - class _CMACContext(object): - def __init__(self, backend, algorithm, ctx=None): - if not backend.cmac_algorithm_supported(algorithm): -diff --git a/src/cryptography/hazmat/backends/openssl/hmac.py b/src/cryptography/hazmat/backends/openssl/hmac.py -index 5024223b2..11c850e10 100644 ---- a/src/cryptography/hazmat/backends/openssl/hmac.py -+++ b/src/cryptography/hazmat/backends/openssl/hmac.py -@@ -11,9 +11,10 @@ from cryptography.exceptions import ( - UnsupportedAlgorithm, - _Reasons, - ) --from cryptography.hazmat.primitives import constant_time, hashes -+from cryptography.hazmat.primitives import constant_time, hashes, mac - - -+@utils.register_interface(mac.MACContext) - @utils.register_interface(hashes.HashContext) - class _HMACContext(object): - def __init__(self, backend, key, algorithm, ctx=None): -diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py -index 4d0dac764..c9074f59e 100644 ---- a/src/cryptography/hazmat/backends/openssl/x509.py -+++ b/src/cryptography/hazmat/backends/openssl/x509.py -@@ -73,6 +73,10 @@ class _Certificate(object): - self._backend.openssl_assert(asn1_int != self._backend._ffi.NULL) - return _asn1_integer_to_int(self._backend, asn1_int) - -+ @property -+ def serial(self): -+ return self.serial_number -+ - def public_key(self): - pkey = self._backend._lib.X509_get_pubkey(self._x509) - if pkey == self._backend._ffi.NULL: -diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py -index 5f9b67786..886d7565b 100644 ---- a/src/cryptography/hazmat/primitives/asymmetric/utils.py -+++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py -@@ -39,3 +39,11 @@ class Prehashed(object): - self._digest_size = algorithm.digest_size - - digest_size = utils.read_only_property("_digest_size") -+ -+ -+def decode_rfc6979_signature(signature): -+ return decode_dss_signature(signature) -+ -+ -+def encode_rfc6979_signature(r, s): -+ return encode_dss_signature(r, s) -diff --git a/src/cryptography/hazmat/primitives/cmac.py b/src/cryptography/hazmat/primitives/cmac.py -index bf962c906..7f37f13cc 100644 ---- a/src/cryptography/hazmat/primitives/cmac.py -+++ b/src/cryptography/hazmat/primitives/cmac.py -@@ -12,9 +12,10 @@ from cryptography.exceptions import ( - ) - from cryptography.hazmat.backends import _get_backend - from cryptography.hazmat.backends.interfaces import CMACBackend --from cryptography.hazmat.primitives import ciphers -+from cryptography.hazmat.primitives import ciphers, mac - - -+@utils.register_interface(mac.MACContext) - class CMAC(object): - def __init__(self, algorithm, backend=None, ctx=None): - backend = _get_backend(backend) -diff --git a/src/cryptography/hazmat/primitives/hmac.py b/src/cryptography/hazmat/primitives/hmac.py -index 8c421dc68..6f03a1071 100644 ---- a/src/cryptography/hazmat/primitives/hmac.py -+++ b/src/cryptography/hazmat/primitives/hmac.py -@@ -12,9 +12,10 @@ from cryptography.exceptions import ( - ) - from cryptography.hazmat.backends import _get_backend - from cryptography.hazmat.backends.interfaces import HMACBackend --from cryptography.hazmat.primitives import hashes -+from cryptography.hazmat.primitives import hashes, mac - - -+@utils.register_interface(mac.MACContext) - @utils.register_interface(hashes.HashContext) - class HMAC(object): - def __init__(self, key, algorithm, backend=None, ctx=None): -diff --git a/src/cryptography/hazmat/primitives/mac.py b/src/cryptography/hazmat/primitives/mac.py -new file mode 100644 -index 000000000..4c95190ba ---- /dev/null -+++ b/src/cryptography/hazmat/primitives/mac.py -@@ -0,0 +1,37 @@ -+# This file is dual licensed under the terms of the Apache License, Version -+# 2.0, and the BSD License. See the LICENSE file in the root of this repository -+# for complete details. -+ -+from __future__ import absolute_import, division, print_function -+ -+import abc -+ -+import six -+ -+ -+@six.add_metaclass(abc.ABCMeta) -+class MACContext(object): -+ @abc.abstractmethod -+ def update(self, data): -+ """ -+ Processes the provided bytes. -+ """ -+ -+ @abc.abstractmethod -+ def finalize(self): -+ """ -+ Returns the message authentication code as bytes. -+ """ -+ -+ @abc.abstractmethod -+ def copy(self): -+ """ -+ Return a MACContext that is a copy of the current context. -+ """ -+ -+ @abc.abstractmethod -+ def verify(self, signature): -+ """ -+ Checks if the generated message authentication code matches the -+ signature. -+ """ -diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py -index 130ba69b8..ddbccdf3b 100644 ---- a/src/cryptography/x509/extensions.py -+++ b/src/cryptography/x509/extensions.py -@@ -218,8 +218,12 @@ class AuthorityKeyIdentifier(object): - - @classmethod - def from_issuer_subject_key_identifier(cls, ski): -+ if isinstance(ski, SubjectKeyIdentifier): -+ digest = ski.digest -+ else: -+ digest = ski.value.digest - return cls( -- key_identifier=ski.digest, -+ key_identifier=digest, - authority_cert_issuer=None, - authority_cert_serial_number=None, - ) -diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py -index 2f7e7bebf..73c17d84f 100644 ---- a/tests/hazmat/backends/test_openssl.py -+++ b/tests/hazmat/backends/test_openssl.py -@@ -301,6 +301,9 @@ class TestOpenSSLRandomEngine(object): - res = backend._lib.ENGINE_free(e) - assert res == 1 - -+ def test_rhel8_no_osrandom(self): -+ pytest.fail("osrandom engine is not FIPS compliant, see RHBZ#1762667") -+ - - @pytest.mark.skipif( - backend._lib.CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE, -diff --git a/tests/hazmat/primitives/test_asym_utils.py b/tests/hazmat/primitives/test_asym_utils.py -index 70bff012f..334b459b5 100644 ---- a/tests/hazmat/primitives/test_asym_utils.py -+++ b/tests/hazmat/primitives/test_asym_utils.py -@@ -10,6 +10,8 @@ from cryptography.hazmat.primitives.asymmetric.utils import ( - Prehashed, - decode_dss_signature, - encode_dss_signature, -+ encode_rfc6979_signature, -+ decode_rfc6979_signature - ) - - -@@ -75,3 +77,10 @@ def test_decode_dss_invalid_asn1(): - def test_pass_invalid_prehashed_arg(): - with pytest.raises(TypeError): - Prehashed(object()) -+ -+ -+def test_deprecated_rfc6979_signature(): -+ sig = encode_rfc6979_signature(1, 1) -+ assert sig == b"0\x06\x02\x01\x01\x02\x01\x01" -+ decoded = decode_rfc6979_signature(sig) -+ assert decoded == (1, 1) -diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py -index 11c80816c..e5bdf17d4 100644 ---- a/tests/x509/test_x509.py -+++ b/tests/x509/test_x509.py -@@ -685,6 +685,7 @@ class TestRSACertificate(object): - ) - assert isinstance(cert, x509.Certificate) - assert cert.serial_number == 11559813051657483483 -+ assert cert.serial == cert.serial_number - fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1())) - assert fingerprint == b"2b619ed04bfc9c3b08eb677d272192286a0947a8" - assert isinstance(cert.signature_hash_algorithm, hashes.SHA1) -diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py -index 2cd216fb6..ac2b2c03d 100644 ---- a/tests/x509/test_x509_ext.py -+++ b/tests/x509/test_x509_ext.py -@@ -3442,6 +3442,11 @@ class TestAuthorityKeyIdentifierExtension(object): - ) - assert ext.value == aki - -+ aki = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier( -+ ski_ext -+ ) -+ assert ext.value == aki -+ - - class TestNameConstraints(object): - def test_ipaddress_wrong_type(self): --- -2.26.2 - diff --git a/SOURCES/0002-Support-pytest-3.4.2.patch b/SOURCES/0002-Support-pytest-3.4.2.patch deleted file mode 100644 index 66c1344..0000000 --- a/SOURCES/0002-Support-pytest-3.4.2.patch +++ /dev/null @@ -1,86 +0,0 @@ -From c1c1b14d359b1360e7d14a7c0687bef9ed6fc17c Mon Sep 17 00:00:00 2001 -From: Christian Heimes -Date: Wed, 28 Oct 2020 14:27:55 +0100 -Subject: [PATCH 2] Support pytest 3.4.2 - ---- - setup.py | 3 ++- - tests/conftest.py | 4 ++-- - tests/test_utils.py | 4 ++-- - tests/utils.py | 2 +- - 4 files changed, 7 insertions(+), 6 deletions(-) - -diff --git a/setup.py b/setup.py -index 82800a96e..5678db004 100644 ---- a/setup.py -+++ b/setup.py -@@ -93,7 +93,8 @@ setup( - extras_require={ - ":python_version < '3'": ["enum34", "ipaddress"], - "test": [ -- "pytest>=3.6.0,!=3.9.0,!=3.9.1,!=3.9.2", -+ "pytest>=3.4.2,<3.6", -+ "attrs>=17.4.0,<18.0", - "pretend", - "iso8601", - "pytz", -diff --git a/tests/conftest.py b/tests/conftest.py -index 4e3124fa7..53c194830 100644 ---- a/tests/conftest.py -+++ b/tests/conftest.py -@@ -42,7 +42,7 @@ def pytest_generate_tests(metafunc): - - def pytest_runtest_setup(item): - if openssl_backend._fips_enabled: -- for marker in item.iter_markers(name="skip_fips"): -+ for marker in item.get_marker(name="skip_fips") or []: - pytest.skip(marker.kwargs["reason"]) - - -@@ -50,7 +50,7 @@ def pytest_runtest_setup(item): - def backend(request): - required_interfaces = [ - mark.kwargs["interface"] -- for mark in request.node.iter_markers("requires_backend_interface") -+ for mark in request.node.get_marker("requires_backend_interface") or [] - ] - if not all( - isinstance(openssl_backend, iface) for iface in required_interfaces -diff --git a/tests/test_utils.py b/tests/test_utils.py -index d6afa3b34..e0a1be4f5 100644 ---- a/tests/test_utils.py -+++ b/tests/test_utils.py -@@ -43,7 +43,7 @@ def test_check_backend_support_skip(): - supported = pretend.stub( - kwargs={"only_if": lambda backend: False, "skip_message": "Nope"} - ) -- node = pretend.stub(iter_markers=lambda x: [supported]) -+ node = pretend.stub(get_marker=lambda x: [supported]) - item = pretend.stub(node=node) - with pytest.raises(pytest.skip.Exception) as exc_info: - check_backend_support(True, item) -@@ -54,7 +54,7 @@ def test_check_backend_support_no_skip(): - supported = pretend.stub( - kwargs={"only_if": lambda backend: True, "skip_message": "Nope"} - ) -- node = pretend.stub(iter_markers=lambda x: [supported]) -+ node = pretend.stub(get_marker=lambda x: [supported]) - item = pretend.stub(node=node) - assert check_backend_support(None, item) is None - -diff --git a/tests/utils.py b/tests/utils.py -index 5d98af00e..a08f79c34 100644 ---- a/tests/utils.py -+++ b/tests/utils.py -@@ -27,7 +27,7 @@ KeyedHashVector = collections.namedtuple( - - - def check_backend_support(backend, item): -- for mark in item.node.iter_markers("supported"): -+ for mark in item.node.get_marker("supported") or []: - if not mark.kwargs["only_if"](backend): - pytest.skip("{} ({})".format(mark.kwargs["skip_message"], backend)) - --- -2.26.2 - diff --git a/SOURCES/0003-Skip-iso8601-test-cases.patch b/SOURCES/0003-Skip-iso8601-test-cases.patch deleted file mode 100644 index 0131af2..0000000 --- a/SOURCES/0003-Skip-iso8601-test-cases.patch +++ /dev/null @@ -1,73 +0,0 @@ -From bea141d25bd2bc4eea7527e2d6ec1d85b2b3806d Mon Sep 17 00:00:00 2001 -From: Christian Heimes -Date: Thu, 29 Oct 2020 09:21:06 +0100 -Subject: [PATCH 3] Skip iso8601 test cases - ---- - tests/test_fernet.py | 15 ++++++++++++++- - 1 file changed, 14 insertions(+), 1 deletion(-) - -diff --git a/tests/test_fernet.py b/tests/test_fernet.py -index 38409b03e..343f3e4ec 100644 ---- a/tests/test_fernet.py -+++ b/tests/test_fernet.py -@@ -10,7 +10,10 @@ import json - import os - import time - --import iso8601 -+try: -+ import iso8601 -+except ImportError: -+ iso8601 = None - - import pytest - -@@ -24,6 +27,12 @@ from cryptography.hazmat.primitives.ciphers import algorithms, modes - import cryptography_vectors - - -+skip_iso8601 = pytest.mark.skipif( -+ iso8601 is None, -+ reason="is8601 is not available" -+) -+ -+ - def json_parametrize(keys, filename): - vector_file = cryptography_vectors.open_vector_file( - os.path.join("fernet", filename), "r" -@@ -49,6 +58,7 @@ def test_default_backend(): - skip_message="Does not support AES CBC", - ) - class TestFernet(object): -+ @skip_iso8601 - @json_parametrize( - ("secret", "now", "iv", "src", "token"), - "generate.json", -@@ -62,6 +72,7 @@ class TestFernet(object): - ) - assert actual_token == token.encode("ascii") - -+ @skip_iso8601 - @json_parametrize( - ("secret", "now", "src", "ttl_sec", "token"), - "verify.json", -@@ -81,6 +92,7 @@ class TestFernet(object): - payload = f.decrypt(token.encode("ascii"), ttl=ttl_sec) - assert payload == src.encode("ascii") - -+ @skip_iso8601 - @json_parametrize(("secret", "token", "now", "ttl_sec"), "invalid.json") - def test_invalid(self, secret, token, now, ttl_sec, backend, monkeypatch): - f = Fernet(secret.encode("ascii"), backend=backend) -@@ -117,6 +129,7 @@ class TestFernet(object): - with pytest.raises(TypeError): - f.decrypt(u"") - -+ @skip_iso8601 - def test_timestamp_ignored_no_ttl(self, monkeypatch, backend): - f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend) - pt = b"encrypt me" --- -2.26.2 - diff --git a/SOURCES/0004-Revert-remove-NPN-bindings.patch b/SOURCES/0004-Revert-remove-NPN-bindings.patch deleted file mode 100644 index 8a1c31a..0000000 --- a/SOURCES/0004-Revert-remove-NPN-bindings.patch +++ /dev/null @@ -1,75 +0,0 @@ -From e8ed37e0d24a1cc7482ab816ed5f25243395b2ef Mon Sep 17 00:00:00 2001 -From: Christian Heimes -Date: Mon, 14 Dec 2020 14:13:53 +0100 -Subject: [PATCH] Revert "remove NPN bindings -- you should be using ALPN! - (#4765)" - -This reverts commit 99bf4e4605cbe54bad597da1ebe4cc323909083c. ---- - src/_cffi_src/openssl/ssl.py | 20 +++++++++++++++++++- - tests/hazmat/bindings/test_openssl.py | 4 ++++ - 2 files changed, 23 insertions(+), 1 deletion(-) - -diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py -index c38e309a1..fa854f5dd 100644 ---- a/src/_cffi_src/openssl/ssl.py -+++ b/src/_cffi_src/openssl/ssl.py -@@ -138,6 +138,8 @@ static const long SSL3_RANDOM_SIZE; - static const long TLS_ST_BEFORE; - static const long TLS_ST_OK; - -+static const long OPENSSL_NPN_NEGOTIATED; -+ - typedef ... SSL_METHOD; - typedef ... SSL_CTX; - -@@ -401,9 +403,25 @@ SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *); - - long SSL_session_reused(SSL *); - -+void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *, -+ int (*)(SSL *, -+ const unsigned char **, -+ unsigned int *, -+ void *), -+ void *); -+void SSL_CTX_set_next_proto_select_cb(SSL_CTX *, -+ int (*)(SSL *, -+ unsigned char **, -+ unsigned char *, -+ const unsigned char *, -+ unsigned int, -+ void *), -+ void *); - int SSL_select_next_proto(unsigned char **, unsigned char *, - const unsigned char *, unsigned int, - const unsigned char *, unsigned int); -+void SSL_get0_next_proto_negotiated(const SSL *, -+ const unsigned char **, unsigned *); - - int sk_SSL_CIPHER_num(Cryptography_STACK_OF_SSL_CIPHER *); - const SSL_CIPHER *sk_SSL_CIPHER_value(Cryptography_STACK_OF_SSL_CIPHER *, int); -@@ -601,7 +619,7 @@ static const long Cryptography_HAS_TLSv1_2 = 1; - static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1; - static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1; - static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1; --static const long Cryptography_HAS_NEXTPROTONEG = 0; -+static const long Cryptography_HAS_NEXTPROTONEG = 1; - static const long Cryptography_HAS_ALPN = 1; - - #if CRYPTOGRAPHY_IS_LIBRESSL -diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py -index ecee34091..aeb12a0dc 100644 ---- a/tests/hazmat/bindings/test_openssl.py -+++ b/tests/hazmat/bindings/test_openssl.py -@@ -137,3 +137,7 @@ class TestOpenSSL(object): - ) - with pytest.raises(RuntimeError): - _verify_openssl_version(lib) -+ -+ def test_npn_binding(self): -+ b = Binding() -+ assert b.lib.Cryptography_HAS_NEXTPROTONEG --- -2.29.2 - diff --git a/SOURCES/0005-CVE-2020-36242.patch b/SOURCES/0005-CVE-2020-36242.patch deleted file mode 100644 index 1f2f9c5..0000000 --- a/SOURCES/0005-CVE-2020-36242.patch +++ /dev/null @@ -1,18 +0,0 @@ -From 962eac3925c7184fb5dc174357823223beba0d85 Mon Sep 17 00:00:00 2001 -From: Paul Kehrer -Date: Sun, 7 Feb 2021 11:04:43 -0600 -Subject: [PATCH] port changelog and fix back to master for CVE-2020-36242 - -diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py -index 2b10681b31..0f96795fdc 100644 ---- a/src/cryptography/hazmat/backends/openssl/ciphers.py -+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py -@@ -16,7 +16,7 @@ - class _CipherContext(object): - _ENCRYPT = 1 - _DECRYPT = 0 -- _MAX_CHUNK_SIZE = 2 ** 31 - 1 -+ _MAX_CHUNK_SIZE = 2 ** 30 - 1 - - def __init__(self, backend, cipher, mode, operation): - self._backend = backend diff --git a/SOURCES/0006-CVE-2023-23931.patch b/SOURCES/0006-CVE-2023-23931.patch deleted file mode 100644 index 085947c..0000000 --- a/SOURCES/0006-CVE-2023-23931.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 94a50a9731f35405f0357fa5f3b177d46a726ab3 Mon Sep 17 00:00:00 2001 -From: Alex Gaynor -Date: Tue, 31 Jan 2023 08:33:54 -0500 -Subject: [PATCH] Don't allow update_into to mutate immutable objects - ---- - src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +- - tests/hazmat/primitives/test_ciphers.py | 8 ++++++++ - 2 files changed, 9 insertions(+), 1 deletion(-) - -diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py -index 286583f9325..075d68fb905 100644 ---- a/src/cryptography/hazmat/backends/openssl/ciphers.py -+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py -@@ -156,7 +156,7 @@ def update_into(self, data: bytes, buf: bytes) -> int: - data_processed = 0 - total_out = 0 - outlen = self._backend._ffi.new("int *") -- baseoutbuf = self._backend._ffi.from_buffer(buf) -+ baseoutbuf = self._backend._ffi.from_buffer(buf, require_writable=True) - baseinbuf = self._backend._ffi.from_buffer(data) - - while data_processed != total_data_len: -diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py -index 02127dd9cab..bf3b047dec2 100644 ---- a/tests/hazmat/primitives/test_ciphers.py -+++ b/tests/hazmat/primitives/test_ciphers.py -@@ -318,6 +318,14 @@ def test_update_into_buffer_too_small(self, backend): - with pytest.raises(ValueError): - encryptor.update_into(b"testing", buf) - -+ def test_update_into_immutable(self, backend): -+ key = b"\x00" * 16 -+ c = ciphers.Cipher(AES(key), modes.ECB(), backend) -+ encryptor = c.encryptor() -+ buf = b"\x00" * 32 -+ with pytest.raises((TypeError, BufferError)): -+ encryptor.update_into(b"testing", buf) -+ - @pytest.mark.supported( - only_if=lambda backend: backend.cipher_supported( - AES(b"\x00" * 16), modes.GCM(b"\x00" * 12) diff --git a/SPECS/python-cryptography.spec b/SPECS/python-cryptography.spec deleted file mode 100644 index 2a0d99d..0000000 --- a/SPECS/python-cryptography.spec +++ /dev/null @@ -1,277 +0,0 @@ -%{!?python3_pkgversion:%global python3_pkgversion 3} - -%global srcname cryptography -# rhbz#2172416: from_buffer(..., require_writable=True) -%global cffi_version 1.11.5-6 - -Name: python-%{srcname} -Version: 3.2.1 -Release: 7%{?dist} -Summary: PyCA's cryptography library - -Group: Development/Libraries -License: ASL 2.0 or BSD -URL: https://cryptography.io/en/latest/ -Source0: https://pypi.io/packages/source/c/%{srcname}/%{srcname}-%{version}.tar.gz - -Patch0001: 0001-Re-add-deprecated-and-removed-features.patch -Patch0002: 0002-Support-pytest-3.4.2.patch -Patch0003: 0003-Skip-iso8601-test-cases.patch -Patch0004: 0004-Revert-remove-NPN-bindings.patch -Patch0005: 0005-CVE-2020-36242.patch -# https://github.com/pyca/cryptography/pull/8230 -Patch0006: 0006-CVE-2023-23931.patch - -BuildRequires: openssl-devel -BuildRequires: gcc - -BuildRequires: python%{python3_pkgversion}-devel -BuildRequires: python%{python3_pkgversion}-pytest >= 3.4.2 -BuildRequires: python%{python3_pkgversion}-setuptools -BuildRequires: python%{python3_pkgversion}-pretend -# BuildRequires: python{python3_pkgversion}-iso8601 -BuildRequires: python%{python3_pkgversion}-cryptography-vectors = %{version} -BuildRequires: python%{python3_pkgversion}-pytz -BuildRequires: python%{python3_pkgversion}-six >= 1.4.1 -BuildRequires: python%{python3_pkgversion}-cffi >= %{cffi_version} - -%description -cryptography is a package designed to expose cryptographic primitives and -recipes to Python developers. - -%package -n python%{python3_pkgversion}-%{srcname} -Group: Development/Libraries -Summary: PyCA's cryptography library -%{?python_provide:%python_provide python%{python3_pkgversion}-%{srcname}} - -Requires: openssl-libs -Requires: python%{python3_pkgversion}-six >= 1.4.1 -Requires: python%{python3_pkgversion}-cffi >= %{cffi_version} -Conflicts: python%{python3_pkgversion}-cryptography-vectors < %{version} -Conflicts: python%{python3_pkgversion}-cryptography-vectors > %{version} - -%description -n python%{python3_pkgversion}-%{srcname} -cryptography is a package designed to expose cryptographic primitives and -recipes to Python developers. - - -%prep -%autosetup -p1 -n %{srcname}-%{version} - - -%build -%py3_build - - -%install -# Actually other *.c and *.h are appropriate -# see https://github.com/pyca/cryptography/issues/1463 -find . -name .keep -print -delete -%py3_install - - -%check -# workaround for pytest 3.2.0 bug https://github.com/pytest-dev/pytest/issues/2644 -rm -f tests/hazmat/primitives/test_padding.py -# don't run hypothesis tests -rm -rf tests/hypothesis -PYTHONPATH=%{buildroot}%{python3_sitearch} \ - %{__python3} -m pytest \ - -k "not test_decrypt_invalid_decrypt" - - -%files -n python%{python3_pkgversion}-%{srcname} -%doc README.rst docs -%license LICENSE LICENSE.APACHE LICENSE.BSD -%{python3_sitearch}/%{srcname} -%{python3_sitearch}/%{srcname}-%{version}-py*.egg-info - - -%changelog -* Fri Dec 01 2023 Christian Heimes - 3.2.1-7 -- Fix FTBFS caused by rsa_pkcs1_implicit_rejection OpenSSL feature, resolves: RHEL-17873 - -* Wed Feb 22 2023 Christian Heimes - 3.2.1-6 -- Fix CVE-2023-23931: Don't allow update_into to mutate immutable objects, resolves rhbz#2172404 - -* Tue Jun 08 2021 Christian Heimes - 3.2.1-5 -- Rebuild for RHEL 8.5 -- Resolves: rhbz#1933071 - -* Tue Feb 09 2021 Christian Heimes - 3.2.1-4 -- CVE-2020-36242: Fixed a bug where certain sequences of update() calls - when symmetrically encrypting very large payloads (>2GB) could result - in an integer overflow, leading to buffer overflows. -- Resolves: rhbz#1926528 - -* Mon Dec 14 17:24:01 CET 2020 Christian Heimes - 3.2.1-3 -- Conflict with non-matching vector package - -* Mon Dec 14 14:19:42 CET 2020 Christian Heimes - 3.2.1-2 -- Re-add remove NPN bindings, required for pyOpenSSL -- Resolves: rhbz#1907429 - -* Wed Oct 28 2020 Christian Heimes - 3.2.1-1 -- Rebase to upstream release 3.2.1 -- Resolves: rhbz#1873581 -- Resolves: rhbz#1778939 -- Removed dependencies on python-asn1crypto, python-idna - -* Tue Nov 12 2019 Christian Heimes - 2.3-3 -- Don't activate custom osrandom engine for FIPS compliance -- Resolves: rhbz#1762667 - -* Mon Aug 13 2018 Christian Heimes - 2.3-2 -- Use TLSv1.2 in test as workaround for RHBZ#1615099 -- Resolves: RHBZ#1611738 - -* Wed Jul 18 2018 Christian Heimes - 2.3-1 -- New upstream release 2.3 -- Fix AEAD tag truncation bug, CVE-2018-10903, RHBZ#1602755, RHBZ#1602932 - -* Tue Jun 19 2018 Christian Heimes - 2.2.1-2 -- Drop Python 2 subpackages from RHEL 8, fixes RHBZ#1589754 -- Remove unnecessary copy and shebang mangling - -* Wed Mar 21 2018 Christian Heimes - 2.2.1-1 -- New upstream release 2.2.1 - -* Sun Feb 18 2018 Christian Heimes - 2.1.4-1 -- New upstream release 2.1.4 - -* Sun Feb 18 2018 Christian Heimes - 2.1.3-4 -- Build requires gcc - -* Mon Feb 12 2018 Iryna Shcherbina - 2.1.3-3 -- Update Python 2 dependency declarations to new packaging standards - (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) - -* Fri Feb 09 2018 Fedora Release Engineering - 2.1.3-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Thu Nov 23 2017 Haïkel Guémar - 2.1.3-1 -- Upstream 2.1.3 - -* Tue Oct 24 2017 Christian Heimes - 2.1-2 -- Change Requires to openssl-libs - -* Thu Oct 12 2017 Christian Heimes - 2.1-1 -- New upstream release 2.1 - -* Wed Sep 27 2017 Troy Dawson - 2.0.2-3 -- Cleanup spec file conditionals - -* Thu Aug 03 2017 Christian Heimes - 2.0.2-2 -- Add workaround for pytest bug - -* Thu Aug 03 2017 Christian Heimes - 2.0.2-1 -- New upstream release 2.0.2 -- Modernize spec - -* Thu Aug 03 2017 Fedora Release Engineering - 1.9-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Thu Jul 27 2017 Fedora Release Engineering - 1.9-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Tue Jun 27 2017 Christian Heimes - 1.9-1 -- Upstream release 1.9 - -* Wed Feb 15 2017 Christian Heimes - 1.7.2-1 -- Update to latest upstream - -* Sat Feb 11 2017 Fedora Release Engineering - 1.7.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Thu Jan 05 2017 Matěj Cepl - 1.7.1-1 -- Update to the latest upstream. -- Add a patch from https://github.com/pyca/cryptography/pull/3328 - -* Tue Dec 13 2016 Charalampos Stratakis - 1.5.3-5 -- Enable tests - -* Mon Dec 12 2016 Charalampos Stratakis - 1.5.3-4 -- Rebuild for Python 3.6 -- Disable python3 tests for now - -* Thu Nov 10 2016 Nathaniel McCallum - 1.5.3-3 -- Revert previous change - -* Thu Nov 10 2016 Nathaniel McCallum - 1.5.3-2 -- Disable tests on releases earlier than 24 - -* Mon Nov 07 2016 Nathaniel McCallum - 1.5.3-1 -- Update to v1.5.3 -- Update source URL -- Add BR for pytz - -* Tue Jul 19 2016 Fedora Release Engineering - 1.3.1-4 -- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages - -* Tue May 10 2016 Nathaniel McCallum - 1.3.1-3 -- Remove versioned setuptools dependency - -* Tue May 10 2016 Nathaniel McCallum - 1.3.1-2 -- Make it easier to build on EL7 - -* Tue May 03 2016 Nathaniel McCallum - 1.3.1-1 -- Update to v1.3.1 - -* Thu Feb 04 2016 Fedora Release Engineering - 1.2.1-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Mon Jan 11 2016 Nathaniel McCallum - 1.2.1-2 -- Move python-cryptograph => python2-cryptography - -* Sat Jan 09 2016 Nathaniel McCallum - 1.2.1-1 -- Update to v1.2.1 - -* Wed Nov 11 2015 Robert Kuska - 1.1-1 -- Update to v1.1 - -* Wed Nov 04 2015 Robert Kuska - 1.0.2-2 -- Rebuilt for Python3.5 rebuild - -* Wed Sep 30 2015 Matěj Cepl - 1.0.2-1 -- New upstream release (fix #1267548) - -* Wed Aug 12 2015 Nathaniel McCallum - 1.0-1 -- New upstream release - -* Thu Jun 18 2015 Fedora Release Engineering - 0.9-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Thu May 14 2015 Nathaniel McCallum - 0.9-1 -- New upstream release -- Run tests on RHEL -- New deps: python-idna, python-ipaddress - -* Fri Apr 17 2015 Nathaniel McCallum - 0.8.2-1 -- New upstream release -- Add python3-pyasn1 Requires (#1211073) - -* Tue Apr 14 2015 Matej Cepl - 0.8-2 -- Add python-pyasn1 Requires (#1211073) - -* Fri Mar 13 2015 Nathaniel McCallum - 0.8-1 -- New upstream release -- Remove upstreamed patch - -* Wed Mar 04 2015 Nathaniel McCallum - 0.7.2-2 -- Add python3-cryptography-vectors build requires -- Add python-enum34 requires - -* Tue Feb 03 2015 Nathaniel McCallum - 0.7.2-1 -- New upstream release. BSD is now an optional license. -- Fix test running on python3 -- Add upstream patch to fix test paths - -* Fri Nov 07 2014 Matej Cepl - 0.6.1-2 -- Fix requires, for reasons why other development files were not - eliminated see https://github.com/pyca/cryptography/issues/1463. - -* Wed Nov 05 2014 Matej Cepl - 0.6.1-1 -- New upstream release. - -* Sun Jun 29 2014 Terry Chia 0.4-1 -- initial version diff --git a/conftest-skipper.py b/conftest-skipper.py new file mode 100644 index 0000000..5a1de83 --- /dev/null +++ b/conftest-skipper.py @@ -0,0 +1,22 @@ + +class Skipper: + """Skip iso8601 and pretend tests + + RHEL buildroot doesn't have python-iso8601 and python-pretend. Skip + all tests that use the excluded modules. + """ + + def parse_date(self, datestring): + pytest.skip(f"iso8601 module is not available.") + + def stub(self, **kwargs): + pytest.skip(f"pretend module is not available.") + + def raiser(self, exc): + pytest.skip(f"pretend module is not available.") + + +import sys + +sys.modules["iso8601"] = sys.modules["pretend"] = Skipper() + diff --git a/python-cryptography.spec b/python-cryptography.spec new file mode 100644 index 0000000..cab570c --- /dev/null +++ b/python-cryptography.spec @@ -0,0 +1,413 @@ +## START: Set by rpmautospec +## (rpmautospec version 0.6.5) +## RPMAUTOSPEC: autorelease, autochangelog +%define autorelease(e:s:pb:n) %{?-p:0.}%{lua: + release_number = 4; + base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); + print(release_number + base_release_number - 1); +}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} +## END: Set by rpmautospec + +%bcond_without tests + +%{!?python3_pkgversion:%global python3_pkgversion 3} + +%global srcname cryptography + +Name: python-%{srcname} +Version: 43.0.0 +Release: %autorelease +Summary: PyCA's cryptography library + +# cryptography is dual licensed under the Apache-2.0 and BSD-3-Clause, +# as well as the Python Software Foundation license for the OS random +# engine derived by CPython. +License: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 +URL: https://cryptography.io/en/latest/ +Source0: https://github.com/pyca/cryptography/archive/%{version}/%{srcname}-%{version}.tar.gz + # created by ./vendor_rust.py helper script +Source1: cryptography-%{version}-vendor.tar.bz2 +Source2: conftest-skipper.py + +Patch: 11328.patch +Patch: 11536.patch + +ExclusiveArch: %{rust_arches} + +BuildRequires: openssl-devel +BuildRequires: gcc +BuildRequires: gnupg2 +%if 0%{?fedora} +BuildRequires: rust-packaging +%else +BuildRequires: rust-toolset +%endif + +BuildRequires: python%{python3_pkgversion}-cffi >= 1.12 +BuildRequires: python%{python3_pkgversion}-devel +BuildRequires: python%{python3_pkgversion}-setuptools +BuildRequires: python%{python3_pkgversion}-setuptools-rust >= 0.11.4 + +%if %{with tests} +%if 0%{?fedora} +BuildRequires: python%{python3_pkgversion}-certifi +BuildRequires: python%{python3_pkgversion}-hypothesis >= 1.11.4 +BuildRequires: python%{python3_pkgversion}-iso8601 +BuildRequires: python%{python3_pkgversion}-pretend +BuildRequires: python%{python3_pkgversion}-pytest-benchmark +BuildRequires: python%{python3_pkgversion}-pytest-xdist +BuildRequires: python%{python3_pkgversion}-pytz +%endif +BuildRequires: python%{python3_pkgversion}-pytest >= 6.2.0 +%endif + +%description +cryptography is a package designed to expose cryptographic primitives and +recipes to Python developers. + +%package -n python%{python3_pkgversion}-%{srcname} +Summary: PyCA's cryptography library +%{?python_provide:%python_provide python%{python3_pkgversion}-%{srcname}} + +Requires: openssl-libs +%if 0%{?fedora} >= 35 || 0%{?rhel} >= 9 +# Can be safely removed in Fedora 37 +Obsoletes: python%{python3_pkgversion}-cryptography-vectors < 3.4.7 +%endif + +%description -n python%{python3_pkgversion}-%{srcname} +cryptography is a package designed to expose cryptographic primitives and +recipes to Python developers. + +%prep +%autosetup -p1 -n %{srcname}-%{version} +%if 0%{?fedora} +%cargo_prep +sed -i 's/locked = true//g' pyproject.toml +rm src/rust/Cargo.lock +%else +# RHEL: use vendored Rust crates +%cargo_prep -V 1 +%endif + +%if ! 0%{?fedora} +sed -i 's,--benchmark-disable,,' pyproject.toml +%endif + + +%generate_buildrequires +%pyproject_buildrequires +%if 0%{?fedora} +# Fedora: use RPMified crates +cd src/rust +%cargo_generate_buildrequires +cd ../.. +%endif + + +%build +export RUSTFLAGS="%build_rustflags" +export OPENSSL_NO_VENDOR=1 +export CFLAGS="${CFLAGS} -DOPENSSL_NO_ENGINE=1 " +%pyproject_wheel + + +%install +# Actually other *.c and *.h are appropriate +# see https://github.com/pyca/cryptography/issues/1463 +find . -name .keep -print -delete +%pyproject_install +%pyproject_save_files %{srcname} + + +%check +%if %{with tests} +%if 0%{?rhel} +# skip benchmark, hypothesis, and pytz tests on RHEL +rm -rf tests/bench tests/hypothesis tests/x509 +# append skipper to skip iso8601 and pretend tests +cat < %{SOURCE2} >> tests/conftest.py +%endif + +# enable SHA-1 signatures for RSA tests +# also see https://github.com/pyca/cryptography/pull/6931 and rhbz#2060343 +export OPENSSL_ENABLE_SHA1_SIGNATURES=yes + +# see https://github.com/pyca/cryptography/issues/4885 and +# see https://bugzilla.redhat.com/show_bug.cgi?id=1761194 for deselected tests +# see rhbz#2042413 for memleak. It's unstable under Python 3.11 and makes +# not much sense for downstream testing. +# see rhbz#2171661 for test_load_invalid_ec_key_from_pem: error:030000CD:digital envelope routines::keymgmt export failure +PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \ + %{__python3} -m pytest \ + --ignore vendor \ + -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve or test_decrypt_invalid_decrypt or test_openssl_memleak or test_load_invalid_ec_key_from_pem)" +%endif + + +%files -n python%{python3_pkgversion}-%{srcname} -f %{pyproject_files} +%doc README.rst docs +%license LICENSE LICENSE.APACHE LICENSE.BSD + + +%changelog +## START: Generated by rpmautospec +* Tue Oct 29 2024 Troy Dawson - 43.0.0-4 +- Bump release for October 2024 mass rebuild: + +* Thu Sep 12 2024 Francisco Trivino - 43.0.0-3 +- allow sha1 in OAEP + +* Thu Aug 22 2024 Francisco Trivino - 43.0.0-2 +- sti: add rust-toolset system dependency + +* Tue Jul 02 2024 Jeremy Cline - 42.0.8-1 +- Update to 42.0.8, fixes rhbz#2251816 + +* Sat Jun 08 2024 Python Maint - 41.0.7-3 +- Rebuilt for Python 3.13 + +* Fri Jun 07 2024 Python Maint - 41.0.7-2 +- Bootstrap for Python 3.13 + +* Thu Feb 01 2024 Benjamin A. Beasley - 41.0.7-1 +- Update to 41.0.7, fixes rhbz#2255351, CVE-2023-49083 + +* Fri Jan 26 2024 Fedora Release Engineering - 41.0.5-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Mon Jan 22 2024 Fedora Release Engineering - 41.0.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Dec 01 2023 Fabio Valentini - 41.0.5-2 +- Rebuild for openssl crate >= v0.10.60 (RUSTSEC-2023-0044, RUSTSEC-2023-0072) + +* Thu Oct 26 2023 Christian Heimes - 41.0.5-1 +- Update to 41.0.5, resolves RHBZ#2239707 + +* Mon Aug 14 2023 Christian Heimes - 41.0.3-2 +- Build with ouroboros 0.17, fixes rhbz#2214228 / RUSTSEC-2023-0042 + +* Wed Aug 09 2023 Christian Heimes - 41.0.3-1 +- Update to 41.0.3, resolves rhbz#2211237 +- Use pyo3 0.19 + +* Fri Jul 21 2023 Fedora Release Engineering - 40.0.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Mon Jul 10 2023 Python Maint - 40.0.2-4 +- Rebuilt for Python 3.12 + +* Wed Jun 14 2023 Python Maint - 40.0.2-3 +- Bootstrap for Python 3.12 + +* Tue Jun 13 2023 Yaakov Selkowitz - 40.0.2-2 +- Use vendored rust-pem in RHEL builds + +* Tue Apr 18 2023 Christian Heimes - 40.0.2-1 +- Update to 40.0.2, resolves rhbz#2181430 + +* Thu Mar 09 2023 Miro Hrončok - 39.0.2-2 +- Don't run tests requiring pytz on RHEL +- Don't try to run tests of vendored dependencies in %%check + +* Sat Mar 04 2023 Christian Heimes - 39.0.2-1 +- Update to 39.0.2, resolves rhbz#2124729 + +* Tue Feb 28 2023 Fabio Valentini - 37.0.2-9 +- Ensure correct compiler flags are used for Rust code. + +* Wed Feb 22 2023 Christian Heimes - 37.0.2-8 +- Fix CVE-2023-23931: Don't allow update_into to mutate immutable objects, resolves rhbz#2171820 +- Fix FTBFS due to failing test_load_invalid_ec_key_from_pem and test_decrypt_invalid_decrypt, resolves rhbz#2171661 + +* Fri Jan 20 2023 Fedora Release Engineering - 37.0.2-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Fri Dec 09 2022 Christian Heimes - 37.0.2-6 +- Enable SHA1 signatures in test suite (ELN-only) + +* Wed Aug 17 2022 Miro Hrončok - 37.0.2-5 +- Drop unused requirement of python3-six + +* Fri Jul 22 2022 Fedora Release Engineering - 37.0.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Tue Jun 14 2022 Python Maint - 37.0.2-3 +- Rebuilt for Python 3.11 + +* Tue Jun 14 2022 Python Maint - 37.0.2-2 +- Bootstrap for Python 3.11 + +* Thu May 05 2022 Christian Heimes - 37.0.2-1 +- Update to 37.0.2, resolves rhbz#2078968 + +* Thu Jan 27 2022 Christian Heimes - 36.0.0-3 +- Skip unstable memleak tests, resolves: RHBZ#2042413 + +* Fri Jan 21 2022 Fedora Release Engineering - 36.0.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Mon Nov 22 2021 Christian Heimes - 36.0.0-1 +- Update to 36.0.0, fixes RHBZ#2025347 + +* Thu Sep 30 2021 Christian Heimes - 35.0.0-2 +- Require rust-asn1 >= 0.6.4 + +* Thu Sep 30 2021 Christian Heimes - 35.0-1 +- Update to 35.0.0 (#2009117) + +* Tue Sep 14 2021 Sahana Prasad - 3.4.7-6 +- Rebuilt with OpenSSL 3.0.0 + +* Fri Jul 23 2021 Fedora Release Engineering - 3.4.7-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Thu Jun 10 2021 Stephen Gallagher - 3.4.7-4 +- Don't conditionalize Source: directives + +* Wed Jun 02 2021 Python Maint - 3.4.7-3 +- Rebuilt for Python 3.10 + +* Tue May 11 2021 Christian Heimes - 3.4.7-2 +- Fix compatibility issue with Python 3.10. Enums now use same + representation as on Python 3.9. (#1952522) +- Backport OpenSSL 3.0.0 compatibility patches. + +* Wed Apr 21 2021 Christian Heimes - 3.4.7-1 +- Update to 3.4.7 +- Remove dependency on python-cryptography-vectors package and use vectors + directly from Github source tar ball. (#1952024) + +* Wed Mar 03 2021 Christian Heimes - 3.4.6-1 +- Update to 3.4.6 (#1927044) + +* Mon Feb 15 2021 Christian Heimes - 3.4.5-1 +- Update to 3.4.5 (#1927044) + +* Fri Feb 12 2021 Christian Heimes - 3.4.4-3 +- Skip iso8601 and pretend tests on RHEL + +* Fri Feb 12 2021 Christian Heimes - 3.4.4-2 +- Provide RHEL build infrastructure + +* Wed Feb 10 2021 Christian Heimes - 3.4.4-1 +- Update to 3.4.4 (#1927044) + +* Mon Feb 08 2021 Christian Heimes - 3.4.2-1 +- Update to 3.4.2 (#1926339) +- Package no longer depends on Rust (#1926181) + +* Mon Feb 08 2021 Fabio Valentini - 3.4.1-2 +- Use dynamically generated BuildRequires for PyO3 Rust module. +- Drop unnecessary CARGO_NET_OFFLINE environment variable. + +* Sun Feb 07 2021 Christian Heimes - 3.4.1-1 +- Update to 3.4.1 (#1925953) + +* Sun Feb 07 2021 Christian Heimes - 3.4-2 +- Add missing abi3 and pytest dependencies + +* Sun Feb 07 2021 Christian Heimes - 3.4-1 +- Update to 3.4 (#1925953) +- Remove Python 2 support +- Remove unused python-idna dependency +- Add Rust support + +* Wed Jan 27 2021 Fedora Release Engineering - 3.3.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Thu Dec 10 2020 Christian Heimes - 3.3.1-1 +- Update to 3.3.1 (#1905756) + +* Wed Oct 28 2020 Christian Heimes - 3.2.1-1 +- Update to 3.2.1 (#1892153) + +* Mon Oct 26 2020 Christian Heimes - 3.2-1 +- Update to 3.2 (#1891378) + +* Mon Sep 07 2020 Christian Heimes - 3.1-1 +- Update to 3.1 (#1872978) + +* Wed Jul 29 2020 Fedora Release Engineering - 3.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jul 21 2020 Christian Heimes - 3.0-1 +- Update to 3.0 (#185897) + +* Sat May 23 2020 Miro Hrončok - 2.9-3 +- Rebuilt for Python 3.9 + +* Tue May 12 2020 Felix Schwarz - 2.9-2 +- add source file verification + +* Fri Apr 03 2020 Christian Heimes - 2.9-1 +- Update to 2.9 (#1820348) + +* Thu Jan 30 2020 Fedora Release Engineering - 2.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Mon Jan 13 2020 Christian Heimes - 2.8-2 +- cryptography 2.8+ no longer depends on python-asn1crypto + +* Thu Oct 17 2019 Christian Heimes - 2.8-1 +- Update to 2.8 +- Resolves: rhbz#1762779 + +* Sun Oct 13 2019 Christian Heimes - 2.7-3 +- Skip unit tests that fail with OpenSSL 1.1.1.d +- Resolves: rhbz#1761194 +- Fix and simplify Python 3 packaging + +* Sat Oct 12 2019 Christian Heimes - 2.7-2 +- Drop Python 2 package +- Resolves: rhbz#1761081 + +* Tue Sep 03 2019 Randy Barlow - 2.7-1 +- Update to 2.7 (#1715680). + +* Fri Aug 16 2019 Miro Hrončok - 2.6.1-3 +- Rebuilt for Python 3.8 + +* Fri Jul 26 2019 Fedora Release Engineering - 2.6.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu Feb 28 2019 Christian Heimes - 2.6.1-1 +- New upstream release 2.6.1, resolves RHBZ#1683691 + +* Wed Feb 13 2019 Alfredo Moralejo - 2.5-1 +- Updated to 2.5. + +* Sat Feb 02 2019 Fedora Release Engineering - 2.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Aug 13 2018 Christian Heimes - 2.3-2 +- Use TLSv1.2 in test as workaround for RHBZ#1615143 + +* Wed Jul 18 2018 Christian Heimes - 2.3-1 +- New upstream release 2.3 +- Fix AEAD tag truncation bug, RHBZ#1602752 + +* Fri Jul 13 2018 Fedora Release Engineering - 2.2.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Fri Jun 15 2018 Miro Hrončok - 2.2.1-2 +- Rebuilt for Python 3.7 + +* Wed Mar 21 2018 Christian Heimes - 2.2.1-1 +- New upstream release 2.2.1 + +* Sun Feb 18 2018 Christian Heimes - 2.1.4-1 +- New upstream release 2.1.4 + +* Sun Feb 18 2018 Christian Heimes - 2.1.3-4 +- Build requires gcc + +* Mon Feb 12 2018 Iryna Shcherbina - 2.1.3-3 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Fri Feb 09 2018 Fedora Release Engineering - 2.1.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +## END: Generated by rpmautospec diff --git a/sources b/sources new file mode 100644 index 0000000..e2bd313 --- /dev/null +++ b/sources @@ -0,0 +1,2 @@ +SHA512 (cryptography-43.0.0-vendor.tar.bz2) = e3111e086690b28068cc639be8d3c441bb9ffc2a826e3350fff35f746016c5affdf2481df1e6b1f1e5e566ea76e4c20092a3d11aeeaa5b036dc0929a55c80924 +SHA512 (cryptography-43.0.0.tar.gz) = 3a65539b2f1639d789ea732c6d24d55293c0ca6943c5182d00411fbd1668ab6cac7865f8148bd5f6d4ba676b89780187b77c49da34f4ed34705c94c074037ee7