diff --git a/0004-3.0.0-deprecated-func-and-it-isn-t-useful-to-us-in-g.patch b/0004-3.0.0-deprecated-func-and-it-isn-t-useful-to-us-in-g.patch new file mode 100644 index 0000000..454fd74 --- /dev/null +++ b/0004-3.0.0-deprecated-func-and-it-isn-t-useful-to-us-in-g.patch @@ -0,0 +1,84 @@ +From 417984a48106626b5f6a62763113c0ed1f741f5b Mon Sep 17 00:00:00 2001 +From: Paul Kehrer +Date: Wed, 30 Jun 2021 06:14:42 -0500 +Subject: [PATCH 4/5] 3.0.0 deprecated func and it isn't useful to us in + general (#6148) + +remove it everywhere and assert on the code/lib/reason +--- + src/cryptography/hazmat/bindings/openssl/binding.py | 11 ++++------- + tests/hazmat/bindings/test_openssl.py | 5 ++--- + 2 files changed, 6 insertions(+), 10 deletions(-) + +diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py +index 6dcec26a..f651ab67 100644 +--- a/src/cryptography/hazmat/bindings/openssl/binding.py ++++ b/src/cryptography/hazmat/bindings/openssl/binding.py +@@ -15,15 +15,14 @@ from cryptography.hazmat.bindings._openssl import ffi, lib + from cryptography.hazmat.bindings.openssl._conditional import CONDITIONAL_NAMES + + _OpenSSLErrorWithText = collections.namedtuple( +- "_OpenSSLErrorWithText", ["code", "lib", "func", "reason", "reason_text"] ++ "_OpenSSLErrorWithText", ["code", "lib", "reason", "reason_text"] + ) + + + class _OpenSSLError(object): +- def __init__(self, code, lib, func, reason): ++ def __init__(self, code, lib, reason): + self._code = code + self._lib = lib +- self._func = func + self._reason = reason + + def _lib_reason_match(self, lib, reason): +@@ -31,7 +30,6 @@ class _OpenSSLError(object): + + code = utils.read_only_property("_code") + lib = utils.read_only_property("_lib") +- func = utils.read_only_property("_func") + reason = utils.read_only_property("_reason") + + +@@ -43,10 +41,9 @@ def _consume_errors(lib): + break + + err_lib = lib.ERR_GET_LIB(code) +- err_func = lib.ERR_GET_FUNC(code) + err_reason = lib.ERR_GET_REASON(code) + +- errors.append(_OpenSSLError(code, err_lib, err_func, err_reason)) ++ errors.append(_OpenSSLError(code, err_lib, err_reason)) + + return errors + +@@ -60,7 +57,7 @@ def _errors_with_text(errors): + + errors_with_text.append( + _OpenSSLErrorWithText( +- err.code, err.lib, err.func, err.reason, err_text_reason ++ err.code, err.lib, err.reason, err_text_reason + ) + ) + +diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py +index 4d1e3b55..1d9b87ba 100644 +--- a/tests/hazmat/bindings/test_openssl.py ++++ b/tests/hazmat/bindings/test_openssl.py +@@ -91,11 +91,10 @@ class TestOpenSSL(object): + _openssl_assert(b.lib, False) + + error = exc_info.value.err_code[0] +- # As of 3.0.0 OpenSSL sets func codes to 0, so the combined +- # code is a different value ++ # As of 3.0.0 OpenSSL no longer sets func codes (which we now also ++ # ignore), so the combined code is a different value + assert error.code in (101183626, 50331786) + assert error.lib == b.lib.ERR_LIB_EVP +- assert error.func == b.lib.EVP_F_EVP_ENCRYPTFINAL_EX + assert error.reason == b.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH + assert b"data not multiple of block length" in error.reason_text + +-- +2.31.1 + diff --git a/0005-remove-unneeded-binding-6150.patch b/0005-remove-unneeded-binding-6150.patch new file mode 100644 index 0000000..5083ccf --- /dev/null +++ b/0005-remove-unneeded-binding-6150.patch @@ -0,0 +1,24 @@ +From 4df2a650e2f8be0dc118128d39aebe6f32d06d43 Mon Sep 17 00:00:00 2001 +From: Paul Kehrer +Date: Wed, 30 Jun 2021 21:12:46 -0500 +Subject: [PATCH 5/5] remove unneeded binding (#6150) + +--- + src/_cffi_src/openssl/err.py | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py +index 8cfeaf5b..8d838d4f 100644 +--- a/src/_cffi_src/openssl/err.py ++++ b/src/_cffi_src/openssl/err.py +@@ -40,7 +40,6 @@ void ERR_clear_error(void); + void ERR_put_error(int, int, int, const char *, int); + + int ERR_GET_LIB(unsigned long); +-int ERR_GET_FUNC(unsigned long); + int ERR_GET_REASON(unsigned long); + + """ +-- +2.31.1 + diff --git a/python-cryptography.spec b/python-cryptography.spec index fb15f40..0f1daa8 100644 --- a/python-cryptography.spec +++ b/python-cryptography.spec @@ -7,7 +7,7 @@ Name: python-%{srcname} Version: 3.4.7 -Release: 3%{?dist} +Release: 4%{?dist} Summary: PyCA's cryptography library License: ASL 2.0 or BSD @@ -21,6 +21,8 @@ Source2: conftest-skipper.py Patch1: 0001-fix-pkcs12-parse-ordering.-fixes-5872-5879.patch Patch2: 0002-WIP-3.0.0-support-5250.patch Patch3: 0003-switch-to-using-EVP_PKEY_derive-instead-of-DH_comput.patch +Patch4: 0004-3.0.0-deprecated-func-and-it-isn-t-useful-to-us-in-g.patch +Patch5: 0005-remove-unneeded-binding-6150.patch ExclusiveArch: %{rust_arches} @@ -120,10 +122,13 @@ PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \ %{python3_sitearch}/%{srcname}-%{version}-py*.egg-info %changelog +* Sun Aug 08 2021 Christian Heimes - 3.4.7-4 +- Remove bindings to ERR_GET_FUNC, which has been removed in 3.0.0-beta2 +- Resolves: rhbz#1953446 + * Tue Jun 15 2021 Mohan Boddu - 3.4.7-3 - Rebuilt for RHEL 9 BETA for openssl 3.0 - -Related: rhbz#1971065 +- Related: rhbz#1971065 * Mon Apr 26 2021 Christian Heimes - 3.4.7-2 - Add backports of OpenSSL 3.0.0 fixes (upstream PR #6000)