From c8cc5d4cdc2023b87412484beb7b46cb4d94322f Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Mon, 14 Aug 2023 07:24:10 +0200 Subject: [PATCH] Build with ouroboros 0.17, fixes rhbz#2214228 / RUSTSEC-2023-0042 --- ouroboros-0.17.patch | 13 +++++++++++++ python-cryptography.spec | 9 +++++++-- 2 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 ouroboros-0.17.patch diff --git a/ouroboros-0.17.patch b/ouroboros-0.17.patch new file mode 100644 index 0000000..a41a2c3 --- /dev/null +++ b/ouroboros-0.17.patch @@ -0,0 +1,13 @@ +diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml +index 9dd060f8b..8004c7e76 100644 +--- a/src/rust/Cargo.toml ++++ b/src/rust/Cargo.toml +@@ -15,7 +15,7 @@ cryptography-cffi = { path = "cryptography-cffi" } + cryptography-x509 = { path = "cryptography-x509" } + cryptography-openssl = { path = "cryptography-openssl" } + pem = "1.1" +-ouroboros = "0.15" ++ouroboros = "0.17" + openssl = "0.10.54" + openssl-sys = "0.9.88" + foreign-types-shared = "0.1" diff --git a/python-cryptography.spec b/python-cryptography.spec index 0365a9a..567841d 100644 --- a/python-cryptography.spec +++ b/python-cryptography.spec @@ -6,7 +6,7 @@ Name: python-%{srcname} Version: 41.0.3 -Release: 1%{?dist} +Release: 2%{?dist} Summary: PyCA's cryptography library # cryptography is dual licensed under the Apache-2.0 and BSD-3-Clause, @@ -20,6 +20,7 @@ Source1: cryptography-%{version}-vendor.tar.bz2 Source2: conftest-skipper.py Patch1: pyo3-0.19.patch +Patch2: ouroboros-0.17.patch ExclusiveArch: %{rust_arches} @@ -73,8 +74,9 @@ recipes to Python developers. %prep %autosetup -p1 -N -n %{srcname}-%{version} %if 0%{?fedora} -# patch pyo3 depedency +# patch pyo3 and ouroboros depedency %autopatch -p1 1 +%autopatch -p1 2 %cargo_prep rm src/rust/Cargo.lock %else @@ -135,6 +137,9 @@ PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \ %{python3_sitearch}/%{srcname}-%{version}-py*.egg-info %changelog +* Mon Aug 14 2023 Christian Heimes - 41.0.3-2 +- Build with ouroboros 0.17, fixes rhbz#2214228 / RUSTSEC-2023-0042 + * Wed Aug 09 2023 Christian Heimes - 41.0.3-1 - Update to 41.0.3, resolves rhbz#2211237 - Use pyo3 0.19