import python-cryptography-3.4.7-8.el9

2022-03-01 05:58:01 -05:00 · 2022-03-01 05:58:01 -05:00 · cfca0dccd2
commit cfca0dccd2
parent e2947ffb71
2 changed files with 41 additions and 2 deletions
--- a/SOURCES/0006-Specify-the-out-length-for-poly1305.patch
+++ b/SOURCES/0006-Specify-the-out-length-for-poly1305.patch
@ -0,0 +1,22 @@
+From 076560a9507bbe26180f499adf750bc3851b97e8 Mon Sep 17 00:00:00 2001
+From: Alex Gaynor <alex.gaynor@gmail.com>
+Date: Mon, 11 Oct 2021 09:43:28 -0400
+Subject: [PATCH] Specify the out length when obtaining the tag for poly1305
+
+---
+ src/cryptography/hazmat/backends/openssl/poly1305.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/cryptography/hazmat/backends/openssl/poly1305.py b/src/cryptography/hazmat/backends/openssl/poly1305.py
+index 35f6819ce8..2ddae9847a 100644
+--- a/src/cryptography/hazmat/backends/openssl/poly1305.py
+++ b/src/cryptography/hazmat/backends/openssl/poly1305.py
+@@ -51,7 +51,7 @@ def update(self, data):
+ 
+     def finalize(self):
+         buf = self._backend._ffi.new("unsigned char[]", _POLY1305_TAG_SIZE)
+-        outlen = self._backend._ffi.new("size_t *")
+        outlen = self._backend._ffi.new("size_t *", _POLY1305_TAG_SIZE)
+         res = self._backend._lib.EVP_DigestSignFinal(self._ctx, buf, outlen)
+         self._backend.openssl_assert(res != 0)
+         self._backend.openssl_assert(outlen[0] == _POLY1305_TAG_SIZE)
--- a/SPECS/python-cryptography.spec
+++ b/SPECS/python-cryptography.spec
@ -7,7 +7,7 @@

 Name:           python-%{srcname}
 Version:        3.4.7
-Release:        5%{?dist}
+Release:        8%{?dist}
 Summary:        PyCA's cryptography library

 License:        ASL 2.0 or BSD
@ -23,6 +23,8 @@ Patch2:         0002-WIP-3.0.0-support-5250.patch
 Patch3:         0003-switch-to-using-EVP_PKEY_derive-instead-of-DH_comput.patch
 Patch4:         0004-3.0.0-deprecated-func-and-it-isn-t-useful-to-us-in-g.patch
 Patch5:         0005-remove-unneeded-binding-6150.patch
+# OpenSSL 3.0.1 patches
+Patch6:		0006-Specify-the-out-length-for-poly1305.patch

 ExclusiveArch:  %{rust_arches}

@ -110,9 +112,11 @@ cat < %{SOURCE2} >> tests/conftest.py

 # see https://github.com/pyca/cryptography/issues/4885 and
 # see https://bugzilla.redhat.com/show_bug.cgi?id=1761194 for deselected tests
+# see rhbz#2042413 for memleak. It's unstable with openssl 3.0.1 and makes
+# not much sense for downstream testing.
 PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \
    %{__python3} -m pytest \
-    -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve)"
+    -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve or test_openssl_memleak)"
 %endif

 %files -n python%{python3_pkgversion}-%{srcname}
@ -122,6 +126,19 @@ PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \
 %{python3_sitearch}/%{srcname}-%{version}-py*.egg-info

 %changelog
+* Tue Feb 08 2022 Tomas Orsava <torsava@redhat.com> - 3.4.7-8
+- Skip unstable memleak tests, backported from Fedora (BZ#2042413)
+- Related: rhbz#1990421
+
+* Tue Feb 08 2022 Tomas Orsava <torsava@redhat.com> - 3.4.7-7
+- Add automatically generated Obsoletes tag with the python39- prefix
+  for smoother upgrade from RHEL8
+- Related: rhbz#1990421
+
+* Tue Jan 18 2022 Christian Heimes <cheimes@redhat.com> - 3.4.7-6
+- Fix gating issues, resolves: rhbz#2039768
+- Fix poly1305 test, resolves: rhbz#2043582
+
 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 3.4.7-5
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688