Update to 41.0.7, fixes rhbz#2255351, CVE-2023-49083

Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
2024-02-01 10:48:14 -05:00 · 2024-01-26 02:54:42 +00:00 · 2024-01-22 00:29:41 +00:00 · 2023-12-01 16:14:04 +01:00 · 2023-10-26 17:20:09 +02:00 · 2023-08-14 07:24:10 +02:00
5 changed files with 113 additions and 5 deletions
--- a/.gitignore
+++ b/.gitignore
@ -55,3 +55,9 @@
 /cryptography-40.0.1-vendor.tar.bz2
 /cryptography-40.0.2.tar.gz
 /cryptography-40.0.2-vendor.tar.bz2
+/cryptography-41.0.3.tar.gz
+/cryptography-41.0.3-vendor.tar.bz2
+/cryptography-41.0.5-vendor.tar.bz2
+/cryptography-41.0.5.tar.gz
+/cryptography-41.0.7.tar.gz
+/cryptography-41.0.7-vendor.tar.bz2
--- a/ouroboros-0.17.patch
+++ b/ouroboros-0.17.patch
@ -0,0 +1,13 @@
+diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml
+index 9dd060f8b..8004c7e76 100644
+--- a/src/rust/Cargo.toml
+++ b/src/rust/Cargo.toml
+@@ -15,7 +15,7 @@ cryptography-cffi = { path = "cryptography-cffi" }
+ cryptography-x509 = { path = "cryptography-x509" }
+ cryptography-openssl = { path = "cryptography-openssl" }
+ pem = "1.1"
+-ouroboros = "0.15"
+ouroboros = "0.17"
+ openssl = "0.10.54"
+ openssl-sys = "0.9.88"
+ foreign-types-shared = "0.1"
--- a/pyo3-0.19.patch
+++ b/pyo3-0.19.patch
@ -0,0 +1,52 @@
+diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml
+index 01fba147e..9dd060f8b 100644
+--- a/src/rust/Cargo.toml
+++ b/src/rust/Cargo.toml
+@@ -9,7 +9,7 @@ rust-version = "1.56.0"
+ 
+ [dependencies]
+ once_cell = "1"
+-pyo3 = { version = "0.18", features = ["abi3-py37"] }
+pyo3 = { version = "0.19", features = ["abi3-py37"] }
+ asn1 = { version = "0.15.2", default-features = false }
+ cryptography-cffi = { path = "cryptography-cffi" }
+ cryptography-x509 = { path = "cryptography-x509" }
+diff --git a/src/rust/cryptography-cffi/Cargo.toml b/src/rust/cryptography-cffi/Cargo.toml
+index 65051c2a4..24e53991b 100644
+--- a/src/rust/cryptography-cffi/Cargo.toml
+++ b/src/rust/cryptography-cffi/Cargo.toml
+@@ -8,7 +8,7 @@ publish = false
+ rust-version = "1.56.0"
+ 
+ [dependencies]
+-pyo3 = { version = "0.18", features = ["abi3-py37"] }
+pyo3 = { version = "0.19", features = ["abi3-py37"] }
+ openssl-sys = "0.9.88"
+ 
+ [build-dependencies]
+diff --git a/src/rust/src/x509/crl.rs b/src/rust/src/x509/crl.rs
+index 923015035..1380d6eb8 100644
+--- a/src/rust/src/x509/crl.rs
+++ b/src/rust/src/x509/crl.rs
+@@ -145,7 +145,7 @@ impl CertificateRevocationList {
+             revoked_certs
+         });
+ 
+-        if idx.is_instance_of::<pyo3::types::PySlice>()? {
+        if idx.is_instance_of::<pyo3::types::PySlice>() {
+             let indices = idx
+                 .downcast::<pyo3::types::PySlice>()?
+                 .indices(self.len().try_into().unwrap())?;
+diff --git a/src/rust/src/x509/extensions.rs b/src/rust/src/x509/extensions.rs
+index 98d1bd63b..dcf28833f 100644
+--- a/src/rust/src/x509/extensions.rs
+++ b/src/rust/src/x509/extensions.rs
+@@ -211,7 +211,7 @@ fn encode_certificate_policies(
+             let mut qualifiers = vec![];
+             for py_qualifier in py_policy_qualifiers.iter()? {
+                 let py_qualifier = py_qualifier?;
+-                let qualifier = if py_qualifier.is_instance_of::<pyo3::types::PyString>()? {
+                let qualifier = if py_qualifier.is_instance_of::<pyo3::types::PyString>() {
+                     let cps_uri = match asn1::IA5String::new(py_qualifier.extract()?) {
+                         Some(s) => s,
+                         None => {
--- a/python-cryptography.spec
+++ b/python-cryptography.spec
@ -5,8 +5,8 @@
 %global srcname cryptography

 Name:           python-%{srcname}
-Version:        40.0.2
-Release:        2%{?dist}
+Version:        41.0.7
+Release:        1%{?dist}
 Summary:        PyCA's cryptography library

 # cryptography is dual licensed under the Apache-2.0 and BSD-3-Clause,
@ -19,6 +19,9 @@ Source0:        https://github.com/pyca/cryptography/archive/%{version}/%{srcnam
 Source1:        cryptography-%{version}-vendor.tar.bz2
 Source2:        conftest-skipper.py

+Patch1:         pyo3-0.19.patch
+Patch2:         ouroboros-0.17.patch
+
 ExclusiveArch:  %{rust_arches}

 BuildRequires:  openssl-devel
@ -69,8 +72,11 @@ cryptography is a package designed to expose cryptographic primitives and
 recipes to Python developers.

 %prep
-%autosetup -p1 -n %{srcname}-%{version}
+%autosetup -p1 -N -n %{srcname}-%{version}
 %if 0%{?fedora}
+# patch pyo3 and ouroboros depedency
+%autopatch -p1 1
+%autopatch -p1 2
 %cargo_prep
 rm src/rust/Cargo.lock
 %else
@ -131,6 +137,37 @@ PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \
 %{python3_sitearch}/%{srcname}-%{version}-py*.egg-info

 %changelog
+* Thu Feb 01 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 41.0.7-1
+- Update to 41.0.7, fixes rhbz#2255351, CVE-2023-49083
+
+* Fri Jan 26 2024 Fedora Release Engineering <releng@fedoraproject.org> - 41.0.5-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 41.0.5-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Dec 01 2023 Fabio Valentini <decathorpe@gmail.com> - 41.0.5-2
+- Rebuild for openssl crate >= v0.10.60 (RUSTSEC-2023-0044, RUSTSEC-2023-0072)
+
+* Thu Oct 26 2023 Christian Heimes <cheimes@redhat.com> - 41.0.5-1
+- Update to 41.0.5, resolves RHBZ#2239707
+
+* Mon Aug 14 2023 Christian Heimes <cheimes@redhat.com> - 41.0.3-2
+- Build with ouroboros 0.17, fixes rhbz#2214228 / RUSTSEC-2023-0042
+
+* Wed Aug 09 2023 Christian Heimes <cheimes@redhat.com> - 41.0.3-1
+- Update to 41.0.3, resolves rhbz#2211237
+- Use pyo3 0.19
+
+* Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 40.0.2-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Mon Jul 10 2023 Python Maint <python-maint@redhat.com> - 40.0.2-4
+- Rebuilt for Python 3.12
+
+* Wed Jun 14 2023 Python Maint <python-maint@redhat.com> - 40.0.2-3
+- Bootstrap for Python 3.12
+
 * Tue Jun 13 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 40.0.2-2
 - Use vendored rust-pem in RHEL builds

--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (cryptography-40.0.2.tar.gz) = 4f49a71cc7348cf90ff4e67d73486a07e065efdc3e321c7f2a642dd459057a90b1c26055bdbed076ebe5b8ea4ec544aaa62b9811fd62f0d818af7e0687b4aa9e
-SHA512 (cryptography-40.0.2-vendor.tar.bz2) = d45692545b50a1995837ec61b193f395bf4de021e3c4f059e3c3cc705b1b09628b1e8f00efd1d0f3f0936dc66e39cb2ac9defe484f952552e7b0e402e947fd6d
+SHA512 (cryptography-41.0.7.tar.gz) = 9a870d45296de6af1331e73b102226b8269892216cd7bc0adfb2f63ce1ca7021d338effd09182128253d8d8df154bbd19d46c47f10ddac86e739fcbf6df78307
+SHA512 (cryptography-41.0.7-vendor.tar.bz2) = dbf750a1ada4a9330939e3dae8311007a9e25808eb64c124c99981187d1bc04baba3a7d3b838c0cd9491e8350c382fb0f789a11abb21c633f2d78e8aba819b9e
Author	SHA1	Message	Date
Benjamin A. Beasley	fdff266e83	Update to 41.0.7, fixes rhbz#2255351, CVE-2023-49083	2024-02-01 10:48:14 -05:00
Fedora Release Engineering	cee9a5770d	Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild	2024-01-26 02:54:42 +00:00
Fedora Release Engineering	1c91adf0cd	Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild	2024-01-22 00:29:41 +00:00
Fabio Valentini	3f8bd894be	Rebuild for openssl crate >= v0.10.60 (RUSTSEC-2023-0044, RUSTSEC-2023-0072)	2023-12-01 16:14:04 +01:00
Christian Heimes	bee6bfddb5	Update to 41.0.5, resolves RHBZ#2239707	2023-10-26 17:20:09 +02:00
Christian Heimes	c8cc5d4cdc	Build with ouroboros 0.17, fixes rhbz#2214228 / RUSTSEC-2023-0042	2023-08-14 07:24:10 +02:00
Christian Heimes	7b18e1445d	Update to 41.0.3 - Update to upstream version 41.0.3 - Use pyo3 0.19 Resolves: rhbz#2211237	2023-08-10 08:41:01 +02:00
Fedora Release Engineering	9421b4a468	Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2023-07-21 08:43:20 +00:00
Python Maint	f32ed18be7	Rebuilt for Python 3.12	2023-07-10 14:05:42 +02:00
Python Maint	bd226dd0d0	Bootstrap for Python 3.12	2023-06-14 16:13:50 +02:00