Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-cryptography for
openSUSE:Factory checked in at 2026-04-11 22:22:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-cryptography (Old)
and /work/SRC/openSUSE:Factory/.python-cryptography.new.21863 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-cryptography"
Sat Apr 11 22:22:55 2026 rev:110 rq:1345804 version:46.0.7
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-cryptography/python-cryptography.changes
2026-03-31 15:49:24.232243000 +0200
+++
/work/SRC/openSUSE:Factory/.python-cryptography.new.21863/python-cryptography.changes
2026-04-11 22:23:29.873315402 +0200
@@ -1,0 +2,9 @@
+Fri Apr 10 09:13:45 UTC 2026 - Nico Krapp <[email protected]>
+
+- Update to 46.0.7 (fixes CVE-2026-39892, bsc#1261863)
+ * **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be
+ passed to APIs that accept Python buffers, which could lead to buffer
+ overflow. **CVE-2026-39892**
+ * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.
+
+-------------------------------------------------------------------
Old:
----
cryptography-46.0.6.tar.gz
New:
----
cryptography-46.0.7.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-cryptography.spec ++++++
--- /var/tmp/diff_new_pack.188I2f/_old 2026-04-11 22:23:31.309374186 +0200
+++ /var/tmp/diff_new_pack.188I2f/_new 2026-04-11 22:23:31.313374350 +0200
@@ -28,7 +28,7 @@
%{?sle15_python_module_pythons}
Name: python-cryptography%{psuffix}
# ALWAYS KEEP IN SYNC WITH python-cryptography-vectors!
-Version: 46.0.6
+Version: 46.0.7
Release: 0
Summary: Python library which exposes cryptographic recipes and
primitives
License: Apache-2.0 OR BSD-3-Clause
++++++ Make-unsafe-subinterpreter-support-available-via-cfg.patch ++++++
--- /var/tmp/diff_new_pack.188I2f/_old 2026-04-11 22:23:31.345375660 +0200
+++ /var/tmp/diff_new_pack.188I2f/_new 2026-04-11 22:23:31.349375823 +0200
@@ -7,10 +7,10 @@
src/impl_/pymodule.rs | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
-Index: cryptography-46.0.2/vendor/pyo3-0.26.0/src/impl_/pymodule.rs
+Index: cryptography-46.0.7/vendor/pyo3-0.26.0/src/impl_/pymodule.rs
===================================================================
---- cryptography-46.0.2.orig/vendor/pyo3-0.26.0/src/impl_/pymodule.rs
-+++ cryptography-46.0.2/vendor/pyo3-0.26.0/src/impl_/pymodule.rs
+--- cryptography-46.0.7.orig/vendor/pyo3-0.26.0/src/impl_/pymodule.rs
++++ cryptography-46.0.7/vendor/pyo3-0.26.0/src/impl_/pymodule.rs
@@ -100,7 +100,7 @@ impl ModuleDef {
// that static data is not reused across interpreters.
//
@@ -20,22 +20,22 @@
{
// PyInterpreterState_Get is only available on 3.9 and later, but
is missing
// from python3.dll for Windows stable API on 3.9
-Index: cryptography-46.0.2/Cargo.toml
+Index: cryptography-46.0.7/Cargo.toml
===================================================================
---- cryptography-46.0.2.orig/Cargo.toml
-+++ cryptography-46.0.2/Cargo.toml
-@@ -29,3 +29,6 @@ openssl-sys = "0.9.108"
+--- cryptography-46.0.7.orig/Cargo.toml
++++ cryptography-46.0.7/Cargo.toml
+@@ -29,3 +29,6 @@ openssl-sys = "0.9.110"
[profile.release]
overflow-checks = true
+
+[patch.crates-io]
+pyo3 = { path="vendor/pyo3-0.26.0" }
-Index: cryptography-46.0.2/Cargo.lock
+Index: cryptography-46.0.7/Cargo.lock
===================================================================
---- cryptography-46.0.2.orig/Cargo.lock
-+++ cryptography-46.0.2/Cargo.lock
-@@ -276,8 +276,6 @@ dependencies = [
+--- cryptography-46.0.7.orig/Cargo.lock
++++ cryptography-46.0.7/Cargo.lock
+@@ -279,8 +279,6 @@ dependencies = [
[[package]]
name = "pyo3"
version = "0.26.0"
++++++ cryptography-46.0.6.tar.gz -> cryptography-46.0.7.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-46.0.6/CHANGELOG.rst
new/cryptography-46.0.7/CHANGELOG.rst
--- old/cryptography-46.0.6/CHANGELOG.rst 2026-03-26 00:26:23.000000000
+0100
+++ new/cryptography-46.0.7/CHANGELOG.rst 2026-04-08 03:50:20.000000000
+0200
@@ -1,7 +1,17 @@
Changelog
=========
-.. _v46-0-5:
+.. v46-0-7:
+
+46.0.7 - 2026-01-27
+~~~~~~~~~~~~~~~~~~~
+
+* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be
+ passed to APIs that accept Python buffers, which could lead to buffer
+ overflow. **CVE-2026-39892**
+* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.
+
+.. _v46-0-6:
46.0.6 - 2026-03-25
~~~~~~~~~~~~~~~~~~~
@@ -12,6 +22,8 @@
including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for
reporting the issue. **CVE-2026-34073**
+.. _v46-0-5:
+
46.0.5 - 2026-02-10
~~~~~~~~~~~~~~~~~~~
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-46.0.6/PKG-INFO
new/cryptography-46.0.7/PKG-INFO
--- old/cryptography-46.0.6/PKG-INFO 1970-01-01 01:00:00.000000000 +0100
+++ new/cryptography-46.0.7/PKG-INFO 1970-01-01 01:00:00.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.4
Name: cryptography
-Version: 46.0.6
+Version: 46.0.7
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
Classifier: Natural Language :: English
@@ -28,7 +28,7 @@
Requires-Dist: typing-extensions>=4.13.2 ; python_full_version < '3.11'
Requires-Dist: bcrypt>=3.1.5 ; extra == 'ssh'
Requires-Dist: nox[uv]>=2024.4.15 ; extra == 'nox'
-Requires-Dist: cryptography-vectors==46.0.6 ; extra == 'test'
+Requires-Dist: cryptography-vectors==46.0.7 ; extra == 'test'
Requires-Dist: pytest>=7.4.0 ; extra == 'test'
Requires-Dist: pytest-benchmark>=4.0 ; extra == 'test'
Requires-Dist: pytest-cov>=2.10.1 ; extra == 'test'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-46.0.6/pyproject.toml
new/cryptography-46.0.7/pyproject.toml
--- old/cryptography-46.0.6/pyproject.toml 2026-03-26 00:26:23.000000000
+0100
+++ new/cryptography-46.0.7/pyproject.toml 2026-04-08 03:50:20.000000000
+0200
@@ -16,7 +16,7 @@
[project]
name = "cryptography"
-version = "46.0.6"
+version = "46.0.7"
authors = [
{ name = "The Python Cryptographic Authority and individual contributors",
email = "[email protected]" },
]
@@ -70,7 +70,7 @@
# All the following are used for our own testing.
nox = ["nox[uv] >=2024.04.15"]
test = [
- "cryptography_vectors==46.0.6",
+ "cryptography_vectors==46.0.7",
"pytest >=7.4.0",
"pytest-benchmark >=4.0",
"pytest-cov >=2.10.1",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-46.0.6/src/cryptography/__about__.py
new/cryptography-46.0.7/src/cryptography/__about__.py
--- old/cryptography-46.0.6/src/cryptography/__about__.py 2026-03-26
00:26:23.000000000 +0100
+++ new/cryptography-46.0.7/src/cryptography/__about__.py 2026-04-08
03:50:20.000000000 +0200
@@ -10,7 +10,7 @@
"__version__",
]
-__version__ = "46.0.6"
+__version__ = "46.0.7"
__author__ = "The Python Cryptographic Authority and individual contributors"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-46.0.6/src/rust/src/buf.rs
new/cryptography-46.0.7/src/rust/src/buf.rs
--- old/cryptography-46.0.6/src/rust/src/buf.rs 2026-03-26 00:26:23.000000000
+0100
+++ new/cryptography-46.0.7/src/rust/src/buf.rs 2026-04-08 03:50:20.000000000
+0200
@@ -38,6 +38,11 @@
"Buffer is not writable.",
));
};
+ if !buf.is_c_contiguous() {
+ return Err(pyo3::exceptions::PyBufferError::new_err(
+ "Buffer is not contiguous.",
+ ));
+ }
let ptr = buf.buf_ptr() as usize;
let len = buf.len_bytes();
Ok((Some(buf), ptr, len))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cryptography-46.0.6/tests/hazmat/primitives/test_hashes.py
new/cryptography-46.0.7/tests/hazmat/primitives/test_hashes.py
--- old/cryptography-46.0.6/tests/hazmat/primitives/test_hashes.py
2026-03-26 00:26:23.000000000 +0100
+++ new/cryptography-46.0.7/tests/hazmat/primitives/test_hashes.py
2026-04-08 03:50:20.000000000 +0200
@@ -155,6 +155,12 @@
hashes.BLAKE2s(digest_size=-1)
+def test_non_contiguous_buffer_rejected():
+ h = hashes.Hash(hashes.SHA256())
+ with pytest.raises((TypeError, BufferError)):
+ h.update(memoryview(bytearray(10))[::-1])
+
+
def test_buffer_protocol_hash(backend):
data = binascii.unhexlify(b"b4190e")
h = hashes.Hash(hashes.SHA256(), backend)
++++++ no-pytest_benchmark.patch ++++++
--- /var/tmp/diff_new_pack.188I2f/_old 2026-04-11 22:23:31.893398093 +0200
+++ /var/tmp/diff_new_pack.188I2f/_new 2026-04-11 22:23:31.897398256 +0200
@@ -1,10 +1,10 @@
-Index: cryptography-46.0.6/pyproject.toml
+Index: cryptography-46.0.7/pyproject.toml
===================================================================
---- cryptography-46.0.6.orig/pyproject.toml
-+++ cryptography-46.0.6/pyproject.toml
+--- cryptography-46.0.7.orig/pyproject.toml
++++ cryptography-46.0.7/pyproject.toml
@@ -72,8 +72,6 @@ nox = ["nox[uv] >=2024.04.15"]
test = [
- "cryptography_vectors==46.0.6",
+ "cryptography_vectors==46.0.7",
"pytest >=7.4.0",
- "pytest-benchmark >=4.0",
- "pytest-cov >=2.10.1",
@@ -51,10 +51,10 @@
[tool.ruff]
line-length = 79
-Index: cryptography-46.0.6/tests/bench/test_aead.py
+Index: cryptography-46.0.7/tests/bench/test_aead.py
===================================================================
---- cryptography-46.0.6.orig/tests/bench/test_aead.py
-+++ cryptography-46.0.6/tests/bench/test_aead.py
+--- cryptography-46.0.7.orig/tests/bench/test_aead.py
++++ cryptography-46.0.7/tests/bench/test_aead.py
@@ -26,84 +26,84 @@ def _aead_supported(cls):
not _aead_supported(ChaCha20Poly1305),
reason="Requires OpenSSL with ChaCha20Poly1305 support",
@@ -160,10 +160,10 @@
ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
- benchmark(aes.decrypt, b"\x00" * 12, ct, None)
+ aes.decrypt(b"\x00" * 12, ct, None)
-Index: cryptography-46.0.6/tests/bench/test_ec_load.py
+Index: cryptography-46.0.7/tests/bench/test_ec_load.py
===================================================================
---- cryptography-46.0.6.orig/tests/bench/test_ec_load.py
-+++ cryptography-46.0.6/tests/bench/test_ec_load.py
+--- cryptography-46.0.7.orig/tests/bench/test_ec_load.py
++++ cryptography-46.0.7/tests/bench/test_ec_load.py
@@ -5,9 +5,9 @@
from ..hazmat.primitives.fixtures_ec import EC_KEY_SECP256R1
@@ -178,10 +178,10 @@
- benchmark(EC_KEY_SECP256R1.private_key)
+def test_load_ec_private_numbers():
+ EC_KEY_SECP256R1.private_key()
-Index: cryptography-46.0.6/tests/bench/test_hashes.py
+Index: cryptography-46.0.7/tests/bench/test_hashes.py
===================================================================
---- cryptography-46.0.6.orig/tests/bench/test_hashes.py
-+++ cryptography-46.0.6/tests/bench/test_hashes.py
+--- cryptography-46.0.7.orig/tests/bench/test_hashes.py
++++ cryptography-46.0.7/tests/bench/test_hashes.py
@@ -5,10 +5,10 @@
from cryptography.hazmat.primitives import hashes
@@ -195,10 +195,10 @@
- benchmark(bench)
+ bench()
-Index: cryptography-46.0.6/tests/bench/test_hmac.py
+Index: cryptography-46.0.7/tests/bench/test_hmac.py
===================================================================
---- cryptography-46.0.6.orig/tests/bench/test_hmac.py
-+++ cryptography-46.0.6/tests/bench/test_hmac.py
+--- cryptography-46.0.7.orig/tests/bench/test_hmac.py
++++ cryptography-46.0.7/tests/bench/test_hmac.py
@@ -5,10 +5,10 @@
from cryptography.hazmat.primitives import hashes, hmac
@@ -212,10 +212,10 @@
- benchmark(bench)
+ bench()
-Index: cryptography-46.0.6/tests/bench/test_x509.py
+Index: cryptography-46.0.7/tests/bench/test_x509.py
===================================================================
---- cryptography-46.0.6.orig/tests/bench/test_x509.py
-+++ cryptography-46.0.6/tests/bench/test_x509.py
+--- cryptography-46.0.7.orig/tests/bench/test_x509.py
++++ cryptography-46.0.7/tests/bench/test_x509.py
@@ -13,40 +13,40 @@ from cryptography import x509
from ..utils import load_vectors_from_file
++++++ support-maturin-1.12.patch ++++++
--- /var/tmp/diff_new_pack.188I2f/_old 2026-04-11 22:23:31.933399730 +0200
+++ /var/tmp/diff_new_pack.188I2f/_new 2026-04-11 22:23:31.941400058 +0200
@@ -19,11 +19,11 @@
pyproject.toml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
-diff --git a/pyproject.toml b/pyproject.toml
-index e26b386280a5..8640cb6e5951 100644
---- a/pyproject.toml
-+++ b/pyproject.toml
-@@ -106,10 +106,10 @@ module-name = "cryptography.hazmat.bindings._rust"
+Index: cryptography-46.0.7/pyproject.toml
+===================================================================
+--- cryptography-46.0.7.orig/pyproject.toml
++++ cryptography-46.0.7/pyproject.toml
+@@ -104,10 +104,10 @@ module-name = "cryptography.hazmat.bindi
locked = true
sdist-generator = "git"
include = [
@@ -37,7 +37,7 @@
{ path = "src/_cffi_src/**/*.py", format = "sdist" },
{ path = "src/_cffi_src/**/*.c", format = "sdist" },
-@@ -121,7 +121,7 @@ include = [
+@@ -119,7 +119,7 @@ include = [
{ path = "src/rust/**/Cargo.lock", format = "sdist" },
{ path = "src/rust/**/*.rs", format = "sdist" },
++++++ vendor.tar.zst ++++++
++++ 282050 lines of diff (skipped)
