Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python-cryptography for 
openSUSE:Factory checked in at 2023-07-12 17:26:20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-cryptography (Old)
 and      /work/SRC/openSUSE:Factory/.python-cryptography.new.8922 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "python-cryptography"

Wed Jul 12 17:26:20 2023 rev:79 rq:1098185 version:41.0.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/python-cryptography/python-cryptography.changes  
2023-06-27 23:16:04.243181186 +0200
+++ 
/work/SRC/openSUSE:Factory/.python-cryptography.new.8922/python-cryptography.changes
        2023-07-12 17:26:28.866190006 +0200
@@ -1,0 +2,24 @@
+Tue Jul 11 13:44:14 UTC 2023 - Dirk Müller <dmuel...@suse.com>
+
+- update to 41.0.2:
+  * Fixed bugs in creating and parsing SSH certificates where
+    critical options with values were handled incorrectly.
+    Certificates are now created correctly and parsing accepts
+    correct values as well as the previously generated
+    invalid forms with a warning. In the next release, support
+    for parsing these invalid forms will be removed.
+
+-------------------------------------------------------------------
+Tue Jul 11 11:44:23 UTC 2023 - Johannes Kastl <ka...@b1-systems.de>
+
+- remove patch remove_python_3_6_deprecation_warning.patch as the
+  warning was already removed upstream
+
+-------------------------------------------------------------------
+Mon Jul 10 22:52:18 UTC 2023 - Matej Cepl <mc...@suse.com>
+
+- Add no-pytest_benchmark.patch, which remove dependency on
+  pytest-benchmark and coveralls (We don't need no benchmarking
+  and coverage measurement; bsc#1213005).
+
+-------------------------------------------------------------------

Old:
----
  cryptography-41.0.1.tar.gz
  remove_python_3_6_deprecation_warning.patch

New:
----
  cryptography-41.0.2.tar.gz
  no-pytest_benchmark.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-cryptography.spec ++++++
--- /var/tmp/diff_new_pack.S32eXo/_old  2023-07-12 17:26:29.862195812 +0200
+++ /var/tmp/diff_new_pack.S32eXo/_new  2023-07-12 17:26:29.870195858 +0200
@@ -27,7 +27,7 @@
 %endif
 %{?sle15_python_module_pythons}
 Name:           python-cryptography%{psuffix}
-Version:        41.0.1
+Version:        41.0.2
 Release:        0
 Summary:        Python library which exposes cryptographic recipes and 
primitives
 License:        Apache-2.0 OR BSD-3-Clause
@@ -40,9 +40,9 @@
 Source3:        cargo_config
 Source4:        python-cryptography.keyring
 Patch2:         skip_openssl_memleak_test.patch
-%if 0%{?sle_version} && 0%{?sle_version} <= 150400
-Patch3:         remove_python_3_6_deprecation_warning.patch
-%endif
+# PATCH-FEATURE-OPENSUSE no-pytest_benchmark.patch mc...@suse.com
+# We don't need no benchmarking and coverage measurement
+Patch4:         no-pytest_benchmark.patch
 BuildRequires:  %{python_module cffi >= 1.12}
 BuildRequires:  %{python_module devel}
 BuildRequires:  %{python_module exceptiongroup}
@@ -66,7 +66,6 @@
 BuildRequires:  %{python_module iso8601}
 BuildRequires:  %{python_module pretend}
 BuildRequires:  %{python_module pytest > 6.0}
-BuildRequires:  %{python_module pytest-benchmark}
 BuildRequires:  %{python_module pytest-subtests}
 BuildRequires:  %{python_module pytest-xdist}
 BuildRequires:  %{python_module pytz}

++++++ _service ++++++
--- /var/tmp/diff_new_pack.S32eXo/_old  2023-07-12 17:26:29.910196092 +0200
+++ /var/tmp/diff_new_pack.S32eXo/_new  2023-07-12 17:26:29.914196115 +0200
@@ -1,7 +1,7 @@
 <services>
   <service name="download_files" mode="disabled"/>
   <service name="cargo_vendor" mode="disabled">
-    <param name="srcdir">cryptography-41.0.1/src/rust</param>
+    <param name="srcdir">cryptography-41.0.2/src/rust</param>
     <param name="compression">zst</param>
   </service>
   <service name="cargo_audit" mode="disabled">

++++++ cryptography-41.0.1.tar.gz -> cryptography-41.0.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/cryptography-41.0.1/CHANGELOG.rst 
new/cryptography-41.0.2/CHANGELOG.rst
--- old/cryptography-41.0.1/CHANGELOG.rst       2023-06-01 14:20:23.000000000 
+0200
+++ new/cryptography-41.0.2/CHANGELOG.rst       2023-07-11 05:14:09.000000000 
+0200
@@ -1,6 +1,17 @@
 Changelog
 =========
 
+.. _v41-0-2:
+
+41.0.2 - 2023-07-10
+~~~~~~~~~~~~~~~~~~~
+
+* Fixed bugs in creating and parsing SSH certificates where critical options
+  with values were handled incorrectly. Certificates are now created correctly
+  and parsing accepts correct values as well as the previously generated
+  invalid forms with a warning. In the next release, support for parsing these
+  invalid forms will be removed.
+
 .. _v41-0-1:
 
 41.0.1 - 2023-06-01
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/cryptography-41.0.1/PKG-INFO 
new/cryptography-41.0.2/PKG-INFO
--- old/cryptography-41.0.1/PKG-INFO    2023-06-01 14:20:37.477401000 +0200
+++ new/cryptography-41.0.2/PKG-INFO    2023-07-11 05:14:23.262920000 +0200
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: cryptography
-Version: 41.0.1
+Version: 41.0.2
 Summary: cryptography is a package which provides cryptographic recipes and 
primitives to Python developers.
 Author-email: The Python Cryptographic Authority and individual contributors 
<cryptography-...@python.org>
 License: Apache-2.0 OR BSD-3-Clause
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/cryptography-41.0.1/docs/development/test-vectors.rst 
new/cryptography-41.0.2/docs/development/test-vectors.rst
--- old/cryptography-41.0.1/docs/development/test-vectors.rst   2023-06-01 
14:20:23.000000000 +0200
+++ new/cryptography-41.0.2/docs/development/test-vectors.rst   2023-07-11 
05:14:09.000000000 +0200
@@ -866,6 +866,10 @@
   critical option.
 * ``p256-p256-non-lexical-crit-opts.pub`` - A certificate with critical
   options in non-lexical order.
+* ``p256-ed25519-non-singular-crit-opt-val.pub`` - A certificate with
+  a critical option that contains more than one value.
+* ``p256-ed25519-non-singular-ext-val.pub`` - A certificate with
+  an extension that contains more than one value.
 * ``dsa-p256.pub`` - A certificate with a DSA public key signed by a P256
   CA.
 * ``p256-dsa.pub`` - A certificate with a P256 public key signed by a DSA
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/cryptography-41.0.1/pyproject.toml 
new/cryptography-41.0.2/pyproject.toml
--- old/cryptography-41.0.1/pyproject.toml      2023-06-01 14:20:23.000000000 
+0200
+++ new/cryptography-41.0.2/pyproject.toml      2023-07-11 05:14:09.000000000 
+0200
@@ -11,7 +11,7 @@
 
 [project]
 name = "cryptography"
-version = "41.0.1"
+version = "41.0.2"
 authors = [
     {name = "The Python Cryptographic Authority and individual contributors", 
email = "cryptography-...@python.org"}
 ]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/cryptography-41.0.1/src/cryptography/__about__.py 
new/cryptography-41.0.2/src/cryptography/__about__.py
--- old/cryptography-41.0.1/src/cryptography/__about__.py       2023-06-01 
14:20:23.000000000 +0200
+++ new/cryptography-41.0.2/src/cryptography/__about__.py       2023-07-11 
05:14:09.000000000 +0200
@@ -10,7 +10,7 @@
     "__copyright__",
 ]
 
-__version__ = "41.0.1"
+__version__ = "41.0.2"
 
 
 __author__ = "The Python Cryptographic Authority and individual contributors"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/cryptography-41.0.1/src/cryptography/hazmat/primitives/serialization/ssh.py 
new/cryptography-41.0.2/src/cryptography/hazmat/primitives/serialization/ssh.py
--- 
old/cryptography-41.0.1/src/cryptography/hazmat/primitives/serialization/ssh.py 
    2023-06-01 14:20:23.000000000 +0200
+++ 
new/cryptography-41.0.2/src/cryptography/hazmat/primitives/serialization/ssh.py 
    2023-07-11 05:14:09.000000000 +0200
@@ -1063,6 +1063,20 @@
         if last_name is not None and bname < last_name:
             raise ValueError("Fields not lexically sorted")
         value, exts_opts = _get_sshstr(exts_opts)
+        if len(value) > 0:
+            try:
+                value, extra = _get_sshstr(value)
+            except ValueError:
+                warnings.warn(
+                    "This certificate has an incorrect encoding for critical "
+                    "options or extensions. This will be an exception in "
+                    "cryptography 42",
+                    utils.DeprecatedIn41,
+                    stacklevel=4,
+                )
+            else:
+                if len(extra) > 0:
+                    raise ValueError("Unexpected extra data after value")
         result[bname] = bytes(value)
         last_name = bname
     return result
@@ -1450,12 +1464,22 @@
         fcrit = _FragList()
         for name, value in self._critical_options:
             fcrit.put_sshstr(name)
-            fcrit.put_sshstr(value)
+            if len(value) > 0:
+                foptval = _FragList()
+                foptval.put_sshstr(value)
+                fcrit.put_sshstr(foptval.tobytes())
+            else:
+                fcrit.put_sshstr(value)
         f.put_sshstr(fcrit.tobytes())
         fext = _FragList()
         for name, value in self._extensions:
             fext.put_sshstr(name)
-            fext.put_sshstr(value)
+            if len(value) > 0:
+                fextval = _FragList()
+                fextval.put_sshstr(value)
+                fext.put_sshstr(fextval.tobytes())
+            else:
+                fext.put_sshstr(value)
         f.put_sshstr(fext.tobytes())
         f.put_sshstr(b"")  # RESERVED FIELD
         # encode CA public key
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/cryptography-41.0.1/src/cryptography.egg-info/PKG-INFO 
new/cryptography-41.0.2/src/cryptography.egg-info/PKG-INFO
--- old/cryptography-41.0.1/src/cryptography.egg-info/PKG-INFO  2023-06-01 
14:20:37.000000000 +0200
+++ new/cryptography-41.0.2/src/cryptography.egg-info/PKG-INFO  2023-07-11 
05:14:23.000000000 +0200
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: cryptography
-Version: 41.0.1
+Version: 41.0.2
 Summary: cryptography is a package which provides cryptographic recipes and 
primitives to Python developers.
 Author-email: The Python Cryptographic Authority and individual contributors 
<cryptography-...@python.org>
 License: Apache-2.0 OR BSD-3-Clause
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/cryptography-41.0.1/src/rust/Cargo.lock 
new/cryptography-41.0.2/src/rust/Cargo.lock
--- old/cryptography-41.0.1/src/rust/Cargo.lock 2023-06-01 14:20:23.000000000 
+0200
+++ new/cryptography-41.0.2/src/rust/Cargo.lock 2023-07-11 05:14:09.000000000 
+0200
@@ -285,9 +285,9 @@
 
 [[package]]
 name = "proc-macro2"
-version = "1.0.59"
+version = "1.0.64"
 source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "6aeca18b86b413c660b781aa319e4e2648a3e6f9eadc9b47e9038e6fe9f3451b"
+checksum = "78803b62cbf1f46fde80d7c0e803111524b9877184cfe7c3033659490ac7a7da"
 dependencies = [
  "unicode-ident",
 ]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/cryptography-41.0.1/tests/hazmat/primitives/test_ssh.py 
new/cryptography-41.0.2/tests/hazmat/primitives/test_ssh.py
--- old/cryptography-41.0.1/tests/hazmat/primitives/test_ssh.py 2023-06-01 
14:20:23.000000000 +0200
+++ new/cryptography-41.0.2/tests/hazmat/primitives/test_ssh.py 2023-07-11 
05:14:09.000000000 +0200
@@ -1115,26 +1115,28 @@
         # secp256r1 public key, ed25519 signing key
         cert = load_ssh_public_identity(
             b"ecdsa-sha2-nistp256-cert-...@openssh.com AAAAKGVjZHNhLXNoYTItbm"
-            b"lzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgtdU+dl9vD4xPi8afxERYo"
-            b"s0c0d9/3m7XGY6fGeSkqn0AAAAIbmlzdHAyNTYAAABBBAsuVFNNj/mMyFm2xB99"
-            b"G4xiaUJE1lZNjcp+S2tXYW5KorcHpusSlSqOkUPZ2l0644dgiNPDKR/R+BtYENC"
-            b"8aq8AAAAAAAAAAAAAAAEAAAAUdGVzdEBjcnlwdG9ncmFwaHkuaW8AAAAaAAAACm"
-            b"NyeXB0b3VzZXIAAAAIdGVzdHVzZXIAAAAAY7KyZAAAAAB2frXAAAAAAAAAAIIAA"
-            b"AAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9y"
-            b"d2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGV"
-            b"ybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3"
-            b"NoLWVkMjU1MTkAAAAg3P0eyGf2crKGwSlnChbLzTVOFKwQELE1Ve+EZ6rXF18AA"
-            b"ABTAAAAC3NzaC1lZDI1NTE5AAAAQKoij8BsPj/XLb45+wHmRWKNqXeZYXyDIj8J"
-            b"IE6dIymjEqq0TP6ntu5t59hTmWlDO85GnMXAVGBjFbeikBMfAQc= reaperhulk"
-            b"@despoina.local"
+            b"lzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgLfsFv9Gbc6LZSiJFWdYQl"
+            b"IMNI50GExXW0fBpgGVf+Y4AAAAIbmlzdHAyNTYAAABBBIzVyRgVLR4F38bIOLBN"
+            b"8CNm8Nf+eBHCVkKDKb9WDyLLD61CEmzjK/ORwFuSE4N60eIGbFidBf0D0xh7G6o"
+            b"TNxsAAAAAAAAAAAAAAAEAAAAUdGVzdEBjcnlwdG9ncmFwaHkuaW8AAAAaAAAACm"
+            b"NyeXB0b3VzZXIAAAAIdGVzdHVzZXIAAAAAY7KyZAAAAAB2frXAAAAAWAAAAA1mb"
+            b"3JjZS1jb21tYW5kAAAALAAAAChlY2hvIGFhYWFhYWFhYWFhYWFhYWFhYWFhYWFh"
+            b"YWFhYWFhYWFhYWFhAAAAD3ZlcmlmeS1yZXF1aXJlZAAAAAAAAACCAAAAFXBlcm1"
+            b"pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbm"
+            b"cAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wd"
+            b"HkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1"
+            b"NTE5AAAAICH6csEOmGbOfT2B/S/FJg3uyPsaPSZUZk2SVYlfs0KLAAAAUwAAAAt"
+            b"zc2gtZWQyNTUxOQAAAEDz2u7X5/TFbN7Ms7DP4yArhz1oWWYKkdAk7FGFkHfjtY"
+            b"/YfNQ8Oky3dCZRi7PnSzScEEjos7723dhF8/y99WwH reaperhulk@despoina."
+            b"local"
         )
         assert isinstance(cert, SSHCertificate)
         cert.verify_cert_signature()
         signature_key = cert.signature_key()
         assert isinstance(signature_key, ed25519.Ed25519PublicKey)
         assert cert.nonce == (
-            b"\xb5\xd5>v_o\x0f\x8cO\x8b\xc6\x9f\xc4DX\xa2\xcd\x1c\xd1\xdf"
-            b"\x7f\xden\xd7\x19\x8e\x9f\x19\xe4\xa4\xaa}"
+            b'-\xfb\x05\xbf\xd1\x9bs\xa2\xd9J"EY\xd6\x10\x94\x83\r#\x9d'
+            b"\x06\x13\x15\xd6\xd1\xf0i\x80e_\xf9\x8e"
         )
         public_key = cert.public_key()
         assert isinstance(public_key, ec.EllipticCurvePublicKey)
@@ -1145,7 +1147,10 @@
         assert cert.valid_principals == [b"cryptouser", b"testuser"]
         assert cert.valid_before == 1988015552
         assert cert.valid_after == 1672655460
-        assert cert.critical_options == {}
+        assert cert.critical_options == {
+            b"force-command": b"echo aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+            b"verify-required": b"",
+        }
         assert cert.extensions == {
             b"permit-X11-forwarding": b"",
             b"permit-agent-forwarding": b"",
@@ -1154,6 +1159,31 @@
             b"permit-user-rc": b"",
         }
 
+    def test_loads_deprecated_invalid_encoding_cert(self, backend):
+        with pytest.warns(utils.DeprecatedIn41):
+            cert = load_ssh_public_identity(
+                b"ecdsa-sha2-nistp256-cert-...@openssh.com AAAAKGVjZHNhLXNoYT"
+                b"ItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgXE7sJ+xDVVNCO"
+                b"cEvpZS+SXIbc0nJdny/KqVbnwHslMIAAAAIbmlzdHAyNTYAAABBBI/qcLq8"
+                b"iiErpAhOWRqdMkpFSCNv7TVUcXCIfAl01JXbe2MvS4V7lFtiyrBjLSV7Iyw"
+                b"3TrulrWLibjPzZvLwmQcAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAA//"
+                b"////////8AAABUAAAADWZvcmNlLWNvbW1hbmQAAAAoZWNobyBhYWFhYWFhY"
+                b"WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYQAAAA92ZXJpZnktcmVxdWly"
+                b"ZWQAAAAAAAAAEgAAAApwZXJtaXQtcHR5AAAAAAAAAAAAAABoAAAAE2VjZHN"
+                b"hLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI/qcLq8iiErpAhOWR"
+                b"qdMkpFSCNv7TVUcXCIfAl01JXbe2MvS4V7lFtiyrBjLSV7Iyw3TrulrWLib"
+                b"jPzZvLwmQcAAABlAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAABKAAAAIQCi"
+                b"eCsIhGKrZdkE1+zY5EBucrLzxFpwnm/onIT/6rapvQAAACEAuVQ1yQjlPKr"
+                b"kfsGfjeG+2umZrOS5Ycx85BQhYf0RgsA="
+            )
+        assert isinstance(cert, SSHCertificate)
+        cert.verify_cert_signature()
+        assert cert.extensions == {b"permit-pty": b""}
+        assert cert.critical_options == {
+            b"force-command": b"echo aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+            b"verify-required": b"",
+        }
+
     @pytest.mark.parametrize(
         "filename",
         [
@@ -1267,6 +1297,8 @@
             "p256-p256-non-lexical-extensions.pub",
             "p256-p256-duplicate-crit-opts.pub",
             "p256-p256-non-lexical-crit-opts.pub",
+            "p256-ed25519-non-singular-crit-opt-val.pub",
+            "p256-ed25519-non-singular-ext-val.pub",
         ],
     )
     def test_invalid_encodings(self, filename):
@@ -1693,6 +1725,11 @@
             .valid_after(1672531200)
             .valid_before(1672617600)
             .type(SSHCertificateType.USER)
+            .add_extension(b"permit-pty", b"")
+            .add_critical_option(
+                b"force-command", b"echo aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+            )
+            .add_critical_option(b"verify-required", b"")
         )
         cert = builder.sign(private_key)
         sig_key = cert.signature_key()
@@ -1707,19 +1744,21 @@
             b"4kyHpbLEIVloBjzetoqXK6u8Hjz/APuagONypNDCySDR6M7jM85HDcLoFFrbBb8"
             b"pruHSTxQejMeEmJxYf8b7rNl58/IWPB1ymbNlvHL/4oSOlnrtHkjcxRWzpQ7U3g"
             b"T9BThGyhCiI7EMyEHMgP3r7kTzEUwT6IavWDAAAAAAAAAAAAAAABAAAAAAAAAAA"
-            b"AAAAAY7DNAAAAAABjsh6AAAAAAAAAAAAAAAAAAAABFwAAAAdzc2gtcnNhAAAAAw"
-            b"EAAQAAAQEAwXr8fndHTKpaqDA2FYo/+/e1IWhRuiIw5dar/MHGz+9Z6SPqEzC8W"
-            b"TtzgCq2CKbkozBlI6MRa6WqOWYUUXThO2xJ6beAYuRJ1y77EP1J6R+gi5bQUeeC"
-            b"6fWrxbWm95hIJ6245z2gDyKy79zbduq0btrZjtZWYnQ/3GwOM2pdDNuqfcKeU2N"
-            b"eJMh6WyxCFZaAY83raKlyurvB48/wD7moDjcqTQwskg0ejO4zPORw3C6BRa2wW/"
-            b"Ka7h0k8UHozHhJicWH/G+6zZefPyFjwdcpmzZbxy/+KEjpZ67R5I3MUVs6UO1N4"
-            b"E/QU4RsoQoiOxDMhBzID96+5E8xFME+iGr1gwAAARQAAAAMcnNhLXNoYTItNTEy"
-            b"AAABAKCRnfhn6MZs3jRgIDICUpUyWrDCbpStEbdzhmoxF8w2m8klR7owRH/rxOf"
-            b"nWhKMGnXnoERS+az3Zh9ckiQPujkuEToORKpzu6CEWlzHSzyK1o2X548KkW76HJ"
-            b"gqzwMas94HY7UOJUgKSFUI0S3jAgqXAKSa1DxvJBu5/n57aUqPq+BmAtoI8uNBo"
-            b"x4F1pNEop38+oD7rUt8bZ8K0VcrubJZz806K8UNiK0mOahaEIkvZXBfzPGvSNRj"
-            b"0OjDl1dLUZaP8C1o5lVRomEm7pLcgE9i+ZDq5iz+mvQrSBStlpQ5hPGuUOrZ/oY"
-            b"ZLZ1G30R5tWj212MHoNZjxFxM8+f2OT4="
+            b"AAAAAY7DNAAAAAABjsh6AAAAAWAAAAA1mb3JjZS1jb21tYW5kAAAALAAAAChlY2"
+            b"hvIGFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhAAAAD3Zlcmlme"
+            b"S1yZXF1aXJlZAAAAAAAAAASAAAACnBlcm1pdC1wdHkAAAAAAAAAAAAAARcAAAAH"
+            b"c3NoLXJzYQAAAAMBAAEAAAEBAMF6/H53R0yqWqgwNhWKP/v3tSFoUboiMOXWq/z"
+            b"Bxs/vWekj6hMwvFk7c4Aqtgim5KMwZSOjEWulqjlmFFF04TtsSem3gGLkSdcu+x"
+            b"D9SekfoIuW0FHngun1q8W1pveYSCetuOc9oA8isu/c23bqtG7a2Y7WVmJ0P9xsD"
+            b"jNqXQzbqn3CnlNjXiTIelssQhWWgGPN62ipcrq7wePP8A+5qA43Kk0MLJINHozu"
+            b"MzzkcNwugUWtsFvymu4dJPFB6Mx4SYnFh/xvus2Xnz8hY8HXKZs2W8cv/ihI6We"
+            b"u0eSNzFFbOlDtTeBP0FOEbKEKIjsQzIQcyA/evuRPMRTBPohq9YMAAAEUAAAADH"
+            b"JzYS1zaGEyLTUxMgAAAQCYbbNzhflDqZAxyBpdLIX0nLAdnTeFNBudMqgo3KGND"
+            b"WlU9N17hqBEmcvIOrtNi+JKuKZW89zZrbORHvdjv6NjGSKzJD/XA25YrX1KgMEO"
+            b"wt5pzMZX+100drwrjQo+vZqeIN3FJNmT3wssge73v+JsxQrdIAz7YM2OZrFr5HM"
+            b"qZEZ5tMvAf/s5YEMDttEU4zMtmjubQyDM5KyYnZdoDT4sKi2rB8gfaigc4IdI/K"
+            b"8oXL/3Y7rHuOtejl3lUK4v6DxeRl4aqGYWmhUJc++Rh0cbDgC2S6Cq7gAfG2tND"
+            b"zbwL217Q93R08bJn1hDWuiTiaHGauSy2gPUI+cnkvlEocHM"
         )
 
     @pytest.mark.supported(
@@ -1745,6 +1784,11 @@
             .valid_after(1672531200)
             .valid_before(1672617600)
             .type(SSHCertificateType.USER)
+            .add_extension(b"permit-pty", b"")
+            .add_critical_option(
+                b"force-command", b"echo aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+            )
+            .add_critical_option(b"verify-required", b"")
         )
         cert = builder.sign(private_key)
         sig_key = cert.signature_key()
@@ -1754,8 +1798,11 @@
             b"ssh-ed25519-cert-...@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdj"
             b"AxQG9wZW5zc2guY29tAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
             b"AAAAAAAINdamAGCsQq31Uv+08lkBzoO4XLz2qYjJa8CGmj3B1EaAAAAAAAAAAAA"
-            b"AAABAAAAAAAAAAAAAAAAY7DNAAAAAABjsh6AAAAAAAAAAAAAAAAAAAAAMwAAAAt"
-            b"zc2gtZWQyNTUxOQAAACDXWpgBgrEKt9VL/tPJZAc6DuFy89qmIyWvAhpo9wdRGg"
-            b"AAAFMAAAALc3NoLWVkMjU1MTkAAABAAlF6Lxabxs+8fkOr7KjKYei9konIG13cQ"
-            b"gJ2tWf3yFcg3OuV5s/AkRmKdwHlQfTUrhRdOmDnGxeLEB0mvkVFCw=="
+            b"AAABAAAAAAAAAAAAAAAAY7DNAAAAAABjsh6AAAAAWAAAAA1mb3JjZS1jb21tYW5"
+            b"kAAAALAAAAChlY2hvIGFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYW"
+            b"FhAAAAD3ZlcmlmeS1yZXF1aXJlZAAAAAAAAAASAAAACnBlcm1pdC1wdHkAAAAAA"
+            b"AAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAg11qYAYKxCrfVS/7TyWQHOg7hcvPa"
+            b"piMlrwIaaPcHURoAAABTAAAAC3NzaC1lZDI1NTE5AAAAQL2aUjeD60C2FrbgHcN"
+            b"t8yRa8IRbxvOyA9TZYDGG1dRE3DiR0fuudU20v6vqfTd1gx0S5QyEdECXLl9ZI3"
+            b"AwZgc="
         )

++++++ no-pytest_benchmark.patch ++++++
---
 pyproject.toml                         |   31 -------------------------
 src/cryptography.egg-info/requires.txt |    2 -
 tests/bench/test_aead.py               |   40 ++++++++++++++++-----------------
 tests/bench/test_ec_load.py            |    8 +++---
 tests/bench/test_hashes.py             |    4 +--
 tests/bench/test_hmac.py               |    4 +--
 tests/bench/test_x509.py               |   16 ++++++-------
 7 files changed, 37 insertions(+), 68 deletions(-)

--- a/pyproject.toml
+++ b/pyproject.toml
@@ -69,8 +69,6 @@ ssh = ["bcrypt >=3.1.5"]
 nox = ["nox"]
 test = [
     "pytest >=6.2.0",
-    "pytest-benchmark",
-    "pytest-cov",
     "pytest-xdist",
     "pretend",
 ]
@@ -85,7 +83,7 @@ line-length = 79
 target-version = ["py37"]
 
 [tool.pytest.ini_options]
-addopts = "-r s --capture=no --strict-markers --benchmark-disable"
+addopts = "-r s --capture=no --strict-markers"
 console_output_style = "progress-even-when-capture-no"
 markers = [
     "skip_fips: this test is not executed in FIPS mode",
@@ -107,33 +105,6 @@ module = [
 ]
 ignore_missing_imports = true
 
-[tool.coverage.run]
-branch = true
-relative_files = true
-source = [
-    "cryptography",
-    "tests/",
-]
-
-[tool.coverage.paths]
-source = [
-   "src/cryptography",
-   "*.nox/*/lib*/python*/site-packages/cryptography",
-   "*.nox\\*\\Lib\\site-packages\\cryptography",
-   "*.nox/pypy/site-packages/cryptography",
-]
-tests =[
-   "tests/",
-   "*tests\\",
-]
-
-[tool.coverage.report]
-exclude_lines = [
-    "@abc.abstractmethod",
-    "@typing.overload",
-    "if typing.TYPE_CHECKING",
-]
-
 [tool.ruff]
 # UP006: Minimum Python 3.9
 # UP007, UP038: Minimum Python 3.10
--- a/src/cryptography.egg-info/requires.txt
+++ b/src/cryptography.egg-info/requires.txt
@@ -26,8 +26,6 @@ bcrypt>=3.1.5
 
 [test]
 pytest>=6.2.0
-pytest-benchmark
-pytest-cov
 pytest-xdist
 pretend
 
--- a/tests/bench/test_aead.py
+++ b/tests/bench/test_aead.py
@@ -19,84 +19,84 @@ from ..hazmat.primitives.test_aead impor
     not _aead_supported(ChaCha20Poly1305),
     reason="Requires OpenSSL with ChaCha20Poly1305 support",
 )
-def test_chacha20poly1305_encrypt(benchmark):
+def test_chacha20poly1305_encrypt():
     chacha = ChaCha20Poly1305(b"\x00" * 32)
-    benchmark(chacha.encrypt, b"\x00" * 12, b"hello world plaintext", b"")
+    chacha.encrypt(b"\x00" * 12, b"hello world plaintext", b"")
 
 
 @pytest.mark.skipif(
     not _aead_supported(ChaCha20Poly1305),
     reason="Requires OpenSSL with ChaCha20Poly1305 support",
 )
-def test_chacha20poly1305_decrypt(benchmark):
+def test_chacha20poly1305_decrypt():
     chacha = ChaCha20Poly1305(b"\x00" * 32)
     ct = chacha.encrypt(b"\x00" * 12, b"hello world plaintext", b"")
-    benchmark(chacha.decrypt, b"\x00" * 12, ct, b"")
+    chacha.decrypt(b"\x00" * 12, ct, b"")
 
 
-def test_aesgcm_encrypt(benchmark):
+def test_aesgcm_encrypt():
     aes = AESGCM(b"\x00" * 32)
-    benchmark(aes.encrypt, b"\x00" * 12, b"hello world plaintext", None)
+    aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
 
 
-def test_aesgcm_decrypt(benchmark):
+def test_aesgcm_decrypt():
     aes = AESGCM(b"\x00" * 32)
     ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
-    benchmark(aes.decrypt, b"\x00" * 12, ct, None)
+    aes.decrypt(b"\x00" * 12, ct, None)
 
 
 @pytest.mark.skipif(
     not _aead_supported(AESSIV),
     reason="Requires OpenSSL with AES-SIV support",
 )
-def test_aessiv_encrypt(benchmark):
+def test_aessiv_encrypt():
     aes = AESSIV(b"\x00" * 32)
-    benchmark(aes.encrypt, b"hello world plaintext", None)
+    aes.encrypt(b"hello world plaintext", None)
 
 
 @pytest.mark.skipif(
     not _aead_supported(AESSIV),
     reason="Requires OpenSSL with AES-SIV support",
 )
-def test_aessiv_decrypt(benchmark):
+def test_aessiv_decrypt():
     aes = AESSIV(b"\x00" * 32)
     ct = aes.encrypt(b"hello world plaintext", None)
-    benchmark(aes.decrypt, ct, None)
+    aes.decrypt(ct, None)
 
 
 @pytest.mark.skipif(
     not _aead_supported(AESOCB3),
     reason="Requires OpenSSL with AES-OCB3 support",
 )
-def test_aesocb3_encrypt(benchmark):
+def test_aesocb3_encrypt():
     aes = AESOCB3(b"\x00" * 32)
-    benchmark(aes.encrypt, b"\x00" * 12, b"hello world plaintext", None)
+    aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
 
 
 @pytest.mark.skipif(
     not _aead_supported(AESOCB3),
     reason="Requires OpenSSL with AES-OCB3 support",
 )
-def test_aesocb3_decrypt(benchmark):
+def test_aesocb3_decrypt():
     aes = AESOCB3(b"\x00" * 32)
     ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
-    benchmark(aes.decrypt, b"\x00" * 12, ct, None)
+    aes.decrypt(b"\x00" * 12, ct, None)
 
 
 @pytest.mark.skipif(
     not _aead_supported(AESCCM),
     reason="Requires OpenSSL with AES-CCM support",
 )
-def test_aesccm_encrypt(benchmark):
+def test_aesccm_encrypt():
     aes = AESCCM(b"\x00" * 32)
-    benchmark(aes.encrypt, b"\x00" * 12, b"hello world plaintext", None)
+    aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
 
 
 @pytest.mark.skipif(
     not _aead_supported(AESCCM),
     reason="Requires OpenSSL with AES-CCM support",
 )
-def test_aesccm_decrypt(benchmark):
+def test_aesccm_decrypt():
     aes = AESCCM(b"\x00" * 32)
     ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
-    benchmark(aes.decrypt, b"\x00" * 12, ct, None)
+    aes.decrypt(b"\x00" * 12, ct, None)
--- a/tests/bench/test_ec_load.py
+++ b/tests/bench/test_ec_load.py
@@ -5,9 +5,9 @@
 from ..hazmat.primitives.fixtures_ec import EC_KEY_SECP256R1
 
 
-def test_load_ec_public_numbers(benchmark):
-    benchmark(EC_KEY_SECP256R1.public_numbers.public_key)
+def test_load_ec_public_numbers():
+    EC_KEY_SECP256R1.public_numbers.public_key()
 
 
-def test_load_ec_private_numbers(benchmark):
-    benchmark(EC_KEY_SECP256R1.private_key)
+def test_load_ec_private_numbers():
+    EC_KEY_SECP256R1.private_key()
--- a/tests/bench/test_hashes.py
+++ b/tests/bench/test_hashes.py
@@ -5,10 +5,10 @@
 from cryptography.hazmat.primitives import hashes
 
 
-def test_sha256(benchmark):
+def test_sha256():
     def bench():
         h = hashes.Hash(hashes.SHA256())
         h.update(b"I love hashing. So much. The best.")
         return h.finalize()
 
-    benchmark(bench)
+    bench()
--- a/tests/bench/test_hmac.py
+++ b/tests/bench/test_hmac.py
@@ -5,10 +5,10 @@
 from cryptography.hazmat.primitives import hashes, hmac
 
 
-def test_hmac_sha256(benchmark):
+def test_hmac_sha256():
     def bench():
         h = hmac.HMAC(b"my extremely secure key", hashes.SHA256())
         h.update(b"I love hashing. So much. The best.")
         return h.finalize()
 
-    benchmark(bench)
+    bench()
--- a/tests/bench/test_x509.py
+++ b/tests/bench/test_x509.py
@@ -9,34 +9,34 @@ from cryptography import x509
 from ..utils import load_vectors_from_file
 
 
-def test_object_identier_constructor(benchmark):
-    benchmark(x509.ObjectIdentifier, "1.3.6.1.4.1.11129.2.4.5")
+def test_object_identier_constructor():
+    x509.ObjectIdentifier("1.3.6.1.4.1.11129.2.4.5")
 
 
-def test_aki_public_bytes(benchmark):
+def test_aki_public_bytes():
     aki = x509.AuthorityKeyIdentifier(
         key_identifier=b"\x00" * 16,
         authority_cert_issuer=None,
         authority_cert_serial_number=None,
     )
-    benchmark(aki.public_bytes)
+    aki.public_bytes()
 
 
-def test_load_der_certificate(benchmark):
+def test_load_der_certificate():
     cert_bytes = load_vectors_from_file(
         os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
         loader=lambda pemfile: pemfile.read(),
         mode="rb",
     )
 
-    benchmark(x509.load_der_x509_certificate, cert_bytes)
+    x509.load_der_x509_certificate(cert_bytes)
 
 
-def test_load_pem_certificate(benchmark):
+def test_load_pem_certificate():
     cert_bytes = load_vectors_from_file(
         os.path.join("x509", "cryptography.io.pem"),
         loader=lambda pemfile: pemfile.read(),
         mode="rb",
     )
 
-    benchmark(x509.load_pem_x509_certificate, cert_bytes)
+    x509.load_pem_x509_certificate(cert_bytes)

++++++ skip_openssl_memleak_test.patch ++++++
--- /var/tmp/diff_new_pack.S32eXo/_old  2023-07-12 17:26:30.214197864 +0200
+++ /var/tmp/diff_new_pack.S32eXo/_new  2023-07-12 17:26:30.218197887 +0200
@@ -1,12 +1,10 @@
 ---
- tests/hazmat/backends/test_openssl_memleak.py |    7 +++----
- 1 file changed, 3 insertions(+), 4 deletions(-)
+ tests/hazmat/backends/test_openssl_memleak.py |   10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
 
-Index: cryptography-40.0.1/tests/hazmat/backends/test_openssl_memleak.py
-===================================================================
---- cryptography-40.0.1.orig/tests/hazmat/backends/test_openssl_memleak.py
-+++ cryptography-40.0.1/tests/hazmat/backends/test_openssl_memleak.py
-@@ -204,12 +204,10 @@ def assert_no_memory_leaks(s, argv=[]):
+--- a/tests/hazmat/backends/test_openssl_memleak.py
++++ b/tests/hazmat/backends/test_openssl_memleak.py
+@@ -203,12 +203,10 @@ def assert_no_memory_leaks(s, argv=[]):
  
  
  def skip_if_memtesting_not_supported():
@@ -19,7 +17,7 @@
 +    return pytest.mark.skip(
 +        reason="Our FIPS openssl startup code invokes CRYPTO_malloc() which 
prevents later debugging via CRYPTO_set_mem_functions()"
 +     )
-+ 
++
  
  @pytest.mark.skip_fips(reason="FIPS self-test sets allow_customize = 0")
  @skip_if_memtesting_not_supported()

++++++ vendor.tar.zst ++++++
Binary files /var/tmp/diff_new_pack.S32eXo/_old and 
/var/tmp/diff_new_pack.S32eXo/_new differ

Reply via email to