Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-cryptography for
openSUSE:Factory checked in at 2024-02-23 16:41:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-cryptography (Old)
and /work/SRC/openSUSE:Factory/.python-cryptography.new.1770 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-cryptography"
Fri Feb 23 16:41:42 2024 rev:86 rq:1149625 version:42.0.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-cryptography/python-cryptography.changes
2023-11-29 21:18:42.324692578 +0100
+++
/work/SRC/openSUSE:Factory/.python-cryptography.new.1770/python-cryptography.changes
2024-02-23 16:41:53.903874692 +0100
@@ -1,0 +2,121 @@
+Thu Feb 22 17:10:39 UTC 2024 - Daniel Garcia <daniel.gar...@suse.com>
+
+- update to 42.0.4 (bsc#1220210, CVE-2024-26130):
+ * Fixed a null-pointer-dereference and segfault that could occur
+ when creating a PKCS#12 bundle. Credit to Alexander-Programming
+ for reporting the issue. CVE-2024-26130
+ * Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields
+ SMIMECapabilities and SignatureAlgorithmIdentifier should now be
+ correctly encoded according to the definitions in :rfc:2633
+ :rfc:3370.
+- update to 42.0.3:
+ * Fixed an initialization issue that caused key loading failures for some
+ users.
+- Drop patch skip_openssl_memleak_test.patch not needed anymore.
+
+-------------------------------------------------------------------
+Wed Jan 31 17:24:29 UTC 2024 - Dirk Müller <dmuel...@suse.com>
+
+- update to 42.0.2:
+ * Updated Windows, macOS, and Linux wheels to be compiled with
+ OpenSSL 3.2.1.
+ * Fixed an issue that prevented the use of Python buffer
+ protocol objects in sign and verify methods on asymmetric
+ keys.
+ * Fixed an issue with incorrect keyword-argument naming with
+ EllipticCurvePrivateKey :meth:`~cryptography.hazmat.primitive
+ s.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
+ X25519PrivateKey :meth:`~cryptography.hazmat.primitives.asymm
+ etric.x25519.X25519PrivateKey.exchange`, X448PrivateKey :meth
+ :`~cryptography.hazmat.primitives.asymmetric.x448.X448Private
+ Key.exchange`, and DHPrivateKey :meth:`~cryptography.hazmat.p
+ rimitives.asymmetric.dh.DHPrivateKey.exchange`.
+
+-------------------------------------------------------------------
+Mon Jan 29 14:01:49 UTC 2024 - Dirk Müller <dmuel...@suse.com>
+
+- update to 42.0.1:
+ * Fixed an issue with incorrect keyword-argument naming with
+ EllipticCurvePrivateKey :meth:`~cryptography.hazmat.primitive
+ s.asymmetric.ec.EllipticCurvePrivateKey.sign`.
+ * Resolved compatibility issue with loading certain RSA public
+ keys in :func:`~cryptography.hazmat.primitives.serialization.
+ load_pem_public_key`.
+ * BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.7.
+ * BACKWARDS INCOMPATIBLE: Loading a PKCS7 with no content field
+ using :func:`~cryptography.hazmat.primitives.serialization.pk
+ cs7.load_pem_pkcs7_certificates` or :func:`~cryptography.hazm
+ at.primitives.serialization.pkcs7.load_der_pkcs7_certificates
+ ` will now raise a ValueError rather than return an empty
+ list.
+ * Parsing SSH certificates no longer permits malformed critical
+ options with values, as documented in the 41.0.2 release
+ notes.
+ * Updated Windows, macOS, and Linux wheels to be compiled with
+ OpenSSL 3.2.0.
+ * Updated the minimum supported Rust version (MSRV) to 1.63.0,
+ from 1.56.0.
+ * We now publish both py37 and py39 abi3 wheels. This should
+ resolve some errors relating to initializing a module
+ multiple times per process.
+ * Support :class:`~cryptography.hazmat.primitives.asymmetric.pa
+ dding.PSS` for X.509 certificate signing requests and
+ certificate revocation lists with the keyword-only argument
+ rsa_padding on the sign methods for
+ :class:`~cryptography.x509.CertificateSigningRequestBuilder`
+ and
+ :class:`~cryptography.x509.CertificateRevocationListBuilder`.
+ * Added support for obtaining X.509 certificate signing request
+ signature algorithm parameters (including PSS) via :meth:`~cr
+ yptography.x509.CertificateSigningRequest.signature_algorithm
+ _parameters`.
+ * Added support for obtaining X.509 certificate revocation list
+ signature algorithm parameters (including PSS) via :meth:`~cr
+ yptography.x509.CertificateRevocationList.signature_algorithm
+ _parameters`.
+ * Added mgf property to :class:`~cryptography.hazmat.primitives
+ .asymmetric.padding.PSS`.
+ * Added algorithm and mgf properties to :class:`~cryptography.h
+ azmat.primitives.asymmetric.padding.OAEP`.
+ * Added the following properties that return timezone-aware
+ datetime objects:
+ :meth:`~cryptography.x509.Certificate.not_valid_before_utc`,
+ :meth:`~cryptography.x509.Certificate.not_valid_after_utc`, :
+ meth:`~cryptography.x509.RevokedCertificate.revocation_date_u
+ tc`, :meth:`~cryptography.x509.CertificateRevocationList.next
+ _update_utc`, :meth:`~cryptography.x509.CertificateRevocation
+ List.last_update_utc`. These are timezone-aware variants of
+ existing properties that return naïve datetime objects.
+ * Deprecated the following properties that return naïve
+ datetime objects:
+ :meth:`~cryptography.x509.Certificate.not_valid_before`,
+ :meth:`~cryptography.x509.Certificate.not_valid_after`, :meth
+ :`~cryptography.x509.RevokedCertificate.revocation_date`, :me
+ th:`~cryptography.x509.CertificateRevocationList.next_update`
+ , :meth:`~cryptography.x509.CertificateRevocationList.last_up
+ date` in favor of the new timezone-aware variants mentioned
+ above.
+ * Added support for :class:`~cryptography.hazmat.primitives.cip
+ hers.algorithms.ChaCha20` on LibreSSL.
+ * Added support for RSA PSS signatures in PKCS7 with :meth:`~cr
+ yptography.hazmat.primitives.serialization.pkcs7.PKCS7Signatu
+ reBuilder.add_signer`.
+ * In the next release (43.0.0) of cryptography, loading an
+ X.509 certificate with a negative serial number will raise an
+ exception. This has been deprecated since 36.0.0.
+ * Added support for :class:`~cryptography.hazmat.primitives.cip
+ hers.aead.AESGCMSIV` when using OpenSSL 3.2.0+.
+ * Added the :mod:`X.509 path validation
+ <cryptography.x509.verification>` APIs for
+ :class:`~cryptography.x509.Certificate` chains. These APIs
+ should be considered unstable and not subject to our
+ stability guarantees until documented as such in a future
+ release.
+ * Added support for :class:`~cryptography.hazmat.primitives.cip
+ hers.algorithms.SM4`
+ :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM`
+ when using OpenSSL 3.0 or greater.
+- use PEP517 build
+- switch to new cargo-vendor
+
+-------------------------------------------------------------------
Old:
----
cargo_config
cryptography-41.0.7.tar.gz
skip_openssl_memleak_test.patch
New:
----
cryptography-42.0.4.tar.gz
BETA DEBUG BEGIN:
Old: users.
- Drop patch skip_openssl_memleak_test.patch not needed anymore.
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-cryptography.spec ++++++
--- /var/tmp/diff_new_pack.vz01HA/_old 2024-02-23 16:41:54.843908768 +0100
+++ /var/tmp/diff_new_pack.vz01HA/_new 2024-02-23 16:41:54.843908768 +0100
@@ -1,7 +1,7 @@
#
-# spec file
+# spec file for package python-cryptography
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -27,27 +27,26 @@
%endif
%{?sle15_python_module_pythons}
Name: python-cryptography%{psuffix}
-Version: 41.0.7
+Version: 42.0.4
Release: 0
Summary: Python library which exposes cryptographic recipes and
primitives
License: Apache-2.0 OR BSD-3-Clause
Group: Development/Languages/Python
URL: https://cryptography.io/en/latest/
Source0:
https://files.pythonhosted.org/packages/source/c/cryptography/cryptography-%{version}.tar.gz
-# use `osc service disabledrun` to regenerate
+# use `osc service manualrun` to regenerate
Source2: vendor.tar.zst
-# use `osc service disabledrun` to regenerate
-Source3: cargo_config
Source4: python-cryptography.keyring
-Patch2: skip_openssl_memleak_test.patch
# PATCH-FEATURE-OPENSUSE no-pytest_benchmark.patch mc...@suse.com
# We don't need no benchmarking and coverage measurement
Patch4: no-pytest_benchmark.patch
BuildRequires: %{python_module cffi >= 1.12}
BuildRequires: %{python_module devel}
BuildRequires: %{python_module exceptiongroup}
-BuildRequires: %{python_module setuptools-rust}
+BuildRequires: %{python_module pip}
+BuildRequires: %{python_module setuptools-rust >= 1.7.0}
BuildRequires: %{python_module setuptools}
+BuildRequires: %{python_module wheel}
BuildRequires: cargo >= 1.56.0
BuildRequires: fdupes
BuildRequires: libopenssl-devel
@@ -60,6 +59,7 @@
Requires: python
%requires_eq python-cffi
%if %{with test}
+BuildRequires: %{python_module certifi}
BuildRequires: %{python_module cryptography >= %{version}}
BuildRequires: %{python_module cryptography-vectors = %{version}}
BuildRequires: %{python_module hypothesis >= 1.11.4}
@@ -85,7 +85,6 @@
%prep
%autosetup -a2 -p1 -n cryptography-%{version}
-cp %{SOURCE3} .cargo/config
rm -v src/rust/Cargo.lock
%build
@@ -93,7 +92,7 @@
%global _lto_cflags %{nil}
export RUSTFLAGS=%{rustflags}
export CFLAGS="%{optflags} -fno-strict-aliasing"
-%python_build
+%pyproject_wheel
%install
%if !%{with test}
@@ -102,13 +101,20 @@
# see https://github.com/pyca/cryptography/issues/1463
find . -name .keep -print -delete
-%python_install
+%pyproject_install
%python_expand %fdupes %{buildroot}%{$python_sitearch}
%endif
%if %{with test}
%check
# won't work for cryptography
+# fails with OverflowError on 32bit platform
+%ifarch %ix86 %arm ppc
+rm -v tests/hazmat/primitives/test_aead.py
+# imports test_aead so we need to remove also these
+rm -v tests/wycheproof/test_aes.py
+rm -v tests/wycheproof/test_chacha20poly1305.py
+%endif
%pytest_arch -n auto --ignore-glob=vendor/*
%endif
@@ -117,6 +123,6 @@
%license LICENSE LICENSE.APACHE LICENSE.BSD
%doc CONTRIBUTING.rst CHANGELOG.rst README.rst
%{python_sitearch}/cryptography
-%{python_sitearch}/cryptography-%{version}*-info
+%{python_sitearch}/cryptography-%{version}.dist-info
%endif
++++++ _service ++++++
--- /var/tmp/diff_new_pack.vz01HA/_old 2024-02-23 16:41:54.879910073 +0100
+++ /var/tmp/diff_new_pack.vz01HA/_new 2024-02-23 16:41:54.883910218 +0100
@@ -1,10 +1,8 @@
<services>
<service name="download_files" mode="manual"/>
<service name="cargo_vendor" mode="manual">
- <param name="srcdir">cryptography-41.0.7/src/rust</param>
+ <param name="srcdir">cryptography-42.0.2/src/rust</param>
<param name="compression">zst</param>
</service>
- <service name="cargo_audit" mode="manual">
- </service>
</services>
++++++ cryptography-41.0.7.tar.gz -> cryptography-42.0.4.tar.gz ++++++
++++ 34882 lines of diff (skipped)
++++++ no-pytest_benchmark.patch ++++++
--- /var/tmp/diff_new_pack.vz01HA/_old 2024-02-23 16:41:55.111918483 +0100
+++ /var/tmp/diff_new_pack.vz01HA/_new 2024-02-23 16:41:55.115918628 +0100
@@ -8,9 +8,11 @@
tests/bench/test_x509.py | 16 ++++++-------
7 files changed, 37 insertions(+), 68 deletions(-)
---- a/pyproject.toml
-+++ b/pyproject.toml
-@@ -69,8 +69,6 @@ ssh = ["bcrypt >=3.1.5"]
+Index: cryptography-42.0.1/pyproject.toml
+===================================================================
+--- cryptography-42.0.1.orig/pyproject.toml
++++ cryptography-42.0.1/pyproject.toml
+@@ -71,8 +71,6 @@ ssh = ["bcrypt >=3.1.5"]
nox = ["nox"]
test = [
"pytest >=6.2.0",
@@ -18,9 +20,9 @@
- "pytest-cov",
"pytest-xdist",
"pretend",
- ]
-@@ -85,7 +83,7 @@ line-length = 79
- target-version = ["py37"]
+ "certifi",
+@@ -92,7 +90,7 @@ rust-version = ">=1.63.0"
+
[tool.pytest.ini_options]
-addopts = "-r s --capture=no --strict-markers --benchmark-disable"
@@ -28,7 +30,7 @@
console_output_style = "progress-even-when-capture-no"
markers = [
"skip_fips: this test is not executed in FIPS mode",
-@@ -107,33 +105,6 @@ module = [
+@@ -114,33 +112,6 @@ module = [
]
ignore_missing_imports = true
@@ -60,11 +62,13 @@
-]
-
[tool.ruff]
- # UP006: Minimum Python 3.9
- # UP007, UP038: Minimum Python 3.10
---- a/src/cryptography.egg-info/requires.txt
-+++ b/src/cryptography.egg-info/requires.txt
-@@ -26,8 +26,6 @@ bcrypt>=3.1.5
+ ignore = ['N818']
+ select = ['E', 'F', 'I', 'N', 'W', 'UP', 'RUF']
+Index: cryptography-42.0.1/src/cryptography.egg-info/requires.txt
+===================================================================
+--- cryptography-42.0.1.orig/src/cryptography.egg-info/requires.txt
++++ cryptography-42.0.1/src/cryptography.egg-info/requires.txt
+@@ -28,8 +28,6 @@ bcrypt>=3.1.5
[test]
pytest>=6.2.0
@@ -72,10 +76,12 @@
-pytest-cov
pytest-xdist
pretend
-
---- a/tests/bench/test_aead.py
-+++ b/tests/bench/test_aead.py
-@@ -19,84 +19,84 @@ from ..hazmat.primitives.test_aead impor
+ certifi
+Index: cryptography-42.0.1/tests/bench/test_aead.py
+===================================================================
+--- cryptography-42.0.1.orig/tests/bench/test_aead.py
++++ cryptography-42.0.1/tests/bench/test_aead.py
+@@ -26,84 +26,84 @@ def _aead_supported(cls):
not _aead_supported(ChaCha20Poly1305),
reason="Requires OpenSSL with ChaCha20Poly1305 support",
)
@@ -180,8 +186,10 @@
ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
- benchmark(aes.decrypt, b"\x00" * 12, ct, None)
+ aes.decrypt(b"\x00" * 12, ct, None)
---- a/tests/bench/test_ec_load.py
-+++ b/tests/bench/test_ec_load.py
+Index: cryptography-42.0.1/tests/bench/test_ec_load.py
+===================================================================
+--- cryptography-42.0.1.orig/tests/bench/test_ec_load.py
++++ cryptography-42.0.1/tests/bench/test_ec_load.py
@@ -5,9 +5,9 @@
from ..hazmat.primitives.fixtures_ec import EC_KEY_SECP256R1
@@ -196,8 +204,10 @@
- benchmark(EC_KEY_SECP256R1.private_key)
+def test_load_ec_private_numbers():
+ EC_KEY_SECP256R1.private_key()
---- a/tests/bench/test_hashes.py
-+++ b/tests/bench/test_hashes.py
+Index: cryptography-42.0.1/tests/bench/test_hashes.py
+===================================================================
+--- cryptography-42.0.1.orig/tests/bench/test_hashes.py
++++ cryptography-42.0.1/tests/bench/test_hashes.py
@@ -5,10 +5,10 @@
from cryptography.hazmat.primitives import hashes
@@ -211,8 +221,10 @@
- benchmark(bench)
+ bench()
---- a/tests/bench/test_hmac.py
-+++ b/tests/bench/test_hmac.py
+Index: cryptography-42.0.1/tests/bench/test_hmac.py
+===================================================================
+--- cryptography-42.0.1.orig/tests/bench/test_hmac.py
++++ cryptography-42.0.1/tests/bench/test_hmac.py
@@ -5,10 +5,10 @@
from cryptography.hazmat.primitives import hashes, hmac
@@ -226,16 +238,18 @@
- benchmark(bench)
+ bench()
---- a/tests/bench/test_x509.py
-+++ b/tests/bench/test_x509.py
-@@ -9,34 +9,34 @@ from cryptography import x509
+Index: cryptography-42.0.1/tests/bench/test_x509.py
+===================================================================
+--- cryptography-42.0.1.orig/tests/bench/test_x509.py
++++ cryptography-42.0.1/tests/bench/test_x509.py
+@@ -13,40 +13,40 @@ from cryptography import x509
from ..utils import load_vectors_from_file
--def test_object_identier_constructor(benchmark):
+-def test_object_identifier_constructor(benchmark):
- benchmark(x509.ObjectIdentifier, "1.3.6.1.4.1.11129.2.4.5")
-+def test_object_identier_constructor():
-+ x509.ObjectIdentifier("1.3.6.1.4.1.11129.2.4.5")
++def test_object_identifier_constructor():
++ x509.ObjectIdentifier, "1.3.6.1.4.1.11129.2.4.5"
-def test_aki_public_bytes(benchmark):
@@ -246,7 +260,7 @@
authority_cert_serial_number=None,
)
- benchmark(aki.public_bytes)
-+ aki.public_bytes()
++ aki.public_bytes
-def test_load_der_certificate(benchmark):
@@ -258,7 +272,7 @@
)
- benchmark(x509.load_der_x509_certificate, cert_bytes)
-+ x509.load_der_x509_certificate(cert_bytes)
++ x509.load_der_x509_certificate, cert_bytes
-def test_load_pem_certificate(benchmark):
@@ -270,5 +284,18 @@
)
- benchmark(x509.load_pem_x509_certificate, cert_bytes)
-+ x509.load_pem_x509_certificate(cert_bytes)
++ x509.load_pem_x509_certificate, cert_bytes
+
+
+-def test_verify_docs_python_org(benchmark, pytestconfig):
++def test_verify_docs_python_org(pytestconfig):
+ limbo_root = pytestconfig.getoption("--x509-limbo-root", skip=True)
+ with open(os.path.join(limbo_root, "limbo.json"), "rb") as f:
+ [testcase] = [
+@@ -78,4 +78,4 @@ def test_verify_docs_python_org(benchmar
+ )
+ verifier.verify(leaf, intermediates)
+
+- benchmark(bench)
++ bench
++++++ vendor.tar.zst ++++++
Binary files /var/tmp/diff_new_pack.vz01HA/_old and
/var/tmp/diff_new_pack.vz01HA/_new differ
