diff --git a/cryptography-3.2.1.tar.gz b/cryptography-3.2.1.tar.gz deleted file mode 100755 index 7a84f6806fea25116fd5c008a76efe3fea156d8a..0000000000000000000000000000000000000000 Binary files a/cryptography-3.2.1.tar.gz and /dev/null differ diff --git a/dist b/dist new file mode 100644 index 0000000000000000000000000000000000000000..9c0e36ec42a2d9bfefacb21ac6354c9ddd910533 --- /dev/null +++ b/dist @@ -0,0 +1 @@ +an8 diff --git a/download b/download new file mode 100644 index 0000000000000000000000000000000000000000..dd949287abe0eea1f921785fe5687999ec7f1ead --- /dev/null +++ b/download @@ -0,0 +1 @@ +906eb57df20bb8a60222a5196c38d843 cryptography-3.2.1.tar.gz diff --git a/python-cryptography.spec b/python-cryptography.spec old mode 100755 new mode 100644 index d740a62da1d1fec5ea1b998b04a3c7ed59ef2f7a..2a0d99db6af46b6d3eb75fe440ff60f59076d72e --- a/python-cryptography.spec +++ b/python-cryptography.spec @@ -1,10 +1,12 @@ %{!?python3_pkgversion:%global python3_pkgversion 3} %global srcname cryptography +# rhbz#2172416: from_buffer(..., require_writable=True) +%global cffi_version 1.11.5-6 Name: python-%{srcname} Version: 3.2.1 -Release: 6%{?dist} +Release: 7%{?dist} Summary: PyCA's cryptography library Group: Development/Libraries @@ -17,7 +19,8 @@ Patch0002: 0002-Support-pytest-3.4.2.patch Patch0003: 0003-Skip-iso8601-test-cases.patch Patch0004: 0004-Revert-remove-NPN-bindings.patch Patch0005: 0005-CVE-2020-36242.patch -Patch0006: 0006-CVE-2023-23931.patch +# https://github.com/pyca/cryptography/pull/8230 +Patch0006: 0006-CVE-2023-23931.patch BuildRequires: openssl-devel BuildRequires: gcc @@ -30,7 +33,7 @@ BuildRequires: python%{python3_pkgversion}-pretend BuildRequires: python%{python3_pkgversion}-cryptography-vectors = %{version} BuildRequires: python%{python3_pkgversion}-pytz BuildRequires: python%{python3_pkgversion}-six >= 1.4.1 -BuildRequires: python%{python3_pkgversion}-cffi >= 1.7 +BuildRequires: python%{python3_pkgversion}-cffi >= %{cffi_version} %description cryptography is a package designed to expose cryptographic primitives and @@ -43,7 +46,7 @@ Summary: PyCA's cryptography library Requires: openssl-libs Requires: python%{python3_pkgversion}-six >= 1.4.1 -Requires: python%{python3_pkgversion}-cffi >= 1.7 +Requires: python%{python3_pkgversion}-cffi >= %{cffi_version} Conflicts: python%{python3_pkgversion}-cryptography-vectors < %{version} Conflicts: python%{python3_pkgversion}-cryptography-vectors > %{version} @@ -72,7 +75,9 @@ find . -name .keep -print -delete rm -f tests/hazmat/primitives/test_padding.py # don't run hypothesis tests rm -rf tests/hypothesis -PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest +PYTHONPATH=%{buildroot}%{python3_sitearch} \ + %{__python3} -m pytest \ + -k "not test_decrypt_invalid_decrypt" %files -n python%{python3_pkgversion}-%{srcname} @@ -83,7 +88,10 @@ PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest %changelog -* Mon Dec 18 2023 Kaiqiang Wang - 3.2.1-6 +* Fri Dec 01 2023 Christian Heimes - 3.2.1-7 +- Fix FTBFS caused by rsa_pkcs1_implicit_rejection OpenSSL feature, resolves: RHEL-17873 + +* Wed Feb 22 2023 Christian Heimes - 3.2.1-6 - Fix CVE-2023-23931: Don't allow update_into to mutate immutable objects, resolves rhbz#2172404 * Tue Jun 08 2021 Christian Heimes - 3.2.1-5