diff --git a/cryptography-41.0.7-vendor.tar.bz2 b/cryptography-42.0.5-vendor.tar.bz2 similarity index 44% rename from cryptography-41.0.7-vendor.tar.bz2 rename to cryptography-42.0.5-vendor.tar.bz2 index 6f7c9decd6c154a9bced697cdc086c29eff937e5..a3602153e0839d8cd2f4c5050207cd7ce52e38d9 100644 Binary files a/cryptography-41.0.7-vendor.tar.bz2 and b/cryptography-42.0.5-vendor.tar.bz2 differ diff --git a/cryptography-41.0.7.tar.gz b/cryptography-42.0.5.tar.gz similarity index 76% rename from cryptography-41.0.7.tar.gz rename to cryptography-42.0.5.tar.gz index 6edd6ce971308243ac99361d25bcf3f2d80dbbb6..3b9814068a44eb47245523815ff4a384eb8643b9 100644 Binary files a/cryptography-41.0.7.tar.gz and b/cryptography-42.0.5.tar.gz differ diff --git a/ouroboros-0.17.patch b/ouroboros-0.17.patch deleted file mode 100644 index a41a2c3d63464dcedcc08ef0f9f286f9820eb522..0000000000000000000000000000000000000000 --- a/ouroboros-0.17.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml -index 9dd060f8b..8004c7e76 100644 ---- a/src/rust/Cargo.toml -+++ b/src/rust/Cargo.toml -@@ -15,7 +15,7 @@ cryptography-cffi = { path = "cryptography-cffi" } - cryptography-x509 = { path = "cryptography-x509" } - cryptography-openssl = { path = "cryptography-openssl" } - pem = "1.1" --ouroboros = "0.15" -+ouroboros = "0.17" - openssl = "0.10.54" - openssl-sys = "0.9.88" - foreign-types-shared = "0.1" diff --git a/pyo3-0.19.patch b/pyo3-0.19.patch deleted file mode 100644 index 692232acfbf3eef47e1401a4198accbc503abe05..0000000000000000000000000000000000000000 --- a/pyo3-0.19.patch +++ /dev/null @@ -1,52 +0,0 @@ -diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml -index 01fba147e..9dd060f8b 100644 ---- a/src/rust/Cargo.toml -+++ b/src/rust/Cargo.toml -@@ -9,7 +9,7 @@ rust-version = "1.56.0" - - [dependencies] - once_cell = "1" --pyo3 = { version = "0.18", features = ["abi3-py37"] } -+pyo3 = { version = "0.19", features = ["abi3-py37"] } - asn1 = { version = "0.15.2", default-features = false } - cryptography-cffi = { path = "cryptography-cffi" } - cryptography-x509 = { path = "cryptography-x509" } -diff --git a/src/rust/cryptography-cffi/Cargo.toml b/src/rust/cryptography-cffi/Cargo.toml -index 65051c2a4..24e53991b 100644 ---- a/src/rust/cryptography-cffi/Cargo.toml -+++ b/src/rust/cryptography-cffi/Cargo.toml -@@ -8,7 +8,7 @@ publish = false - rust-version = "1.56.0" - - [dependencies] --pyo3 = { version = "0.18", features = ["abi3-py37"] } -+pyo3 = { version = "0.19", features = ["abi3-py37"] } - openssl-sys = "0.9.88" - - [build-dependencies] -diff --git a/src/rust/src/x509/crl.rs b/src/rust/src/x509/crl.rs -index 923015035..1380d6eb8 100644 ---- a/src/rust/src/x509/crl.rs -+++ b/src/rust/src/x509/crl.rs -@@ -145,7 +145,7 @@ impl CertificateRevocationList { - revoked_certs - }); - -- if idx.is_instance_of::()? { -+ if idx.is_instance_of::() { - let indices = idx - .downcast::()? - .indices(self.len().try_into().unwrap())?; -diff --git a/src/rust/src/x509/extensions.rs b/src/rust/src/x509/extensions.rs -index 98d1bd63b..dcf28833f 100644 ---- a/src/rust/src/x509/extensions.rs -+++ b/src/rust/src/x509/extensions.rs -@@ -211,7 +211,7 @@ fn encode_certificate_policies( - let mut qualifiers = vec![]; - for py_qualifier in py_policy_qualifiers.iter()? { - let py_qualifier = py_qualifier?; -- let qualifier = if py_qualifier.is_instance_of::()? { -+ let qualifier = if py_qualifier.is_instance_of::() { - let cps_uri = match asn1::IA5String::new(py_qualifier.extract()?) { - Some(s) => s, - None => { diff --git a/python-cryptography.spec b/python-cryptography.spec index 025e1d70ca12e11f4fc2bd372f0a663dc5daae6d..9a1f273348b2937e36b780574fc908545ea2dc2b 100644 --- a/python-cryptography.spec +++ b/python-cryptography.spec @@ -1,4 +1,4 @@ -%define anolis_release 2 +%define anolis_release 1 %bcond_with tests %{!?python3_pkgversion:%global python3_pkgversion 3} @@ -6,7 +6,7 @@ %global srcname cryptography Name: python-%{srcname} -Version: 41.0.7 +Version: 42.0.5 Release: %{anolis_release}%{?dist} Summary: PyCA's cryptography library @@ -20,16 +20,14 @@ Source0: https://github.com/pyca/cryptography/archive/%{version}/%{srcnam Source1: cryptography-%{version}-vendor.tar.bz2 Source2: conftest-skipper.py -Patch1: pyo3-0.19.patch -Patch2: ouroboros-0.17.patch +Patch1: skip-overflow-tests-32bit.patch ExclusiveArch: %{rust_arches} BuildRequires: openssl-devel BuildRequires: gcc BuildRequires: gnupg2 -BuildRequires: rust-toolset -BuildRequires: cargo +BuildRequires: rust-packaging, cargo BuildRequires: python%{python3_pkgversion}-cffi >= 1.12 BuildRequires: python%{python3_pkgversion}-devel @@ -37,6 +35,7 @@ BuildRequires: python%{python3_pkgversion}-setuptools BuildRequires: python%{python3_pkgversion}-setuptools-rust >= 0.11.4 %if %{with tests} +BuildRequires: python%{python3_pkgversion}-certifi BuildRequires: python%{python3_pkgversion}-pytest >= 6.2.0 BuildRequires: python%{python3_pkgversion}-pytest-benchmark BuildRequires: python%{python3_pkgversion}-pytest-subtests >= 0.5.0 @@ -59,21 +58,30 @@ recipes to Python developers. %prep %autosetup -p1 -N -n %{srcname}-%{version} -%cargo_prep -V 1 +%autopatch -p1 1 +tar -xjf %{SOURCE1} +%cargo_prep -v vendor # Remove cosmetical pytest-subtests 0.10.0 option sed -i 's,--no-subtests-shortletter,,' pyproject.toml + +%generate_buildrequires +%pyproject_buildrequires -t + %build export RUSTFLAGS="%build_rustflags" export OPENSSL_NO_VENDOR=1 -%py3_build +%pyproject_wheel + %install # Actually other *.c and *.h are appropriate # see https://github.com/pyca/cryptography/issues/1463 find . -name .keep -print -delete -%py3_install +%pyproject_install +%pyproject_save_files %{srcname} + %check %if %{with tests} @@ -92,13 +100,16 @@ PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \ -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve or test_decrypt_invalid_decrypt or test_openssl_memleak or test_load_invalid_ec_key_from_pem)" %endif -%files -n python%{python3_pkgversion}-%{srcname} + +%files -n python%{python3_pkgversion}-%{srcname} -f %{pyproject_files} %doc README.rst docs %license LICENSE LICENSE.APACHE LICENSE.BSD -%{python3_sitearch}/%{srcname} -%{python3_sitearch}/%{srcname}-%{version}-py*.egg-info + %changelog +* Wed May 29 2024 mgb01105731 - 42.0.5-1 +- Update to 42.0.5 + * Mon Mar 25 2024 Bo Ren - 41.0.7-2 - Rebuild with python3.11 @@ -122,4 +133,3 @@ PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \ * Sun Apr 24 2022 Zhongling He - 36.0.2-1 - Init package from upstream v36.0.2 - diff --git a/skip-overflow-tests-32bit.patch b/skip-overflow-tests-32bit.patch new file mode 100644 index 0000000000000000000000000000000000000000..1dec3d9264c546751238a4733cb68b69c25a16e7 --- /dev/null +++ b/skip-overflow-tests-32bit.patch @@ -0,0 +1,73 @@ +From d741901dddd731895346636c0d3556c6fa51fbe6 Mon Sep 17 00:00:00 2001 +From: Paul Kehrer +Date: Thu, 8 Feb 2024 09:11:21 -0600 +Subject: [PATCH] skip overflow aead tests on 32-bit systems + +--- + tests/hazmat/primitives/test_aead.py | 18 ++++++++++++------ + 1 file changed, 12 insertions(+), 6 deletions(-) + +diff --git a/tests/hazmat/primitives/test_aead.py b/tests/hazmat/primitives/test_aead.py +index a1f99ab815ed..2f0d52d82682 100644 +--- a/tests/hazmat/primitives/test_aead.py ++++ b/tests/hazmat/primitives/test_aead.py +@@ -56,7 +56,8 @@ def test_chacha20poly1305_unsupported_on_older_openssl(backend): + ) + class TestChaCha20Poly1305: + @pytest.mark.skipif( +- sys.platform not in {"linux", "darwin"}, reason="mmap required" ++ sys.platform not in {"linux", "darwin"} or sys.maxsize < 2**31, ++ reason="mmap and 64-bit platform required", + ) + def test_data_too_large(self): + key = ChaCha20Poly1305.generate_key() +@@ -197,7 +198,8 @@ def test_buffer_protocol(self, backend): + ) + class TestAESCCM: + @pytest.mark.skipif( +- sys.platform not in {"linux", "darwin"}, reason="mmap required" ++ sys.platform not in {"linux", "darwin"} or sys.maxsize < 2**31, ++ reason="mmap and 64-bit platform required", + ) + def test_data_too_large(self): + key = AESCCM.generate_key(128) +@@ -378,7 +380,8 @@ def _load_gcm_vectors(): + + class TestAESGCM: + @pytest.mark.skipif( +- sys.platform not in {"linux", "darwin"}, reason="mmap required" ++ sys.platform not in {"linux", "darwin"} or sys.maxsize < 2**31, ++ reason="mmap and 64-bit platform required", + ) + def test_data_too_large(self): + key = AESGCM.generate_key(128) +@@ -525,7 +528,8 @@ def test_aesocb3_unsupported_on_older_openssl(backend): + ) + class TestAESOCB3: + @pytest.mark.skipif( +- sys.platform not in {"linux", "darwin"}, reason="mmap required" ++ sys.platform not in {"linux", "darwin"} or sys.maxsize < 2**31, ++ reason="mmap and 64-bit platform required", + ) + def test_data_too_large(self): + key = AESOCB3.generate_key(128) +@@ -700,7 +704,8 @@ def test_buffer_protocol(self, backend): + ) + class TestAESSIV: + @pytest.mark.skipif( +- sys.platform not in {"linux", "darwin"}, reason="mmap required" ++ sys.platform not in {"linux", "darwin"} or sys.maxsize < 2**31, ++ reason="mmap and 64-bit platform required", + ) + def test_data_too_large(self): + key = AESSIV.generate_key(256) +@@ -844,7 +849,8 @@ def test_buffer_protocol(self, backend): + ) + class TestAESGCMSIV: + @pytest.mark.skipif( +- sys.platform not in {"linux", "darwin"}, reason="mmap required" ++ sys.platform not in {"linux", "darwin"} or sys.maxsize < 2**31, ++ reason="mmap and 64-bit platform required", + ) + def test_data_too_large(self): + key = AESGCMSIV.generate_key(256)