From cb846ec050984766ef6d3c17132fdf536aa6dce8 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 9 Nov 2021 05:06:33 -0500 Subject: [PATCH] import python-cryptography-3.2.1-5.el8 --- .gitignore | 1 + .python-cryptography.metadata | 1 + ...-add-deprecated-and-removed-features.patch | 254 +++++++++++++++++ SOURCES/0002-Support-pytest-3.4.2.patch | 86 ++++++ SOURCES/0003-Skip-iso8601-test-cases.patch | 73 +++++ SOURCES/0004-Revert-remove-NPN-bindings.patch | 75 +++++ SOURCES/0005-CVE-2020-36242.patch | 18 ++ SPECS/python-cryptography.spec | 265 ++++++++++++++++++ 8 files changed, 773 insertions(+) create mode 100644 .gitignore create mode 100644 .python-cryptography.metadata create mode 100644 SOURCES/0001-Re-add-deprecated-and-removed-features.patch create mode 100644 SOURCES/0002-Support-pytest-3.4.2.patch create mode 100644 SOURCES/0003-Skip-iso8601-test-cases.patch create mode 100644 SOURCES/0004-Revert-remove-NPN-bindings.patch create mode 100644 SOURCES/0005-CVE-2020-36242.patch create mode 100644 SPECS/python-cryptography.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..617462f --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/cryptography-3.2.1.tar.gz diff --git a/.python-cryptography.metadata b/.python-cryptography.metadata new file mode 100644 index 0000000..5035b80 --- /dev/null +++ b/.python-cryptography.metadata @@ -0,0 +1 @@ +20708a4955dcf7e2bb53d05418273d2bc0f80ab4 SOURCES/cryptography-3.2.1.tar.gz diff --git a/SOURCES/0001-Re-add-deprecated-and-removed-features.patch b/SOURCES/0001-Re-add-deprecated-and-removed-features.patch new file mode 100644 index 0000000..149b43e --- /dev/null +++ b/SOURCES/0001-Re-add-deprecated-and-removed-features.patch @@ -0,0 +1,254 @@ +From e3e043ab363387033ddfdcaf3c15d8cf8dda17ed Mon Sep 17 00:00:00 2001 +From: Christian Heimes +Date: Tue, 27 Oct 2020 16:42:15 +0100 +Subject: [PATCH 1] Re-add deprecated and removed features + +* encode_rfc6979_signature() +* decode_rfc6979_signature() +* Certificate.serial property +* MACContext +* osrandom engine is disabled + +Signed-off-by: Christian Heimes +--- + .../hazmat/backends/openssl/cmac.py | 3 +- + .../hazmat/backends/openssl/hmac.py | 3 +- + .../hazmat/backends/openssl/x509.py | 4 ++ + .../hazmat/primitives/asymmetric/utils.py | 8 ++++ + src/cryptography/hazmat/primitives/cmac.py | 3 +- + src/cryptography/hazmat/primitives/hmac.py | 3 +- + src/cryptography/hazmat/primitives/mac.py | 37 +++++++++++++++++++ + src/cryptography/x509/extensions.py | 6 ++- + tests/hazmat/backends/test_openssl.py | 3 ++ + tests/hazmat/primitives/test_asym_utils.py | 9 +++++ + tests/x509/test_x509.py | 1 + + tests/x509/test_x509_ext.py | 5 +++ + 12 files changed, 80 insertions(+), 5 deletions(-) + create mode 100644 src/cryptography/hazmat/primitives/mac.py + +diff --git a/src/cryptography/hazmat/backends/openssl/cmac.py b/src/cryptography/hazmat/backends/openssl/cmac.py +index 195fc230f..5281f634d 100644 +--- a/src/cryptography/hazmat/backends/openssl/cmac.py ++++ b/src/cryptography/hazmat/backends/openssl/cmac.py +@@ -11,10 +11,11 @@ from cryptography.exceptions import ( + UnsupportedAlgorithm, + _Reasons, + ) +-from cryptography.hazmat.primitives import constant_time ++from cryptography.hazmat.primitives import constant_time, mac + from cryptography.hazmat.primitives.ciphers.modes import CBC + + ++@utils.register_interface(mac.MACContext) + class _CMACContext(object): + def __init__(self, backend, algorithm, ctx=None): + if not backend.cmac_algorithm_supported(algorithm): +diff --git a/src/cryptography/hazmat/backends/openssl/hmac.py b/src/cryptography/hazmat/backends/openssl/hmac.py +index 5024223b2..11c850e10 100644 +--- a/src/cryptography/hazmat/backends/openssl/hmac.py ++++ b/src/cryptography/hazmat/backends/openssl/hmac.py +@@ -11,9 +11,10 @@ from cryptography.exceptions import ( + UnsupportedAlgorithm, + _Reasons, + ) +-from cryptography.hazmat.primitives import constant_time, hashes ++from cryptography.hazmat.primitives import constant_time, hashes, mac + + ++@utils.register_interface(mac.MACContext) + @utils.register_interface(hashes.HashContext) + class _HMACContext(object): + def __init__(self, backend, key, algorithm, ctx=None): +diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py +index 4d0dac764..c9074f59e 100644 +--- a/src/cryptography/hazmat/backends/openssl/x509.py ++++ b/src/cryptography/hazmat/backends/openssl/x509.py +@@ -73,6 +73,10 @@ class _Certificate(object): + self._backend.openssl_assert(asn1_int != self._backend._ffi.NULL) + return _asn1_integer_to_int(self._backend, asn1_int) + ++ @property ++ def serial(self): ++ return self.serial_number ++ + def public_key(self): + pkey = self._backend._lib.X509_get_pubkey(self._x509) + if pkey == self._backend._ffi.NULL: +diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py +index 5f9b67786..886d7565b 100644 +--- a/src/cryptography/hazmat/primitives/asymmetric/utils.py ++++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py +@@ -39,3 +39,11 @@ class Prehashed(object): + self._digest_size = algorithm.digest_size + + digest_size = utils.read_only_property("_digest_size") ++ ++ ++def decode_rfc6979_signature(signature): ++ return decode_dss_signature(signature) ++ ++ ++def encode_rfc6979_signature(r, s): ++ return encode_dss_signature(r, s) +diff --git a/src/cryptography/hazmat/primitives/cmac.py b/src/cryptography/hazmat/primitives/cmac.py +index bf962c906..7f37f13cc 100644 +--- a/src/cryptography/hazmat/primitives/cmac.py ++++ b/src/cryptography/hazmat/primitives/cmac.py +@@ -12,9 +12,10 @@ from cryptography.exceptions import ( + ) + from cryptography.hazmat.backends import _get_backend + from cryptography.hazmat.backends.interfaces import CMACBackend +-from cryptography.hazmat.primitives import ciphers ++from cryptography.hazmat.primitives import ciphers, mac + + ++@utils.register_interface(mac.MACContext) + class CMAC(object): + def __init__(self, algorithm, backend=None, ctx=None): + backend = _get_backend(backend) +diff --git a/src/cryptography/hazmat/primitives/hmac.py b/src/cryptography/hazmat/primitives/hmac.py +index 8c421dc68..6f03a1071 100644 +--- a/src/cryptography/hazmat/primitives/hmac.py ++++ b/src/cryptography/hazmat/primitives/hmac.py +@@ -12,9 +12,10 @@ from cryptography.exceptions import ( + ) + from cryptography.hazmat.backends import _get_backend + from cryptography.hazmat.backends.interfaces import HMACBackend +-from cryptography.hazmat.primitives import hashes ++from cryptography.hazmat.primitives import hashes, mac + + ++@utils.register_interface(mac.MACContext) + @utils.register_interface(hashes.HashContext) + class HMAC(object): + def __init__(self, key, algorithm, backend=None, ctx=None): +diff --git a/src/cryptography/hazmat/primitives/mac.py b/src/cryptography/hazmat/primitives/mac.py +new file mode 100644 +index 000000000..4c95190ba +--- /dev/null ++++ b/src/cryptography/hazmat/primitives/mac.py +@@ -0,0 +1,37 @@ ++# This file is dual licensed under the terms of the Apache License, Version ++# 2.0, and the BSD License. See the LICENSE file in the root of this repository ++# for complete details. ++ ++from __future__ import absolute_import, division, print_function ++ ++import abc ++ ++import six ++ ++ ++@six.add_metaclass(abc.ABCMeta) ++class MACContext(object): ++ @abc.abstractmethod ++ def update(self, data): ++ """ ++ Processes the provided bytes. ++ """ ++ ++ @abc.abstractmethod ++ def finalize(self): ++ """ ++ Returns the message authentication code as bytes. ++ """ ++ ++ @abc.abstractmethod ++ def copy(self): ++ """ ++ Return a MACContext that is a copy of the current context. ++ """ ++ ++ @abc.abstractmethod ++ def verify(self, signature): ++ """ ++ Checks if the generated message authentication code matches the ++ signature. ++ """ +diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py +index 130ba69b8..ddbccdf3b 100644 +--- a/src/cryptography/x509/extensions.py ++++ b/src/cryptography/x509/extensions.py +@@ -218,8 +218,12 @@ class AuthorityKeyIdentifier(object): + + @classmethod + def from_issuer_subject_key_identifier(cls, ski): ++ if isinstance(ski, SubjectKeyIdentifier): ++ digest = ski.digest ++ else: ++ digest = ski.value.digest + return cls( +- key_identifier=ski.digest, ++ key_identifier=digest, + authority_cert_issuer=None, + authority_cert_serial_number=None, + ) +diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py +index 2f7e7bebf..73c17d84f 100644 +--- a/tests/hazmat/backends/test_openssl.py ++++ b/tests/hazmat/backends/test_openssl.py +@@ -301,6 +301,9 @@ class TestOpenSSLRandomEngine(object): + res = backend._lib.ENGINE_free(e) + assert res == 1 + ++ def test_rhel8_no_osrandom(self): ++ pytest.fail("osrandom engine is not FIPS compliant, see RHBZ#1762667") ++ + + @pytest.mark.skipif( + backend._lib.CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE, +diff --git a/tests/hazmat/primitives/test_asym_utils.py b/tests/hazmat/primitives/test_asym_utils.py +index 70bff012f..334b459b5 100644 +--- a/tests/hazmat/primitives/test_asym_utils.py ++++ b/tests/hazmat/primitives/test_asym_utils.py +@@ -10,6 +10,8 @@ from cryptography.hazmat.primitives.asymmetric.utils import ( + Prehashed, + decode_dss_signature, + encode_dss_signature, ++ encode_rfc6979_signature, ++ decode_rfc6979_signature + ) + + +@@ -75,3 +77,10 @@ def test_decode_dss_invalid_asn1(): + def test_pass_invalid_prehashed_arg(): + with pytest.raises(TypeError): + Prehashed(object()) ++ ++ ++def test_deprecated_rfc6979_signature(): ++ sig = encode_rfc6979_signature(1, 1) ++ assert sig == b"0\x06\x02\x01\x01\x02\x01\x01" ++ decoded = decode_rfc6979_signature(sig) ++ assert decoded == (1, 1) +diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py +index 11c80816c..e5bdf17d4 100644 +--- a/tests/x509/test_x509.py ++++ b/tests/x509/test_x509.py +@@ -685,6 +685,7 @@ class TestRSACertificate(object): + ) + assert isinstance(cert, x509.Certificate) + assert cert.serial_number == 11559813051657483483 ++ assert cert.serial == cert.serial_number + fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1())) + assert fingerprint == b"2b619ed04bfc9c3b08eb677d272192286a0947a8" + assert isinstance(cert.signature_hash_algorithm, hashes.SHA1) +diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py +index 2cd216fb6..ac2b2c03d 100644 +--- a/tests/x509/test_x509_ext.py ++++ b/tests/x509/test_x509_ext.py +@@ -3442,6 +3442,11 @@ class TestAuthorityKeyIdentifierExtension(object): + ) + assert ext.value == aki + ++ aki = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier( ++ ski_ext ++ ) ++ assert ext.value == aki ++ + + class TestNameConstraints(object): + def test_ipaddress_wrong_type(self): +-- +2.26.2 + diff --git a/SOURCES/0002-Support-pytest-3.4.2.patch b/SOURCES/0002-Support-pytest-3.4.2.patch new file mode 100644 index 0000000..66c1344 --- /dev/null +++ b/SOURCES/0002-Support-pytest-3.4.2.patch @@ -0,0 +1,86 @@ +From c1c1b14d359b1360e7d14a7c0687bef9ed6fc17c Mon Sep 17 00:00:00 2001 +From: Christian Heimes +Date: Wed, 28 Oct 2020 14:27:55 +0100 +Subject: [PATCH 2] Support pytest 3.4.2 + +--- + setup.py | 3 ++- + tests/conftest.py | 4 ++-- + tests/test_utils.py | 4 ++-- + tests/utils.py | 2 +- + 4 files changed, 7 insertions(+), 6 deletions(-) + +diff --git a/setup.py b/setup.py +index 82800a96e..5678db004 100644 +--- a/setup.py ++++ b/setup.py +@@ -93,7 +93,8 @@ setup( + extras_require={ + ":python_version < '3'": ["enum34", "ipaddress"], + "test": [ +- "pytest>=3.6.0,!=3.9.0,!=3.9.1,!=3.9.2", ++ "pytest>=3.4.2,<3.6", ++ "attrs>=17.4.0,<18.0", + "pretend", + "iso8601", + "pytz", +diff --git a/tests/conftest.py b/tests/conftest.py +index 4e3124fa7..53c194830 100644 +--- a/tests/conftest.py ++++ b/tests/conftest.py +@@ -42,7 +42,7 @@ def pytest_generate_tests(metafunc): + + def pytest_runtest_setup(item): + if openssl_backend._fips_enabled: +- for marker in item.iter_markers(name="skip_fips"): ++ for marker in item.get_marker(name="skip_fips") or []: + pytest.skip(marker.kwargs["reason"]) + + +@@ -50,7 +50,7 @@ def pytest_runtest_setup(item): + def backend(request): + required_interfaces = [ + mark.kwargs["interface"] +- for mark in request.node.iter_markers("requires_backend_interface") ++ for mark in request.node.get_marker("requires_backend_interface") or [] + ] + if not all( + isinstance(openssl_backend, iface) for iface in required_interfaces +diff --git a/tests/test_utils.py b/tests/test_utils.py +index d6afa3b34..e0a1be4f5 100644 +--- a/tests/test_utils.py ++++ b/tests/test_utils.py +@@ -43,7 +43,7 @@ def test_check_backend_support_skip(): + supported = pretend.stub( + kwargs={"only_if": lambda backend: False, "skip_message": "Nope"} + ) +- node = pretend.stub(iter_markers=lambda x: [supported]) ++ node = pretend.stub(get_marker=lambda x: [supported]) + item = pretend.stub(node=node) + with pytest.raises(pytest.skip.Exception) as exc_info: + check_backend_support(True, item) +@@ -54,7 +54,7 @@ def test_check_backend_support_no_skip(): + supported = pretend.stub( + kwargs={"only_if": lambda backend: True, "skip_message": "Nope"} + ) +- node = pretend.stub(iter_markers=lambda x: [supported]) ++ node = pretend.stub(get_marker=lambda x: [supported]) + item = pretend.stub(node=node) + assert check_backend_support(None, item) is None + +diff --git a/tests/utils.py b/tests/utils.py +index 5d98af00e..a08f79c34 100644 +--- a/tests/utils.py ++++ b/tests/utils.py +@@ -27,7 +27,7 @@ KeyedHashVector = collections.namedtuple( + + + def check_backend_support(backend, item): +- for mark in item.node.iter_markers("supported"): ++ for mark in item.node.get_marker("supported") or []: + if not mark.kwargs["only_if"](backend): + pytest.skip("{} ({})".format(mark.kwargs["skip_message"], backend)) + +-- +2.26.2 + diff --git a/SOURCES/0003-Skip-iso8601-test-cases.patch b/SOURCES/0003-Skip-iso8601-test-cases.patch new file mode 100644 index 0000000..0131af2 --- /dev/null +++ b/SOURCES/0003-Skip-iso8601-test-cases.patch @@ -0,0 +1,73 @@ +From bea141d25bd2bc4eea7527e2d6ec1d85b2b3806d Mon Sep 17 00:00:00 2001 +From: Christian Heimes +Date: Thu, 29 Oct 2020 09:21:06 +0100 +Subject: [PATCH 3] Skip iso8601 test cases + +--- + tests/test_fernet.py | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/tests/test_fernet.py b/tests/test_fernet.py +index 38409b03e..343f3e4ec 100644 +--- a/tests/test_fernet.py ++++ b/tests/test_fernet.py +@@ -10,7 +10,10 @@ import json + import os + import time + +-import iso8601 ++try: ++ import iso8601 ++except ImportError: ++ iso8601 = None + + import pytest + +@@ -24,6 +27,12 @@ from cryptography.hazmat.primitives.ciphers import algorithms, modes + import cryptography_vectors + + ++skip_iso8601 = pytest.mark.skipif( ++ iso8601 is None, ++ reason="is8601 is not available" ++) ++ ++ + def json_parametrize(keys, filename): + vector_file = cryptography_vectors.open_vector_file( + os.path.join("fernet", filename), "r" +@@ -49,6 +58,7 @@ def test_default_backend(): + skip_message="Does not support AES CBC", + ) + class TestFernet(object): ++ @skip_iso8601 + @json_parametrize( + ("secret", "now", "iv", "src", "token"), + "generate.json", +@@ -62,6 +72,7 @@ class TestFernet(object): + ) + assert actual_token == token.encode("ascii") + ++ @skip_iso8601 + @json_parametrize( + ("secret", "now", "src", "ttl_sec", "token"), + "verify.json", +@@ -81,6 +92,7 @@ class TestFernet(object): + payload = f.decrypt(token.encode("ascii"), ttl=ttl_sec) + assert payload == src.encode("ascii") + ++ @skip_iso8601 + @json_parametrize(("secret", "token", "now", "ttl_sec"), "invalid.json") + def test_invalid(self, secret, token, now, ttl_sec, backend, monkeypatch): + f = Fernet(secret.encode("ascii"), backend=backend) +@@ -117,6 +129,7 @@ class TestFernet(object): + with pytest.raises(TypeError): + f.decrypt(u"") + ++ @skip_iso8601 + def test_timestamp_ignored_no_ttl(self, monkeypatch, backend): + f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend) + pt = b"encrypt me" +-- +2.26.2 + diff --git a/SOURCES/0004-Revert-remove-NPN-bindings.patch b/SOURCES/0004-Revert-remove-NPN-bindings.patch new file mode 100644 index 0000000..8a1c31a --- /dev/null +++ b/SOURCES/0004-Revert-remove-NPN-bindings.patch @@ -0,0 +1,75 @@ +From e8ed37e0d24a1cc7482ab816ed5f25243395b2ef Mon Sep 17 00:00:00 2001 +From: Christian Heimes +Date: Mon, 14 Dec 2020 14:13:53 +0100 +Subject: [PATCH] Revert "remove NPN bindings -- you should be using ALPN! + (#4765)" + +This reverts commit 99bf4e4605cbe54bad597da1ebe4cc323909083c. +--- + src/_cffi_src/openssl/ssl.py | 20 +++++++++++++++++++- + tests/hazmat/bindings/test_openssl.py | 4 ++++ + 2 files changed, 23 insertions(+), 1 deletion(-) + +diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py +index c38e309a1..fa854f5dd 100644 +--- a/src/_cffi_src/openssl/ssl.py ++++ b/src/_cffi_src/openssl/ssl.py +@@ -138,6 +138,8 @@ static const long SSL3_RANDOM_SIZE; + static const long TLS_ST_BEFORE; + static const long TLS_ST_OK; + ++static const long OPENSSL_NPN_NEGOTIATED; ++ + typedef ... SSL_METHOD; + typedef ... SSL_CTX; + +@@ -401,9 +403,25 @@ SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *); + + long SSL_session_reused(SSL *); + ++void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *, ++ int (*)(SSL *, ++ const unsigned char **, ++ unsigned int *, ++ void *), ++ void *); ++void SSL_CTX_set_next_proto_select_cb(SSL_CTX *, ++ int (*)(SSL *, ++ unsigned char **, ++ unsigned char *, ++ const unsigned char *, ++ unsigned int, ++ void *), ++ void *); + int SSL_select_next_proto(unsigned char **, unsigned char *, + const unsigned char *, unsigned int, + const unsigned char *, unsigned int); ++void SSL_get0_next_proto_negotiated(const SSL *, ++ const unsigned char **, unsigned *); + + int sk_SSL_CIPHER_num(Cryptography_STACK_OF_SSL_CIPHER *); + const SSL_CIPHER *sk_SSL_CIPHER_value(Cryptography_STACK_OF_SSL_CIPHER *, int); +@@ -601,7 +619,7 @@ static const long Cryptography_HAS_TLSv1_2 = 1; + static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1; + static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1; + static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1; +-static const long Cryptography_HAS_NEXTPROTONEG = 0; ++static const long Cryptography_HAS_NEXTPROTONEG = 1; + static const long Cryptography_HAS_ALPN = 1; + + #if CRYPTOGRAPHY_IS_LIBRESSL +diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py +index ecee34091..aeb12a0dc 100644 +--- a/tests/hazmat/bindings/test_openssl.py ++++ b/tests/hazmat/bindings/test_openssl.py +@@ -137,3 +137,7 @@ class TestOpenSSL(object): + ) + with pytest.raises(RuntimeError): + _verify_openssl_version(lib) ++ ++ def test_npn_binding(self): ++ b = Binding() ++ assert b.lib.Cryptography_HAS_NEXTPROTONEG +-- +2.29.2 + diff --git a/SOURCES/0005-CVE-2020-36242.patch b/SOURCES/0005-CVE-2020-36242.patch new file mode 100644 index 0000000..1f2f9c5 --- /dev/null +++ b/SOURCES/0005-CVE-2020-36242.patch @@ -0,0 +1,18 @@ +From 962eac3925c7184fb5dc174357823223beba0d85 Mon Sep 17 00:00:00 2001 +From: Paul Kehrer +Date: Sun, 7 Feb 2021 11:04:43 -0600 +Subject: [PATCH] port changelog and fix back to master for CVE-2020-36242 + +diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py +index 2b10681b31..0f96795fdc 100644 +--- a/src/cryptography/hazmat/backends/openssl/ciphers.py ++++ b/src/cryptography/hazmat/backends/openssl/ciphers.py +@@ -16,7 +16,7 @@ + class _CipherContext(object): + _ENCRYPT = 1 + _DECRYPT = 0 +- _MAX_CHUNK_SIZE = 2 ** 31 - 1 ++ _MAX_CHUNK_SIZE = 2 ** 30 - 1 + + def __init__(self, backend, cipher, mode, operation): + self._backend = backend diff --git a/SPECS/python-cryptography.spec b/SPECS/python-cryptography.spec new file mode 100644 index 0000000..7132873 --- /dev/null +++ b/SPECS/python-cryptography.spec @@ -0,0 +1,265 @@ +%{!?python3_pkgversion:%global python3_pkgversion 3} + +%global srcname cryptography + +Name: python-%{srcname} +Version: 3.2.1 +Release: 5%{?dist} +Summary: PyCA's cryptography library + +Group: Development/Libraries +License: ASL 2.0 or BSD +URL: https://cryptography.io/en/latest/ +Source0: https://pypi.io/packages/source/c/%{srcname}/%{srcname}-%{version}.tar.gz + +Patch0001: 0001-Re-add-deprecated-and-removed-features.patch +Patch0002: 0002-Support-pytest-3.4.2.patch +Patch0003: 0003-Skip-iso8601-test-cases.patch +Patch0004: 0004-Revert-remove-NPN-bindings.patch +Patch0005: 0005-CVE-2020-36242.patch + +BuildRequires: openssl-devel +BuildRequires: gcc + +BuildRequires: python%{python3_pkgversion}-devel +BuildRequires: python%{python3_pkgversion}-pytest >= 3.4.2 +BuildRequires: python%{python3_pkgversion}-setuptools +BuildRequires: python%{python3_pkgversion}-pretend +# BuildRequires: python{python3_pkgversion}-iso8601 +BuildRequires: python%{python3_pkgversion}-cryptography-vectors = %{version} +BuildRequires: python%{python3_pkgversion}-pytz +BuildRequires: python%{python3_pkgversion}-six >= 1.4.1 +BuildRequires: python%{python3_pkgversion}-cffi >= 1.7 + +%description +cryptography is a package designed to expose cryptographic primitives and +recipes to Python developers. + +%package -n python%{python3_pkgversion}-%{srcname} +Group: Development/Libraries +Summary: PyCA's cryptography library +%{?python_provide:%python_provide python%{python3_pkgversion}-%{srcname}} + +Requires: openssl-libs +Requires: python%{python3_pkgversion}-six >= 1.4.1 +Requires: python%{python3_pkgversion}-cffi >= 1.7 +Conflicts: python%{python3_pkgversion}-cryptography-vectors < %{version} +Conflicts: python%{python3_pkgversion}-cryptography-vectors > %{version} + +%description -n python%{python3_pkgversion}-%{srcname} +cryptography is a package designed to expose cryptographic primitives and +recipes to Python developers. + + +%prep +%autosetup -p1 -n %{srcname}-%{version} + + +%build +%py3_build + + +%install +# Actually other *.c and *.h are appropriate +# see https://github.com/pyca/cryptography/issues/1463 +find . -name .keep -print -delete +%py3_install + + +%check +# workaround for pytest 3.2.0 bug https://github.com/pytest-dev/pytest/issues/2644 +rm -f tests/hazmat/primitives/test_padding.py +# don't run hypothesis tests +rm -rf tests/hypothesis +PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest + + +%files -n python%{python3_pkgversion}-%{srcname} +%doc README.rst docs +%license LICENSE LICENSE.APACHE LICENSE.BSD +%{python3_sitearch}/%{srcname} +%{python3_sitearch}/%{srcname}-%{version}-py*.egg-info + + +%changelog +* Tue Jun 08 2021 Christian Heimes - 3.2.1-5 +- Rebuild for RHEL 8.5 +- Resolves: rhbz#1933071 + +* Tue Feb 09 2021 Christian Heimes - 3.2.1-4 +- CVE-2020-36242: Fixed a bug where certain sequences of update() calls + when symmetrically encrypting very large payloads (>2GB) could result + in an integer overflow, leading to buffer overflows. +- Resolves: rhbz#1926528 + +* Mon Dec 14 17:24:01 CET 2020 Christian Heimes - 3.2.1-3 +- Conflict with non-matching vector package + +* Mon Dec 14 14:19:42 CET 2020 Christian Heimes - 3.2.1-2 +- Re-add remove NPN bindings, required for pyOpenSSL +- Resolves: rhbz#1907429 + +* Wed Oct 28 2020 Christian Heimes - 3.2.1-1 +- Rebase to upstream release 3.2.1 +- Resolves: rhbz#1873581 +- Resolves: rhbz#1778939 +- Removed dependencies on python-asn1crypto, python-idna + +* Tue Nov 12 2019 Christian Heimes - 2.3-3 +- Don't activate custom osrandom engine for FIPS compliance +- Resolves: rhbz#1762667 + +* Mon Aug 13 2018 Christian Heimes - 2.3-2 +- Use TLSv1.2 in test as workaround for RHBZ#1615099 +- Resolves: RHBZ#1611738 + +* Wed Jul 18 2018 Christian Heimes - 2.3-1 +- New upstream release 2.3 +- Fix AEAD tag truncation bug, CVE-2018-10903, RHBZ#1602755, RHBZ#1602932 + +* Tue Jun 19 2018 Christian Heimes - 2.2.1-2 +- Drop Python 2 subpackages from RHEL 8, fixes RHBZ#1589754 +- Remove unnecessary copy and shebang mangling + +* Wed Mar 21 2018 Christian Heimes - 2.2.1-1 +- New upstream release 2.2.1 + +* Sun Feb 18 2018 Christian Heimes - 2.1.4-1 +- New upstream release 2.1.4 + +* Sun Feb 18 2018 Christian Heimes - 2.1.3-4 +- Build requires gcc + +* Mon Feb 12 2018 Iryna Shcherbina - 2.1.3-3 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Fri Feb 09 2018 Fedora Release Engineering - 2.1.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Nov 23 2017 Haïkel Guémar - 2.1.3-1 +- Upstream 2.1.3 + +* Tue Oct 24 2017 Christian Heimes - 2.1-2 +- Change Requires to openssl-libs + +* Thu Oct 12 2017 Christian Heimes - 2.1-1 +- New upstream release 2.1 + +* Wed Sep 27 2017 Troy Dawson - 2.0.2-3 +- Cleanup spec file conditionals + +* Thu Aug 03 2017 Christian Heimes - 2.0.2-2 +- Add workaround for pytest bug + +* Thu Aug 03 2017 Christian Heimes - 2.0.2-1 +- New upstream release 2.0.2 +- Modernize spec + +* Thu Aug 03 2017 Fedora Release Engineering - 1.9-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 1.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Jun 27 2017 Christian Heimes - 1.9-1 +- Upstream release 1.9 + +* Wed Feb 15 2017 Christian Heimes - 1.7.2-1 +- Update to latest upstream + +* Sat Feb 11 2017 Fedora Release Engineering - 1.7.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Jan 05 2017 Matěj Cepl - 1.7.1-1 +- Update to the latest upstream. +- Add a patch from https://github.com/pyca/cryptography/pull/3328 + +* Tue Dec 13 2016 Charalampos Stratakis - 1.5.3-5 +- Enable tests + +* Mon Dec 12 2016 Charalampos Stratakis - 1.5.3-4 +- Rebuild for Python 3.6 +- Disable python3 tests for now + +* Thu Nov 10 2016 Nathaniel McCallum - 1.5.3-3 +- Revert previous change + +* Thu Nov 10 2016 Nathaniel McCallum - 1.5.3-2 +- Disable tests on releases earlier than 24 + +* Mon Nov 07 2016 Nathaniel McCallum - 1.5.3-1 +- Update to v1.5.3 +- Update source URL +- Add BR for pytz + +* Tue Jul 19 2016 Fedora Release Engineering - 1.3.1-4 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Tue May 10 2016 Nathaniel McCallum - 1.3.1-3 +- Remove versioned setuptools dependency + +* Tue May 10 2016 Nathaniel McCallum - 1.3.1-2 +- Make it easier to build on EL7 + +* Tue May 03 2016 Nathaniel McCallum - 1.3.1-1 +- Update to v1.3.1 + +* Thu Feb 04 2016 Fedora Release Engineering - 1.2.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Mon Jan 11 2016 Nathaniel McCallum - 1.2.1-2 +- Move python-cryptograph => python2-cryptography + +* Sat Jan 09 2016 Nathaniel McCallum - 1.2.1-1 +- Update to v1.2.1 + +* Wed Nov 11 2015 Robert Kuska - 1.1-1 +- Update to v1.1 + +* Wed Nov 04 2015 Robert Kuska - 1.0.2-2 +- Rebuilt for Python3.5 rebuild + +* Wed Sep 30 2015 Matěj Cepl - 1.0.2-1 +- New upstream release (fix #1267548) + +* Wed Aug 12 2015 Nathaniel McCallum - 1.0-1 +- New upstream release + +* Thu Jun 18 2015 Fedora Release Engineering - 0.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Thu May 14 2015 Nathaniel McCallum - 0.9-1 +- New upstream release +- Run tests on RHEL +- New deps: python-idna, python-ipaddress + +* Fri Apr 17 2015 Nathaniel McCallum - 0.8.2-1 +- New upstream release +- Add python3-pyasn1 Requires (#1211073) + +* Tue Apr 14 2015 Matej Cepl - 0.8-2 +- Add python-pyasn1 Requires (#1211073) + +* Fri Mar 13 2015 Nathaniel McCallum - 0.8-1 +- New upstream release +- Remove upstreamed patch + +* Wed Mar 04 2015 Nathaniel McCallum - 0.7.2-2 +- Add python3-cryptography-vectors build requires +- Add python-enum34 requires + +* Tue Feb 03 2015 Nathaniel McCallum - 0.7.2-1 +- New upstream release. BSD is now an optional license. +- Fix test running on python3 +- Add upstream patch to fix test paths + +* Fri Nov 07 2014 Matej Cepl - 0.6.1-2 +- Fix requires, for reasons why other development files were not + eliminated see https://github.com/pyca/cryptography/issues/1463. + +* Wed Nov 05 2014 Matej Cepl - 0.6.1-1 +- New upstream release. + +* Sun Jun 29 2014 Terry Chia 0.4-1 +- initial version