Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-cryptography for
openSUSE:Factory checked in at 2021-12-12 21:27:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-cryptography (Old)
and /work/SRC/openSUSE:Factory/.python-cryptography.new.2520 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-cryptography"
Sun Dec 12 21:27:31 2021 rev:57 rq:934527 version:36.0.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-cryptography/python-cryptography.changes
2021-10-25 15:17:30.493678439 +0200
+++
/work/SRC/openSUSE:Factory/.python-cryptography.new.2520/python-cryptography.changes
2021-12-12 21:28:02.480356890 +0100
@@ -1,0 +2,82 @@
+Sat Nov 27 15:56:28 UTC 2021 - Dirk M??ller <[email protected]>
+
+- update to 36.0.0:
+ * FINAL DEPRECATION Support for verifier and signer on our asymmetric key
+ classes was deprecated in version 2.1. These functions had an extended
+ deprecation due to usage, however the next version of cryptography will
+ drop support. Users should migrate to sign and verify.
+ * The entire X.509 layer is now written in Rust. This allows alternate
+ asymmetric key implementations that can support cloud key management
+ services or hardware security modules provided they implement the necessary
+ interface (for example: EllipticCurvePrivateKey).
+ * Deprecated the backend argument for all functions.
+ * Added support for AESOCB3.
+ * Added support for iterating over arbitrary request attributes.
+ * Deprecated the get_attribute_for_oid method on CertificateSigningRequest in
+ favor of get_attribute_for_oid() on the new Attributes object.
+ * Fixed handling of PEM files to allow loading when certificate and key are
+ in the same file.
+ * Fixed parsing of CertificatePolicies extensions containing legacy
BMPString values in their explicitText.
+ * Allow parsing of negative serial numbers in certificates. Negative serial
+ numbers are prohibited by RFC 5280 so a deprecation warning will be raised
+ whenever they are encountered. A future version of cryptography will drop
+ support for parsing them.
+ * Added support for parsing PKCS12 files with friendly names for all
+ certificates with load_pkcs12(), which will return an object of type
+ PKCS12KeyAndCertificates.
+ * rfc4514_string() and related methods now have an optional
+ attr_name_overrides parameter to supply custom OID to name mappings, which
+ can be used to match vendor-specific extensions.
+ * BACKWARDS INCOMPATIBLE: Reverted the nonstandard formatting of email
+ address fields as E in rfc4514_string() methods from version 35.0.
+ * The previous behavior can be restored with:
+ name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"})
+ * Allow X25519PublicKey and X448PublicKey to be used as public keys when
+ parsing certificates or creating them with CertificateBuilder. These key
+ types must be signed with a different signing algorithm as X25519 and X448
+ do not support signing.
+ * Extension values can now be serialized to a DER byte string by calling
public_bytes().
+ * Added experimental support for compiling against BoringSSL. As BoringSSL
+ does not commit to a stable API, cryptography tests against the latest
+ commit only. Please note that several features are not available when
+ building against BoringSSL.
+ * Parsing CertificateSigningRequest from DER and PEM now, for a limited time
+ period, allows the Extension critical field to be incorrectly encoded. See
+ the issue for complete details. This will be reverted in a future
+ cryptography release.
+ * When OCSPNonce are parsed and generated their value is now correctly
+ wrapped in an ASN.1 OCTET STRING. This conforms to RFC 6960 but conflicts
+ with the original behavior specified in RFC 2560. For a temporary period
+ for backwards compatibility, we will also parse values that are encoded as
+ specified in RFC 2560 but this behavior will be removed in a future
+ release.
+ * Changed the version scheme. This will result in us incrementing the major
+ version more frequently, but does not change our existing backwards
+ compatibility policy.
+ * BACKWARDS INCOMPATIBLE: The X.509 PEM parsers now require that the PEM
+ string passed have PEM delimiters of the correct type. For example, parsing
+ a private key PEM concatenated with a certificate PEM will no longer be
+ accepted by the PEM certificate parser.
+ * BACKWARDS INCOMPATIBLE: The X.509 certificate parser no longer allows
+ negative serial numbers. RFC 5280 has always prohibited these.
+ * BACKWARDS INCOMPATIBLE: Additional forms of invalid ASN.1 found during
+ X.509 parsing will raise an error on initial parse rather than when the
+ malformed field is accessed.
+ * Rust is now required for building cryptography, the
+ CRYPTOGRAPHY_DONT_BUILD_RUST environment variable is no longer respected.
+ * Parsers for X.509 no longer use OpenSSL and have been rewritten in Rust.
+ This should be backwards compatible (modulo the items listed above) and
+ improve both security and performance.
+ * Added support for OpenSSL 3.0.0 as a compilation target.
+ * Added support for SM3 and SM4, when using OpenSSL 1.1.1. These algorithms
+ are provided for compatibility in regions where they may be required, and
+ are not generally recommended.
+ * We now ship manylinux_2_24 and musllinux_1_1 wheels, in addition to our
+ manylinux2010 and manylinux2014 wheels. Users on distributions like Alpine
+ Linux should ensure they upgrade to the latest pip to correctly receive
+ wheels.
+ * Added rfc4514_attribute_name attribute to x509.NameAttribute.
+- drop disable-uneven-sizes-tests.patch (upstream)
+- drop disable-RustExtension.patch: building rust extension now
+
+-------------------------------------------------------------------
Old:
----
cryptography-3.4.8.tar.gz
cryptography-3.4.8.tar.gz.asc
disable-RustExtension.patch
disable-uneven-sizes-tests.patch
New:
----
_service
cargo_config
cryptography-36.0.0.tar.gz
cryptography-36.0.0.tar.gz.asc
vendor.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-cryptography.spec ++++++
--- /var/tmp/diff_new_pack.3EuZXz/_old 2021-12-12 21:28:03.064357236 +0100
+++ /var/tmp/diff_new_pack.3EuZXz/_new 2021-12-12 21:28:03.068357238 +0100
@@ -18,10 +18,9 @@
%{?!python_module:%define python_module() python3-%{**}}
%define skip_python2 1
-# disabled in order to avoid pulling dependencies -- [email protected]
-%bcond_with rust
+%global rustflags '-Clink-arg=-Wl,-z,relro,-z,now'
Name: python-cryptography
-Version: 3.4.8
+Version: 36.0.0
Release: 0
Summary: Python library which exposes cryptographic recipes and
primitives
License: Apache-2.0 OR BSD-3-Clause
@@ -29,22 +28,22 @@
URL: https://cryptography.io/en/latest/
Source0:
https://files.pythonhosted.org/packages/source/c/cryptography/cryptography-%{version}.tar.gz
Source1:
https://files.pythonhosted.org/packages/source/c/cryptography/cryptography-%{version}.tar.gz.asc
-Source2: %{name}.keyring
-# PATCH-FIX-SLE disable-uneven-sizes-tests.patch bnc#944204
-Patch1: disable-uneven-sizes-tests.patch
+# use `osc service disabledrun` to regenerate
+Source2: vendor.tar.xz
+# use `osc service disabledrun` to regenerate
+Source3: cargo_config
+Source4: %{name}.keyring
Patch2: skip_openssl_memleak_test.patch
-# PATCH-FEATURE-OPENSUSE disable-RustExtension.patch -- disable
setuptools_rust requirement if not building with rust
-Patch3: disable-RustExtension.patch
BuildRequires: %{python_module cffi >= 1.12}
BuildRequires: %{python_module devel}
+BuildRequires: %{python_module setuptools-rust}
BuildRequires: %{python_module setuptools}
-%if %{with rust}
-BuildRequires: %{python_module setuptools_rust}
-%endif
+BuildRequires: cargo >= 1.41.0
BuildRequires: fdupes
BuildRequires: libopenssl-devel
BuildRequires: pkgconfig
BuildRequires: python-rpm-macros
+BuildRequires: rust >= 1.41.0
BuildRequires: pkgconfig(libffi)
%requires_eq python-cffi
# python-base is not enough, we need the _ssl module
@@ -73,23 +72,21 @@
functions.
%prep
-%autosetup -p1 -n cryptography-%{version}
+%autosetup -a2 -p1 -n cryptography-%{version}
+mkdir .cargo
+cp %{SOURCE3} .cargo/config
%build
-%if ! %{with rust}
-export CRYPTOGRAPHY_DONT_BUILD_RUST=1
-%endif
+export RUSTFLAGS=%{rustflags}
export CFLAGS="%{optflags} -fno-strict-aliasing"
%python_build
%install
+export RUSTFLAGS=%{rustflags}
# Actually other *.c and *.h are appropriate
# see https://github.com/pyca/cryptography/issues/1463
find . -name .keep -print -delete
-%if ! %{with rust}
-export CRYPTOGRAPHY_DONT_BUILD_RUST=1
-%endif
%python_install
%python_expand %fdupes %{buildroot}%{$python_sitearch}
++++++ _service ++++++
<services>
<service name="cargo_vendor" mode="disabled">
<param name="srcdir">cryptography-36.0.0/src/rust</param>
</service>
<service name="cargo_audit" mode="disabled">
</service>
</services>
++++++ cargo_config ++++++
[source.crates-io]
replace-with = "vendored-sources"
[source.vendored-sources]
directory = "vendor"++++++ cryptography-3.4.8.tar.gz ->
cryptography-36.0.0.tar.gz ++++++
++++ 36353 lines of diff (skipped)
