Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-cryptography for openSUSE:Factory checked in at 2023-07-12 17:26:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-cryptography (Old) and /work/SRC/openSUSE:Factory/.python-cryptography.new.8922 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-cryptography" Wed Jul 12 17:26:20 2023 rev:79 rq:1098185 version:41.0.2 Changes: -------- --- /work/SRC/openSUSE:Factory/python-cryptography/python-cryptography.changes 2023-06-27 23:16:04.243181186 +0200 +++ /work/SRC/openSUSE:Factory/.python-cryptography.new.8922/python-cryptography.changes 2023-07-12 17:26:28.866190006 +0200 @@ -1,0 +2,24 @@ +Tue Jul 11 13:44:14 UTC 2023 - Dirk Müller <dmuel...@suse.com> + +- update to 41.0.2: + * Fixed bugs in creating and parsing SSH certificates where + critical options with values were handled incorrectly. + Certificates are now created correctly and parsing accepts + correct values as well as the previously generated + invalid forms with a warning. In the next release, support + for parsing these invalid forms will be removed. + +------------------------------------------------------------------- +Tue Jul 11 11:44:23 UTC 2023 - Johannes Kastl <ka...@b1-systems.de> + +- remove patch remove_python_3_6_deprecation_warning.patch as the + warning was already removed upstream + +------------------------------------------------------------------- +Mon Jul 10 22:52:18 UTC 2023 - Matej Cepl <mc...@suse.com> + +- Add no-pytest_benchmark.patch, which remove dependency on + pytest-benchmark and coveralls (We don't need no benchmarking + and coverage measurement; bsc#1213005). + +------------------------------------------------------------------- Old: ---- cryptography-41.0.1.tar.gz remove_python_3_6_deprecation_warning.patch New: ---- cryptography-41.0.2.tar.gz no-pytest_benchmark.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-cryptography.spec ++++++ --- /var/tmp/diff_new_pack.S32eXo/_old 2023-07-12 17:26:29.862195812 +0200 +++ /var/tmp/diff_new_pack.S32eXo/_new 2023-07-12 17:26:29.870195858 +0200 @@ -27,7 +27,7 @@ %endif %{?sle15_python_module_pythons} Name: python-cryptography%{psuffix} -Version: 41.0.1 +Version: 41.0.2 Release: 0 Summary: Python library which exposes cryptographic recipes and primitives License: Apache-2.0 OR BSD-3-Clause @@ -40,9 +40,9 @@ Source3: cargo_config Source4: python-cryptography.keyring Patch2: skip_openssl_memleak_test.patch -%if 0%{?sle_version} && 0%{?sle_version} <= 150400 -Patch3: remove_python_3_6_deprecation_warning.patch -%endif +# PATCH-FEATURE-OPENSUSE no-pytest_benchmark.patch mc...@suse.com +# We don't need no benchmarking and coverage measurement +Patch4: no-pytest_benchmark.patch BuildRequires: %{python_module cffi >= 1.12} BuildRequires: %{python_module devel} BuildRequires: %{python_module exceptiongroup} @@ -66,7 +66,6 @@ BuildRequires: %{python_module iso8601} BuildRequires: %{python_module pretend} BuildRequires: %{python_module pytest > 6.0} -BuildRequires: %{python_module pytest-benchmark} BuildRequires: %{python_module pytest-subtests} BuildRequires: %{python_module pytest-xdist} BuildRequires: %{python_module pytz} ++++++ _service ++++++ --- /var/tmp/diff_new_pack.S32eXo/_old 2023-07-12 17:26:29.910196092 +0200 +++ /var/tmp/diff_new_pack.S32eXo/_new 2023-07-12 17:26:29.914196115 +0200 @@ -1,7 +1,7 @@ <services> <service name="download_files" mode="disabled"/> <service name="cargo_vendor" mode="disabled"> - <param name="srcdir">cryptography-41.0.1/src/rust</param> + <param name="srcdir">cryptography-41.0.2/src/rust</param> <param name="compression">zst</param> </service> <service name="cargo_audit" mode="disabled"> ++++++ cryptography-41.0.1.tar.gz -> cryptography-41.0.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cryptography-41.0.1/CHANGELOG.rst new/cryptography-41.0.2/CHANGELOG.rst --- old/cryptography-41.0.1/CHANGELOG.rst 2023-06-01 14:20:23.000000000 +0200 +++ new/cryptography-41.0.2/CHANGELOG.rst 2023-07-11 05:14:09.000000000 +0200 @@ -1,6 +1,17 @@ Changelog ========= +.. _v41-0-2: + +41.0.2 - 2023-07-10 +~~~~~~~~~~~~~~~~~~~ + +* Fixed bugs in creating and parsing SSH certificates where critical options + with values were handled incorrectly. Certificates are now created correctly + and parsing accepts correct values as well as the previously generated + invalid forms with a warning. In the next release, support for parsing these + invalid forms will be removed. + .. _v41-0-1: 41.0.1 - 2023-06-01 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cryptography-41.0.1/PKG-INFO new/cryptography-41.0.2/PKG-INFO --- old/cryptography-41.0.1/PKG-INFO 2023-06-01 14:20:37.477401000 +0200 +++ new/cryptography-41.0.2/PKG-INFO 2023-07-11 05:14:23.262920000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: cryptography -Version: 41.0.1 +Version: 41.0.2 Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. Author-email: The Python Cryptographic Authority and individual contributors <cryptography-...@python.org> License: Apache-2.0 OR BSD-3-Clause diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cryptography-41.0.1/docs/development/test-vectors.rst new/cryptography-41.0.2/docs/development/test-vectors.rst --- old/cryptography-41.0.1/docs/development/test-vectors.rst 2023-06-01 14:20:23.000000000 +0200 +++ new/cryptography-41.0.2/docs/development/test-vectors.rst 2023-07-11 05:14:09.000000000 +0200 @@ -866,6 +866,10 @@ critical option. * ``p256-p256-non-lexical-crit-opts.pub`` - A certificate with critical options in non-lexical order. +* ``p256-ed25519-non-singular-crit-opt-val.pub`` - A certificate with + a critical option that contains more than one value. +* ``p256-ed25519-non-singular-ext-val.pub`` - A certificate with + an extension that contains more than one value. * ``dsa-p256.pub`` - A certificate with a DSA public key signed by a P256 CA. * ``p256-dsa.pub`` - A certificate with a P256 public key signed by a DSA diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cryptography-41.0.1/pyproject.toml new/cryptography-41.0.2/pyproject.toml --- old/cryptography-41.0.1/pyproject.toml 2023-06-01 14:20:23.000000000 +0200 +++ new/cryptography-41.0.2/pyproject.toml 2023-07-11 05:14:09.000000000 +0200 @@ -11,7 +11,7 @@ [project] name = "cryptography" -version = "41.0.1" +version = "41.0.2" authors = [ {name = "The Python Cryptographic Authority and individual contributors", email = "cryptography-...@python.org"} ] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cryptography-41.0.1/src/cryptography/__about__.py new/cryptography-41.0.2/src/cryptography/__about__.py --- old/cryptography-41.0.1/src/cryptography/__about__.py 2023-06-01 14:20:23.000000000 +0200 +++ new/cryptography-41.0.2/src/cryptography/__about__.py 2023-07-11 05:14:09.000000000 +0200 @@ -10,7 +10,7 @@ "__copyright__", ] -__version__ = "41.0.1" +__version__ = "41.0.2" __author__ = "The Python Cryptographic Authority and individual contributors" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cryptography-41.0.1/src/cryptography/hazmat/primitives/serialization/ssh.py new/cryptography-41.0.2/src/cryptography/hazmat/primitives/serialization/ssh.py --- old/cryptography-41.0.1/src/cryptography/hazmat/primitives/serialization/ssh.py 2023-06-01 14:20:23.000000000 +0200 +++ new/cryptography-41.0.2/src/cryptography/hazmat/primitives/serialization/ssh.py 2023-07-11 05:14:09.000000000 +0200 @@ -1063,6 +1063,20 @@ if last_name is not None and bname < last_name: raise ValueError("Fields not lexically sorted") value, exts_opts = _get_sshstr(exts_opts) + if len(value) > 0: + try: + value, extra = _get_sshstr(value) + except ValueError: + warnings.warn( + "This certificate has an incorrect encoding for critical " + "options or extensions. This will be an exception in " + "cryptography 42", + utils.DeprecatedIn41, + stacklevel=4, + ) + else: + if len(extra) > 0: + raise ValueError("Unexpected extra data after value") result[bname] = bytes(value) last_name = bname return result @@ -1450,12 +1464,22 @@ fcrit = _FragList() for name, value in self._critical_options: fcrit.put_sshstr(name) - fcrit.put_sshstr(value) + if len(value) > 0: + foptval = _FragList() + foptval.put_sshstr(value) + fcrit.put_sshstr(foptval.tobytes()) + else: + fcrit.put_sshstr(value) f.put_sshstr(fcrit.tobytes()) fext = _FragList() for name, value in self._extensions: fext.put_sshstr(name) - fext.put_sshstr(value) + if len(value) > 0: + fextval = _FragList() + fextval.put_sshstr(value) + fext.put_sshstr(fextval.tobytes()) + else: + fext.put_sshstr(value) f.put_sshstr(fext.tobytes()) f.put_sshstr(b"") # RESERVED FIELD # encode CA public key diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cryptography-41.0.1/src/cryptography.egg-info/PKG-INFO new/cryptography-41.0.2/src/cryptography.egg-info/PKG-INFO --- old/cryptography-41.0.1/src/cryptography.egg-info/PKG-INFO 2023-06-01 14:20:37.000000000 +0200 +++ new/cryptography-41.0.2/src/cryptography.egg-info/PKG-INFO 2023-07-11 05:14:23.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: cryptography -Version: 41.0.1 +Version: 41.0.2 Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. Author-email: The Python Cryptographic Authority and individual contributors <cryptography-...@python.org> License: Apache-2.0 OR BSD-3-Clause diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cryptography-41.0.1/src/rust/Cargo.lock new/cryptography-41.0.2/src/rust/Cargo.lock --- old/cryptography-41.0.1/src/rust/Cargo.lock 2023-06-01 14:20:23.000000000 +0200 +++ new/cryptography-41.0.2/src/rust/Cargo.lock 2023-07-11 05:14:09.000000000 +0200 @@ -285,9 +285,9 @@ [[package]] name = "proc-macro2" -version = "1.0.59" +version = "1.0.64" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6aeca18b86b413c660b781aa319e4e2648a3e6f9eadc9b47e9038e6fe9f3451b" +checksum = "78803b62cbf1f46fde80d7c0e803111524b9877184cfe7c3033659490ac7a7da" dependencies = [ "unicode-ident", ] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cryptography-41.0.1/tests/hazmat/primitives/test_ssh.py new/cryptography-41.0.2/tests/hazmat/primitives/test_ssh.py --- old/cryptography-41.0.1/tests/hazmat/primitives/test_ssh.py 2023-06-01 14:20:23.000000000 +0200 +++ new/cryptography-41.0.2/tests/hazmat/primitives/test_ssh.py 2023-07-11 05:14:09.000000000 +0200 @@ -1115,26 +1115,28 @@ # secp256r1 public key, ed25519 signing key cert = load_ssh_public_identity( b"ecdsa-sha2-nistp256-cert-...@openssh.com AAAAKGVjZHNhLXNoYTItbm" - b"lzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgtdU+dl9vD4xPi8afxERYo" - b"s0c0d9/3m7XGY6fGeSkqn0AAAAIbmlzdHAyNTYAAABBBAsuVFNNj/mMyFm2xB99" - b"G4xiaUJE1lZNjcp+S2tXYW5KorcHpusSlSqOkUPZ2l0644dgiNPDKR/R+BtYENC" - b"8aq8AAAAAAAAAAAAAAAEAAAAUdGVzdEBjcnlwdG9ncmFwaHkuaW8AAAAaAAAACm" - b"NyeXB0b3VzZXIAAAAIdGVzdHVzZXIAAAAAY7KyZAAAAAB2frXAAAAAAAAAAIIAA" - b"AAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9y" - b"d2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGV" - b"ybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3" - b"NoLWVkMjU1MTkAAAAg3P0eyGf2crKGwSlnChbLzTVOFKwQELE1Ve+EZ6rXF18AA" - b"ABTAAAAC3NzaC1lZDI1NTE5AAAAQKoij8BsPj/XLb45+wHmRWKNqXeZYXyDIj8J" - b"IE6dIymjEqq0TP6ntu5t59hTmWlDO85GnMXAVGBjFbeikBMfAQc= reaperhulk" - b"@despoina.local" + b"lzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgLfsFv9Gbc6LZSiJFWdYQl" + b"IMNI50GExXW0fBpgGVf+Y4AAAAIbmlzdHAyNTYAAABBBIzVyRgVLR4F38bIOLBN" + b"8CNm8Nf+eBHCVkKDKb9WDyLLD61CEmzjK/ORwFuSE4N60eIGbFidBf0D0xh7G6o" + b"TNxsAAAAAAAAAAAAAAAEAAAAUdGVzdEBjcnlwdG9ncmFwaHkuaW8AAAAaAAAACm" + b"NyeXB0b3VzZXIAAAAIdGVzdHVzZXIAAAAAY7KyZAAAAAB2frXAAAAAWAAAAA1mb" + b"3JjZS1jb21tYW5kAAAALAAAAChlY2hvIGFhYWFhYWFhYWFhYWFhYWFhYWFhYWFh" + b"YWFhYWFhYWFhYWFhAAAAD3ZlcmlmeS1yZXF1aXJlZAAAAAAAAACCAAAAFXBlcm1" + b"pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbm" + b"cAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wd" + b"HkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1" + b"NTE5AAAAICH6csEOmGbOfT2B/S/FJg3uyPsaPSZUZk2SVYlfs0KLAAAAUwAAAAt" + b"zc2gtZWQyNTUxOQAAAEDz2u7X5/TFbN7Ms7DP4yArhz1oWWYKkdAk7FGFkHfjtY" + b"/YfNQ8Oky3dCZRi7PnSzScEEjos7723dhF8/y99WwH reaperhulk@despoina." + b"local" ) assert isinstance(cert, SSHCertificate) cert.verify_cert_signature() signature_key = cert.signature_key() assert isinstance(signature_key, ed25519.Ed25519PublicKey) assert cert.nonce == ( - b"\xb5\xd5>v_o\x0f\x8cO\x8b\xc6\x9f\xc4DX\xa2\xcd\x1c\xd1\xdf" - b"\x7f\xden\xd7\x19\x8e\x9f\x19\xe4\xa4\xaa}" + b'-\xfb\x05\xbf\xd1\x9bs\xa2\xd9J"EY\xd6\x10\x94\x83\r#\x9d' + b"\x06\x13\x15\xd6\xd1\xf0i\x80e_\xf9\x8e" ) public_key = cert.public_key() assert isinstance(public_key, ec.EllipticCurvePublicKey) @@ -1145,7 +1147,10 @@ assert cert.valid_principals == [b"cryptouser", b"testuser"] assert cert.valid_before == 1988015552 assert cert.valid_after == 1672655460 - assert cert.critical_options == {} + assert cert.critical_options == { + b"force-command": b"echo aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + b"verify-required": b"", + } assert cert.extensions == { b"permit-X11-forwarding": b"", b"permit-agent-forwarding": b"", @@ -1154,6 +1159,31 @@ b"permit-user-rc": b"", } + def test_loads_deprecated_invalid_encoding_cert(self, backend): + with pytest.warns(utils.DeprecatedIn41): + cert = load_ssh_public_identity( + b"ecdsa-sha2-nistp256-cert-...@openssh.com AAAAKGVjZHNhLXNoYT" + b"ItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgXE7sJ+xDVVNCO" + b"cEvpZS+SXIbc0nJdny/KqVbnwHslMIAAAAIbmlzdHAyNTYAAABBBI/qcLq8" + b"iiErpAhOWRqdMkpFSCNv7TVUcXCIfAl01JXbe2MvS4V7lFtiyrBjLSV7Iyw" + b"3TrulrWLibjPzZvLwmQcAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAA//" + b"////////8AAABUAAAADWZvcmNlLWNvbW1hbmQAAAAoZWNobyBhYWFhYWFhY" + b"WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYQAAAA92ZXJpZnktcmVxdWly" + b"ZWQAAAAAAAAAEgAAAApwZXJtaXQtcHR5AAAAAAAAAAAAAABoAAAAE2VjZHN" + b"hLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI/qcLq8iiErpAhOWR" + b"qdMkpFSCNv7TVUcXCIfAl01JXbe2MvS4V7lFtiyrBjLSV7Iyw3TrulrWLib" + b"jPzZvLwmQcAAABlAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAABKAAAAIQCi" + b"eCsIhGKrZdkE1+zY5EBucrLzxFpwnm/onIT/6rapvQAAACEAuVQ1yQjlPKr" + b"kfsGfjeG+2umZrOS5Ycx85BQhYf0RgsA=" + ) + assert isinstance(cert, SSHCertificate) + cert.verify_cert_signature() + assert cert.extensions == {b"permit-pty": b""} + assert cert.critical_options == { + b"force-command": b"echo aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + b"verify-required": b"", + } + @pytest.mark.parametrize( "filename", [ @@ -1267,6 +1297,8 @@ "p256-p256-non-lexical-extensions.pub", "p256-p256-duplicate-crit-opts.pub", "p256-p256-non-lexical-crit-opts.pub", + "p256-ed25519-non-singular-crit-opt-val.pub", + "p256-ed25519-non-singular-ext-val.pub", ], ) def test_invalid_encodings(self, filename): @@ -1693,6 +1725,11 @@ .valid_after(1672531200) .valid_before(1672617600) .type(SSHCertificateType.USER) + .add_extension(b"permit-pty", b"") + .add_critical_option( + b"force-command", b"echo aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + ) + .add_critical_option(b"verify-required", b"") ) cert = builder.sign(private_key) sig_key = cert.signature_key() @@ -1707,19 +1744,21 @@ b"4kyHpbLEIVloBjzetoqXK6u8Hjz/APuagONypNDCySDR6M7jM85HDcLoFFrbBb8" b"pruHSTxQejMeEmJxYf8b7rNl58/IWPB1ymbNlvHL/4oSOlnrtHkjcxRWzpQ7U3g" b"T9BThGyhCiI7EMyEHMgP3r7kTzEUwT6IavWDAAAAAAAAAAAAAAABAAAAAAAAAAA" - b"AAAAAY7DNAAAAAABjsh6AAAAAAAAAAAAAAAAAAAABFwAAAAdzc2gtcnNhAAAAAw" - b"EAAQAAAQEAwXr8fndHTKpaqDA2FYo/+/e1IWhRuiIw5dar/MHGz+9Z6SPqEzC8W" - b"TtzgCq2CKbkozBlI6MRa6WqOWYUUXThO2xJ6beAYuRJ1y77EP1J6R+gi5bQUeeC" - b"6fWrxbWm95hIJ6245z2gDyKy79zbduq0btrZjtZWYnQ/3GwOM2pdDNuqfcKeU2N" - b"eJMh6WyxCFZaAY83raKlyurvB48/wD7moDjcqTQwskg0ejO4zPORw3C6BRa2wW/" - b"Ka7h0k8UHozHhJicWH/G+6zZefPyFjwdcpmzZbxy/+KEjpZ67R5I3MUVs6UO1N4" - b"E/QU4RsoQoiOxDMhBzID96+5E8xFME+iGr1gwAAARQAAAAMcnNhLXNoYTItNTEy" - b"AAABAKCRnfhn6MZs3jRgIDICUpUyWrDCbpStEbdzhmoxF8w2m8klR7owRH/rxOf" - b"nWhKMGnXnoERS+az3Zh9ckiQPujkuEToORKpzu6CEWlzHSzyK1o2X548KkW76HJ" - b"gqzwMas94HY7UOJUgKSFUI0S3jAgqXAKSa1DxvJBu5/n57aUqPq+BmAtoI8uNBo" - b"x4F1pNEop38+oD7rUt8bZ8K0VcrubJZz806K8UNiK0mOahaEIkvZXBfzPGvSNRj" - b"0OjDl1dLUZaP8C1o5lVRomEm7pLcgE9i+ZDq5iz+mvQrSBStlpQ5hPGuUOrZ/oY" - b"ZLZ1G30R5tWj212MHoNZjxFxM8+f2OT4=" + b"AAAAAY7DNAAAAAABjsh6AAAAAWAAAAA1mb3JjZS1jb21tYW5kAAAALAAAAChlY2" + b"hvIGFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhAAAAD3Zlcmlme" + b"S1yZXF1aXJlZAAAAAAAAAASAAAACnBlcm1pdC1wdHkAAAAAAAAAAAAAARcAAAAH" + b"c3NoLXJzYQAAAAMBAAEAAAEBAMF6/H53R0yqWqgwNhWKP/v3tSFoUboiMOXWq/z" + b"Bxs/vWekj6hMwvFk7c4Aqtgim5KMwZSOjEWulqjlmFFF04TtsSem3gGLkSdcu+x" + b"D9SekfoIuW0FHngun1q8W1pveYSCetuOc9oA8isu/c23bqtG7a2Y7WVmJ0P9xsD" + b"jNqXQzbqn3CnlNjXiTIelssQhWWgGPN62ipcrq7wePP8A+5qA43Kk0MLJINHozu" + b"MzzkcNwugUWtsFvymu4dJPFB6Mx4SYnFh/xvus2Xnz8hY8HXKZs2W8cv/ihI6We" + b"u0eSNzFFbOlDtTeBP0FOEbKEKIjsQzIQcyA/evuRPMRTBPohq9YMAAAEUAAAADH" + b"JzYS1zaGEyLTUxMgAAAQCYbbNzhflDqZAxyBpdLIX0nLAdnTeFNBudMqgo3KGND" + b"WlU9N17hqBEmcvIOrtNi+JKuKZW89zZrbORHvdjv6NjGSKzJD/XA25YrX1KgMEO" + b"wt5pzMZX+100drwrjQo+vZqeIN3FJNmT3wssge73v+JsxQrdIAz7YM2OZrFr5HM" + b"qZEZ5tMvAf/s5YEMDttEU4zMtmjubQyDM5KyYnZdoDT4sKi2rB8gfaigc4IdI/K" + b"8oXL/3Y7rHuOtejl3lUK4v6DxeRl4aqGYWmhUJc++Rh0cbDgC2S6Cq7gAfG2tND" + b"zbwL217Q93R08bJn1hDWuiTiaHGauSy2gPUI+cnkvlEocHM" ) @pytest.mark.supported( @@ -1745,6 +1784,11 @@ .valid_after(1672531200) .valid_before(1672617600) .type(SSHCertificateType.USER) + .add_extension(b"permit-pty", b"") + .add_critical_option( + b"force-command", b"echo aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + ) + .add_critical_option(b"verify-required", b"") ) cert = builder.sign(private_key) sig_key = cert.signature_key() @@ -1754,8 +1798,11 @@ b"ssh-ed25519-cert-...@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdj" b"AxQG9wZW5zc2guY29tAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" b"AAAAAAAINdamAGCsQq31Uv+08lkBzoO4XLz2qYjJa8CGmj3B1EaAAAAAAAAAAAA" - b"AAABAAAAAAAAAAAAAAAAY7DNAAAAAABjsh6AAAAAAAAAAAAAAAAAAAAAMwAAAAt" - b"zc2gtZWQyNTUxOQAAACDXWpgBgrEKt9VL/tPJZAc6DuFy89qmIyWvAhpo9wdRGg" - b"AAAFMAAAALc3NoLWVkMjU1MTkAAABAAlF6Lxabxs+8fkOr7KjKYei9konIG13cQ" - b"gJ2tWf3yFcg3OuV5s/AkRmKdwHlQfTUrhRdOmDnGxeLEB0mvkVFCw==" + b"AAABAAAAAAAAAAAAAAAAY7DNAAAAAABjsh6AAAAAWAAAAA1mb3JjZS1jb21tYW5" + b"kAAAALAAAAChlY2hvIGFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYW" + b"FhAAAAD3ZlcmlmeS1yZXF1aXJlZAAAAAAAAAASAAAACnBlcm1pdC1wdHkAAAAAA" + b"AAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAg11qYAYKxCrfVS/7TyWQHOg7hcvPa" + b"piMlrwIaaPcHURoAAABTAAAAC3NzaC1lZDI1NTE5AAAAQL2aUjeD60C2FrbgHcN" + b"t8yRa8IRbxvOyA9TZYDGG1dRE3DiR0fuudU20v6vqfTd1gx0S5QyEdECXLl9ZI3" + b"AwZgc=" ) ++++++ no-pytest_benchmark.patch ++++++ --- pyproject.toml | 31 ------------------------- src/cryptography.egg-info/requires.txt | 2 - tests/bench/test_aead.py | 40 ++++++++++++++++----------------- tests/bench/test_ec_load.py | 8 +++--- tests/bench/test_hashes.py | 4 +-- tests/bench/test_hmac.py | 4 +-- tests/bench/test_x509.py | 16 ++++++------- 7 files changed, 37 insertions(+), 68 deletions(-) --- a/pyproject.toml +++ b/pyproject.toml @@ -69,8 +69,6 @@ ssh = ["bcrypt >=3.1.5"] nox = ["nox"] test = [ "pytest >=6.2.0", - "pytest-benchmark", - "pytest-cov", "pytest-xdist", "pretend", ] @@ -85,7 +83,7 @@ line-length = 79 target-version = ["py37"] [tool.pytest.ini_options] -addopts = "-r s --capture=no --strict-markers --benchmark-disable" +addopts = "-r s --capture=no --strict-markers" console_output_style = "progress-even-when-capture-no" markers = [ "skip_fips: this test is not executed in FIPS mode", @@ -107,33 +105,6 @@ module = [ ] ignore_missing_imports = true -[tool.coverage.run] -branch = true -relative_files = true -source = [ - "cryptography", - "tests/", -] - -[tool.coverage.paths] -source = [ - "src/cryptography", - "*.nox/*/lib*/python*/site-packages/cryptography", - "*.nox\\*\\Lib\\site-packages\\cryptography", - "*.nox/pypy/site-packages/cryptography", -] -tests =[ - "tests/", - "*tests\\", -] - -[tool.coverage.report] -exclude_lines = [ - "@abc.abstractmethod", - "@typing.overload", - "if typing.TYPE_CHECKING", -] - [tool.ruff] # UP006: Minimum Python 3.9 # UP007, UP038: Minimum Python 3.10 --- a/src/cryptography.egg-info/requires.txt +++ b/src/cryptography.egg-info/requires.txt @@ -26,8 +26,6 @@ bcrypt>=3.1.5 [test] pytest>=6.2.0 -pytest-benchmark -pytest-cov pytest-xdist pretend --- a/tests/bench/test_aead.py +++ b/tests/bench/test_aead.py @@ -19,84 +19,84 @@ from ..hazmat.primitives.test_aead impor not _aead_supported(ChaCha20Poly1305), reason="Requires OpenSSL with ChaCha20Poly1305 support", ) -def test_chacha20poly1305_encrypt(benchmark): +def test_chacha20poly1305_encrypt(): chacha = ChaCha20Poly1305(b"\x00" * 32) - benchmark(chacha.encrypt, b"\x00" * 12, b"hello world plaintext", b"") + chacha.encrypt(b"\x00" * 12, b"hello world plaintext", b"") @pytest.mark.skipif( not _aead_supported(ChaCha20Poly1305), reason="Requires OpenSSL with ChaCha20Poly1305 support", ) -def test_chacha20poly1305_decrypt(benchmark): +def test_chacha20poly1305_decrypt(): chacha = ChaCha20Poly1305(b"\x00" * 32) ct = chacha.encrypt(b"\x00" * 12, b"hello world plaintext", b"") - benchmark(chacha.decrypt, b"\x00" * 12, ct, b"") + chacha.decrypt(b"\x00" * 12, ct, b"") -def test_aesgcm_encrypt(benchmark): +def test_aesgcm_encrypt(): aes = AESGCM(b"\x00" * 32) - benchmark(aes.encrypt, b"\x00" * 12, b"hello world plaintext", None) + aes.encrypt(b"\x00" * 12, b"hello world plaintext", None) -def test_aesgcm_decrypt(benchmark): +def test_aesgcm_decrypt(): aes = AESGCM(b"\x00" * 32) ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None) - benchmark(aes.decrypt, b"\x00" * 12, ct, None) + aes.decrypt(b"\x00" * 12, ct, None) @pytest.mark.skipif( not _aead_supported(AESSIV), reason="Requires OpenSSL with AES-SIV support", ) -def test_aessiv_encrypt(benchmark): +def test_aessiv_encrypt(): aes = AESSIV(b"\x00" * 32) - benchmark(aes.encrypt, b"hello world plaintext", None) + aes.encrypt(b"hello world plaintext", None) @pytest.mark.skipif( not _aead_supported(AESSIV), reason="Requires OpenSSL with AES-SIV support", ) -def test_aessiv_decrypt(benchmark): +def test_aessiv_decrypt(): aes = AESSIV(b"\x00" * 32) ct = aes.encrypt(b"hello world plaintext", None) - benchmark(aes.decrypt, ct, None) + aes.decrypt(ct, None) @pytest.mark.skipif( not _aead_supported(AESOCB3), reason="Requires OpenSSL with AES-OCB3 support", ) -def test_aesocb3_encrypt(benchmark): +def test_aesocb3_encrypt(): aes = AESOCB3(b"\x00" * 32) - benchmark(aes.encrypt, b"\x00" * 12, b"hello world plaintext", None) + aes.encrypt(b"\x00" * 12, b"hello world plaintext", None) @pytest.mark.skipif( not _aead_supported(AESOCB3), reason="Requires OpenSSL with AES-OCB3 support", ) -def test_aesocb3_decrypt(benchmark): +def test_aesocb3_decrypt(): aes = AESOCB3(b"\x00" * 32) ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None) - benchmark(aes.decrypt, b"\x00" * 12, ct, None) + aes.decrypt(b"\x00" * 12, ct, None) @pytest.mark.skipif( not _aead_supported(AESCCM), reason="Requires OpenSSL with AES-CCM support", ) -def test_aesccm_encrypt(benchmark): +def test_aesccm_encrypt(): aes = AESCCM(b"\x00" * 32) - benchmark(aes.encrypt, b"\x00" * 12, b"hello world plaintext", None) + aes.encrypt(b"\x00" * 12, b"hello world plaintext", None) @pytest.mark.skipif( not _aead_supported(AESCCM), reason="Requires OpenSSL with AES-CCM support", ) -def test_aesccm_decrypt(benchmark): +def test_aesccm_decrypt(): aes = AESCCM(b"\x00" * 32) ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None) - benchmark(aes.decrypt, b"\x00" * 12, ct, None) + aes.decrypt(b"\x00" * 12, ct, None) --- a/tests/bench/test_ec_load.py +++ b/tests/bench/test_ec_load.py @@ -5,9 +5,9 @@ from ..hazmat.primitives.fixtures_ec import EC_KEY_SECP256R1 -def test_load_ec_public_numbers(benchmark): - benchmark(EC_KEY_SECP256R1.public_numbers.public_key) +def test_load_ec_public_numbers(): + EC_KEY_SECP256R1.public_numbers.public_key() -def test_load_ec_private_numbers(benchmark): - benchmark(EC_KEY_SECP256R1.private_key) +def test_load_ec_private_numbers(): + EC_KEY_SECP256R1.private_key() --- a/tests/bench/test_hashes.py +++ b/tests/bench/test_hashes.py @@ -5,10 +5,10 @@ from cryptography.hazmat.primitives import hashes -def test_sha256(benchmark): +def test_sha256(): def bench(): h = hashes.Hash(hashes.SHA256()) h.update(b"I love hashing. So much. The best.") return h.finalize() - benchmark(bench) + bench() --- a/tests/bench/test_hmac.py +++ b/tests/bench/test_hmac.py @@ -5,10 +5,10 @@ from cryptography.hazmat.primitives import hashes, hmac -def test_hmac_sha256(benchmark): +def test_hmac_sha256(): def bench(): h = hmac.HMAC(b"my extremely secure key", hashes.SHA256()) h.update(b"I love hashing. So much. The best.") return h.finalize() - benchmark(bench) + bench() --- a/tests/bench/test_x509.py +++ b/tests/bench/test_x509.py @@ -9,34 +9,34 @@ from cryptography import x509 from ..utils import load_vectors_from_file -def test_object_identier_constructor(benchmark): - benchmark(x509.ObjectIdentifier, "1.3.6.1.4.1.11129.2.4.5") +def test_object_identier_constructor(): + x509.ObjectIdentifier("1.3.6.1.4.1.11129.2.4.5") -def test_aki_public_bytes(benchmark): +def test_aki_public_bytes(): aki = x509.AuthorityKeyIdentifier( key_identifier=b"\x00" * 16, authority_cert_issuer=None, authority_cert_serial_number=None, ) - benchmark(aki.public_bytes) + aki.public_bytes() -def test_load_der_certificate(benchmark): +def test_load_der_certificate(): cert_bytes = load_vectors_from_file( os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"), loader=lambda pemfile: pemfile.read(), mode="rb", ) - benchmark(x509.load_der_x509_certificate, cert_bytes) + x509.load_der_x509_certificate(cert_bytes) -def test_load_pem_certificate(benchmark): +def test_load_pem_certificate(): cert_bytes = load_vectors_from_file( os.path.join("x509", "cryptography.io.pem"), loader=lambda pemfile: pemfile.read(), mode="rb", ) - benchmark(x509.load_pem_x509_certificate, cert_bytes) + x509.load_pem_x509_certificate(cert_bytes) ++++++ skip_openssl_memleak_test.patch ++++++ --- /var/tmp/diff_new_pack.S32eXo/_old 2023-07-12 17:26:30.214197864 +0200 +++ /var/tmp/diff_new_pack.S32eXo/_new 2023-07-12 17:26:30.218197887 +0200 @@ -1,12 +1,10 @@ --- - tests/hazmat/backends/test_openssl_memleak.py | 7 +++---- - 1 file changed, 3 insertions(+), 4 deletions(-) + tests/hazmat/backends/test_openssl_memleak.py | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) -Index: cryptography-40.0.1/tests/hazmat/backends/test_openssl_memleak.py -=================================================================== ---- cryptography-40.0.1.orig/tests/hazmat/backends/test_openssl_memleak.py -+++ cryptography-40.0.1/tests/hazmat/backends/test_openssl_memleak.py -@@ -204,12 +204,10 @@ def assert_no_memory_leaks(s, argv=[]): +--- a/tests/hazmat/backends/test_openssl_memleak.py ++++ b/tests/hazmat/backends/test_openssl_memleak.py +@@ -203,12 +203,10 @@ def assert_no_memory_leaks(s, argv=[]): def skip_if_memtesting_not_supported(): @@ -19,7 +17,7 @@ + return pytest.mark.skip( + reason="Our FIPS openssl startup code invokes CRYPTO_malloc() which prevents later debugging via CRYPTO_set_mem_functions()" + ) -+ ++ @pytest.mark.skip_fips(reason="FIPS self-test sets allow_customize = 0") @skip_if_memtesting_not_supported() ++++++ vendor.tar.zst ++++++ Binary files /var/tmp/diff_new_pack.S32eXo/_old and /var/tmp/diff_new_pack.S32eXo/_new differ