diff --git a/backport-CVE-2020-36242.patch b/backport-CVE-2020-36242.patch deleted file mode 100644 index fbfb2a277a7197559d7b9940702fe5f9e55f96a5..0000000000000000000000000000000000000000 --- a/backport-CVE-2020-36242.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 962eac3925c7184fb5dc174357823223beba0d85 Mon Sep 17 00:00:00 2001 -From: Paul Kehrer -Date: Sun, 7 Feb 2021 11:04:43 -0600 -Subject: [PATCH] port changelog and fix back to master for CVE-2020-36242 - ---- - CHANGELOG.rst | 9 +++++++++ - src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +- - 2 files changed, 10 insertions(+), 1 deletion(-) - -diff --git a/CHANGELOG.rst b/CHANGELOG.rst -index 3cb53d0..4dd7146 100644 ---- a/CHANGELOG.rst -+++ b/CHANGELOG.rst -@@ -1,6 +1,15 @@ - Changelog - ========= - -+.. _v3-3-2: -+ -+3.3.2 - 2021-02-07 -+~~~~~~~~~~~~~~~~~~ -+ -+* **SECURITY ISSUE:** Fixed a bug where certain sequences of ``update()`` calls -+ when symmetrically encrypting very large payloads (>2GB) could result in an -+ integer overflow, leading to buffer overflows. *CVE-2020-36242* -+ - .. _v3-3-1: - - 3.3.1 - 2020-12-09 -diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py -index 1e805d2..ad5dad3 100644 ---- a/src/cryptography/hazmat/backends/openssl/ciphers.py -+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py -@@ -17,7 +17,7 @@ from cryptography.hazmat.primitives.ciphers import modes - class _CipherContext(object): - _ENCRYPT = 1 - _DECRYPT = 0 -- _MAX_CHUNK_SIZE = 2 ** 31 - 1 -+ _MAX_CHUNK_SIZE = 2 ** 30 - 1 - - def __init__(self, backend, cipher, mode, operation): - self._backend = backend --- -1.8.3.1 - diff --git a/cryptography-3.3.1.tar.gz b/cryptography-3.3.1.tar.gz deleted file mode 100644 index 4d9671e137977c843779ee4fb70e1315c71f5328..0000000000000000000000000000000000000000 Binary files a/cryptography-3.3.1.tar.gz and /dev/null differ diff --git a/cryptography-3.4.7.tar.gz b/cryptography-3.4.7.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..68878a9d2fe4f75eb745bc0c79d99a73e5e4ac77 Binary files /dev/null and b/cryptography-3.4.7.tar.gz differ diff --git a/python-cryptography.spec b/python-cryptography.spec index 07ba4223073f1f22d90532b8bb9d0f7c76ed152d..06992fa7e8419da1e6ab316e8e110257fe11c3b9 100644 --- a/python-cryptography.spec +++ b/python-cryptography.spec @@ -1,20 +1,19 @@ %global srcname cryptography Name: python-%{srcname} -Version: 3.3.1 -Release: 2 +Version: 3.4.7 +Release: 1 Summary: PyCA's cryptography library License: ASL 2.0 or BSD URL: https://cryptography.io/en/latest/ -Source0: %{pypi_source} - -Patch6000: backport-CVE-2020-36242.patch +Source0: %{srcname}-%{version}.tar.gz BuildRequires: openssl-devel -BuildRequires: gcc +BuildRequires: gcc cargo BuildRequires: python%{python3_pkgversion}-devel BuildRequires: python%{python3_pkgversion}-pytest >= 3.2.1 BuildRequires: python%{python3_pkgversion}-setuptools +BuildRequires: python%{python3_pkgversion}-setuptools-rust BuildRequires: python%{python3_pkgversion}-pretend BuildRequires: python%{python3_pkgversion}-iso8601 BuildRequires: python%{python3_pkgversion}-cryptography-vectors = %{version} @@ -24,6 +23,8 @@ BuildRequires: python%{python3_pkgversion}-pytz BuildRequires: python%{python3_pkgversion}-idna >= 2.1 BuildRequires: python%{python3_pkgversion}-six >= 1.4.1 BuildRequires: python%{python3_pkgversion}-cffi >= 1.7 +BuildRequires: python%{python3_pkgversion}-pip +BuildRequires: python%{python3_pkgversion}-pytest-subtests %description cryptography is a package designed to expose cryptographic primitives and @@ -48,7 +49,16 @@ recipes to Python developers. %package_help %prep -%autosetup -n cryptography-%{version} -p1 +%autosetup -n cryptography-%{version} +mkdir .cargo +cat >> .cargo/config.toml << EOF +[source.crates-io] +replace-with = "vendored-sources" + +[source.vendored-sources] +directory = "src/rust/vendor" +EOF + %build %py3_build @@ -61,7 +71,6 @@ PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest -k "not (test_ %files -n python%{python3_pkgversion}-cryptography %defattr(-,root,root) -%doc AUTHORS.rst %license LICENSE LICENSE.APACHE LICENSE.BSD %{python3_sitearch}/* %{python3_sitearch}/cryptography-%{version}-py*.egg-info @@ -71,6 +80,9 @@ PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest -k "not (test_ %doc README.rst docs %changelog +* Thu May 04 2023 wangxiyuan -3.4.7-1 +- Upgrade to 3.4.7 + * Tue Feb 23 2021 shixuantong - 3.3.1-2 - fix CVE-2020-36242