From a00b9d8eba6e9b0057a64f1d0334e9e287997845 Mon Sep 17 00:00:00 2001 From: Leon Anavi Date: Mon, 26 Oct 2020 13:50:37 +0200 Subject: python3-cryptography: Upgrade 3.1.1 -> 3.2 Upgrade to release 3.2: - SECURITY ISSUE: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability and a future release will contain a new API which is designed to be resilient to these for contexts where it is required. Credit to Hubert Kario for reporting the issue. CVE-2020-25659 - Support for OpenSSL 1.0.2 has been removed. Users on older version of OpenSSL will need to upgrade. - Added basic support for PKCS7 signing (including SMIME) via :class:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7SignatureBuilder`. Signed-off-by: Leon Anavi Acked-by: Trevor Gamblin Signed-off-by: Khem Raj --- .../python/python3-cryptography_3.2.bb | 66 ++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 meta-python/recipes-devtools/python/python3-cryptography_3.2.bb (limited to 'meta-python/recipes-devtools/python/python3-cryptography_3.2.bb') diff --git a/meta-python/recipes-devtools/python/python3-cryptography_3.2.bb b/meta-python/recipes-devtools/python/python3-cryptography_3.2.bb new file mode 100644 index 0000000000..cec37b0276 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-cryptography_3.2.bb @@ -0,0 +1,66 @@ +SUMMARY = "Provides cryptographic recipes and primitives to python developers" +HOMEPAGE = "https://cryptography.io/" +SECTION = "devel/python" +LICENSE = "Apache-2.0 | BSD" +LIC_FILES_CHKSUM = "file://LICENSE;md5=097f805837700cfac572ac274cd38124" + +LDSHARED += "-pthread" + +SRC_URI[md5sum] = "1e476287399bae923514e19429804155" +SRC_URI[sha256sum] = "e4789b84f8dedf190148441f7c5bfe7244782d9cbb194a36e17b91e7d3e1cca9" + +SRC_URI += " \ + file://run-ptest \ + file://h-test.patch \ +" + +inherit pypi setuptools3 + +DEPENDS += " \ + ${PYTHON_PN}-cffi \ + ${PYTHON_PN}-cffi-native \ + ${PYTHON_PN}-asn1crypto \ + ${PYTHON_PN}-six \ +" + +RDEPENDS_${PN} += " \ + ${PYTHON_PN}-cffi \ + ${PYTHON_PN}-idna \ + ${PYTHON_PN}-asn1crypto \ + ${PYTHON_PN}-setuptools \ + ${PYTHON_PN}-six \ +" + +RDEPENDS_${PN}_class-target += " \ + ${PYTHON_PN}-cffi \ + ${PYTHON_PN}-idna \ + ${PYTHON_PN}-numbers \ + ${PYTHON_PN}-asn1crypto \ + ${PYTHON_PN}-setuptools \ + ${PYTHON_PN}-six \ + ${PYTHON_PN}-threading \ +" + +RDEPENDS_${PN}-ptest += " \ + ${PN} \ + ${PYTHON_PN}-cryptography-vectors \ + ${PYTHON_PN}-iso8601 \ + ${PYTHON_PN}-pretend \ + ${PYTHON_PN}-pytest \ + ${PYTHON_PN}-pytz \ +" + +inherit ptest + +do_install_ptest() { + install -d ${D}${PTEST_PATH}/tests + cp -rf ${S}/tests/* ${D}${PTEST_PATH}/tests/ + install -d ${D}${PTEST_PATH}/tests/hazmat + cp -rf ${S}/tests/hazmat/* ${D}${PTEST_PATH}/tests/hazmat/ +} + +FILES_${PN}-dbg += " \ + ${libdir}/${PYTHON_PN}2.7/site-packages/${SRCNAME}/hazmat/bindings/.debug \ +" + +BBCLASSEXTEND = "native nativesdk" -- cgit v1.2.3-54-g00ecf