From a00b9d8eba6e9b0057a64f1d0334e9e287997845 Mon Sep 17 00:00:00 2001 From: Leon Anavi Date: Mon, 26 Oct 2020 13:50:37 +0200 Subject: python3-cryptography: Upgrade 3.1.1 -> 3.2 Upgrade to release 3.2: - SECURITY ISSUE: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability and a future release will contain a new API which is designed to be resilient to these for contexts where it is required. Credit to Hubert Kario for reporting the issue. CVE-2020-25659 - Support for OpenSSL 1.0.2 has been removed. Users on older version of OpenSSL will need to upgrade. - Added basic support for PKCS7 signing (including SMIME) via :class:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7SignatureBuilder`. Signed-off-by: Leon Anavi Acked-by: Trevor Gamblin Signed-off-by: Khem Raj --- .../python/python3-cryptography_3.1.1.bb | 66 ---------------------- .../python/python3-cryptography_3.2.bb | 66 ++++++++++++++++++++++ 2 files changed, 66 insertions(+), 66 deletions(-) delete mode 100644 meta-python/recipes-devtools/python/python3-cryptography_3.1.1.bb create mode 100644 meta-python/recipes-devtools/python/python3-cryptography_3.2.bb (limited to 'meta-python/recipes-devtools/python') diff --git a/meta-python/recipes-devtools/python/python3-cryptography_3.1.1.bb b/meta-python/recipes-devtools/python/python3-cryptography_3.1.1.bb deleted file mode 100644 index 1d6a9b32e0..0000000000 --- a/meta-python/recipes-devtools/python/python3-cryptography_3.1.1.bb +++ /dev/null @@ -1,66 +0,0 @@ -SUMMARY = "Provides cryptographic recipes and primitives to python developers" -HOMEPAGE = "https://cryptography.io/" -SECTION = "devel/python" -LICENSE = "Apache-2.0 | BSD" -LIC_FILES_CHKSUM = "file://LICENSE;md5=097f805837700cfac572ac274cd38124" - -LDSHARED += "-pthread" - -SRC_URI[md5sum] = "c3807891d36aa9de8187e9db8b2bb457" -SRC_URI[sha256sum] = "9d9fc6a16357965d282dd4ab6531013935425d0dc4950df2e0cf2a1b1ac1017d" - -SRC_URI += " \ - file://run-ptest \ - file://h-test.patch \ -" - -inherit pypi setuptools3 - -DEPENDS += " \ - ${PYTHON_PN}-cffi \ - ${PYTHON_PN}-cffi-native \ - ${PYTHON_PN}-asn1crypto \ - ${PYTHON_PN}-six \ -" - -RDEPENDS_${PN} += " \ - ${PYTHON_PN}-cffi \ - ${PYTHON_PN}-idna \ - ${PYTHON_PN}-asn1crypto \ - ${PYTHON_PN}-setuptools \ - ${PYTHON_PN}-six \ -" - -RDEPENDS_${PN}_class-target += " \ - ${PYTHON_PN}-cffi \ - ${PYTHON_PN}-idna \ - ${PYTHON_PN}-numbers \ - ${PYTHON_PN}-asn1crypto \ - ${PYTHON_PN}-setuptools \ - ${PYTHON_PN}-six \ - ${PYTHON_PN}-threading \ -" - -RDEPENDS_${PN}-ptest += " \ - ${PN} \ - ${PYTHON_PN}-cryptography-vectors \ - ${PYTHON_PN}-iso8601 \ - ${PYTHON_PN}-pretend \ - ${PYTHON_PN}-pytest \ - ${PYTHON_PN}-pytz \ -" - -inherit ptest - -do_install_ptest() { - install -d ${D}${PTEST_PATH}/tests - cp -rf ${S}/tests/* ${D}${PTEST_PATH}/tests/ - install -d ${D}${PTEST_PATH}/tests/hazmat - cp -rf ${S}/tests/hazmat/* ${D}${PTEST_PATH}/tests/hazmat/ -} - -FILES_${PN}-dbg += " \ - ${libdir}/${PYTHON_PN}2.7/site-packages/${SRCNAME}/hazmat/bindings/.debug \ -" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-python/recipes-devtools/python/python3-cryptography_3.2.bb b/meta-python/recipes-devtools/python/python3-cryptography_3.2.bb new file mode 100644 index 0000000000..cec37b0276 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-cryptography_3.2.bb @@ -0,0 +1,66 @@ +SUMMARY = "Provides cryptographic recipes and primitives to python developers" +HOMEPAGE = "https://cryptography.io/" +SECTION = "devel/python" +LICENSE = "Apache-2.0 | BSD" +LIC_FILES_CHKSUM = "file://LICENSE;md5=097f805837700cfac572ac274cd38124" + +LDSHARED += "-pthread" + +SRC_URI[md5sum] = "1e476287399bae923514e19429804155" +SRC_URI[sha256sum] = "e4789b84f8dedf190148441f7c5bfe7244782d9cbb194a36e17b91e7d3e1cca9" + +SRC_URI += " \ + file://run-ptest \ + file://h-test.patch \ +" + +inherit pypi setuptools3 + +DEPENDS += " \ + ${PYTHON_PN}-cffi \ + ${PYTHON_PN}-cffi-native \ + ${PYTHON_PN}-asn1crypto \ + ${PYTHON_PN}-six \ +" + +RDEPENDS_${PN} += " \ + ${PYTHON_PN}-cffi \ + ${PYTHON_PN}-idna \ + ${PYTHON_PN}-asn1crypto \ + ${PYTHON_PN}-setuptools \ + ${PYTHON_PN}-six \ +" + +RDEPENDS_${PN}_class-target += " \ + ${PYTHON_PN}-cffi \ + ${PYTHON_PN}-idna \ + ${PYTHON_PN}-numbers \ + ${PYTHON_PN}-asn1crypto \ + ${PYTHON_PN}-setuptools \ + ${PYTHON_PN}-six \ + ${PYTHON_PN}-threading \ +" + +RDEPENDS_${PN}-ptest += " \ + ${PN} \ + ${PYTHON_PN}-cryptography-vectors \ + ${PYTHON_PN}-iso8601 \ + ${PYTHON_PN}-pretend \ + ${PYTHON_PN}-pytest \ + ${PYTHON_PN}-pytz \ +" + +inherit ptest + +do_install_ptest() { + install -d ${D}${PTEST_PATH}/tests + cp -rf ${S}/tests/* ${D}${PTEST_PATH}/tests/ + install -d ${D}${PTEST_PATH}/tests/hazmat + cp -rf ${S}/tests/hazmat/* ${D}${PTEST_PATH}/tests/hazmat/ +} + +FILES_${PN}-dbg += " \ + ${libdir}/${PYTHON_PN}2.7/site-packages/${SRCNAME}/hazmat/bindings/.debug \ +" + +BBCLASSEXTEND = "native nativesdk" -- cgit v1.2.3-54-g00ecf