From af7d65adfbe0bae4eecac00caf5b73f0e790d0f5 Mon Sep 17 00:00:00 2001 From: Tim Orling Date: Wed, 28 Feb 2024 08:25:31 -0800 Subject: python3-cryptography{-vectors}: upgrade to 42.0.5 * Includes an upgrade to pyo3 from 0.20.0 to 0.20.3 which fixes ppc64 * Refresh -crates.inc https://cryptography.io/en/latest/changelog/#v42-0-5 https://cryptography.io/en/latest/changelog/#v42-0-4 https://cryptography.io/en/latest/changelog/#v42-0-3 42.0.5 - 2024-02-23 * Limit the number of name constraint checks that will be performed in X.509 path validation to protect against denial of service attacks. * Upgrade pyo3 version, which fixes building on PowerPC. 42.0.4 - 2024-02-20 * Fixed a null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle. Credit to Alexander-Programming for reporting the issue. CVE-2024-26130 * Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields SMIMECapabilities and SignatureAlgorithmIdentifier should now be correctly encoded according to the definitions in RFC 2633 RFC 3370. 42.0.3 - 2024-02-15 * Fixed an initialization issue that caused key loading failures for some users. CVE: CVE-2024-26130 https://nvd.nist.gov/vuln/detail/CVE-2024-26130 (From OE-Core rev: 83dad4a93ff81c6c1e048443e0827d825670158b) Signed-off-by: Tim Orling Signed-off-by: Richard Purdie --- .../python/python3-cryptography_42.0.5.bb | 70 ++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-cryptography_42.0.5.bb (limited to 'meta/recipes-devtools/python/python3-cryptography_42.0.5.bb') diff --git a/meta/recipes-devtools/python/python3-cryptography_42.0.5.bb b/meta/recipes-devtools/python/python3-cryptography_42.0.5.bb new file mode 100644 index 0000000000..2bcb5717e4 --- /dev/null +++ b/meta/recipes-devtools/python/python3-cryptography_42.0.5.bb @@ -0,0 +1,70 @@ +SUMMARY = "Provides cryptographic recipes and primitives to python developers" +HOMEPAGE = "https://cryptography.io/" +SECTION = "devel/python" +LICENSE = "Apache-2.0 | BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=8c3617db4fb6fae01f1d253ab91511e4 \ + file://LICENSE.APACHE;md5=4e168cce331e5c827d4c2b68a6200e1b \ + file://LICENSE.BSD;md5=5ae30ba4123bc4f2fa49aa0b0dce887b \ + " +LDSHARED += "-pthread" + +SRC_URI[sha256sum] = "6fe07eec95dfd477eb9530aef5bead34fec819b3aaf6c5bd6d20565da607bfe1" + +SRC_URI += "file://0001-pyproject.toml-remove-benchmark-disable-option.patch \ + file://check-memfree.py \ + file://run-ptest \ + " + +require ${BPN}-crates.inc + +inherit pypi python_setuptools3_rust cargo-update-recipe-crates pkgconfig + +DEPENDS += " \ + python3-cffi-native \ +" + +RDEPENDS:${PN} += " \ + python3-cffi \ +" + +RDEPENDS:${PN}:append:class-target = " \ + python3-numbers \ + python3-threading \ +" + +RDEPENDS:${PN}-ptest += " \ + python3-bcrypt \ + python3-cryptography-vectors (= ${PV}) \ + python3-hypothesis \ + python3-iso8601 \ + python3-mmap \ + python3-pretend \ + python3-psutil \ + python3-pytest \ + python3-unittest-automake-output \ + python3-pytest-subtests \ + python3-pytz \ +" + +inherit ptest + +do_install_ptest() { + install -D ${WORKDIR}/check-memfree.py ${D}${PTEST_PATH}/ + install -d ${D}${PTEST_PATH}/tests + cp -rf ${S}/tests/* ${D}${PTEST_PATH}/tests/ + # remove test_x509.py as it needs benchmark and we don't + # want to introduce the benchmark dependency + rm -rf ${D}${PTEST_PATH}/tests/bench/test_x509.py + install -d ${D}${PTEST_PATH}/tests/hazmat + cp -rf ${S}/tests/hazmat/* ${D}${PTEST_PATH}/tests/hazmat/ + cp -r ${S}/pyproject.toml ${D}${PTEST_PATH}/ +} + +FILES:${PN}-ptest += " \ + ${PTEST_PATH}/check-memfree.py \ +" +FILES:${PN}-dbg += " \ + ${PYTHON_SITEPACKAGES_DIR}/${SRCNAME}/hazmat/bindings/.debug \ +" + +BBCLASSEXTEND = "native nativesdk" -- cgit v1.2.3-54-g00ecf