From a5ee86fd998bb3eb3211933ac87daf584b009152 Mon Sep 17 00:00:00 2001 From: Tim Orling Date: Tue, 28 Nov 2023 20:11:38 -0800 Subject: python3-cryptography{-vectors}: 41.0.5 -> 41.0.7 https://github.com/pyca/cryptography/compare/41.0.5...41.0.7 https://cryptography.io/en/latest/changelog/#v41-0-7 https://cryptography.io/en/latest/changelog/#v41-0-6 41.0.7 - 2023-11-27 Fixed compilation when using LibreSSL 3.8.2. 41.0.6 - 2023-11-27 Fixed a null-pointer-dereference and segfault that could occur when loading certificates from a PKCS#7 bundle. Credit to pkuzco for reporting the issue. CVE: CVE-2023-49083 (From OE-Core rev: 25fba6dd44f64e1e476c2e537d4a20cdbdc7ed25) Signed-off-by: Tim Orling Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie --- .../python/python3-cryptography-crates.inc | 10 ++-- .../python/python3-cryptography-vectors_41.0.5.bb | 31 ---------- .../python/python3-cryptography-vectors_41.0.7.bb | 31 ++++++++++ .../python/python3-cryptography_41.0.5.bb | 70 ---------------------- .../python/python3-cryptography_41.0.7.bb | 70 ++++++++++++++++++++++ 5 files changed, 107 insertions(+), 105 deletions(-) delete mode 100644 meta/recipes-devtools/python/python3-cryptography-vectors_41.0.5.bb create mode 100644 meta/recipes-devtools/python/python3-cryptography-vectors_41.0.7.bb delete mode 100644 meta/recipes-devtools/python/python3-cryptography_41.0.5.bb create mode 100644 meta/recipes-devtools/python/python3-cryptography_41.0.7.bb (limited to 'meta/recipes-devtools/python') diff --git a/meta/recipes-devtools/python/python3-cryptography-crates.inc b/meta/recipes-devtools/python/python3-cryptography-crates.inc index da0a3f2ee8..3a5edaa349 100644 --- a/meta/recipes-devtools/python/python3-cryptography-crates.inc +++ b/meta/recipes-devtools/python/python3-cryptography-crates.inc @@ -9,6 +9,7 @@ SRC_URI += " \ crate://crates.io/autocfg/1.1.0 \ crate://crates.io/base64/0.13.1 \ crate://crates.io/bitflags/1.3.2 \ + crate://crates.io/bitflags/2.4.1 \ crate://crates.io/cc/1.0.79 \ crate://crates.io/cfg-if/1.0.0 \ crate://crates.io/foreign-types/0.3.2 \ @@ -18,9 +19,9 @@ SRC_URI += " \ crate://crates.io/lock_api/0.4.9 \ crate://crates.io/memoffset/0.8.0 \ crate://crates.io/once_cell/1.17.2 \ - crate://crates.io/openssl/0.10.54 \ + crate://crates.io/openssl/0.10.60 \ crate://crates.io/openssl-macros/0.1.1 \ - crate://crates.io/openssl-sys/0.9.88 \ + crate://crates.io/openssl-sys/0.9.96 \ crate://crates.io/ouroboros/0.15.6 \ crate://crates.io/ouroboros_macro/0.15.6 \ crate://crates.io/parking_lot/0.12.1 \ @@ -64,6 +65,7 @@ SRC_URI[asn1_derive-0.15.2.sha256sum] = "a045c3ccad89f244a86bd1e6cf1a7bf645296e7 SRC_URI[autocfg-1.1.0.sha256sum] = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" SRC_URI[base64-0.13.1.sha256sum] = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" SRC_URI[bitflags-1.3.2.sha256sum] = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" +SRC_URI[bitflags-2.4.1.sha256sum] = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07" SRC_URI[cc-1.0.79.sha256sum] = "50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f" SRC_URI[cfg-if-1.0.0.sha256sum] = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" SRC_URI[foreign-types-0.3.2.sha256sum] = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" @@ -73,9 +75,9 @@ SRC_URI[libc-0.2.144.sha256sum] = "2b00cc1c228a6782d0f076e7b232802e0c5689d41bb5d SRC_URI[lock_api-0.4.9.sha256sum] = "435011366fe56583b16cf956f9df0095b405b82d76425bc8981c0e22e60ec4df" SRC_URI[memoffset-0.8.0.sha256sum] = "d61c719bcfbcf5d62b3a09efa6088de8c54bc0bfcd3ea7ae39fcc186108b8de1" SRC_URI[once_cell-1.17.2.sha256sum] = "9670a07f94779e00908f3e686eab508878ebb390ba6e604d3a284c00e8d0487b" -SRC_URI[openssl-0.10.54.sha256sum] = "69b3f656a17a6cbc115b5c7a40c616947d213ba182135b014d6051b73ab6f019" +SRC_URI[openssl-0.10.60.sha256sum] = "79a4c6c3a2b158f7f8f2a2fc5a969fa3a068df6fc9dbb4a43845436e3af7c800" SRC_URI[openssl-macros-0.1.1.sha256sum] = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" -SRC_URI[openssl-sys-0.9.88.sha256sum] = "c2ce0f250f34a308dcfdbb351f511359857d4ed2134ba715a4eadd46e1ffd617" +SRC_URI[openssl-sys-0.9.96.sha256sum] = "3812c071ba60da8b5677cc12bcb1d42989a65553772897a7e0355545a819838f" SRC_URI[ouroboros-0.15.6.sha256sum] = "e1358bd1558bd2a083fed428ffeda486fbfb323e698cdda7794259d592ca72db" SRC_URI[ouroboros_macro-0.15.6.sha256sum] = "5f7d21ccd03305a674437ee1248f3ab5d4b1db095cf1caf49f1713ddf61956b7" SRC_URI[parking_lot-0.12.1.sha256sum] = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f" diff --git a/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.5.bb b/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.5.bb deleted file mode 100644 index e304c4261a..0000000000 --- a/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.5.bb +++ /dev/null @@ -1,31 +0,0 @@ -SUMMARY = "Test vectors for the cryptography package." -HOMEPAGE = "https://cryptography.io/" -SECTION = "devel/python" -LICENSE = "Apache-2.0 | BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=8c3617db4fb6fae01f1d253ab91511e4 \ - file://LICENSE.APACHE;md5=4e168cce331e5c827d4c2b68a6200e1b \ - file://LICENSE.BSD;md5=5ae30ba4123bc4f2fa49aa0b0dce887b" - -# NOTE: Make sure to keep this recipe at the same version as python3-cryptography -# Upgrade both recipes at the same time - -SRC_URI[sha256sum] = "75e82aea2982729312af735adb2983f347bb21fff88ad5dda3673ed70e1d1caf" - -PYPI_PACKAGE = "cryptography_vectors" - -inherit pypi python_setuptools_build_meta - -DEPENDS += " \ - ${PYTHON_PN}-cryptography \ -" - -do_install:append () { - # Remove the sha256 checksum lines for pycache files - sed ${D}${PYTHON_SITEPACKAGES_DIR}/cryptography_vectors-${PV}.dist-info/RECORD -e '/__pycache__/d' -i -} - -BBCLASSEXTEND = "native nativesdk" - -UPSTREAM_CHECK_REGEX = "" - -RECIPE_NO_UPDATE_REASON = "Must be updated in sync with python3-cryptography." diff --git a/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.7.bb b/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.7.bb new file mode 100644 index 0000000000..eda492d312 --- /dev/null +++ b/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.7.bb @@ -0,0 +1,31 @@ +SUMMARY = "Test vectors for the cryptography package." +HOMEPAGE = "https://cryptography.io/" +SECTION = "devel/python" +LICENSE = "Apache-2.0 | BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=8c3617db4fb6fae01f1d253ab91511e4 \ + file://LICENSE.APACHE;md5=4e168cce331e5c827d4c2b68a6200e1b \ + file://LICENSE.BSD;md5=5ae30ba4123bc4f2fa49aa0b0dce887b" + +# NOTE: Make sure to keep this recipe at the same version as python3-cryptography +# Upgrade both recipes at the same time + +SRC_URI[sha256sum] = "7b36f976b6e58cc1801310e1c93c584c6539d371da7f8538edd8fc463dc80d5b" + +PYPI_PACKAGE = "cryptography_vectors" + +inherit pypi python_setuptools_build_meta + +DEPENDS += " \ + ${PYTHON_PN}-cryptography \ +" + +do_install:append () { + # Remove the sha256 checksum lines for pycache files + sed ${D}${PYTHON_SITEPACKAGES_DIR}/cryptography_vectors-${PV}.dist-info/RECORD -e '/__pycache__/d' -i +} + +BBCLASSEXTEND = "native nativesdk" + +UPSTREAM_CHECK_REGEX = "" + +RECIPE_NO_UPDATE_REASON = "Must be updated in sync with python3-cryptography." diff --git a/meta/recipes-devtools/python/python3-cryptography_41.0.5.bb b/meta/recipes-devtools/python/python3-cryptography_41.0.5.bb deleted file mode 100644 index 17b08f05cd..0000000000 --- a/meta/recipes-devtools/python/python3-cryptography_41.0.5.bb +++ /dev/null @@ -1,70 +0,0 @@ -SUMMARY = "Provides cryptographic recipes and primitives to python developers" -HOMEPAGE = "https://cryptography.io/" -SECTION = "devel/python" -LICENSE = "Apache-2.0 | BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=8c3617db4fb6fae01f1d253ab91511e4 \ - file://LICENSE.APACHE;md5=4e168cce331e5c827d4c2b68a6200e1b \ - file://LICENSE.BSD;md5=5ae30ba4123bc4f2fa49aa0b0dce887b \ - " -LDSHARED += "-pthread" - -SRC_URI[sha256sum] = "392cb88b597247177172e02da6b7a63deeff1937fa6fec3bbf902ebd75d97ec7" - -SRC_URI += "file://0001-pyproject.toml-remove-benchmark-disable-option.patch \ - file://0001-Fix-include-directory-when-cross-compiling-9129.patch \ - file://check-memfree.py \ - file://run-ptest \ - " - -require ${BPN}-crates.inc - -inherit pypi python_setuptools3_rust cargo-update-recipe-crates pkgconfig - -DEPENDS += " \ - ${PYTHON_PN}-cffi-native \ -" - -RDEPENDS:${PN} += " \ - ${PYTHON_PN}-cffi \ -" - -RDEPENDS:${PN}:append:class-target = " \ - ${PYTHON_PN}-numbers \ - ${PYTHON_PN}-threading \ -" - -RDEPENDS:${PN}-ptest += " \ - ${PYTHON_PN}-bcrypt \ - ${PYTHON_PN}-cryptography-vectors (= ${PV}) \ - ${PYTHON_PN}-hypothesis \ - ${PYTHON_PN}-iso8601 \ - ${PYTHON_PN}-pretend \ - ${PYTHON_PN}-psutil \ - ${PYTHON_PN}-pytest \ - ${PYTHON_PN}-unittest-automake-output \ - ${PYTHON_PN}-pytest-subtests \ - ${PYTHON_PN}-pytz \ -" - -inherit ptest - -do_install_ptest() { - install -D ${WORKDIR}/check-memfree.py ${D}${PTEST_PATH}/ - install -d ${D}${PTEST_PATH}/tests - cp -rf ${S}/tests/* ${D}${PTEST_PATH}/tests/ - # remove test_x509.py as it needs benchmark and we don't - # want to introduce the benchmark dependency - rm -rf ${D}${PTEST_PATH}/tests/bench/test_x509.py - install -d ${D}${PTEST_PATH}/tests/hazmat - cp -rf ${S}/tests/hazmat/* ${D}${PTEST_PATH}/tests/hazmat/ - cp -r ${S}/pyproject.toml ${D}${PTEST_PATH}/ -} - -FILES:${PN}-ptest += " \ - ${PTEST_PATH}/check-memfree.py \ -" -FILES:${PN}-dbg += " \ - ${PYTHON_SITEPACKAGES_DIR}/${SRCNAME}/hazmat/bindings/.debug \ -" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-devtools/python/python3-cryptography_41.0.7.bb b/meta/recipes-devtools/python/python3-cryptography_41.0.7.bb new file mode 100644 index 0000000000..4585677440 --- /dev/null +++ b/meta/recipes-devtools/python/python3-cryptography_41.0.7.bb @@ -0,0 +1,70 @@ +SUMMARY = "Provides cryptographic recipes and primitives to python developers" +HOMEPAGE = "https://cryptography.io/" +SECTION = "devel/python" +LICENSE = "Apache-2.0 | BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=8c3617db4fb6fae01f1d253ab91511e4 \ + file://LICENSE.APACHE;md5=4e168cce331e5c827d4c2b68a6200e1b \ + file://LICENSE.BSD;md5=5ae30ba4123bc4f2fa49aa0b0dce887b \ + " +LDSHARED += "-pthread" + +SRC_URI[sha256sum] = "13f93ce9bea8016c253b34afc6bd6a75993e5c40672ed5405a9c832f0d4a00bc" + +SRC_URI += "file://0001-pyproject.toml-remove-benchmark-disable-option.patch \ + file://0001-Fix-include-directory-when-cross-compiling-9129.patch \ + file://check-memfree.py \ + file://run-ptest \ + " + +require ${BPN}-crates.inc + +inherit pypi python_setuptools3_rust cargo-update-recipe-crates pkgconfig + +DEPENDS += " \ + ${PYTHON_PN}-cffi-native \ +" + +RDEPENDS:${PN} += " \ + ${PYTHON_PN}-cffi \ +" + +RDEPENDS:${PN}:append:class-target = " \ + ${PYTHON_PN}-numbers \ + ${PYTHON_PN}-threading \ +" + +RDEPENDS:${PN}-ptest += " \ + ${PYTHON_PN}-bcrypt \ + ${PYTHON_PN}-cryptography-vectors (= ${PV}) \ + ${PYTHON_PN}-hypothesis \ + ${PYTHON_PN}-iso8601 \ + ${PYTHON_PN}-pretend \ + ${PYTHON_PN}-psutil \ + ${PYTHON_PN}-pytest \ + ${PYTHON_PN}-unittest-automake-output \ + ${PYTHON_PN}-pytest-subtests \ + ${PYTHON_PN}-pytz \ +" + +inherit ptest + +do_install_ptest() { + install -D ${WORKDIR}/check-memfree.py ${D}${PTEST_PATH}/ + install -d ${D}${PTEST_PATH}/tests + cp -rf ${S}/tests/* ${D}${PTEST_PATH}/tests/ + # remove test_x509.py as it needs benchmark and we don't + # want to introduce the benchmark dependency + rm -rf ${D}${PTEST_PATH}/tests/bench/test_x509.py + install -d ${D}${PTEST_PATH}/tests/hazmat + cp -rf ${S}/tests/hazmat/* ${D}${PTEST_PATH}/tests/hazmat/ + cp -r ${S}/pyproject.toml ${D}${PTEST_PATH}/ +} + +FILES:${PN}-ptest += " \ + ${PTEST_PATH}/check-memfree.py \ +" +FILES:${PN}-dbg += " \ + ${PYTHON_SITEPACKAGES_DIR}/${SRCNAME}/hazmat/bindings/.debug \ +" + +BBCLASSEXTEND = "native nativesdk" -- cgit v1.2.3-54-g00ecf