Bump from 46.0.7 to the current 48.0.0 release. Notable upstream
changes since 46.0.7:
- 48.0.0 drops Python 3.8 support (requires 3.9+); raises
Py_LIMITED_API floor to 0x030900f0.
- Adds ML-KEM / ML-DSA post-quantum primitives via OpenSSL 3.5.0+
(in addition to existing AWS-LC / BoringSSL paths).
- BACKWARDS INCOMPATIBLE: stricter X.509 CRL signature-algorithm
matching (mismatched inner/outer algs now raise ValueError at parse
time).
- Drops 32-bit Windows wheels and ships macOS only on arm64.
Replace the old downstream cross-compile fix with a backport of the
upstream-merged version from pyca/cryptography PR #14904
(commit 5d072cb2a685, scheduled for the release after 48.0.0).
Release notes:
https://cryptography.io/en/latest/changelog/#v48-0-0
Fixes: https://github.com/openwrt/packages/issues/29521
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Starting with 46.x, cryptography switched its build backend from
setuptools-rust to maturin. Update PKG_BUILD_DEPENDS accordingly:
replace python-setuptools-rust/host with python-maturin/host and
python-setuptools/host (setuptools is still required by cffi).
Drop 001-Update-ouroboros.patch: the ouroboros crate is no longer a
dependency in 46.x, so the patch (which bumped it from 0.15 to 0.18
to fix RUSTSEC-2023-0042) no longer applies.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
This includes a patch to update the version of ouroboros (Rust crate)
used, to fix RUSTSEC-2023-0042[1]. Upstream has switch from ouroboros to
self_cell so this patch should only be necessary for cryptography 41.
[1]: https://rustsec.org/advisories/RUSTSEC-2023-0042.html
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Dropped patches:
0004-Replace-EVP_CIPHER_CTX_cleanup-with-EVP_CIPHER_CTX_r.patch
0005-Switch-get_-Update-APIs-to-get0.patch
Reworked patches:
0001-Add-new-ASN1_STRING_get0_data-API.patch
0006-Add-X509_STORE_CTX_trusted_stack-compatibility-macro.patch
These 2 require that we keep only the CUSTOMIZATIONS stuff for now. Maybe
later we can drop this.
Ran 'make package/python-cryptography/refresh'.
Added patch:
0004-disable-rust.patch
upstream did a sloppy job with the CRYPTOGRAPHY_DONT_BUILD_RUST logic; we
need to patch it, to make sure the setuptools-rust isn't installed.
We may need to carry this patch in our tree for a bit longer than upstream,
because in newer versions, CRYPTOGRAPHY_DONT_BUILD_RUST logic gets removed.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Also:
* Remove patches that are included in the update
* Replace the python3 dependency with a smaller list (python3-urllib is
needed because it is a dependency of python3-email)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Since cffi is installed by HOST_PYTHON3_PACKAGE_BUILD_DEPENDS, it
shouldn't be necessary to clear setup_requirements anymore.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Upstream backport. It seems the holdup is on python-twisted.
Without this, it fails with
SSL_get0_next_proto_negotiated: symbol not found
Signed-off-by: Rosen Penev <rosenp@gmail.com>
I admit this may be be a bit aggressive, but the lang
folder is getting cluttered/filled up with Python, PHP, Perl,
Ruby, etc. packages.
Makes sense to try to group them into per-lang folders.
I took the Pythons.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Alexandru Ardelean