Bug 1398666

Summary: Rebase python-cryptography to 1.7 in RHEL 7.4
Product: Red Hat Enterprise Linux 7 Reporter: Christian Heimes <cheimes>
Component: python-cryptographyAssignee: Nathaniel McCallum <npmccallum>
Status: CLOSED ERRATA QA Contact: Abhijeet Kasurde <akasurde>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.4CC: akasurde, cstratak, ftweedal, isenfeld, mkosek, tmraz
Target Milestone: rcKeywords: Rebase
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 21:25:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1399979    

Description Christian Heimes 2016-11-25 14:07:36 UTC 
Rebase python-cryptography from 1.3.1 (RHEL 7.3) to 1.7. Version 1.7 hasn't been released yet. It's scheduled to be released in about two weeks (early December). The new version will contain two important fixes and a new feature for FreeIPA 4.5.

1.7 improvements:
* new osrandom engine in C (fix for SELinux execmem denials, fix for deadlock and segfaults in mod_wsgi subinterpreters) https://github.com/pyca/cryptography/pull/3229

1.6 improvements:
* new locking code in C (fixes same class of issues as osrandom engine) https://github.com/pyca/cryptography/pull/3226
* support for multi-valued RDNs https://github.com/pyca/cryptography/issues/3199
Comment 1 Martin Kosek 2016-11-25 15:08:57 UTC 
Tests are expected to be primarily SanityOnly, by testing IdM use cases only.
Comment 2 Christian Heimes 2016-12-14 10:31:23 UTC 
cryptography 1.7.1 was released a couple of hours ago, https://github.com/pyca/cryptography/releases/tag/1.7.1

1.7.1 has caused a regression in PyOpenSSL, https://github.com/pyca/cryptography/pull/3321 . I'm expecting to see a 1.7.2 release in a matter of days.
Comment 3 Christian Heimes 2016-12-14 13:49:34 UTC 
https://github.com/pyca/cryptography/pull/3321 affects only 1.8-dev. 1.7.1 is good to go.
Comment 9 Christian Heimes 2017-02-13 14:20:01 UTC 
We might want to wait for release 1.8 to get the fix for https://github.com/pyca/cryptography/pull/3382 . The PR replaces the last use of cffi callbacks in cryptography and fixes an issue with password protected private keys.
Comment 17 Abhijeet Kasurde 2017-05-25 10:08:01 UTC 
Verified using IPA version :: ipa-server-4.5.0-13.el7.x86_64


Quickinstall and other sanity testcases verifies the status of correct version of Python2-cryptography

# rpm -qa ipa-server python2-cryptography
ipa-server-4.5.0-13.el7.x86_64
python2-cryptography-1.7.2-1.el7.x86_64

Marking BZ as verified.
Comment 18 errata-xmlrpc 2017-08-01 21:25:57 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:2122