python-cryptography: Update OpenSSL version to fix CVE-2023-50782 (#9359)

jcamposeco · PawelWMS · web-flow · commit 44f82e45f6d7 · 2024-06-07T15:20:56.000-07:00
Co-authored-by: Pawel Winogrodzki &lt;pawelwi@microsoft.com&gt;
diff --git a/SPECS/python-cryptography/python-cryptography.spec b/SPECS/python-cryptography/python-cryptography.spec
@@ -1,7 +1,7 @@
 Summary:        Python cryptography library
 Name:           python-cryptography
 Version:        3.3.2
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -24,6 +24,8 @@ BuildRequires:  python3-cffi
 BuildRequires:  python3-devel
 BuildRequires:  python3-setuptools
 BuildRequires:  python3-xml
+# OpenSSL 1.1.1k-31 is the first version containing a patch fixing CVE-2023-50782 in python-cryptography.
+Requires:       openssl-libs >= 1.1.1k-31
 Requires:       python3
 Requires:       python3-asn1crypto
 Requires:       python3-cffi
@@ -65,6 +67,9 @@ pip3 install pretend pytest hypothesis iso8601 cryptography_vectors pytz
 %{python3_sitelib}/*
 
 %changelog
+* Fri Jun 07 2024 Juan Camposeco <juanarturoc@microsoft.com> - 3.3.2-7
+- Adding dependency on release version for OpenSSL to fix CVE-2023-50782
+
 * Mon Dec 18 2023 Mandeep Plaha <mandeepplaha@microsoft.com> - 3.3.2-6
 - Patch CVE-2023-49083
 
