File matrix-synapse-cryptography-version.patch of Package matrix-synapse
From 58ef428a49a1305a82779810914bf3fa71aee04c Mon Sep 17 00:00:00 2001
From: Oleg Girko <ol@infoserver.lv>
Date: Tue, 6 Apr 2021 23:39:20 +0100
Subject: [PATCH] Don't require specific version of cryptography library.
This partially reverts 12d6184713 that was supposed to fix OpenSSL bug
by requiring cryptography Python package that is built with newer
OpenSSL library.
The problem with this approach is that Linux distributions (like Fedora)
ship this package built with OpenSSL dynamically linked and update
OpenSSL independently.
Requiring newest cryptography package is not just unnecessary, but also
doesn't work for these distributions because they have older version of
cryptography library.
Signed-off-by: Oleg Girko <ol@infoserver.lv>
---
pyproject.toml | 3 ---
1 file changed, 3 deletions(-)
diff --git a/pyproject.toml b/pyproject.toml
index 82369f9052..6b73f43ba4 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -203,9 +203,6 @@ Jinja2 = ">=3.0"
bleach = ">=1.4.3"
# We use `assert_never`, which were added in `typing-extensions` 4.1.
typing-extensions = ">=4.1"
-# We enforce that we have a `cryptography` version that bundles an `openssl`
-# with the latest security patches.
-cryptography = ">=3.4.7"
# ijson 3.1.4 fixes a bug with "." in property names
ijson = ">=3.1.4"
matrix-common = "^1.3.0"
--
2.46.0