relax version requirement on python3-cryptography

We only have 3.4.6 in F34, intentionally. OpenSSL is up to date so it's
not a problem.

0001-relax-cryptography-dependency-version-requirement.patch

@@ -0,0 +1,31 @@
+From 4bdcf996757a5d13df63f7891a1dd4c7186c20dc Mon Sep 17 00:00:00 2001
+From: Dan Callaghan <djc@djc.id.au>
+Date: Sun, 18 Jul 2021 13:18:10 +1000
+Subject: [PATCH] relax cryptography dependency version requirement
+
+In Fedora, python-cryptography does not bundle OpenSSL, so it's always
+up to date. This strict version requirement is not necessary. See:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1978949
+---
+ synapse/python_dependencies.py | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py
+index 271c17c22..e8a71d477 100644
+--- a/synapse/python_dependencies.py
++++ b/synapse/python_dependencies.py
+@@ -82,9 +82,7 @@
+     "Jinja2>=2.9",
+     "bleach>=1.4.3",
+     "typing-extensions>=3.7.4",
+-    # We enforce that we have a `cryptography` version that bundles an `openssl`
+-    # with the latest security patches.
+-    "cryptography>=3.4.7",
++    "cryptography>=3.4",
+     "ijson>=3.0",
+ ]
+ 
+-- 
+2.31.1
+

matrix-synapse.spec

@@ -14,6 +14,8 @@ URL:        https://github.com/matrix-org/%{srcname}
 Source0:    %{url}/archive/v%{version}%{rcx}/%{srcname}-%{version}%{rcx}.tar.gz
 Source1:    synapse.sysconfig
 Source2:    synapse.service
+# non-upstreamable patch to accept any version of python-cryptography, see RHBZ#1978949
+Patch1:     0001-relax-cryptography-dependency-version-requirement.patch
 BuildArch:  noarch
 
 BuildRequires:  python3-devel
@@ -140,6 +142,7 @@ exit 0
 %changelog
 * Sun Jul 18 2021 Dan Callaghan <djc@djc.id.au> - 1.38.0-2
 - fix startup ordering of synapse.service (RHBZ#1910740)
+- relax version requirement for python3-cryptography
 
 * Wed Jul 14 2021 Kai A. Hiller <V02460@gmail.com> - 1.38.0-1
 - Update to v1.38.0