Revisions of python-cryptography
Ana Guerrero (anag+factory)
accepted
request 1164122
from
Dirk Mueller (dirkmueller)
(revision 87)
- update to 42.0.5: * Limit the number of name constraint checks that will be performed in :mod:`X.509 path validation <cryptography.x509.verification>` to protect against denial of service attacks. * Upgrade pyo3 version, which fixes building on PowerPC.
Ana Guerrero (anag+factory)
accepted
request 1149625
from
Daniel Garcia (dgarcia)
(revision 86)
- update to 42.0.4 (bsc#1220210, CVE-2024-26130): * Fixed a null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle. Credit to Alexander-Programming for reporting the issue. CVE-2024-26130 * Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields SMIMECapabilities and SignatureAlgorithmIdentifier should now be correctly encoded according to the definitions in :rfc:2633 :rfc:3370. - update to 42.0.3: * Fixed an initialization issue that caused key loading failures for some users. - Drop patch skip_openssl_memleak_test.patch not needed anymore.
Ana Guerrero (anag+factory)
accepted
request 1129560
from
Dirk Mueller (dirkmueller)
(revision 85)
- update to 41.0.7 (CVE-2023-49083, bsc#1217592): * Fixed compilation when using LibreSSL 3.8.2. * Fixed a null-pointer-dereference and segfault that could occur when loading certificates from a PKCS#7 bundle. Credit to **pkuzco** for reporting the issue. **CVE-2023-49083**
Ana Guerrero (anag+factory)
accepted
request 1124982
from
Dirk Mueller (dirkmueller)
(revision 84)
- update to 41.0.5: * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.4. * Added a function to support an upcoming ``pyOpenSSL`` release. parameters in X.509 certificates, which are * Fixed error when using py2app to build an application with a cryptography dependency. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1n. - split tests in a multibuild variant to optimize rebuild time a bit * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1m. - drop disable-RustExtension.patch: building rust extension now * Re-added a legacy symbol causing problems for older ``pyOpenSSL`` use signature. * wheels compiled with OpenSSL 1.1.1h. - Removed support for calling public_bytes() with no arguments, as per * BACKWARDS INCOMPATIBLE: Removedcryptography.hazmat.primitives.asymmetric.utils.encode_rfc6979_signature andcryptography.hazmat.primitives.asymmetric.utils.decode_rfc6979_signature, which had been deprecated for nearly 4 years. Use encode_dss_signature() * BACKWARDS INCOMPATIBLE: Removed cryptography.x509.Certificate.serial, which * Add support for easily mapping an object identifier to its elliptic curve * Add support for OpenSSL when compiled with the no-engine * BACKWARDS INCOMPATIBLE: U-label strings were deprecated in version 2.1, but this version removes the default idna dependency as well. If you still need this deprecated path please install cryptography with the idna extra: * Numerous classes and functions have been updated to allow bytes-like types for keying material and passwords, including symmetric algorithms, * Added rfc4514_string() method to x509.Name, x509.RelativeDistinguishedName, and x509.NameAttribute to format the name
Ana Guerrero (anag+factory)
accepted
request 1115782
from
Dirk Mueller (dirkmueller)
(revision 83)
- update to 41.0.4: * ~~~~~~~~~~~~~~~~~~~ * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.3. * .. _v41-0-3:
Ana Guerrero (anag+factory)
accepted
request 1109339
from
Dirk Mueller (dirkmueller)
(revision 82)
- Update to 39.0.1 (bsc#1208036, CVE-2023-23931): * drops CVE-2023-23931-dont-allow-update-into.patch in older dists
Dominique Leuenberger (dimstar_suse)
accepted
request 1102868
from
Dirk Mueller (dirkmueller)
(revision 81)
- update to 41.0.3: * Fixed performance regression loading DH public keys. * Fixed a memory leak when using * :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20 Poly1305`.
Ana Guerrero (anag+factory)
accepted
request 1100618
from
Factory Maintainer (factory-maintainer)
(revision 80)
Automatic submission by obs-autosubmit
Dominique Leuenberger (dimstar_suse)
accepted
request 1098185
from
Dirk Mueller (dirkmueller)
(revision 79)
- update to 41.0.2: * Fixed bugs in creating and parsing SSH certificates where critical options with values were handled incorrectly. Certificates are now created correctly and parsing accepts correct values as well as the previously generated invalid forms with a warning. In the next release, support for parsing these invalid forms will be removed. - remove patch remove_python_3_6_deprecation_warning.patch as the warning was already removed upstream - Add no-pytest_benchmark.patch, which remove dependency on pytest-benchmark and coveralls (We don't need no benchmarking and coverage measurement; bsc#1213005).
Dominique Leuenberger (dimstar_suse)
accepted
request 1095411
from
Daniel Garcia (dgarcia)
(revision 78)
- update to 41.0.1 (bsc#1212568): * Temporarily allow invalid ECDSA signature algorithm parameters in X.509 certificates, which are generated by older versions of Java. * Allow null bytes in pass phrases when serializing private keys. * **BACKWARDS INCOMPATIBLE:** Support for OpenSSL less than 1.1.1d has been removed. Users on older version of OpenSSL will need to upgrade. * **BACKWARDS INCOMPATIBLE:** Support for Python 3.6 has been removed. * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.6. * Updated the minimum supported Rust version (MSRV) to 1.56.0, from 1.48.0. * Added support for the :class:`~cryptography.x509.OCSPAcceptableResponses` OCSP extension. * Added support for the :class:`~cryptography.x509.MSCertificateTemplate` proprietary Microsoft certificate extension. * Implemented support for equality checks on all asymmetric public key types. * Added support for ``aes256-gcm@openssh.com`` encrypted keys in :func:`~cryptography.hazmat.primitives.serialization.load_ssh _private_key`. * Added support for obtaining X.509 certificate signature algorithm parameters (including PSS)
Dominique Leuenberger (dimstar_suse)
accepted
request 1079573
from
Dirk Mueller (dirkmueller)
(revision 76)
- update to 40.0.2: * Fixed compilation when using LibreSSL 3.7.2.
Dominique Leuenberger (dimstar_suse)
accepted
request 1076828
from
Factory Maintainer (factory-maintainer)
(revision 75)
Automatic submission by obs-autosubmit
Dominique Leuenberger (dimstar_suse)
accepted
request 1074512
from
Dirk Mueller (dirkmueller)
(revision 74)
- update to 40.0.1: * Support for Python 3.6 is deprecated and will be removed in the next release. * Deprecated the current minimum supported Rust version (MSRV) of 1.48.0. In the next release we will raise MSRV to 1.56.0. Users with the latest ``pip`` will typically get a wheel and not need Rust installed * Deprecated support for OpenSSL less than 1.1.1d. The next release of ``cryptography`` will drop support for older versions. * Deprecated support for DSA keys in :func:`~cryptography.hazmat.primitives.serialization.load_s sh_public_key` and :func:`~cryptography.hazmat.primitives.serialization.load_s sh_private_key`. * Deprecated support for OpenSSH serialization in :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAP ublicKey` and :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAP rivateKey`. * Added support for parsing SSH certificates in addition to public keys with :func:`~cryptography.hazmat.primitives.serialization.load_s sh_public_identity`. :func:`~cryptography.hazmat.primitives.serialization.load_s sh_public_key` continues to support only public keys. * Added support for generating SSH certificates with :class:`~cryptography.hazmat.primitives.serialization.SSHCe rtificateBuilder`.
Dominique Leuenberger (dimstar_suse)
accepted
request 1069840
from
Dirk Mueller (dirkmueller)
(revision 73)
- update to 39.0.2: * Fixed a bug where the content type header was not properly encoded for PKCS7 signatures when using the ``Text`` option and ``SMIME`` encoding.
Dominique Leuenberger (dimstar_suse)
accepted
request 1056761
from
Dirk Mueller (dirkmueller)
(revision 70)
- update to 39.0.0: * **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.0 has been removed. Users on older version of OpenSSL will need to upgrade. * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.5. The new minimum LibreSSL version is 3.5.0. Going forward our policy is to support versions of LibreSSL that are available in versions of OpenBSD that are still receiving security support. * **BACKWARDS INCOMPATIBLE:** Removed the ``encode_point`` and ``from_encoded_point`` methods on :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers`, which had been deprecated for several years. :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.public_bytes` and :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from_encoded_point` should be used instead. * **BACKWARDS INCOMPATIBLE:** Support for using MD5 or SHA1 in :class:`~cryptography.x509.CertificateBuilder`, other X.509 builders, and PKCS7 has been removed. * **ANNOUNCEMENT:** The next version of ``cryptography`` (40.0) will change the way we link OpenSSL. This will only impact users who build ``cryptography`` from source (i.e., not from a ``wheel``), and specify their own version of OpenSSL. For those users, the ``CFLAGS``, ``LDFLAGS``, ``INCLUDE``, ``LIB``, and ``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS`` environment variables will no longer be respected. Instead, users will need to configure their builds `as documented here`_. * Added support for disabling the legacy provider in OpenSSL 3.0.x * Added support for disabling RSA key validation checks when loading RSA keys via ~cryptography.hazmat.primitives.serialization.load_pem_private_key
Dominique Leuenberger (dimstar_suse)
accepted
request 1041379
from
Dirk Mueller (dirkmueller)
(revision 69)
Displaying revisions 1 - 20 of 87