Revisions of python-cryptography
Dominique Leuenberger (dimstar_suse)
accepted
request 1056761
from
Dirk Mueller (dirkmueller)
(revision 70)
- update to 39.0.0: * **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.0 has been removed. Users on older version of OpenSSL will need to upgrade. * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.5. The new minimum LibreSSL version is 3.5.0. Going forward our policy is to support versions of LibreSSL that are available in versions of OpenBSD that are still receiving security support. * **BACKWARDS INCOMPATIBLE:** Removed the ``encode_point`` and ``from_encoded_point`` methods on :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers`, which had been deprecated for several years. :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.public_bytes` and :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from_encoded_point` should be used instead. * **BACKWARDS INCOMPATIBLE:** Support for using MD5 or SHA1 in :class:`~cryptography.x509.CertificateBuilder`, other X.509 builders, and PKCS7 has been removed. * **ANNOUNCEMENT:** The next version of ``cryptography`` (40.0) will change the way we link OpenSSL. This will only impact users who build ``cryptography`` from source (i.e., not from a ``wheel``), and specify their own version of OpenSSL. For those users, the ``CFLAGS``, ``LDFLAGS``, ``INCLUDE``, ``LIB``, and ``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS`` environment variables will no longer be respected. Instead, users will need to configure their builds `as documented here`_. * Added support for disabling the legacy provider in OpenSSL 3.0.x * Added support for disabling RSA key validation checks when loading RSA keys via ~cryptography.hazmat.primitives.serialization.load_pem_private_key
Dominique Leuenberger (dimstar_suse)
accepted
request 1041379
from
Dirk Mueller (dirkmueller)
(revision 69)
Dominique Leuenberger (dimstar_suse)
accepted
request 1007100
from
Dirk Mueller (dirkmueller)
(revision 67)
- update to 38.0.1: * Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically seen in large CRLs). * Final deprecation of OpenSSL 1.1.0. The next release of ``cryptography`` will drop support. * We no longer ship ``manylinux2010`` wheels. Users should upgrade to the latest ``pip`` to ensure this doesn't cause issues downloading wheels on their platform. We now ship ``manylinux_2_28`` wheels for users on new enough platforms. * Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0. Users with the latest ``pip`` will typically get a wheel and not need Rust installed, but check :doc:`/installation` for documentation on installing a newer ``rustc`` if required. * :meth:`~cryptography.fernet.Fernet.decrypt` and related methods now accept both ``str`` and ``bytes`` tokens. * Parsing ``CertificateSigningRequest`` restores the behavior of enforcing that the ``Extension`` ``critical`` field must be correctly encoded DER. See `the issue <https://github.com/pyca/cryptography/issues/6368>`_ for complete details. * Added two new OpenSSL functions to the bindings to support an upcoming ``pyOpenSSL`` release. * When parsing :class:`~cryptography.x509.CertificateRevocationList` and :class:`~cryptography.x509.CertificateSigningRequest` values, it is now enforced that the ``version`` value in the input must be valid according to the rules of :rfc:`2986` and :rfc:`5280`. * Using MD5 or SHA1 in :class:`~cryptography.x509.CertificateBuilder` and other X.509 builders is deprecated and support will be removed in the next version. * Added additional APIs to :class:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp`, including
Dominique Leuenberger (dimstar_suse)
accepted
request 990237
from
Dirk Mueller (dirkmueller)
(revision 66)
- update to 37.0.4: * updated wheels to b ecompiled against openssl 3.0.5
Dominique Leuenberger (dimstar_suse)
accepted
request 978871
from
Dirk Mueller (dirkmueller)
(revision 64)
- update to 37.0.2: * Fixed an issue where parsing an encrypted private key with the public loader functions would hang waiting for console input on OpenSSL 3.0.x rather than raising an error. * Restored some legacy symbols for older ``pyOpenSSL`` users. These will be removed again in the future, so ``pyOpenSSL`` users should still upgrade to the latest version of that package when they upgrade ``cryptography``. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.2. * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL 2.9.x and 3.0.x. The new minimum LibreSSL version is 3.1+. * **BACKWARDS INCOMPATIBLE:** Removed ``signer`` and ``verifier`` methods from the public key and private key classes. These methods were originally deprecated in version 2.0, but had an extended deprecation timeline due to usage. Any remaining users should transition to ``sign`` and ``verify``. * Deprecated OpenSSL 1.1.0 support. OpenSSL 1.1.0 is no longer supported by the OpenSSL project. The next release of ``cryptography`` will be the last to support compiling with OpenSSL 1.1.0. * Deprecated Python 3.6 support. Python 3.6 is no longer supported by the Python core team. Support for Python 3.6 will be removed in a future ``cryptography`` release. * Deprecated the current minimum supported Rust version (MSRV) of 1.41.0. In the next release we will raise MSRV to 1.48.0. Users with the latest ``pip`` will typically get a wheel and not need Rust installed, but check :doc:`/installation` for documentation on installing a newer ``rustc`` if required. * Deprecated :class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`, :class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`, :class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`, and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish` because
Dominique Leuenberger (dimstar_suse)
accepted
request 970348
from
Dirk Mueller (dirkmueller)
(revision 63)
- drops CVE-2020-36242-buffer-overflow.patch on older dists - drops 5507-mitigate-Bleichenbacher-attacks.patch on older dists
Dominique Leuenberger (dimstar_suse)
accepted
request 969844
from
Dirk Mueller (dirkmueller)
(revision 62)
- update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331):
Dominique Leuenberger (dimstar_suse)
accepted
request 969246
from
Dirk Mueller (dirkmueller)
(revision 61)
- update to 3.3.2 (bsc#1182066, CVE-2020-36242): - update to 3.2 (bsc#1178168, CVE-2020-25659):
Dominique Leuenberger (dimstar_suse)
accepted
request 965085
from
Dirk Mueller (dirkmueller)
(revision 60)
- update to 36.0.2: * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1n.
Dominique Leuenberger (dimstar_suse)
accepted
request 955476
from
Dirk Mueller (dirkmueller)
(revision 59)
- split tests in a multibuild variant to optimize rebuild time a bit
Dominique Leuenberger (dimstar_suse)
accepted
request 941719
from
Dirk Mueller (dirkmueller)
(revision 58)
- update to 36.0.1: * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1m.
Dominique Leuenberger (dimstar_suse)
accepted
request 934527
from
Dirk Mueller (dirkmueller)
(revision 57)
- update to 36.0.0: * FINAL DEPRECATION Support for verifier and signer on our asymmetric key classes was deprecated in version 2.1. These functions had an extended deprecation due to usage, however the next version of cryptography will drop support. Users should migrate to sign and verify. * The entire X.509 layer is now written in Rust. This allows alternate asymmetric key implementations that can support cloud key management services or hardware security modules provided they implement the necessary interface (for example: EllipticCurvePrivateKey). * Deprecated the backend argument for all functions. * Added support for AESOCB3. * Added support for iterating over arbitrary request attributes. * Deprecated the get_attribute_for_oid method on CertificateSigningRequest in favor of get_attribute_for_oid() on the new Attributes object. * Fixed handling of PEM files to allow loading when certificate and key are in the same file. * Fixed parsing of CertificatePolicies extensions containing legacy BMPString values in their explicitText. * Allow parsing of negative serial numbers in certificates. Negative serial numbers are prohibited by RFC 5280 so a deprecation warning will be raised whenever they are encountered. A future version of cryptography will drop support for parsing them. * Added support for parsing PKCS12 files with friendly names for all certificates with load_pkcs12(), which will return an object of type PKCS12KeyAndCertificates. * rfc4514_string() and related methods now have an optional attr_name_overrides parameter to supply custom OID to name mappings, which can be used to match vendor-specific extensions. * BACKWARDS INCOMPATIBLE: Reverted the nonstandard formatting of email address fields as E in rfc4514_string() methods from version 35.0. * The previous behavior can be restored with:
Dominique Leuenberger (dimstar_suse)
accepted
request 888465
from
Matej Cepl (mcepl)
(revision 55)
- Remove unnecessary %ifpython3 construct
Dominique Leuenberger (dimstar_suse)
accepted
request 870297
from
Markéta Machová (mcalabkova)
(revision 54)
Dominique Leuenberger (dimstar_suse)
accepted
request 857128
from
Dirk Mueller (dirkmueller)
(revision 53)
- update to 3.3.1: * Re-added a legacy symbol causing problems for older ``pyOpenSSL`` use
Dominique Leuenberger (dimstar_suse)
accepted
request 854279
from
Matej Cepl (mcepl)
(revision 52)
- update to 3.3.0 - BACKWARDS INCOMPATIBLE: Support for Python 3.5 has been removed due to low usage and maintenance burden. - BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit to 1024-bit (8 byte to 128 byte) initialization vectors. This change is to conform with an upcoming OpenSSL release that will no longer support sizes outside this window. - BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we now raise ValueError rather than UnsupportedAlgorithm when an unsupported cipher is used. This change is to conform with an upcoming OpenSSL release that will no longer distinguish between error types. - BACKWARDS INCOMPATIBLE: We no longer allow loading of finite field Diffie-Hellman parameters of less than 512 bits in length. This change is to conform with an upcoming OpenSSL release that no longer supports smaller sizes. These keys were already wildly insecure and should not have been used in any application outside of testing. - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1i. - Python 2 support is deprecated in cryptography. This is the last release that will support Python 2. - Added the recover_data_from_signature() function to RSAPublicKey for recovering the signed data from an RSA signature. - Remove unnecessary dependency virtualenv.
Displaying revisions 21 - 40 of 90