File python3-cryptography.changes of Package python3-cryptography
-------------------------------------------------------------------
Sun Jan 29 14:57:28 UTC 2017 - michael@stroeder.com
- update to 1.7.2
-------------------------------------------------------------------
Wed Dec 14 20:31:53 UTC 2016 - michael@stroeder.com
- update to 1.7.1 which contains regression fix for 1.7
-------------------------------------------------------------------
Tue Dec 13 12:04:25 UTC 2016 - mimi.vx@gmail.com
- update to 1.7
* Support for OpenSSL 1.0.0 has been removed.
* Added support for Diffie-Hellman key exchange
* The OS random engine for OpenSSL has been rewritten
-------------------------------------------------------------------
Wed Nov 23 09:40:59 UTC 2016 - michael@stroeder.com
- update to 1.6
-------------------------------------------------------------------
Sun Nov 6 20:16:49 UTC 2016 - arun@gmx.de
- update to version 1.5.3:
* SECURITY ISSUE: Fixed a bug where HKDF would return an empty
byte-string if used with a length less than
algorithm.digest_size. Credit to Markus Döring for reporting the
issue.
-------------------------------------------------------------------
Fri Sep 30 15:03:38 UTC 2016 - arun@gmx.de
- update to version 1.5.2:
* Updated Windows and OS X wheels to be compiled against OpenSSL
1.0.2j.
-------------------------------------------------------------------
Sun Sep 25 16:01:50 UTC 2016 - arun@gmx.de
- update to version 1.5.1:
* Updated Windows and OS X wheels to be compiled against OpenSSL
1.0.2i.
* Resolved a UserWarning when used with cffi 1.8.3.
* Fixed a memory leak in name creation with X.509.
* Added a workaround for old versions of setuptools.
* Fixed an issue preventing cryptography from compiling against
OpenSSL 1.0.2i.
-------------------------------------------------------------------
Sun Aug 28 17:47:54 UTC 2016 - arun@gmx.de
- update to version 1.5:
* Added calculate_max_pss_salt_length().
* Added “one shot” sign() and verify() methods to DSA keys.
* Added “one shot” sign() and verify() methods to ECDSA keys.
* Switched back to the older callback model on Python 3.5 in order
to mitigate the locking callback problem with OpenSSL <1.1.0.
* CertificateBuilder, CertificateRevocationListBuilder, and
RevokedCertificateBuilder now accept timezone aware datetime
objects as method arguments
* cryptography now supports OpenSSL 1.1.0 as a compilation target.
-------------------------------------------------------------------
Sat Jun 18 19:00:08 UTC 2016 - arun@gmx.de
- update to version 1.4:
* Support for OpenSSL 0.9.8 has been removed. Users on older
versions of OpenSSL will need to upgrade.
* Added KBKDFHMAC.
* Added support for OpenSSH public key serialization.
* Added support for SHA-2 in RSA OAEP when using OpenSSL 1.0.2 or
greater.
* Added “one shot” sign() and verify() methods to RSA keys.
- changes from version 1.3.4:
* Added another OpenSSL function to the bindings to support an
upcoming pyOpenSSL release.
- changes from version 1.3.3:
* Added two new OpenSSL functions to the bindings to support an
upcoming pyOpenSSL release.
-------------------------------------------------------------------
Thu Jun 9 16:03:12 UTC 2016 - toddrme2178@gmail.com
- Really fix license
-------------------------------------------------------------------
Thu Jun 2 18:05:38 UTC 2016 - toddrme2178@gmail.com
- Fixed license
-------------------------------------------------------------------
Wed May 25 20:53:54 UTC 2016 - toddrme2178@gmail.com
- Add additional sources to spec file.
-------------------------------------------------------------------
Wed May 11 06:24:39 UTC 2016 - arun@gmx.de
- update to version 1.3.2:
* Updated Windows and OS X wheels to be compiled against OpenSSL
1.0.2h.
* Fixed an issue preventing cryptography from compiling against
LibreSSL 2.3.x.
-------------------------------------------------------------------
Sun May 8 06:59:30 UTC 2016 - arun@gmx.de
- specfile:
* updated source url to files.pythonhosted.org
-------------------------------------------------------------------
Tue Mar 22 00:54:41 UTC 2016 - michael@stroeder.com
- update to upstream release 1.3.1
* Fixed a bug that caused an AttributeError when using mock to
patch some cryptography modules.
-------------------------------------------------------------------
Fri Mar 18 14:39:05 UTC 2016 - michael@stroeder.com
- update to upstream release 1.3
* Added support for padding ANSI X.923 with ANSIX923.
* Deprecated support for OpenSSL 0.9.8. Support will be removed in
cryptography 1.4.
* Added support for the PolicyConstraints X.509 extension including both
parsing and generation using CertificateBuilder and
CertificateSigningRequestBuilder.
* Added is_signature_valid to CertificateSigningRequest.
* Fixed an intermittent AssertionError when performing an RSA decryption
on an invalid ciphertext, ValueError is now correctly raised in all
cases.
* Added from_issuer_subject_key_identifier().
-------------------------------------------------------------------
Sat Mar 5 15:36:10 UTC 2016 - arun@gmx.de
- update to version 1.2.3:
* Updated Windows and OS X wheels to be compiled against OpenSSL
1.0.2g.
-------------------------------------------------------------------
Sat Jan 30 17:43:17 UTC 2016 - arun@gmx.de
- specfile:
* update copyright year
- update to version 1.2.2:
* Updated Windows and OS X wheels to be compiled against OpenSSL
1.0.2f.
-------------------------------------------------------------------
Sat Jan 9 16:58:46 UTC 2016 - michael@stroeder.com
- aligned GPG signature check with package python-cryptography
- update to upstream release 1.2.1
1.2.1 - 2016-01-08
* Reverts a change to an OpenSSL EVP_PKEY object that caused
errors with pyOpenSSL.
1.2 - 2016-01-08
* BACKWARDS INCOMPATIBLE: RevokedCertificate extensions now
uses extension classes rather than returning raw values
inside the Extension value. The new classes are:
o CertificateIssuer
o CRLReason
o InvalidityDate
* Deprecated support for OpenSSL 0.9.8 and 1.0.0. At this time
there is no time table for actually dropping support,
however we strongly encourage all users to upgrade, as those
versions no longer receive support from the OpenSSL project.
* The Certificate class now has signature and
tbs_certificate_bytes attributes.
* The CertificateSigningRequest class now has signature and
tbs_certrequest_bytes attributes.
* The CertificateRevocationList class now has signature and
tbs_certlist_bytes attributes.
* NameConstraints are now supported in the CertificateBuilder
and CertificateSigningRequestBuilder.
* Support serialization of certificate revocation lists using
the public_bytes() method of CertificateRevocationList.
* Add support for parsing CertificateRevocationList extensions
() in the OpenSSL backend. The following extensions are
currently supported:
o AuthorityInformationAccess
o AuthorityKeyIdentifier
o CRLNumber
o IssuerAlternativeName
* Added CertificateRevocationListBuilder and
RevokedCertificateBuilder to allow creation of CRLs.
* Unrecognized non-critical X.509 extensions are now parsed
into an UnrecognizedExtension object.
-------------------------------------------------------------------
Sun Dec 13 20:53:57 UTC 2015 - arun@gmx.de
- update to version 1.1.2:
* Fixed a SIGBUS crash with the OS X wheels caused by redefinition
of a method.
* Fixed a runtime error undefined symbol EC_GFp_nistp224_method that
occurred with some OpenSSL installations.
* Updated Windows and OS X wheels to be compiled against OpenSSL
1.0.2e.
-------------------------------------------------------------------
Sun Nov 22 00:52:33 UTC 2015 - arun@gmx.de
- update to version 1.1.1:
* Fixed several small bugs related to compiling the OpenSSL bindings
with unusual OpenSSL configurations.
* Resolved an issue where, depending on the method of installation
and which Python interpreter they were using, users on El Capitan
(OS X 10.11) may have seen an InternalError on import.
-------------------------------------------------------------------
Sun Nov 1 05:11:49 UTC 2015 - arun@gmx.de
- update to version 1.1:
* Added support for Elliptic Curve Diffie-Hellman with ECDH.
* Added X963KDF.
* Added support for parsing certificate revocation lists (CRLs)
using load_pem_x509_crl() and load_der_x509_crl().
* Add support for AES key wrapping with aes_key_wrap() and
aes_key_unwrap().
* Added a __hash__ method to Name.
* Add support for encoding and decoding elliptic curve points to a
byte string form using encode_point() and from_encoded_point().
* Added get_extension_for_class().
* CertificatePolicies are now supported in the CertificateBuilder.
* countryName is now encoded as a PrintableString when creating
subject and issuer distinguished names with the Certificate and
CSR builder classes.
-------------------------------------------------------------------
Mon Oct 5 06:08:41 UTC 2015 - arun@gmx.de
- update to version 1.0.2:
* SECURITY ISSUE: The OpenSSL backend prior to 1.0.2 made extensive
use of assertions to check response codes where our tests could
not trigger a failure. However, when Python is run with -O these
asserts are optimized away. If a user ran Python with this flag
and got an invalid response code this could result in undefined
behavior or worse. Accordingly, all response checks from the
OpenSSL backend have been converted from assert to a true function
call. Credit Emilia Käsper (Google Security Team) for the report.
-------------------------------------------------------------------
Sun Sep 27 01:46:06 UTC 2015 - arun@gmx.de
- update to version 1.0.1:
* We now ship OS X wheels that statically link OpenSSL by
default. When installing a wheel on OS X 10.10+ (and using a
Python compiled against the 10.10 SDK) users will no longer need
to compile. See Installation for alternate installation methods if
required.
* Set the default string mask to UTF-8 in the OpenSSL backend to
resolve character encoding issues with older versions of OpenSSL.
* Several new OpenSSL bindings have been added to support a future
pyOpenSSL release.
* Raise an error during install on PyPy < 2.6. 1.0+ requires PyPy
2.6+.
-------------------------------------------------------------------
Sun Aug 16 00:51:29 UTC 2015 - arun@gmx.de
- update to version 1.0:
* Switched to the new cffi set_source out-of-line API mode for
compilation. This results in significantly faster imports and
lowered memory consumption. Due to this change we no longer support
PyPy releases older than 2.6 nor do we support any released version
of PyPy3 (until a version supporting cffi 1.0 comes out).
* Fix parsing of OpenSSH public keys that have spaces in comments.
* Support serialization of certificate signing requests using the
public_bytes method of CertificateSigningRequest.
* Support serialization of certificates using the public_bytes method
of Certificate.
* Add get_provisioning_uri method to HOTP and TOTP for generating
provisioning URIs.
* Add ConcatKDFHash and ConcatKDFHMAC.
* Raise a TypeError when passing objects that are not text as the
value to NameAttribute.
* Add support for OtherName as a general name type.
* Added new X.509 extension support in Certificate The following new
extensions are now supported:
+ OCSPNoCheck
+ InhibitAnyPolicy
+ IssuerAlternativeName
+ NameConstraints
* Extension support was added to CertificateSigningRequest.
* Add support for creating signed certificates with
CertificateBuilder. This includes support for the following
extensions:
+ BasicConstraints
+ SubjectAlternativeName
+ KeyUsage
+ ExtendedKeyUsage
+ SubjectKeyIdentifier
+ AuthorityKeyIdentifier
+ AuthorityInformationAccess
+ CRLDistributionPoints
+ InhibitAnyPolicy
+ IssuerAlternativeName
+ OCSPNoCheck
* Add support for creating certificate signing requests with
CertificateSigningRequestBuilder. This includes support for the
same extensions supported in the CertificateBuilder.
* Deprecate encode_rfc6979_signature and decode_rfc6979_signature in
favor of encode_dss_signature() and decode_dss_signature().
-------------------------------------------------------------------
Mon Jul 13 21:24:56 UTC 2015 - arun@gmx.de
- update to version 0.9.3:
* Updated Windows wheels to be compiled against OpenSSL 1.0.2d.
- changes from version 0.9.2:
* Updated Windows wheels to be compiled against OpenSSL 1.0.2c.
-------------------------------------------------------------------
Sat Jun 6 22:17:15 UTC 2015 - arun@gmx.de
- update to version 0.9.1:
* SECURITY ISSUE: Fixed a double free in the OpenSSL backend when
using DSA to verify signatures. Note that this only affects PyPy
2.6.0 and (presently unreleased) CFFI versions greater than 1.1.0.
-------------------------------------------------------------------
Mon May 25 05:52:00 UTC 2015 - arun@gmx.de
- specfile:
* add new requirement: pyton3-idna
- update to version 0.9:
* Removed support for Python 3.2. This version of Python is rarely
used and caused support headaches. Users affected by this should
upgrade to 3.3+.
* Deprecated support for Python 2.6. At the time there is no time
table for actually dropping support, however we strongly encourage
all users to upgrade their Python, as Python 2.6 no longer
receives support from the Python core team.
* Add support for the SECP256K1 elliptic curve.
* Fixed compilation when using an OpenSSL which was compiled with
the no-comp (OPENSSL_NO_COMP) option.
* Support DER serialization of public keys using the public_bytes
method of RSAPublicKeyWithSerialization,
DSAPublicKeyWithSerialization, and
EllipticCurvePublicKeyWithSerialization.
* Support DER serialization of private keys using the private_bytes
method of RSAPrivateKeyWithSerialization,
DSAPrivateKeyWithSerialization, and
EllipticCurvePrivateKeyWithSerialization.
* Add support for parsing X.509 certificate signing requests (CSRs)
with load_pem_x509_csr() and load_der_x509_csr().
* Moved cryptography.exceptions.InvalidToken to
cryptography.hazmat.primitives.twofactor.InvalidToken and
deprecated the old location. This was moved to minimize confusion
between this exception and cryptography.fernet.InvalidToken.
* Added support for X.509 extensions in Certificate objects. The
following extensions are supported as of this release:
- BasicConstraints
- AuthorityKeyIdentifier
- SubjectKeyIdentifier
- KeyUsage
- SubjectAlternativeName
- ExtendedKeyUsage
- CRLDistributionPoints
- AuthorityInformationAccess
- CertificatePolicies
Note that unsupported extensions with the critical flag raise
UnsupportedExtension while unsupported extensions set to
non-critical are silently ignored. Read the X.509 documentation
for more information.
-------------------------------------------------------------------
Sun Apr 12 05:00:32 UTC 2015 - arun@gmx.de
- update to version 0.8.2:
* Fixed a race condition when initializing the OpenSSL or
CommonCrypto backends in a multi-threaded scenario.
-------------------------------------------------------------------
Sun Mar 22 20:06:03 UTC 2015 - arun@gmx.de
- update to version 0.8.1:
* Updated Windows wheels to be compiled against OpenSSL 1.0.2a.
-------------------------------------------------------------------
Tue Mar 10 16:03:00 UTC 2015 - arun@gmx.de
- specfile:
* add python3-enum34 for opensuse 13.1
- update to version 0.8:
* load_ssh_public_key() can now load elliptic curve public keys.
* Added signature_hash_algorithm support to Certificate.
* Added rsa_recover_prime_factors()
* KeyDerivationFunction was moved from interfaces to kdf.
* Added support for parsing X.509 names. See the X.509 documentation
for more information.
* Added load_der_private_key() to support loading of DER encoded
private keys and load_der_public_key() to support loading DER
encoded public keys.
* Fixed building against LibreSSL, a compile-time substitute for
OpenSSL.
* FreeBSD 9.2 was removed from the continuous integration system.
* Updated Windows wheels to be compiled against OpenSSL 1.0.2.
* load_pem_public_key() and load_der_public_key() now support PKCS1
RSA public keys (in addition to the previous support for
SubjectPublicKeyInfo format for RSA, EC, and DSA).
* Added EllipticCurvePrivateKeyWithSerialization and deprecated
EllipticCurvePrivateKeyWithNumbers.
* Added private_bytes() to EllipticCurvePrivateKeyWithSerialization.
* Added RSAPrivateKeyWithSerialization and deprecated
RSAPrivateKeyWithNumbers.
* Added private_bytes() to RSAPrivateKeyWithSerialization.
* Added DSAPrivateKeyWithSerialization and deprecated
DSAPrivateKeyWithNumbers.
* Added private_bytes() to DSAPrivateKeyWithSerialization.
* Added RSAPublicKeyWithSerialization and deprecated
RSAPublicKeyWithNumbers.
* Added public_bytes() to RSAPublicKeyWithSerialization.
* Added EllipticCurvePublicKeyWithSerialization and deprecated
EllipticCurvePublicKeyWithNumbers.
* Added public_bytes() to EllipticCurvePublicKeyWithSerialization.
* Added DSAPublicKeyWithSerialization and deprecated
DSAPublicKeyWithNumbers.
* Added public_bytes() to DSAPublicKeyWithSerialization.
* HashAlgorithm and HashContext were moved from interfaces to
hashes.
* CipherContext, AEADCipherContext, AEADEncryptionContext,
CipherAlgorithm, and BlockCipherAlgorithm were moved from
interfaces to ciphers.
* Mode, ModeWithInitializationVector, ModeWithNonce, and
ModeWithAuthenticationTag were moved from interfaces to modes.
* PaddingContext was moved from interfaces to padding.
* AsymmetricPadding was moved from interfaces to padding.
* AsymmetricSignatureContext and AsymmetricVerificationContext were
moved from interfaces to asymmetric.
* DSAParameters, DSAParametersWithNumbers, DSAPrivateKey,
DSAPrivateKeyWithNumbers, DSAPublicKey and DSAPublicKeyWithNumbers
were moved from interfaces to dsa
* EllipticCurve, EllipticCurveSignatureAlgorithm,
EllipticCurvePrivateKey, EllipticCurvePrivateKeyWithNumbers,
EllipticCurvePublicKey, and EllipticCurvePublicKeyWithNumbers were
moved from interfaces to ec.
* RSAPrivateKey, RSAPrivateKeyWithNumbers, RSAPublicKey and
RSAPublicKeyWithNumbers were moved from interfaces to rsa.
-------------------------------------------------------------------
Sat Jan 17 02:32:27 UTC 2015 - arun@gmx.de
- specfile:
* removed signature and gpg-key (.asc signature not provided on pypi
for latest version anymore)
* require python3-pyasn1
* setup handles installations into lib64 correctly now, remove
code that moved files from lib->lib64 by hand
- update to version 0.7.2:
* Updated Windows wheels to be compiled against OpenSSL 1.0.1l.
* enum34 is no longer installed on Python 3.4, where it is included
in the standard library.
* Added a new function to the OpenSSL bindings to support additional
functionality in pyOpenSSL.
- changes from version 0.7.1:
* Fixed an issue preventing compilation on platforms where
OPENSSL_NO_SSL3 was defined.
- changes from version 0.7:
* Cryptography has been relicensed from the Apache Software License,
Version 2.0, to being available under either the Apache Software
License, Version 2.0, or the BSD license.
* Added key-rotation support to Fernet with MultiFernet.
* More bit-lengths are now supported for p and q when loading DSA
keys from numbers.
* Added MACContext as a common interface for CMAC and HMAC and
deprecated CMACContext.
* Added support for encoding and decoding RFC 6979 signatures in
Asymmetric Utilities.
* Added load_ssh_public_key() to support the loading of OpenSSH
public keys (RFC 4253). Only RSA and DSA keys are currently
supported.
* Added initial support for X.509 certificate parsing. See the X.509
documentation for more information.
- changes from version 0.6.1:
* Updated Windows wheels to be compiled against OpenSSL 1.0.1j.
* Fixed an issue where OpenSSL 1.0.1j changed the errors returned by
some functions.
* Added our license file to the cryptography-vectors package.
* Implemented DSA hash truncation support (per FIPS 186-3) in the
OpenSSL backend. This works around an issue in 1.0.0, 1.0.0a, and
1.0.0b where truncation was not implemented.
- changes from version 0.6:
* Added load_pem_private_key() to ease loading private keys, and
load_pem_public_key() to support loading public keys.
* Removed the, deprecated in 0.4, support for the salt_length
argument to the MGF1 constructor. The salt_length should be passed
to PSS instead.
* Fix compilation on OS X Yosemite.
* Deprecated elliptic_curve_private_key_from_numbers and
elliptic_curve_public_key_from_numbers in favor of
load_elliptic_curve_private_numbers and
load_elliptic_curve_public_numbers on EllipticCurveBackend.
* Added EllipticCurvePrivateKeyWithNumbers and
EllipticCurvePublicKeyWithNumbers support.
* Work around three GCM related bugs in CommonCrypto and OpenSSL.
* On the CommonCrypto backend adding AAD but not subsequently
calling update would return null tag bytes.
* One the CommonCrypto backend a call to update without an empty add
AAD call would return null ciphertext bytes.
* On the OpenSSL backend with certain versions adding AAD only would
give invalid tag bytes.
* Support loading EC private keys from PEM.
- changes from version 0.5.4:
* Added several functions to the OpenSSL bindings to support new
functionality in pyOpenSSL.
* Fixed a redefined constant causing compilation failure with
Solaris 11.2.
- changes from version 0.5.3:
* Updated Windows wheels to be compiled against OpenSSL 1.0.1i.
- changes from version 0.5.2:
* Add TraditionalOpenSSLSerializationBackend support to
MultiBackend.
* Fix compilation error on OS X 10.8 (Mountain Lion).
- changes from version 0.5.1:
* Add PKCS8SerializationBackend support to MultiBackend.
- changes from version 0.5:
* BACKWARDS INCOMPATIBLE: GCM no longer allows truncation of tags by
default. Previous versions of cryptography allowed tags to be
truncated by default, applications wishing to preserve this
behavior (not recommended) can pass the min_tag_length argument.
* Windows builds now statically link OpenSSL by default. When
installing a wheel on Windows you no longer need to install
OpenSSL separately. Windows users can switch between static and
dynamic linking with an environment variable. See Installation for
more details.
* Added HKDFExpand.
* Added CFB8 support for AES and TripleDES on CommonCrypto backend
and OpenSSL backend.
* Added AES CTR support to the OpenSSL backend when linked against
0.9.8.
* Added PKCS8SerializationBackend and
TraditionalOpenSSLSerializationBackend support to the OpenSSL
backend.
* Added Elliptic curve cryptography and EllipticCurveBackend.
* Added ECB support for TripleDES on CommonCrypto backend and
OpenSSL backend.
* Deprecated RSAPrivateKey in favor of backend specific providers of
the RSAPrivateKey interface.
* Deprecated RSAPublicKey in favor of backend specific providers of
the RSAPublicKey interface.
* Deprecated DSAPrivateKey in favor of backend specific providers of
the DSAPrivateKey interface.
* Deprecated DSAPublicKey in favor of backend specific providers of
the DSAPublicKey interface.
* Deprecated DSAParameters in favor of backend specific providers of
the DSAParameters interface.
* Deprecated encrypt_rsa, decrypt_rsa, create_rsa_signature_ctx and
create_rsa_verification_ctx on RSABackend.
* Deprecated create_dsa_signature_ctx and
create_dsa_verification_ctx on DSABackend.
- changes from version 0.4:
* Deprecated salt_length on MGF1 and added it to PSS. It will be
removed from MGF1 in two releases per our API stability policy.
* Added SEED support.
* Added CMAC.
* Added decryption support to RSAPrivateKey and encryption support
to RSAPublicKey.
* Added signature support to DSAPrivateKey and verification support
to DSAPublicKey.
- changes from version 0.3:
* Added HOTP.
* Added TOTP.
* Added IDEA support.
* Added signature support to RSAPrivateKey and verification support
to RSAPublicKey.
* Moved test vectors to the new cryptography_vectors package.
- changes from version 0.2.2:
* Removed a constant definition that was causing compilation
problems with specific versions of OpenSSL.
-------------------------------------------------------------------
Sun Jan 10 00:51:53 UTC 2015 - arun@gmx.de
- specfile:
* update copyright year
* remove ifs for opensuse version <=1220
-------------------------------------------------------------------
Mon Feb 24 12:43:32 UTC 2014 - mvyskocil@suse.com
- Initial packaging of python-cryptography for openSUSE
