2023-08-02 09:38:49 by Adam Ciarcinski | Files touched by this commit (4) | |
Log message: py-cryptography py-cryptography_vectors: updated to 41.0.3 41.0.3 - 2023-08-01 * Fixed performance regression loading DH public keys. * Fixed a memory leak when using :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305`. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.2. |
2023-07-11 09:49:22 by Adam Ciarcinski | Files touched by this commit (6) | |
Log message: py-cryptography py-cryptography_vectors: updated to 41.0.2 41.0.2 - 2023-07-10 ~~~~~~~~~~~~~~~~~~~ * Fixed bugs in creating and parsing SSH certificates where critical options with values were handled incorrectly. Certificates are now created correctly and parsing accepts correct values as well as the previously generated invalid forms with a warning. In the next release, support for parsing these invalid forms will be removed. |
2023-06-06 14:46:27 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message: py-cryptography_vectors: updated to 41.0.1 Sync with py-cryptography |
2023-05-31 14:57:15 by Adam Ciarcinski | Files touched by this commit (7) | |
Log message: py-cryptography py-cryptography_vectors: updated to 41.0.0 41.0.0 - 2023-05-30 BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1d has been removed. \ Users on older version of OpenSSL will need to upgrade. BACKWARDS INCOMPATIBLE: Support for Python 3.6 has been removed. BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.6. Updated the minimum supported Rust version (MSRV) to 1.56.0, from 1.48.0. Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.1. Added support for the :class:`~cryptography.x509.OCSPAcceptableResponses` OCSP \ extension. Added support for the :class:`~cryptography.x509.MSCertificateTemplate` \ proprietary Microsoft certificate extension. Implemented support for equality checks on all asymmetric public key types. Added support for aes256-gcm@openssh.com encrypted keys in \ :func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`. Added support for obtaining X.509 certificate signature algorithm parameters \ (including PSS) via \ :meth:`~cryptography.x509.Certificate.signature_algorithm_parameters`. Support signing :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` \ X.509 certificates via the new keyword-only argument rsa_padding on \ :meth:`~cryptography.x509.CertificateBuilder.sign`. Added support for \ :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305` on \ BoringSSL. |
2023-04-18 19:16:21 by Adam Ciarcinski | Files touched by this commit (7) | |
Log message: py-cryptography py-cryptography_vectors: updated to 40.0.2 40.0.2 - 2023-04-14 * Fixed compilation when using LibreSSL 3.7.2. 40.0.1 - 2023-03-24 * Fixed a bug where certain operations would fail if an object happened to be in the top-half of the memory-space. This only impacted 32-bit systems. 40.0.0 - 2023-03-24 * **BACKWARDS INCOMPATIBLE:** As announced in the 39.0.0 changelog, the way ``cryptography`` links OpenSSL has changed. This only impacts users who build ``cryptography`` from source (i.e., not from a ``wheel``), and specify their own version of OpenSSL. For those users, the ``CFLAGS``, ``LDFLAGS``, ``INCLUDE``, ``LIB``, and ``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS`` environment variables are no longer valid. Instead, users need to configure their builds `as documented here`_. * Support for Python 3.6 is deprecated and will be removed in the next release. * Deprecated the current minimum supported Rust version (MSRV) of 1.48.0. In the next release we will raise MSRV to 1.56.0. Users with the latest ``pip`` will typically get a wheel and not need Rust installed, but check :doc:`/installation` for documentation on installing a newer ``rustc`` if required. * Deprecated support for OpenSSL less than 1.1.1d. The next release of ``cryptography`` will drop support for older versions. * Deprecated support for DSA keys in :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` and :func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`. * Deprecated support for OpenSSH serialization in :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` and :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`. * The minimum supported version of PyPy3 is now 7.3.10. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.0. * Added support for parsing SSH certificates in addition to public keys with :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_identity`. :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` continues to support only public keys. * Added support for generating SSH certificates with :class:`~cryptography.hazmat.primitives.serialization.SSHCertificateBuilder`. * Added :meth:`~cryptography.x509.Certificate.verify_directly_issued_by` to :class:`~cryptography.x509.Certificate`. * Added a check to :class:`~cryptography.x509.NameConstraints` to ensure that :class:`~cryptography.x509.DNSName` constraints do not contain any ``*`` wildcards. * Removed many unused CFFI OpenSSL bindings. This will not impact you unless you are using ``cryptography`` to directly invoke OpenSSL's C API. Note that these have never been considered a stable, supported, public API by ``cryptography``, this note is included as a courtesy. * The X.509 builder classes now raise ``UnsupportedAlgorithm`` instead of ``ValueError`` if an unsupported hash algorithm is passed. * Added public union type aliases for type hinting: * Asymmetric types: :const:`~cryptography.hazmat.primitives.asymmetric.types.PublicKeyTypes`, :const:`~cryptography.hazmat.primitives.asymmetric.types.PrivateKeyTypes`, \ :const:`~cryptography.hazmat.primitives.asymmetric.types.CertificatePublicKeyTyp \ es`, \ :const:`~cryptography.hazmat.primitives.asymmetric.types.CertificateIssuerPublic \ KeyTypes`, \ :const:`~cryptography.hazmat.primitives.asymmetric.types.CertificateIssuerPrivat \ eKeyTypes`. * SSH keys: :const:`~cryptography.hazmat.primitives.serialization.SSHPublicKeyTypes`, :const:`~cryptography.hazmat.primitives.serialization.SSHPrivateKeyTypes`, :const:`~cryptography.hazmat.primitives.serialization.SSHCertPublicKeyTypes`, :const:`~cryptography.hazmat.primitives.serialization.SSHCertPrivateKeyTypes`. * PKCS12: \ :const:`~cryptography.hazmat.primitives.serialization.pkcs12.PKCS12PrivateKeyTyp \ es` * PKCS7: :const:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7HashTypes`, \ :const:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7PrivateKeyTypes \ `. * Two-factor: :const:`~cryptography.hazmat.primitives.twofactor.hotp.HOTPHashTypes` * Deprecated previously undocumented but not private type aliases in the ``cryptography.hazmat.primitives.asymmetric.types`` module in favor of new ones above. |
2023-03-03 11:12:56 by Adam Ciarcinski | Files touched by this commit (4) | |
Log message: py-cryptography py-cryptography_vectors: updated to 39.0.2 39.0.2 Fixed a bug where the content type header was not properly encoded for PKCS7 \ signatures when using the Text option and SMIME encoding. |
2023-01-11 11:17:19 by Adam Ciarcinski | Files touched by this commit (7) | |
Log message: py-cryptography py-cryptography_vectors: updated to 39.0.0 39.0.0 - 2023-01-01 * **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.0 has been removed. Users on older version of OpenSSL will need to upgrade. * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.5. The new minimum LibreSSL version is 3.5.0. Going forward our policy is to support versions of LibreSSL that are available in versions of OpenBSD that are still receiving security support. * **BACKWARDS INCOMPATIBLE:** Removed the ``encode_point`` and ``from_encoded_point`` methods on :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers`, which had been deprecated for several years. \ :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.publ \ ic_bytes` and \ :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from \ _encoded_point` should be used instead. * **BACKWARDS INCOMPATIBLE:** Support for using MD5 or SHA1 in :class:`~cryptography.x509.CertificateBuilder`, other X.509 builders, and PKCS7 has been removed. * **BACKWARDS INCOMPATIBLE:** Dropped support for macOS 10.10 and 10.11, macOS users must upgrade to 10.12 or newer. * **ANNOUNCEMENT:** The next version of ``cryptography`` (40.0) will change the way we link OpenSSL. This will only impact users who build ``cryptography`` from source (i.e., not from a ``wheel``), and specify their own version of OpenSSL. For those users, the ``CFLAGS``, ``LDFLAGS``, ``INCLUDE``, ``LIB``, and ``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS`` environment variables will no longer be respected. Instead, users will need to configure their builds `as documented here`_. * Added support for :ref:`disabling the legacy provider in OpenSSL 3.0.x<legacy-provider>`. * Added support for disabling RSA key validation checks when loading RSA keys via :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`, :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`, and \ :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers.private_ \ key`. This speeds up key loading but is :term:`unsafe` if you are loading potentially attacker supplied keys. * Significantly improved performance for :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305` when repeatedly calling ``encrypt`` or ``decrypt`` with the same key. * Added support for creating OCSP requests with precomputed hashes using :meth:`~cryptography.x509.ocsp.OCSPRequestBuilder.add_certificate_by_hash`. * Added support for loading multiple PEM-encoded X.509 certificates from a single input via :func:`~cryptography.x509.load_pem_x509_certificates`. |
2022-11-28 09:49:08 by Adam Ciarcinski | Files touched by this commit (5) | |
Log message: py-cryptography py-cryptography_vectors: updated to 38.0.4 38.0.4 - 2022-11-27 Fixed compilation when using LibreSSL 3.6.0. Fixed error when using py2app to build an application with a cryptography dependency. |
2022-11-02 09:41:16 by Adam Ciarcinski | Files touched by this commit (4) | |
Log message: py-cryptography: updated to 38.0.3 38.0.3 - 2022-11-01 ~~~~~~~~~~~~~~~~~~~ * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.7, which resolves *CVE-2022-3602* and *CVE-2022-3786*. 38.0.2 - 2022-10-11 ~~~~~~~~~~~~~~~~~~~ This release was subsequently yanked from PyPI due to a regression in OpenSSL. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.6. |
2022-09-08 07:08:52 by Adam Ciarcinski | Files touched by this commit (6) | |
Log message: py-cryptography py-cryptography_vectors: updated to 38.0.1 38.0.1 * Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically seen in large CRLs). |