Navigation:
Browse pkgsrc
(this page) 2023-05-31 14:57:15 by Adam Ciarcinski | Files touched by this commit (7) |  |
Log message: py-cryptography py-cryptography_vectors: updated to 41.0.0 41.0.0 - 2023-05-30 BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1d has been removed. \ Users on older version of OpenSSL will need to upgrade. BACKWARDS INCOMPATIBLE: Support for Python 3.6 has been removed. BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.6. Updated the minimum supported Rust version (MSRV) to 1.56.0, from 1.48.0. Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.1. Added support for the :class:`~cryptography.x509.OCSPAcceptableResponses` OCSP \ extension. Added support for the :class:`~cryptography.x509.MSCertificateTemplate` \ proprietary Microsoft certificate extension. Implemented support for equality checks on all asymmetric public key types. Added support for aes256-gcm@openssh.com encrypted keys in \ :func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`. Added support for obtaining X.509 certificate signature algorithm parameters \ (including PSS) via \ :meth:`~cryptography.x509.Certificate.signature_algorithm_parameters`. Support signing :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` \ X.509 certificates via the new keyword-only argument rsa_padding on \ :meth:`~cryptography.x509.CertificateBuilder.sign`. Added support for \ :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305` on \ BoringSSL. |
| 2023-04-18 19:16:21 by Adam Ciarcinski | Files touched by this commit (7) | |
Log message:
py-cryptography py-cryptography_vectors: updated to 40.0.2
40.0.2 - 2023-04-14
* Fixed compilation when using LibreSSL 3.7.2.
40.0.1 - 2023-03-24
* Fixed a bug where certain operations would fail if an object happened to be
in the top-half of the memory-space. This only impacted 32-bit systems.
40.0.0 - 2023-03-24
* **BACKWARDS INCOMPATIBLE:** As announced in the 39.0.0 changelog, the way
``cryptography`` links OpenSSL has changed. This only impacts users who
build ``cryptography`` from source (i.e., not from a ``wheel``), and
specify their own version of OpenSSL. For those users, the ``CFLAGS``,
``LDFLAGS``, ``INCLUDE``, ``LIB``, and ``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS``
environment variables are no longer valid. Instead, users need to configure
their builds `as documented here`_.
* Support for Python 3.6 is deprecated and will be removed in the next
release.
* Deprecated the current minimum supported Rust version (MSRV) of 1.48.0.
In the next release we will raise MSRV to 1.56.0. Users with the latest
``pip`` will typically get a wheel and not need Rust installed, but check
:doc:`/installation` for documentation on installing a newer ``rustc`` if
required.
* Deprecated support for OpenSSL less than 1.1.1d. The next release of
``cryptography`` will drop support for older versions.
* Deprecated support for DSA keys in
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key`
and
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`.
* Deprecated support for OpenSSH serialization in
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`
and
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`.
* The minimum supported version of PyPy3 is now 7.3.10.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.0.
* Added support for parsing SSH certificates in addition to public keys with
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_identity`.
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key`
continues to support only public keys.
* Added support for generating SSH certificates with
:class:`~cryptography.hazmat.primitives.serialization.SSHCertificateBuilder`.
* Added :meth:`~cryptography.x509.Certificate.verify_directly_issued_by` to
:class:`~cryptography.x509.Certificate`.
* Added a check to :class:`~cryptography.x509.NameConstraints` to ensure that
:class:`~cryptography.x509.DNSName` constraints do not contain any ``*``
wildcards.
* Removed many unused CFFI OpenSSL bindings. This will not impact you unless
you are using ``cryptography`` to directly invoke OpenSSL's C API. Note that
these have never been considered a stable, supported, public API by
``cryptography``, this note is included as a courtesy.
* The X.509 builder classes now raise ``UnsupportedAlgorithm`` instead of
``ValueError`` if an unsupported hash algorithm is passed.
* Added public union type aliases for type hinting:
* Asymmetric types:
:const:`~cryptography.hazmat.primitives.asymmetric.types.PublicKeyTypes`,
:const:`~cryptography.hazmat.primitives.asymmetric.types.PrivateKeyTypes`,
\
:const:`~cryptography.hazmat.primitives.asymmetric.types.CertificatePublicKeyTyp \
es`,
\
:const:`~cryptography.hazmat.primitives.asymmetric.types.CertificateIssuerPublic \
KeyTypes`,
\
:const:`~cryptography.hazmat.primitives.asymmetric.types.CertificateIssuerPrivat \
eKeyTypes`.
* SSH keys:
:const:`~cryptography.hazmat.primitives.serialization.SSHPublicKeyTypes`,
:const:`~cryptography.hazmat.primitives.serialization.SSHPrivateKeyTypes`,
:const:`~cryptography.hazmat.primitives.serialization.SSHCertPublicKeyTypes`,
:const:`~cryptography.hazmat.primitives.serialization.SSHCertPrivateKeyTypes`.
* PKCS12:
\
:const:`~cryptography.hazmat.primitives.serialization.pkcs12.PKCS12PrivateKeyTyp \
es`
* PKCS7:
:const:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7HashTypes`,
\
:const:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7PrivateKeyTypes \
`.
* Two-factor:
:const:`~cryptography.hazmat.primitives.twofactor.hotp.HOTPHashTypes`
* Deprecated previously undocumented but not private type aliases in the
``cryptography.hazmat.primitives.asymmetric.types`` module in favor of new
ones above.
|
| 2023-03-03 11:12:56 by Adam Ciarcinski | Files touched by this commit (4) | |
Log message: py-cryptography py-cryptography_vectors: updated to 39.0.2 39.0.2 Fixed a bug where the content type header was not properly encoded for PKCS7 \ signatures when using the Text option and SMIME encoding. |
| 2023-01-11 11:17:19 by Adam Ciarcinski | Files touched by this commit (7) | |
Log message: py-cryptography py-cryptography_vectors: updated to 39.0.0 39.0.0 - 2023-01-01 * **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.0 has been removed. Users on older version of OpenSSL will need to upgrade. * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.5. The new minimum LibreSSL version is 3.5.0. Going forward our policy is to support versions of LibreSSL that are available in versions of OpenBSD that are still receiving security support. * **BACKWARDS INCOMPATIBLE:** Removed the ``encode_point`` and ``from_encoded_point`` methods on :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers`, which had been deprecated for several years. \ :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.publ \ ic_bytes` and \ :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from \ _encoded_point` should be used instead. * **BACKWARDS INCOMPATIBLE:** Support for using MD5 or SHA1 in :class:`~cryptography.x509.CertificateBuilder`, other X.509 builders, and PKCS7 has been removed. * **BACKWARDS INCOMPATIBLE:** Dropped support for macOS 10.10 and 10.11, macOS users must upgrade to 10.12 or newer. * **ANNOUNCEMENT:** The next version of ``cryptography`` (40.0) will change the way we link OpenSSL. This will only impact users who build ``cryptography`` from source (i.e., not from a ``wheel``), and specify their own version of OpenSSL. For those users, the ``CFLAGS``, ``LDFLAGS``, ``INCLUDE``, ``LIB``, and ``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS`` environment variables will no longer be respected. Instead, users will need to configure their builds `as documented here`_. * Added support for :ref:`disabling the legacy provider in OpenSSL 3.0.x<legacy-provider>`. * Added support for disabling RSA key validation checks when loading RSA keys via :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`, :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`, and \ :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers.private_ \ key`. This speeds up key loading but is :term:`unsafe` if you are loading potentially attacker supplied keys. * Significantly improved performance for :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305` when repeatedly calling ``encrypt`` or ``decrypt`` with the same key. * Added support for creating OCSP requests with precomputed hashes using :meth:`~cryptography.x509.ocsp.OCSPRequestBuilder.add_certificate_by_hash`. * Added support for loading multiple PEM-encoded X.509 certificates from a single input via :func:`~cryptography.x509.load_pem_x509_certificates`. |
| 2022-11-28 09:49:08 by Adam Ciarcinski | Files touched by this commit (5) | |
Log message: py-cryptography py-cryptography_vectors: updated to 38.0.4 38.0.4 - 2022-11-27 Fixed compilation when using LibreSSL 3.6.0. Fixed error when using py2app to build an application with a cryptography dependency. |
| 2022-11-02 09:41:16 by Adam Ciarcinski | Files touched by this commit (4) | |
Log message: py-cryptography: updated to 38.0.3 38.0.3 - 2022-11-01 ~~~~~~~~~~~~~~~~~~~ * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.7, which resolves *CVE-2022-3602* and *CVE-2022-3786*. 38.0.2 - 2022-10-11 ~~~~~~~~~~~~~~~~~~~ This release was subsequently yanked from PyPI due to a regression in OpenSSL. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.6. |
| 2022-09-08 07:08:52 by Adam Ciarcinski | Files touched by this commit (6) | |
Log message: py-cryptography py-cryptography_vectors: updated to 38.0.1 38.0.1 * Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically seen in large CRLs). |
| 2022-09-07 10:04:18 by Adam Ciarcinski | Files touched by this commit (7) | |
Log message: py-cryptography py-cryptography_vectors: updated to 38.0.0 38.0.0 - 2022-09-06 ~~~~~~~~~~~~~~~~~~~ * Final deprecation of OpenSSL 1.1.0. The next release of ``cryptography`` will drop support. * We no longer ship ``manylinux2010`` wheels. Users should upgrade to the latest ``pip`` to ensure this doesn't cause issues downloading wheels on their platform. We now ship ``manylinux_2_28`` wheels for users on new enough platforms. * Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0. Users with the latest ``pip`` will typically get a wheel and not need Rust installed, but check :doc:`/installation` for documentation on installing a newer ``rustc`` if required. * :meth:`~cryptography.fernet.Fernet.decrypt` and related methods now accept both ``str`` and ``bytes`` tokens. * Parsing ``CertificateSigningRequest`` restores the behavior of enforcing that the ``Extension`` ``critical`` field must be correctly encoded DER. See `the issue <https://github.com/pyca/cryptography/issues/6368>`_ for complete details. * Added two new OpenSSL functions to the bindings to support an upcoming ``pyOpenSSL`` release. * When parsing :class:`~cryptography.x509.CertificateRevocationList` and :class:`~cryptography.x509.CertificateSigningRequest` values, it is now enforced that the ``version`` value in the input must be valid according to the rules of :rfc:`2986` and :rfc:`5280`. * Using MD5 or SHA1 in :class:`~cryptography.x509.CertificateBuilder` and other X.509 builders is deprecated and support will be removed in the next version. * Added additional APIs to \ :class:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp`, \ including \ :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.si \ gnature_hash_algorithm`, \ :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.si \ gnature_algorithm`, \ :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature`, \ and \ :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.ex \ tension_bytes`. * Added :attr:`~cryptography.x509.Certificate.tbs_precertificate_bytes`, allowing users to access the to-be-signed pre-certificate data needed for signed certificate timestamp verification. * :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFHMAC` and :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC` now support :attr:`~cryptography.hazmat.primitives.kdf.kbkdf.CounterLocation.MiddleFixed` counter location. * Fixed :rfc:`4514` name parsing to reverse the order of the RDNs according to the section 2.1 of the RFC, affecting method :meth:`~cryptography.x509.Name.from_rfc4514_string`. * It is now possible to customize some aspects of encryption when serializing private keys, using \ :meth:`~cryptography.hazmat.primitives.serialization.PrivateFormat.encryption_bu \ ilder`. * Removed several legacy symbols from our OpenSSL bindings. Users of pyOpenSSL versions older than 22.0 will need to upgrade. * Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES128` and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES256` classes. These classes do not replace :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES` (which allows all AES key lengths), but are intended for applications where developers want to be explicit about key length. |
| 2022-07-08 15:55:09 by Thomas Klausner | Files touched by this commit (1) |
Log message: py-cryptograhy_vectors: does not support python 2.7 |
| 2022-07-05 20:07:38 by Adam Ciarcinski | Files touched by this commit (4) | |
Log message: py-cryptography py-cryptography_vectors: updated too 37.0.4 37.0.4 - 2022-07-05 * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.5. 37.0.3 - 2022-06-21 * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.4. |
New packages: