Navigation:
Browse pkgsrc
(this page) 2022-09-07 10:04:18 by Adam Ciarcinski | Files touched by this commit (7) |  |
Log message: py-cryptography py-cryptography_vectors: updated to 38.0.0 38.0.0 - 2022-09-06 ~~~~~~~~~~~~~~~~~~~ * Final deprecation of OpenSSL 1.1.0. The next release of ``cryptography`` will drop support. * We no longer ship ``manylinux2010`` wheels. Users should upgrade to the latest ``pip`` to ensure this doesn't cause issues downloading wheels on their platform. We now ship ``manylinux_2_28`` wheels for users on new enough platforms. * Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0. Users with the latest ``pip`` will typically get a wheel and not need Rust installed, but check :doc:`/installation` for documentation on installing a newer ``rustc`` if required. * :meth:`~cryptography.fernet.Fernet.decrypt` and related methods now accept both ``str`` and ``bytes`` tokens. * Parsing ``CertificateSigningRequest`` restores the behavior of enforcing that the ``Extension`` ``critical`` field must be correctly encoded DER. See `the issue <https://github.com/pyca/cryptography/issues/6368>`_ for complete details. * Added two new OpenSSL functions to the bindings to support an upcoming ``pyOpenSSL`` release. * When parsing :class:`~cryptography.x509.CertificateRevocationList` and :class:`~cryptography.x509.CertificateSigningRequest` values, it is now enforced that the ``version`` value in the input must be valid according to the rules of :rfc:`2986` and :rfc:`5280`. * Using MD5 or SHA1 in :class:`~cryptography.x509.CertificateBuilder` and other X.509 builders is deprecated and support will be removed in the next version. * Added additional APIs to \ :class:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp`, \ including \ :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.si \ gnature_hash_algorithm`, \ :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.si \ gnature_algorithm`, \ :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature`, \ and \ :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.ex \ tension_bytes`. * Added :attr:`~cryptography.x509.Certificate.tbs_precertificate_bytes`, allowing users to access the to-be-signed pre-certificate data needed for signed certificate timestamp verification. * :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFHMAC` and :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC` now support :attr:`~cryptography.hazmat.primitives.kdf.kbkdf.CounterLocation.MiddleFixed` counter location. * Fixed :rfc:`4514` name parsing to reverse the order of the RDNs according to the section 2.1 of the RFC, affecting method :meth:`~cryptography.x509.Name.from_rfc4514_string`. * It is now possible to customize some aspects of encryption when serializing private keys, using \ :meth:`~cryptography.hazmat.primitives.serialization.PrivateFormat.encryption_bu \ ilder`. * Removed several legacy symbols from our OpenSSL bindings. Users of pyOpenSSL versions older than 22.0 will need to upgrade. * Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES128` and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES256` classes. These classes do not replace :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES` (which allows all AES key lengths), but are intended for applications where developers want to be explicit about key length. |
| 2022-07-08 15:55:09 by Thomas Klausner | Files touched by this commit (1) |
Log message: py-cryptograhy_vectors: does not support python 2.7 |
| 2022-07-05 20:07:38 by Adam Ciarcinski | Files touched by this commit (4) | |
Log message: py-cryptography py-cryptography_vectors: updated too 37.0.4 37.0.4 - 2022-07-05 * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.5. 37.0.3 - 2022-06-21 * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.4. |
| 2022-07-05 10:13:25 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message: py-cryptography_vectors: updated to 37.0.3 Match py-cryptography version. |
| 2022-01-04 21:55:40 by Thomas Klausner | Files touched by this commit (1595) |
Log message: *: bump PKGREVISION for egg.mk users They now have a tool dependency on py-setuptools instead of a DEPENDS |
| 2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605) |
Log message: security: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Unfetchable distfiles (fetched conditionally?): ./security/cyrus-sasl/distinfo \ cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2 |
| 2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606) |
Log message: security: Remove SHA1 hashes for distfiles |
| 2021-02-08 07:08:02 by Adam Ciarcinski | Files touched by this commit (4) | |
Log message: py-cryptography, py-cryptography_vectors: updated to 3.3.2 3.3.2: SECURITY ISSUE: Fixed a bug where certain sequences of update() calls when \ symmetrically encrypting very large payloads (>2GB) could result in an \ integer overflow, leading to buffer overflows. CVE-2020-36242 |
| 2020-12-14 08:31:18 by Adam Ciarcinski | Files touched by this commit (5) | |
Log message: py-cryptography py-cryptography_vectors: updated to 3.3.1 3.3.1: * Re-added a legacy symbol causing problems for older ``pyOpenSSL`` users. 3.3: * **BACKWARDS INCOMPATIBLE:** Support for Python 3.5 has been removed due to low usage and maintenance burden. * **BACKWARDS INCOMPATIBLE:** The :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` and :class:`~cryptography.hazmat.primitives.ciphers.aead.AESGCM` now require 64-bit to 1024-bit (8 byte to 128 byte) initialization vectors. This change is to conform with an upcoming OpenSSL release that will no longer support sizes outside this window. * **BACKWARDS INCOMPATIBLE:** When deserializing asymmetric keys we now raise ``ValueError`` rather than ``UnsupportedAlgorithm`` when an unsupported cipher is used. This change is to conform with an upcoming OpenSSL release that will no longer distinguish between error types. * **BACKWARDS INCOMPATIBLE:** We no longer allow loading of finite field Diffie-Hellman parameters of less than 512 bits in length. This change is to conform with an upcoming OpenSSL release that no longer supports smaller sizes. These keys were already wildly insecure and should not have been used in any application outside of testing. * Updated Windows, macOS, and ``manylinux`` wheels to be compiled with OpenSSL 1.1.1i. * Python 2 support is deprecated in ``cryptography``. This is the last release that will support Python 2. * Added the \ :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey.recover_data_ \ from_signature` function to :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` for recovering the signed data from an RSA signature. |
| 2020-11-24 09:56:55 by Adam Ciarcinski | Files touched by this commit (6) | |
Log message: py-cryptography py-cryptography_vectors: updated to 3.2.1 3.2.1 - 2020-10-27 Disable blinding on RSA public keys to address an error with some versions of \ OpenSSL. 3.2 - 2020-10-25 SECURITY ISSUE: Attempted to make RSA PKCS#1v1.5 decryption more constant time, \ to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by \ our API, we cannot completely mitigate this vulnerability and a future release \ will contain a new API which is designed to be resilient to these for contexts \ where it is required. Credit to Hubert Kario for reporting the issue. \ CVE-2020-25659 Support for OpenSSL 1.0.2 has been removed. Users on older version of OpenSSL \ will need to upgrade. Added basic support for PKCS7 signing (including SMIME) via \ :class:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7SignatureBuilde \ r`. 3.1.1 - 2020-09-22 Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1h. 3.1 - 2020-08-26 BACKWARDS INCOMPATIBLE: Removed support for idna based :term:`U-label` parsing \ in various X.509 classes. This support was originally deprecated in version 2.1 \ and moved to an extra in 2.5. Deprecated OpenSSL 1.0.2 support. OpenSSL 1.0.2 is no longer supported by the \ OpenSSL project. The next version of cryptography will drop support for it. Deprecated support for Python 3.5. This version sees very little use and will be \ removed in the next release. backend arguments to functions are no longer required and the default backend \ will automatically be selected if no backend is provided. Added initial support for parsing certificates from PKCS7 files with \ :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates` \ and \ :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates` \ . Calling update or update_into on \ :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with data longer \ than 231 bytes no longer raises an OverflowError. This also resolves the same \ issue in :doc:`/fernet`. 3.0 - 2020-07-20 BACKWARDS INCOMPATIBLE: Removed support for passing an \ :class:`~cryptography.x509.Extension` instance to \ :meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier`, \ as per our deprecation policy. BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.7.x, 2.8.x, and 2.9.0 has been \ removed (2.9.1+ is still supported). BACKWARDS INCOMPATIBLE: Dropped support for macOS 10.9, macOS users must upgrade \ to 10.10 or newer. BACKWARDS INCOMPATIBLE: RSA \ :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key` no \ longer accepts public_exponent values except 65537 and 3 (the latter for legacy \ purposes). BACKWARDS INCOMPATIBLE: X.509 certificate parsing now enforces that the version \ field contains a valid value, rather than deferring this check until \ :attr:`~cryptography.x509.Certificate.version` is accessed. Deprecated support for Python 2. At the time there is no time table for actually \ dropping support, however we strongly encourage all users to upgrade their \ Python, as Python 2 no longer receives support from the Python core team. If you have trouble suppressing this warning in tests view the :ref:`FAQ entry \ addressing this issue <faq-howto-handle-deprecation-warning>`. Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa \ private keys: \ :func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key` for \ loading and \ :attr:`~cryptography.hazmat.primitives.serialization.PrivateFormat.OpenSSH` for \ writing. Added support for OpenSSH certificates to \ :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key`. Added :meth:`~cryptography.fernet.Fernet.encrypt_at_time` and \ :meth:`~cryptography.fernet.Fernet.decrypt_at_time` to \ :class:`~cryptography.fernet.Fernet`. Added support for the :class:`~cryptography.x509.SubjectInformationAccess` X.509 \ extension. Added support for parsing \ :class:`~cryptography.x509.SignedCertificateTimestamps` in OCSP responses. Added support for parsing attributes in certificate signing requests via \ :meth:`~cryptography.x509.CertificateSigningRequest.get_attribute_for_oid`. Added support for encoding attributes in certificate signing requests via \ :meth:`~cryptography.x509.CertificateSigningRequestBuilder.add_attribute`. On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL's built-in CSPRNG \ instead of its own OS random engine because these versions of OpenSSL properly \ reseed on fork. Added initial support for creating PKCS12 files with \ :func:`~cryptography.hazmat.primitives.serialization.pkcs12.serialize_key_and_ce \ rtificates`. |
New packages: