Subject: CVS commit: pkgsrc/security
From: Adam Ciarcinski
Date: 2022-09-07 10:04:18
Message id: 20220907080419.13644FA90@cvs.NetBSD.org

Log Message:
py-cryptography py-cryptography_vectors: updated to 38.0.0

38.0.0 - 2022-09-06
~~~~~~~~~~~~~~~~~~~

* Final deprecation of OpenSSL 1.1.0. The next release of ``cryptography``
  will drop support.
* We no longer ship ``manylinux2010`` wheels. Users should upgrade to the
  latest ``pip`` to ensure this doesn't cause issues downloading wheels on
  their platform. We now ship ``manylinux_2_28`` wheels for users on new
  enough platforms.
* Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0.
  Users with the latest ``pip`` will typically get a wheel and not need Rust
  installed, but check :doc:`/installation` for documentation on installing a
  newer ``rustc`` if required.
* :meth:`~cryptography.fernet.Fernet.decrypt` and related methods now accept
  both ``str`` and ``bytes`` tokens.
* Parsing ``CertificateSigningRequest`` restores the behavior of enforcing
  that the ``Extension`` ``critical`` field must be correctly encoded DER. See
  `the issue <https://github.com/pyca/cryptography/issues/6368>`_ for complete
  details.
* Added two new OpenSSL functions to the bindings to support an upcoming
  ``pyOpenSSL`` release.
* When parsing :class:`~cryptography.x509.CertificateRevocationList` and
  :class:`~cryptography.x509.CertificateSigningRequest` values, it is now
  enforced that the ``version`` value in the input must be valid according to
  the rules of :rfc:`2986` and :rfc:`5280`.
* Using MD5 or SHA1 in :class:`~cryptography.x509.CertificateBuilder` and
  other X.509 builders is deprecated and support will be removed in the next
  version.
* Added additional APIs to
  \ 
:class:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp`, \ 
including
  \ 
:attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.si \ 
gnature_hash_algorithm`,
  \ 
:attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.si \ 
gnature_algorithm`,
  \ 
:attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature`, \ 
and
  \ 
:attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.ex \ 
tension_bytes`.
* Added :attr:`~cryptography.x509.Certificate.tbs_precertificate_bytes`, allowing
  users to access the to-be-signed pre-certificate data needed for signed
  certificate timestamp verification.
* :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFHMAC` and
  :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC` now support
  :attr:`~cryptography.hazmat.primitives.kdf.kbkdf.CounterLocation.MiddleFixed`
  counter location.
* Fixed :rfc:`4514` name parsing to reverse the order of the RDNs according
  to the section 2.1 of the RFC, affecting method
  :meth:`~cryptography.x509.Name.from_rfc4514_string`.
* It is now possible to customize some aspects of encryption when serializing
  private keys, using
  \ 
:meth:`~cryptography.hazmat.primitives.serialization.PrivateFormat.encryption_bu \ 
ilder`.
* Removed several legacy symbols from our OpenSSL bindings. Users of pyOpenSSL
  versions older than 22.0 will need to upgrade.
* Added
  :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES128` and
  :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES256` classes.
  These classes do not replace
  :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES` (which
  allows all AES key lengths), but are intended for applications where
  developers want to be explicit about key length.

Files:
RevisionActionfile
1.89modifypkgsrc/security/py-cryptography/Makefile
1.28modifypkgsrc/security/py-cryptography/PLIST
1.2modifypkgsrc/security/py-cryptography/cargo-depends.mk
1.71modifypkgsrc/security/py-cryptography/distinfo
1.33modifypkgsrc/security/py-cryptography_vectors/Makefile
1.18modifypkgsrc/security/py-cryptography_vectors/PLIST
1.33modifypkgsrc/security/py-cryptography_vectors/distinfo