2024-02-25 16:54:58 by Thomas Klausner | Files touched by this commit (5) | |
Log message: py-cryptography*: update to 42.0.5 42.0.5 - 2024-02-23 ~~~~~~~~~~~~~~~~~~~ * Limit the number of name constraint checks that will be performed in :mod:`X.509 path validation <cryptography.x509.verification>` to protect against denial of service attacks. * Upgrade ``pyo3`` version, which fixes building on PowerPC. |
2024-02-21 07:42:24 by Adam Ciarcinski | Files touched by this commit (4) | |
Log message: py-cryptography py-cryptography_vectors: updated to 42.0.4 42.0.4 - 2024-02-20 * Fixed a null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the issue. **CVE-2024-26130** * Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields \ ``SMIMECapabilities`` and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according \ to the definitions in :rfc:`2633` :rfc:`3370`. |
2024-02-16 20:10:49 by Adam Ciarcinski | Files touched by this commit (4) | |
Log message: py-cryptography[_vectors]: updated to 42.0.3 42.0.3 - 2024-02-15 * Fixed an initialization issue that caused key loading failures for some users. |
2024-01-30 20:42:47 by Adam Ciarcinski | Files touched by this commit (4) | |
Log message: py-cryptography py-cryptography_vectors: updated to 42.0.2 42.0.2 - 2024-01-30 ~~~~~~~~~~~~~~~~~~~ * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1. * Fixed an issue that prevented the use of Python buffer protocol objects in ``sign`` and ``verify`` methods on asymmetric keys. * Fixed an issue with incorrect keyword-argument naming with \ ``EllipticCurvePrivateKey`` \ :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exc \ hange`, ``X25519PrivateKey`` \ :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchan \ ge`, ``X448PrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`, and ``DHPrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`. |
2024-01-25 06:56:58 by Adam Ciarcinski | Files touched by this commit (5) | |
Log message: py-cryptography py-cryptography_vectors: updated to 42.0.1 42.0.1 - 2024-01-24 * Fixed an issue with incorrect keyword-argument naming with \ ``EllipticCurvePrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign`. * Resolved compatibility issue with loading certain RSA public keys in :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`. |
2024-01-23 07:33:49 by Adam Ciarcinski | Files touched by this commit (7) | |
Log message: py-cryptography py-cryptography_vectors: updated to 42.0.0 42.0.0 - 2024-01-22 ~~~~~~~~~~~~~~~~~~~ * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.7. * **BACKWARDS INCOMPATIBLE:** Loading a PKCS7 with no content field using \ :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certif \ icates` or \ :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certif \ icates` will now raise a ``ValueError`` rather than return an empty list. * Parsing SSH certificates no longer permits malformed critical options with values, as documented in the 41.0.2 release notes. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.0. * Updated the minimum supported Rust version (MSRV) to 1.63.0, from 1.56.0. * We now publish both ``py37`` and ``py39`` ``abi3`` wheels. This should resolve some errors relating to initializing a module multiple times per process. * Support :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` for X.509 certificate signing requests and certificate revocation lists with the keyword-only argument ``rsa_padding`` on the ``sign`` methods for :class:`~cryptography.x509.CertificateSigningRequestBuilder` and :class:`~cryptography.x509.CertificateRevocationListBuilder`. * Added support for obtaining X.509 certificate signing request signature algorithm parameters (including PSS) via \ :meth:`~cryptography.x509.CertificateSigningRequest.signature_algorithm_paramete \ rs`. * Added support for obtaining X.509 certificate revocation list signature algorithm parameters (including PSS) via \ :meth:`~cryptography.x509.CertificateRevocationList.signature_algorithm_paramete \ rs`. * Added ``mgf`` property to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. * Added ``algorithm`` and ``mgf`` properties to :class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP`. * Added the following properties that return timezone-aware ``datetime`` objects: :meth:`~cryptography.x509.Certificate.not_valid_before_utc`, :meth:`~cryptography.x509.Certificate.not_valid_after_utc`, :meth:`~cryptography.x509.RevokedCertificate.revocation_date_utc`, :meth:`~cryptography.x509.CertificateRevocationList.next_update_utc`, :meth:`~cryptography.x509.CertificateRevocationList.last_update_utc`. These are timezone-aware variants of existing properties that return naïve ``datetime`` objects. * Deprecated the following properties that return naïve ``datetime`` objects: :meth:`~cryptography.x509.Certificate.not_valid_before`, :meth:`~cryptography.x509.Certificate.not_valid_after`, :meth:`~cryptography.x509.RevokedCertificate.revocation_date`, :meth:`~cryptography.x509.CertificateRevocationList.next_update`, :meth:`~cryptography.x509.CertificateRevocationList.last_update` in favor of the new timezone-aware variants mentioned above. * Added support for :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20` on LibreSSL. * Added support for RSA PSS signatures in PKCS7 with \ :meth:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7SignatureBuilder \ .add_signer`. * In the next release (43.0.0) of cryptography, loading an X.509 certificate with a negative serial number will raise an exception. This has been deprecated since 36.0.0. * Added support for :class:`~cryptography.hazmat.primitives.ciphers.aead.AESGCMSIV` when using OpenSSL 3.2.0+. * Added the :mod:`X.509 path validation <cryptography.x509.verification>` APIs for :class:`~cryptography.x509.Certificate` chains. These APIs should be considered unstable and not subject to our stability guarantees until documented as such in a future release. * Added support for :class:`~cryptography.hazmat.primitives.ciphers.algorithms.SM4` :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` when using OpenSSL 3.0 or greater. |
2023-11-28 18:37:24 by Adam Ciarcinski | Files touched by this commit (6) | |
Log message: py-cryptography py-cryptography_vectors: updated to 41.0.7 41.0.7 - 2023-11-27 Fixed compilation when using LibreSSL 3.8.2. 41.0.6 - 2023-11-27 Fixed a null-pointer-dereference and segfault that could occur when loading \ certificates from a PKCS#7 bundle. Credit to pkuzco for reporting the issue. \ CVE-2023-49083 |
2023-10-28 21:57:26 by Thomas Klausner | Files touched by this commit (516) | |
Log message: python/wheel.mk: simplify a lot, and switch to 'installer' for installation This follows the recommended bootstrap method (flit_core, build, installer). However, installer installs different files than pip, so update PLISTs for all packages using wheel.mk and bump their PKGREVISIONs. |