Sync from SUSE:ALP:Source:Standard:1.0 python-cryptography revision 8d8e3e25d91408e1046f56c99c1064e0

python-cryptography.changes

@@ -1,3 +1,124 @@
+-------------------------------------------------------------------
+Thu Feb 22 17:10:39 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
+
+- update to 42.0.4 (bsc#1220210, CVE-2024-26130):
+  * Fixed a null-pointer-dereference and segfault that could occur
+    when creating a PKCS#12 bundle. Credit to Alexander-Programming
+    for reporting the issue. CVE-2024-26130
+  * Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields
+    SMIMECapabilities and SignatureAlgorithmIdentifier should now be
+    correctly encoded according to the definitions in :rfc:2633
+    :rfc:3370.
+- update to 42.0.3:
+  * Fixed an initialization issue that caused key loading failures for some
+    users.
+- Drop patch skip_openssl_memleak_test.patch not needed anymore.
+
+-------------------------------------------------------------------
+Wed Jan 31 17:24:29 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 42.0.2:
+  * Updated Windows, macOS, and Linux wheels to be compiled with
+    OpenSSL 3.2.1.
+  * Fixed an issue that prevented the use of Python buffer
+    protocol objects in sign and verify methods on asymmetric
+    keys.
+  * Fixed an issue with incorrect keyword-argument naming with
+    EllipticCurvePrivateKey :meth:`~cryptography.hazmat.primitive
+    s.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
+    X25519PrivateKey :meth:`~cryptography.hazmat.primitives.asymm
+    etric.x25519.X25519PrivateKey.exchange`, X448PrivateKey :meth
+    :`~cryptography.hazmat.primitives.asymmetric.x448.X448Private
+    Key.exchange`, and DHPrivateKey :meth:`~cryptography.hazmat.p
+    rimitives.asymmetric.dh.DHPrivateKey.exchange`.
+
+-------------------------------------------------------------------
+Mon Jan 29 14:01:49 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 42.0.1:
+  * Fixed an issue with incorrect keyword-argument naming with
+    EllipticCurvePrivateKey :meth:`~cryptography.hazmat.primitive
+    s.asymmetric.ec.EllipticCurvePrivateKey.sign`.
+  * Resolved compatibility issue with loading certain RSA public
+    keys in :func:`~cryptography.hazmat.primitives.serialization.
+    load_pem_public_key`.
+  * BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.7.
+  * BACKWARDS INCOMPATIBLE: Loading a PKCS7 with no content field
+    using :func:`~cryptography.hazmat.primitives.serialization.pk
+    cs7.load_pem_pkcs7_certificates` or :func:`~cryptography.hazm
+    at.primitives.serialization.pkcs7.load_der_pkcs7_certificates
+    ` will now raise a ValueError rather than return an empty
+    list.
+  * Parsing SSH certificates no longer permits malformed critical
+    options with values, as documented in the 41.0.2 release
+    notes.
+  * Updated Windows, macOS, and Linux wheels to be compiled with
+    OpenSSL 3.2.0.
+  * Updated the minimum supported Rust version (MSRV) to 1.63.0,
+    from 1.56.0.
+  * We now publish both py37 and py39 abi3 wheels. This should
+    resolve some errors relating to initializing a module
+    multiple times per process.
+  * Support :class:`~cryptography.hazmat.primitives.asymmetric.pa
+    dding.PSS` for X.509 certificate signing requests and
+    certificate revocation lists with the keyword-only argument
+    rsa_padding on the sign methods for
+    :class:`~cryptography.x509.CertificateSigningRequestBuilder`
+    and
+    :class:`~cryptography.x509.CertificateRevocationListBuilder`.
+  * Added support for obtaining X.509 certificate signing request
+    signature algorithm parameters (including PSS) via :meth:`~cr
+    yptography.x509.CertificateSigningRequest.signature_algorithm
+    _parameters`.
+  * Added support for obtaining X.509 certificate revocation list
+    signature algorithm parameters (including PSS) via :meth:`~cr
+    yptography.x509.CertificateRevocationList.signature_algorithm
+    _parameters`.
+  * Added mgf property to :class:`~cryptography.hazmat.primitives
+    .asymmetric.padding.PSS`.
+  * Added algorithm and mgf properties to :class:`~cryptography.h
+    azmat.primitives.asymmetric.padding.OAEP`.
+  * Added the following properties that return timezone-aware
+    datetime objects:
+    :meth:`~cryptography.x509.Certificate.not_valid_before_utc`,
+    :meth:`~cryptography.x509.Certificate.not_valid_after_utc`, :
+    meth:`~cryptography.x509.RevokedCertificate.revocation_date_u
+    tc`, :meth:`~cryptography.x509.CertificateRevocationList.next
+    _update_utc`, :meth:`~cryptography.x509.CertificateRevocation
+    List.last_update_utc`. These are timezone-aware variants of
+    existing properties that return naïve datetime objects.
+  * Deprecated the following properties that return naïve
+    datetime objects:
+    :meth:`~cryptography.x509.Certificate.not_valid_before`,
+    :meth:`~cryptography.x509.Certificate.not_valid_after`, :meth
+    :`~cryptography.x509.RevokedCertificate.revocation_date`, :me
+    th:`~cryptography.x509.CertificateRevocationList.next_update`
+    , :meth:`~cryptography.x509.CertificateRevocationList.last_up
+    date` in favor of the new timezone-aware variants mentioned
+    above.
+  * Added support for :class:`~cryptography.hazmat.primitives.cip
+    hers.algorithms.ChaCha20` on LibreSSL.
+  * Added support for RSA PSS signatures in PKCS7 with :meth:`~cr
+    yptography.hazmat.primitives.serialization.pkcs7.PKCS7Signatu
+    reBuilder.add_signer`.
+  * In the next release (43.0.0) of cryptography, loading an
+    X.509 certificate with a negative serial number will raise an
+    exception. This has been deprecated since 36.0.0.
+  * Added support for :class:`~cryptography.hazmat.primitives.cip
+    hers.aead.AESGCMSIV` when using OpenSSL 3.2.0+.
+  * Added the :mod:`X.509 path validation
+    <cryptography.x509.verification>` APIs for
+    :class:`~cryptography.x509.Certificate` chains. These APIs
+    should be considered unstable and not subject to our
+    stability guarantees until documented as such in a future
+    release.
+  * Added support for :class:`~cryptography.hazmat.primitives.cip
+    hers.algorithms.SM4`
+    :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM`
+    when using OpenSSL 3.0 or greater.
+- use PEP517 build
+- switch to new cargo-vendor
+
 -------------------------------------------------------------------
 Tue Nov 28 09:27:57 UTC 2023 - Dirk Müller <dmueller@suse.com>