1760 lines
85 KiB
Plaintext
1760 lines
85 KiB
Plaintext
|
-------------------------------------------------------------------
|
|||
|
|
Fri Nov 8 10:08:46 UTC 2024 - Ben Greiner <code@bnavigator.de>
|
|||
|
|
|
|||
|
|
- Fix requires_eq replacement for distributions which do not have
|
|||
|
|
python3-cffi installed (such as SLE15 python module pythons)
|
|||
|
|
* gh#openSUSE/python-rpm-macros#185
|
|||
|
|
- Remove outdated section in description
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Tue Nov 5 08:03:40 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
|
|||
|
|
|
|||
|
|
- Avoid using requires_eq, which after the last modifications
|
|||
|
|
conflicts with python singlespec (order of expansion).
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Tue Oct 22 13:26:21 UTC 2024 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 43.0.3:
|
|||
|
|
* Fixed release metadata for cryptography-vectors
|
|||
|
|
* Fixed compilation when using LibreSSL 4.0.0.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Sat Sep 28 19:45:04 UTC 2024 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 43.0.1:
|
|||
|
|
* Updated Windows, macOS, and Linux wheels to be compiled with
|
|||
|
|
OpenSSL 3.3.2.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Sun Sep 15 08:51:52 UTC 2024 - Andreas Schneider <asn@cryptomilk.org>
|
|||
|
|
|
|||
|
|
- Fix building on SLE based distributions
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Mon Aug 12 20:36:00 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
|
|||
|
|
|
|||
|
|
- Fix building optimized binaries with debuginfo.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Wed Jul 31 21:45:43 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
|
|||
|
|
|
|||
|
|
- Update building of Rust modules to use modern cargo_vendor
|
|||
|
|
service
|
|||
|
|
- Remove unneeded use-offline-build.patch
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Fri Jul 26 10:33:45 UTC 2024 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 43.0.0:
|
|||
|
|
* BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e
|
|||
|
|
has been removed. Users on older version of OpenSSL will
|
|||
|
|
need to upgrade.
|
|||
|
|
* BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8.
|
|||
|
|
* Updated Windows, macOS, and Linux wheels to be compiled with
|
|||
|
|
OpenSSL 3.3.1.
|
|||
|
|
* Updated the minimum supported Rust version (MSRV) to 1.65.0,
|
|||
|
|
from 1.63.0.
|
|||
|
|
* :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generat
|
|||
|
|
e_private_key` now enforces a minimum RSA key size of
|
|||
|
|
1024-bit. Note that 1024-bit is still considered insecure,
|
|||
|
|
users should generally use a key size of 2048-bits.
|
|||
|
|
* :func:`~cryptography.hazmat.primitives.serialization.pkcs7.se
|
|||
|
|
rialize_certificates` now emits ASN.1 that more closely
|
|||
|
|
follows the recommendations in RFC 2315.
|
|||
|
|
* Added new :doc:`/hazmat/decrepit/index` module which contains
|
|||
|
|
outdated and insecure cryptographic primitives. :class:`~cryp
|
|||
|
|
tography.hazmat.primitives.ciphers.algorithms.CAST5`, :class:
|
|||
|
|
`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`, :c
|
|||
|
|
lass:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA
|
|||
|
|
`, and :class:`~cryptography.hazmat.primitives.ciphers.algori
|
|||
|
|
thms.Blowfish`, which were deprecated in 37.0.0, have been
|
|||
|
|
added to this module. They will be removed from the cipher
|
|||
|
|
module in 45.0.0.
|
|||
|
|
* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorit
|
|||
|
|
hms.TripleDES` and :class:`~cryptography.hazmat.primitives.ci
|
|||
|
|
phers.algorithms.ARC4` into :doc:`/hazmat/decrepit/index` and
|
|||
|
|
deprecated them in the cipher module. They will be removed
|
|||
|
|
from the cipher module in 48.0.0.
|
|||
|
|
* Added support for deterministic
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDSA`
|
|||
|
|
(RFC 6979)
|
|||
|
|
* Added support for client certificate verification to the
|
|||
|
|
:mod:`X.509 path validation <cryptography.x509.verification>`
|
|||
|
|
APIs in the form of
|
|||
|
|
:class:`~cryptography.x509.verification.ClientVerifier`,
|
|||
|
|
:class:`~cryptography.x509.verification.VerifiedClient`, and
|
|||
|
|
PolicyBuilder :meth:`~cryptography.x509.verification.PolicyBu
|
|||
|
|
ilder.build_client_verifier`.
|
|||
|
|
* Added Certificate :attr:`~cryptography.x509.Certificate.publi
|
|||
|
|
c_key_algorithm_oid` and Certificate Signing Request :attr:`~
|
|||
|
|
cryptography.x509.CertificateSigningRequest.public_key_algori
|
|||
|
|
thm_oid` to determine the
|
|||
|
|
:class:`~cryptography.hazmat._oid.PublicKeyAlgorithmOID`
|
|||
|
|
Object Identifier of the public key found inside the
|
|||
|
|
certificate.
|
|||
|
|
* Added :attr:`~cryptography.x509.InvalidityDate.invalidity_dat
|
|||
|
|
e_utc`, a timezone-aware alternative to the naïve datetime
|
|||
|
|
attribute
|
|||
|
|
:attr:`~cryptography.x509.InvalidityDate.invalidity_date`.
|
|||
|
|
* Added support for parsing empty DN string in
|
|||
|
|
:meth:`~cryptography.x509.Name.from_rfc4514_string`.
|
|||
|
|
* Added the following properties that return timezone-aware
|
|||
|
|
datetime objects:
|
|||
|
|
:meth:`~cryptography.x509.ocsp.OCSPResponse.produced_at_utc`,
|
|||
|
|
:meth:`~cryptography.x509.ocsp.OCSPResponse.revocation_time_u
|
|||
|
|
tc`,
|
|||
|
|
:meth:`~cryptography.x509.ocsp.OCSPResponse.this_update_utc`,
|
|||
|
|
:meth:`~cryptography.x509.ocsp.OCSPResponse.next_update_utc`,
|
|||
|
|
:meth:`~cryptography.x509.ocsp.OCSPSingleResponse.revocation_
|
|||
|
|
time_utc`, :meth:`~cryptography.x509.ocsp.OCSPSingleResponse.
|
|||
|
|
this_update_utc`, :meth:`~cryptography.x509.ocsp.OCSPSingleRe
|
|||
|
|
sponse.next_update_utc`, These are timezone-aware variants of
|
|||
|
|
existing properties that return naïve datetime objects.
|
|||
|
|
* Added :func:`~cryptography.hazmat.primitives.asymmetric.rsa.r
|
|||
|
|
sa_recover_private_exponent`
|
|||
|
|
* Added :meth:`~cryptography.hazmat.primitives.ciphers.CipherCo
|
|||
|
|
ntext.reset_nonce` for altering the nonce of a cipher context
|
|||
|
|
without initializing a new instance. See the docs for
|
|||
|
|
additional restrictions.
|
|||
|
|
* :class:`~cryptography.x509.NameAttribute` now raises an
|
|||
|
|
exception when attempting to create a common name whose
|
|||
|
|
length is shorter or longer than RFC 5280 permits.
|
|||
|
|
* Added basic support for PKCS7 encryption (including SMIME)
|
|||
|
|
via :class:`~cryptography.hazmat.primitives.serialization.pkc
|
|||
|
|
s7.PKCS7EnvelopeBuilder`.
|
|||
|
|
- add use-offline-build.patch
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Sat Jun 8 12:04:15 UTC 2024 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 42.0.8:
|
|||
|
|
* Updated Windows, macOS, and Linux wheels to be compiled with
|
|||
|
|
OpenSSL 3.2.2.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Tue May 7 16:14:05 UTC 2024 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 42.0.7:
|
|||
|
|
* Restored Windows 7 compatibility for our pre-built wheels.
|
|||
|
|
Note that we do not test on Windows 7 and wheels for our next
|
|||
|
|
release will not support it. Microsoft no longer provides
|
|||
|
|
support for Windows 7 and users are encouraged to upgrade.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Tue May 7 07:34:43 UTC 2024 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 42.0.6:
|
|||
|
|
* Fixed compilation when using LibreSSL 3.9.1.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Tue Apr 2 13:19:19 UTC 2024 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 42.0.5:
|
|||
|
|
* Limit the number of name constraint checks that will be
|
|||
|
|
performed in :mod:`X.509 path validation
|
|||
|
|
<cryptography.x509.verification>` to protect against denial
|
|||
|
|
of service attacks.
|
|||
|
|
* Upgrade pyo3 version, which fixes building on PowerPC.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Feb 22 17:10:39 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
|
|||
|
|
|
|||
|
|
- update to 42.0.4 (bsc#1220210, CVE-2024-26130):
|
|||
|
|
* Fixed a null-pointer-dereference and segfault that could occur
|
|||
|
|
when creating a PKCS#12 bundle. Credit to Alexander-Programming
|
|||
|
|
for reporting the issue. CVE-2024-26130
|
|||
|
|
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields
|
|||
|
|
SMIMECapabilities and SignatureAlgorithmIdentifier should now be
|
|||
|
|
correctly encoded according to the definitions in :rfc:2633
|
|||
|
|
:rfc:3370.
|
|||
|
|
- update to 42.0.3:
|
|||
|
|
* Fixed an initialization issue that caused key loading failures for some
|
|||
|
|
users.
|
|||
|
|
- Drop patch skip_openssl_memleak_test.patch not needed anymore.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Wed Jan 31 17:24:29 UTC 2024 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 42.0.2:
|
|||
|
|
* Updated Windows, macOS, and Linux wheels to be compiled with
|
|||
|
|
OpenSSL 3.2.1.
|
|||
|
|
* Fixed an issue that prevented the use of Python buffer
|
|||
|
|
protocol objects in sign and verify methods on asymmetric
|
|||
|
|
keys.
|
|||
|
|
* Fixed an issue with incorrect keyword-argument naming with
|
|||
|
|
EllipticCurvePrivateKey :meth:`~cryptography.hazmat.primitive
|
|||
|
|
s.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
|
|||
|
|
X25519PrivateKey :meth:`~cryptography.hazmat.primitives.asymm
|
|||
|
|
etric.x25519.X25519PrivateKey.exchange`, X448PrivateKey :meth
|
|||
|
|
:`~cryptography.hazmat.primitives.asymmetric.x448.X448Private
|
|||
|
|
Key.exchange`, and DHPrivateKey :meth:`~cryptography.hazmat.p
|
|||
|
|
rimitives.asymmetric.dh.DHPrivateKey.exchange`.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Mon Jan 29 14:01:49 UTC 2024 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 42.0.1:
|
|||
|
|
* Fixed an issue with incorrect keyword-argument naming with
|
|||
|
|
EllipticCurvePrivateKey :meth:`~cryptography.hazmat.primitive
|
|||
|
|
s.asymmetric.ec.EllipticCurvePrivateKey.sign`.
|
|||
|
|
* Resolved compatibility issue with loading certain RSA public
|
|||
|
|
keys in :func:`~cryptography.hazmat.primitives.serialization.
|
|||
|
|
load_pem_public_key`.
|
|||
|
|
* BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.7.
|
|||
|
|
* BACKWARDS INCOMPATIBLE: Loading a PKCS7 with no content field
|
|||
|
|
using :func:`~cryptography.hazmat.primitives.serialization.pk
|
|||
|
|
cs7.load_pem_pkcs7_certificates` or :func:`~cryptography.hazm
|
|||
|
|
at.primitives.serialization.pkcs7.load_der_pkcs7_certificates
|
|||
|
|
` will now raise a ValueError rather than return an empty
|
|||
|
|
list.
|
|||
|
|
* Parsing SSH certificates no longer permits malformed critical
|
|||
|
|
options with values, as documented in the 41.0.2 release
|
|||
|
|
notes.
|
|||
|
|
* Updated Windows, macOS, and Linux wheels to be compiled with
|
|||
|
|
OpenSSL 3.2.0.
|
|||
|
|
* Updated the minimum supported Rust version (MSRV) to 1.63.0,
|
|||
|
|
from 1.56.0.
|
|||
|
|
* We now publish both py37 and py39 abi3 wheels. This should
|
|||
|
|
resolve some errors relating to initializing a module
|
|||
|
|
multiple times per process.
|
|||
|
|
* Support :class:`~cryptography.hazmat.primitives.asymmetric.pa
|
|||
|
|
dding.PSS` for X.509 certificate signing requests and
|
|||
|
|
certificate revocation lists with the keyword-only argument
|
|||
|
|
rsa_padding on the sign methods for
|
|||
|
|
:class:`~cryptography.x509.CertificateSigningRequestBuilder`
|
|||
|
|
and
|
|||
|
|
:class:`~cryptography.x509.CertificateRevocationListBuilder`.
|
|||
|
|
* Added support for obtaining X.509 certificate signing request
|
|||
|
|
signature algorithm parameters (including PSS) via :meth:`~cr
|
|||
|
|
yptography.x509.CertificateSigningRequest.signature_algorithm
|
|||
|
|
_parameters`.
|
|||
|
|
* Added support for obtaining X.509 certificate revocation list
|
|||
|
|
signature algorithm parameters (including PSS) via :meth:`~cr
|
|||
|
|
yptography.x509.CertificateRevocationList.signature_algorithm
|
|||
|
|
_parameters`.
|
|||
|
|
* Added mgf property to :class:`~cryptography.hazmat.primitives
|
|||
|
|
.asymmetric.padding.PSS`.
|
|||
|
|
* Added algorithm and mgf properties to :class:`~cryptography.h
|
|||
|
|
azmat.primitives.asymmetric.padding.OAEP`.
|
|||
|
|
* Added the following properties that return timezone-aware
|
|||
|
|
datetime objects:
|
|||
|
|
:meth:`~cryptography.x509.Certificate.not_valid_before_utc`,
|
|||
|
|
:meth:`~cryptography.x509.Certificate.not_valid_after_utc`, :
|
|||
|
|
meth:`~cryptography.x509.RevokedCertificate.revocation_date_u
|
|||
|
|
tc`, :meth:`~cryptography.x509.CertificateRevocationList.next
|
|||
|
|
_update_utc`, :meth:`~cryptography.x509.CertificateRevocation
|
|||
|
|
List.last_update_utc`. These are timezone-aware variants of
|
|||
|
|
existing properties that return naïve datetime objects.
|
|||
|
|
* Deprecated the following properties that return naïve
|
|||
|
|
datetime objects:
|
|||
|
|
:meth:`~cryptography.x509.Certificate.not_valid_before`,
|
|||
|
|
:meth:`~cryptography.x509.Certificate.not_valid_after`, :meth
|
|||
|
|
:`~cryptography.x509.RevokedCertificate.revocation_date`, :me
|
|||
|
|
th:`~cryptography.x509.CertificateRevocationList.next_update`
|
|||
|
|
, :meth:`~cryptography.x509.CertificateRevocationList.last_up
|
|||
|
|
date` in favor of the new timezone-aware variants mentioned
|
|||
|
|
above.
|
|||
|
|
* Added support for :class:`~cryptography.hazmat.primitives.cip
|
|||
|
|
hers.algorithms.ChaCha20` on LibreSSL.
|
|||
|
|
* Added support for RSA PSS signatures in PKCS7 with :meth:`~cr
|
|||
|
|
yptography.hazmat.primitives.serialization.pkcs7.PKCS7Signatu
|
|||
|
|
reBuilder.add_signer`.
|
|||
|
|
* In the next release (43.0.0) of cryptography, loading an
|
|||
|
|
X.509 certificate with a negative serial number will raise an
|
|||
|
|
exception. This has been deprecated since 36.0.0.
|
|||
|
|
* Added support for :class:`~cryptography.hazmat.primitives.cip
|
|||
|
|
hers.aead.AESGCMSIV` when using OpenSSL 3.2.0+.
|
|||
|
|
* Added the :mod:`X.509 path validation
|
|||
|
|
<cryptography.x509.verification>` APIs for
|
|||
|
|
:class:`~cryptography.x509.Certificate` chains. These APIs
|
|||
|
|
should be considered unstable and not subject to our
|
|||
|
|
stability guarantees until documented as such in a future
|
|||
|
|
release.
|
|||
|
|
* Added support for :class:`~cryptography.hazmat.primitives.cip
|
|||
|
|
hers.algorithms.SM4`
|
|||
|
|
:class:`~cryptography.hazmat.primitives.ciphers.modes.GCM`
|
|||
|
|
when using OpenSSL 3.0 or greater.
|
|||
|
|
- use PEP517 build
|
|||
|
|
- switch to new cargo-vendor
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Tue Nov 28 09:27:57 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 41.0.7 (CVE-2023-49083, bsc#1217592):
|
|||
|
|
* Fixed compilation when using LibreSSL 3.8.2.
|
|||
|
|
* Fixed a null-pointer-dereference and segfault that could
|
|||
|
|
occur when loading certificates from a PKCS#7 bundle.
|
|||
|
|
Credit to **pkuzco** for reporting the issue. **CVE-2023-49083**
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Fri Nov 10 13:28:56 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 41.0.5:
|
|||
|
|
* Updated Windows, macOS, and Linux wheels to be compiled with
|
|||
|
|
OpenSSL 3.1.4.
|
|||
|
|
* Added a function to support an upcoming ``pyOpenSSL``
|
|||
|
|
release.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Oct 5 09:30:35 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 41.0.4:
|
|||
|
|
* Updated Windows, macOS, and Linux wheels to be compiled with
|
|||
|
|
OpenSSL 3.1.3.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Tue Aug 8 10:57:22 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 41.0.3:
|
|||
|
|
* Fixed performance regression loading DH public keys.
|
|||
|
|
* Fixed a memory leak when using
|
|||
|
|
* :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20
|
|||
|
|
Poly1305`.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Tue Jul 11 13:44:14 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 41.0.2 (bsc#1213378, CVE-2023-38325):
|
|||
|
|
* Fixed bugs in creating and parsing SSH certificates where
|
|||
|
|
critical options with values were handled incorrectly.
|
|||
|
|
Certificates are now created correctly and parsing accepts
|
|||
|
|
correct values as well as the previously generated
|
|||
|
|
invalid forms with a warning. In the next release, support
|
|||
|
|
for parsing these invalid forms will be removed.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Tue Jul 11 11:44:23 UTC 2023 - Johannes Kastl <kastl@b1-systems.de>
|
|||
|
|
|
|||
|
|
- remove patch remove_python_3_6_deprecation_warning.patch as the
|
|||
|
|
warning was already removed upstream
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Mon Jul 10 22:52:18 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
|||
|
|
|
|||
|
|
- Add no-pytest_benchmark.patch, which remove dependency on
|
|||
|
|
pytest-benchmark and coveralls (We don't need no benchmarking
|
|||
|
|
and coverage measurement; bsc#1213005).
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Mon Jun 19 20:41:45 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 41.0.1 (bsc#1212568):
|
|||
|
|
* Temporarily allow invalid ECDSA signature algorithm
|
|||
|
|
parameters in X.509 certificates, which are
|
|||
|
|
generated by older versions of Java.
|
|||
|
|
* Allow null bytes in pass phrases when serializing private
|
|||
|
|
keys.
|
|||
|
|
* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL less than
|
|||
|
|
1.1.1d has been removed. Users on older version of
|
|||
|
|
OpenSSL will need to upgrade.
|
|||
|
|
* **BACKWARDS INCOMPATIBLE:** Support for Python 3.6 has been
|
|||
|
|
removed.
|
|||
|
|
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL <
|
|||
|
|
3.6.
|
|||
|
|
* Updated the minimum supported Rust version (MSRV) to 1.56.0,
|
|||
|
|
from 1.48.0.
|
|||
|
|
* Added support for the
|
|||
|
|
:class:`~cryptography.x509.OCSPAcceptableResponses`
|
|||
|
|
OCSP extension.
|
|||
|
|
* Added support for the
|
|||
|
|
:class:`~cryptography.x509.MSCertificateTemplate`
|
|||
|
|
proprietary Microsoft certificate extension.
|
|||
|
|
* Implemented support for equality checks on all asymmetric
|
|||
|
|
public key types.
|
|||
|
|
* Added support for ``aes256-gcm@openssh.com`` encrypted keys
|
|||
|
|
in :func:`~cryptography.hazmat.primitives.serialization.load_ssh
|
|||
|
|
_private_key`.
|
|||
|
|
* Added support for obtaining X.509 certificate signature
|
|||
|
|
algorithm parameters (including PSS)
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Fri Apr 21 12:23:51 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- add sle15_python_module_pythons (jsc#PED-68)
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Sat Apr 15 10:26:40 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 40.0.2:
|
|||
|
|
* Fixed compilation when using LibreSSL 3.7.2.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Apr 13 22:40:44 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
|||
|
|
|
|||
|
|
- Make calling of %{sle15modernpython} optional.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Mon Mar 27 06:38:01 UTC 2023 - Johannes Kastl <kastl@b1-systems.de>
|
|||
|
|
|
|||
|
|
- rebase patch remove_python_3_6_deprecation_warning.patch
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Sun Mar 26 19:56:32 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 40.0.1:
|
|||
|
|
* Support for Python 3.6 is deprecated and will be removed in
|
|||
|
|
the next release.
|
|||
|
|
* Deprecated the current minimum supported Rust version (MSRV)
|
|||
|
|
of 1.48.0. In the next release we will raise MSRV to 1.56.0.
|
|||
|
|
Users with the latest ``pip`` will typically get a wheel
|
|||
|
|
and not need Rust installed
|
|||
|
|
* Deprecated support for OpenSSL less than 1.1.1d. The next
|
|||
|
|
release of ``cryptography`` will drop support for older versions.
|
|||
|
|
* Deprecated support for DSA keys in
|
|||
|
|
:func:`~cryptography.hazmat.primitives.serialization.load_s
|
|||
|
|
sh_public_key`
|
|||
|
|
and
|
|||
|
|
:func:`~cryptography.hazmat.primitives.serialization.load_s
|
|||
|
|
sh_private_key`.
|
|||
|
|
* Deprecated support for OpenSSH serialization in
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAP
|
|||
|
|
ublicKey`
|
|||
|
|
and
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAP
|
|||
|
|
rivateKey`.
|
|||
|
|
* Added support for parsing SSH certificates in addition to
|
|||
|
|
public keys with
|
|||
|
|
:func:`~cryptography.hazmat.primitives.serialization.load_s
|
|||
|
|
sh_public_identity`.
|
|||
|
|
:func:`~cryptography.hazmat.primitives.serialization.load_s
|
|||
|
|
sh_public_key` continues to support only public keys.
|
|||
|
|
* Added support for generating SSH certificates with
|
|||
|
|
:class:`~cryptography.hazmat.primitives.serialization.SSHCe
|
|||
|
|
rtificateBuilder`.
|
|||
|
|
* Added :meth:`~cryptography.x509.Certificate.verify_directly_i
|
|||
|
|
ssued_by` to
|
|||
|
|
:class:`~cryptography.x509.Certificate`.
|
|||
|
|
* Added a check to :class:`~cryptography.x509.NameConstraints`
|
|||
|
|
to ensure that :class:`~cryptography.x509.DNSName` constraints
|
|||
|
|
do not contain any ``*`` wildcards.
|
|||
|
|
* Removed many unused CFFI OpenSSL bindings. This will not
|
|||
|
|
impact you unless you are using ``cryptography`` to directly
|
|||
|
|
invoke OpenSSL's C API. Note that
|
|||
|
|
these have never been considered a stable, supported,
|
|||
|
|
public API by ``cryptography``, this note is included as a courtesy.
|
|||
|
|
* The X.509 builder classes now raise ``UnsupportedAlgorithm``
|
|||
|
|
instead of ``ValueError`` if an unsupported hash algorithm is passed.
|
|||
|
|
* Added public union type aliases for type hinting
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Tue Mar 7 07:34:20 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 39.0.2:
|
|||
|
|
* Fixed a bug where the content type header was not properly
|
|||
|
|
encoded for PKCS7 signatures when using the ``Text`` option and
|
|||
|
|
``SMIME`` encoding.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Feb 9 09:53:49 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
|||
|
|
|
|||
|
|
- Update to 39.0.1 (bsc#1208036, CVE-2023-23931):
|
|||
|
|
* SECURITY ISSUE - Fixed a bug where Cipher.update_into
|
|||
|
|
accepted Python buffer protocol objects, but allowed
|
|||
|
|
immutable buffers. CVE-2023-23931
|
|||
|
|
* drops CVE-2023-23931-dont-allow-update-into.patch in older dists
|
|||
|
|
* Updated Windows, macOS, and Linux wheels to be compiled with
|
|||
|
|
OpenSSL 3.0.8.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Jan 12 10:14:50 UTC 2023 - Johannes Kastl <kastl@b1-systems.de>
|
|||
|
|
|
|||
|
|
- adjust patch remove_python_3_6_deprecation_warning.patch to version
|
|||
|
|
39.0.0
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Mon Jan 2 19:38:58 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 39.0.0:
|
|||
|
|
* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.0 has been removed.
|
|||
|
|
Users on older version of OpenSSL will need to upgrade.
|
|||
|
|
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.5. The new
|
|||
|
|
minimum LibreSSL version is 3.5.0. Going forward our policy is to support
|
|||
|
|
versions of LibreSSL that are available in versions of OpenBSD that are
|
|||
|
|
still receiving security support.
|
|||
|
|
* **BACKWARDS INCOMPATIBLE:** Removed the ``encode_point`` and
|
|||
|
|
``from_encoded_point`` methods on
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers`,
|
|||
|
|
which had been deprecated for several years.
|
|||
|
|
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.public_bytes`
|
|||
|
|
and
|
|||
|
|
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from_encoded_point`
|
|||
|
|
should be used instead.
|
|||
|
|
* **BACKWARDS INCOMPATIBLE:** Support for using MD5 or SHA1 in
|
|||
|
|
:class:`~cryptography.x509.CertificateBuilder`, other X.509 builders, and
|
|||
|
|
PKCS7 has been removed.
|
|||
|
|
* **ANNOUNCEMENT:** The next version of ``cryptography`` (40.0) will
|
|||
|
|
change
|
|||
|
|
the way we link OpenSSL. This will only impact users who build
|
|||
|
|
``cryptography`` from source (i.e., not from a ``wheel``), and specify their
|
|||
|
|
own version of OpenSSL. For those users, the ``CFLAGS``, ``LDFLAGS``,
|
|||
|
|
``INCLUDE``, ``LIB``, and ``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS`` environment
|
|||
|
|
variables will no longer be respected. Instead, users will need to
|
|||
|
|
configure their builds `as documented here`_.
|
|||
|
|
* Added support for disabling the legacy provider in OpenSSL 3.0.x
|
|||
|
|
* Added support for disabling RSA key validation checks when loading RSA
|
|||
|
|
keys via
|
|||
|
|
~cryptography.hazmat.primitives.serialization.load_pem_private_key
|
|||
|
|
~cryptography.hazmat.primitives.serialization.load_der_private_key
|
|||
|
|
~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers.private_key
|
|||
|
|
* Added support for creating OCSP requests with precomputed hashes using
|
|||
|
|
:meth:`~cryptography.x509.ocsp.OCSPRequestBuilder.add_certificate_by_hash`.
|
|||
|
|
* Added support for loading multiple PEM-encoded X.509 certificates from
|
|||
|
|
a single input via :func:`~cryptography.x509.load_pem_x509_certificates`.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Wed Dec 7 16:43:26 UTC 2022 - Yogalakshmi Arunachalam <yarunachalam@suse.com>
|
|||
|
|
|
|||
|
|
- Update to version 38.0.4
|
|||
|
|
* Fixed compilation when using LibreSSL 3.6.0.
|
|||
|
|
* Fixed error when using py2app to build an application with a cryptography dependency.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Nov 3 19:17:35 UTC 2022 - Matej Cepl <mcepl@suse.com>
|
|||
|
|
|
|||
|
|
- update to 38.0.3:
|
|||
|
|
- Updated Windows, macOS, and Linux wheels to be compiled
|
|||
|
|
with OpenSSL 3.0.7, which resolves CVE-2022-3602 and
|
|||
|
|
CVE-2022-3786.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Sep 29 19:42:06 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 38.0.1:
|
|||
|
|
* Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically
|
|||
|
|
seen in large CRLs).
|
|||
|
|
* Final deprecation of OpenSSL 1.1.0. The next release of ``cryptography``
|
|||
|
|
will drop support.
|
|||
|
|
* We no longer ship ``manylinux2010`` wheels. Users should upgrade to the
|
|||
|
|
latest ``pip`` to ensure this doesn't cause issues downloading wheels on
|
|||
|
|
their platform. We now ship ``manylinux_2_28`` wheels for users on new
|
|||
|
|
enough platforms.
|
|||
|
|
* Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0.
|
|||
|
|
Users with the latest ``pip`` will typically get a wheel and not need Rust
|
|||
|
|
installed, but check :doc:`/installation` for documentation on installing a
|
|||
|
|
newer ``rustc`` if required.
|
|||
|
|
* :meth:`~cryptography.fernet.Fernet.decrypt` and related methods now accept
|
|||
|
|
both ``str`` and ``bytes`` tokens.
|
|||
|
|
* Parsing ``CertificateSigningRequest`` restores the behavior of enforcing
|
|||
|
|
that the ``Extension`` ``critical`` field must be correctly encoded DER. See
|
|||
|
|
`the issue <https://github.com/pyca/cryptography/issues/6368>`_ for complete
|
|||
|
|
details.
|
|||
|
|
* Added two new OpenSSL functions to the bindings to support an upcoming
|
|||
|
|
``pyOpenSSL`` release.
|
|||
|
|
* When parsing :class:`~cryptography.x509.CertificateRevocationList` and
|
|||
|
|
:class:`~cryptography.x509.CertificateSigningRequest` values, it is now
|
|||
|
|
enforced that the ``version`` value in the input must be valid according to
|
|||
|
|
the rules of :rfc:`2986` and :rfc:`5280`.
|
|||
|
|
* Using MD5 or SHA1 in :class:`~cryptography.x509.CertificateBuilder` and
|
|||
|
|
other X.509 builders is deprecated and support will be removed in the next
|
|||
|
|
version.
|
|||
|
|
* Added additional APIs to
|
|||
|
|
:class:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp`, including
|
|||
|
|
:attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_hash_algorithm`,
|
|||
|
|
:attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_algorithm`,
|
|||
|
|
:attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature`, and
|
|||
|
|
:attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.extension_bytes`.
|
|||
|
|
* Added :attr:`~cryptography.x509.Certificate.tbs_precertificate_bytes`, allowing
|
|||
|
|
users to access the to-be-signed pre-certificate data needed for signed
|
|||
|
|
certificate timestamp verification.
|
|||
|
|
* :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFHMAC` and
|
|||
|
|
:class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC` now support
|
|||
|
|
:attr:`~cryptography.hazmat.primitives.kdf.kbkdf.CounterLocation.MiddleFixed`
|
|||
|
|
counter location.
|
|||
|
|
* Fixed :rfc:`4514` name parsing to reverse the order of the RDNs according
|
|||
|
|
to the section 2.1 of the RFC, affecting method
|
|||
|
|
:meth:`~cryptography.x509.Name.from_rfc4514_string`.
|
|||
|
|
* It is now possible to customize some aspects of encryption when serializing
|
|||
|
|
private keys, using
|
|||
|
|
:meth:`~cryptography.hazmat.primitives.serialization.PrivateFormat.encryption_builder`.
|
|||
|
|
* Removed several legacy symbols from our OpenSSL bindings. Users of pyOpenSSL
|
|||
|
|
versions older than 22.0 will need to upgrade.
|
|||
|
|
* Added
|
|||
|
|
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES128` and
|
|||
|
|
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES256` classes.
|
|||
|
|
These classes do not replace
|
|||
|
|
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES` (which
|
|||
|
|
allows all AES key lengths), but are intended for applications where
|
|||
|
|
developers want to be explicit about key length.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Tue Jul 19 12:07:03 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 37.0.4:
|
|||
|
|
* updated wheels to b ecompiled against openssl 3.0.5
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Jun 9 16:08:17 UTC 2022 - Andreas Schneider <asn@cryptomilk.org>
|
|||
|
|
|
|||
|
|
- Remove Python 3.6 deprecation warning on openSUSE Leap.
|
|||
|
|
* Added remove_python_3_6_deprecation_warning.patch
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Tue May 24 06:57:55 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 37.0.2:
|
|||
|
|
* Fixed an issue where parsing an encrypted private key with the public
|
|||
|
|
loader functions would hang waiting for console input on OpenSSL 3.0.x rather
|
|||
|
|
than raising an error.
|
|||
|
|
* Restored some legacy symbols for older ``pyOpenSSL`` users. These will be
|
|||
|
|
removed again in the future, so ``pyOpenSSL`` users should still upgrade
|
|||
|
|
to the latest version of that package when they upgrade ``cryptography``.
|
|||
|
|
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.2.
|
|||
|
|
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL 2.9.x and 3.0.x.
|
|||
|
|
The new minimum LibreSSL version is 3.1+.
|
|||
|
|
* **BACKWARDS INCOMPATIBLE:** Removed ``signer`` and ``verifier`` methods
|
|||
|
|
from the public key and private key classes. These methods were originally
|
|||
|
|
deprecated in version 2.0, but had an extended deprecation timeline due
|
|||
|
|
to usage. Any remaining users should transition to ``sign`` and ``verify``.
|
|||
|
|
* Deprecated OpenSSL 1.1.0 support. OpenSSL 1.1.0 is no longer supported by
|
|||
|
|
the OpenSSL project. The next release of ``cryptography`` will be the last
|
|||
|
|
to support compiling with OpenSSL 1.1.0.
|
|||
|
|
* Deprecated Python 3.6 support. Python 3.6 is no longer supported by the
|
|||
|
|
Python core team. Support for Python 3.6 will be removed in a future
|
|||
|
|
``cryptography`` release.
|
|||
|
|
* Deprecated the current minimum supported Rust version (MSRV) of 1.41.0.
|
|||
|
|
In the next release we will raise MSRV to 1.48.0. Users with the latest
|
|||
|
|
``pip`` will typically get a wheel and not need Rust installed, but check
|
|||
|
|
:doc:`/installation` for documentation on installing a newer ``rustc`` if
|
|||
|
|
required.
|
|||
|
|
* Deprecated
|
|||
|
|
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`,
|
|||
|
|
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`,
|
|||
|
|
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`, and
|
|||
|
|
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish` because
|
|||
|
|
they are legacy algorithms with extremely low usage. These will be removed
|
|||
|
|
in a future version of ``cryptography``.
|
|||
|
|
* Added limited support for distinguished names containing a bit string.
|
|||
|
|
* We now ship ``universal2`` wheels on macOS, which contain both ``arm64``
|
|||
|
|
and ``x86_64`` architectures. Users on macOS should upgrade to the latest
|
|||
|
|
``pip`` to ensure they can use this wheel, although we will continue to
|
|||
|
|
ship ``x86_64`` specific wheels for now to ease the transition.
|
|||
|
|
* This will be the final release for which we ship ``manylinux2010`` wheels.
|
|||
|
|
Going forward the minimum supported ``manylinux`` ABI for our wheels will
|
|||
|
|
be ``manylinux2014``. The vast majority of users will continue to receive
|
|||
|
|
``manylinux`` wheels provided they have an up to date ``pip``. For PyPy
|
|||
|
|
wheels this release already requires ``manylinux2014`` for compatibility
|
|||
|
|
with binaries distributed by upstream.
|
|||
|
|
* Added support for multiple
|
|||
|
|
:class:`~cryptography.x509.ocsp.OCSPSingleResponse` in a
|
|||
|
|
:class:`~cryptography.x509.ocsp.OCSPResponse`.
|
|||
|
|
* Restored support for signing certificates and other structures in
|
|||
|
|
:doc:`/x509/index` with SHA3 hash algorithms.
|
|||
|
|
* :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` is
|
|||
|
|
disabled in FIPS mode.
|
|||
|
|
* Added support for serialization of PKCS#12 CA friendly names/aliases in
|
|||
|
|
:func:`~cryptography.hazmat.primitives.serialization.pkcs12.serialize_key_and_certificates`
|
|||
|
|
* Added support for 12-15 byte (96 to 120 bit) nonces to
|
|||
|
|
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESOCB3`. This class
|
|||
|
|
previously supported only 12 byte (96 bit).
|
|||
|
|
* Added support for
|
|||
|
|
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESSIV` when using
|
|||
|
|
OpenSSL 3.0.0+.
|
|||
|
|
* Added support for serializing PKCS7 structures from a list of
|
|||
|
|
certificates with
|
|||
|
|
:class:`~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates`.
|
|||
|
|
* Added support for parsing :rfc:`4514` strings with
|
|||
|
|
:meth:`~cryptography.x509.Name.from_rfc4514_string`.
|
|||
|
|
* Added :attr:`~cryptography.hazmat.primitives.asymmetric.padding.PSS.AUTO` to
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. This can
|
|||
|
|
be used to verify a signature where the salt length is not already known.
|
|||
|
|
* Added :attr:`~cryptography.hazmat.primitives.asymmetric.padding.PSS.DIGEST_LENGTH`
|
|||
|
|
to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. This
|
|||
|
|
constant will set the salt length to the same length as the ``PSS`` hash
|
|||
|
|
algorithm.
|
|||
|
|
* Added support for loading RSA-PSS key types with
|
|||
|
|
:func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`
|
|||
|
|
and
|
|||
|
|
:func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`.
|
|||
|
|
This functionality is limited to OpenSSL 1.1.1e+ and loads the key as a
|
|||
|
|
normal RSA private key, discarding the PSS constraint information.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Sat Mar 26 20:10:08 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 36.0.2:
|
|||
|
|
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1n.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Wed Feb 16 19:00:16 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- split tests in a multibuild variant to optimize rebuild time a bit
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Mon Dec 20 22:52:53 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 36.0.1:
|
|||
|
|
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1m.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Sat Nov 27 15:56:28 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 36.0.0:
|
|||
|
|
* FINAL DEPRECATION Support for verifier and signer on our asymmetric key
|
|||
|
|
classes was deprecated in version 2.1. These functions had an extended
|
|||
|
|
deprecation due to usage, however the next version of cryptography will
|
|||
|
|
drop support. Users should migrate to sign and verify.
|
|||
|
|
* The entire X.509 layer is now written in Rust. This allows alternate
|
|||
|
|
asymmetric key implementations that can support cloud key management
|
|||
|
|
services or hardware security modules provided they implement the necessary
|
|||
|
|
interface (for example: EllipticCurvePrivateKey).
|
|||
|
|
* Deprecated the backend argument for all functions.
|
|||
|
|
* Added support for AESOCB3.
|
|||
|
|
* Added support for iterating over arbitrary request attributes.
|
|||
|
|
* Deprecated the get_attribute_for_oid method on CertificateSigningRequest in
|
|||
|
|
favor of get_attribute_for_oid() on the new Attributes object.
|
|||
|
|
* Fixed handling of PEM files to allow loading when certificate and key are
|
|||
|
|
in the same file.
|
|||
|
|
* Fixed parsing of CertificatePolicies extensions containing legacy BMPString values in their explicitText.
|
|||
|
|
* Allow parsing of negative serial numbers in certificates. Negative serial
|
|||
|
|
numbers are prohibited by RFC 5280 so a deprecation warning will be raised
|
|||
|
|
whenever they are encountered. A future version of cryptography will drop
|
|||
|
|
support for parsing them.
|
|||
|
|
* Added support for parsing PKCS12 files with friendly names for all
|
|||
|
|
certificates with load_pkcs12(), which will return an object of type
|
|||
|
|
PKCS12KeyAndCertificates.
|
|||
|
|
* rfc4514_string() and related methods now have an optional
|
|||
|
|
attr_name_overrides parameter to supply custom OID to name mappings, which
|
|||
|
|
can be used to match vendor-specific extensions.
|
|||
|
|
* BACKWARDS INCOMPATIBLE: Reverted the nonstandard formatting of email
|
|||
|
|
address fields as E in rfc4514_string() methods from version 35.0.
|
|||
|
|
* The previous behavior can be restored with:
|
|||
|
|
name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"})
|
|||
|
|
* Allow X25519PublicKey and X448PublicKey to be used as public keys when
|
|||
|
|
parsing certificates or creating them with CertificateBuilder. These key
|
|||
|
|
types must be signed with a different signing algorithm as X25519 and X448
|
|||
|
|
do not support signing.
|
|||
|
|
* Extension values can now be serialized to a DER byte string by calling public_bytes().
|
|||
|
|
* Added experimental support for compiling against BoringSSL. As BoringSSL
|
|||
|
|
does not commit to a stable API, cryptography tests against the latest
|
|||
|
|
commit only. Please note that several features are not available when
|
|||
|
|
building against BoringSSL.
|
|||
|
|
* Parsing CertificateSigningRequest from DER and PEM now, for a limited time
|
|||
|
|
period, allows the Extension critical field to be incorrectly encoded. See
|
|||
|
|
the issue for complete details. This will be reverted in a future
|
|||
|
|
cryptography release.
|
|||
|
|
* When OCSPNonce are parsed and generated their value is now correctly
|
|||
|
|
wrapped in an ASN.1 OCTET STRING. This conforms to RFC 6960 but conflicts
|
|||
|
|
with the original behavior specified in RFC 2560. For a temporary period
|
|||
|
|
for backwards compatibility, we will also parse values that are encoded as
|
|||
|
|
specified in RFC 2560 but this behavior will be removed in a future
|
|||
|
|
release.
|
|||
|
|
* Changed the version scheme. This will result in us incrementing the major
|
|||
|
|
version more frequently, but does not change our existing backwards
|
|||
|
|
compatibility policy.
|
|||
|
|
* BACKWARDS INCOMPATIBLE: The X.509 PEM parsers now require that the PEM
|
|||
|
|
string passed have PEM delimiters of the correct type. For example, parsing
|
|||
|
|
a private key PEM concatenated with a certificate PEM will no longer be
|
|||
|
|
accepted by the PEM certificate parser.
|
|||
|
|
* BACKWARDS INCOMPATIBLE: The X.509 certificate parser no longer allows
|
|||
|
|
negative serial numbers. RFC 5280 has always prohibited these.
|
|||
|
|
* BACKWARDS INCOMPATIBLE: Additional forms of invalid ASN.1 found during
|
|||
|
|
X.509 parsing will raise an error on initial parse rather than when the
|
|||
|
|
malformed field is accessed.
|
|||
|
|
* Rust is now required for building cryptography, the
|
|||
|
|
CRYPTOGRAPHY_DONT_BUILD_RUST environment variable is no longer respected.
|
|||
|
|
* Parsers for X.509 no longer use OpenSSL and have been rewritten in Rust.
|
|||
|
|
This should be backwards compatible (modulo the items listed above) and
|
|||
|
|
improve both security and performance.
|
|||
|
|
* Added support for OpenSSL 3.0.0 as a compilation target.
|
|||
|
|
* Added support for SM3 and SM4, when using OpenSSL 1.1.1. These algorithms
|
|||
|
|
are provided for compatibility in regions where they may be required, and
|
|||
|
|
are not generally recommended.
|
|||
|
|
* We now ship manylinux_2_24 and musllinux_1_1 wheels, in addition to our
|
|||
|
|
manylinux2010 and manylinux2014 wheels. Users on distributions like Alpine
|
|||
|
|
Linux should ensure they upgrade to the latest pip to correctly receive
|
|||
|
|
wheels.
|
|||
|
|
* Added rfc4514_attribute_name attribute to x509.NameAttribute.
|
|||
|
|
- drop disable-uneven-sizes-tests.patch (upstream)
|
|||
|
|
- drop disable-RustExtension.patch: building rust extension now
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Tue Oct 12 18:54:25 UTC 2021 - Ben Greiner <code@bnavigator.de>
|
|||
|
|
|
|||
|
|
- Add disable-RustExtension.patch in order to avoid a build
|
|||
|
|
requirement setuptools_rust
|
|||
|
|
- Next version (35.0) needs a full Rust toolchain.
|
|||
|
|
- Clean runtime, build and test requirements
|
|||
|
|
- Disable python2 build: Not supported anymore
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Mon Oct 4 07:00:30 UTC 2021 - Adrian Schröter <adrian@suse.de>
|
|||
|
|
|
|||
|
|
- update to 3.4.8
|
|||
|
|
- keep new rust support disabled for now to avoid new dependencies
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Mon Apr 26 10:07:08 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
|||
|
|
|
|||
|
|
- Remove unnecessary %ifpython3 construct
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Sun Feb 7 20:11:11 UTC 2021 - Michael Ströder <michael@stroeder.com>
|
|||
|
|
|
|||
|
|
- update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331):
|
|||
|
|
* SECURITY ISSUE: Fixed a bug where certain sequences of update()
|
|||
|
|
calls when symmetrically encrypting very large payloads (>2GB) could
|
|||
|
|
result in an integer overflow, leading to buffer overflows.
|
|||
|
|
CVE-2020-36242
|
|||
|
|
- drops CVE-2020-36242-buffer-overflow.patch on older dists
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Sun Dec 20 09:31:33 UTC 2020 - Dirk Müller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 3.3.1:
|
|||
|
|
* Re-added a legacy symbol causing problems for older ``pyOpenSSL`` use
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Wed Dec 9 11:56:30 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
|
|||
|
|
|
|||
|
|
- update to 3.3.0
|
|||
|
|
- BACKWARDS INCOMPATIBLE: Support for Python 3.5 has been removed
|
|||
|
|
due to low usage and maintenance burden.
|
|||
|
|
- BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit
|
|||
|
|
to 1024-bit (8 byte to 128 byte) initialization vectors. This
|
|||
|
|
change is to conform with an upcoming OpenSSL release that will
|
|||
|
|
no longer support sizes outside this window.
|
|||
|
|
- BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we
|
|||
|
|
now raise ValueError rather than UnsupportedAlgorithm when an
|
|||
|
|
unsupported cipher is used. This change is to conform with an
|
|||
|
|
upcoming OpenSSL release that will no longer distinguish
|
|||
|
|
between error types.
|
|||
|
|
- BACKWARDS INCOMPATIBLE: We no longer allow loading of finite
|
|||
|
|
field Diffie-Hellman parameters of less than 512 bits in
|
|||
|
|
length. This change is to conform with an upcoming OpenSSL
|
|||
|
|
release that no longer supports smaller sizes. These keys were
|
|||
|
|
already wildly insecure and should not have been used in any
|
|||
|
|
application outside of testing.
|
|||
|
|
- Updated Windows, macOS, and manylinux wheels to be compiled
|
|||
|
|
with OpenSSL 1.1.1i.
|
|||
|
|
- Python 2 support is deprecated in cryptography. This is the
|
|||
|
|
last release that will support Python 2.
|
|||
|
|
- Added the recover_data_from_signature() function to
|
|||
|
|
RSAPublicKey for recovering the signed data from an RSA
|
|||
|
|
signature.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Sun Dec 6 20:37:33 UTC 2020 - Matej Cepl <mcepl@suse.com>
|
|||
|
|
|
|||
|
|
- Remove unnecessary dependency virtualenv.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Wed Oct 28 14:29:05 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
|||
|
|
|
|||
|
|
- update to 3.2.1:
|
|||
|
|
Disable blinding on RSA public keys to address an error with
|
|||
|
|
some versions of OpenSSL.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Mon Oct 26 11:39:02 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
|||
|
|
|
|||
|
|
- update to 3.2 (bsc#1178168, CVE-2020-25659):
|
|||
|
|
* CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time,
|
|||
|
|
to protect against Bleichenbacher vulnerabilities. Due to limitations imposed
|
|||
|
|
by our API, we cannot completely mitigate this vulnerability.
|
|||
|
|
* Support for OpenSSL 1.0.2 has been removed.
|
|||
|
|
* Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder.
|
|||
|
|
- drops 5507-mitigate-Bleichenbacher-attacks.patch on older dists
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Mon Sep 28 10:49:56 UTC 2020 - Dirk Mueller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 3.1.1:
|
|||
|
|
* wheels compiled with OpenSSL 1.1.1h.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Fri Sep 18 11:15:53 UTC 2020 - Dirk Mueller <dmueller@suse.com>
|
|||
|
|
|
|||
|
|
- update to 3.1:
|
|||
|
|
* **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based
|
|||
|
|
:term:`U-label` parsing in various X.509 classes. This support was originally
|
|||
|
|
deprecated in version 2.1 and moved to an extra in 2.5.
|
|||
|
|
* Deprecated OpenSSL 1.0.2 support. OpenSSL 1.0.2 is no longer supported by
|
|||
|
|
the OpenSSL project. The next version of ``cryptography`` will drop support
|
|||
|
|
for it.
|
|||
|
|
* Deprecated support for Python 3.5. This version sees very little use and will
|
|||
|
|
be removed in the next release.
|
|||
|
|
* ``backend`` arguments to functions are no longer required and the
|
|||
|
|
default backend will automatically be selected if no ``backend`` is provided.
|
|||
|
|
* Added initial support for parsing certificates from PKCS7 files with
|
|||
|
|
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`
|
|||
|
|
and
|
|||
|
|
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`
|
|||
|
|
.
|
|||
|
|
* Calling ``update`` or ``update_into`` on
|
|||
|
|
:class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data``
|
|||
|
|
longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This
|
|||
|
|
also resolves the same issue in :doc:`/fernet`.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Tue Jul 28 17:16:47 UTC 2020 - Ondřej Súkup <mimi.vx@gmail.com>
|
|||
|
|
|
|||
|
|
- update to 3.0
|
|||
|
|
- refreshed disable-uneven-sizes-tests.patch and skip_openssl_memleak_test.patch
|
|||
|
|
* Removed support for passing an Extension instance
|
|||
|
|
to from_issuer_subject_key_identifier(), as per our deprecation policy.
|
|||
|
|
* Support for LibreSSL 2.7.x, 2.8.x, and 2.9.0 has been removed
|
|||
|
|
* Dropped support for macOS 10.9, macOS users must upgrade to 10.10 or newer.
|
|||
|
|
* RSA generate_private_key() no longer accepts public_exponent values except
|
|||
|
|
65537 and 3 (the latter for legacy purposes).
|
|||
|
|
* X.509 certificate parsing now enforces that the version field contains
|
|||
|
|
a valid value, rather than deferring this check until version is accessed.
|
|||
|
|
* Deprecated support for Python 2
|
|||
|
|
* Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa
|
|||
|
|
private keys: load_ssh_private_key() for loading and OpenSSH for writing.
|
|||
|
|
* Added support for OpenSSH certificates to load_ssh_public_key().
|
|||
|
|
* Added encrypt_at_time() and decrypt_at_time() to Fernet.
|
|||
|
|
* Added support for the SubjectInformationAccess X.509 extension.
|
|||
|
|
* Added support for parsing SignedCertificateTimestamps in OCSP responses.
|
|||
|
|
* Added support for parsing attributes in certificate signing requests via get_attribute_for_oid().
|
|||
|
|
* Added support for encoding attributes in certificate signing requests via add_attribute().
|
|||
|
|
* On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL’s built-in CSPRNG
|
|||
|
|
instead of its own OS random engine because these versions of OpenSSL properly reseed on fork.
|
|||
|
|
* Added initial support for creating PKCS12 files with serialize_key_and_certificates().
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Fri May 15 08:44:10 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
|||
|
|
|
|||
|
|
- update to 2.9.2
|
|||
|
|
* 2.9.2 - 2020-04-22
|
|||
|
|
- Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15.
|
|||
|
|
* 2.9.1 - 2020-04-21
|
|||
|
|
- Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g.
|
|||
|
|
* 2.9 - 2020-04-02
|
|||
|
|
- BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to
|
|||
|
|
low usage and maintenance burden.
|
|||
|
|
- BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed.
|
|||
|
|
Users on older version of OpenSSL will need to upgrade.
|
|||
|
|
- BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.
|
|||
|
|
- Removed support for calling public_bytes() with no arguments, as per
|
|||
|
|
our deprecation policy. You must now pass encoding and format.
|
|||
|
|
- BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string()
|
|||
|
|
returns the RDNs as required by RFC 4514.
|
|||
|
|
- Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f.
|
|||
|
|
- Added support for parsing single_extensions in an OCSP response.
|
|||
|
|
- NameAttribute values can now be empty strings.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Oct 17 14:53:32 UTC 2019 - Michael Ströder <michael@stroeder.com>
|
|||
|
|
|
|||
|
|
- update to 2.8
|
|||
|
|
* Added support for Python 3.8.
|
|||
|
|
* Added class methods Poly1305.generate_tag and Poly1305.verify_tag for Poly1305 sign and verify operations.
|
|||
|
|
* Deprecated support for OpenSSL 1.0.1. Support will be removed in cryptography 2.9.
|
|||
|
|
* We now ship manylinux2010 wheels in addition to our manylinux1 wheels.
|
|||
|
|
* Added support for ed25519 and ed448 keys in the CertificateBuilder, CertificateSigningRequestBuilder, CertificateRevocationListBuilder and OCSPResponseBuilder.
|
|||
|
|
* cryptography no longer depends on asn1crypto.
|
|||
|
|
* FreshestCRL is now allowed as a CertificateRevocationList extension.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Mon Jun 3 13:45:56 UTC 2019 - Ondřej Súkup <mimi.vx@gmail.com>
|
|||
|
|
|
|||
|
|
- update to 2.7
|
|||
|
|
* BACKWARDS INCOMPATIBLE: Removed the cryptography.hazmat.primitives.mac.MACContext interface.
|
|||
|
|
The CMAC and HMAC APIs have not changed, but they are no longer registered
|
|||
|
|
as MACContext instances.
|
|||
|
|
* Removed support for running our tests with setup.py test.
|
|||
|
|
* Add support for :class:`~cryptography.hazmat.primitives.poly1305.Poly1305`
|
|||
|
|
when using OpenSSL 1.1.1 or newer.
|
|||
|
|
* Support serialization with Encoding.OpenSSH and PublicFormat.OpenSSH
|
|||
|
|
in :meth:`Ed25519PublicKey.public_bytes <cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey.public_bytes>` .
|
|||
|
|
* Correctly allow passing a SubjectKeyIdentifier to :meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier`
|
|||
|
|
and deprecate passing an Extension object.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Wed May 29 14:41:39 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
|||
|
|
|
|||
|
|
- Simplify the test execution to be more understandable
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Feb 28 19:50:33 UTC 2019 - Michael Ströder <michael@stroeder.com>
|
|||
|
|
|
|||
|
|
- update to 2.6.1:
|
|||
|
|
* BACKWARDS INCOMPATIBLE:
|
|||
|
|
Removedcryptography.hazmat.primitives.asymmetric.utils.encode_rfc6979_signature
|
|||
|
|
andcryptography.hazmat.primitives.asymmetric.utils.decode_rfc6979_signature,
|
|||
|
|
which had been deprecated for nearly 4 years. Use encode_dss_signature()
|
|||
|
|
and decode_dss_signature()instead.
|
|||
|
|
* BACKWARDS INCOMPATIBLE: Removed cryptography.x509.Certificate.serial, which
|
|||
|
|
had been deprecated for nearly 3 years. Use serial_number instead.
|
|||
|
|
* Updated Windows, macOS, and manylinux1 wheels to be compiled with
|
|||
|
|
OpenSSL 1.1.1b.
|
|||
|
|
* Added support for Ed448 signing when using OpenSSL 1.1.1b or newer.
|
|||
|
|
* Added support for Ed25519 signing when using OpenSSL 1.1.1b or newer.
|
|||
|
|
* load_ssh_public_key() can now load ed25519 public keys.
|
|||
|
|
* Add support for easily mapping an object identifier to its elliptic curve
|
|||
|
|
class viaget_curve_for_oid().
|
|||
|
|
* Add support for OpenSSL when compiled with the no-engine
|
|||
|
|
(OPENSSL_NO_ENGINE) flag.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Fri Jan 25 08:25:35 UTC 2019 - Michael Ströder <michael@stroeder.com>
|
|||
|
|
|
|||
|
|
- Dependency on python-idna changed to "Recommends" aligned with
|
|||
|
|
change in upstream source (see below)
|
|||
|
|
- update to 2.5:
|
|||
|
|
* BACKWARDS INCOMPATIBLE: U-label strings were deprecated in version 2.1,
|
|||
|
|
but this version removes the default idna dependency as well. If you still
|
|||
|
|
need this deprecated path please install cryptography with the idna extra:
|
|||
|
|
pip install cryptography[idna].
|
|||
|
|
* BACKWARDS INCOMPATIBLE: The minimum supported PyPy version is now 5.4.
|
|||
|
|
* Numerous classes and functions have been updated to allow bytes-like
|
|||
|
|
types for keying material and passwords, including symmetric algorithms,
|
|||
|
|
AEAD ciphers, KDFs, loading asymmetric keys, and one time password classes.
|
|||
|
|
* Updated Windows, macOS, and manylinux1 wheels to be compiled with OpenSSL 1.1.1a.
|
|||
|
|
* Added support for SHA512_224 and SHA512_256 when using OpenSSL 1.1.1.
|
|||
|
|
* Added support for SHA3_224, SHA3_256, SHA3_384, and SHA3_512 when using OpenSSL 1.1.1.
|
|||
|
|
* Added support for X448 key exchange when using OpenSSL 1.1.1.
|
|||
|
|
* Added support for SHAKE128 and SHAKE256 when using OpenSSL 1.1.1.
|
|||
|
|
* Added initial support for parsing PKCS12 files with load_key_and_certificates().
|
|||
|
|
* Added support for IssuingDistributionPoint.
|
|||
|
|
* Added rfc4514_string() method to x509.Name,
|
|||
|
|
x509.RelativeDistinguishedName, and x509.NameAttribute to format the name
|
|||
|
|
or component an RFC 4514 Distinguished Name string.
|
|||
|
|
* Added from_encoded_point(), which immediately checks if the point is on
|
|||
|
|
the curve and supports compressed points. Deprecated the previous method
|
|||
|
|
from_encoded_point().
|
|||
|
|
* Added signature_hash_algorithm to OCSPResponse.
|
|||
|
|
* Updated X25519 key exchange support to allow additional serialization
|
|||
|
|
methods. Calling public_bytes() with no arguments has been deprecated.
|
|||
|
|
* Added support for encoding compressed and uncompressed points via
|
|||
|
|
public_bytes(). Deprecated the previous method encode_point().
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Jan 3 11:40:58 UTC 2019 - Martin Pluskal <mpluskal@suse.com>
|
|||
|
|
|
|||
|
|
- Update to version 2.4.2:
|
|||
|
|
* Updated Windows, macOS, and manylinux1 wheels to be compiled
|
|||
|
|
with OpenSSL 1.1.0j.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Dec 6 13:13:21 CET 2018 - mcepl@suse.com
|
|||
|
|
|
|||
|
|
- Update to 2.4.1:
|
|||
|
|
* Dropped support for LibreSSL 2.4.x.
|
|||
|
|
* Deprecated OpenSSL 1.0.1 support. OpenSSL 1.0.1 is no
|
|||
|
|
longer supported by the OpenSSL project. At this time there
|
|||
|
|
is no time table for dropping support, however we strongly
|
|||
|
|
encourage all users to upgrade or install cryptography from
|
|||
|
|
a wheel.
|
|||
|
|
* Added initial :doc:`OCSP </x509/ocsp>` support.
|
|||
|
|
* Added support for cryptography.x509.PrecertPoison.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Dec 6 11:48:31 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
|||
|
|
|
|||
|
|
- Fix fdupes call
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Tue Aug 21 07:43:31 UTC 2018 - tchvatal@suse.com
|
|||
|
|
|
|||
|
|
- Update to 2.3.1:
|
|||
|
|
* updated tests for upstream wycheproof changes
|
|||
|
|
* many other tiny test tweaks
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Wed Jul 18 13:20:58 UTC 2018 - michael@stroeder.com
|
|||
|
|
|
|||
|
|
- update to 2.3:
|
|||
|
|
* SECURITY ISSUE: finalize_with_tag() allowed tag truncation by default
|
|||
|
|
which can allow tag forgery in some cases. The method now enforces the
|
|||
|
|
min_tag_length provided to the GCM constructor.
|
|||
|
|
* Added support for Python 3.7.
|
|||
|
|
* Added extract_timestamp() to get the authenticated timestamp of a Fernet token.
|
|||
|
|
* Support for Python 2.7.x without hmac.compare_digest has been deprecated.
|
|||
|
|
We will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next
|
|||
|
|
cryptography release.
|
|||
|
|
* Fixed multiple issues preventing cryptography from compiling
|
|||
|
|
against LibreSSL 2.7.x.
|
|||
|
|
* Added get_revoked_certificate_by_serial_number for quick
|
|||
|
|
serial number searches in CRLs.
|
|||
|
|
* The RelativeDistinguishedName class now preserves the order of attributes.
|
|||
|
|
Duplicate attributes now raise an error instead of silently discarding duplicates.
|
|||
|
|
* aes_key_unwrap() and aes_key_unwrap_with_padding() now raise InvalidUnwrap
|
|||
|
|
if the wrapped key is an invalid length, instead of ValueError.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Tue Jun 12 07:24:12 UTC 2018 - mimi.vx@gmail.com
|
|||
|
|
|
|||
|
|
- update to 2.2.2
|
|||
|
|
* fix build on some systems with openssl 1.1.0h
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Mon Mar 26 07:44:53 UTC 2018 - tchvatal@suse.com
|
|||
|
|
|
|||
|
|
- Cleanup with spec-cleaner
|
|||
|
|
- Use %setup to unpack all archives do not rely on tar calls
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Sun Mar 25 20:39:43 UTC 2018 - michael@stroeder.com
|
|||
|
|
|
|||
|
|
- Update to upstream release 2.2.1:
|
|||
|
|
* Reverted a change to GeneralNames which prohibited having zero elements,
|
|||
|
|
due to breakages.
|
|||
|
|
* Fixed a bug in
|
|||
|
|
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding`
|
|||
|
|
that caused it to raise InvalidUnwrap when key length modulo 8 was zero.
|
|||
|
|
* BACKWARDS INCOMPATIBLE: Support for Python 2.6 has been dropped.
|
|||
|
|
* Resolved a bug in HKDF that incorrectly constrained output size.
|
|||
|
|
* Added
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP256R1`,
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP384R1`, and
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP512R1` to
|
|||
|
|
support inter-operating with systems like German smart meters.
|
|||
|
|
* Added token rotation support to :doc:`Fernet </fernet>` with
|
|||
|
|
:meth:`~cryptography.fernet.MultiFernet.rotate`.
|
|||
|
|
* Fixed a memory leak in
|
|||
|
|
:func:`~cryptography.hazmat.primitives.asymmetric.ec.derive_private_key`.
|
|||
|
|
* Added support for AES key wrapping with padding via
|
|||
|
|
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap_with_padding` and
|
|||
|
|
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding` .
|
|||
|
|
* Allow loading DSA keys with 224 bit q.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Fri Mar 2 16:44:33 UTC 2018 - chris@computersalat.de
|
|||
|
|
|
|||
|
|
- fix deps for hypothesis, pytest
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Feb 8 10:54:03 UTC 2018 - tbechtold@suse.com
|
|||
|
|
|
|||
|
|
- Fix previous change and explicitly require python2 instead of
|
|||
|
|
python because python itself is also provided by python3.
|
|||
|
|
This fixes:
|
|||
|
|
ImportError: No module named _ssl
|
|||
|
|
when using python-cryptography in a python2 build environment
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Sat Feb 3 13:02:06 UTC 2018 - tchvatal@suse.com
|
|||
|
|
|
|||
|
|
- Fix the previous change to not pull in py2 on py3 enviroment
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Sat Jan 27 11:25:02 UTC 2018 - dmueller@suse.com
|
|||
|
|
|
|||
|
|
- fix requires on python ssl once more after the last change
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Jan 18 13:30:12 UTC 2018 - tchvatal@suse.com
|
|||
|
|
|
|||
|
|
- Add proper conditional for the python2, the ifpython works only
|
|||
|
|
for the requires/etc
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Tue Jan 16 10:14:37 UTC 2018 - dmueller@suse.com
|
|||
|
|
|
|||
|
|
- add missing dependency on python ssl
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Fri Dec 8 18:04:13 UTC 2017 - arun@gmx.de
|
|||
|
|
|
|||
|
|
- update to version 2.1.4:
|
|||
|
|
* Added X509_up_ref for an upcoming pyOpenSSL release.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Nov 9 06:06:39 UTC 2017 - arun@gmx.de
|
|||
|
|
|
|||
|
|
- update to version 2.1.3:
|
|||
|
|
* Updated Windows, macOS, and manylinux1 wheels to be compiled with
|
|||
|
|
OpenSSL 1.1.0g.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Fri Nov 3 15:47:03 UTC 2017 - arun@gmx.de
|
|||
|
|
|
|||
|
|
- update to version 2.1.2:
|
|||
|
|
* Corrected a bug with the manylinux1 wheels where OpenSSL’s stack
|
|||
|
|
was marked executable.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Nov 2 08:41:18 UTC 2017 - mimi.vx@gmail.com
|
|||
|
|
|
|||
|
|
- fix BuildRequires conditions for python3
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Oct 12 07:41:48 UTC 2017 - michael@stroeder.com
|
|||
|
|
|
|||
|
|
- update to 2.1.1
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Sep 28 14:50:51 UTC 2017 - sean.marlow@suse.com
|
|||
|
|
|
|||
|
|
- Fix cffi version requirement.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Sep 7 11:18:35 UTC 2017 - vcizek@suse.com
|
|||
|
|
|
|||
|
|
- Disable memleak tests to fix build with OpenSSL 1.1 (bsc#1055478)
|
|||
|
|
* add skip_openssl_memleak_test.patch
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Aug 3 23:14:49 UTC 2017 - michael@stroeder.com
|
|||
|
|
|
|||
|
|
- update to 2.0.3
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Jul 27 10:49:07 UTC 2017 - michael@stroeder.com
|
|||
|
|
|
|||
|
|
- update to 2.0.2
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Mon Jul 17 17:08:59 UTC 2017 - michael@stroeder.com
|
|||
|
|
|
|||
|
|
- update to 2.0
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Wed May 31 11:36:35 UTC 2017 - michael@stroeder.com
|
|||
|
|
|
|||
|
|
- update to 1.9
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Tue May 2 12:58:37 UTC 2017 - jmatejek@suse.com
|
|||
|
|
|
|||
|
|
- add python-packaging to requirements explicitly instead of relying
|
|||
|
|
on setuptools to pull it in
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Mon Mar 20 20:34:03 UTC 2017 - tbechtold@suse.com
|
|||
|
|
|
|||
|
|
- Switch to singlespec approach
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Mar 16 14:13:56 UTC 2017 - tbechtold@suse.com
|
|||
|
|
|
|||
|
|
- update to 1.8.1
|
|||
|
|
- Adust Requires and BuildRequires
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Sun Jan 29 14:57:28 UTC 2017 - michael@stroeder.com
|
|||
|
|
|
|||
|
|
- update to 1.7.2
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Wed Dec 14 20:31:53 UTC 2016 - michael@stroeder.com
|
|||
|
|
|
|||
|
|
- update to 1.7.1 which contains regression fix for 1.7
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Tue Dec 13 12:21:24 UTC 2016 - mimi.vx@gmail.com
|
|||
|
|
|
|||
|
|
- update to 1.7
|
|||
|
|
* support for OpenSSL 1.0.0 has been removed.
|
|||
|
|
* Added support for Diffie-Hellman key exchange
|
|||
|
|
* The OS random engine for OpenSSL has been rewritten
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Wed Nov 23 09:40:23 UTC 2016 - michael@stroeder.com
|
|||
|
|
|
|||
|
|
- update to 1.6
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Fri Nov 11 19:13:36 UTC 2016 - michael@stroeder.com
|
|||
|
|
|
|||
|
|
- update to 1.5.3
|
|||
|
|
- python-cryptography-enable-gost.patch is obsolete
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Mon Sep 26 06:26:21 UTC 2016 - meissner@suse.com
|
|||
|
|
|
|||
|
|
- python-cryptography-enable-gost.patch: temporary patch
|
|||
|
|
to run tests against 1.0.2i, GOST cert extraction now works.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Sun Jul 17 15:07:04 UTC 2016 - matwey.kornilov@gmail.com
|
|||
|
|
|
|||
|
|
- Introduce requirement setuptools >= 11.3
|
|||
|
|
to follow egg-info/requires.txt content
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Mon Jun 6 13:03:35 UTC 2016 - dmueller@suse.com
|
|||
|
|
|
|||
|
|
- fix download urls
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Fri Jun 3 19:37:40 UTC 2016 - michael@stroeder.com
|
|||
|
|
|
|||
|
|
- update to upstream release 1.3.4
|
|||
|
|
* Added new OpenSSL functions to the bindings to support an upcoming
|
|||
|
|
``pyOpenSSL`` release.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Fri May 6 07:43:10 UTC 2016 - dmueller@suse.com
|
|||
|
|
|
|||
|
|
- correct source urls
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu May 5 17:08:06 UTC 2016 - michael@stroeder.com
|
|||
|
|
|
|||
|
|
- update to upstream release 1.3.2
|
|||
|
|
* Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2h.
|
|||
|
|
* Fixed an issue preventing ``cryptography`` from compiling against
|
|||
|
|
LibreSSL 2.3.x.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Fri Mar 18 14:39:05 UTC 2016 - michael@stroeder.com
|
|||
|
|
|
|||
|
|
- removed obsolete cryptography-new-bio-new-type.patch
|
|||
|
|
- update to upstream release 1.3.1
|
|||
|
|
* Fixed a bug that caused an AttributeError when using mock to patch
|
|||
|
|
some cryptography modules.
|
|||
|
|
* Added support for padding ANSI X.923 with ANSIX923.
|
|||
|
|
* Deprecated support for OpenSSL 0.9.8. Support will be removed in
|
|||
|
|
cryptography 1.4.
|
|||
|
|
* Added support for the PolicyConstraints X.509 extension including both
|
|||
|
|
parsing and generation using CertificateBuilder and
|
|||
|
|
CertificateSigningRequestBuilder.
|
|||
|
|
* Added is_signature_valid to CertificateSigningRequest.
|
|||
|
|
* Fixed an intermittent AssertionError when performing an RSA decryption
|
|||
|
|
on an invalid ciphertext, ValueError is now correctly raised in all
|
|||
|
|
cases.
|
|||
|
|
* Added from_issuer_subject_key_identifier().
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Sun Mar 13 21:20:00 UTC 2016 - dmueller@suse.com
|
|||
|
|
|
|||
|
|
- fix license
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Wed Mar 2 21:47:58 UTC 2016 - dimstar@opensuse.org
|
|||
|
|
|
|||
|
|
- Add pkg-config BuildRequires: in order for the last introduced
|
|||
|
|
condition to apply the patch to work, pkg-config has to be
|
|||
|
|
present.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Wed Mar 2 14:19:46 UTC 2016 - meissner@suse.com
|
|||
|
|
|
|||
|
|
- cryptography-new-bio-new-type.patch: openssl 1.0.2g changed
|
|||
|
|
the type of BIO_new_mem_buf() (added a const).
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Sat Jan 9 16:58:46 UTC 2016 - michael@stroeder.com
|
|||
|
|
|
|||
|
|
- update to upstream release 1.2.1
|
|||
|
|
|
|||
|
|
1.2.1 - 2016-01-08
|
|||
|
|
* Reverts a change to an OpenSSL EVP_PKEY object that caused
|
|||
|
|
errors with pyOpenSSL.
|
|||
|
|
1.2 - 2016-01-08
|
|||
|
|
* BACKWARDS INCOMPATIBLE: RevokedCertificate extensions now
|
|||
|
|
uses extension classes rather than returning raw values
|
|||
|
|
inside the Extension value. The new classes are:
|
|||
|
|
o CertificateIssuer
|
|||
|
|
o CRLReason
|
|||
|
|
o InvalidityDate
|
|||
|
|
* Deprecated support for OpenSSL 0.9.8 and 1.0.0. At this time
|
|||
|
|
there is no time table for actually dropping support,
|
|||
|
|
however we strongly encourage all users to upgrade, as those
|
|||
|
|
versions no longer receive support from the OpenSSL project.
|
|||
|
|
* The Certificate class now has signature and
|
|||
|
|
tbs_certificate_bytes attributes.
|
|||
|
|
* The CertificateSigningRequest class now has signature and
|
|||
|
|
tbs_certrequest_bytes attributes.
|
|||
|
|
* The CertificateRevocationList class now has signature and
|
|||
|
|
tbs_certlist_bytes attributes.
|
|||
|
|
* NameConstraints are now supported in the CertificateBuilder
|
|||
|
|
and CertificateSigningRequestBuilder.
|
|||
|
|
* Support serialization of certificate revocation lists using
|
|||
|
|
the public_bytes() method of CertificateRevocationList.
|
|||
|
|
* Add support for parsing CertificateRevocationList extensions
|
|||
|
|
() in the OpenSSL backend. The following extensions are
|
|||
|
|
currently supported:
|
|||
|
|
o AuthorityInformationAccess
|
|||
|
|
o AuthorityKeyIdentifier
|
|||
|
|
o CRLNumber
|
|||
|
|
o IssuerAlternativeName
|
|||
|
|
* Added CertificateRevocationListBuilder and
|
|||
|
|
RevokedCertificateBuilder to allow creation of CRLs.
|
|||
|
|
* Unrecognized non-critical X.509 extensions are now parsed
|
|||
|
|
into an UnrecognizedExtension object.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Wed Dec 30 12:41:26 UTC 2015 - michael@stroeder.com
|
|||
|
|
|
|||
|
|
- update to 1.1.2:
|
|||
|
|
* Fixed a SIGBUS crash with the OS X wheels caused by redefinition of a
|
|||
|
|
method.
|
|||
|
|
* Fixed a runtime error ``undefined symbol EC_GFp_nistp224_method`` that
|
|||
|
|
occurred with some OpenSSL installations.
|
|||
|
|
* Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2e.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Wed Dec 9 10:35:20 UTC 2015 - dmueller@suse.com
|
|||
|
|
|
|||
|
|
- update to 1.1.1:
|
|||
|
|
* Fixed several small bugs related to compiling the OpenSSL bindings with
|
|||
|
|
unusual OpenSSL configurations.
|
|||
|
|
* Resolved an issue where, depending on the method of installation and
|
|||
|
|
which Python interpreter they were using, users on El Capitan (OS X 10.11)
|
|||
|
|
may have seen an ``InternalError`` on import.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Wed Dec 9 10:19:45 UTC 2015 - dmueller@suse.com
|
|||
|
|
|
|||
|
|
- fix build for sle11 (disable testsuite as it depends on python-hypothesis
|
|||
|
|
which is not available for sle11 anymore)
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Tue Nov 10 04:16:13 UTC 2015 - tbechtold@suse.com
|
|||
|
|
|
|||
|
|
- update to 1.1:
|
|||
|
|
* Added support for Elliptic Curve Diffie-Hellman with
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDH`.
|
|||
|
|
* Added :class:`~cryptography.hazmat.primitives.kdf.x963kdf.X963KDF`.
|
|||
|
|
* Added support for parsing certificate revocation lists (CRLs) using
|
|||
|
|
:func:`~cryptography.x509.load_pem_x509_crl` and
|
|||
|
|
:func:`~cryptography.x509.load_der_x509_crl`.
|
|||
|
|
* Add support for AES key wrapping with
|
|||
|
|
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap` and
|
|||
|
|
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap`.
|
|||
|
|
* Added a ``__hash__`` method to :class:`~cryptography.x509.Name`.
|
|||
|
|
* Add support for encoding and decoding elliptic curve points to a byte string
|
|||
|
|
form using
|
|||
|
|
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.encode_point`
|
|||
|
|
and
|
|||
|
|
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.from_encoded_point`.
|
|||
|
|
* Added :meth:`~cryptography.x509.Extensions.get_extension_for_class`.
|
|||
|
|
* :class:`~cryptography.x509.CertificatePolicies` are now supported in the
|
|||
|
|
:class:`~cryptography.x509.CertificateBuilder`.
|
|||
|
|
* ``countryName`` is now encoded as a ``PrintableString`` when creating subject
|
|||
|
|
and issuer distinguished names with the Certificate and CSR builder classes.
|
|||
|
|
* **SECURITY ISSUE**: The OpenSSL backend prior to 1.0.2 made extensive use
|
|||
|
|
of assertions to check response codes where our tests could not trigger a
|
|||
|
|
failure. However, when Python is run with ``-O`` these asserts are optimized
|
|||
|
|
away. If a user ran Python with this flag and got an invalid response code
|
|||
|
|
this could result in undefined behavior or worse. Accordingly, all response
|
|||
|
|
checks from the OpenSSL backend have been converted from ``assert``
|
|||
|
|
to a true function call. Credit **Emilia Käsper (Google Security Team)**
|
|||
|
|
for the report.
|
|||
|
|
* We now ship OS X wheels that statically link OpenSSL by default. When
|
|||
|
|
installing a wheel on OS X 10.10+ (and using a Python compiled against the
|
|||
|
|
10.10 SDK) users will no longer need to compile. See :doc:`/installation` for
|
|||
|
|
alternate installation methods if required.
|
|||
|
|
* Set the default string mask to UTF-8 in the OpenSSL backend to resolve
|
|||
|
|
character encoding issues with older versions of OpenSSL.
|
|||
|
|
* Several new OpenSSL bindings have been added to support a future pyOpenSSL
|
|||
|
|
release.
|
|||
|
|
* Raise an error during install on PyPy < 2.6. 1.0+ requires PyPy 2.6+.
|
|||
|
|
- Remove 2293.patch . Applied in a different way upstream.
|
|||
|
|
- Add BuildRequires for python-hypothesis and python-pyasn1-modules for running
|
|||
|
|
unittests
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Wed Sep 30 12:01:27 UTC 2015 - dmueller@suse.com
|
|||
|
|
|
|||
|
|
- require the cffi version it was built against to avoid (bsc#948198)
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Tue Sep 29 13:54:24 UTC 2015 - tbechtold@suse.com
|
|||
|
|
|
|||
|
|
- Add 2293.patch for "osrandom engine already registered" (bnc#947679)
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Sep 17 13:11:06 UTC 2015 - tbechtold@suse.com
|
|||
|
|
|
|||
|
|
- Add disable-uneven-sizes-tests.patch (bnc#944204)
|
|||
|
|
openssl in SLE12SP1 doesn't allow uneven bit sizes for rsa keys
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Sat Aug 22 10:30:08 UTC 2015 - tbechtold@suse.com
|
|||
|
|
|
|||
|
|
- update to 1.0 (fate#318838):
|
|||
|
|
* Switched to the new `cffi`_ ``set_source`` out-of-line API mode for
|
|||
|
|
compilation. This results in significantly faster imports and lowered
|
|||
|
|
memory consumption. Due to this change we no longer support PyPy releases
|
|||
|
|
older than 2.6 nor do we support any released version of PyPy3 (until a
|
|||
|
|
version supporting cffi 1.0 comes out).
|
|||
|
|
* Fix parsing of OpenSSH public keys that have spaces in comments.
|
|||
|
|
* Support serialization of certificate signing requests using the
|
|||
|
|
``public_bytes`` method of
|
|||
|
|
:class:`~cryptography.x509.CertificateSigningRequest`.
|
|||
|
|
* Support serialization of certificates using the ``public_bytes`` method of
|
|||
|
|
:class:`~cryptography.x509.Certificate`.
|
|||
|
|
* Add ``get_provisioning_uri`` method to
|
|||
|
|
:class:`~cryptography.hazmat.primitives.twofactor.hotp.HOTP` and
|
|||
|
|
:class:`~cryptography.hazmat.primitives.twofactor.totp.TOTP` for generating
|
|||
|
|
provisioning URIs.
|
|||
|
|
* Add :class:`~cryptography.hazmat.primitives.kdf.concatkdf.ConcatKDFHash`
|
|||
|
|
and :class:`~cryptography.hazmat.primitives.kdf.concatkdf.ConcatKDFHMAC`.
|
|||
|
|
* Raise a ``TypeError`` when passing objects that are not text as the value to
|
|||
|
|
:class:`~cryptography.x509.NameAttribute`.
|
|||
|
|
* Add support for :class:`~cryptography.x509.OtherName` as a general name
|
|||
|
|
type.
|
|||
|
|
* Added new X.509 extension support in :class:`~cryptography.x509.Certificate`
|
|||
|
|
The following new extensions are now supported:
|
|||
|
|
|
|||
|
|
* :class:`~cryptography.x509.OCSPNoCheck`
|
|||
|
|
* :class:`~cryptography.x509.InhibitAnyPolicy`
|
|||
|
|
* :class:`~cryptography.x509.IssuerAlternativeName`
|
|||
|
|
* :class:`~cryptography.x509.NameConstraints`
|
|||
|
|
|
|||
|
|
* Extension support was added to
|
|||
|
|
:class:`~cryptography.x509.CertificateSigningRequest`.
|
|||
|
|
* Add support for creating signed certificates with
|
|||
|
|
:class:`~cryptography.x509.CertificateBuilder`. This includes support for
|
|||
|
|
the following extensions:
|
|||
|
|
|
|||
|
|
* :class:`~cryptography.x509.BasicConstraints`
|
|||
|
|
* :class:`~cryptography.x509.SubjectAlternativeName`
|
|||
|
|
* :class:`~cryptography.x509.KeyUsage`
|
|||
|
|
* :class:`~cryptography.x509.ExtendedKeyUsage`
|
|||
|
|
* :class:`~cryptography.x509.SubjectKeyIdentifier`
|
|||
|
|
* :class:`~cryptography.x509.AuthorityKeyIdentifier`
|
|||
|
|
* :class:`~cryptography.x509.AuthorityInformationAccess`
|
|||
|
|
* :class:`~cryptography.x509.CRLDistributionPoints`
|
|||
|
|
* :class:`~cryptography.x509.InhibitAnyPolicy`
|
|||
|
|
* :class:`~cryptography.x509.IssuerAlternativeName`
|
|||
|
|
* :class:`~cryptography.x509.OCSPNoCheck`
|
|||
|
|
|
|||
|
|
* Add support for creating certificate signing requests with
|
|||
|
|
:class:`~cryptography.x509.CertificateSigningRequestBuilder`. This includes
|
|||
|
|
support for the same extensions supported in the ``CertificateBuilder``.
|
|||
|
|
* Deprecate ``encode_rfc6979_signature`` and ``decode_rfc6979_signature`` in
|
|||
|
|
favor of
|
|||
|
|
:func:`~cryptography.hazmat.primitives.asymmetric.utils.encode_dss_signature`
|
|||
|
|
and
|
|||
|
|
:func:`~cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature`.
|
|||
|
|
- Adjust Requires according to requires.txt
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Wed Jul 29 18:05:55 UTC 2015 - tbechtold@suse.com
|
|||
|
|
|
|||
|
|
- update to 0.9.3:
|
|||
|
|
* Updated Windows wheels to be compiled against OpenSSL 1.0.2d.
|
|||
|
|
* Updated Windows wheels to be compiled against OpenSSL 1.0.2c.
|
|||
|
|
* **SECURITY ISSUE**: Fixed a double free in the OpenSSL backend when using DSA
|
|||
|
|
to verify signatures. Note that this only affects PyPy 2.6.0 and (presently
|
|||
|
|
unreleased) CFFI versions greater than 1.1.0.
|
|||
|
|
* Removed support for Python 3.2. This version of Python is rarely used
|
|||
|
|
and caused support headaches. Users affected by this should upgrade to 3.3+.
|
|||
|
|
* Deprecated support for Python 2.6. At the time there is no time table for
|
|||
|
|
actually dropping support, however we strongly encourage all users to upgrade
|
|||
|
|
their Python, as Python 2.6 no longer receives support from the Python core
|
|||
|
|
team.
|
|||
|
|
* Add support for the
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.ec.SECP256K1` elliptic
|
|||
|
|
curve.
|
|||
|
|
* Fixed compilation when using an OpenSSL which was compiled with the
|
|||
|
|
``no-comp`` (``OPENSSL_NO_COMP``) option.
|
|||
|
|
* Support :attr:`~cryptography.hazmat.primitives.serialization.Encoding.DER`
|
|||
|
|
serialization of public keys using the ``public_bytes`` method of
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization`,
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization`,
|
|||
|
|
and
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithSerialization`.
|
|||
|
|
* Support :attr:`~cryptography.hazmat.primitives.serialization.Encoding.DER`
|
|||
|
|
serialization of private keys using the ``private_bytes`` method of
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization`,
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization`,
|
|||
|
|
and
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization`.
|
|||
|
|
* Add support for parsing X.509 certificate signing requests (CSRs) with
|
|||
|
|
:func:`~cryptography.x509.load_pem_x509_csr` and
|
|||
|
|
:func:`~cryptography.x509.load_der_x509_csr`.
|
|||
|
|
* Moved ``cryptography.exceptions.InvalidToken`` to
|
|||
|
|
:class:`cryptography.hazmat.primitives.twofactor.InvalidToken` and deprecated
|
|||
|
|
the old location. This was moved to minimize confusion between this exception
|
|||
|
|
and :class:`cryptography.fernet.InvalidToken`.
|
|||
|
|
* Added support for X.509 extensions in :class:`~cryptography.x509.Certificate`
|
|||
|
|
objects. The following extensions are supported as of this release:
|
|||
|
|
|
|||
|
|
* :class:`~cryptography.x509.BasicConstraints`
|
|||
|
|
* :class:`~cryptography.x509.AuthorityKeyIdentifier`
|
|||
|
|
* :class:`~cryptography.x509.SubjectKeyIdentifier`
|
|||
|
|
* :class:`~cryptography.x509.KeyUsage`
|
|||
|
|
* :class:`~cryptography.x509.SubjectAlternativeName`
|
|||
|
|
* :class:`~cryptography.x509.ExtendedKeyUsage`
|
|||
|
|
* :class:`~cryptography.x509.CRLDistributionPoints`
|
|||
|
|
* :class:`~cryptography.x509.AuthorityInformationAccess`
|
|||
|
|
* :class:`~cryptography.x509.CertificatePolicies`
|
|||
|
|
|
|||
|
|
Note that unsupported extensions with the critical flag raise
|
|||
|
|
:class:`~cryptography.x509.UnsupportedExtension` while unsupported extensions
|
|||
|
|
set to non-critical are silently ignored. Read the
|
|||
|
|
:doc:`X.509 documentation</x509>` for more information.
|
|||
|
|
- add python-pyasn1, python-ipaddress and python-idna as Requires/BuildRequires
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Thu Apr 23 06:38:42 UTC 2015 - mcihar@suse.cz
|
|||
|
|
|
|||
|
|
- Update to 0.8.2:
|
|||
|
|
* Fixed a race condition when initializing the OpenSSL or CommonCrypto backends
|
|||
|
|
in a multi-threaded scenario.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Tue Apr 7 10:00:28 UTC 2015 - tbechtold@suse.com
|
|||
|
|
|
|||
|
|
- update to 0.8.1:
|
|||
|
|
* Updated Windows wheels to be compiled against OpenSSL 1.0.2a.
|
|||
|
|
* func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` can
|
|||
|
|
now load elliptic curve public keys.
|
|||
|
|
* Added
|
|||
|
|
:attr:`~cryptography.x509.Certificate.signature_hash_algorithm` support to
|
|||
|
|
:class:`~cryptography.x509.Certificate`.
|
|||
|
|
* Added
|
|||
|
|
:func:`~cryptography.hazmat.primitives.asymmetric.rsa.rsa_recover_prime_factor s`
|
|||
|
|
* :class:`~cryptography.hazmat.primitives.kdf.KeyDerivationFunction` was moved
|
|||
|
|
from :mod:`~cryptography.hazmat.primitives.interfaces` to
|
|||
|
|
:mod:`~cryptography.hazmat.primitives.kdf`.
|
|||
|
|
* Added support for parsing X.509 names. See the
|
|||
|
|
:doc:`X.509 documentation</x509>` for more information.
|
|||
|
|
* Added
|
|||
|
|
:func:`~cryptography.hazmat.primitives.serialization.load_der_private_key` to
|
|||
|
|
support loading of DER encoded private keys and
|
|||
|
|
:func:`~cryptography.hazmat.primitives.serialization.load_der_public_key` to
|
|||
|
|
support loading DER encoded public keys.
|
|||
|
|
* Fixed building against LibreSSL, a compile-time substitute for OpenSSL.
|
|||
|
|
* FreeBSD 9.2 was removed from the continuous integration system.
|
|||
|
|
* Updated Windows wheels to be compiled against OpenSSL 1.0.2.
|
|||
|
|
* :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`
|
|||
|
|
and :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`
|
|||
|
|
now support PKCS1 RSA public keys (in addition to the previous support for
|
|||
|
|
SubjectPublicKeyInfo format for RSA, EC, and DSA).
|
|||
|
|
* Added
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization`
|
|||
|
|
and deprecated
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithNumbers`.
|
|||
|
|
* Added
|
|||
|
|
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization.private_bytes`
|
|||
|
|
to
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization`.
|
|||
|
|
* Added
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization`
|
|||
|
|
and deprecated
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithNumbers`.
|
|||
|
|
* Added
|
|||
|
|
:meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization.private_bytes`
|
|||
|
|
to
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization`.
|
|||
|
|
* Added
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization`
|
|||
|
|
and deprecated
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithNumbers`.
|
|||
|
|
* Added
|
|||
|
|
:meth:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization.private_bytes`
|
|||
|
|
to
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization`.
|
|||
|
|
* Added
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization`
|
|||
|
|
and deprecated
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithNumbers`.
|
|||
|
|
* Added
|
|||
|
|
:meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization.public_bytes`
|
|||
|
|
to
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization`.
|
|||
|
|
* Added
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithSerialization`
|
|||
|
|
and deprecated
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithNumbers`.
|
|||
|
|
* Added
|
|||
|
|
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithSerialization.public_bytes`
|
|||
|
|
to
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithSerialization`.
|
|||
|
|
* Added
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization`
|
|||
|
|
and deprecated
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithNumbers`.
|
|||
|
|
* Added
|
|||
|
|
:meth:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization.public_bytes`
|
|||
|
|
to
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization`.
|
|||
|
|
* :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` and
|
|||
|
|
:class:`~cryptography.hazmat.primitives.hashes.HashContext` were moved from
|
|||
|
|
:mod:`~cryptography.hazmat.primitives.interfaces` to
|
|||
|
|
:mod:`~cryptography.hazmat.primitives.hashes`.
|
|||
|
|
* :class:`~cryptography.hazmat.primitives.ciphers.CipherContext`,
|
|||
|
|
:class:`~cryptography.hazmat.primitives.ciphers.AEADCipherContext`,
|
|||
|
|
:class:`~cryptography.hazmat.primitives.ciphers.AEADEncryptionContext`,
|
|||
|
|
:class:`~cryptography.hazmat.primitives.ciphers.CipherAlgorithm`, and
|
|||
|
|
:class:`~cryptography.hazmat.primitives.ciphers.BlockCipherAlgorithm`
|
|||
|
|
were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to
|
|||
|
|
:mod:`~cryptography.hazmat.primitives.ciphers`.
|
|||
|
|
* :class:`~cryptography.hazmat.primitives.ciphers.modes.Mode`,
|
|||
|
|
:class:`~cryptography.hazmat.primitives.ciphers.modes.ModeWithInitializationVector`,
|
|||
|
|
:class:`~cryptography.hazmat.primitives.ciphers.modes.ModeWithNonce`, and
|
|||
|
|
:class:`~cryptography.hazmat.primitives.ciphers.modes.ModeWithAuthenticationTag`
|
|||
|
|
were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to
|
|||
|
|
:mod:`~cryptography.hazmat.primitives.ciphers.modes`.
|
|||
|
|
* :class:`~cryptography.hazmat.primitives.padding.PaddingContext` was moved
|
|||
|
|
from :mod:`~cryptography.hazmat.primitives.interfaces` to
|
|||
|
|
:mod:`~cryptography.hazmat.primitives.padding`.
|
|||
|
|
*
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.padding.AsymmetricPadding`
|
|||
|
|
was moved from :mod:`~cryptography.hazmat.primitives.interfaces` to
|
|||
|
|
:mod:`~cryptography.hazmat.primitives.asymmetric.padding`.
|
|||
|
|
*
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricSignatureContext`
|
|||
|
|
and
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricVerificationContext`
|
|||
|
|
were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to
|
|||
|
|
:mod:`~cryptography.hazmat.primitives.asymmetric`.
|
|||
|
|
* :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters`,
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParametersWithNumbers`,
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`,
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithNumbers`,
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` and
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithNumbers`
|
|||
|
|
were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to
|
|||
|
|
:mod:`~cryptography.hazmat.primitives.asymmetric.dsa`
|
|||
|
|
* :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve`,
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurveSignatureAlgorithm`,
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`,
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithNumbers`,
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`,
|
|||
|
|
and
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithNumbers`
|
|||
|
|
were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to
|
|||
|
|
:mod:`~cryptography.hazmat.primitives.asymmetric.ec`.
|
|||
|
|
* :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`,
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithNumbers`,
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` and
|
|||
|
|
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithNumbers`
|
|||
|
|
were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to
|
|||
|
|
:mod:`~cryptography.hazmat.primitives.asymmetric.rsa`.
|
|||
|
|
* Updated Windows wheels to be compiled against OpenSSL 1.0.1l.
|
|||
|
|
* ``enum34`` is no longer installed on Python 3.4, where it is included in
|
|||
|
|
the standard library.
|
|||
|
|
* Added a new function to the OpenSSL bindings to support additional
|
|||
|
|
functionality in pyOpenSSL.
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Mon Dec 29 18:08:34 UTC 2014 - jmatejek@suse.com
|
|||
|
|
|
|||
|
|
- update to 0.7.1
|
|||
|
|
* backwards-incompatible change: GCM module doesn't truncate tags
|
|||
|
|
by default anymore
|
|||
|
|
* removed deprecated arguments to MFG1 constructor
|
|||
|
|
* ECC support
|
|||
|
|
* added PEM and openssh key loading convenience methods
|
|||
|
|
* support for many new ciphers and new features of existing ones
|
|||
|
|
see CHANGELOG.rst for details
|
|||
|
|
- spec cleanup
|
|||
|
|
- reworked %check section
|
|||
|
|
- added changelog to docs
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Mon May 19 16:14:52 UTC 2014 - jmatejek@suse.com
|
|||
|
|
|
|||
|
|
- update to 0.4
|
|||
|
|
* added IDEA algorithm
|
|||
|
|
* added HOTP, TOTP and CMAC primitives
|
|||
|
|
* improved support for RSA and DSA public key cryptography
|
|||
|
|
- include cryptography_vectors as a source, in order to run the full
|
|||
|
|
test suite (cryptography_vectors seems only useful for testing
|
|||
|
|
this module, so it's probably not worth making a separate installable
|
|||
|
|
package for it)
|
|||
|
|
- drop upstreamed cryptography-custom-install-cmd.patch
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Mon Mar 31 16:03:46 UTC 2014 - speilicke@suse.com
|
|||
|
|
|
|||
|
|
- Add cryptography-custom-install-cmd.patch: Fix installation to plat_lib
|
|||
|
|
- Properly invoke testsuite, therefore add dependencies on iso8601 and pretend
|
|||
|
|
- Only use pkg-config for libffi on newer distros, stay with old-style
|
|||
|
|
devel package requires to fix SLE build
|
|||
|
|
|
|||
|
|
-------------------------------------------------------------------
|
|||
|
|
Mon Feb 24 12:43:32 UTC 2014 - mvyskocil@suse.com
|
|||
|
|
|
|||
|
|
- Initial packaging of python-cryptography for openSUSE
|
|||
|
|
|