Accepting request 623674 from home:stroeder:branches:devel:languages:python

- update to 2.3:
  * SECURITY ISSUE: finalize_with_tag() allowed tag truncation by default 
    which can allow tag forgery in some cases. The method now enforces the 
    min_tag_length provided to the GCM constructor.
  * Added support for Python 3.7.
  * Added extract_timestamp() to get the authenticated timestamp of a Fernet token.
  * Support for Python 2.7.x without hmac.compare_digest has been deprecated. 
    We will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next 
    cryptography release.
  * Fixed multiple issues preventing cryptography from compiling
    against LibreSSL 2.7.x.
  * Added get_revoked_certificate_by_serial_number for quick
    serial number searches in CRLs.
  * The RelativeDistinguishedName class now preserves the order of attributes.
    Duplicate attributes now raise an error instead of silently discarding duplicates.
  * aes_key_unwrap() and aes_key_unwrap_with_padding() now raise InvalidUnwrap
    if the wrapped key is an invalid length, instead of ValueError.

OBS-URL: https://build.opensuse.org/request/show/623674
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=100

cryptography-2.2.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9fc295bf69130a342e7a19a39d7bbeb15c0bcaabc7382ec33ef3b2b7d18d2f63
-size 443822

cryptography-2.2.2.tar.gz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCAAdFiEEBf2foWz3VzUNkaVgI1rl8Sn57ZgFAlq6dNgACgkQI1rl8Sn5
-7Zg0Ygf/WzulfXom9qdbCHrUJh2xkTxPqK2/SUqDqOQ1OdKJm+MxDBcMhwrCdBDh
-8+eXyPTLnnhPUcCSqVFcJeUu9KyKB2MhKi7gdBUHrDxjbufexxPC+L/KwjOq3nod
-gL4OPHGGeX2ZgSlwFPR4zPIIheUmf9kPX88qtW8DD8zmuyhci6ibac9a/3fHkDVt
-H27B+aqs+WObMjcfwZV7gMnRbZwUOBZvVFRxwfMHVuMpfbwhQC8HdBK74XKNaoTd
-Golmpa5fqRm1sNquBz9YRVElWuw1qj1CZJhRBuR7V5xyPLX8J7EVUrYa70/fVtfr
-hW7oAlNbMFYb58hGC9K20v6WX8XT2w==
-=zox2
------END PGP SIGNATURE-----

cryptography-2.3.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c132bab45d4bd0fff1d3fe294d92b0a6eb8404e93337b3127bdec9f21de117e6
+size 449464

cryptography-2.3.tar.gz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCAAdFiEEBf2foWz3VzUNkaVgI1rl8Sn57ZgFAltPLDoACgkQI1rl8Sn5
+7ZgshggArT9MYkhbui9vHw2IimiYQhkqAzg6AZsE0Kl2re6WXHzbXrfoG+BcChu8
+PiPMfLTMLoYDshs0RfgXKiOQWk23hM17VUgTIHi6GYDIY8qQ/Cqk6lKURc9tzMGS
+rCApFkUiisKcolPkPc6Qk1PtJ9iURPZV/mgw3quID2VYsNSoQhD4bmq9VHCIsDFo
+FyfIi7bhXc2esJXGfHrftsd4jEnJQsQVNx0pooj/DO3eR4IM6HI4pnN96UwvWT1Z
+W+HLrtf0g8TpX7idmFKdHKFRYAPmYb2+9z0G38hQ586Z3zx/zGgQZIaPATUUewlu
+IRcDWk0TyQfL+5fUkpuWP2q/G5hXsw==
+=4NKN
+-----END PGP SIGNATURE-----

cryptography_vectors-2.2.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:28b52c84bae3a564ce51bfb0753cbe360218bd648c64efa2808c886c18505688
-size 27270814

cryptography_vectors-2.3.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:356a2ded84ae379e556515eec9b68dd74957651a38465d10605bb9fbae280f15
+size 35303908

python-cryptography.changes

@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Wed Jul 18 13:20:58 UTC 2018 - michael@stroeder.com
+
+- update to 2.3:
+  * SECURITY ISSUE: finalize_with_tag() allowed tag truncation by default 
+    which can allow tag forgery in some cases. The method now enforces the 
+    min_tag_length provided to the GCM constructor.
+  * Added support for Python 3.7.
+  * Added extract_timestamp() to get the authenticated timestamp of a Fernet token.
+  * Support for Python 2.7.x without hmac.compare_digest has been deprecated. 
+    We will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next 
+    cryptography release.
+  * Fixed multiple issues preventing cryptography from compiling
+    against LibreSSL 2.7.x.
+  * Added get_revoked_certificate_by_serial_number for quick
+    serial number searches in CRLs.
+  * The RelativeDistinguishedName class now preserves the order of attributes.
+    Duplicate attributes now raise an error instead of silently discarding duplicates.
+  * aes_key_unwrap() and aes_key_unwrap_with_padding() now raise InvalidUnwrap
+    if the wrapped key is an invalid length, instead of ValueError.
+
 -------------------------------------------------------------------
 Tue Jun 12 07:24:12 UTC 2018 - mimi.vx@gmail.com
 

python-cryptography.spec

@@ -19,7 +19,7 @@
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 %bcond_without python2
 Name:           python-cryptography
-Version:        2.2.2
+Version:        2.3
 Release:        0
 Summary:        Python library which exposes cryptographic recipes and primitives
 License:        Apache-2.0 OR BSD-3-Clause