Accepting request 1007100 from devel:languages:python

- update to 38.0.1:
  * Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically
    seen in large CRLs).
  * Final deprecation of OpenSSL 1.1.0. The next release of ``cryptography``
    will drop support.
  * We no longer ship ``manylinux2010`` wheels. Users should upgrade to the
    latest ``pip`` to ensure this doesn't cause issues downloading wheels on
    their platform. We now ship ``manylinux_2_28`` wheels for users on new
    enough platforms.
  * Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0.
    Users with the latest ``pip`` will typically get a wheel and not need Rust
    installed, but check :doc:`/installation` for documentation on installing a
    newer ``rustc`` if required.
  * :meth:`~cryptography.fernet.Fernet.decrypt` and related methods now accept
    both ``str`` and ``bytes`` tokens.
  * Parsing ``CertificateSigningRequest`` restores the behavior of enforcing
    that the ``Extension`` ``critical`` field must be correctly encoded DER. See
    `the issue <https://github.com/pyca/cryptography/issues/6368>`_ for complete
    details.
  * Added two new OpenSSL functions to the bindings to support an upcoming
    ``pyOpenSSL`` release.
  * When parsing :class:`~cryptography.x509.CertificateRevocationList` and
    :class:`~cryptography.x509.CertificateSigningRequest` values, it is now
    enforced that the ``version`` value in the input must be valid according to
    the rules of :rfc:`2986` and :rfc:`5280`.
  * Using MD5 or SHA1 in :class:`~cryptography.x509.CertificateBuilder` and
    other X.509 builders is deprecated and support will be removed in the next
    version.
  * Added additional APIs to
    :class:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp`, including

OBS-URL: https://build.opensuse.org/request/show/1007100
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=67

_service

@@ -1,7 +1,8 @@
 <services>
   <service name="download_files" mode="disabled"/>
   <service name="cargo_vendor" mode="disabled">
-    <param name="srcdir">cryptography-37.0.4/src/rust</param>
+    <param name="srcdir">cryptography-38.0.1/src/rust</param>
+    <param name="compression">zst</param>
   </service>
   <service name="cargo_audit" mode="disabled">
   </service>

cryptography-37.0.4.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:63f9c17c0e2474ccbebc9302ce2f07b55b3b3fcb211ded18a42d5764f5c10a82
-size 585913

cryptography-38.0.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1db3d807a14931fa317f96435695d9ec386be7b84b618cc61cfa5d08b0ae33d7
+size 599412

python-cryptography.changes

@@ -1,3 +1,63 @@
+-------------------------------------------------------------------
+Thu Sep 29 19:42:06 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 38.0.1:
+  * Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically
+    seen in large CRLs).
+  * Final deprecation of OpenSSL 1.1.0. The next release of ``cryptography``
+    will drop support.
+  * We no longer ship ``manylinux2010`` wheels. Users should upgrade to the
+    latest ``pip`` to ensure this doesn't cause issues downloading wheels on
+    their platform. We now ship ``manylinux_2_28`` wheels for users on new
+    enough platforms.
+  * Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0.
+    Users with the latest ``pip`` will typically get a wheel and not need Rust
+    installed, but check :doc:`/installation` for documentation on installing a
+    newer ``rustc`` if required.
+  * :meth:`~cryptography.fernet.Fernet.decrypt` and related methods now accept
+    both ``str`` and ``bytes`` tokens.
+  * Parsing ``CertificateSigningRequest`` restores the behavior of enforcing
+    that the ``Extension`` ``critical`` field must be correctly encoded DER. See
+    `the issue <https://github.com/pyca/cryptography/issues/6368>`_ for complete
+    details.
+  * Added two new OpenSSL functions to the bindings to support an upcoming
+    ``pyOpenSSL`` release.
+  * When parsing :class:`~cryptography.x509.CertificateRevocationList` and
+    :class:`~cryptography.x509.CertificateSigningRequest` values, it is now
+    enforced that the ``version`` value in the input must be valid according to
+    the rules of :rfc:`2986` and :rfc:`5280`.
+  * Using MD5 or SHA1 in :class:`~cryptography.x509.CertificateBuilder` and
+    other X.509 builders is deprecated and support will be removed in the next
+    version.
+  * Added additional APIs to
+    :class:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp`, including
+    :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_hash_algorithm`,
+    :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_algorithm`,
+    :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature`, and
+    :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.extension_bytes`.
+  * Added :attr:`~cryptography.x509.Certificate.tbs_precertificate_bytes`, allowing
+    users to access the to-be-signed pre-certificate data needed for signed
+    certificate timestamp verification.
+  * :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFHMAC` and
+    :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC` now support
+    :attr:`~cryptography.hazmat.primitives.kdf.kbkdf.CounterLocation.MiddleFixed`
+    counter location.
+  * Fixed :rfc:`4514` name parsing to reverse the order of the RDNs according
+    to the section 2.1 of the RFC, affecting method
+    :meth:`~cryptography.x509.Name.from_rfc4514_string`.
+  * It is now possible to customize some aspects of encryption when serializing
+    private keys, using
+    :meth:`~cryptography.hazmat.primitives.serialization.PrivateFormat.encryption_builder`.
+  * Removed several legacy symbols from our OpenSSL bindings. Users of pyOpenSSL
+    versions older than 22.0 will need to upgrade.
+  * Added
+    :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES128` and
+    :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES256` classes.
+    These classes do not replace
+    :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES` (which
+    allows all AES key lengths), but are intended for applications where
+    developers want to be explicit about key length.
+  
 -------------------------------------------------------------------
 Tue Jul 19 12:07:03 UTC 2022 - Dirk Müller <dmueller@suse.com>
 

python-cryptography.spec

@@ -28,7 +28,7 @@
 %bcond_with test
 %endif
 Name:           python-cryptography%{psuffix}
-Version:        37.0.4
+Version:        38.0.1
 Release:        0
 Summary:        Python library which exposes cryptographic recipes and primitives
 License:        Apache-2.0 OR BSD-3-Clause

vendor.tar.zst

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:3493a00e4cfd2ec828c6b659259daf981b7dd0e751ed33b2032a86bec43ee344
-size 8743693
+oid sha256:8b3f00295563ecc89fc943e573c820df2738ecd759d1109b14453e51a891763f
+size 7636953