- update to 45.0.5:
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.5.1.
* Fixed decrypting PKCS#8 files encrypted with SHA1-RC4. (This
is not considered secure, and is supported only for backwards
compatibility.)
* Fixed decrypting PKCS#8 files encrypted with long salts (this
impacts keys encrypted by Bouncy Castle).
* Fixed decrypting PKCS#8 files encrypted with DES-CBC-MD5.
While wildly insecure, this remains prevalent.
* Fixed using mypy with cryptography on older versions of
Python.
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.5.0.
* Support for Python 3.7 is deprecated and will be removed in
the next cryptography release.
* Updated the minimum supported Rust version (MSRV) to 1.74.0,
from 1.65.0.
* Added support for serialization of PKCS#12 Java truststores
in :func:`~cryptography.hazmat.primitives.serialization.pkcs1
2.serialize_java_truststore`
* Added :meth:`~cryptography.hazmat.primitives.kdf.argon2.Argon
2id.derive_phc_encoded` and :meth:`~cryptography.hazmat.primi
tives.kdf.argon2.Argon2id.verify_phc_encoded` methods to
support password hashing in the PHC string format
* Added support for PKCS7 decryption and encryption using
AES-256 as the content algorithm, in addition to AES-128.
* BACKWARDS INCOMPATIBLE: Made SSH private key loading more
consistent with other private key loading: :func:`~cryptograp
hy.hazmat.primitives.serialization.load_ssh_private_key` now
OBS-URL: https://build.opensuse.org/request/show/1292428
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=102
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.5.1.
* Fixed decrypting PKCS#8 files encrypted with SHA1-RC4. (This
is not considered secure, and is supported only for backwards
compatibility.)
* Fixed decrypting PKCS#8 files encrypted with long salts (this
impacts keys encrypted by Bouncy Castle).
* Fixed decrypting PKCS#8 files encrypted with DES-CBC-MD5.
While wildly insecure, this remains prevalent.
* Fixed using mypy with cryptography on older versions of
Python.
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.5.0.
* Support for Python 3.7 is deprecated and will be removed in
the next cryptography release.
* Updated the minimum supported Rust version (MSRV) to 1.74.0,
from 1.65.0.
* Added support for serialization of PKCS#12 Java truststores
in :func:`~cryptography.hazmat.primitives.serialization.pkcs1
2.serialize_java_truststore`
* Added :meth:`~cryptography.hazmat.primitives.kdf.argon2.Argon
2id.derive_phc_encoded` and :meth:`~cryptography.hazmat.primi
tives.kdf.argon2.Argon2id.verify_phc_encoded` methods to
support password hashing in the PHC string format
* Added support for PKCS7 decryption and encryption using
AES-256 as the content algorithm, in addition to AES-128.
* BACKWARDS INCOMPATIBLE: Made SSH private key loading more
consistent with other private key loading: :func:`~cryptograp
hy.hazmat.primitives.serialization.load_ssh_private_key` now
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=249
- Update to version 44.0.0:
* BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.9.
* Deprecated Python 3.7 support. Python 3.7 is no longer supported by
the Python core team. Support for Python 3.7 will be removed in a future
cryptography release.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.0.
* macOS wheels are now built against the macOS 10.13 SDK. Users on older
versions of macOS should upgrade, or they will need to build cryptography
themselves.
* Enforce the RFC 5280 requirement that extended key usage extensions must not be empty.
* Added support for timestamp extraction to the :class:`~cryptography.fernet.MultiFernet` class.
* Relax the Authority Key Identifier requirements on root CA certificates
during X.509 verification to allow fields permitted by RFC 5280 but
forbidden by the CA/Browser BRs.
* Added support for
:class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id` when using
OpenSSL 3.2.0+.
* Added support for the :class:`~cryptography.x509.Admissions` certificate extension.
* Added basic support for PKCS7 decryption (including S/MIME 3.2) via
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_der`,
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_pem`,
and :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_smime`.
- Update specfile to accommodate new project structure at version 44.0.0
- Update no-pytest_benchmark.patch
OBS-URL: https://build.opensuse.org/request/show/1242838
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=98
* BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.9.
* Deprecated Python 3.7 support. Python 3.7 is no longer supported by
the Python core team. Support for Python 3.7 will be removed in a future
cryptography release.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.0.
* macOS wheels are now built against the macOS 10.13 SDK. Users on older
versions of macOS should upgrade, or they will need to build cryptography
themselves.
* Enforce the RFC 5280 requirement that extended key usage extensions must not be empty.
* Added support for timestamp extraction to the :class:`~cryptography.fernet.MultiFernet` class.
* Relax the Authority Key Identifier requirements on root CA certificates
during X.509 verification to allow fields permitted by RFC 5280 but
forbidden by the CA/Browser BRs.
* Added support for
:class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id` when using
OpenSSL 3.2.0+.
* Added support for the :class:`~cryptography.x509.Admissions` certificate extension.
* Added basic support for PKCS7 decryption (including S/MIME 3.2) via
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_der`,
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_pem`,
and :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_smime`.
- Update specfile to accommodate new project structure at version 44.0.0
- Update no-pytest_benchmark.patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=238
- update to 43.0.0:
* BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e
has been removed. Users on older version of OpenSSL will
need to upgrade.
* BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8.
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.3.1.
* Updated the minimum supported Rust version (MSRV) to 1.65.0,
from 1.63.0.
* :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generat
e_private_key` now enforces a minimum RSA key size of
1024-bit. Note that 1024-bit is still considered insecure,
users should generally use a key size of 2048-bits.
* :func:`~cryptography.hazmat.primitives.serialization.pkcs7.se
rialize_certificates` now emits ASN.1 that more closely
follows the recommendations in RFC 2315.
* Added new :doc:`/hazmat/decrepit/index` module which contains
outdated and insecure cryptographic primitives. :class:`~cryp
tography.hazmat.primitives.ciphers.algorithms.CAST5`, :class:
`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`, :c
lass:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA
`, and :class:`~cryptography.hazmat.primitives.ciphers.algori
thms.Blowfish`, which were deprecated in 37.0.0, have been
added to this module. They will be removed from the cipher
module in 45.0.0.
* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorit
hms.TripleDES` and :class:`~cryptography.hazmat.primitives.ci
phers.algorithms.ARC4` into :doc:`/hazmat/decrepit/index` and
deprecated them in the cipher module. They will be removed
from the cipher module in 48.0.0.
OBS-URL: https://build.opensuse.org/request/show/1189786
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=91
* BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e
has been removed. Users on older version of OpenSSL will
need to upgrade.
* BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8.
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.3.1.
* Updated the minimum supported Rust version (MSRV) to 1.65.0,
from 1.63.0.
* :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generat
e_private_key` now enforces a minimum RSA key size of
1024-bit. Note that 1024-bit is still considered insecure,
users should generally use a key size of 2048-bits.
* :func:`~cryptography.hazmat.primitives.serialization.pkcs7.se
rialize_certificates` now emits ASN.1 that more closely
follows the recommendations in RFC 2315.
* Added new :doc:`/hazmat/decrepit/index` module which contains
outdated and insecure cryptographic primitives. :class:`~cryp
tography.hazmat.primitives.ciphers.algorithms.CAST5`, :class:
`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`, :c
lass:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA
`, and :class:`~cryptography.hazmat.primitives.ciphers.algori
thms.Blowfish`, which were deprecated in 37.0.0, have been
added to this module. They will be removed from the cipher
module in 45.0.0.
* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorit
hms.TripleDES` and :class:`~cryptography.hazmat.primitives.ci
phers.algorithms.ARC4` into :doc:`/hazmat/decrepit/index` and
deprecated them in the cipher module. They will be removed
from the cipher module in 48.0.0.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=220
- update to 42.0.4 (bsc#1220210, CVE-2024-26130):
* Fixed a null-pointer-dereference and segfault that could occur
when creating a PKCS#12 bundle. Credit to Alexander-Programming
for reporting the issue. CVE-2024-26130
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields
SMIMECapabilities and SignatureAlgorithmIdentifier should now be
correctly encoded according to the definitions in :rfc:2633
:rfc:3370.
- update to 42.0.3:
* Fixed an initialization issue that caused key loading failures for some
users.
- Drop patch skip_openssl_memleak_test.patch not needed anymore.
OBS-URL: https://build.opensuse.org/request/show/1149625
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=86
* Fixed a null-pointer-dereference and segfault that could occur
when creating a PKCS#12 bundle. Credit to Alexander-Programming
for reporting the issue. CVE-2024-26130
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields
SMIMECapabilities and SignatureAlgorithmIdentifier should now be
correctly encoded according to the definitions in :rfc:2633
:rfc:3370.
- update to 42.0.3:
* Fixed an initialization issue that caused key loading failures for some
users.
- Drop patch skip_openssl_memleak_test.patch not needed anymore.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=209
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.2.1.
* Fixed an issue that prevented the use of Python buffer
protocol objects in sign and verify methods on asymmetric
keys.
* Fixed an issue with incorrect keyword-argument naming with
EllipticCurvePrivateKey :meth:`~cryptography.hazmat.primitive
s.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
X25519PrivateKey :meth:`~cryptography.hazmat.primitives.asymm
etric.x25519.X25519PrivateKey.exchange`, X448PrivateKey :meth
:`~cryptography.hazmat.primitives.asymmetric.x448.X448Private
Key.exchange`, and DHPrivateKey :meth:`~cryptography.hazmat.p
rimitives.asymmetric.dh.DHPrivateKey.exchange`.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=206
* Fixed an issue with incorrect keyword-argument naming with
EllipticCurvePrivateKey :meth:`~cryptography.hazmat.primitive
s.asymmetric.ec.EllipticCurvePrivateKey.sign`.
* Resolved compatibility issue with loading certain RSA public
keys in :func:`~cryptography.hazmat.primitives.serialization.
load_pem_public_key`.
* BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.7.
* BACKWARDS INCOMPATIBLE: Loading a PKCS7 with no content field
using :func:`~cryptography.hazmat.primitives.serialization.pk
cs7.load_pem_pkcs7_certificates` or :func:`~cryptography.hazm
at.primitives.serialization.pkcs7.load_der_pkcs7_certificates
` will now raise a ValueError rather than return an empty
list.
* Parsing SSH certificates no longer permits malformed critical
options with values, as documented in the 41.0.2 release
notes.
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.2.0.
* Updated the minimum supported Rust version (MSRV) to 1.63.0,
from 1.56.0.
* We now publish both py37 and py39 abi3 wheels. This should
resolve some errors relating to initializing a module
multiple times per process.
* Support :class:`~cryptography.hazmat.primitives.asymmetric.pa
dding.PSS` for X.509 certificate signing requests and
certificate revocation lists with the keyword-only argument
rsa_padding on the sign methods for
:class:`~cryptography.x509.CertificateSigningRequestBuilder`
and
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=205
