- update to 43.0.0:
* BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e
has been removed. Users on older version of OpenSSL will
need to upgrade.
* BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8.
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.3.1.
* Updated the minimum supported Rust version (MSRV) to 1.65.0,
from 1.63.0.
* :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generat
e_private_key` now enforces a minimum RSA key size of
1024-bit. Note that 1024-bit is still considered insecure,
users should generally use a key size of 2048-bits.
* :func:`~cryptography.hazmat.primitives.serialization.pkcs7.se
rialize_certificates` now emits ASN.1 that more closely
follows the recommendations in RFC 2315.
* Added new :doc:`/hazmat/decrepit/index` module which contains
outdated and insecure cryptographic primitives. :class:`~cryp
tography.hazmat.primitives.ciphers.algorithms.CAST5`, :class:
`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`, :c
lass:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA
`, and :class:`~cryptography.hazmat.primitives.ciphers.algori
thms.Blowfish`, which were deprecated in 37.0.0, have been
added to this module. They will be removed from the cipher
module in 45.0.0.
* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorit
hms.TripleDES` and :class:`~cryptography.hazmat.primitives.ci
phers.algorithms.ARC4` into :doc:`/hazmat/decrepit/index` and
deprecated them in the cipher module. They will be removed
from the cipher module in 48.0.0.
OBS-URL: https://build.opensuse.org/request/show/1189786
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=91
* BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e
has been removed. Users on older version of OpenSSL will
need to upgrade.
* BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8.
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.3.1.
* Updated the minimum supported Rust version (MSRV) to 1.65.0,
from 1.63.0.
* :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generat
e_private_key` now enforces a minimum RSA key size of
1024-bit. Note that 1024-bit is still considered insecure,
users should generally use a key size of 2048-bits.
* :func:`~cryptography.hazmat.primitives.serialization.pkcs7.se
rialize_certificates` now emits ASN.1 that more closely
follows the recommendations in RFC 2315.
* Added new :doc:`/hazmat/decrepit/index` module which contains
outdated and insecure cryptographic primitives. :class:`~cryp
tography.hazmat.primitives.ciphers.algorithms.CAST5`, :class:
`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`, :c
lass:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA
`, and :class:`~cryptography.hazmat.primitives.ciphers.algori
thms.Blowfish`, which were deprecated in 37.0.0, have been
added to this module. They will be removed from the cipher
module in 45.0.0.
* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorit
hms.TripleDES` and :class:`~cryptography.hazmat.primitives.ci
phers.algorithms.ARC4` into :doc:`/hazmat/decrepit/index` and
deprecated them in the cipher module. They will be removed
from the cipher module in 48.0.0.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=220
- update to 42.0.4 (bsc#1220210, CVE-2024-26130):
* Fixed a null-pointer-dereference and segfault that could occur
when creating a PKCS#12 bundle. Credit to Alexander-Programming
for reporting the issue. CVE-2024-26130
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields
SMIMECapabilities and SignatureAlgorithmIdentifier should now be
correctly encoded according to the definitions in :rfc:2633
:rfc:3370.
- update to 42.0.3:
* Fixed an initialization issue that caused key loading failures for some
users.
- Drop patch skip_openssl_memleak_test.patch not needed anymore.
OBS-URL: https://build.opensuse.org/request/show/1149625
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=86
* Fixed a null-pointer-dereference and segfault that could occur
when creating a PKCS#12 bundle. Credit to Alexander-Programming
for reporting the issue. CVE-2024-26130
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields
SMIMECapabilities and SignatureAlgorithmIdentifier should now be
correctly encoded according to the definitions in :rfc:2633
:rfc:3370.
- update to 42.0.3:
* Fixed an initialization issue that caused key loading failures for some
users.
- Drop patch skip_openssl_memleak_test.patch not needed anymore.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=209
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.2.1.
* Fixed an issue that prevented the use of Python buffer
protocol objects in sign and verify methods on asymmetric
keys.
* Fixed an issue with incorrect keyword-argument naming with
EllipticCurvePrivateKey :meth:`~cryptography.hazmat.primitive
s.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
X25519PrivateKey :meth:`~cryptography.hazmat.primitives.asymm
etric.x25519.X25519PrivateKey.exchange`, X448PrivateKey :meth
:`~cryptography.hazmat.primitives.asymmetric.x448.X448Private
Key.exchange`, and DHPrivateKey :meth:`~cryptography.hazmat.p
rimitives.asymmetric.dh.DHPrivateKey.exchange`.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=206
* Fixed an issue with incorrect keyword-argument naming with
EllipticCurvePrivateKey :meth:`~cryptography.hazmat.primitive
s.asymmetric.ec.EllipticCurvePrivateKey.sign`.
* Resolved compatibility issue with loading certain RSA public
keys in :func:`~cryptography.hazmat.primitives.serialization.
load_pem_public_key`.
* BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.7.
* BACKWARDS INCOMPATIBLE: Loading a PKCS7 with no content field
using :func:`~cryptography.hazmat.primitives.serialization.pk
cs7.load_pem_pkcs7_certificates` or :func:`~cryptography.hazm
at.primitives.serialization.pkcs7.load_der_pkcs7_certificates
` will now raise a ValueError rather than return an empty
list.
* Parsing SSH certificates no longer permits malformed critical
options with values, as documented in the 41.0.2 release
notes.
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.2.0.
* Updated the minimum supported Rust version (MSRV) to 1.63.0,
from 1.56.0.
* We now publish both py37 and py39 abi3 wheels. This should
resolve some errors relating to initializing a module
multiple times per process.
* Support :class:`~cryptography.hazmat.primitives.asymmetric.pa
dding.PSS` for X.509 certificate signing requests and
certificate revocation lists with the keyword-only argument
rsa_padding on the sign methods for
:class:`~cryptography.x509.CertificateSigningRequestBuilder`
and
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=205
- update to 41.0.5:
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.1.4.
* Added a function to support an upcoming ``pyOpenSSL``
release.
parameters in X.509 certificates, which are
* Fixed error when using py2app to build an application with a cryptography dependency.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1n.
- split tests in a multibuild variant to optimize rebuild time a bit
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1m.
- drop disable-RustExtension.patch: building rust extension now
* Re-added a legacy symbol causing problems for older ``pyOpenSSL`` use
signature.
* wheels compiled with OpenSSL 1.1.1h.
- Removed support for calling public_bytes() with no arguments, as per
* BACKWARDS INCOMPATIBLE:
Removedcryptography.hazmat.primitives.asymmetric.utils.encode_rfc6979_signature
andcryptography.hazmat.primitives.asymmetric.utils.decode_rfc6979_signature,
which had been deprecated for nearly 4 years. Use encode_dss_signature()
* BACKWARDS INCOMPATIBLE: Removed cryptography.x509.Certificate.serial, which
* Add support for easily mapping an object identifier to its elliptic curve
* Add support for OpenSSL when compiled with the no-engine
* BACKWARDS INCOMPATIBLE: U-label strings were deprecated in version 2.1,
but this version removes the default idna dependency as well. If you still
need this deprecated path please install cryptography with the idna extra:
* Numerous classes and functions have been updated to allow bytes-like
types for keying material and passwords, including symmetric algorithms,
* Added rfc4514_string() method to x509.Name,
x509.RelativeDistinguishedName, and x509.NameAttribute to format the name
OBS-URL: https://build.opensuse.org/request/show/1124982
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=84
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.1.4.
* Added a function to support an upcoming ``pyOpenSSL``
release.
parameters in X.509 certificates, which are
* Fixed error when using py2app to build an application with a cryptography dependency.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1n.
- split tests in a multibuild variant to optimize rebuild time a bit
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1m.
- drop disable-RustExtension.patch: building rust extension now
* Re-added a legacy symbol causing problems for older ``pyOpenSSL`` use
signature.
* wheels compiled with OpenSSL 1.1.1h.
- Removed support for calling public_bytes() with no arguments, as per
* BACKWARDS INCOMPATIBLE:
Removedcryptography.hazmat.primitives.asymmetric.utils.encode_rfc6979_signature
andcryptography.hazmat.primitives.asymmetric.utils.decode_rfc6979_signature,
which had been deprecated for nearly 4 years. Use encode_dss_signature()
* BACKWARDS INCOMPATIBLE: Removed cryptography.x509.Certificate.serial, which
* Add support for easily mapping an object identifier to its elliptic curve
* Add support for OpenSSL when compiled with the no-engine
* BACKWARDS INCOMPATIBLE: U-label strings were deprecated in version 2.1,
but this version removes the default idna dependency as well. If you still
need this deprecated path please install cryptography with the idna extra:
* Numerous classes and functions have been updated to allow bytes-like
types for keying material and passwords, including symmetric algorithms,
* Added rfc4514_string() method to x509.Name,
x509.RelativeDistinguishedName, and x509.NameAttribute to format the name
* Added from_encoded_point(), which immediately checks if the point is on
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=200
- update to 41.0.2:
* Fixed bugs in creating and parsing SSH certificates where
critical options with values were handled incorrectly.
Certificates are now created correctly and parsing accepts
correct values as well as the previously generated
invalid forms with a warning. In the next release, support
for parsing these invalid forms will be removed.
- remove patch remove_python_3_6_deprecation_warning.patch as the
warning was already removed upstream
- Add no-pytest_benchmark.patch, which remove dependency on
pytest-benchmark and coveralls (We don't need no benchmarking
and coverage measurement; bsc#1213005).
OBS-URL: https://build.opensuse.org/request/show/1098185
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-cryptography?expand=0&rev=79
* Fixed bugs in creating and parsing SSH certificates where
critical options with values were handled incorrectly.
Certificates are now created correctly and parsing accepts
correct values as well as the previously generated
invalid forms with a warning. In the next release, support
for parsing these invalid forms will be removed.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=190
