17ce834447
- update to 46.0.2: * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4. * Fixed an issue where users installing via pip on Python 3.14 development versions would not properly install a dependency. * Fixed an issue building the free-threaded macOS 3.14 wheels. * BACKWARDS INCOMPATIBLE: Support for Python 3.7 has been removed. * Support for OpenSSL < 3.0 is deprecated and will be removed in the next release. * Support for x86_64 macOS (including publishing wheels) is deprecated and will be removed in two releases. We will switch to publishing an arm64 only wheel for macOS. * Support for 32-bit Windows (including publishing wheels) is deprecated and will be removed in two releases. Users should move to a 64-bit Python installation. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.3. * We now build ppc64le manylinux wheels and publish them to PyPI. * We now build win_arm64 (Windows on Arm) wheels and publish them to PyPI. * Added support for free-threaded Python 3.14. * Removed the deprecated get_attribute_for_oid method on :class:~cryptography.x509.CertificateSigningRequest. Users should use :meth:~cryptography.x509.Attributes.get_attribute_for_oid instead. * Removed the deprecated CAST5, SEED, IDEA, and Blowfish classes from the cipher module. These are still available in
Dirk Mueller2025-10-13 09:32:58 +00:00
a6eb804da0
Accepting request 1304683 from devel:languages:python
Ana Guerrero2025-09-15 17:50:26 +00:00
d635e25bb9
- update to 45.0.7: * Added a function to support an upcoming pyOpenSSL release. * Added basic support for PKCS7 decryption (including S/MIME 3.2) via :func:~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_der,
Dirk Mueller2025-09-14 20:46:01 +00:00
35c72fa006
Accepting request 1302472 from devel:languages:python
Ana Guerrero2025-09-03 19:07:11 +00:00
931a8fb6a0
Accepting request 1302241 from home:jimfunk:branches:devel:languages:python
Matej Cepl2025-09-02 16:25:01 +00:00
763a6fe464
- update to 45.0.5: * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.1. * Fixed decrypting PKCS#8 files encrypted with SHA1-RC4. (This is not considered secure, and is supported only for backwards compatibility.) * Fixed decrypting PKCS#8 files encrypted with long salts (this impacts keys encrypted by Bouncy Castle). * Fixed decrypting PKCS#8 files encrypted with DES-CBC-MD5. While wildly insecure, this remains prevalent. * Fixed using mypy with cryptography on older versions of Python. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.0. * Support for Python 3.7 is deprecated and will be removed in the next cryptography release. * Updated the minimum supported Rust version (MSRV) to 1.74.0, from 1.65.0. * Added support for serialization of PKCS#12 Java truststores in :func:~cryptography.hazmat.primitives.serialization.pkcs1 2.serialize_java_truststore * Added :meth:~cryptography.hazmat.primitives.kdf.argon2.Argon 2id.derive_phc_encoded and :meth:~cryptography.hazmat.primi tives.kdf.argon2.Argon2id.verify_phc_encoded methods to support password hashing in the PHC string format * Added support for PKCS7 decryption and encryption using AES-256 as the content algorithm, in addition to AES-128. * BACKWARDS INCOMPATIBLE: Made SSH private key loading more consistent with other private key loading: :func:~cryptograp hy.hazmat.primitives.serialization.load_ssh_private_key now
Dirk Mueller2025-07-12 08:36:35 +00:00
d6d120e786
- update to 44.0.1: * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.1. * We now build armv7l manylinux wheels and publish them to PyPI. * We now build manylinux_2_34 wheels and publish them to PyPI.
Dirk Mueller2025-02-26 09:41:33 +00:00
f15f2ce607
- update to 44.0.1: * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.1. * We now build armv7l manylinux wheels and publish them to PyPI. * We now build manylinux_2_34 wheels and publish them to PyPI.
Dirk Mueller2025-02-26 09:41:33 +00:00
405e6469c4
Accepting request 1242838 from devel:languages:python
Ana Guerrero2025-02-06 21:01:51 +00:00
5a2b10b428
Accepting request 1242838 from devel:languages:python
Ana Guerrero2025-02-06 21:01:51 +00:00
b71fd351ec
- Update to version 44.0.0: * BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.9. * Deprecated Python 3.7 support. Python 3.7 is no longer supported by the Python core team. Support for Python 3.7 will be removed in a future cryptography release. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.0. * macOS wheels are now built against the macOS 10.13 SDK. Users on older versions of macOS should upgrade, or they will need to build cryptography themselves. * Enforce the RFC 5280 requirement that extended key usage extensions must not be empty. * Added support for timestamp extraction to the :class:~cryptography.fernet.MultiFernet class. * Relax the Authority Key Identifier requirements on root CA certificates during X.509 verification to allow fields permitted by RFC 5280 but forbidden by the CA/Browser BRs. * Added support for :class:~cryptography.hazmat.primitives.kdf.argon2.Argon2id when using OpenSSL 3.2.0+. * Added support for the :class:~cryptography.x509.Admissions certificate extension. * Added basic support for PKCS7 decryption (including S/MIME 3.2) via :func:~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_der, :func:~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_pem, and :func:~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_smime. - Update specfile to accommodate new project structure at version 44.0.0 - Update no-pytest_benchmark.patch
Dirk Mueller2025-01-29 08:34:20 +00:00
efd9843246
Accepting request 1240357 from home:uncomfyhalomacro:branches:devel:languages:python
Dirk Mueller2025-01-29 08:34:20 +00:00
d0ad3bb3fc
- Fix requires_eq replacement for distributions which do not have python3-cffi installed (such as SLE15 python module pythons) * gh#openSUSE/python-rpm-macros#185 - Remove outdated section in description
Matej Cepl2024-11-08 15:01:32 +00:00
4c6fb9daef
Accepting request 1222713 from home:bnavigator:branches:devel:languages:python
Matej Cepl2024-11-08 15:01:32 +00:00
97d57cc1df
Accepting request 1221413 from devel:languages:python
Ana Guerrero2024-11-06 15:49:39 +00:00
e79d41f507
Accepting request 1221413 from devel:languages:python
Ana Guerrero2024-11-06 15:49:39 +00:00
6c5fc4f022
- Avoid using requires_eq, which after the last modifications conflicts with python singlespec (order of expansion).
Markéta Machová2024-11-05 11:51:09 +00:00
e5a316b143
Accepting request 1221332 from home:dimstar:Factory
Markéta Machová2024-11-05 11:51:09 +00:00
3bab3768bf
Accepting request 1217043 from devel:languages:python
Ana Guerrero2024-10-23 19:08:56 +00:00
581201145a
Accepting request 1217043 from devel:languages:python
Ana Guerrero2024-10-23 19:08:56 +00:00
b61703c6e8
- update to 43.0.3: * Fixed release metadata for cryptography-vectors * Fixed compilation when using LibreSSL 4.0.0.
Dirk Mueller2024-10-22 13:26:27 +00:00
f2b77a2ced
- update to 43.0.3: * Fixed release metadata for cryptography-vectors * Fixed compilation when using LibreSSL 4.0.0.
Dirk Mueller2024-10-22 13:26:27 +00:00
5f93749b9e
Accepting request 1204397 from devel:languages:python
Ana Guerrero2024-09-30 13:34:29 +00:00
191c802719
Accepting request 1204397 from devel:languages:python
Ana Guerrero2024-09-30 13:34:29 +00:00
310b72870a
- update to 43.0.1: * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.2.
Dirk Mueller2024-09-28 19:46:03 +00:00
b3bd347e00
- update to 43.0.1: * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.2.
Dirk Mueller2024-09-28 19:46:03 +00:00
8c4e8aa051
Accepting request 1201401 from devel:languages:python
Ana Guerrero2024-09-18 13:26:47 +00:00
071c5cd161
Accepting request 1201401 from devel:languages:python
Ana Guerrero2024-09-18 13:26:47 +00:00
eae8858b3e
- Fix building optimized binaries with debuginfo.
Matej Cepl2024-08-12 20:36:26 +00:00
596c7dda33
- Fix building optimized binaries with debuginfo.
Matej Cepl2024-08-12 20:36:26 +00:00
1b46516713
- Update building of Rust modules to use modern cargo_vendor service - Remove unneeded use-offline-build.patch
Matej Cepl2024-07-31 21:48:34 +00:00
4f42be4085
- Update building of Rust modules to use modern cargo_vendor service - Remove unneeded use-offline-build.patch
Matej Cepl2024-07-31 21:48:34 +00:00
651c5e926b
- update to 43.0.0: * BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e has been removed. Users on older version of OpenSSL will need to upgrade. * BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.1. * Updated the minimum supported Rust version (MSRV) to 1.65.0, from 1.63.0. * :func:~cryptography.hazmat.primitives.asymmetric.rsa.generat e_private_key now enforces a minimum RSA key size of 1024-bit. Note that 1024-bit is still considered insecure, users should generally use a key size of 2048-bits. * :func:~cryptography.hazmat.primitives.serialization.pkcs7.se rialize_certificates now emits ASN.1 that more closely follows the recommendations in RFC 2315. * Added new :doc:/hazmat/decrepit/index module which contains outdated and insecure cryptographic primitives. :class:~cryp tography.hazmat.primitives.ciphers.algorithms.CAST5, :class: ~cryptography.hazmat.primitives.ciphers.algorithms.SEED, :c lass:~cryptography.hazmat.primitives.ciphers.algorithms.IDEA , and :class:~cryptography.hazmat.primitives.ciphers.algori thms.Blowfish, which were deprecated in 37.0.0, have been added to this module. They will be removed from the cipher module in 45.0.0. * Moved :class:~cryptography.hazmat.primitives.ciphers.algorit hms.TripleDES and :class:~cryptography.hazmat.primitives.ci phers.algorithms.ARC4 into :doc:/hazmat/decrepit/index and deprecated them in the cipher module. They will be removed from the cipher module in 48.0.0.
Dirk Mueller2024-07-26 10:51:57 +00:00
69b6350867
- update to 43.0.0: * BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e has been removed. Users on older version of OpenSSL will need to upgrade. * BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.1. * Updated the minimum supported Rust version (MSRV) to 1.65.0, from 1.63.0. * :func:~cryptography.hazmat.primitives.asymmetric.rsa.generat e_private_key now enforces a minimum RSA key size of 1024-bit. Note that 1024-bit is still considered insecure, users should generally use a key size of 2048-bits. * :func:~cryptography.hazmat.primitives.serialization.pkcs7.se rialize_certificates now emits ASN.1 that more closely follows the recommendations in RFC 2315. * Added new :doc:/hazmat/decrepit/index module which contains outdated and insecure cryptographic primitives. :class:~cryp tography.hazmat.primitives.ciphers.algorithms.CAST5, :class: ~cryptography.hazmat.primitives.ciphers.algorithms.SEED, :c lass:~cryptography.hazmat.primitives.ciphers.algorithms.IDEA , and :class:~cryptography.hazmat.primitives.ciphers.algori thms.Blowfish, which were deprecated in 37.0.0, have been added to this module. They will be removed from the cipher module in 45.0.0. * Moved :class:~cryptography.hazmat.primitives.ciphers.algorit hms.TripleDES and :class:~cryptography.hazmat.primitives.ci phers.algorithms.ARC4 into :doc:/hazmat/decrepit/index and deprecated them in the cipher module. They will be removed from the cipher module in 48.0.0.
Dirk Mueller2024-07-26 10:51:57 +00:00
81867a0a54
Accepting request 1179508 from devel:languages:python
Ana Guerrero2024-06-09 18:18:45 +00:00
80cb311d55
Accepting request 1179508 from devel:languages:python
Ana Guerrero2024-06-09 18:18:45 +00:00
5fd0f8aee2
- update to 42.0.8: * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.2.
Dirk Mueller2024-06-08 12:04:45 +00:00
a5d1cce415
- update to 42.0.8: * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.2.
Dirk Mueller2024-06-08 12:04:45 +00:00
283cd268df
Accepting request 1174053 from devel:languages:python
Ana Guerrero2024-05-16 15:12:39 +00:00
cd046f1201
Accepting request 1174053 from devel:languages:python
Ana Guerrero2024-05-16 15:12:39 +00:00
1bcd019a4b
- update to 42.0.7: * Restored Windows 7 compatibility for our pre-built wheels. Note that we do not test on Windows 7 and wheels for our next release will not support it. Microsoft no longer provides support for Windows 7 and users are encouraged to upgrade.
Dirk Mueller2024-05-07 16:14:48 +00:00
957471ac2c
- update to 42.0.7: * Restored Windows 7 compatibility for our pre-built wheels. Note that we do not test on Windows 7 and wheels for our next release will not support it. Microsoft no longer provides support for Windows 7 and users are encouraged to upgrade.
Dirk Mueller2024-05-07 16:14:48 +00:00
7d82e714af
- update to 42.0.6: * Fixed compilation when using LibreSSL 3.9.1.
Dirk Mueller2024-05-07 07:36:43 +00:00
a825aefaeb
- update to 42.0.6: * Fixed compilation when using LibreSSL 3.9.1.
Dirk Mueller2024-05-07 07:36:43 +00:00
46be1e4e9c
Accepting request 1164122 from devel:languages:python
Ana Guerrero2024-04-03 15:18:49 +00:00
39cb78ebcb
Accepting request 1164122 from devel:languages:python
Ana Guerrero2024-04-03 15:18:49 +00:00
469d7f8302
- update to 42.0.5: * Limit the number of name constraint checks that will be performed in :mod:X.509 path validation <cryptography.x509.verification> to protect against denial of service attacks. * Upgrade pyo3 version, which fixes building on PowerPC.
Dirk Mueller2024-04-02 13:19:25 +00:00
33e21a66ea
- update to 42.0.5: * Limit the number of name constraint checks that will be performed in :mod:X.509 path validation <cryptography.x509.verification> to protect against denial of service attacks. * Upgrade pyo3 version, which fixes building on PowerPC.
Dirk Mueller2024-04-02 13:19:25 +00:00
db2f1d8603
Accepting request 1149625 from devel:languages:python
Ana Guerrero2024-02-23 15:41:42 +00:00
430416fef0
Accepting request 1149625 from devel:languages:python
Ana Guerrero2024-02-23 15:41:42 +00:00
22718d2516
- update to 42.0.4 (bsc#1220210, CVE-2024-26130): * Fixed a null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle. Credit to Alexander-Programming for reporting the issue. CVE-2024-26130 * Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields SMIMECapabilities and SignatureAlgorithmIdentifier should now be correctly encoded according to the definitions in :rfc:2633 :rfc:3370. - update to 42.0.3: * Fixed an initialization issue that caused key loading failures for some users. - Drop patch skip_openssl_memleak_test.patch not needed anymore.
Daniel Garcia2024-02-22 17:38:15 +00:00
6f5d4d50ff
- update to 42.0.4 (bsc#1220210, CVE-2024-26130): * Fixed a null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle. Credit to Alexander-Programming for reporting the issue. CVE-2024-26130 * Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields SMIMECapabilities and SignatureAlgorithmIdentifier should now be correctly encoded according to the definitions in :rfc:2633 :rfc:3370. - update to 42.0.3: * Fixed an initialization issue that caused key loading failures for some users. - Drop patch skip_openssl_memleak_test.patch not needed anymore.
Daniel Garcia2024-02-22 17:38:15 +00:00
4507ff5d23
- update to 42.0.2: * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1. * Fixed an issue that prevented the use of Python buffer protocol objects in sign and verify methods on asymmetric keys. * Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:~cryptography.hazmat.primitive s.asymmetric.ec.EllipticCurvePrivateKey.exchange, X25519PrivateKey :meth:~cryptography.hazmat.primitives.asymm etric.x25519.X25519PrivateKey.exchange, X448PrivateKey :meth :~cryptography.hazmat.primitives.asymmetric.x448.X448Private Key.exchange, and DHPrivateKey :meth:~cryptography.hazmat.p rimitives.asymmetric.dh.DHPrivateKey.exchange.
Dirk Mueller2024-01-31 17:24:40 +00:00
e216bdcdea
- update to 42.0.2: * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1. * Fixed an issue that prevented the use of Python buffer protocol objects in sign and verify methods on asymmetric keys. * Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:~cryptography.hazmat.primitive s.asymmetric.ec.EllipticCurvePrivateKey.exchange, X25519PrivateKey :meth:~cryptography.hazmat.primitives.asymm etric.x25519.X25519PrivateKey.exchange, X448PrivateKey :meth :~cryptography.hazmat.primitives.asymmetric.x448.X448Private Key.exchange, and DHPrivateKey :meth:~cryptography.hazmat.p rimitives.asymmetric.dh.DHPrivateKey.exchange.
Dirk Mueller2024-01-31 17:24:40 +00:00
2f68d9363c
- update to 42.0.1: * Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:~cryptography.hazmat.primitive s.asymmetric.ec.EllipticCurvePrivateKey.sign. * Resolved compatibility issue with loading certain RSA public keys in :func:~cryptography.hazmat.primitives.serialization. load_pem_public_key. * BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.7. * BACKWARDS INCOMPATIBLE: Loading a PKCS7 with no content field using :func:~cryptography.hazmat.primitives.serialization.pk cs7.load_pem_pkcs7_certificates or :func:~cryptography.hazm at.primitives.serialization.pkcs7.load_der_pkcs7_certificates will now raise a ValueError rather than return an empty list. * Parsing SSH certificates no longer permits malformed critical options with values, as documented in the 41.0.2 release notes. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.0. * Updated the minimum supported Rust version (MSRV) to 1.63.0, from 1.56.0. * We now publish both py37 and py39 abi3 wheels. This should resolve some errors relating to initializing a module multiple times per process. * Support :class:~cryptography.hazmat.primitives.asymmetric.pa dding.PSS for X.509 certificate signing requests and certificate revocation lists with the keyword-only argument rsa_padding on the sign methods for :class:~cryptography.x509.CertificateSigningRequestBuilder and
Dirk Mueller2024-01-29 14:19:13 +00:00
Dominique Leuenberger
Dirk Mueller
Ana Guerrero
Steve Kowalik
Matej Cepl
Markéta Machová
Daniel Garcia