-------------------------------------------------------------------
Tue Jan 27 01:37:15 UTC 2026 - Steve Kowalik <steven.kowalik@suse.com>

- Update to 1.0.5:
  * Bump pyca/cryptography dependency upper bound to version 47
  * Timestamps are now verified with the timestamp time as reference time
    like the RFC says: this means that the certificate chain no longer needs
    to be valid at current time, it is enough for it to have been valid at
    timestamp time

-------------------------------------------------------------------
Mon Jun 23 07:46:59 UTC 2025 - Nico Krapp <nico.krapp@suse.com>

- Update to 1.0.3
  * Exposed verify_message in the actual Verify interface, not just the
    implementation
  * Fixed a bug where verification performed insufficient signature checks on
    the timestamp response itself, rather than the response's certificate chain
    (CVE-2025-52556 / bsc#1245174)
- Update to 1.0.2
  * Added HashAlgorithm to exports of the base package module
  * Added verify_message method to Verifier class
  * Slight refactoring of the tests to ease how to test with multiple TSA
  * Changed return value of VerifierBuilder.build() from _Verifier to Verifier:
    This is technically an API change but should have minimal user impact.
  * Fixed spelling of hash_algorithm parameter in TimestampRequestBuilder class

-------------------------------------------------------------------
Wed Apr 16 11:31:22 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>

- Update to 1.0.1
  * The Verifier now enforces that the EKU (Extended Key Usage)
    explicitly includes the `id-kp-timeStamping` OID (#120)
  * The Verifier now searches for the leaf certificate in the
    Timestamp Response instead of using the first one provided (#121)

-------------------------------------------------------------------
Tue Jan 21 08:27:32 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>

- Initial version (1.0.0)