diff --git a/cryptography-44.0.3.tar.gz b/cryptography-44.0.3.tar.gz deleted file mode 100644 index c93d33d..0000000 --- a/cryptography-44.0.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fe19d8bc5536a91a24a8133328880a41831b6c5df54599a8417b62fe015d3053 -size 711096 diff --git a/cryptography-45.0.5.tar.gz b/cryptography-45.0.5.tar.gz new file mode 100644 index 0000000..9404ff5 --- /dev/null +++ b/cryptography-45.0.5.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:72e76caa004ab63accdf26023fccd1d087f6d90ec6048ff33ad0445abf7f605a +size 744903 diff --git a/no-pytest_benchmark.patch b/no-pytest_benchmark.patch index 8ab851d..3ba477a 100644 --- a/no-pytest_benchmark.patch +++ b/no-pytest_benchmark.patch @@ -1,17 +1,17 @@ -Index: cryptography-44.0.3/pyproject.toml +Index: cryptography-45.0.5/pyproject.toml =================================================================== ---- cryptography-44.0.3.orig/pyproject.toml -+++ cryptography-44.0.3/pyproject.toml +--- cryptography-45.0.5.orig/pyproject.toml ++++ cryptography-45.0.5/pyproject.toml @@ -67,8 +67,6 @@ nox = ["nox >=2024.04.15", "nox[uv] >=20 test = [ - "cryptography_vectors==44.0.3", + "cryptography_vectors==45.0.5", "pytest >=7.4.0", - "pytest-benchmark >=4.0", - "pytest-cov >=2.10.1", "pytest-xdist >=3.5.0", "pretend >=0.7", "certifi >=2024", -@@ -118,7 +116,7 @@ exclude = [ +@@ -129,7 +127,7 @@ exclude = [ ] [tool.pytest.ini_options] @@ -20,17 +20,14 @@ Index: cryptography-44.0.3/pyproject.toml console_output_style = "progress-even-when-capture-no" markers = [ "skip_fips: this test is not executed in FIPS mode", -@@ -140,33 +138,6 @@ module = [ - ] +@@ -150,30 +148,6 @@ strict_bytes = true + module = ["pretend"] ignore_missing_imports = true -[tool.coverage.run] -branch = true -relative_files = true --source = [ -- "cryptography", -- "tests/", --] +-source = ["cryptography", "tests/"] - -[tool.coverage.paths] -source = [ @@ -39,10 +36,7 @@ Index: cryptography-44.0.3/pyproject.toml - "*.nox\\*\\Lib\\site-packages\\cryptography", - "*.nox/pypy/site-packages/cryptography", -] --tests = [ -- "tests/", -- "*tests\\", --] +-tests = ["tests/", "*tests\\"] - -[tool.coverage.report] -exclude_lines = [ @@ -50,14 +44,17 @@ Index: cryptography-44.0.3/pyproject.toml - "@typing.overload", - "if typing.TYPE_CHECKING", -] +- +-[tool.coverage.html] +-show_contexts = true - [tool.ruff] line-length = 79 -Index: cryptography-44.0.3/tests/bench/test_aead.py +Index: cryptography-45.0.5/tests/bench/test_aead.py =================================================================== ---- cryptography-44.0.3.orig/tests/bench/test_aead.py -+++ cryptography-44.0.3/tests/bench/test_aead.py +--- cryptography-45.0.5.orig/tests/bench/test_aead.py ++++ cryptography-45.0.5/tests/bench/test_aead.py @@ -26,84 +26,84 @@ def _aead_supported(cls): not _aead_supported(ChaCha20Poly1305), reason="Requires OpenSSL with ChaCha20Poly1305 support", @@ -163,10 +160,10 @@ Index: cryptography-44.0.3/tests/bench/test_aead.py ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None) - benchmark(aes.decrypt, b"\x00" * 12, ct, None) + aes.decrypt(b"\x00" * 12, ct, None) -Index: cryptography-44.0.3/tests/bench/test_ec_load.py +Index: cryptography-45.0.5/tests/bench/test_ec_load.py =================================================================== ---- cryptography-44.0.3.orig/tests/bench/test_ec_load.py -+++ cryptography-44.0.3/tests/bench/test_ec_load.py +--- cryptography-45.0.5.orig/tests/bench/test_ec_load.py ++++ cryptography-45.0.5/tests/bench/test_ec_load.py @@ -5,9 +5,9 @@ from ..hazmat.primitives.fixtures_ec import EC_KEY_SECP256R1 @@ -181,10 +178,10 @@ Index: cryptography-44.0.3/tests/bench/test_ec_load.py - benchmark(EC_KEY_SECP256R1.private_key) +def test_load_ec_private_numbers(): + EC_KEY_SECP256R1.private_key() -Index: cryptography-44.0.3/tests/bench/test_hashes.py +Index: cryptography-45.0.5/tests/bench/test_hashes.py =================================================================== ---- cryptography-44.0.3.orig/tests/bench/test_hashes.py -+++ cryptography-44.0.3/tests/bench/test_hashes.py +--- cryptography-45.0.5.orig/tests/bench/test_hashes.py ++++ cryptography-45.0.5/tests/bench/test_hashes.py @@ -5,10 +5,10 @@ from cryptography.hazmat.primitives import hashes @@ -198,10 +195,10 @@ Index: cryptography-44.0.3/tests/bench/test_hashes.py - benchmark(bench) + bench() -Index: cryptography-44.0.3/tests/bench/test_hmac.py +Index: cryptography-45.0.5/tests/bench/test_hmac.py =================================================================== ---- cryptography-44.0.3.orig/tests/bench/test_hmac.py -+++ cryptography-44.0.3/tests/bench/test_hmac.py +--- cryptography-45.0.5.orig/tests/bench/test_hmac.py ++++ cryptography-45.0.5/tests/bench/test_hmac.py @@ -5,10 +5,10 @@ from cryptography.hazmat.primitives import hashes, hmac @@ -215,10 +212,10 @@ Index: cryptography-44.0.3/tests/bench/test_hmac.py - benchmark(bench) + bench() -Index: cryptography-44.0.3/tests/bench/test_x509.py +Index: cryptography-45.0.5/tests/bench/test_x509.py =================================================================== ---- cryptography-44.0.3.orig/tests/bench/test_x509.py -+++ cryptography-44.0.3/tests/bench/test_x509.py +--- cryptography-45.0.5.orig/tests/bench/test_x509.py ++++ cryptography-45.0.5/tests/bench/test_x509.py @@ -13,40 +13,40 @@ from cryptography import x509 from ..utils import load_vectors_from_file diff --git a/python-cryptography.changes b/python-cryptography.changes index f448615..b319346 100644 --- a/python-cryptography.changes +++ b/python-cryptography.changes @@ -1,3 +1,123 @@ +------------------------------------------------------------------- +Sat Jul 12 08:36:08 UTC 2025 - Dirk Müller + +- update to 45.0.5: + * Updated Windows, macOS, and Linux wheels to be compiled with + OpenSSL 3.5.1. + * Fixed decrypting PKCS#8 files encrypted with SHA1-RC4. (This + is not considered secure, and is supported only for backwards + compatibility.) + * Fixed decrypting PKCS#8 files encrypted with long salts (this + impacts keys encrypted by Bouncy Castle). + * Fixed decrypting PKCS#8 files encrypted with DES-CBC-MD5. + While wildly insecure, this remains prevalent. + * Fixed using mypy with cryptography on older versions of + Python. + * Updated Windows, macOS, and Linux wheels to be compiled with + OpenSSL 3.5.0. + * Support for Python 3.7 is deprecated and will be removed in + the next cryptography release. + * Updated the minimum supported Rust version (MSRV) to 1.74.0, + from 1.65.0. + * Added support for serialization of PKCS#12 Java truststores + in :func:`~cryptography.hazmat.primitives.serialization.pkcs1 + 2.serialize_java_truststore` + * Added :meth:`~cryptography.hazmat.primitives.kdf.argon2.Argon + 2id.derive_phc_encoded` and :meth:`~cryptography.hazmat.primi + tives.kdf.argon2.Argon2id.verify_phc_encoded` methods to + support password hashing in the PHC string format + * Added support for PKCS7 decryption and encryption using + AES-256 as the content algorithm, in addition to AES-128. + * BACKWARDS INCOMPATIBLE: Made SSH private key loading more + consistent with other private key loading: :func:`~cryptograp + hy.hazmat.primitives.serialization.load_ssh_private_key` now + raises a TypeError if the key is unencrypted but a password + is provided (previously no exception was raised), and raises + a TypeError if the key is encrypted but no password is + provided (previously a ValueError was raised). + * Added __copy__ to the :class:`~cryptography.hazmat.primitives + .asymmetric.ec.EllipticCurvePrivateKey`, :class:`~cryptograph + y.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`, :c + lass:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25 + 519PublicKey`, :class:`~cryptography.hazmat.primitives.asymme + tric.ed25519.Ed25519PrivateKey`, :class:`~cryptography.hazmat + .primitives.asymmetric.ed448.Ed448PublicKey`, :class:`~crypto + graphy.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey`, : + class:`~cryptography.hazmat.primitives.asymmetric.x25519.X255 + 19PublicKey`, :class:`~cryptography.hazmat.primitives.asymmet + ric.x25519.X25519PrivateKey`, :class:`~cryptography.hazmat.pr + imitives.asymmetric.x448.X448PublicKey`, :class:`~cryptograph + y.hazmat.primitives.asymmetric.x448.X448PrivateKey`, :class:` + ~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` + , :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAP + ublicKey`, :class:`~cryptography.hazmat.primitives.asymmetric + .dsa.DSAPrivateKey`, :class:`~cryptography.hazmat.primitives. + asymmetric.dsa.DSAPublicKey`, :class:`~cryptography.hazmat.pr + imitives.asymmetric.dh.DHPrivateKey`, and :class:`~cryptograp + hy.hazmat.primitives.asymmetric.dh.DHPublicKey` abstract base + classes. + * We significantly refactored how private key loading ( :func:` + ~cryptography.hazmat.primitives.serialization.load_pem_privat + e_key` and :func:`~cryptography.hazmat.primitives.serializati + on.load_der_private_key`) works. This is intended to be + backwards compatible for all well-formed keys, therefore if + you discover a key that now raises an exception, please file + a bug with instructions for reproducing. + * Added unsafe_skip_rsa_key_validation keyword-argument to :fun + c:`~cryptography.hazmat.primitives.serialization.load_ssh_pri + vate_key`. + * Added :class:`~cryptography.hazmat.primitives.hashes.XOFHash` + to support repeated :meth:`~cryptography.hazmat.primitives.ha + shes.XOFHash.squeeze` operations on extendable output + functions. + * Added :meth:`~cryptography.x509.ocsp.OCSPResponseBuilder.add_ + response_by_hash` method to allow creating OCSP responses + using certificate hash values rather than full certificates. + * Extended the :mod:`X.509 path validation + ` API to support user- + configured extension policies via the + :meth:`PolicyBuilder.extension_policies ` method. + * Deprecated the subject, verification_time and max_chain_depth + properties on + :class:`~cryptography.x509.verification.ClientVerifier` and + :class:`~cryptography.x509.verification.ServerVerifier` in + favor of a new policy property. These properties will be + removed in the next release of cryptography. + * BACKWARDS INCOMPATIBLE: The :meth:`VerifiedClient.subject + ` + property can now be None since a custom extension policy may + allow certificates without a Subject Alternative Name + extension. + * Changed the behavior when the OpenSSL 3 legacy provider fails + to load. Instead of raising an exception, a warning is now + emitted. The CRYPTOGRAPHY_OPENSSL_NO_LEGACY environment + variable can still be used to disable the legacy provider at + runtime. + * Added support for the CRYPTOGRAPHY_BUILD_OPENSSL_NO_LEGACY + environment variable during build time, which prevents the + library from ever attempting to load the legacy provider. + * Added support for the + :class:`~cryptography.x509.PrivateKeyUsagePeriod` X.509 + extension. This extension defines the period during which the + private key corresponding to the certificate's public key may + be used. + * Added support for compiling against `aws-lc`_. + * Parsing X.509 structures now more strictly enforces that Name + structures do not have malformed ASN.1. + * We now publish py311 wheels that utilize the faster + pyo3::buffer::PyBuffer interface, resulting in significantly + improved performance for operations involving small buffers. + * Added :func:`~cryptography.hazmat.primitives.serialization.ss + h_key_fingerprint` for computing fingerprints of SSH public + keys. + * Added support for deterministic ECDSA signing via the new + keyword-only argument ecdsa_deterministic in + :meth:`~cryptography.x509.CertificateBuilder.sign`, :meth:`~c + ryptography.x509.CertificateRevocationListBuilder.sign` and : + meth:`~cryptography.x509.CertificateSigningRequestBuilder.sig + n`. + ------------------------------------------------------------------- Wed May 7 15:45:10 UTC 2025 - Nico Krapp diff --git a/python-cryptography.spec b/python-cryptography.spec index 9dae1ed..81e0774 100644 --- a/python-cryptography.spec +++ b/python-cryptography.spec @@ -28,7 +28,7 @@ %{?sle15_python_module_pythons} Name: python-cryptography%{psuffix} # ALWAYS KEEP IN SYNC WITH python-cryptography-vectors! -Version: 44.0.3 +Version: 45.0.5 Release: 0 Summary: Python library which exposes cryptographic recipes and primitives License: Apache-2.0 OR BSD-3-Clause @@ -128,7 +128,6 @@ rm -v tests/wycheproof/test_chacha20poly1305.py %license LICENSE LICENSE.APACHE LICENSE.BSD %doc CONTRIBUTING.rst CHANGELOG.rst README.rst %{python_sitearch}/cryptography -%{python_sitearch}/rust %{python_sitearch}/cryptography-%{version}.dist-info %endif diff --git a/vendor.tar.zst b/vendor.tar.zst index 8cf031a..c2d8b05 100644 --- a/vendor.tar.zst +++ b/vendor.tar.zst @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b18834abb68d0dc0335f0264734f440739dbdcd49504549444546ce0e6c477fa -size 2607240 +oid sha256:cb3f6d6b8893372db6b9f1a6cecfe6094581ba75ddbd48011fdae58726bab5eb +size 2638187