From 3be516f43a7af25db7b0a214b99c70b47e33a106cdff87c30dd792f15fb36d7f Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Tue, 24 May 2022 06:59:20 +0000 Subject: [PATCH] - update to 37.0.2: * Fixed an issue where parsing an encrypted private key with the public loader functions would hang waiting for console input on OpenSSL 3.0.x rather than raising an error. * Restored some legacy symbols for older ``pyOpenSSL`` users. These will be removed again in the future, so ``pyOpenSSL`` users should still upgrade to the latest version of that package when they upgrade ``cryptography``. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.2. * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL 2.9.x and 3.0.x. The new minimum LibreSSL version is 3.1+. * **BACKWARDS INCOMPATIBLE:** Removed ``signer`` and ``verifier`` methods from the public key and private key classes. These methods were originally deprecated in version 2.0, but had an extended deprecation timeline due to usage. Any remaining users should transition to ``sign`` and ``verify``. * Deprecated OpenSSL 1.1.0 support. OpenSSL 1.1.0 is no longer supported by the OpenSSL project. The next release of ``cryptography`` will be the last to support compiling with OpenSSL 1.1.0. * Deprecated Python 3.6 support. Python 3.6 is no longer supported by the Python core team. Support for Python 3.6 will be removed in a future ``cryptography`` release. * Deprecated the current minimum supported Rust version (MSRV) of 1.41.0. In the next release we will raise MSRV to 1.48.0. Users with the latest ``pip`` will typically get a wheel and not need Rust installed, but check :doc:`/installation` for documentation on installing a newer ``rustc`` if required. * Deprecated :class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`, :class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`, :class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`, and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish` because OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=153 --- _service | 2 +- cryptography-36.0.2.tar.gz | 3 -- cryptography-36.0.2.tar.gz.asc | 11 ----- cryptography-37.0.2.tar.gz | 3 ++ cryptography-37.0.2.tar.gz.asc | 11 +++++ python-cryptography.changes | 80 ++++++++++++++++++++++++++++++++++ python-cryptography.spec | 6 ++- vendor.tar.xz | 3 -- vendor.tar.zst | 3 ++ 9 files changed, 102 insertions(+), 20 deletions(-) delete mode 100644 cryptography-36.0.2.tar.gz delete mode 100644 cryptography-36.0.2.tar.gz.asc create mode 100644 cryptography-37.0.2.tar.gz create mode 100644 cryptography-37.0.2.tar.gz.asc delete mode 100644 vendor.tar.xz create mode 100644 vendor.tar.zst diff --git a/_service b/_service index d586537..6a6a46c 100644 --- a/_service +++ b/_service @@ -1,6 +1,6 @@ - cryptography-36.0.2/src/rust + cryptography-37.0.2/src/rust diff --git a/cryptography-36.0.2.tar.gz b/cryptography-36.0.2.tar.gz deleted file mode 100644 index fd02617..0000000 --- a/cryptography-36.0.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:70f8f4f7bb2ac9f340655cbac89d68c527af5bb4387522a8413e841e3e6628c9 -size 572053 diff --git a/cryptography-36.0.2.tar.gz.asc b/cryptography-36.0.2.tar.gz.asc deleted file mode 100644 index dd42f62..0000000 --- a/cryptography-36.0.2.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEEBf2foWz3VzUNkaVgI1rl8Sn57ZgFAmIxEWsACgkQI1rl8Sn5 -7Zg+ZQgAvgeeLSOlnD0Uun3UYws0VIewHatjmeER/ICz4oTUTPRBz8UMOOJXKQJF -PV7qlhDDjf1YCv+uNZp+pNTRXY2Wo9eTK+GjUyfVfuUL/ByfZ/2JPrhIYUnjSyHL -ylTNebWgFKbIuOF2olZHcrvgK9mPZ+bHV9vV7D5UL+/5jiaXCc+Q85EdyCVq8Ph6 -yDzFv91aCRFunXkVISsTkeLT1qrjUM2PoX3S3PYsko47AbktsO9YSKU/5ZYgUF+D -oWz09e9GUDsQVExUu1K/+LC4nvJ0dUpN3WlS1RKKo2feaPlpnsH5B8lVAO88iTGL -quDaso9vkZEeNDAXTcHD1CUgjvgnMw== -=N7Kg ------END PGP SIGNATURE----- diff --git a/cryptography-37.0.2.tar.gz b/cryptography-37.0.2.tar.gz new file mode 100644 index 0000000..94054d7 --- /dev/null +++ b/cryptography-37.0.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f224ad253cc9cea7568f49077007d2263efa57396a2f2f78114066fd54b5c68e +size 585433 diff --git a/cryptography-37.0.2.tar.gz.asc b/cryptography-37.0.2.tar.gz.asc new file mode 100644 index 0000000..262fa9d --- /dev/null +++ b/cryptography-37.0.2.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEBf2foWz3VzUNkaVgI1rl8Sn57ZgFAmJxzIoACgkQI1rl8Sn5 +7ZhKewf/Uvz9x+LOdlALmzep2cFO4PaycCIK2VNkBhYWHEE9kI0BRIwcX4N2qzYO +7GTB4w4WMuYKhsvEYb9rRiPkrNxlTXyVAPpnM1S4aTca6jJn3yuNT/wn1CWr0IsB +f8XsOduTth7ATI+v8zieBrNdbZif7pq5n6+/78ZIJ1DC7hhWat3Wbv2ZGObehVbS +ACH5drpHpMYZb02SSCbTOXONmSKmLSYJZwa6yTteB6UDGDn9oaBeRhPRUFHxNQUW +g7P3bBD8ThBaWkTDgmzldCi5V/1hGTF1jdR6+Eav8/gBgJ8b903yZzY7eloJOfhs +gqZJhxtTXcMgXiozYoedIqeFRs4Q8A== +=WM3/ +-----END PGP SIGNATURE----- diff --git a/python-cryptography.changes b/python-cryptography.changes index 161b268..b9784da 100644 --- a/python-cryptography.changes +++ b/python-cryptography.changes @@ -1,3 +1,83 @@ +------------------------------------------------------------------- +Tue May 24 06:57:55 UTC 2022 - Dirk Müller + +- update to 37.0.2: + * Fixed an issue where parsing an encrypted private key with the public + loader functions would hang waiting for console input on OpenSSL 3.0.x rather + than raising an error. + * Restored some legacy symbols for older ``pyOpenSSL`` users. These will be + removed again in the future, so ``pyOpenSSL`` users should still upgrade + to the latest version of that package when they upgrade ``cryptography``. + * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.2. + * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL 2.9.x and 3.0.x. + The new minimum LibreSSL version is 3.1+. + * **BACKWARDS INCOMPATIBLE:** Removed ``signer`` and ``verifier`` methods + from the public key and private key classes. These methods were originally + deprecated in version 2.0, but had an extended deprecation timeline due + to usage. Any remaining users should transition to ``sign`` and ``verify``. + * Deprecated OpenSSL 1.1.0 support. OpenSSL 1.1.0 is no longer supported by + the OpenSSL project. The next release of ``cryptography`` will be the last + to support compiling with OpenSSL 1.1.0. + * Deprecated Python 3.6 support. Python 3.6 is no longer supported by the + Python core team. Support for Python 3.6 will be removed in a future + ``cryptography`` release. + * Deprecated the current minimum supported Rust version (MSRV) of 1.41.0. + In the next release we will raise MSRV to 1.48.0. Users with the latest + ``pip`` will typically get a wheel and not need Rust installed, but check + :doc:`/installation` for documentation on installing a newer ``rustc`` if + required. + * Deprecated + :class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`, + :class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`, + :class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`, and + :class:`~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish` because + they are legacy algorithms with extremely low usage. These will be removed + in a future version of ``cryptography``. + * Added limited support for distinguished names containing a bit string. + * We now ship ``universal2`` wheels on macOS, which contain both ``arm64`` + and ``x86_64`` architectures. Users on macOS should upgrade to the latest + ``pip`` to ensure they can use this wheel, although we will continue to + ship ``x86_64`` specific wheels for now to ease the transition. + * This will be the final release for which we ship ``manylinux2010`` wheels. + Going forward the minimum supported ``manylinux`` ABI for our wheels will + be ``manylinux2014``. The vast majority of users will continue to receive + ``manylinux`` wheels provided they have an up to date ``pip``. For PyPy + wheels this release already requires ``manylinux2014`` for compatibility + with binaries distributed by upstream. + * Added support for multiple + :class:`~cryptography.x509.ocsp.OCSPSingleResponse` in a + :class:`~cryptography.x509.ocsp.OCSPResponse`. + * Restored support for signing certificates and other structures in + :doc:`/x509/index` with SHA3 hash algorithms. + * :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` is + disabled in FIPS mode. + * Added support for serialization of PKCS#12 CA friendly names/aliases in + :func:`~cryptography.hazmat.primitives.serialization.pkcs12.serialize_key_and_certificates` + * Added support for 12-15 byte (96 to 120 bit) nonces to + :class:`~cryptography.hazmat.primitives.ciphers.aead.AESOCB3`. This class + previously supported only 12 byte (96 bit). + * Added support for + :class:`~cryptography.hazmat.primitives.ciphers.aead.AESSIV` when using + OpenSSL 3.0.0+. + * Added support for serializing PKCS7 structures from a list of + certificates with + :class:`~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates`. + * Added support for parsing :rfc:`4514` strings with + :meth:`~cryptography.x509.Name.from_rfc4514_string`. + * Added :attr:`~cryptography.hazmat.primitives.asymmetric.padding.PSS.AUTO` to + :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. This can + be used to verify a signature where the salt length is not already known. + * Added :attr:`~cryptography.hazmat.primitives.asymmetric.padding.PSS.DIGEST_LENGTH` + to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. This + constant will set the salt length to the same length as the ``PSS`` hash + algorithm. + * Added support for loading RSA-PSS key types with + :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key` + and + :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`. + This functionality is limited to OpenSSL 1.1.1e+ and loads the key as a + normal RSA private key, discarding the PSS constraint information. + ------------------------------------------------------------------- Sat Mar 26 20:10:08 UTC 2022 - Dirk Müller diff --git a/python-cryptography.spec b/python-cryptography.spec index cbb0bab..7ec436e 100644 --- a/python-cryptography.spec +++ b/python-cryptography.spec @@ -28,7 +28,7 @@ %bcond_with test %endif Name: python-cryptography%{psuffix} -Version: 36.0.2 +Version: 37.0.2 Release: 0 Summary: Python library which exposes cryptographic recipes and primitives License: Apache-2.0 OR BSD-3-Clause @@ -37,7 +37,7 @@ URL: https://cryptography.io/en/latest/ Source0: https://files.pythonhosted.org/packages/source/c/cryptography/cryptography-%{version}.tar.gz Source1: https://files.pythonhosted.org/packages/source/c/cryptography/cryptography-%{version}.tar.gz.asc # use `osc service disabledrun` to regenerate -Source2: vendor.tar.xz +Source2: vendor.tar.zst # use `osc service disabledrun` to regenerate Source3: cargo_config Source4: python-cryptography.keyring @@ -52,6 +52,7 @@ BuildRequires: libopenssl-devel BuildRequires: pkgconfig BuildRequires: python-rpm-macros BuildRequires: rust >= 1.41.0 +BuildRequires: zstd BuildRequires: pkgconfig(libffi) # python-base is not enough, we need the _ssl module Requires: python @@ -84,6 +85,7 @@ functions. %autosetup -a2 -p1 -n cryptography-%{version} mkdir .cargo cp %{SOURCE3} .cargo/config +rm -v src/rust/Cargo.lock %build export RUSTFLAGS=%{rustflags} diff --git a/vendor.tar.xz b/vendor.tar.xz deleted file mode 100644 index d354edf..0000000 --- a/vendor.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e20351c701cfbed1e641ce2798c499755c6f16f7192d8db4b88a3ae29163f8a2 -size 5909332 diff --git a/vendor.tar.zst b/vendor.tar.zst new file mode 100644 index 0000000..c72376d --- /dev/null +++ b/vendor.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3493a00e4cfd2ec828c6b659259daf981b7dd0e751ed33b2032a86bec43ee344 +size 8743693