python/python-cryptography
SHA256
14
0
Fork 0
forked from pool/python-cryptography
Code Pull Requests Activity

Accepting request 343324 from home:tbechtold:branches:devel:languages:python

Browse Source 
- update to 1.1:
  * Added support for Elliptic Curve Diffie-Hellman with
    :class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDH`.
  * Added :class:`~cryptography.hazmat.primitives.kdf.x963kdf.X963KDF`.
  * Added support for parsing certificate revocation lists (CRLs) using
    :func:`~cryptography.x509.load_pem_x509_crl` and
    :func:`~cryptography.x509.load_der_x509_crl`.
  * Add support for AES key wrapping with
    :func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap` and
    :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap`.
  * Added a ``__hash__`` method to :class:`~cryptography.x509.Name`.
  * Add support for encoding and decoding elliptic curve points to a byte string
    form using
    :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.encode_point`
    and
    :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.from_encoded_point`.
  * Added :meth:`~cryptography.x509.Extensions.get_extension_for_class`.
  * :class:`~cryptography.x509.CertificatePolicies` are now supported in the
    :class:`~cryptography.x509.CertificateBuilder`.
  * ``countryName`` is now encoded as a ``PrintableString`` when creating subject
    and issuer distinguished names with the Certificate and CSR builder classes.
  * **SECURITY ISSUE**: The OpenSSL backend prior to 1.0.2 made extensive use
    of assertions to check response codes where our tests could not trigger a
    failure.  However, when Python is run with ``-O`` these asserts are optimized
    away.  If a user ran Python with this flag and got an invalid response code
    this could result in undefined behavior or worse. Accordingly, all response
    checks from the OpenSSL backend have been converted from ``assert``
    to a true function call. Credit **Emilia Käsper (Google Security Team)**
    for the report.
  * We now ship OS X wheels that statically link OpenSSL by default. When

OBS-URL: https://build.opensuse.org/request/show/343324
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=23
This commit is contained in:
Todd R
2015-11-11 10:35:45 +00:00
committed by Git OBS Bridge
parent b914a4524b
commit eb54b1a6ae
11 changed files with 76 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
python-cryptography.changes
View File

@@ -1,3 +1,48 @@
-------------------------------------------------------------------
Tue Nov 10 04:16:13 UTC 2015 - tbechtold@suse.com
- update to 1.1:
* Added support for Elliptic Curve Diffie-Hellman with
:class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDH`.
* Added :class:`~cryptography.hazmat.primitives.kdf.x963kdf.X963KDF`.
* Added support for parsing certificate revocation lists (CRLs) using
:func:`~cryptography.x509.load_pem_x509_crl` and
:func:`~cryptography.x509.load_der_x509_crl`.
* Add support for AES key wrapping with
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap` and
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap`.
* Added a ``__hash__`` method to :class:`~cryptography.x509.Name`.
* Add support for encoding and decoding elliptic curve points to a byte string
form using
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.encode_point`
and
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.from_encoded_point`.
* Added :meth:`~cryptography.x509.Extensions.get_extension_for_class`.
* :class:`~cryptography.x509.CertificatePolicies` are now supported in the
:class:`~cryptography.x509.CertificateBuilder`.
* ``countryName`` is now encoded as a ``PrintableString`` when creating subject
and issuer distinguished names with the Certificate and CSR builder classes.
* **SECURITY ISSUE**: The OpenSSL backend prior to 1.0.2 made extensive use
of assertions to check response codes where our tests could not trigger a
failure. However, when Python is run with ``-O`` these asserts are optimized
away. If a user ran Python with this flag and got an invalid response code
this could result in undefined behavior or worse. Accordingly, all response
checks from the OpenSSL backend have been converted from ``assert``
to a true function call. Credit **Emilia Käsper (Google Security Team)**
for the report.
* We now ship OS X wheels that statically link OpenSSL by default. When
installing a wheel on OS X 10.10+ (and using a Python compiled against the
10.10 SDK) users will no longer need to compile. See :doc:`/installation` for
alternate installation methods if required.
* Set the default string mask to UTF-8 in the OpenSSL backend to resolve
character encoding issues with older versions of OpenSSL.
* Several new OpenSSL bindings have been added to support a future pyOpenSSL
release.
* Raise an error during install on PyPy < 2.6. 1.0+ requires PyPy 2.6+.
- Remove 2293.patch . Applied in a different way upstream.
- Add BuildRequires for python-hypothesis and python-pyasn1-modules for running
unittests
-------------------------------------------------------------------
Wed Sep 30 12:01:27 UTC 2015 - dmueller@suse.com