- Update to version 44.0.0:
* BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.9.
* Deprecated Python 3.7 support. Python 3.7 is no longer supported by
the Python core team. Support for Python 3.7 will be removed in a future
cryptography release.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.0.
* macOS wheels are now built against the macOS 10.13 SDK. Users on older
versions of macOS should upgrade, or they will need to build cryptography
themselves.
* Enforce the RFC 5280 requirement that extended key usage extensions must not be empty.
* Added support for timestamp extraction to the :class:`~cryptography.fernet.MultiFernet` class.
* Relax the Authority Key Identifier requirements on root CA certificates
during X.509 verification to allow fields permitted by RFC 5280 but
forbidden by the CA/Browser BRs.
* Added support for
:class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id` when using
OpenSSL 3.2.0+.
* Added support for the :class:`~cryptography.x509.Admissions` certificate extension.
* Added basic support for PKCS7 decryption (including S/MIME 3.2) via
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_der`,
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_pem`,
and :func:`~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_smime`.
- Update specfile to accommodate new project structure at version 44.0.0
- Update no-pytest_benchmark.patch
OBS-URL: https://build.opensuse.org/request/show/1240357
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=238
* BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e
has been removed. Users on older version of OpenSSL will
need to upgrade.
* BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8.
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.3.1.
* Updated the minimum supported Rust version (MSRV) to 1.65.0,
from 1.63.0.
* :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generat
e_private_key` now enforces a minimum RSA key size of
1024-bit. Note that 1024-bit is still considered insecure,
users should generally use a key size of 2048-bits.
* :func:`~cryptography.hazmat.primitives.serialization.pkcs7.se
rialize_certificates` now emits ASN.1 that more closely
follows the recommendations in RFC 2315.
* Added new :doc:`/hazmat/decrepit/index` module which contains
outdated and insecure cryptographic primitives. :class:`~cryp
tography.hazmat.primitives.ciphers.algorithms.CAST5`, :class:
`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`, :c
lass:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA
`, and :class:`~cryptography.hazmat.primitives.ciphers.algori
thms.Blowfish`, which were deprecated in 37.0.0, have been
added to this module. They will be removed from the cipher
module in 45.0.0.
* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorit
hms.TripleDES` and :class:`~cryptography.hazmat.primitives.ci
phers.algorithms.ARC4` into :doc:`/hazmat/decrepit/index` and
deprecated them in the cipher module. They will be removed
from the cipher module in 48.0.0.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=220
* Fixed an issue with incorrect keyword-argument naming with
EllipticCurvePrivateKey :meth:`~cryptography.hazmat.primitive
s.asymmetric.ec.EllipticCurvePrivateKey.sign`.
* Resolved compatibility issue with loading certain RSA public
keys in :func:`~cryptography.hazmat.primitives.serialization.
load_pem_public_key`.
* BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.7.
* BACKWARDS INCOMPATIBLE: Loading a PKCS7 with no content field
using :func:`~cryptography.hazmat.primitives.serialization.pk
cs7.load_pem_pkcs7_certificates` or :func:`~cryptography.hazm
at.primitives.serialization.pkcs7.load_der_pkcs7_certificates
` will now raise a ValueError rather than return an empty
list.
* Parsing SSH certificates no longer permits malformed critical
options with values, as documented in the 41.0.2 release
notes.
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.2.0.
* Updated the minimum supported Rust version (MSRV) to 1.63.0,
from 1.56.0.
* We now publish both py37 and py39 abi3 wheels. This should
resolve some errors relating to initializing a module
multiple times per process.
* Support :class:`~cryptography.hazmat.primitives.asymmetric.pa
dding.PSS` for X.509 certificate signing requests and
certificate revocation lists with the keyword-only argument
rsa_padding on the sign methods for
:class:`~cryptography.x509.CertificateSigningRequestBuilder`
and
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=205
