Overview Repositories Revisions Requests Users Attributes Meta

Revisions of python-cryptography

Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 934527 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 57) 
- update to 36.0.0:
  * FINAL DEPRECATION Support for verifier and signer on our asymmetric key
    classes was deprecated in version 2.1. These functions had an extended
    deprecation due to usage, however the next version of cryptography will
    drop support. Users should migrate to sign and verify.
  * The entire X.509 layer is now written in Rust. This allows alternate
    asymmetric key implementations that can support cloud key management
    services or hardware security modules provided they implement the necessary
    interface (for example: EllipticCurvePrivateKey).
  * Deprecated the backend argument for all functions.
  * Added support for AESOCB3.
  * Added support for iterating over arbitrary request attributes.
  * Deprecated the get_attribute_for_oid method on CertificateSigningRequest in
    favor of get_attribute_for_oid() on the new Attributes object.
  * Fixed handling of PEM files to allow loading when certificate and key are
    in the same file.
  * Fixed parsing of CertificatePolicies extensions containing legacy BMPString values in their explicitText.
  * Allow parsing of negative serial numbers in certificates. Negative serial
    numbers are prohibited by RFC 5280 so a deprecation warning will be raised
    whenever they are encountered. A future version of cryptography will drop
    support for parsing them.
  * Added support for parsing PKCS12 files with friendly names for all
    certificates with load_pkcs12(), which will return an object of type
    PKCS12KeyAndCertificates.
  * rfc4514_string() and related methods now have an optional
    attr_name_overrides parameter to supply custom OID to name mappings, which
    can be used to match vendor-specific extensions.
  * BACKWARDS INCOMPATIBLE: Reverted the nonstandard formatting of email
    address fields as E in rfc4514_string() methods from version 35.0.
  * The previous behavior can be restored with:
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 888465 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 55) 
- Remove unnecessary %ifpython3 construct
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 857128 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 53) 
- update to 3.3.1:
  * Re-added a legacy symbol causing problems for older ``pyOpenSSL`` use
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 854279 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 52) 
- update to 3.3.0
  - BACKWARDS INCOMPATIBLE: Support for Python 3.5 has been removed
    due to low usage and maintenance burden.
  - BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit
    to 1024-bit (8 byte to 128 byte) initialization vectors. This
    change is to conform with an upcoming OpenSSL release that will
    no longer support sizes outside this window.
  - BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we
    now raise ValueError rather than UnsupportedAlgorithm when an
    unsupported cipher is used. This change is to conform with an
    upcoming OpenSSL release that will no longer distinguish
    between error types.
  - BACKWARDS INCOMPATIBLE: We no longer allow loading of finite
    field Diffie-Hellman parameters of less than 512 bits in
    length. This change is to conform with an upcoming OpenSSL
    release that no longer supports smaller sizes. These keys were
    already wildly insecure and should not have been used in any
    application outside of testing.
  - Updated Windows, macOS, and manylinux wheels to be compiled
    with OpenSSL 1.1.1i.
  - Python 2 support is deprecated in cryptography. This is the
    last release that will support Python 2.
  - Added the recover_data_from_signature() function to
    RSAPublicKey for recovering the signed data from an RSA
    signature. 
- Remove unnecessary dependency virtualenv.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 823211 from Ondřej Súkup's avatar Ondřej Súkup (mimi_vx) (revision 50) 
- update to 3.0
- refreshed disable-uneven-sizes-tests.patch and  skip_openssl_memleak_test.patch
 * Removed support for passing an Extension instance
    to from_issuer_subject_key_identifier(), as per our deprecation policy.
 * Support for LibreSSL 2.7.x, 2.8.x, and 2.9.0 has been removed
 * Dropped support for macOS 10.9, macOS users must upgrade to 10.10 or newer.
 * RSA generate_private_key() no longer accepts public_exponent values except
    65537 and 3 (the latter for legacy purposes).
 * X.509 certificate parsing now enforces that the version field contains
    a valid value, rather than deferring this check until version is accessed.
 * Deprecated support for Python 2
 * Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa
    private keys: load_ssh_private_key() for loading and OpenSSH for writing.
 * Added support for OpenSSH certificates to load_ssh_public_key().
 * Added encrypt_at_time() and decrypt_at_time() to Fernet.
 * Added support for the SubjectInformationAccess X.509 extension.
 * Added support for parsing SignedCertificateTimestamps in OCSP responses.
 * Added support for parsing attributes in certificate signing requests via get_attribute_for_oid().
 * Added support for encoding attributes in certificate signing requests via add_attribute().
 * On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL’s built-in CSPRNG
    instead of its own OS random engine because these versions of OpenSSL properly reseed on fork.
 * Added initial support for creating PKCS12 files with serialize_key_and_certificates().
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 707591 from Ondřej Súkup's avatar Ondřej Súkup (mimi_vx) (revision 47) 
- update to 2.7
 * BACKWARDS INCOMPATIBLE: Removed the cryptography.hazmat.primitives.mac.MACContext interface.
   The CMAC and HMAC APIs have not changed, but they are no longer registered
   as MACContext instances.
 * Removed support for running our tests with setup.py test.
 * Add support for :class:`~cryptography.hazmat.primitives.poly1305.Poly1305`
   when using OpenSSL 1.1.1 or newer.
 * Support serialization with Encoding.OpenSSH and PublicFormat.OpenSSH
   in :meth:`Ed25519PublicKey.public_bytes <cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey.public_bytes>` .
 * Correctly allow passing a SubjectKeyIdentifier to :meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier`
   and deprecate passing an Extension object.

- Simplify the test execution to be more understandable
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 659254 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 43) 
- Update to 2.4.1:
    * Dropped support for LibreSSL 2.4.x.
    * Deprecated OpenSSL 1.0.1 support. OpenSSL 1.0.1 is no
      longer supported by the OpenSSL project. At this time there
      is no time table for dropping support, however we strongly
      encourage all users to upgrade or install cryptography from
      a wheel.
    * Added initial :doc:`OCSP </x509/ocsp>` support.
    * Added support for cryptography.x509.PrecertPoison.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 630716 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 41) 
- Update to 2.3.1:
  * updated tests for upstream wycheproof changes
  * many other tiny test tweaks
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 591618 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 38) 
- Cleanup with spec-cleaner
- Use %setup to unpack all archives do not rely on tar calls

- Update to upstream release 2.2.1:
  * Reverted a change to GeneralNames which prohibited having zero elements,
    due to breakages.
  * Fixed a bug in
    :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding`
    that caused it to raise InvalidUnwrap when key length modulo 8 was zero.
  * BACKWARDS INCOMPATIBLE: Support for Python 2.6 has been dropped.
  * Resolved a bug in HKDF that incorrectly constrained output size.
  * Added
    :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP256R1`,
    :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP384R1`, and
    :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP512R1` to
    support inter-operating with systems like German smart meters.
  * Added token rotation support to :doc:`Fernet </fernet>` with
    :meth:`~cryptography.fernet.MultiFernet.rotate`.
  * Fixed a memory leak in
    :func:`~cryptography.hazmat.primitives.asymmetric.ec.derive_private_key`.
  * Added support for AES key wrapping with padding via
    :func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap_with_padding` and
    :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding` .
* Allow loading DSA keys with 224 bit q.
Displaying revisions 41 - 60 of 97
openSUSE Build Service is sponsored by
Places