From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 01/23] python3-cryptography: Update to version 36.0.2
Date: Fri, 17 Jun 2022 13:10:09 +0200 [thread overview]
Message-ID: <07306f51-8b53-70fa-cca5-167160d00f59@ipfire.org> (raw)
In-Reply-To: <38C1743E-FF5E-4640-BB2C-CFF9A7F00D94@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 14198 bytes --]
On 17/06/2022 12:14, Michael Tremer wrote:
> Oh wow. 23 patches.
and would have been 26 patches without your help on removing the windows requirements.
>
> That looks like a lot of work!
>
> Thank you for this. I will not tag them all individually if that is okay :)
That is fine by me :-)
>
> -Michael
>
>> On 17 Jun 2022, at 11:00, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>
>> Dear All,
>>
>> For information this patch series can wait till CU170. It is not an urgent need to update in CU169.
>>
>> Regards,
>> Adolf.
>>
>> On 17/06/2022 11:42, Adolf Belka wrote:
>>> - Update from version 3.4.7 to 36.0.2
>>> After version 3.4.8 the numbering scheme changed to 35.0.0 in Sept 2021
>>> See Chanelog section 35.0.0 below
>>> - New release requires a lot of rust packages - see Changelog sections 35.0.0 & 36.0.0
>>> below. The required rust packages are installed in separate patches in this series
>>> - Update of rootfile
>>> - Changelog
>>> 36.0.2 - 2022-03-15¶
>>> Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1n.
>>> 36.0.1 - 2021-12-14¶
>>> Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1m.
>>> 36.0.0 - 2021-11-21¶
>>> FINAL DEPRECATION Support for verifier and signer on our asymmetric key
>>> classes was deprecated in version 2.0. These functions had an extended
>>> deprecation due to usage, however the next version of cryptography will drop
>>> support. Users should migrate to sign and verify.
>>> The entire X.509 layer is now written in Rust. This allows alternate
>>> asymmetric key implementations that can support cloud key management
>>> services or hardware security modules provided they implement the necessary
>>> interface (for example: EllipticCurvePrivateKey).
>>> Deprecated the backend argument for all functions.
>>> Added support for AESOCB3.
>>> Added support for iterating over arbitrary request attributes.
>>> Deprecated the get_attribute_for_oid method on CertificateSigningRequest in
>>> favor of get_attribute_for_oid() on the new Attributes object.
>>> Fixed handling of PEM files to allow loading when certificate and key are in
>>> the same file.
>>> Fixed parsing of CertificatePolicies extensions containing legacy BMPString
>>> values in their explicitText.
>>> Allow parsing of negative serial numbers in certificates. Negative serial
>>> numbers are prohibited by RFC 5280 so a deprecation warning will be raised
>>> whenever they are encountered. A future version of cryptography will drop
>>> support for parsing them.
>>> Added support for parsing PKCS12 files with friendly names for all
>>> certificates with load_pkcs12(), which will return an object of type
>>> PKCS12KeyAndCertificates.
>>> rfc4514_string() and related methods now have an optional attr_name_overrides
>>> parameter to supply custom OID to name mappings, which can be used to match
>>> vendor-specific extensions.
>>> BACKWARDS INCOMPATIBLE: Reverted the nonstandard formatting of email address
>>> fields as E in rfc4514_string() methods from version 35.0.
>>> The previous behavior can be restored with:
>>> name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"})
>>> Allow X25519PublicKey and X448PublicKey to be used as public keys when
>>> parsing certificates or creating them with CertificateBuilder. These key
>>> types must be signed with a different signing algorithm as X25519 and X448
>>> do not support signing.
>>> Extension values can now be serialized to a DER byte string by calling
>>> public_bytes().
>>> Added experimental support for compiling against BoringSSL. As BoringSSL
>>> does not commit to a stable API, cryptography tests against the latest
>>> commit only. Please note that several features are not available when
>>> building against BoringSSL.
>>> Parsing CertificateSigningRequest from DER and PEM now, for a limited time
>>> period, allows the Extension critical field to be incorrectly encoded. See
>>> the issue for complete details. This will be reverted in a future
>>> cryptography release.
>>> When OCSPNonce are parsed and generated their value is now correctly wrapped
>>> in an ASN.1 OCTET STRING. This conforms to RFC 6960 but conflicts with the
>>> original behavior specified in RFC 2560. For a temporary period for
>>> backwards compatibility, we will also parse values that are encoded as
>>> specified in RFC 2560 but this behavior will be removed in a future release.
>>> 35.0.0 - 2021-09-29¶
>>> Changed the version scheme. This will result in us incrementing the major
>>> version more frequently, but does not change our existing backwards
>>> compatibility policy.
>>> BACKWARDS INCOMPATIBLE: The X.509 PEM parsers now require that the PEM
>>> string passed have PEM delimiters of the correct type. For example, parsing
>>> a private key PEM concatenated with a certificate PEM will no longer be
>>> accepted by the PEM certificate parser.
>>> BACKWARDS INCOMPATIBLE: The X.509 certificate parser no longer allows
>>> negative serial numbers. RFC 5280 has always prohibited these.
>>> BACKWARDS INCOMPATIBLE: Additional forms of invalid ASN.1 found during X.509
>>> parsing will raise an error on initial parse rather than when the malformed
>>> field is accessed.
>>> Rust is now required for building cryptography, the
>>> CRYPTOGRAPHY_DONT_BUILD_RUST environment variable is no longer respected.
>>> Parsers for X.509 no longer use OpenSSL and have been rewritten in Rust.
>>> This should be backwards compatible (modulo the items listed above) and
>>> improve both security and performance.
>>> Added support for OpenSSL 3.0.0 as a compilation target.
>>> Added support for SM3 and SM4, when using OpenSSL 1.1.1. These algorithms
>>> are provided for compatibility in regions where they may be required, and
>>> are not generally recommended.
>>> We now ship manylinux_2_24 and musllinux_1_1 wheels, in addition to our
>>> manylinux2010 and manylinux2014 wheels. Users on distributions like Alpine
>>> Linux should ensure they upgrade to the latest pip to correctly receive
>>> wheels.
>>> Added rfc4514_attribute_name attribute to x509.NameAttribute.
>>> Added KBKDFCMAC.
>>> 3.4.8 - 2021-08-24¶
>>> Updated Windows, macOS, and manylinux wheels to be compiled with
>>> OpenSSL 1.1.1l.
>>> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
>>> ---
>>> .../rootfiles/packages/python3-cryptography | 25 ++++++++++---------
>>> lfs/python3-cryptography | 6 ++---
>>> 2 files changed, 16 insertions(+), 15 deletions(-)
>>> diff --git a/config/rootfiles/packages/python3-cryptography b/config/rootfiles/packages/python3-cryptography
>>> index 9f63606fb..a9ee32faf 100644
>>> --- a/config/rootfiles/packages/python3-cryptography
>>> +++ b/config/rootfiles/packages/python3-cryptography
>>> @@ -1,20 +1,18 @@
>>> usr/lib/python3.10/site-packages/cryptography
>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info
>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/PKG-INFO
>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/SOURCES.txt
>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/dependency_links.txt
>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/not-zip-safe
>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/requires.txt
>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/top_level.txt
>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info
>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/PKG-INFO
>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/SOURCES.txt
>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/dependency_links.txt
>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/not-zip-safe
>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/requires.txt
>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/top_level.txt
>>> usr/lib/python3.10/site-packages/cryptography/__about__.py
>>> usr/lib/python3.10/site-packages/cryptography/__init__.py
>>> usr/lib/python3.10/site-packages/cryptography/exceptions.py
>>> usr/lib/python3.10/site-packages/cryptography/fernet.py
>>> usr/lib/python3.10/site-packages/cryptography/hazmat
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/__init__.py
>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/_der.py
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/_oid.py
>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/_types.py
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/__init__.py
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/interfaces.py
>>> @@ -33,7 +31,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ed448.py
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.py
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hashes.py
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hmac.py
>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ocsp.py
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/poly1305.py
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/rsa.py
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/utils.py
>>> @@ -43,8 +40,12 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/x509.py
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/__init__.py
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so
>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_padding.abi3.so
>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust.abi3.so
>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/__init__.pyi
>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/asn1.pyi
>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/ocsp.pyi
>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/x509.pyi
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/__init__.py
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/_conditional.py
>>> @@ -63,6 +64,7 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ed255
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ed448.py
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/padding.py
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py
>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/types.py
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/utils.py
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/x25519.py
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/x448.py
>>> @@ -97,7 +99,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/__init__.py
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/hotp.py
>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/totp.py
>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/utils.py
>>> usr/lib/python3.10/site-packages/cryptography/py.typed
>>> usr/lib/python3.10/site-packages/cryptography/utils.py
>>> usr/lib/python3.10/site-packages/cryptography/x509
>>> diff --git a/lfs/python3-cryptography b/lfs/python3-cryptography
>>> index f3090bc6a..77e5f06b0 100644
>>> --- a/lfs/python3-cryptography
>>> +++ b/lfs/python3-cryptography
>>> @@ -24,7 +24,7 @@
>>> include Config
>>> -VER = 3.4.7
>>> +VER = 36.0.2
>>> THISAPP = cryptography-$(VER)
>>> DL_FILE = $(THISAPP).tar.gz
>>> @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
>>> DIR_APP = $(DIR_SRC)/$(THISAPP)
>>> TARGET = $(DIR_INFO)/$(THISAPP)
>>> PROG = python3-cryptography
>>> -PAK_VER = 1
>>> +PAK_VER = 2
>>> DEPS = python3-cffi
>>> @@ -46,7 +46,7 @@ objects = $(DL_FILE)
>>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>> -$(DL_FILE)_BLAKE2 = 49bc1e098ed1ba0181059b645f6668cda6332d196eaca55270ebce6e07e5bb6ab6724c5050fde20e89b7025773960d74ec782bb875badbbd5dc9a04db0a536f1
>>> +$(DL_FILE)_BLAKE2 = b34b994e44b1ccd099a56fba4a167d563a29652f86ab0f0000ef78b4093a15cbfb82a9cebecdcaf6bca782a5fdd20f6c7d2206d68a219626a9fe8ae13e9aec5e
>>> install : $(TARGET)
>>>
>
next prev parent reply other threads:[~2022-06-17 11:10 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-17 9:42 Adolf Belka
2022-06-17 9:42 ` [PATCH 02/23] make.sh: New rust dependencies for python3-cryptography Adolf Belka
2022-06-17 9:42 ` [PATCH 03/23] rust-pyo3: Update to version 0.15.1 - required " Adolf Belka
2022-06-25 11:48 ` Peter Müller
2022-06-26 9:33 ` Michael Tremer
2022-06-27 17:04 ` Adolf Belka
2022-06-28 7:20 ` Peter Müller
2022-06-17 9:42 ` [PATCH 04/23] rust-pyo3-macros: Update to version 0.15.1 - required for python3-cryptography update Adolf Belka
2022-06-17 9:42 ` [PATCH 05/23] rust-pyo3-macros-backend: " Adolf Belka
2022-06-17 9:42 ` [PATCH 06/23] rust-Inflector: Required for update of python3-cryptography Adolf Belka
2022-06-17 9:42 ` [PATCH 07/23] rust-aliasable: " Adolf Belka
2022-06-17 9:42 ` [PATCH 08/23] rust-asn1: " Adolf Belka
2022-06-17 9:42 ` [PATCH 09/23] rust-asn1_derive: " Adolf Belka
2022-06-17 9:42 ` [PATCH 10/23] rust-base64: " Adolf Belka
2022-06-17 9:42 ` [PATCH 11/23] rust-chrono: " Adolf Belka
2022-06-17 9:42 ` [PATCH 12/23] rust-indoc-0.3.6: " Adolf Belka
2022-06-17 9:42 ` [PATCH 13/23] rust-num-integer: " Adolf Belka
2022-06-17 9:42 ` [PATCH 14/23] rust-num-traits: " Adolf Belka
2022-06-17 9:42 ` [PATCH 15/23] rust-num_threads: " Adolf Belka
2022-06-17 9:42 ` [PATCH 16/23] rust-ouroboros: " Adolf Belka
2022-06-17 9:42 ` [PATCH 17/23] rust-ouroboros_macro: " Adolf Belka
2022-06-17 9:42 ` [PATCH 18/23] rust-paste-0.1.18: " Adolf Belka
2022-06-17 9:42 ` [PATCH 19/23] rust-pem: " Adolf Belka
2022-06-17 9:42 ` [PATCH 20/23] rust-proc-macro-error: " Adolf Belka
2022-06-17 9:42 ` [PATCH 21/23] rust-proc-macro-error-attr: " Adolf Belka
2022-06-17 9:42 ` [PATCH 22/23] rust-stable_deref_trait: " Adolf Belka
2022-06-17 9:42 ` [PATCH 23/23] rust-time: " Adolf Belka
2022-06-17 10:00 ` [PATCH 01/23] python3-cryptography: Update to version 36.0.2 Adolf Belka
2022-06-17 10:14 ` Michael Tremer
2022-06-17 11:10 ` Adolf Belka [this message]
2022-06-18 14:51 ` Peter Müller
2022-06-18 16:20 ` Adolf Belka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=07306f51-8b53-70fa-cca5-167160d00f59@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox