From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 09/48] python3-cryptography:Update to version 38.0.1 and to work with python-3.10.8 Date: Wed, 09 Nov 2022 19:56:55 +0100 Message-ID: <20221109185734.3920-9-adolf.belka@ipfire.org> In-Reply-To: <20221109185734.3920-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5464662351248420677==" List-Id: --===============5464662351248420677== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable - Updated from version 36.0.2 to 38.0.1 - Update of rootfile - Changelog 38.0.1 - 2022-09-07 Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typica= lly seen in large CRLs). 38.0.0 - 2022-09-06 Final deprecation of OpenSSL 1.1.0. The next release of cryptography wil= l drop support. We no longer ship many linux 2010 wheels. Users should upgrade to the la= test pip to ensure this doesn=E2=80=99t cause issues downloading wheels on th= eir platform. We now ship manylinux_2_28 wheels for users on new enough platf= orms. Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0= . Users with the latest pip will typically get a wheel and not need Rust inst= alled, but check Installation for documentation on installing a newer rustc i= f required. decrypt() and related methods now accept both str and bytes tokens. Parsing CertificateSigningRequest restores the behavior of enforcing tha= t the Extension critical field must be correctly encoded DER. See the issue f= or complete details. Added two new OpenSSL functions to the bindings to support an upcoming p= yOpenSSL release. When parsing CertificateRevocationList and CertificateSigningRequest val= ues, it is now enforced that the version value in the input must be valid acc= ording to the rules of RFC 2986 and RFC 5280. Using MD5 or SHA1 in CertificateBuilder and other X.509 builders is depr= ecated and support will be removed in the next version. Added additional APIs to SignedCertificateTimestamp, including signature= _hash_algorithm, signature_algorithm, signature, and extension_bytes. Added tbs_precertificate_bytes, allowing users to access the to-be-signe= d pre-certificate data needed for signed certificate timestamp verification. KBKDFHMAC and KBKDFCMAC now support MiddleFixed counter location. Fixed RFC 4514 name parsing to reverse the order of the RDNs according t= o the section 2.1 of the RFC, affecting method from_rfc4514_string(). It is now possible to customize some aspects of encryption when serializ= ing private keys, using encryption_builder(). Removed several legacy symbols from our OpenSSL bindings. Users of pyOpe= nSSL versions older than 22.0 will need to upgrade. Added AES128 and AES256 classes. These classes do not replace AES (which= allows all AES key lengths), but are intended for applications where develop= ers want to be explicit about key length. 37.0.4 - 2022-07-05 Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0= .5. 37.0.3 - 2022-06-21 (YANKED)=C2=B6 Attention This release was subsequently yanked from PyPI due to a regression in OpenSS= L. Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0= .4. 37.0.2 - 2022-05-03 Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0= .3. Added a constant needed for an upcoming pyOpenSSL release. 37.0.1 - 2022-04-27 Fixed an issue where parsing an encrypted private key with the public lo= ader functions would hang waiting for console input on OpenSSL 3.0.x rather t= han raising an error. Restored some legacy symbols for older pyOpenSSL users. These will be re= moved again in the future, so pyOpenSSL users should still upgrade to the lat= est version of that package when they upgrade cryptography. 37.0.0 - 2022-04-26 Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0= .2. BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL 2.9.x and 3.0.x. Th= e new minimum LibreSSL version is 3.1+. BACKWARDS INCOMPATIBLE: Removed signer and verifier methods from the pub= lic key and private key classes. These methods were originally deprecated in = version 2.0, but had an extended deprecation timeline due to usage. Any remai= ning users should transition to sign and verify. Deprecated OpenSSL 1.1.0 support. OpenSSL 1.1.0 is no longer supported b= y the OpenSSL project. The next release of cryptography will be the last to s= upport compiling with OpenSSL 1.1.0. Deprecated Python 3.6 support. Python 3.6 is no longer supported by the = Python core team. Support for Python 3.6 will be removed in a future cryptogr= aphy release. Deprecated the current minimum supported Rust version (MSRV) of 1.41.0. = In the next release we will raise MSRV to 1.48.0. Users with the latest pip w= ill typically get a wheel and not need Rust installed, but check Installation= for documentation on installing a newer rustc if required. Deprecated CAST5, SEED, IDEA, and Blowfish because they are legacy algor= ithms with extremely low usage. These will be removed in a future version of = cryptography. Added limited support for distinguished names containing a bit string. We now ship universal2 wheels on macOS, which contain both arm64 and x86= _64 architectures. Users on macOS should upgrade to the latest pip to ensure = they can use this wheel, although we will continue to ship x86_64 specific wh= eels for now to ease the transition. This will be the final release for which we ship manylinux2010 wheels. G= oing forward the minimum supported manylinux ABI for our wheels will be manyl= inux2014. The vast majority of users will continue to receive manylinux wheel= s provided they have an up to date pip. For PyPy wheels this release already = requires manylinux2014 for compatibility with binaries distributed by upstrea= m. Added support for multiple OCSPSingleResponse in a OCSPResponse. Restored support for signing certificates and other structures in X.509 = with SHA3 hash algorithms. TripleDES is disabled in FIPS mode. Added support for serialization of PKCS#12 CA friendly names/aliases in = serialize_key_and_certificates() Added support for 12-15 byte (96 to 120 bit) nonces to AESOCB3. This cla= ss previously supported only 12 byte (96 bit). Added support for AESSIV when using OpenSSL 3.0.0+. Added support for serializing PKCS7 structures from a list of certificat= es with serialize_certificates. Added support for parsing RFC 4514 strings with from_rfc4514_string(). Added AUTO to PSS. This can be used to verify a signature where the salt= length is not already known. Added DIGEST_LENGTH to PSS. This constant will set the salt length to th= e same length as the PSS hash algorithm. Added support for loading RSA-PSS key types with load_pem_private_key() = and load_der_private_key(). This functionality is limited to OpenSSL 1.1.1e+ = and loads the key as a normal RSA private key, discarding the PSS constraint = information. Tested-by: Adolf Belka Signed-off-by: Adolf Belka --- config/rootfiles/packages/python3-cryptography | 17 ++++++++--------- lfs/python3-cryptography | 6 +++--- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/config/rootfiles/packages/python3-cryptography b/config/rootfile= s/packages/python3-cryptography index a9ee32faf..b665c0a03 100644 --- a/config/rootfiles/packages/python3-cryptography +++ b/config/rootfiles/packages/python3-cryptography @@ -1,11 +1,11 @@ usr/lib/python3.10/site-packages/cryptography -#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info -#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/PKG-IN= FO -#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/SOURCE= S.txt -#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/depend= ency_links.txt -#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/not-zi= p-safe -#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/requir= es.txt -#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/top_le= vel.txt +#usr/lib/python3.10/site-packages/cryptography-38.0.1-py3.10.egg-info +#usr/lib/python3.10/site-packages/cryptography-38.0.1-py3.10.egg-info/PKG-IN= FO +#usr/lib/python3.10/site-packages/cryptography-38.0.1-py3.10.egg-info/SOURCE= S.txt +#usr/lib/python3.10/site-packages/cryptography-38.0.1-py3.10.egg-info/depend= ency_links.txt +#usr/lib/python3.10/site-packages/cryptography-38.0.1-py3.10.egg-info/not-zi= p-safe +#usr/lib/python3.10/site-packages/cryptography-38.0.1-py3.10.egg-info/requir= es.txt +#usr/lib/python3.10/site-packages/cryptography-38.0.1-py3.10.egg-info/top_le= vel.txt usr/lib/python3.10/site-packages/cryptography/__about__.py usr/lib/python3.10/site-packages/cryptography/__init__.py usr/lib/python3.10/site-packages/cryptography/exceptions.py @@ -15,7 +15,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/__init= __.py usr/lib/python3.10/site-packages/cryptography/hazmat/_oid.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends usr/lib/python3.10/site-packages/cryptography/hazmat/backends/__init__.py -usr/lib/python3.10/site-packages/cryptography/hazmat/backends/interfaces.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/__init= __.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/aead.py @@ -28,7 +27,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backen= ds/openssl/dsa.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ec.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ed2551= 9.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ed448.= py -usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/encode= _asn1.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hashes= .py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hmac.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/poly13= 05.py @@ -40,6 +38,7 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backen= ds/openssl/x509.py usr/lib/python3.10/site-packages/cryptography/hazmat/bindings usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/__init__.py usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_openssl.abi3.= so +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_openssl.pyi usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust.abi3.so usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/__init__= .pyi diff --git a/lfs/python3-cryptography b/lfs/python3-cryptography index 77e5f06b0..f977ed14b 100644 --- a/lfs/python3-cryptography +++ b/lfs/python3-cryptography @@ -24,7 +24,7 @@ =20 include Config =20 -VER =3D 36.0.2 +VER =3D 38.0.1 =20 THISAPP =3D cryptography-$(VER) DL_FILE =3D $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM =3D $(URL_IPFIRE) DIR_APP =3D $(DIR_SRC)/$(THISAPP) TARGET =3D $(DIR_INFO)/$(THISAPP) PROG =3D python3-cryptography -PAK_VER =3D 2 +PAK_VER =3D 3 =20 DEPS =3D python3-cffi =20 @@ -46,7 +46,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_BLAKE2 =3D b34b994e44b1ccd099a56fba4a167d563a29652f86ab0f0000ef78= b4093a15cbfb82a9cebecdcaf6bca782a5fdd20f6c7d2206d68a219626a9fe8ae13e9aec5e +$(DL_FILE)_BLAKE2 =3D 40e17d43b72c35e77fab27efb66762e1d8002f9ba419220de68eb5= ce957a31410cca821a40494e0963cc590a4e0c01c70e4076009022056a26d08d22ce859664 =20 install : $(TARGET) =20 --=20 2.38.1 --===============5464662351248420677==--