Hi Peter, On 18/06/2022 16:51, Peter Müller wrote: > Hello Adolf, > > I can only concur with Michael, and thank you for all your work. > > For size reasons, I would abstain from cramping these patches into Core Update 169 (which > is currently at 98 MByte on x86_64), and defer them to Core Update 170. Would that be > fine to you? Absolutely fine for me. I was expecting that it would wait till CU170. Adolf. > > Thanks, and best regards, > Peter Müller > > >> >> >> On 17/06/2022 12:14, Michael Tremer wrote: >>> Oh wow. 23 patches. >> and would have been 26 patches without your help on removing the windows requirements. >>> >>> That looks like a lot of work! >>> >>> Thank you for this. I will not tag them all individually if that is okay :) >> That is fine by me :-) >>> >>> -Michael >>> >>>> On 17 Jun 2022, at 11:00, Adolf Belka wrote: >>>> >>>> Dear All, >>>> >>>> For information this patch series can wait till CU170. It is not an urgent need to update in CU169. >>>> >>>> Regards, >>>> Adolf. >>>> >>>> On 17/06/2022 11:42, Adolf Belka wrote: >>>>> - Update from version 3.4.7 to 36.0.2 >>>>>     After version 3.4.8 the numbering scheme changed to 35.0.0 in Sept 2021 >>>>>     See Chanelog section 35.0.0 below >>>>> - New release requires a lot of rust packages - see Changelog sections 35.0.0 & 36.0.0 >>>>>     below. The required rust packages are installed in separate patches in this series >>>>> - Update of rootfile >>>>> - Changelog >>>>>     36.0.2 - 2022-03-15¶ >>>>>         Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1n. >>>>>     36.0.1 - 2021-12-14¶ >>>>>         Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1m. >>>>>     36.0.0 - 2021-11-21¶ >>>>>         FINAL DEPRECATION Support for verifier and signer on our asymmetric key >>>>>               classes was deprecated in version 2.0. These functions had an extended >>>>>               deprecation due to usage, however the next version of cryptography will drop >>>>>               support. Users should migrate to sign and verify. >>>>>         The entire X.509 layer is now written in Rust. This allows alternate >>>>>               asymmetric key implementations that can support cloud key management >>>>>               services or hardware security modules provided they implement the necessary >>>>>               interface (for example: EllipticCurvePrivateKey). >>>>>         Deprecated the backend argument for all functions. >>>>>         Added support for AESOCB3. >>>>>         Added support for iterating over arbitrary request attributes. >>>>>         Deprecated the get_attribute_for_oid method on CertificateSigningRequest in >>>>>               favor of get_attribute_for_oid() on the new Attributes object. >>>>>         Fixed handling of PEM files to allow loading when certificate and key are in >>>>>               the same file. >>>>>         Fixed parsing of CertificatePolicies extensions containing legacy BMPString >>>>>               values in their explicitText. >>>>>         Allow parsing of negative serial numbers in certificates. Negative serial >>>>>               numbers are prohibited by RFC 5280 so a deprecation warning will be raised >>>>>               whenever they are encountered. A future version of cryptography will drop >>>>>               support for parsing them. >>>>>         Added support for parsing PKCS12 files with friendly names for all >>>>>               certificates with load_pkcs12(), which will return an object of type >>>>>               PKCS12KeyAndCertificates. >>>>>         rfc4514_string() and related methods now have an optional attr_name_overrides >>>>>               parameter to supply custom OID to name mappings, which can be used to match >>>>>               vendor-specific extensions. >>>>>         BACKWARDS INCOMPATIBLE: Reverted the nonstandard formatting of email address >>>>>               fields as E in rfc4514_string() methods from version 35.0. >>>>>         The previous behavior can be restored with: >>>>>               name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"}) >>>>>         Allow X25519PublicKey and X448PublicKey to be used as public keys when >>>>>               parsing certificates or creating them with CertificateBuilder. These key >>>>>               types must be signed with a different signing algorithm as X25519 and X448 >>>>>               do not support signing. >>>>>         Extension values can now be serialized to a DER byte string by calling >>>>>               public_bytes(). >>>>>         Added experimental support for compiling against BoringSSL. As BoringSSL >>>>>               does not commit to a stable API, cryptography tests against the latest >>>>>               commit only. Please note that several features are not available when >>>>>               building against BoringSSL. >>>>>         Parsing CertificateSigningRequest from DER and PEM now, for a limited time >>>>>               period, allows the Extension critical field to be incorrectly encoded. See >>>>>               the issue for complete details. This will be reverted in a future >>>>>               cryptography release. >>>>>         When OCSPNonce are parsed and generated their value is now correctly wrapped >>>>>               in an ASN.1 OCTET STRING. This conforms to RFC 6960 but conflicts with the >>>>>               original behavior specified in RFC 2560. For a temporary period for >>>>>               backwards compatibility, we will also parse values that are encoded as >>>>>               specified in RFC 2560 but this behavior will be removed in a future release. >>>>>     35.0.0 - 2021-09-29¶ >>>>>         Changed the version scheme. This will result in us incrementing the major >>>>>               version more frequently, but does not change our existing backwards >>>>>               compatibility policy. >>>>>         BACKWARDS INCOMPATIBLE: The X.509 PEM parsers now require that the PEM >>>>>               string passed have PEM delimiters of the correct type. For example, parsing >>>>>               a private key PEM concatenated with a certificate PEM will no longer be >>>>>               accepted by the PEM certificate parser. >>>>>         BACKWARDS INCOMPATIBLE: The X.509 certificate parser no longer allows >>>>>               negative serial numbers. RFC 5280 has always prohibited these. >>>>>         BACKWARDS INCOMPATIBLE: Additional forms of invalid ASN.1 found during X.509 >>>>>               parsing will raise an error on initial parse rather than when the malformed >>>>>               field is accessed. >>>>>         Rust is now required for building cryptography, the >>>>>               CRYPTOGRAPHY_DONT_BUILD_RUST environment variable is no longer respected. >>>>>         Parsers for X.509 no longer use OpenSSL and have been rewritten in Rust. >>>>>               This should be backwards compatible (modulo the items listed above) and >>>>>               improve both security and performance. >>>>>         Added support for OpenSSL 3.0.0 as a compilation target. >>>>>         Added support for SM3 and SM4, when using OpenSSL 1.1.1. These algorithms >>>>>               are provided for compatibility in regions where they may be required, and >>>>>               are not generally recommended. >>>>>         We now ship manylinux_2_24 and musllinux_1_1 wheels, in addition to our >>>>>               manylinux2010 and manylinux2014 wheels. Users on distributions like Alpine >>>>>               Linux should ensure they upgrade to the latest pip to correctly receive >>>>>               wheels. >>>>>         Added rfc4514_attribute_name attribute to x509.NameAttribute. >>>>>         Added KBKDFCMAC. >>>>>     3.4.8 - 2021-08-24¶ >>>>>         Updated Windows, macOS, and manylinux wheels to be compiled with >>>>>               OpenSSL 1.1.1l. >>>>> Signed-off-by: Adolf Belka >>>>> --- >>>>>   .../rootfiles/packages/python3-cryptography   | 25 ++++++++++--------- >>>>>   lfs/python3-cryptography                      |  6 ++--- >>>>>   2 files changed, 16 insertions(+), 15 deletions(-) >>>>> diff --git a/config/rootfiles/packages/python3-cryptography b/config/rootfiles/packages/python3-cryptography >>>>> index 9f63606fb..a9ee32faf 100644 >>>>> --- a/config/rootfiles/packages/python3-cryptography >>>>> +++ b/config/rootfiles/packages/python3-cryptography >>>>> @@ -1,20 +1,18 @@ >>>>>   usr/lib/python3.10/site-packages/cryptography >>>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info >>>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/PKG-INFO >>>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/SOURCES.txt >>>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/dependency_links.txt >>>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/not-zip-safe >>>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/requires.txt >>>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/top_level.txt >>>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info >>>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/PKG-INFO >>>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/SOURCES.txt >>>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/dependency_links.txt >>>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/not-zip-safe >>>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/requires.txt >>>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/top_level.txt >>>>>   usr/lib/python3.10/site-packages/cryptography/__about__.py >>>>>   usr/lib/python3.10/site-packages/cryptography/__init__.py >>>>>   usr/lib/python3.10/site-packages/cryptography/exceptions.py >>>>>   usr/lib/python3.10/site-packages/cryptography/fernet.py >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/__init__.py >>>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/_der.py >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/_oid.py >>>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/_types.py >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/backends >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/backends/__init__.py >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/backends/interfaces.py >>>>> @@ -33,7 +31,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ed448.py >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.py >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hashes.py >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hmac.py >>>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ocsp.py >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/poly1305.py >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/rsa.py >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/utils.py >>>>> @@ -43,8 +40,12 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/x509.py >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/bindings >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/__init__.py >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so >>>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_padding.abi3.so >>>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust.abi3.so >>>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/__init__.pyi >>>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/asn1.pyi >>>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/ocsp.pyi >>>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/x509.pyi >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/__init__.py >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/_conditional.py >>>>> @@ -63,6 +64,7 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ed255 >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ed448.py >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/padding.py >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py >>>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/types.py >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/utils.py >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/x25519.py >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/x448.py >>>>> @@ -97,7 +99,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/__init__.py >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/hotp.py >>>>>   usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/totp.py >>>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/utils.py >>>>>   usr/lib/python3.10/site-packages/cryptography/py.typed >>>>>   usr/lib/python3.10/site-packages/cryptography/utils.py >>>>>   usr/lib/python3.10/site-packages/cryptography/x509 >>>>> diff --git a/lfs/python3-cryptography b/lfs/python3-cryptography >>>>> index f3090bc6a..77e5f06b0 100644 >>>>> --- a/lfs/python3-cryptography >>>>> +++ b/lfs/python3-cryptography >>>>> @@ -24,7 +24,7 @@ >>>>>     include Config >>>>>   -VER        = 3.4.7 >>>>> +VER        = 36.0.2 >>>>>     THISAPP    = cryptography-$(VER) >>>>>   DL_FILE    = $(THISAPP).tar.gz >>>>> @@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE) >>>>>   DIR_APP    = $(DIR_SRC)/$(THISAPP) >>>>>   TARGET     = $(DIR_INFO)/$(THISAPP) >>>>>   PROG       = python3-cryptography >>>>> -PAK_VER    = 1 >>>>> +PAK_VER    = 2 >>>>>     DEPS       = python3-cffi >>>>>   @@ -46,7 +46,7 @@ objects = $(DL_FILE) >>>>>     $(DL_FILE) = $(DL_FROM)/$(DL_FILE) >>>>>   -$(DL_FILE)_BLAKE2 = 49bc1e098ed1ba0181059b645f6668cda6332d196eaca55270ebce6e07e5bb6ab6724c5050fde20e89b7025773960d74ec782bb875badbbd5dc9a04db0a536f1 >>>>> +$(DL_FILE)_BLAKE2 = b34b994e44b1ccd099a56fba4a167d563a29652f86ab0f0000ef78b4093a15cbfb82a9cebecdcaf6bca782a5fdd20f6c7d2206d68a219626a9fe8ae13e9aec5e >>>>>     install : $(TARGET) >>>>> >>>