From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 01/23] python3-cryptography: Update to version 36.0.2
Date: Fri, 17 Jun 2022 12:00:42 +0200 [thread overview]
Message-ID: <be339fc4-387b-0cd8-7993-76edc1182ada@ipfire.org> (raw)
In-Reply-To: <20220617094243.6422-1-adolf.belka@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 13427 bytes --]
Dear All,
For information this patch series can wait till CU170. It is not an urgent need to update in CU169.
Regards,
Adolf.
On 17/06/2022 11:42, Adolf Belka wrote:
> - Update from version 3.4.7 to 36.0.2
> After version 3.4.8 the numbering scheme changed to 35.0.0 in Sept 2021
> See Chanelog section 35.0.0 below
> - New release requires a lot of rust packages - see Changelog sections 35.0.0 & 36.0.0
> below. The required rust packages are installed in separate patches in this series
> - Update of rootfile
> - Changelog
> 36.0.2 - 2022-03-15¶
> Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1n.
> 36.0.1 - 2021-12-14¶
> Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1m.
> 36.0.0 - 2021-11-21¶
> FINAL DEPRECATION Support for verifier and signer on our asymmetric key
> classes was deprecated in version 2.0. These functions had an extended
> deprecation due to usage, however the next version of cryptography will drop
> support. Users should migrate to sign and verify.
> The entire X.509 layer is now written in Rust. This allows alternate
> asymmetric key implementations that can support cloud key management
> services or hardware security modules provided they implement the necessary
> interface (for example: EllipticCurvePrivateKey).
> Deprecated the backend argument for all functions.
> Added support for AESOCB3.
> Added support for iterating over arbitrary request attributes.
> Deprecated the get_attribute_for_oid method on CertificateSigningRequest in
> favor of get_attribute_for_oid() on the new Attributes object.
> Fixed handling of PEM files to allow loading when certificate and key are in
> the same file.
> Fixed parsing of CertificatePolicies extensions containing legacy BMPString
> values in their explicitText.
> Allow parsing of negative serial numbers in certificates. Negative serial
> numbers are prohibited by RFC 5280 so a deprecation warning will be raised
> whenever they are encountered. A future version of cryptography will drop
> support for parsing them.
> Added support for parsing PKCS12 files with friendly names for all
> certificates with load_pkcs12(), which will return an object of type
> PKCS12KeyAndCertificates.
> rfc4514_string() and related methods now have an optional attr_name_overrides
> parameter to supply custom OID to name mappings, which can be used to match
> vendor-specific extensions.
> BACKWARDS INCOMPATIBLE: Reverted the nonstandard formatting of email address
> fields as E in rfc4514_string() methods from version 35.0.
> The previous behavior can be restored with:
> name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"})
> Allow X25519PublicKey and X448PublicKey to be used as public keys when
> parsing certificates or creating them with CertificateBuilder. These key
> types must be signed with a different signing algorithm as X25519 and X448
> do not support signing.
> Extension values can now be serialized to a DER byte string by calling
> public_bytes().
> Added experimental support for compiling against BoringSSL. As BoringSSL
> does not commit to a stable API, cryptography tests against the latest
> commit only. Please note that several features are not available when
> building against BoringSSL.
> Parsing CertificateSigningRequest from DER and PEM now, for a limited time
> period, allows the Extension critical field to be incorrectly encoded. See
> the issue for complete details. This will be reverted in a future
> cryptography release.
> When OCSPNonce are parsed and generated their value is now correctly wrapped
> in an ASN.1 OCTET STRING. This conforms to RFC 6960 but conflicts with the
> original behavior specified in RFC 2560. For a temporary period for
> backwards compatibility, we will also parse values that are encoded as
> specified in RFC 2560 but this behavior will be removed in a future release.
> 35.0.0 - 2021-09-29¶
> Changed the version scheme. This will result in us incrementing the major
> version more frequently, but does not change our existing backwards
> compatibility policy.
> BACKWARDS INCOMPATIBLE: The X.509 PEM parsers now require that the PEM
> string passed have PEM delimiters of the correct type. For example, parsing
> a private key PEM concatenated with a certificate PEM will no longer be
> accepted by the PEM certificate parser.
> BACKWARDS INCOMPATIBLE: The X.509 certificate parser no longer allows
> negative serial numbers. RFC 5280 has always prohibited these.
> BACKWARDS INCOMPATIBLE: Additional forms of invalid ASN.1 found during X.509
> parsing will raise an error on initial parse rather than when the malformed
> field is accessed.
> Rust is now required for building cryptography, the
> CRYPTOGRAPHY_DONT_BUILD_RUST environment variable is no longer respected.
> Parsers for X.509 no longer use OpenSSL and have been rewritten in Rust.
> This should be backwards compatible (modulo the items listed above) and
> improve both security and performance.
> Added support for OpenSSL 3.0.0 as a compilation target.
> Added support for SM3 and SM4, when using OpenSSL 1.1.1. These algorithms
> are provided for compatibility in regions where they may be required, and
> are not generally recommended.
> We now ship manylinux_2_24 and musllinux_1_1 wheels, in addition to our
> manylinux2010 and manylinux2014 wheels. Users on distributions like Alpine
> Linux should ensure they upgrade to the latest pip to correctly receive
> wheels.
> Added rfc4514_attribute_name attribute to x509.NameAttribute.
> Added KBKDFCMAC.
> 3.4.8 - 2021-08-24¶
> Updated Windows, macOS, and manylinux wheels to be compiled with
> OpenSSL 1.1.1l.
>
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
> .../rootfiles/packages/python3-cryptography | 25 ++++++++++---------
> lfs/python3-cryptography | 6 ++---
> 2 files changed, 16 insertions(+), 15 deletions(-)
>
> diff --git a/config/rootfiles/packages/python3-cryptography b/config/rootfiles/packages/python3-cryptography
> index 9f63606fb..a9ee32faf 100644
> --- a/config/rootfiles/packages/python3-cryptography
> +++ b/config/rootfiles/packages/python3-cryptography
> @@ -1,20 +1,18 @@
> usr/lib/python3.10/site-packages/cryptography
> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info
> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/PKG-INFO
> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/SOURCES.txt
> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/dependency_links.txt
> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/not-zip-safe
> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/requires.txt
> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/top_level.txt
> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info
> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/PKG-INFO
> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/SOURCES.txt
> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/dependency_links.txt
> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/not-zip-safe
> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/requires.txt
> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/top_level.txt
> usr/lib/python3.10/site-packages/cryptography/__about__.py
> usr/lib/python3.10/site-packages/cryptography/__init__.py
> usr/lib/python3.10/site-packages/cryptography/exceptions.py
> usr/lib/python3.10/site-packages/cryptography/fernet.py
> usr/lib/python3.10/site-packages/cryptography/hazmat
> usr/lib/python3.10/site-packages/cryptography/hazmat/__init__.py
> -usr/lib/python3.10/site-packages/cryptography/hazmat/_der.py
> usr/lib/python3.10/site-packages/cryptography/hazmat/_oid.py
> -usr/lib/python3.10/site-packages/cryptography/hazmat/_types.py
> usr/lib/python3.10/site-packages/cryptography/hazmat/backends
> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/__init__.py
> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/interfaces.py
> @@ -33,7 +31,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ed448.py
> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.py
> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hashes.py
> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hmac.py
> -usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ocsp.py
> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/poly1305.py
> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/rsa.py
> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/utils.py
> @@ -43,8 +40,12 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/x509.py
> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings
> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/__init__.py
> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so
> -usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_padding.abi3.so
> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust
> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust.abi3.so
> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/__init__.pyi
> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/asn1.pyi
> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/ocsp.pyi
> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/x509.pyi
> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl
> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/__init__.py
> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/_conditional.py
> @@ -63,6 +64,7 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ed255
> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ed448.py
> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/padding.py
> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py
> +usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/types.py
> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/utils.py
> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/x25519.py
> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/x448.py
> @@ -97,7 +99,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor
> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/__init__.py
> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/hotp.py
> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/totp.py
> -usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/utils.py
> usr/lib/python3.10/site-packages/cryptography/py.typed
> usr/lib/python3.10/site-packages/cryptography/utils.py
> usr/lib/python3.10/site-packages/cryptography/x509
> diff --git a/lfs/python3-cryptography b/lfs/python3-cryptography
> index f3090bc6a..77e5f06b0 100644
> --- a/lfs/python3-cryptography
> +++ b/lfs/python3-cryptography
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 3.4.7
> +VER = 36.0.2
>
> THISAPP = cryptography-$(VER)
> DL_FILE = $(THISAPP).tar.gz
> @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
> DIR_APP = $(DIR_SRC)/$(THISAPP)
> TARGET = $(DIR_INFO)/$(THISAPP)
> PROG = python3-cryptography
> -PAK_VER = 1
> +PAK_VER = 2
>
> DEPS = python3-cffi
>
> @@ -46,7 +46,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_BLAKE2 = 49bc1e098ed1ba0181059b645f6668cda6332d196eaca55270ebce6e07e5bb6ab6724c5050fde20e89b7025773960d74ec782bb875badbbd5dc9a04db0a536f1
> +$(DL_FILE)_BLAKE2 = b34b994e44b1ccd099a56fba4a167d563a29652f86ab0f0000ef78b4093a15cbfb82a9cebecdcaf6bca782a5fdd20f6c7d2206d68a219626a9fe8ae13e9aec5e
>
> install : $(TARGET)
>
next prev parent reply other threads:[~2022-06-17 10:00 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-17 9:42 Adolf Belka
2022-06-17 9:42 ` [PATCH 02/23] make.sh: New rust dependencies for python3-cryptography Adolf Belka
2022-06-17 9:42 ` [PATCH 03/23] rust-pyo3: Update to version 0.15.1 - required " Adolf Belka
2022-06-25 11:48 ` Peter Müller
2022-06-26 9:33 ` Michael Tremer
2022-06-27 17:04 ` Adolf Belka
2022-06-28 7:20 ` Peter Müller
2022-06-17 9:42 ` [PATCH 04/23] rust-pyo3-macros: Update to version 0.15.1 - required for python3-cryptography update Adolf Belka
2022-06-17 9:42 ` [PATCH 05/23] rust-pyo3-macros-backend: " Adolf Belka
2022-06-17 9:42 ` [PATCH 06/23] rust-Inflector: Required for update of python3-cryptography Adolf Belka
2022-06-17 9:42 ` [PATCH 07/23] rust-aliasable: " Adolf Belka
2022-06-17 9:42 ` [PATCH 08/23] rust-asn1: " Adolf Belka
2022-06-17 9:42 ` [PATCH 09/23] rust-asn1_derive: " Adolf Belka
2022-06-17 9:42 ` [PATCH 10/23] rust-base64: " Adolf Belka
2022-06-17 9:42 ` [PATCH 11/23] rust-chrono: " Adolf Belka
2022-06-17 9:42 ` [PATCH 12/23] rust-indoc-0.3.6: " Adolf Belka
2022-06-17 9:42 ` [PATCH 13/23] rust-num-integer: " Adolf Belka
2022-06-17 9:42 ` [PATCH 14/23] rust-num-traits: " Adolf Belka
2022-06-17 9:42 ` [PATCH 15/23] rust-num_threads: " Adolf Belka
2022-06-17 9:42 ` [PATCH 16/23] rust-ouroboros: " Adolf Belka
2022-06-17 9:42 ` [PATCH 17/23] rust-ouroboros_macro: " Adolf Belka
2022-06-17 9:42 ` [PATCH 18/23] rust-paste-0.1.18: " Adolf Belka
2022-06-17 9:42 ` [PATCH 19/23] rust-pem: " Adolf Belka
2022-06-17 9:42 ` [PATCH 20/23] rust-proc-macro-error: " Adolf Belka
2022-06-17 9:42 ` [PATCH 21/23] rust-proc-macro-error-attr: " Adolf Belka
2022-06-17 9:42 ` [PATCH 22/23] rust-stable_deref_trait: " Adolf Belka
2022-06-17 9:42 ` [PATCH 23/23] rust-time: " Adolf Belka
2022-06-17 10:00 ` Adolf Belka [this message]
2022-06-17 10:14 ` [PATCH 01/23] python3-cryptography: Update to version 36.0.2 Michael Tremer
2022-06-17 11:10 ` Adolf Belka
2022-06-18 14:51 ` Peter Müller
2022-06-18 16:20 ` Adolf Belka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=be339fc4-387b-0cd8-7993-76edc1182ada@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox