From: "Peter Müller" <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 01/23] python3-cryptography: Update to version 36.0.2
Date: Sat, 18 Jun 2022 14:51:23 +0000 [thread overview]
Message-ID: <c291c184-bb33-951c-070b-faa8bef1ddfe@ipfire.org> (raw)
In-Reply-To: <07306f51-8b53-70fa-cca5-167160d00f59@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 15872 bytes --]
Hello Adolf,
I can only concur with Michael, and thank you for all your work.
For size reasons, I would abstain from cramping these patches into Core Update 169 (which
is currently at 98 MByte on x86_64), and defer them to Core Update 170. Would that be
fine to you?
Thanks, and best regards,
Peter Müller
>
>
> On 17/06/2022 12:14, Michael Tremer wrote:
>> Oh wow. 23 patches.
> and would have been 26 patches without your help on removing the windows requirements.
>>
>> That looks like a lot of work!
>>
>> Thank you for this. I will not tag them all individually if that is okay :)
> That is fine by me :-)
>>
>> -Michael
>>
>>> On 17 Jun 2022, at 11:00, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>>
>>> Dear All,
>>>
>>> For information this patch series can wait till CU170. It is not an urgent need to update in CU169.
>>>
>>> Regards,
>>> Adolf.
>>>
>>> On 17/06/2022 11:42, Adolf Belka wrote:
>>>> - Update from version 3.4.7 to 36.0.2
>>>> After version 3.4.8 the numbering scheme changed to 35.0.0 in Sept 2021
>>>> See Chanelog section 35.0.0 below
>>>> - New release requires a lot of rust packages - see Changelog sections 35.0.0 & 36.0.0
>>>> below. The required rust packages are installed in separate patches in this series
>>>> - Update of rootfile
>>>> - Changelog
>>>> 36.0.2 - 2022-03-15¶
>>>> Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1n.
>>>> 36.0.1 - 2021-12-14¶
>>>> Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1m.
>>>> 36.0.0 - 2021-11-21¶
>>>> FINAL DEPRECATION Support for verifier and signer on our asymmetric key
>>>> classes was deprecated in version 2.0. These functions had an extended
>>>> deprecation due to usage, however the next version of cryptography will drop
>>>> support. Users should migrate to sign and verify.
>>>> The entire X.509 layer is now written in Rust. This allows alternate
>>>> asymmetric key implementations that can support cloud key management
>>>> services or hardware security modules provided they implement the necessary
>>>> interface (for example: EllipticCurvePrivateKey).
>>>> Deprecated the backend argument for all functions.
>>>> Added support for AESOCB3.
>>>> Added support for iterating over arbitrary request attributes.
>>>> Deprecated the get_attribute_for_oid method on CertificateSigningRequest in
>>>> favor of get_attribute_for_oid() on the new Attributes object.
>>>> Fixed handling of PEM files to allow loading when certificate and key are in
>>>> the same file.
>>>> Fixed parsing of CertificatePolicies extensions containing legacy BMPString
>>>> values in their explicitText.
>>>> Allow parsing of negative serial numbers in certificates. Negative serial
>>>> numbers are prohibited by RFC 5280 so a deprecation warning will be raised
>>>> whenever they are encountered. A future version of cryptography will drop
>>>> support for parsing them.
>>>> Added support for parsing PKCS12 files with friendly names for all
>>>> certificates with load_pkcs12(), which will return an object of type
>>>> PKCS12KeyAndCertificates.
>>>> rfc4514_string() and related methods now have an optional attr_name_overrides
>>>> parameter to supply custom OID to name mappings, which can be used to match
>>>> vendor-specific extensions.
>>>> BACKWARDS INCOMPATIBLE: Reverted the nonstandard formatting of email address
>>>> fields as E in rfc4514_string() methods from version 35.0.
>>>> The previous behavior can be restored with:
>>>> name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"})
>>>> Allow X25519PublicKey and X448PublicKey to be used as public keys when
>>>> parsing certificates or creating them with CertificateBuilder. These key
>>>> types must be signed with a different signing algorithm as X25519 and X448
>>>> do not support signing.
>>>> Extension values can now be serialized to a DER byte string by calling
>>>> public_bytes().
>>>> Added experimental support for compiling against BoringSSL. As BoringSSL
>>>> does not commit to a stable API, cryptography tests against the latest
>>>> commit only. Please note that several features are not available when
>>>> building against BoringSSL.
>>>> Parsing CertificateSigningRequest from DER and PEM now, for a limited time
>>>> period, allows the Extension critical field to be incorrectly encoded. See
>>>> the issue for complete details. This will be reverted in a future
>>>> cryptography release.
>>>> When OCSPNonce are parsed and generated their value is now correctly wrapped
>>>> in an ASN.1 OCTET STRING. This conforms to RFC 6960 but conflicts with the
>>>> original behavior specified in RFC 2560. For a temporary period for
>>>> backwards compatibility, we will also parse values that are encoded as
>>>> specified in RFC 2560 but this behavior will be removed in a future release.
>>>> 35.0.0 - 2021-09-29¶
>>>> Changed the version scheme. This will result in us incrementing the major
>>>> version more frequently, but does not change our existing backwards
>>>> compatibility policy.
>>>> BACKWARDS INCOMPATIBLE: The X.509 PEM parsers now require that the PEM
>>>> string passed have PEM delimiters of the correct type. For example, parsing
>>>> a private key PEM concatenated with a certificate PEM will no longer be
>>>> accepted by the PEM certificate parser.
>>>> BACKWARDS INCOMPATIBLE: The X.509 certificate parser no longer allows
>>>> negative serial numbers. RFC 5280 has always prohibited these.
>>>> BACKWARDS INCOMPATIBLE: Additional forms of invalid ASN.1 found during X.509
>>>> parsing will raise an error on initial parse rather than when the malformed
>>>> field is accessed.
>>>> Rust is now required for building cryptography, the
>>>> CRYPTOGRAPHY_DONT_BUILD_RUST environment variable is no longer respected.
>>>> Parsers for X.509 no longer use OpenSSL and have been rewritten in Rust.
>>>> This should be backwards compatible (modulo the items listed above) and
>>>> improve both security and performance.
>>>> Added support for OpenSSL 3.0.0 as a compilation target.
>>>> Added support for SM3 and SM4, when using OpenSSL 1.1.1. These algorithms
>>>> are provided for compatibility in regions where they may be required, and
>>>> are not generally recommended.
>>>> We now ship manylinux_2_24 and musllinux_1_1 wheels, in addition to our
>>>> manylinux2010 and manylinux2014 wheels. Users on distributions like Alpine
>>>> Linux should ensure they upgrade to the latest pip to correctly receive
>>>> wheels.
>>>> Added rfc4514_attribute_name attribute to x509.NameAttribute.
>>>> Added KBKDFCMAC.
>>>> 3.4.8 - 2021-08-24¶
>>>> Updated Windows, macOS, and manylinux wheels to be compiled with
>>>> OpenSSL 1.1.1l.
>>>> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
>>>> ---
>>>> .../rootfiles/packages/python3-cryptography | 25 ++++++++++---------
>>>> lfs/python3-cryptography | 6 ++---
>>>> 2 files changed, 16 insertions(+), 15 deletions(-)
>>>> diff --git a/config/rootfiles/packages/python3-cryptography b/config/rootfiles/packages/python3-cryptography
>>>> index 9f63606fb..a9ee32faf 100644
>>>> --- a/config/rootfiles/packages/python3-cryptography
>>>> +++ b/config/rootfiles/packages/python3-cryptography
>>>> @@ -1,20 +1,18 @@
>>>> usr/lib/python3.10/site-packages/cryptography
>>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info
>>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/PKG-INFO
>>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/SOURCES.txt
>>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/dependency_links.txt
>>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/not-zip-safe
>>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/requires.txt
>>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/top_level.txt
>>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info
>>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/PKG-INFO
>>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/SOURCES.txt
>>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/dependency_links.txt
>>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/not-zip-safe
>>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/requires.txt
>>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/top_level.txt
>>>> usr/lib/python3.10/site-packages/cryptography/__about__.py
>>>> usr/lib/python3.10/site-packages/cryptography/__init__.py
>>>> usr/lib/python3.10/site-packages/cryptography/exceptions.py
>>>> usr/lib/python3.10/site-packages/cryptography/fernet.py
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/__init__.py
>>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/_der.py
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/_oid.py
>>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/_types.py
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/__init__.py
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/interfaces.py
>>>> @@ -33,7 +31,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ed448.py
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.py
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hashes.py
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hmac.py
>>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ocsp.py
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/poly1305.py
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/rsa.py
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/utils.py
>>>> @@ -43,8 +40,12 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/x509.py
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/__init__.py
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so
>>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_padding.abi3.so
>>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust.abi3.so
>>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/__init__.pyi
>>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/asn1.pyi
>>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/ocsp.pyi
>>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/x509.pyi
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/__init__.py
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/_conditional.py
>>>> @@ -63,6 +64,7 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ed255
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ed448.py
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/padding.py
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py
>>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/types.py
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/utils.py
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/x25519.py
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/x448.py
>>>> @@ -97,7 +99,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/__init__.py
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/hotp.py
>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/totp.py
>>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/utils.py
>>>> usr/lib/python3.10/site-packages/cryptography/py.typed
>>>> usr/lib/python3.10/site-packages/cryptography/utils.py
>>>> usr/lib/python3.10/site-packages/cryptography/x509
>>>> diff --git a/lfs/python3-cryptography b/lfs/python3-cryptography
>>>> index f3090bc6a..77e5f06b0 100644
>>>> --- a/lfs/python3-cryptography
>>>> +++ b/lfs/python3-cryptography
>>>> @@ -24,7 +24,7 @@
>>>> include Config
>>>> -VER = 3.4.7
>>>> +VER = 36.0.2
>>>> THISAPP = cryptography-$(VER)
>>>> DL_FILE = $(THISAPP).tar.gz
>>>> @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
>>>> DIR_APP = $(DIR_SRC)/$(THISAPP)
>>>> TARGET = $(DIR_INFO)/$(THISAPP)
>>>> PROG = python3-cryptography
>>>> -PAK_VER = 1
>>>> +PAK_VER = 2
>>>> DEPS = python3-cffi
>>>> @@ -46,7 +46,7 @@ objects = $(DL_FILE)
>>>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>>> -$(DL_FILE)_BLAKE2 = 49bc1e098ed1ba0181059b645f6668cda6332d196eaca55270ebce6e07e5bb6ab6724c5050fde20e89b7025773960d74ec782bb875badbbd5dc9a04db0a536f1
>>>> +$(DL_FILE)_BLAKE2 = b34b994e44b1ccd099a56fba4a167d563a29652f86ab0f0000ef78b4093a15cbfb82a9cebecdcaf6bca782a5fdd20f6c7d2206d68a219626a9fe8ae13e9aec5e
>>>> install : $(TARGET)
>>>>
>>
next prev parent reply other threads:[~2022-06-18 14:51 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-17 9:42 Adolf Belka
2022-06-17 9:42 ` [PATCH 02/23] make.sh: New rust dependencies for python3-cryptography Adolf Belka
2022-06-17 9:42 ` [PATCH 03/23] rust-pyo3: Update to version 0.15.1 - required " Adolf Belka
2022-06-25 11:48 ` Peter Müller
2022-06-26 9:33 ` Michael Tremer
2022-06-27 17:04 ` Adolf Belka
2022-06-28 7:20 ` Peter Müller
2022-06-17 9:42 ` [PATCH 04/23] rust-pyo3-macros: Update to version 0.15.1 - required for python3-cryptography update Adolf Belka
2022-06-17 9:42 ` [PATCH 05/23] rust-pyo3-macros-backend: " Adolf Belka
2022-06-17 9:42 ` [PATCH 06/23] rust-Inflector: Required for update of python3-cryptography Adolf Belka
2022-06-17 9:42 ` [PATCH 07/23] rust-aliasable: " Adolf Belka
2022-06-17 9:42 ` [PATCH 08/23] rust-asn1: " Adolf Belka
2022-06-17 9:42 ` [PATCH 09/23] rust-asn1_derive: " Adolf Belka
2022-06-17 9:42 ` [PATCH 10/23] rust-base64: " Adolf Belka
2022-06-17 9:42 ` [PATCH 11/23] rust-chrono: " Adolf Belka
2022-06-17 9:42 ` [PATCH 12/23] rust-indoc-0.3.6: " Adolf Belka
2022-06-17 9:42 ` [PATCH 13/23] rust-num-integer: " Adolf Belka
2022-06-17 9:42 ` [PATCH 14/23] rust-num-traits: " Adolf Belka
2022-06-17 9:42 ` [PATCH 15/23] rust-num_threads: " Adolf Belka
2022-06-17 9:42 ` [PATCH 16/23] rust-ouroboros: " Adolf Belka
2022-06-17 9:42 ` [PATCH 17/23] rust-ouroboros_macro: " Adolf Belka
2022-06-17 9:42 ` [PATCH 18/23] rust-paste-0.1.18: " Adolf Belka
2022-06-17 9:42 ` [PATCH 19/23] rust-pem: " Adolf Belka
2022-06-17 9:42 ` [PATCH 20/23] rust-proc-macro-error: " Adolf Belka
2022-06-17 9:42 ` [PATCH 21/23] rust-proc-macro-error-attr: " Adolf Belka
2022-06-17 9:42 ` [PATCH 22/23] rust-stable_deref_trait: " Adolf Belka
2022-06-17 9:42 ` [PATCH 23/23] rust-time: " Adolf Belka
2022-06-17 10:00 ` [PATCH 01/23] python3-cryptography: Update to version 36.0.2 Adolf Belka
2022-06-17 10:14 ` Michael Tremer
2022-06-17 11:10 ` Adolf Belka
2022-06-18 14:51 ` Peter Müller [this message]
2022-06-18 16:20 ` Adolf Belka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c291c184-bb33-951c-070b-faa8bef1ddfe@ipfire.org \
--to=peter.mueller@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox