Dear All,
For information this patch series can wait till CU170. It is not an urgent need to update in CU169.
Regards, Adolf.
On 17/06/2022 11:42, Adolf Belka wrote:
- Update from version 3.4.7 to 36.0.2 After version 3.4.8 the numbering scheme changed to 35.0.0 in Sept 2021 See Chanelog section 35.0.0 below
- New release requires a lot of rust packages - see Changelog sections 35.0.0 & 36.0.0 below. The required rust packages are installed in separate patches in this series
- Update of rootfile
- Changelog 36.0.2 - 2022-03-15¶ Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1n. 36.0.1 - 2021-12-14¶ Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1m. 36.0.0 - 2021-11-21¶ FINAL DEPRECATION Support for verifier and signer on our asymmetric key classes was deprecated in version 2.0. These functions had an extended deprecation due to usage, however the next version of cryptography will drop support. Users should migrate to sign and verify. The entire X.509 layer is now written in Rust. This allows alternate asymmetric key implementations that can support cloud key management services or hardware security modules provided they implement the necessary interface (for example: EllipticCurvePrivateKey). Deprecated the backend argument for all functions. Added support for AESOCB3. Added support for iterating over arbitrary request attributes. Deprecated the get_attribute_for_oid method on CertificateSigningRequest in favor of get_attribute_for_oid() on the new Attributes object. Fixed handling of PEM files to allow loading when certificate and key are in the same file. Fixed parsing of CertificatePolicies extensions containing legacy BMPString values in their explicitText. Allow parsing of negative serial numbers in certificates. Negative serial numbers are prohibited by RFC 5280 so a deprecation warning will be raised whenever they are encountered. A future version of cryptography will drop support for parsing them. Added support for parsing PKCS12 files with friendly names for all certificates with load_pkcs12(), which will return an object of type PKCS12KeyAndCertificates. rfc4514_string() and related methods now have an optional attr_name_overrides parameter to supply custom OID to name mappings, which can be used to match vendor-specific extensions. BACKWARDS INCOMPATIBLE: Reverted the nonstandard formatting of email address fields as E in rfc4514_string() methods from version 35.0. The previous behavior can be restored with: name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"}) Allow X25519PublicKey and X448PublicKey to be used as public keys when parsing certificates or creating them with CertificateBuilder. These key types must be signed with a different signing algorithm as X25519 and X448 do not support signing. Extension values can now be serialized to a DER byte string by calling public_bytes(). Added experimental support for compiling against BoringSSL. As BoringSSL does not commit to a stable API, cryptography tests against the latest commit only. Please note that several features are not available when building against BoringSSL. Parsing CertificateSigningRequest from DER and PEM now, for a limited time period, allows the Extension critical field to be incorrectly encoded. See the issue for complete details. This will be reverted in a future cryptography release. When OCSPNonce are parsed and generated their value is now correctly wrapped in an ASN.1 OCTET STRING. This conforms to RFC 6960 but conflicts with the original behavior specified in RFC 2560. For a temporary period for backwards compatibility, we will also parse values that are encoded as specified in RFC 2560 but this behavior will be removed in a future release. 35.0.0 - 2021-09-29¶ Changed the version scheme. This will result in us incrementing the major version more frequently, but does not change our existing backwards compatibility policy. BACKWARDS INCOMPATIBLE: The X.509 PEM parsers now require that the PEM string passed have PEM delimiters of the correct type. For example, parsing a private key PEM concatenated with a certificate PEM will no longer be accepted by the PEM certificate parser. BACKWARDS INCOMPATIBLE: The X.509 certificate parser no longer allows negative serial numbers. RFC 5280 has always prohibited these. BACKWARDS INCOMPATIBLE: Additional forms of invalid ASN.1 found during X.509 parsing will raise an error on initial parse rather than when the malformed field is accessed. Rust is now required for building cryptography, the CRYPTOGRAPHY_DONT_BUILD_RUST environment variable is no longer respected. Parsers for X.509 no longer use OpenSSL and have been rewritten in Rust. This should be backwards compatible (modulo the items listed above) and improve both security and performance. Added support for OpenSSL 3.0.0 as a compilation target. Added support for SM3 and SM4, when using OpenSSL 1.1.1. These algorithms are provided for compatibility in regions where they may be required, and are not generally recommended. We now ship manylinux_2_24 and musllinux_1_1 wheels, in addition to our manylinux2010 and manylinux2014 wheels. Users on distributions like Alpine Linux should ensure they upgrade to the latest pip to correctly receive wheels. Added rfc4514_attribute_name attribute to x509.NameAttribute. Added KBKDFCMAC. 3.4.8 - 2021-08-24¶ Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1l.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
.../rootfiles/packages/python3-cryptography | 25 ++++++++++--------- lfs/python3-cryptography | 6 ++--- 2 files changed, 16 insertions(+), 15 deletions(-)
diff --git a/config/rootfiles/packages/python3-cryptography b/config/rootfiles/packages/python3-cryptography index 9f63606fb..a9ee32faf 100644 --- a/config/rootfiles/packages/python3-cryptography +++ b/config/rootfiles/packages/python3-cryptography @@ -1,20 +1,18 @@ usr/lib/python3.10/site-packages/cryptography -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/PKG-INFO -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/SOURCES.txt -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/dependency_links.txt -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/not-zip-safe -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/requires.txt -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/top_level.txt +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/PKG-INFO +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/SOURCES.txt +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/dependency_links.txt +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/not-zip-safe +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/requires.txt +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/top_level.txt usr/lib/python3.10/site-packages/cryptography/__about__.py usr/lib/python3.10/site-packages/cryptography/__init__.py usr/lib/python3.10/site-packages/cryptography/exceptions.py usr/lib/python3.10/site-packages/cryptography/fernet.py usr/lib/python3.10/site-packages/cryptography/hazmat usr/lib/python3.10/site-packages/cryptography/hazmat/__init__.py -usr/lib/python3.10/site-packages/cryptography/hazmat/_der.py usr/lib/python3.10/site-packages/cryptography/hazmat/_oid.py -usr/lib/python3.10/site-packages/cryptography/hazmat/_types.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends usr/lib/python3.10/site-packages/cryptography/hazmat/backends/__init__.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/interfaces.py @@ -33,7 +31,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ed448.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hashes.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hmac.py -usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ocsp.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/poly1305.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/rsa.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/utils.py @@ -43,8 +40,12 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/x509.py usr/lib/python3.10/site-packages/cryptography/hazmat/bindings usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/__init__.py usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so -usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_padding.abi3.so +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust.abi3.so +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/__init__.pyi +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/asn1.pyi +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/ocsp.pyi +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/x509.pyi usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/__init__.py usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/_conditional.py @@ -63,6 +64,7 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ed255 usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ed448.py usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/padding.py usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py +usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/types.py usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/utils.py usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/x25519.py usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/x448.py @@ -97,7 +99,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/__init__.py usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/hotp.py usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/totp.py -usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/utils.py usr/lib/python3.10/site-packages/cryptography/py.typed usr/lib/python3.10/site-packages/cryptography/utils.py usr/lib/python3.10/site-packages/cryptography/x509 diff --git a/lfs/python3-cryptography b/lfs/python3-cryptography index f3090bc6a..77e5f06b0 100644 --- a/lfs/python3-cryptography +++ b/lfs/python3-cryptography @@ -24,7 +24,7 @@
include Config
-VER = 3.4.7 +VER = 36.0.2
THISAPP = cryptography-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = python3-cryptography -PAK_VER = 1 +PAK_VER = 2
DEPS = python3-cffi
@@ -46,7 +46,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 49bc1e098ed1ba0181059b645f6668cda6332d196eaca55270ebce6e07e5bb6ab6724c5050fde20e89b7025773960d74ec782bb875badbbd5dc9a04db0a536f1 +$(DL_FILE)_BLAKE2 = b34b994e44b1ccd099a56fba4a167d563a29652f86ab0f0000ef78b4093a15cbfb82a9cebecdcaf6bca782a5fdd20f6c7d2206d68a219626a9fe8ae13e9aec5e
install : $(TARGET)