Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-cryptography for
openSUSE:Factory checked in at 2026-06-16 18:29:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-cryptography (Old)
and /work/SRC/openSUSE:Factory/.python-cryptography.new.1981 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-cryptography"
Tue Jun 16 18:29:04 2026 rev:113 rq:1359212 version:49.0.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-cryptography/python-cryptography.changes
2026-05-12 19:25:59.465403165 +0200
+++
/work/SRC/openSUSE:Factory/.python-cryptography.new.1981/python-cryptography.changes
2026-06-16 18:29:08.164855668 +0200
@@ -1,0 +2,80 @@
+Sun Jun 14 09:04:15 UTC 2026 - Dirk Müller <[email protected]>
+
+- update to 49.0.0:
+ * BACKWARDS INCOMPATIBLE: Removed the deprecated
+ PUBLIC_KEY_TYPES, PRIVATE_KEY_TYPES,
+ CERTIFICATE_PRIVATE_KEY_TYPES,
+ CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES, and
+ CERTIFICATE_PUBLIC_KEY_TYPES type aliases. Use
+ PublicKeyTypes, PrivateKeyTypes,
+ CertificateIssuerPrivateKeyTypes,
+ CertificateIssuerPublicKeyTypes, and
+ CertificatePublicKeyTypes instead. These were deprecated in
+ version 40.0.
+ * BACKWARDS INCOMPATIBLE: :class:`~cryptography.hazmat.primitiv
+ es.ciphers.algorithms.ChaCha20` now treats the first 4 bytes
+ of the nonce as a 32-bit little-endian block counter (as
+ defined in RFC 7539) and tracks the number of bytes
+ processed. Attempting to encrypt or decrypt more data than
+ the counter allows before it would overflow now raises a
+ :class:`ValueError` rather than silently diverging from RFC
+ 7539. Setting the counter portion of the nonce to zero allows
+ encrypting up to 256 GiB with a given nonce.
+ * BACKWARDS INCOMPATIBLE: Loading an X.509 certificate whose
+ ECDSA or DSA signature AlgorithmIdentifier contains encoded
+ NULL parameters now raises a :class:`ValueError`. Such
+ certificates are invalid, but older versions of Java emitted
+ them; previously they loaded with a deprecation warning.
+ * Fixed cross-compilation of the CFFI bindings when
+ PYO3_CROSS_LIB_DIR is set. The build now derives the Python
+ include directory from PYO3_CROSS_LIB_DIR instead of querying
+ the host interpreter, which previously caused the build to
+ fail during cross-compilations for embedded systems, on hosts
+ which have same-version Python development headers installed
+ as the target Python.
+ * Added support for signing and verifying X.509 certificates,
+ certificate signing requests, and certificate revocation
+ lists with :doc:`/hazmat/primitives/asymmetric/mldsa` keys,
+ as well as loading certificates that contain ML-DSA public
+ keys.
+ * Added
+ :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length`
+ to :class:`~cryptography.hazmat.primitives.hpke.KEM` so
+ callers can split the encapsulated key from the ciphertext
+ returned by
+ :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.
+ * :meth:`~cryptography.x509.verification.ExtensionPolicy.requir
+ e_present`, :meth:`~cryptography.x509.verification.ExtensionP
+ olicy.may_be_present`, and :meth:`~cryptography.x509.verifica
+ tion.ExtensionPolicy.require_not_present` now accept any
+ extension type. Previously only a fixed set of extension
+ types was supported, which made it impossible to account for
+ otherwise unrecognized critical extensions during path
+ validation.
+ * Added support for using
+ :class:`~cryptography.x509.Certificate`,
+ :class:`~cryptography.x509.CertificateSigningRequest`, and
+ :class:`~cryptography.x509.CertificateRevocationList` as
+ field types in :doc:`/hazmat/asn1/index` structures.
+ * Added :func:`~cryptography.hazmat.asn1.value_set`, a class
+ decorator that registers an :class:`enum.Enum` subclass as an
+ ASN.1 value set: members are encoded as their underlying
+ value, and decoding fails if the decoded value does not match
+ one of the declared members.
+ * Added :meth:`~cryptography.x509.Name.from_bytes` for parsing
+ a :class:`~cryptography.x509.Name` from DER bytes, the
+ inverse of :meth:`~cryptography.x509.Name.public_bytes`.
+ * Added the rsa_padding keyword-only parameter to
+ :meth:`~cryptography.x509.CertificateBuilder.public_key`.
+ Passing the :class:`~cryptography.hazmat.primitives.asymmetri
+ c.padding.PSS` class (not an instance) encodes an RSA subject
+ public key in the certificate's subjectPublicKeyInfo with the
+ id-RSASSA-PSS OID and no parameters.
+ * Added external mu (message representative) support to
+ :doc:`/hazmat/primitives/asymmetric/mldsa` via the sign_mu
+ and verify_mu methods, which sign and verify a precomputed
+ 64-byte mu as defined in FIPS 204.
+ * Updated Windows, macOS, and Linux wheels to be compiled with
+ OpenSSL 4.0.1.
+
+-------------------------------------------------------------------
Old:
----
cryptography-48.0.0.tar.gz
New:
----
cryptography-49.0.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-cryptography.spec ++++++
--- /var/tmp/diff_new_pack.jHXngp/_old 2026-06-16 18:29:09.112895594 +0200
+++ /var/tmp/diff_new_pack.jHXngp/_new 2026-06-16 18:29:09.112895594 +0200
@@ -28,7 +28,7 @@
%{?sle15_python_module_pythons}
Name: python-cryptography%{psuffix}
# ALWAYS KEEP IN SYNC WITH python-cryptography-vectors!
-Version: 48.0.0
+Version: 49.0.0
Release: 0
Summary: Python library which exposes cryptographic recipes and
primitives
License: Apache-2.0 OR BSD-3-Clause
++++++ cryptography-48.0.0.tar.gz -> cryptography-49.0.0.tar.gz ++++++
++++ 8533 lines of diff (skipped)
++++++ vendor.tar.zst ++++++
++++ 403724 lines of diff (skipped)
