Hello community,
here is the log from the commit of package python-cryptography for
openSUSE:Leap:15.2 checked in at 2020-03-31 07:22:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2/python-cryptography (Old)
and /work/SRC/openSUSE:Leap:15.2/.python-cryptography.new.3160 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-cryptography"
Tue Mar 31 07:22:06 2020 rev:33 rq:788624 version:2.8
Changes:
--------
---
/work/SRC/openSUSE:Leap:15.2/python-cryptography/python-cryptography.changes
2020-01-15 15:48:02.779412445 +0100
+++
/work/SRC/openSUSE:Leap:15.2/.python-cryptography.new.3160/python-cryptography.changes
2020-03-31 07:22:07.842391797 +0200
@@ -2 +2 @@
-Tue Sep 24 17:26:37 CEST 2019 - Matej Cepl <[email protected]>
+Thu Oct 17 14:53:32 UTC 2019 - Michael Ströder <[email protected]>
@@ -4,2 +4,8 @@
-- Add openSSL_111d.patch to make this version of the package
- compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792.
+- update to 2.8
+ * Added support for Python 3.8.
+ * Added class methods Poly1305.generate_tag and Poly1305.verify_tag for
Poly1305 sign and verify operations.
+ * Deprecated support for OpenSSL 1.0.1. Support will be removed in
cryptography 2.9.
+ * We now ship manylinux2010 wheels in addition to our manylinux1 wheels.
+ * Added support for ed25519 and ed448 keys in the CertificateBuilder,
CertificateSigningRequestBuilder, CertificateRevocationListBuilder and
OCSPResponseBuilder.
+ * cryptography no longer depends on asn1crypto.
+ * FreshestCRL is now allowed as a CertificateRevocationList extension.
@@ -8 +14 @@
-Fri Sep 7 17:37:53 CEST 2018 - Matěj Cepl <[email protected]>
+Mon Jun 3 13:45:56 UTC 2019 - Ondřej Súkup <[email protected]>
@@ -10,4 +16,184 @@
-- bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in
- finalize_with_tag API
- * add disallow_implicit_tag_truncation.patch from
- https://github.com/pyca/cryptography/commit/688e0f673bfb.patch
+- update to 2.7
+ * BACKWARDS INCOMPATIBLE: Removed the
cryptography.hazmat.primitives.mac.MACContext interface.
+ The CMAC and HMAC APIs have not changed, but they are no longer registered
+ as MACContext instances.
+ * Removed support for running our tests with setup.py test.
+ * Add support for :class:`~cryptography.hazmat.primitives.poly1305.Poly1305`
+ when using OpenSSL 1.1.1 or newer.
+ * Support serialization with Encoding.OpenSSH and PublicFormat.OpenSSH
+ in :meth:`Ed25519PublicKey.public_bytes
<cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey.public_bytes>`
.
+ * Correctly allow passing a SubjectKeyIdentifier to
:meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier`
+ and deprecate passing an Extension object.
+
+-------------------------------------------------------------------
+Wed May 29 14:41:39 UTC 2019 - Tomáš Chvátal <[email protected]>
+
+- Simplify the test execution to be more understandable
+
+-------------------------------------------------------------------
+Thu Feb 28 19:50:33 UTC 2019 - Michael Ströder <[email protected]>
+
+- update to 2.6.1:
+ * BACKWARDS INCOMPATIBLE:
+
Removedcryptography.hazmat.primitives.asymmetric.utils.encode_rfc6979_signature
+
andcryptography.hazmat.primitives.asymmetric.utils.decode_rfc6979_signature,
+ which had been deprecated for nearly 4 years. Use encode_dss_signature()
+ and decode_dss_signature()instead.
+ * BACKWARDS INCOMPATIBLE: Removed cryptography.x509.Certificate.serial,
which
+ had been deprecated for nearly 3 years. Use serial_number instead.
+ * Updated Windows, macOS, and manylinux1 wheels to be compiled with
+ OpenSSL 1.1.1b.
+ * Added support for Ed448 signing when using OpenSSL 1.1.1b or newer.
+ * Added support for Ed25519 signing when using OpenSSL 1.1.1b or newer.
+ * load_ssh_public_key() can now load ed25519 public keys.
+ * Add support for easily mapping an object identifier to its elliptic curve
+ class viaget_curve_for_oid().
+ * Add support for OpenSSL when compiled with the no-engine
+ (OPENSSL_NO_ENGINE) flag.
+
+-------------------------------------------------------------------
+Fri Jan 25 08:25:35 UTC 2019 - Michael Ströder <[email protected]>
+
+- Dependency on python-idna changed to "Recommends" aligned with
+ change in upstream source (see below)
+- update to 2.5:
+ * BACKWARDS INCOMPATIBLE: U-label strings were deprecated in version 2.1,
+ but this version removes the default idna dependency as well. If you still
+ need this deprecated path please install cryptography with the idna extra:
+ pip install cryptography[idna].
+ * BACKWARDS INCOMPATIBLE: The minimum supported PyPy version is now 5.4.
+ * Numerous classes and functions have been updated to allow bytes-like
+ types for keying material and passwords, including symmetric algorithms,
+ AEAD ciphers, KDFs, loading asymmetric keys, and one time password classes.
+ * Updated Windows, macOS, and manylinux1 wheels to be compiled with OpenSSL
1.1.1a.
+ * Added support for SHA512_224 and SHA512_256 when using OpenSSL 1.1.1.
+ * Added support for SHA3_224, SHA3_256, SHA3_384, and SHA3_512 when using
OpenSSL 1.1.1.
+ * Added support for X448 key exchange when using OpenSSL 1.1.1.
+ * Added support for SHAKE128 and SHAKE256 when using OpenSSL 1.1.1.
+ * Added initial support for parsing PKCS12 files with
load_key_and_certificates().
+ * Added support for IssuingDistributionPoint.
+ * Added rfc4514_string() method to x509.Name,
+ x509.RelativeDistinguishedName, and x509.NameAttribute to format the name
+ or component an RFC 4514 Distinguished Name string.
+ * Added from_encoded_point(), which immediately checks if the point is on
+ the curve and supports compressed points. Deprecated the previous method
+ from_encoded_point().
+ * Added signature_hash_algorithm to OCSPResponse.
+ * Updated X25519 key exchange support to allow additional serialization
+ methods. Calling public_bytes() with no arguments has been deprecated.
+ * Added support for encoding compressed and uncompressed points via
+ public_bytes(). Deprecated the previous method encode_point().
+
+-------------------------------------------------------------------
+Thu Jan 3 11:40:58 UTC 2019 - Martin Pluskal <[email protected]>
+
+- Update to version 2.4.2:
+ * Updated Windows, macOS, and manylinux1 wheels to be compiled
+ with OpenSSL 1.1.0j.
+
+-------------------------------------------------------------------
+Thu Dec 6 13:13:21 CET 2018 - [email protected]
+
+- Update to 2.4.1:
+ * Dropped support for LibreSSL 2.4.x.
+ * Deprecated OpenSSL 1.0.1 support. OpenSSL 1.0.1 is no
+ longer supported by the OpenSSL project. At this time there
+ is no time table for dropping support, however we strongly
+ encourage all users to upgrade or install cryptography from
+ a wheel.
+ * Added initial :doc:`OCSP </x509/ocsp>` support.
+ * Added support for cryptography.x509.PrecertPoison.
+
+-------------------------------------------------------------------
+Thu Dec 6 11:48:31 UTC 2018 - Tomáš Chvátal <[email protected]>
+
+- Fix fdupes call
+
+-------------------------------------------------------------------
+Tue Aug 21 07:43:31 UTC 2018 - [email protected]
+
+- Update to 2.3.1:
+ * updated tests for upstream wycheproof changes
+ * many other tiny test tweaks
+
+-------------------------------------------------------------------
+Wed Jul 18 13:20:58 UTC 2018 - [email protected]
+
+- update to 2.3:
+ * SECURITY ISSUE: finalize_with_tag() allowed tag truncation by default
+ which can allow tag forgery in some cases. The method now enforces the
+ min_tag_length provided to the GCM constructor.
+ * Added support for Python 3.7.
+ * Added extract_timestamp() to get the authenticated timestamp of a Fernet
token.
+ * Support for Python 2.7.x without hmac.compare_digest has been deprecated.
+ We will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next
+ cryptography release.
+ * Fixed multiple issues preventing cryptography from compiling
+ against LibreSSL 2.7.x.
+ * Added get_revoked_certificate_by_serial_number for quick
+ serial number searches in CRLs.
+ * The RelativeDistinguishedName class now preserves the order of attributes.
+ Duplicate attributes now raise an error instead of silently discarding
duplicates.
+ * aes_key_unwrap() and aes_key_unwrap_with_padding() now raise InvalidUnwrap
+ if the wrapped key is an invalid length, instead of ValueError.
+
+-------------------------------------------------------------------
+Tue Jun 12 07:24:12 UTC 2018 - [email protected]
+
+- update to 2.2.2
+ * fix build on some systems with openssl 1.1.0h
+
+-------------------------------------------------------------------
+Mon Mar 26 07:44:53 UTC 2018 - [email protected]
+
+- Cleanup with spec-cleaner
+- Use %setup to unpack all archives do not rely on tar calls
+
+-------------------------------------------------------------------
+Sun Mar 25 20:39:43 UTC 2018 - [email protected]
+
+- Update to upstream release 2.2.1:
+ * Reverted a change to GeneralNames which prohibited having zero elements,
+ due to breakages.
+ * Fixed a bug in
+ :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding`
+ that caused it to raise InvalidUnwrap when key length modulo 8 was zero.
+ * BACKWARDS INCOMPATIBLE: Support for Python 2.6 has been dropped.
+ * Resolved a bug in HKDF that incorrectly constrained output size.
+ * Added
+ :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP256R1`,
+ :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP384R1`, and
+ :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP512R1` to
+ support inter-operating with systems like German smart meters.
+ * Added token rotation support to :doc:`Fernet </fernet>` with
+ :meth:`~cryptography.fernet.MultiFernet.rotate`.
+ * Fixed a memory leak in
+ :func:`~cryptography.hazmat.primitives.asymmetric.ec.derive_private_key`.
+ * Added support for AES key wrapping with padding via
+ :func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap_with_padding`
and
+
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding` .
+* Allow loading DSA keys with 224 bit q.
+
+-------------------------------------------------------------------
+Fri Mar 2 16:44:33 UTC 2018 - [email protected]
+
+- fix deps for hypothesis, pytest
+
+-------------------------------------------------------------------
+Thu Feb 8 10:54:03 UTC 2018 - [email protected]
+
+- Fix previous change and explicitly require python2 instead of
+ python because python itself is also provided by python3.
+ This fixes:
+ ImportError: No module named _ssl
+ when using python-cryptography in a python2 build environment
+
+-------------------------------------------------------------------
++++ 8 more lines (skipped)
++++ between
/work/SRC/openSUSE:Leap:15.2/python-cryptography/python-cryptography.changes
++++ and
/work/SRC/openSUSE:Leap:15.2/.python-cryptography.new.3160/python-cryptography.changes
Old:
----
cryptography-2.1.4.tar.gz
cryptography-2.1.4.tar.gz.asc
cryptography_vectors-2.1.4.tar.gz
cryptography_vectors-2.1.4.tar.gz.asc
disallow_implicit_tag_truncation.patch
openSSL_111d.patch
New:
----
cryptography-2.8.tar.gz
cryptography-2.8.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-cryptography.spec ++++++
--- /var/tmp/diff_new_pack.XJLFHN/_old 2020-03-31 07:22:08.750392191 +0200
+++ /var/tmp/diff_new_pack.XJLFHN/_new 2020-03-31 07:22:08.754392193 +0200
@@ -1,7 +1,7 @@
#
# spec file for package python-cryptography
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,33 +12,28 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
%bcond_without python2
Name: python-cryptography
-Version: 2.1.4
+Version: 2.8
Release: 0
Summary: Python library which exposes cryptographic recipes and
primitives
License: Apache-2.0 OR BSD-3-Clause
Group: Development/Languages/Python
-Url: https://cryptography.io/en/latest/
+URL: https://cryptography.io/en/latest/
Source0:
https://files.pythonhosted.org/packages/source/c/cryptography/cryptography-%{version}.tar.gz
Source1:
https://files.pythonhosted.org/packages/source/c/cryptography/cryptography-%{version}.tar.gz.asc
Source2: %{name}.keyring
-Source3:
https://files.pythonhosted.org/packages/source/c/cryptography_vectors/cryptography_vectors-%{version}.tar.gz
-Source4:
https://files.pythonhosted.org/packages/source/c/cryptography_vectors/cryptography_vectors-%{version}.tar.gz.asc
# PATCH-FIX-SLE disable-uneven-sizes-tests.patch bnc#944204
Patch1: disable-uneven-sizes-tests.patch
Patch2: skip_openssl_memleak_test.patch
-# PATCH-FIX-SLE disallow_implicit_tag_truncation.patch bsc#1101820
-Patch3: disallow_implicit_tag_truncation.patch
-# PATCH-FIX-OPENSUSE openSSL_111d.patch bsc#1149792 [email protected] --
compatibility with OpenSSL 1.1.1d
-Patch4: openSSL_111d.patch
BuildRequires: %{python_module asn1crypto >= 0.21.0}
BuildRequires: %{python_module cffi >= 1.7}
+BuildRequires: %{python_module cryptography-vectors = %{version}}
BuildRequires: %{python_module devel}
BuildRequires: %{python_module idna >= 2.1}
BuildRequires: %{python_module pyasn1-modules}
@@ -51,7 +46,7 @@
BuildRequires: python-rpm-macros
BuildRequires: pkgconfig(libffi)
Requires: python-asn1crypto >= 0.21.0
-Requires: python-idna >= 2.1
+Recommends: python-idna >= 2.1
Requires: python-packaging
Requires: python-pyasn1 >= 0.1.8
Requires: python-setuptools >= 11.3
@@ -62,19 +57,22 @@
BuildRequires: python2-ipaddress
%endif
# SECTION Test requirements
-BuildRequires: %{python_module hypothesis}
+BuildRequires: %{python_module hypothesis >= 1.11.4}
BuildRequires: %{python_module iso8601}
BuildRequires: %{python_module packaging}
BuildRequires: %{python_module pretend}
BuildRequires: %{python_module pyasn1 >= 0.1.8}
-BuildRequires: %{python_module pytest}
+BuildRequires: %{python_module pytest > 3.3.0}
BuildRequires: %{python_module virtualenv}
# /SECTION
-%ifpython2
# python-base is not enough, we need the _ssl module
-Requires: python
+%ifpython2
Requires: python-enum34
Requires: python-ipaddress
+Requires: python2
+%endif
+%ifpython3
+Requires: python3
%endif
%python_subpackages
@@ -82,7 +80,7 @@
cryptography is a package designed to expose cryptographic
recipes and primitives to Python developers. Our goal is
for it to be your "cryptographic standard library". It
-supports Python 2.6-2.7, Python 3.2+, and PyPy.
+supports Python 2.7, Python 3.4+, and PyPy-5.3+.
cryptography includes both high level recipes, and low
level interfaces to common cryptographic algorithms such as
@@ -91,35 +89,23 @@
%prep
%setup -q -n cryptography-%{version}
-
-# prepare vectors module
-tar xvzf %{SOURCE3}
-
-%autopatch -p1
+%patch1 -p1
+%patch2 -p1
%build
export CFLAGS="%{optflags} -fno-strict-aliasing"
%python_build
%install
+# Actually other *.c and *.h are appropriate
+# see https://github.com/pyca/cryptography/issues/1463
+find . -name .keep -print -delete
+
%python_install
-%fdupes %{buildroot}%{_prefix}
+%python_expand %fdupes %{buildroot}%{$python_sitearch}
%check
-%{python_expand # this is going to be fun
-# create virtualenv
-$python %{_bindir}/virtualenv --system-site-packages
TESTROOT-%{$python_bin_suffix}
-. TESTROOT-%{$python_bin_suffix}/bin/activate
-# install package in virtualenv
-$python setup.py install
-# install cryptography vectors
-(cd cryptography_vectors-%{version} && $python setup.py install)
-# run tests with virtualenv'd python
-# (specify "tests" directory, otherwise py.test discovers tests in
virtualenv'd setuptools)
-$python -m pytest tests
-# finish
-deactivate
-}
+%pytest_arch
%files %{python_files}
%license LICENSE LICENSE.APACHE LICENSE.BSD
++++++ cryptography-2.1.4.tar.gz -> cryptography-2.8.tar.gz ++++++
++++ 30908 lines of diff (skipped)
