Hello community,
here is the log from the commit of package python-cryptography for
openSUSE:Factory checked in at 2020-11-02 09:38:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-cryptography (Old)
and /work/SRC/openSUSE:Factory/.python-cryptography.new.3463 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-cryptography"
Mon Nov 2 09:38:43 2020 rev:51 rq:844675 version:3.2.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-cryptography/python-cryptography.changes
2020-08-01 12:31:21.922467335 +0200
+++
/work/SRC/openSUSE:Factory/.python-cryptography.new.3463/python-cryptography.changes
2020-11-02 09:39:03.293532862 +0100
@@ -1,0 +2,47 @@
+Wed Oct 28 14:29:05 UTC 2020 - Michael Ströder <[email protected]>
+
+- update to 3.2.1:
+ Disable blinding on RSA public keys to address an error with
+ some versions of OpenSSL.
+
+-------------------------------------------------------------------
+Mon Oct 26 11:39:02 UTC 2020 - Michael Ströder <[email protected]>
+
+- update to 3.2:
+ * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant
time,
+ to protect against Bleichenbacher vulnerabilities. Due to limitations
imposed
+ by our API, we cannot completely mitigate this vulnerability.
+ * Support for OpenSSL 1.0.2 has been removed.
+ * Added basic support for PKCS7 signing (including SMIME) via
PKCS7SignatureBuilder.
+
+-------------------------------------------------------------------
+Mon Sep 28 10:49:56 UTC 2020 - Dirk Mueller <[email protected]>
+
+- update to 3.1.1:
+ * wheels compiled with OpenSSL 1.1.1h.
+
+-------------------------------------------------------------------
+Fri Sep 18 11:15:53 UTC 2020 - Dirk Mueller <[email protected]>
+
+- update to 3.1:
+ * **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based
+ :term:`U-label` parsing in various X.509 classes. This support was
originally
+ deprecated in version 2.1 and moved to an extra in 2.5.
+ * Deprecated OpenSSL 1.0.2 support. OpenSSL 1.0.2 is no longer supported by
+ the OpenSSL project. The next version of ``cryptography`` will drop support
+ for it.
+ * Deprecated support for Python 3.5. This version sees very little use and
will
+ be removed in the next release.
+ * ``backend`` arguments to functions are no longer required and the
+ default backend will automatically be selected if no ``backend`` is
provided.
+ * Added initial support for parsing certificates from PKCS7 files with
+
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`
+ and
+
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`
+ .
+ * Calling ``update`` or ``update_into`` on
+ :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with
``data``
+ longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This
+ also resolves the same issue in :doc:`/fernet`.
+
+-------------------------------------------------------------------
Old:
----
cryptography-3.0.tar.gz
cryptography-3.0.tar.gz.asc
New:
----
cryptography-3.2.1.tar.gz
cryptography-3.2.1.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-cryptography.spec ++++++
--- /var/tmp/diff_new_pack.B36MJ3/_old 2020-11-02 09:39:03.777533327 +0100
+++ /var/tmp/diff_new_pack.B36MJ3/_new 2020-11-02 09:39:03.777533327 +0100
@@ -19,7 +19,7 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
%bcond_without python2
Name: python-cryptography
-Version: 3.0
+Version: 3.2.1
Release: 0
Summary: Python library which exposes cryptographic recipes and
primitives
License: Apache-2.0 OR BSD-3-Clause
++++++ cryptography-3.0.tar.gz -> cryptography-3.2.1.tar.gz ++++++
++++ 8945 lines of diff (skipped)
