Hello community, here is the log from the commit of package python-cryptography for openSUSE:Leap:15.2 checked in at 2020-03-31 07:22:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/python-cryptography (Old) and /work/SRC/openSUSE:Leap:15.2/.python-cryptography.new.3160 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-cryptography" Tue Mar 31 07:22:06 2020 rev:33 rq:788624 version:2.8 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/python-cryptography/python-cryptography.changes 2020-01-15 15:48:02.779412445 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.python-cryptography.new.3160/python-cryptography.changes 2020-03-31 07:22:07.842391797 +0200 @@ -2 +2 @@ -Tue Sep 24 17:26:37 CEST 2019 - Matej Cepl <mc...@suse.com> +Thu Oct 17 14:53:32 UTC 2019 - Michael Ströder <mich...@stroeder.com> @@ -4,2 +4,8 @@ -- Add openSSL_111d.patch to make this version of the package - compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792. +- update to 2.8 + * Added support for Python 3.8. + * Added class methods Poly1305.generate_tag and Poly1305.verify_tag for Poly1305 sign and verify operations. + * Deprecated support for OpenSSL 1.0.1. Support will be removed in cryptography 2.9. + * We now ship manylinux2010 wheels in addition to our manylinux1 wheels. + * Added support for ed25519 and ed448 keys in the CertificateBuilder, CertificateSigningRequestBuilder, CertificateRevocationListBuilder and OCSPResponseBuilder. + * cryptography no longer depends on asn1crypto. + * FreshestCRL is now allowed as a CertificateRevocationList extension. @@ -8 +14 @@ -Fri Sep 7 17:37:53 CEST 2018 - Matěj Cepl <mc...@suse.com> +Mon Jun 3 13:45:56 UTC 2019 - Ondřej Súkup <mimi...@gmail.com> @@ -10,4 +16,184 @@ -- bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in - finalize_with_tag API - * add disallow_implicit_tag_truncation.patch from - https://github.com/pyca/cryptography/commit/688e0f673bfb.patch +- update to 2.7 + * BACKWARDS INCOMPATIBLE: Removed the cryptography.hazmat.primitives.mac.MACContext interface. + The CMAC and HMAC APIs have not changed, but they are no longer registered + as MACContext instances. + * Removed support for running our tests with setup.py test. + * Add support for :class:`~cryptography.hazmat.primitives.poly1305.Poly1305` + when using OpenSSL 1.1.1 or newer. + * Support serialization with Encoding.OpenSSH and PublicFormat.OpenSSH + in :meth:`Ed25519PublicKey.public_bytes <cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey.public_bytes>` . + * Correctly allow passing a SubjectKeyIdentifier to :meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier` + and deprecate passing an Extension object. + +------------------------------------------------------------------- +Wed May 29 14:41:39 UTC 2019 - Tomáš Chvátal <tchva...@suse.com> + +- Simplify the test execution to be more understandable + +------------------------------------------------------------------- +Thu Feb 28 19:50:33 UTC 2019 - Michael Ströder <mich...@stroeder.com> + +- update to 2.6.1: + * BACKWARDS INCOMPATIBLE: + Removedcryptography.hazmat.primitives.asymmetric.utils.encode_rfc6979_signature + andcryptography.hazmat.primitives.asymmetric.utils.decode_rfc6979_signature, + which had been deprecated for nearly 4 years. Use encode_dss_signature() + and decode_dss_signature()instead. + * BACKWARDS INCOMPATIBLE: Removed cryptography.x509.Certificate.serial, which + had been deprecated for nearly 3 years. Use serial_number instead. + * Updated Windows, macOS, and manylinux1 wheels to be compiled with + OpenSSL 1.1.1b. + * Added support for Ed448 signing when using OpenSSL 1.1.1b or newer. + * Added support for Ed25519 signing when using OpenSSL 1.1.1b or newer. + * load_ssh_public_key() can now load ed25519 public keys. + * Add support for easily mapping an object identifier to its elliptic curve + class viaget_curve_for_oid(). + * Add support for OpenSSL when compiled with the no-engine + (OPENSSL_NO_ENGINE) flag. + +------------------------------------------------------------------- +Fri Jan 25 08:25:35 UTC 2019 - Michael Ströder <mich...@stroeder.com> + +- Dependency on python-idna changed to "Recommends" aligned with + change in upstream source (see below) +- update to 2.5: + * BACKWARDS INCOMPATIBLE: U-label strings were deprecated in version 2.1, + but this version removes the default idna dependency as well. If you still + need this deprecated path please install cryptography with the idna extra: + pip install cryptography[idna]. + * BACKWARDS INCOMPATIBLE: The minimum supported PyPy version is now 5.4. + * Numerous classes and functions have been updated to allow bytes-like + types for keying material and passwords, including symmetric algorithms, + AEAD ciphers, KDFs, loading asymmetric keys, and one time password classes. + * Updated Windows, macOS, and manylinux1 wheels to be compiled with OpenSSL 1.1.1a. + * Added support for SHA512_224 and SHA512_256 when using OpenSSL 1.1.1. + * Added support for SHA3_224, SHA3_256, SHA3_384, and SHA3_512 when using OpenSSL 1.1.1. + * Added support for X448 key exchange when using OpenSSL 1.1.1. + * Added support for SHAKE128 and SHAKE256 when using OpenSSL 1.1.1. + * Added initial support for parsing PKCS12 files with load_key_and_certificates(). + * Added support for IssuingDistributionPoint. + * Added rfc4514_string() method to x509.Name, + x509.RelativeDistinguishedName, and x509.NameAttribute to format the name + or component an RFC 4514 Distinguished Name string. + * Added from_encoded_point(), which immediately checks if the point is on + the curve and supports compressed points. Deprecated the previous method + from_encoded_point(). + * Added signature_hash_algorithm to OCSPResponse. + * Updated X25519 key exchange support to allow additional serialization + methods. Calling public_bytes() with no arguments has been deprecated. + * Added support for encoding compressed and uncompressed points via + public_bytes(). Deprecated the previous method encode_point(). + +------------------------------------------------------------------- +Thu Jan 3 11:40:58 UTC 2019 - Martin Pluskal <mplus...@suse.com> + +- Update to version 2.4.2: + * Updated Windows, macOS, and manylinux1 wheels to be compiled + with OpenSSL 1.1.0j. + +------------------------------------------------------------------- +Thu Dec 6 13:13:21 CET 2018 - mc...@suse.com + +- Update to 2.4.1: + * Dropped support for LibreSSL 2.4.x. + * Deprecated OpenSSL 1.0.1 support. OpenSSL 1.0.1 is no + longer supported by the OpenSSL project. At this time there + is no time table for dropping support, however we strongly + encourage all users to upgrade or install cryptography from + a wheel. + * Added initial :doc:`OCSP </x509/ocsp>` support. + * Added support for cryptography.x509.PrecertPoison. + +------------------------------------------------------------------- +Thu Dec 6 11:48:31 UTC 2018 - Tomáš Chvátal <tchva...@suse.com> + +- Fix fdupes call + +------------------------------------------------------------------- +Tue Aug 21 07:43:31 UTC 2018 - tchva...@suse.com + +- Update to 2.3.1: + * updated tests for upstream wycheproof changes + * many other tiny test tweaks + +------------------------------------------------------------------- +Wed Jul 18 13:20:58 UTC 2018 - mich...@stroeder.com + +- update to 2.3: + * SECURITY ISSUE: finalize_with_tag() allowed tag truncation by default + which can allow tag forgery in some cases. The method now enforces the + min_tag_length provided to the GCM constructor. + * Added support for Python 3.7. + * Added extract_timestamp() to get the authenticated timestamp of a Fernet token. + * Support for Python 2.7.x without hmac.compare_digest has been deprecated. + We will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next + cryptography release. + * Fixed multiple issues preventing cryptography from compiling + against LibreSSL 2.7.x. + * Added get_revoked_certificate_by_serial_number for quick + serial number searches in CRLs. + * The RelativeDistinguishedName class now preserves the order of attributes. + Duplicate attributes now raise an error instead of silently discarding duplicates. + * aes_key_unwrap() and aes_key_unwrap_with_padding() now raise InvalidUnwrap + if the wrapped key is an invalid length, instead of ValueError. + +------------------------------------------------------------------- +Tue Jun 12 07:24:12 UTC 2018 - mimi...@gmail.com + +- update to 2.2.2 + * fix build on some systems with openssl 1.1.0h + +------------------------------------------------------------------- +Mon Mar 26 07:44:53 UTC 2018 - tchva...@suse.com + +- Cleanup with spec-cleaner +- Use %setup to unpack all archives do not rely on tar calls + +------------------------------------------------------------------- +Sun Mar 25 20:39:43 UTC 2018 - mich...@stroeder.com + +- Update to upstream release 2.2.1: + * Reverted a change to GeneralNames which prohibited having zero elements, + due to breakages. + * Fixed a bug in + :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding` + that caused it to raise InvalidUnwrap when key length modulo 8 was zero. + * BACKWARDS INCOMPATIBLE: Support for Python 2.6 has been dropped. + * Resolved a bug in HKDF that incorrectly constrained output size. + * Added + :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP256R1`, + :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP384R1`, and + :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP512R1` to + support inter-operating with systems like German smart meters. + * Added token rotation support to :doc:`Fernet </fernet>` with + :meth:`~cryptography.fernet.MultiFernet.rotate`. + * Fixed a memory leak in + :func:`~cryptography.hazmat.primitives.asymmetric.ec.derive_private_key`. + * Added support for AES key wrapping with padding via + :func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap_with_padding` and + :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding` . +* Allow loading DSA keys with 224 bit q. + +------------------------------------------------------------------- +Fri Mar 2 16:44:33 UTC 2018 - ch...@computersalat.de + +- fix deps for hypothesis, pytest + +------------------------------------------------------------------- +Thu Feb 8 10:54:03 UTC 2018 - tbecht...@suse.com + +- Fix previous change and explicitly require python2 instead of + python because python itself is also provided by python3. + This fixes: + ImportError: No module named _ssl + when using python-cryptography in a python2 build environment + +------------------------------------------------------------------- ++++ 8 more lines (skipped) ++++ between /work/SRC/openSUSE:Leap:15.2/python-cryptography/python-cryptography.changes ++++ and /work/SRC/openSUSE:Leap:15.2/.python-cryptography.new.3160/python-cryptography.changes Old: ---- cryptography-2.1.4.tar.gz cryptography-2.1.4.tar.gz.asc cryptography_vectors-2.1.4.tar.gz cryptography_vectors-2.1.4.tar.gz.asc disallow_implicit_tag_truncation.patch openSSL_111d.patch New: ---- cryptography-2.8.tar.gz cryptography-2.8.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-cryptography.spec ++++++ --- /var/tmp/diff_new_pack.XJLFHN/_old 2020-03-31 07:22:08.750392191 +0200 +++ /var/tmp/diff_new_pack.XJLFHN/_new 2020-03-31 07:22:08.754392193 +0200 @@ -1,7 +1,7 @@ # # spec file for package python-cryptography # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,33 +12,28 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # %{?!python_module:%define python_module() python-%{**} python3-%{**}} %bcond_without python2 Name: python-cryptography -Version: 2.1.4 +Version: 2.8 Release: 0 Summary: Python library which exposes cryptographic recipes and primitives License: Apache-2.0 OR BSD-3-Clause Group: Development/Languages/Python -Url: https://cryptography.io/en/latest/ +URL: https://cryptography.io/en/latest/ Source0: https://files.pythonhosted.org/packages/source/c/cryptography/cryptography-%{version}.tar.gz Source1: https://files.pythonhosted.org/packages/source/c/cryptography/cryptography-%{version}.tar.gz.asc Source2: %{name}.keyring -Source3: https://files.pythonhosted.org/packages/source/c/cryptography_vectors/cryptography_vectors-%{version}.tar.gz -Source4: https://files.pythonhosted.org/packages/source/c/cryptography_vectors/cryptography_vectors-%{version}.tar.gz.asc # PATCH-FIX-SLE disable-uneven-sizes-tests.patch bnc#944204 Patch1: disable-uneven-sizes-tests.patch Patch2: skip_openssl_memleak_test.patch -# PATCH-FIX-SLE disallow_implicit_tag_truncation.patch bsc#1101820 -Patch3: disallow_implicit_tag_truncation.patch -# PATCH-FIX-OPENSUSE openSSL_111d.patch bsc#1149792 mc...@suse.com -- compatibility with OpenSSL 1.1.1d -Patch4: openSSL_111d.patch BuildRequires: %{python_module asn1crypto >= 0.21.0} BuildRequires: %{python_module cffi >= 1.7} +BuildRequires: %{python_module cryptography-vectors = %{version}} BuildRequires: %{python_module devel} BuildRequires: %{python_module idna >= 2.1} BuildRequires: %{python_module pyasn1-modules} @@ -51,7 +46,7 @@ BuildRequires: python-rpm-macros BuildRequires: pkgconfig(libffi) Requires: python-asn1crypto >= 0.21.0 -Requires: python-idna >= 2.1 +Recommends: python-idna >= 2.1 Requires: python-packaging Requires: python-pyasn1 >= 0.1.8 Requires: python-setuptools >= 11.3 @@ -62,19 +57,22 @@ BuildRequires: python2-ipaddress %endif # SECTION Test requirements -BuildRequires: %{python_module hypothesis} +BuildRequires: %{python_module hypothesis >= 1.11.4} BuildRequires: %{python_module iso8601} BuildRequires: %{python_module packaging} BuildRequires: %{python_module pretend} BuildRequires: %{python_module pyasn1 >= 0.1.8} -BuildRequires: %{python_module pytest} +BuildRequires: %{python_module pytest > 3.3.0} BuildRequires: %{python_module virtualenv} # /SECTION -%ifpython2 # python-base is not enough, we need the _ssl module -Requires: python +%ifpython2 Requires: python-enum34 Requires: python-ipaddress +Requires: python2 +%endif +%ifpython3 +Requires: python3 %endif %python_subpackages @@ -82,7 +80,7 @@ cryptography is a package designed to expose cryptographic recipes and primitives to Python developers. Our goal is for it to be your "cryptographic standard library". It -supports Python 2.6-2.7, Python 3.2+, and PyPy. +supports Python 2.7, Python 3.4+, and PyPy-5.3+. cryptography includes both high level recipes, and low level interfaces to common cryptographic algorithms such as @@ -91,35 +89,23 @@ %prep %setup -q -n cryptography-%{version} - -# prepare vectors module -tar xvzf %{SOURCE3} - -%autopatch -p1 +%patch1 -p1 +%patch2 -p1 %build export CFLAGS="%{optflags} -fno-strict-aliasing" %python_build %install +# Actually other *.c and *.h are appropriate +# see https://github.com/pyca/cryptography/issues/1463 +find . -name .keep -print -delete + %python_install -%fdupes %{buildroot}%{_prefix} +%python_expand %fdupes %{buildroot}%{$python_sitearch} %check -%{python_expand # this is going to be fun -# create virtualenv -$python %{_bindir}/virtualenv --system-site-packages TESTROOT-%{$python_bin_suffix} -. TESTROOT-%{$python_bin_suffix}/bin/activate -# install package in virtualenv -$python setup.py install -# install cryptography vectors -(cd cryptography_vectors-%{version} && $python setup.py install) -# run tests with virtualenv'd python -# (specify "tests" directory, otherwise py.test discovers tests in virtualenv'd setuptools) -$python -m pytest tests -# finish -deactivate -} +%pytest_arch %files %{python_files} %license LICENSE LICENSE.APACHE LICENSE.BSD ++++++ cryptography-2.1.4.tar.gz -> cryptography-2.8.tar.gz ++++++ ++++ 30908 lines of diff (skipped)