| Message ID | 20220617094243.6422-1-adolf.belka@ipfire.org |
|---|---|
| State | Accepted |
| Commit | 643871d4a79791e469b798414778669a3cf67ce9 |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4LPYxl4VqYz3wcT for <patchwork@web04.haj.ipfire.org>; Fri, 17 Jun 2022 09:43:07 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4LPYxk44vDzq2; Fri, 17 Jun 2022 09:43:06 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4LPYxk3HqZz2xjj; Fri, 17 Jun 2022 09:43:06 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4LPYxj4DpWz2xPJ for <development@lists.ipfire.org>; Fri, 17 Jun 2022 09:43:05 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4LPYxj0JF2zmt; Fri, 17 Jun 2022 09:43:04 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1655458985; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FXkcfw+jozxhYBHaoXOfdhVn0nvcQCxIccV7ab53RGk=; b=5eZJYZsuLY/3QvWjQ71Mz5FP1//eQml6LmlRTaD+B8h5OzcDGruf/UxAzh2xUd6aHinu/Z IPm3vBF0/RV89DDA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1655458985; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FXkcfw+jozxhYBHaoXOfdhVn0nvcQCxIccV7ab53RGk=; b=lMlYq2sx8s4thoBTlyskkZ7hSxEOCVpfjX+oCG9i8TTqLFD66SFnzgRGpxYgXWu0EKPIai iPYP2kT9YpUyH8g06FUlRisRDhP0TmI9T+2XW36zm3qPV+TcpDS/q6DkFdJriFynXAQsga buMdVjf8YCPtP8e/V3/0U8PFrZZo9WYNSWgFQHX3yZAREh7ldeerNq1/YGYDHMv3m9AD8l ifcVXE+CqCuHN6a2B/womai7uw/aSxxHqLOezr6tXCdJOSzz+Uxos3Ct6f41fBat2ID2mb RMm7WzRJ88mA3aYKopfqbscJEY/Pi6JVh9b/mD7Iyq4OQaj0ZW5eyzFSxZSOuA== From: Adolf Belka <adolf.belka@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH 01/23] python3-cryptography: Update to version 36.0.2 Date: Fri, 17 Jun 2022 11:42:21 +0200 Message-Id: <20220617094243.6422-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
[01/23] python3-cryptography: Update to version 36.0.2
|
|
Commit Message
Adolf Belka
June 17, 2022, 9:42 a.m. UTC
- Update from version 3.4.7 to 36.0.2
After version 3.4.8 the numbering scheme changed to 35.0.0 in Sept 2021
See Chanelog section 35.0.0 below
- New release requires a lot of rust packages - see Changelog sections 35.0.0 & 36.0.0
below. The required rust packages are installed in separate patches in this series
- Update of rootfile
- Changelog
36.0.2 - 2022-03-15¶
Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1n.
36.0.1 - 2021-12-14¶
Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1m.
36.0.0 - 2021-11-21¶
FINAL DEPRECATION Support for verifier and signer on our asymmetric key
classes was deprecated in version 2.0. These functions had an extended
deprecation due to usage, however the next version of cryptography will drop
support. Users should migrate to sign and verify.
The entire X.509 layer is now written in Rust. This allows alternate
asymmetric key implementations that can support cloud key management
services or hardware security modules provided they implement the necessary
interface (for example: EllipticCurvePrivateKey).
Deprecated the backend argument for all functions.
Added support for AESOCB3.
Added support for iterating over arbitrary request attributes.
Deprecated the get_attribute_for_oid method on CertificateSigningRequest in
favor of get_attribute_for_oid() on the new Attributes object.
Fixed handling of PEM files to allow loading when certificate and key are in
the same file.
Fixed parsing of CertificatePolicies extensions containing legacy BMPString
values in their explicitText.
Allow parsing of negative serial numbers in certificates. Negative serial
numbers are prohibited by RFC 5280 so a deprecation warning will be raised
whenever they are encountered. A future version of cryptography will drop
support for parsing them.
Added support for parsing PKCS12 files with friendly names for all
certificates with load_pkcs12(), which will return an object of type
PKCS12KeyAndCertificates.
rfc4514_string() and related methods now have an optional attr_name_overrides
parameter to supply custom OID to name mappings, which can be used to match
vendor-specific extensions.
BACKWARDS INCOMPATIBLE: Reverted the nonstandard formatting of email address
fields as E in rfc4514_string() methods from version 35.0.
The previous behavior can be restored with:
name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"})
Allow X25519PublicKey and X448PublicKey to be used as public keys when
parsing certificates or creating them with CertificateBuilder. These key
types must be signed with a different signing algorithm as X25519 and X448
do not support signing.
Extension values can now be serialized to a DER byte string by calling
public_bytes().
Added experimental support for compiling against BoringSSL. As BoringSSL
does not commit to a stable API, cryptography tests against the latest
commit only. Please note that several features are not available when
building against BoringSSL.
Parsing CertificateSigningRequest from DER and PEM now, for a limited time
period, allows the Extension critical field to be incorrectly encoded. See
the issue for complete details. This will be reverted in a future
cryptography release.
When OCSPNonce are parsed and generated their value is now correctly wrapped
in an ASN.1 OCTET STRING. This conforms to RFC 6960 but conflicts with the
original behavior specified in RFC 2560. For a temporary period for
backwards compatibility, we will also parse values that are encoded as
specified in RFC 2560 but this behavior will be removed in a future release.
35.0.0 - 2021-09-29¶
Changed the version scheme. This will result in us incrementing the major
version more frequently, but does not change our existing backwards
compatibility policy.
BACKWARDS INCOMPATIBLE: The X.509 PEM parsers now require that the PEM
string passed have PEM delimiters of the correct type. For example, parsing
a private key PEM concatenated with a certificate PEM will no longer be
accepted by the PEM certificate parser.
BACKWARDS INCOMPATIBLE: The X.509 certificate parser no longer allows
negative serial numbers. RFC 5280 has always prohibited these.
BACKWARDS INCOMPATIBLE: Additional forms of invalid ASN.1 found during X.509
parsing will raise an error on initial parse rather than when the malformed
field is accessed.
Rust is now required for building cryptography, the
CRYPTOGRAPHY_DONT_BUILD_RUST environment variable is no longer respected.
Parsers for X.509 no longer use OpenSSL and have been rewritten in Rust.
This should be backwards compatible (modulo the items listed above) and
improve both security and performance.
Added support for OpenSSL 3.0.0 as a compilation target.
Added support for SM3 and SM4, when using OpenSSL 1.1.1. These algorithms
are provided for compatibility in regions where they may be required, and
are not generally recommended.
We now ship manylinux_2_24 and musllinux_1_1 wheels, in addition to our
manylinux2010 and manylinux2014 wheels. Users on distributions like Alpine
Linux should ensure they upgrade to the latest pip to correctly receive
wheels.
Added rfc4514_attribute_name attribute to x509.NameAttribute.
Added KBKDFCMAC.
3.4.8 - 2021-08-24¶
Updated Windows, macOS, and manylinux wheels to be compiled with
OpenSSL 1.1.1l.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
.../rootfiles/packages/python3-cryptography | 25 ++++++++++---------
lfs/python3-cryptography | 6 ++---
2 files changed, 16 insertions(+), 15 deletions(-)
Comments
Dear All, For information this patch series can wait till CU170. It is not an urgent need to update in CU169. Regards, Adolf. On 17/06/2022 11:42, Adolf Belka wrote: > - Update from version 3.4.7 to 36.0.2 > After version 3.4.8 the numbering scheme changed to 35.0.0 in Sept 2021 > See Chanelog section 35.0.0 below > - New release requires a lot of rust packages - see Changelog sections 35.0.0 & 36.0.0 > below. The required rust packages are installed in separate patches in this series > - Update of rootfile > - Changelog > 36.0.2 - 2022-03-15¶ > Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1n. > 36.0.1 - 2021-12-14¶ > Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1m. > 36.0.0 - 2021-11-21¶ > FINAL DEPRECATION Support for verifier and signer on our asymmetric key > classes was deprecated in version 2.0. These functions had an extended > deprecation due to usage, however the next version of cryptography will drop > support. Users should migrate to sign and verify. > The entire X.509 layer is now written in Rust. This allows alternate > asymmetric key implementations that can support cloud key management > services or hardware security modules provided they implement the necessary > interface (for example: EllipticCurvePrivateKey). > Deprecated the backend argument for all functions. > Added support for AESOCB3. > Added support for iterating over arbitrary request attributes. > Deprecated the get_attribute_for_oid method on CertificateSigningRequest in > favor of get_attribute_for_oid() on the new Attributes object. > Fixed handling of PEM files to allow loading when certificate and key are in > the same file. > Fixed parsing of CertificatePolicies extensions containing legacy BMPString > values in their explicitText. > Allow parsing of negative serial numbers in certificates. Negative serial > numbers are prohibited by RFC 5280 so a deprecation warning will be raised > whenever they are encountered. A future version of cryptography will drop > support for parsing them. > Added support for parsing PKCS12 files with friendly names for all > certificates with load_pkcs12(), which will return an object of type > PKCS12KeyAndCertificates. > rfc4514_string() and related methods now have an optional attr_name_overrides > parameter to supply custom OID to name mappings, which can be used to match > vendor-specific extensions. > BACKWARDS INCOMPATIBLE: Reverted the nonstandard formatting of email address > fields as E in rfc4514_string() methods from version 35.0. > The previous behavior can be restored with: > name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"}) > Allow X25519PublicKey and X448PublicKey to be used as public keys when > parsing certificates or creating them with CertificateBuilder. These key > types must be signed with a different signing algorithm as X25519 and X448 > do not support signing. > Extension values can now be serialized to a DER byte string by calling > public_bytes(). > Added experimental support for compiling against BoringSSL. As BoringSSL > does not commit to a stable API, cryptography tests against the latest > commit only. Please note that several features are not available when > building against BoringSSL. > Parsing CertificateSigningRequest from DER and PEM now, for a limited time > period, allows the Extension critical field to be incorrectly encoded. See > the issue for complete details. This will be reverted in a future > cryptography release. > When OCSPNonce are parsed and generated their value is now correctly wrapped > in an ASN.1 OCTET STRING. This conforms to RFC 6960 but conflicts with the > original behavior specified in RFC 2560. For a temporary period for > backwards compatibility, we will also parse values that are encoded as > specified in RFC 2560 but this behavior will be removed in a future release. > 35.0.0 - 2021-09-29¶ > Changed the version scheme. This will result in us incrementing the major > version more frequently, but does not change our existing backwards > compatibility policy. > BACKWARDS INCOMPATIBLE: The X.509 PEM parsers now require that the PEM > string passed have PEM delimiters of the correct type. For example, parsing > a private key PEM concatenated with a certificate PEM will no longer be > accepted by the PEM certificate parser. > BACKWARDS INCOMPATIBLE: The X.509 certificate parser no longer allows > negative serial numbers. RFC 5280 has always prohibited these. > BACKWARDS INCOMPATIBLE: Additional forms of invalid ASN.1 found during X.509 > parsing will raise an error on initial parse rather than when the malformed > field is accessed. > Rust is now required for building cryptography, the > CRYPTOGRAPHY_DONT_BUILD_RUST environment variable is no longer respected. > Parsers for X.509 no longer use OpenSSL and have been rewritten in Rust. > This should be backwards compatible (modulo the items listed above) and > improve both security and performance. > Added support for OpenSSL 3.0.0 as a compilation target. > Added support for SM3 and SM4, when using OpenSSL 1.1.1. These algorithms > are provided for compatibility in regions where they may be required, and > are not generally recommended. > We now ship manylinux_2_24 and musllinux_1_1 wheels, in addition to our > manylinux2010 and manylinux2014 wheels. Users on distributions like Alpine > Linux should ensure they upgrade to the latest pip to correctly receive > wheels. > Added rfc4514_attribute_name attribute to x509.NameAttribute. > Added KBKDFCMAC. > 3.4.8 - 2021-08-24¶ > Updated Windows, macOS, and manylinux wheels to be compiled with > OpenSSL 1.1.1l. > > Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> > --- > .../rootfiles/packages/python3-cryptography | 25 ++++++++++--------- > lfs/python3-cryptography | 6 ++--- > 2 files changed, 16 insertions(+), 15 deletions(-) > > diff --git a/config/rootfiles/packages/python3-cryptography b/config/rootfiles/packages/python3-cryptography > index 9f63606fb..a9ee32faf 100644 > --- a/config/rootfiles/packages/python3-cryptography > +++ b/config/rootfiles/packages/python3-cryptography > @@ -1,20 +1,18 @@ > usr/lib/python3.10/site-packages/cryptography > -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info > -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/PKG-INFO > -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/SOURCES.txt > -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/dependency_links.txt > -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/not-zip-safe > -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/requires.txt > -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/top_level.txt > +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info > +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/PKG-INFO > +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/SOURCES.txt > +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/dependency_links.txt > +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/not-zip-safe > +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/requires.txt > +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/top_level.txt > usr/lib/python3.10/site-packages/cryptography/__about__.py > usr/lib/python3.10/site-packages/cryptography/__init__.py > usr/lib/python3.10/site-packages/cryptography/exceptions.py > usr/lib/python3.10/site-packages/cryptography/fernet.py > usr/lib/python3.10/site-packages/cryptography/hazmat > usr/lib/python3.10/site-packages/cryptography/hazmat/__init__.py > -usr/lib/python3.10/site-packages/cryptography/hazmat/_der.py > usr/lib/python3.10/site-packages/cryptography/hazmat/_oid.py > -usr/lib/python3.10/site-packages/cryptography/hazmat/_types.py > usr/lib/python3.10/site-packages/cryptography/hazmat/backends > usr/lib/python3.10/site-packages/cryptography/hazmat/backends/__init__.py > usr/lib/python3.10/site-packages/cryptography/hazmat/backends/interfaces.py > @@ -33,7 +31,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ed448.py > usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.py > usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hashes.py > usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hmac.py > -usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ocsp.py > usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/poly1305.py > usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/rsa.py > usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/utils.py > @@ -43,8 +40,12 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/x509.py > usr/lib/python3.10/site-packages/cryptography/hazmat/bindings > usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/__init__.py > usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so > -usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_padding.abi3.so > +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust > usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust.abi3.so > +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/__init__.pyi > +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/asn1.pyi > +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/ocsp.pyi > +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/x509.pyi > usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl > usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/__init__.py > usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/_conditional.py > @@ -63,6 +64,7 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ed255 > usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ed448.py > usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/padding.py > usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py > +usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/types.py > usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/utils.py > usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/x25519.py > usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/x448.py > @@ -97,7 +99,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor > usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/__init__.py > usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/hotp.py > usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/totp.py > -usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/utils.py > usr/lib/python3.10/site-packages/cryptography/py.typed > usr/lib/python3.10/site-packages/cryptography/utils.py > usr/lib/python3.10/site-packages/cryptography/x509 > diff --git a/lfs/python3-cryptography b/lfs/python3-cryptography > index f3090bc6a..77e5f06b0 100644 > --- a/lfs/python3-cryptography > +++ b/lfs/python3-cryptography > @@ -24,7 +24,7 @@ > > include Config > > -VER = 3.4.7 > +VER = 36.0.2 > > THISAPP = cryptography-$(VER) > DL_FILE = $(THISAPP).tar.gz > @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) > DIR_APP = $(DIR_SRC)/$(THISAPP) > TARGET = $(DIR_INFO)/$(THISAPP) > PROG = python3-cryptography > -PAK_VER = 1 > +PAK_VER = 2 > > DEPS = python3-cffi > > @@ -46,7 +46,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_BLAKE2 = 49bc1e098ed1ba0181059b645f6668cda6332d196eaca55270ebce6e07e5bb6ab6724c5050fde20e89b7025773960d74ec782bb875badbbd5dc9a04db0a536f1 > +$(DL_FILE)_BLAKE2 = b34b994e44b1ccd099a56fba4a167d563a29652f86ab0f0000ef78b4093a15cbfb82a9cebecdcaf6bca782a5fdd20f6c7d2206d68a219626a9fe8ae13e9aec5e > > install : $(TARGET) >
Oh wow. 23 patches. That looks like a lot of work! Thank you for this. I will not tag them all individually if that is okay :) -Michael > On 17 Jun 2022, at 11:00, Adolf Belka <adolf.belka@ipfire.org> wrote: > > Dear All, > > For information this patch series can wait till CU170. It is not an urgent need to update in CU169. > > Regards, > Adolf. > > On 17/06/2022 11:42, Adolf Belka wrote: >> - Update from version 3.4.7 to 36.0.2 >> After version 3.4.8 the numbering scheme changed to 35.0.0 in Sept 2021 >> See Chanelog section 35.0.0 below >> - New release requires a lot of rust packages - see Changelog sections 35.0.0 & 36.0.0 >> below. The required rust packages are installed in separate patches in this series >> - Update of rootfile >> - Changelog >> 36.0.2 - 2022-03-15¶ >> Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1n. >> 36.0.1 - 2021-12-14¶ >> Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1m. >> 36.0.0 - 2021-11-21¶ >> FINAL DEPRECATION Support for verifier and signer on our asymmetric key >> classes was deprecated in version 2.0. These functions had an extended >> deprecation due to usage, however the next version of cryptography will drop >> support. Users should migrate to sign and verify. >> The entire X.509 layer is now written in Rust. This allows alternate >> asymmetric key implementations that can support cloud key management >> services or hardware security modules provided they implement the necessary >> interface (for example: EllipticCurvePrivateKey). >> Deprecated the backend argument for all functions. >> Added support for AESOCB3. >> Added support for iterating over arbitrary request attributes. >> Deprecated the get_attribute_for_oid method on CertificateSigningRequest in >> favor of get_attribute_for_oid() on the new Attributes object. >> Fixed handling of PEM files to allow loading when certificate and key are in >> the same file. >> Fixed parsing of CertificatePolicies extensions containing legacy BMPString >> values in their explicitText. >> Allow parsing of negative serial numbers in certificates. Negative serial >> numbers are prohibited by RFC 5280 so a deprecation warning will be raised >> whenever they are encountered. A future version of cryptography will drop >> support for parsing them. >> Added support for parsing PKCS12 files with friendly names for all >> certificates with load_pkcs12(), which will return an object of type >> PKCS12KeyAndCertificates. >> rfc4514_string() and related methods now have an optional attr_name_overrides >> parameter to supply custom OID to name mappings, which can be used to match >> vendor-specific extensions. >> BACKWARDS INCOMPATIBLE: Reverted the nonstandard formatting of email address >> fields as E in rfc4514_string() methods from version 35.0. >> The previous behavior can be restored with: >> name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"}) >> Allow X25519PublicKey and X448PublicKey to be used as public keys when >> parsing certificates or creating them with CertificateBuilder. These key >> types must be signed with a different signing algorithm as X25519 and X448 >> do not support signing. >> Extension values can now be serialized to a DER byte string by calling >> public_bytes(). >> Added experimental support for compiling against BoringSSL. As BoringSSL >> does not commit to a stable API, cryptography tests against the latest >> commit only. Please note that several features are not available when >> building against BoringSSL. >> Parsing CertificateSigningRequest from DER and PEM now, for a limited time >> period, allows the Extension critical field to be incorrectly encoded. See >> the issue for complete details. This will be reverted in a future >> cryptography release. >> When OCSPNonce are parsed and generated their value is now correctly wrapped >> in an ASN.1 OCTET STRING. This conforms to RFC 6960 but conflicts with the >> original behavior specified in RFC 2560. For a temporary period for >> backwards compatibility, we will also parse values that are encoded as >> specified in RFC 2560 but this behavior will be removed in a future release. >> 35.0.0 - 2021-09-29¶ >> Changed the version scheme. This will result in us incrementing the major >> version more frequently, but does not change our existing backwards >> compatibility policy. >> BACKWARDS INCOMPATIBLE: The X.509 PEM parsers now require that the PEM >> string passed have PEM delimiters of the correct type. For example, parsing >> a private key PEM concatenated with a certificate PEM will no longer be >> accepted by the PEM certificate parser. >> BACKWARDS INCOMPATIBLE: The X.509 certificate parser no longer allows >> negative serial numbers. RFC 5280 has always prohibited these. >> BACKWARDS INCOMPATIBLE: Additional forms of invalid ASN.1 found during X.509 >> parsing will raise an error on initial parse rather than when the malformed >> field is accessed. >> Rust is now required for building cryptography, the >> CRYPTOGRAPHY_DONT_BUILD_RUST environment variable is no longer respected. >> Parsers for X.509 no longer use OpenSSL and have been rewritten in Rust. >> This should be backwards compatible (modulo the items listed above) and >> improve both security and performance. >> Added support for OpenSSL 3.0.0 as a compilation target. >> Added support for SM3 and SM4, when using OpenSSL 1.1.1. These algorithms >> are provided for compatibility in regions where they may be required, and >> are not generally recommended. >> We now ship manylinux_2_24 and musllinux_1_1 wheels, in addition to our >> manylinux2010 and manylinux2014 wheels. Users on distributions like Alpine >> Linux should ensure they upgrade to the latest pip to correctly receive >> wheels. >> Added rfc4514_attribute_name attribute to x509.NameAttribute. >> Added KBKDFCMAC. >> 3.4.8 - 2021-08-24¶ >> Updated Windows, macOS, and manylinux wheels to be compiled with >> OpenSSL 1.1.1l. >> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> >> --- >> .../rootfiles/packages/python3-cryptography | 25 ++++++++++--------- >> lfs/python3-cryptography | 6 ++--- >> 2 files changed, 16 insertions(+), 15 deletions(-) >> diff --git a/config/rootfiles/packages/python3-cryptography b/config/rootfiles/packages/python3-cryptography >> index 9f63606fb..a9ee32faf 100644 >> --- a/config/rootfiles/packages/python3-cryptography >> +++ b/config/rootfiles/packages/python3-cryptography >> @@ -1,20 +1,18 @@ >> usr/lib/python3.10/site-packages/cryptography >> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info >> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/PKG-INFO >> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/SOURCES.txt >> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/dependency_links.txt >> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/not-zip-safe >> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/requires.txt >> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/top_level.txt >> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info >> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/PKG-INFO >> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/SOURCES.txt >> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/dependency_links.txt >> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/not-zip-safe >> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/requires.txt >> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/top_level.txt >> usr/lib/python3.10/site-packages/cryptography/__about__.py >> usr/lib/python3.10/site-packages/cryptography/__init__.py >> usr/lib/python3.10/site-packages/cryptography/exceptions.py >> usr/lib/python3.10/site-packages/cryptography/fernet.py >> usr/lib/python3.10/site-packages/cryptography/hazmat >> usr/lib/python3.10/site-packages/cryptography/hazmat/__init__.py >> -usr/lib/python3.10/site-packages/cryptography/hazmat/_der.py >> usr/lib/python3.10/site-packages/cryptography/hazmat/_oid.py >> -usr/lib/python3.10/site-packages/cryptography/hazmat/_types.py >> usr/lib/python3.10/site-packages/cryptography/hazmat/backends >> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/__init__.py >> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/interfaces.py >> @@ -33,7 +31,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ed448.py >> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.py >> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hashes.py >> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hmac.py >> -usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ocsp.py >> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/poly1305.py >> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/rsa.py >> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/utils.py >> @@ -43,8 +40,12 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/x509.py >> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings >> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/__init__.py >> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so >> -usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_padding.abi3.so >> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust >> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust.abi3.so >> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/__init__.pyi >> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/asn1.pyi >> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/ocsp.pyi >> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/x509.pyi >> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl >> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/__init__.py >> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/_conditional.py >> @@ -63,6 +64,7 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ed255 >> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ed448.py >> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/padding.py >> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py >> +usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/types.py >> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/utils.py >> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/x25519.py >> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/x448.py >> @@ -97,7 +99,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor >> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/__init__.py >> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/hotp.py >> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/totp.py >> -usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/utils.py >> usr/lib/python3.10/site-packages/cryptography/py.typed >> usr/lib/python3.10/site-packages/cryptography/utils.py >> usr/lib/python3.10/site-packages/cryptography/x509 >> diff --git a/lfs/python3-cryptography b/lfs/python3-cryptography >> index f3090bc6a..77e5f06b0 100644 >> --- a/lfs/python3-cryptography >> +++ b/lfs/python3-cryptography >> @@ -24,7 +24,7 @@ >> include Config >> -VER = 3.4.7 >> +VER = 36.0.2 >> THISAPP = cryptography-$(VER) >> DL_FILE = $(THISAPP).tar.gz >> @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) >> DIR_APP = $(DIR_SRC)/$(THISAPP) >> TARGET = $(DIR_INFO)/$(THISAPP) >> PROG = python3-cryptography >> -PAK_VER = 1 >> +PAK_VER = 2 >> DEPS = python3-cffi >> @@ -46,7 +46,7 @@ objects = $(DL_FILE) >> $(DL_FILE) = $(DL_FROM)/$(DL_FILE) >> -$(DL_FILE)_BLAKE2 = 49bc1e098ed1ba0181059b645f6668cda6332d196eaca55270ebce6e07e5bb6ab6724c5050fde20e89b7025773960d74ec782bb875badbbd5dc9a04db0a536f1 >> +$(DL_FILE)_BLAKE2 = b34b994e44b1ccd099a56fba4a167d563a29652f86ab0f0000ef78b4093a15cbfb82a9cebecdcaf6bca782a5fdd20f6c7d2206d68a219626a9fe8ae13e9aec5e >> install : $(TARGET) >>
On 17/06/2022 12:14, Michael Tremer wrote: > Oh wow. 23 patches. and would have been 26 patches without your help on removing the windows requirements. > > That looks like a lot of work! > > Thank you for this. I will not tag them all individually if that is okay :) That is fine by me :-) > > -Michael > >> On 17 Jun 2022, at 11:00, Adolf Belka <adolf.belka@ipfire.org> wrote: >> >> Dear All, >> >> For information this patch series can wait till CU170. It is not an urgent need to update in CU169. >> >> Regards, >> Adolf. >> >> On 17/06/2022 11:42, Adolf Belka wrote: >>> - Update from version 3.4.7 to 36.0.2 >>> After version 3.4.8 the numbering scheme changed to 35.0.0 in Sept 2021 >>> See Chanelog section 35.0.0 below >>> - New release requires a lot of rust packages - see Changelog sections 35.0.0 & 36.0.0 >>> below. The required rust packages are installed in separate patches in this series >>> - Update of rootfile >>> - Changelog >>> 36.0.2 - 2022-03-15¶ >>> Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1n. >>> 36.0.1 - 2021-12-14¶ >>> Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1m. >>> 36.0.0 - 2021-11-21¶ >>> FINAL DEPRECATION Support for verifier and signer on our asymmetric key >>> classes was deprecated in version 2.0. These functions had an extended >>> deprecation due to usage, however the next version of cryptography will drop >>> support. Users should migrate to sign and verify. >>> The entire X.509 layer is now written in Rust. This allows alternate >>> asymmetric key implementations that can support cloud key management >>> services or hardware security modules provided they implement the necessary >>> interface (for example: EllipticCurvePrivateKey). >>> Deprecated the backend argument for all functions. >>> Added support for AESOCB3. >>> Added support for iterating over arbitrary request attributes. >>> Deprecated the get_attribute_for_oid method on CertificateSigningRequest in >>> favor of get_attribute_for_oid() on the new Attributes object. >>> Fixed handling of PEM files to allow loading when certificate and key are in >>> the same file. >>> Fixed parsing of CertificatePolicies extensions containing legacy BMPString >>> values in their explicitText. >>> Allow parsing of negative serial numbers in certificates. Negative serial >>> numbers are prohibited by RFC 5280 so a deprecation warning will be raised >>> whenever they are encountered. A future version of cryptography will drop >>> support for parsing them. >>> Added support for parsing PKCS12 files with friendly names for all >>> certificates with load_pkcs12(), which will return an object of type >>> PKCS12KeyAndCertificates. >>> rfc4514_string() and related methods now have an optional attr_name_overrides >>> parameter to supply custom OID to name mappings, which can be used to match >>> vendor-specific extensions. >>> BACKWARDS INCOMPATIBLE: Reverted the nonstandard formatting of email address >>> fields as E in rfc4514_string() methods from version 35.0. >>> The previous behavior can be restored with: >>> name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"}) >>> Allow X25519PublicKey and X448PublicKey to be used as public keys when >>> parsing certificates or creating them with CertificateBuilder. These key >>> types must be signed with a different signing algorithm as X25519 and X448 >>> do not support signing. >>> Extension values can now be serialized to a DER byte string by calling >>> public_bytes(). >>> Added experimental support for compiling against BoringSSL. As BoringSSL >>> does not commit to a stable API, cryptography tests against the latest >>> commit only. Please note that several features are not available when >>> building against BoringSSL. >>> Parsing CertificateSigningRequest from DER and PEM now, for a limited time >>> period, allows the Extension critical field to be incorrectly encoded. See >>> the issue for complete details. This will be reverted in a future >>> cryptography release. >>> When OCSPNonce are parsed and generated their value is now correctly wrapped >>> in an ASN.1 OCTET STRING. This conforms to RFC 6960 but conflicts with the >>> original behavior specified in RFC 2560. For a temporary period for >>> backwards compatibility, we will also parse values that are encoded as >>> specified in RFC 2560 but this behavior will be removed in a future release. >>> 35.0.0 - 2021-09-29¶ >>> Changed the version scheme. This will result in us incrementing the major >>> version more frequently, but does not change our existing backwards >>> compatibility policy. >>> BACKWARDS INCOMPATIBLE: The X.509 PEM parsers now require that the PEM >>> string passed have PEM delimiters of the correct type. For example, parsing >>> a private key PEM concatenated with a certificate PEM will no longer be >>> accepted by the PEM certificate parser. >>> BACKWARDS INCOMPATIBLE: The X.509 certificate parser no longer allows >>> negative serial numbers. RFC 5280 has always prohibited these. >>> BACKWARDS INCOMPATIBLE: Additional forms of invalid ASN.1 found during X.509 >>> parsing will raise an error on initial parse rather than when the malformed >>> field is accessed. >>> Rust is now required for building cryptography, the >>> CRYPTOGRAPHY_DONT_BUILD_RUST environment variable is no longer respected. >>> Parsers for X.509 no longer use OpenSSL and have been rewritten in Rust. >>> This should be backwards compatible (modulo the items listed above) and >>> improve both security and performance. >>> Added support for OpenSSL 3.0.0 as a compilation target. >>> Added support for SM3 and SM4, when using OpenSSL 1.1.1. These algorithms >>> are provided for compatibility in regions where they may be required, and >>> are not generally recommended. >>> We now ship manylinux_2_24 and musllinux_1_1 wheels, in addition to our >>> manylinux2010 and manylinux2014 wheels. Users on distributions like Alpine >>> Linux should ensure they upgrade to the latest pip to correctly receive >>> wheels. >>> Added rfc4514_attribute_name attribute to x509.NameAttribute. >>> Added KBKDFCMAC. >>> 3.4.8 - 2021-08-24¶ >>> Updated Windows, macOS, and manylinux wheels to be compiled with >>> OpenSSL 1.1.1l. >>> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> >>> --- >>> .../rootfiles/packages/python3-cryptography | 25 ++++++++++--------- >>> lfs/python3-cryptography | 6 ++--- >>> 2 files changed, 16 insertions(+), 15 deletions(-) >>> diff --git a/config/rootfiles/packages/python3-cryptography b/config/rootfiles/packages/python3-cryptography >>> index 9f63606fb..a9ee32faf 100644 >>> --- a/config/rootfiles/packages/python3-cryptography >>> +++ b/config/rootfiles/packages/python3-cryptography >>> @@ -1,20 +1,18 @@ >>> usr/lib/python3.10/site-packages/cryptography >>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info >>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/PKG-INFO >>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/SOURCES.txt >>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/dependency_links.txt >>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/not-zip-safe >>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/requires.txt >>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/top_level.txt >>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info >>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/PKG-INFO >>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/SOURCES.txt >>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/dependency_links.txt >>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/not-zip-safe >>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/requires.txt >>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/top_level.txt >>> usr/lib/python3.10/site-packages/cryptography/__about__.py >>> usr/lib/python3.10/site-packages/cryptography/__init__.py >>> usr/lib/python3.10/site-packages/cryptography/exceptions.py >>> usr/lib/python3.10/site-packages/cryptography/fernet.py >>> usr/lib/python3.10/site-packages/cryptography/hazmat >>> usr/lib/python3.10/site-packages/cryptography/hazmat/__init__.py >>> -usr/lib/python3.10/site-packages/cryptography/hazmat/_der.py >>> usr/lib/python3.10/site-packages/cryptography/hazmat/_oid.py >>> -usr/lib/python3.10/site-packages/cryptography/hazmat/_types.py >>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends >>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/__init__.py >>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/interfaces.py >>> @@ -33,7 +31,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ed448.py >>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.py >>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hashes.py >>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hmac.py >>> -usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ocsp.py >>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/poly1305.py >>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/rsa.py >>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/utils.py >>> @@ -43,8 +40,12 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/x509.py >>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings >>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/__init__.py >>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so >>> -usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_padding.abi3.so >>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust >>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust.abi3.so >>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/__init__.pyi >>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/asn1.pyi >>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/ocsp.pyi >>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/x509.pyi >>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl >>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/__init__.py >>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/_conditional.py >>> @@ -63,6 +64,7 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ed255 >>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ed448.py >>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/padding.py >>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py >>> +usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/types.py >>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/utils.py >>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/x25519.py >>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/x448.py >>> @@ -97,7 +99,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor >>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/__init__.py >>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/hotp.py >>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/totp.py >>> -usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/utils.py >>> usr/lib/python3.10/site-packages/cryptography/py.typed >>> usr/lib/python3.10/site-packages/cryptography/utils.py >>> usr/lib/python3.10/site-packages/cryptography/x509 >>> diff --git a/lfs/python3-cryptography b/lfs/python3-cryptography >>> index f3090bc6a..77e5f06b0 100644 >>> --- a/lfs/python3-cryptography >>> +++ b/lfs/python3-cryptography >>> @@ -24,7 +24,7 @@ >>> include Config >>> -VER = 3.4.7 >>> +VER = 36.0.2 >>> THISAPP = cryptography-$(VER) >>> DL_FILE = $(THISAPP).tar.gz >>> @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) >>> DIR_APP = $(DIR_SRC)/$(THISAPP) >>> TARGET = $(DIR_INFO)/$(THISAPP) >>> PROG = python3-cryptography >>> -PAK_VER = 1 >>> +PAK_VER = 2 >>> DEPS = python3-cffi >>> @@ -46,7 +46,7 @@ objects = $(DL_FILE) >>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE) >>> -$(DL_FILE)_BLAKE2 = 49bc1e098ed1ba0181059b645f6668cda6332d196eaca55270ebce6e07e5bb6ab6724c5050fde20e89b7025773960d74ec782bb875badbbd5dc9a04db0a536f1 >>> +$(DL_FILE)_BLAKE2 = b34b994e44b1ccd099a56fba4a167d563a29652f86ab0f0000ef78b4093a15cbfb82a9cebecdcaf6bca782a5fdd20f6c7d2206d68a219626a9fe8ae13e9aec5e >>> install : $(TARGET) >>> >
Hello Adolf, I can only concur with Michael, and thank you for all your work. For size reasons, I would abstain from cramping these patches into Core Update 169 (which is currently at 98 MByte on x86_64), and defer them to Core Update 170. Would that be fine to you? Thanks, and best regards, Peter Müller > > > On 17/06/2022 12:14, Michael Tremer wrote: >> Oh wow. 23 patches. > and would have been 26 patches without your help on removing the windows requirements. >> >> That looks like a lot of work! >> >> Thank you for this. I will not tag them all individually if that is okay :) > That is fine by me :-) >> >> -Michael >> >>> On 17 Jun 2022, at 11:00, Adolf Belka <adolf.belka@ipfire.org> wrote: >>> >>> Dear All, >>> >>> For information this patch series can wait till CU170. It is not an urgent need to update in CU169. >>> >>> Regards, >>> Adolf. >>> >>> On 17/06/2022 11:42, Adolf Belka wrote: >>>> - Update from version 3.4.7 to 36.0.2 >>>> After version 3.4.8 the numbering scheme changed to 35.0.0 in Sept 2021 >>>> See Chanelog section 35.0.0 below >>>> - New release requires a lot of rust packages - see Changelog sections 35.0.0 & 36.0.0 >>>> below. The required rust packages are installed in separate patches in this series >>>> - Update of rootfile >>>> - Changelog >>>> 36.0.2 - 2022-03-15¶ >>>> Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1n. >>>> 36.0.1 - 2021-12-14¶ >>>> Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1m. >>>> 36.0.0 - 2021-11-21¶ >>>> FINAL DEPRECATION Support for verifier and signer on our asymmetric key >>>> classes was deprecated in version 2.0. These functions had an extended >>>> deprecation due to usage, however the next version of cryptography will drop >>>> support. Users should migrate to sign and verify. >>>> The entire X.509 layer is now written in Rust. This allows alternate >>>> asymmetric key implementations that can support cloud key management >>>> services or hardware security modules provided they implement the necessary >>>> interface (for example: EllipticCurvePrivateKey). >>>> Deprecated the backend argument for all functions. >>>> Added support for AESOCB3. >>>> Added support for iterating over arbitrary request attributes. >>>> Deprecated the get_attribute_for_oid method on CertificateSigningRequest in >>>> favor of get_attribute_for_oid() on the new Attributes object. >>>> Fixed handling of PEM files to allow loading when certificate and key are in >>>> the same file. >>>> Fixed parsing of CertificatePolicies extensions containing legacy BMPString >>>> values in their explicitText. >>>> Allow parsing of negative serial numbers in certificates. Negative serial >>>> numbers are prohibited by RFC 5280 so a deprecation warning will be raised >>>> whenever they are encountered. A future version of cryptography will drop >>>> support for parsing them. >>>> Added support for parsing PKCS12 files with friendly names for all >>>> certificates with load_pkcs12(), which will return an object of type >>>> PKCS12KeyAndCertificates. >>>> rfc4514_string() and related methods now have an optional attr_name_overrides >>>> parameter to supply custom OID to name mappings, which can be used to match >>>> vendor-specific extensions. >>>> BACKWARDS INCOMPATIBLE: Reverted the nonstandard formatting of email address >>>> fields as E in rfc4514_string() methods from version 35.0. >>>> The previous behavior can be restored with: >>>> name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"}) >>>> Allow X25519PublicKey and X448PublicKey to be used as public keys when >>>> parsing certificates or creating them with CertificateBuilder. These key >>>> types must be signed with a different signing algorithm as X25519 and X448 >>>> do not support signing. >>>> Extension values can now be serialized to a DER byte string by calling >>>> public_bytes(). >>>> Added experimental support for compiling against BoringSSL. As BoringSSL >>>> does not commit to a stable API, cryptography tests against the latest >>>> commit only. Please note that several features are not available when >>>> building against BoringSSL. >>>> Parsing CertificateSigningRequest from DER and PEM now, for a limited time >>>> period, allows the Extension critical field to be incorrectly encoded. See >>>> the issue for complete details. This will be reverted in a future >>>> cryptography release. >>>> When OCSPNonce are parsed and generated their value is now correctly wrapped >>>> in an ASN.1 OCTET STRING. This conforms to RFC 6960 but conflicts with the >>>> original behavior specified in RFC 2560. For a temporary period for >>>> backwards compatibility, we will also parse values that are encoded as >>>> specified in RFC 2560 but this behavior will be removed in a future release. >>>> 35.0.0 - 2021-09-29¶ >>>> Changed the version scheme. This will result in us incrementing the major >>>> version more frequently, but does not change our existing backwards >>>> compatibility policy. >>>> BACKWARDS INCOMPATIBLE: The X.509 PEM parsers now require that the PEM >>>> string passed have PEM delimiters of the correct type. For example, parsing >>>> a private key PEM concatenated with a certificate PEM will no longer be >>>> accepted by the PEM certificate parser. >>>> BACKWARDS INCOMPATIBLE: The X.509 certificate parser no longer allows >>>> negative serial numbers. RFC 5280 has always prohibited these. >>>> BACKWARDS INCOMPATIBLE: Additional forms of invalid ASN.1 found during X.509 >>>> parsing will raise an error on initial parse rather than when the malformed >>>> field is accessed. >>>> Rust is now required for building cryptography, the >>>> CRYPTOGRAPHY_DONT_BUILD_RUST environment variable is no longer respected. >>>> Parsers for X.509 no longer use OpenSSL and have been rewritten in Rust. >>>> This should be backwards compatible (modulo the items listed above) and >>>> improve both security and performance. >>>> Added support for OpenSSL 3.0.0 as a compilation target. >>>> Added support for SM3 and SM4, when using OpenSSL 1.1.1. These algorithms >>>> are provided for compatibility in regions where they may be required, and >>>> are not generally recommended. >>>> We now ship manylinux_2_24 and musllinux_1_1 wheels, in addition to our >>>> manylinux2010 and manylinux2014 wheels. Users on distributions like Alpine >>>> Linux should ensure they upgrade to the latest pip to correctly receive >>>> wheels. >>>> Added rfc4514_attribute_name attribute to x509.NameAttribute. >>>> Added KBKDFCMAC. >>>> 3.4.8 - 2021-08-24¶ >>>> Updated Windows, macOS, and manylinux wheels to be compiled with >>>> OpenSSL 1.1.1l. >>>> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> >>>> --- >>>> .../rootfiles/packages/python3-cryptography | 25 ++++++++++--------- >>>> lfs/python3-cryptography | 6 ++--- >>>> 2 files changed, 16 insertions(+), 15 deletions(-) >>>> diff --git a/config/rootfiles/packages/python3-cryptography b/config/rootfiles/packages/python3-cryptography >>>> index 9f63606fb..a9ee32faf 100644 >>>> --- a/config/rootfiles/packages/python3-cryptography >>>> +++ b/config/rootfiles/packages/python3-cryptography >>>> @@ -1,20 +1,18 @@ >>>> usr/lib/python3.10/site-packages/cryptography >>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info >>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/PKG-INFO >>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/SOURCES.txt >>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/dependency_links.txt >>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/not-zip-safe >>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/requires.txt >>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/top_level.txt >>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info >>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/PKG-INFO >>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/SOURCES.txt >>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/dependency_links.txt >>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/not-zip-safe >>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/requires.txt >>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/top_level.txt >>>> usr/lib/python3.10/site-packages/cryptography/__about__.py >>>> usr/lib/python3.10/site-packages/cryptography/__init__.py >>>> usr/lib/python3.10/site-packages/cryptography/exceptions.py >>>> usr/lib/python3.10/site-packages/cryptography/fernet.py >>>> usr/lib/python3.10/site-packages/cryptography/hazmat >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/__init__.py >>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/_der.py >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/_oid.py >>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/_types.py >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/__init__.py >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/interfaces.py >>>> @@ -33,7 +31,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ed448.py >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.py >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hashes.py >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hmac.py >>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ocsp.py >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/poly1305.py >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/rsa.py >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/utils.py >>>> @@ -43,8 +40,12 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/x509.py >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/__init__.py >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so >>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_padding.abi3.so >>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust.abi3.so >>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/__init__.pyi >>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/asn1.pyi >>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/ocsp.pyi >>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/x509.pyi >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/__init__.py >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/_conditional.py >>>> @@ -63,6 +64,7 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ed255 >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ed448.py >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/padding.py >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py >>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/types.py >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/utils.py >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/x25519.py >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/x448.py >>>> @@ -97,7 +99,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/__init__.py >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/hotp.py >>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/totp.py >>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/utils.py >>>> usr/lib/python3.10/site-packages/cryptography/py.typed >>>> usr/lib/python3.10/site-packages/cryptography/utils.py >>>> usr/lib/python3.10/site-packages/cryptography/x509 >>>> diff --git a/lfs/python3-cryptography b/lfs/python3-cryptography >>>> index f3090bc6a..77e5f06b0 100644 >>>> --- a/lfs/python3-cryptography >>>> +++ b/lfs/python3-cryptography >>>> @@ -24,7 +24,7 @@ >>>> include Config >>>> -VER = 3.4.7 >>>> +VER = 36.0.2 >>>> THISAPP = cryptography-$(VER) >>>> DL_FILE = $(THISAPP).tar.gz >>>> @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) >>>> DIR_APP = $(DIR_SRC)/$(THISAPP) >>>> TARGET = $(DIR_INFO)/$(THISAPP) >>>> PROG = python3-cryptography >>>> -PAK_VER = 1 >>>> +PAK_VER = 2 >>>> DEPS = python3-cffi >>>> @@ -46,7 +46,7 @@ objects = $(DL_FILE) >>>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE) >>>> -$(DL_FILE)_BLAKE2 = 49bc1e098ed1ba0181059b645f6668cda6332d196eaca55270ebce6e07e5bb6ab6724c5050fde20e89b7025773960d74ec782bb875badbbd5dc9a04db0a536f1 >>>> +$(DL_FILE)_BLAKE2 = b34b994e44b1ccd099a56fba4a167d563a29652f86ab0f0000ef78b4093a15cbfb82a9cebecdcaf6bca782a5fdd20f6c7d2206d68a219626a9fe8ae13e9aec5e >>>> install : $(TARGET) >>>> >>
Hi Peter, On 18/06/2022 16:51, Peter Müller wrote: > Hello Adolf, > > I can only concur with Michael, and thank you for all your work. > > For size reasons, I would abstain from cramping these patches into Core Update 169 (which > is currently at 98 MByte on x86_64), and defer them to Core Update 170. Would that be > fine to you? Absolutely fine for me. I was expecting that it would wait till CU170. Adolf. > > Thanks, and best regards, > Peter Müller > > >> >> >> On 17/06/2022 12:14, Michael Tremer wrote: >>> Oh wow. 23 patches. >> and would have been 26 patches without your help on removing the windows requirements. >>> >>> That looks like a lot of work! >>> >>> Thank you for this. I will not tag them all individually if that is okay :) >> That is fine by me :-) >>> >>> -Michael >>> >>>> On 17 Jun 2022, at 11:00, Adolf Belka <adolf.belka@ipfire.org> wrote: >>>> >>>> Dear All, >>>> >>>> For information this patch series can wait till CU170. It is not an urgent need to update in CU169. >>>> >>>> Regards, >>>> Adolf. >>>> >>>> On 17/06/2022 11:42, Adolf Belka wrote: >>>>> - Update from version 3.4.7 to 36.0.2 >>>>> After version 3.4.8 the numbering scheme changed to 35.0.0 in Sept 2021 >>>>> See Chanelog section 35.0.0 below >>>>> - New release requires a lot of rust packages - see Changelog sections 35.0.0 & 36.0.0 >>>>> below. The required rust packages are installed in separate patches in this series >>>>> - Update of rootfile >>>>> - Changelog >>>>> 36.0.2 - 2022-03-15¶ >>>>> Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1n. >>>>> 36.0.1 - 2021-12-14¶ >>>>> Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1m. >>>>> 36.0.0 - 2021-11-21¶ >>>>> FINAL DEPRECATION Support for verifier and signer on our asymmetric key >>>>> classes was deprecated in version 2.0. These functions had an extended >>>>> deprecation due to usage, however the next version of cryptography will drop >>>>> support. Users should migrate to sign and verify. >>>>> The entire X.509 layer is now written in Rust. This allows alternate >>>>> asymmetric key implementations that can support cloud key management >>>>> services or hardware security modules provided they implement the necessary >>>>> interface (for example: EllipticCurvePrivateKey). >>>>> Deprecated the backend argument for all functions. >>>>> Added support for AESOCB3. >>>>> Added support for iterating over arbitrary request attributes. >>>>> Deprecated the get_attribute_for_oid method on CertificateSigningRequest in >>>>> favor of get_attribute_for_oid() on the new Attributes object. >>>>> Fixed handling of PEM files to allow loading when certificate and key are in >>>>> the same file. >>>>> Fixed parsing of CertificatePolicies extensions containing legacy BMPString >>>>> values in their explicitText. >>>>> Allow parsing of negative serial numbers in certificates. Negative serial >>>>> numbers are prohibited by RFC 5280 so a deprecation warning will be raised >>>>> whenever they are encountered. A future version of cryptography will drop >>>>> support for parsing them. >>>>> Added support for parsing PKCS12 files with friendly names for all >>>>> certificates with load_pkcs12(), which will return an object of type >>>>> PKCS12KeyAndCertificates. >>>>> rfc4514_string() and related methods now have an optional attr_name_overrides >>>>> parameter to supply custom OID to name mappings, which can be used to match >>>>> vendor-specific extensions. >>>>> BACKWARDS INCOMPATIBLE: Reverted the nonstandard formatting of email address >>>>> fields as E in rfc4514_string() methods from version 35.0. >>>>> The previous behavior can be restored with: >>>>> name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"}) >>>>> Allow X25519PublicKey and X448PublicKey to be used as public keys when >>>>> parsing certificates or creating them with CertificateBuilder. These key >>>>> types must be signed with a different signing algorithm as X25519 and X448 >>>>> do not support signing. >>>>> Extension values can now be serialized to a DER byte string by calling >>>>> public_bytes(). >>>>> Added experimental support for compiling against BoringSSL. As BoringSSL >>>>> does not commit to a stable API, cryptography tests against the latest >>>>> commit only. Please note that several features are not available when >>>>> building against BoringSSL. >>>>> Parsing CertificateSigningRequest from DER and PEM now, for a limited time >>>>> period, allows the Extension critical field to be incorrectly encoded. See >>>>> the issue for complete details. This will be reverted in a future >>>>> cryptography release. >>>>> When OCSPNonce are parsed and generated their value is now correctly wrapped >>>>> in an ASN.1 OCTET STRING. This conforms to RFC 6960 but conflicts with the >>>>> original behavior specified in RFC 2560. For a temporary period for >>>>> backwards compatibility, we will also parse values that are encoded as >>>>> specified in RFC 2560 but this behavior will be removed in a future release. >>>>> 35.0.0 - 2021-09-29¶ >>>>> Changed the version scheme. This will result in us incrementing the major >>>>> version more frequently, but does not change our existing backwards >>>>> compatibility policy. >>>>> BACKWARDS INCOMPATIBLE: The X.509 PEM parsers now require that the PEM >>>>> string passed have PEM delimiters of the correct type. For example, parsing >>>>> a private key PEM concatenated with a certificate PEM will no longer be >>>>> accepted by the PEM certificate parser. >>>>> BACKWARDS INCOMPATIBLE: The X.509 certificate parser no longer allows >>>>> negative serial numbers. RFC 5280 has always prohibited these. >>>>> BACKWARDS INCOMPATIBLE: Additional forms of invalid ASN.1 found during X.509 >>>>> parsing will raise an error on initial parse rather than when the malformed >>>>> field is accessed. >>>>> Rust is now required for building cryptography, the >>>>> CRYPTOGRAPHY_DONT_BUILD_RUST environment variable is no longer respected. >>>>> Parsers for X.509 no longer use OpenSSL and have been rewritten in Rust. >>>>> This should be backwards compatible (modulo the items listed above) and >>>>> improve both security and performance. >>>>> Added support for OpenSSL 3.0.0 as a compilation target. >>>>> Added support for SM3 and SM4, when using OpenSSL 1.1.1. These algorithms >>>>> are provided for compatibility in regions where they may be required, and >>>>> are not generally recommended. >>>>> We now ship manylinux_2_24 and musllinux_1_1 wheels, in addition to our >>>>> manylinux2010 and manylinux2014 wheels. Users on distributions like Alpine >>>>> Linux should ensure they upgrade to the latest pip to correctly receive >>>>> wheels. >>>>> Added rfc4514_attribute_name attribute to x509.NameAttribute. >>>>> Added KBKDFCMAC. >>>>> 3.4.8 - 2021-08-24¶ >>>>> Updated Windows, macOS, and manylinux wheels to be compiled with >>>>> OpenSSL 1.1.1l. >>>>> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> >>>>> --- >>>>> .../rootfiles/packages/python3-cryptography | 25 ++++++++++--------- >>>>> lfs/python3-cryptography | 6 ++--- >>>>> 2 files changed, 16 insertions(+), 15 deletions(-) >>>>> diff --git a/config/rootfiles/packages/python3-cryptography b/config/rootfiles/packages/python3-cryptography >>>>> index 9f63606fb..a9ee32faf 100644 >>>>> --- a/config/rootfiles/packages/python3-cryptography >>>>> +++ b/config/rootfiles/packages/python3-cryptography >>>>> @@ -1,20 +1,18 @@ >>>>> usr/lib/python3.10/site-packages/cryptography >>>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info >>>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/PKG-INFO >>>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/SOURCES.txt >>>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/dependency_links.txt >>>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/not-zip-safe >>>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/requires.txt >>>>> -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/top_level.txt >>>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info >>>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/PKG-INFO >>>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/SOURCES.txt >>>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/dependency_links.txt >>>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/not-zip-safe >>>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/requires.txt >>>>> +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/top_level.txt >>>>> usr/lib/python3.10/site-packages/cryptography/__about__.py >>>>> usr/lib/python3.10/site-packages/cryptography/__init__.py >>>>> usr/lib/python3.10/site-packages/cryptography/exceptions.py >>>>> usr/lib/python3.10/site-packages/cryptography/fernet.py >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/__init__.py >>>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/_der.py >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/_oid.py >>>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/_types.py >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/__init__.py >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/interfaces.py >>>>> @@ -33,7 +31,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ed448.py >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.py >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hashes.py >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hmac.py >>>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ocsp.py >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/poly1305.py >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/rsa.py >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/utils.py >>>>> @@ -43,8 +40,12 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/x509.py >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/__init__.py >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so >>>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_padding.abi3.so >>>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust.abi3.so >>>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/__init__.pyi >>>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/asn1.pyi >>>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/ocsp.pyi >>>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/x509.pyi >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/__init__.py >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/_conditional.py >>>>> @@ -63,6 +64,7 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ed255 >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ed448.py >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/padding.py >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py >>>>> +usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/types.py >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/utils.py >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/x25519.py >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/x448.py >>>>> @@ -97,7 +99,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/__init__.py >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/hotp.py >>>>> usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/totp.py >>>>> -usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/utils.py >>>>> usr/lib/python3.10/site-packages/cryptography/py.typed >>>>> usr/lib/python3.10/site-packages/cryptography/utils.py >>>>> usr/lib/python3.10/site-packages/cryptography/x509 >>>>> diff --git a/lfs/python3-cryptography b/lfs/python3-cryptography >>>>> index f3090bc6a..77e5f06b0 100644 >>>>> --- a/lfs/python3-cryptography >>>>> +++ b/lfs/python3-cryptography >>>>> @@ -24,7 +24,7 @@ >>>>> include Config >>>>> -VER = 3.4.7 >>>>> +VER = 36.0.2 >>>>> THISAPP = cryptography-$(VER) >>>>> DL_FILE = $(THISAPP).tar.gz >>>>> @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) >>>>> DIR_APP = $(DIR_SRC)/$(THISAPP) >>>>> TARGET = $(DIR_INFO)/$(THISAPP) >>>>> PROG = python3-cryptography >>>>> -PAK_VER = 1 >>>>> +PAK_VER = 2 >>>>> DEPS = python3-cffi >>>>> @@ -46,7 +46,7 @@ objects = $(DL_FILE) >>>>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE) >>>>> -$(DL_FILE)_BLAKE2 = 49bc1e098ed1ba0181059b645f6668cda6332d196eaca55270ebce6e07e5bb6ab6724c5050fde20e89b7025773960d74ec782bb875badbbd5dc9a04db0a536f1 >>>>> +$(DL_FILE)_BLAKE2 = b34b994e44b1ccd099a56fba4a167d563a29652f86ab0f0000ef78b4093a15cbfb82a9cebecdcaf6bca782a5fdd20f6c7d2206d68a219626a9fe8ae13e9aec5e >>>>> install : $(TARGET) >>>>> >>>
diff --git a/config/rootfiles/packages/python3-cryptography b/config/rootfiles/packages/python3-cryptography index 9f63606fb..a9ee32faf 100644 --- a/config/rootfiles/packages/python3-cryptography +++ b/config/rootfiles/packages/python3-cryptography @@ -1,20 +1,18 @@ usr/lib/python3.10/site-packages/cryptography -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/PKG-INFO -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/SOURCES.txt -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/dependency_links.txt -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/not-zip-safe -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/requires.txt -#usr/lib/python3.10/site-packages/cryptography-3.4.7-py3.10.egg-info/top_level.txt +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/PKG-INFO +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/SOURCES.txt +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/dependency_links.txt +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/not-zip-safe +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/requires.txt +#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/top_level.txt usr/lib/python3.10/site-packages/cryptography/__about__.py usr/lib/python3.10/site-packages/cryptography/__init__.py usr/lib/python3.10/site-packages/cryptography/exceptions.py usr/lib/python3.10/site-packages/cryptography/fernet.py usr/lib/python3.10/site-packages/cryptography/hazmat usr/lib/python3.10/site-packages/cryptography/hazmat/__init__.py -usr/lib/python3.10/site-packages/cryptography/hazmat/_der.py usr/lib/python3.10/site-packages/cryptography/hazmat/_oid.py -usr/lib/python3.10/site-packages/cryptography/hazmat/_types.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends usr/lib/python3.10/site-packages/cryptography/hazmat/backends/__init__.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/interfaces.py @@ -33,7 +31,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ed448.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hashes.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hmac.py -usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ocsp.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/poly1305.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/rsa.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/utils.py @@ -43,8 +40,12 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/x509.py usr/lib/python3.10/site-packages/cryptography/hazmat/bindings usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/__init__.py usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so -usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_padding.abi3.so +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust.abi3.so +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/__init__.pyi +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/asn1.pyi +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/ocsp.pyi +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/x509.pyi usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/__init__.py usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/openssl/_conditional.py @@ -63,6 +64,7 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ed255 usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/ed448.py usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/padding.py usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py +usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/types.py usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/utils.py usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/x25519.py usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/asymmetric/x448.py @@ -97,7 +99,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/__init__.py usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/hotp.py usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/totp.py -usr/lib/python3.10/site-packages/cryptography/hazmat/primitives/twofactor/utils.py usr/lib/python3.10/site-packages/cryptography/py.typed usr/lib/python3.10/site-packages/cryptography/utils.py usr/lib/python3.10/site-packages/cryptography/x509 diff --git a/lfs/python3-cryptography b/lfs/python3-cryptography index f3090bc6a..77e5f06b0 100644 --- a/lfs/python3-cryptography +++ b/lfs/python3-cryptography @@ -24,7 +24,7 @@ include Config -VER = 3.4.7 +VER = 36.0.2 THISAPP = cryptography-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = python3-cryptography -PAK_VER = 1 +PAK_VER = 2 DEPS = python3-cffi @@ -46,7 +46,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 49bc1e098ed1ba0181059b645f6668cda6332d196eaca55270ebce6e07e5bb6ab6724c5050fde20e89b7025773960d74ec782bb875badbbd5dc9a04db0a536f1 +$(DL_FILE)_BLAKE2 = b34b994e44b1ccd099a56fba4a167d563a29652f86ab0f0000ef78b4093a15cbfb82a9cebecdcaf6bca782a5fdd20f6c7d2206d68a219626a9fe8ae13e9aec5e install : $(TARGET)