From patchwork Wed Nov 9 18:56:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 6089 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4N6vPS6x4nz3xkD for ; Wed, 9 Nov 2022 18:58:20 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4N6vPD2kFFz2rr; Wed, 9 Nov 2022 18:58:08 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4N6vPC62jrz30Bc; Wed, 9 Nov 2022 18:58:07 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4N6vP83bDVz2ytv for ; Wed, 9 Nov 2022 18:58:04 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4N6vP81n4Cz2HW; Wed, 9 Nov 2022 18:58:04 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1668020284; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kDR1Ghdz5Z8NsqoIMtGjYMAveZDT8fWG/tHoct/fm8I=; b=QB/b1+m4YnqMRV4ODmLuoUxTcm0yr9AYQ303pkSEkJtDDB72ys7xwa+RryUydKqf07VIGn VG3XGl7rj9bSiFAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1668020284; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kDR1Ghdz5Z8NsqoIMtGjYMAveZDT8fWG/tHoct/fm8I=; b=aJwa9msFQ9cB1GjAj4GDyQs2rONFalzTl4PbiRJvDpx1KembkQHldrytGsf/YiMvvP6Kpw UEl3XLChHRR4NHaBdHVHTVbkUFRrq7cZBSU6DExr9PcQpnFqDrbWKkKmWV5/fc6GOUoCnw oUwfTvsLOtGvUVCospondFLKwGwhXVHF4gd8/vc9h/H5oKIMrtwPJtCfCileRuAjw6BNx5 f8k/owoZazob16BgeNatQEd/JoZ45khMMr4vqke1rd+frikPi1L9lmu2fCFd3Z66roW4z2 XeV5An2PaMn0M14ryAJxMcmUHP2Dx2nuQAFpEZKuWZVILpCgqrwUlGW7xmUs2Q== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 09/48] python3-cryptography:Update to version 38.0.1 and to work with python-3.10.8 Date: Wed, 9 Nov 2022 19:56:55 +0100 Message-Id: <20221109185734.3920-9-adolf.belka@ipfire.org> In-Reply-To: <20221109185734.3920-1-adolf.belka@ipfire.org> References: <20221109185734.3920-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Updated from version 36.0.2 to 38.0.1 - Update of rootfile - Changelog 38.0.1 - 2022-09-07 Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically seen in large CRLs). 38.0.0 - 2022-09-06 Final deprecation of OpenSSL 1.1.0. The next release of cryptography will drop support. We no longer ship many linux 2010 wheels. Users should upgrade to the latest pip to ensure this doesn’t cause issues downloading wheels on their platform. We now ship manylinux_2_28 wheels for users on new enough platforms. Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0. Users with the latest pip will typically get a wheel and not need Rust installed, but check Installation for documentation on installing a newer rustc if required. decrypt() and related methods now accept both str and bytes tokens. Parsing CertificateSigningRequest restores the behavior of enforcing that the Extension critical field must be correctly encoded DER. See the issue for complete details. Added two new OpenSSL functions to the bindings to support an upcoming pyOpenSSL release. When parsing CertificateRevocationList and CertificateSigningRequest values, it is now enforced that the version value in the input must be valid according to the rules of RFC 2986 and RFC 5280. Using MD5 or SHA1 in CertificateBuilder and other X.509 builders is deprecated and support will be removed in the next version. Added additional APIs to SignedCertificateTimestamp, including signature_hash_algorithm, signature_algorithm, signature, and extension_bytes. Added tbs_precertificate_bytes, allowing users to access the to-be-signed pre-certificate data needed for signed certificate timestamp verification. KBKDFHMAC and KBKDFCMAC now support MiddleFixed counter location. Fixed RFC 4514 name parsing to reverse the order of the RDNs according to the section 2.1 of the RFC, affecting method from_rfc4514_string(). It is now possible to customize some aspects of encryption when serializing private keys, using encryption_builder(). Removed several legacy symbols from our OpenSSL bindings. Users of pyOpenSSL versions older than 22.0 will need to upgrade. Added AES128 and AES256 classes. These classes do not replace AES (which allows all AES key lengths), but are intended for applications where developers want to be explicit about key length. 37.0.4 - 2022-07-05 Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.5. 37.0.3 - 2022-06-21 (YANKED)¶ Attention This release was subsequently yanked from PyPI due to a regression in OpenSSL. Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.4. 37.0.2 - 2022-05-03 Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.3. Added a constant needed for an upcoming pyOpenSSL release. 37.0.1 - 2022-04-27 Fixed an issue where parsing an encrypted private key with the public loader functions would hang waiting for console input on OpenSSL 3.0.x rather than raising an error. Restored some legacy symbols for older pyOpenSSL users. These will be removed again in the future, so pyOpenSSL users should still upgrade to the latest version of that package when they upgrade cryptography. 37.0.0 - 2022-04-26 Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.2. BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL 2.9.x and 3.0.x. The new minimum LibreSSL version is 3.1+. BACKWARDS INCOMPATIBLE: Removed signer and verifier methods from the public key and private key classes. These methods were originally deprecated in version 2.0, but had an extended deprecation timeline due to usage. Any remaining users should transition to sign and verify. Deprecated OpenSSL 1.1.0 support. OpenSSL 1.1.0 is no longer supported by the OpenSSL project. The next release of cryptography will be the last to support compiling with OpenSSL 1.1.0. Deprecated Python 3.6 support. Python 3.6 is no longer supported by the Python core team. Support for Python 3.6 will be removed in a future cryptography release. Deprecated the current minimum supported Rust version (MSRV) of 1.41.0. In the next release we will raise MSRV to 1.48.0. Users with the latest pip will typically get a wheel and not need Rust installed, but check Installation for documentation on installing a newer rustc if required. Deprecated CAST5, SEED, IDEA, and Blowfish because they are legacy algorithms with extremely low usage. These will be removed in a future version of cryptography. Added limited support for distinguished names containing a bit string. We now ship universal2 wheels on macOS, which contain both arm64 and x86_64 architectures. Users on macOS should upgrade to the latest pip to ensure they can use this wheel, although we will continue to ship x86_64 specific wheels for now to ease the transition. This will be the final release for which we ship manylinux2010 wheels. Going forward the minimum supported manylinux ABI for our wheels will be manylinux2014. The vast majority of users will continue to receive manylinux wheels provided they have an up to date pip. For PyPy wheels this release already requires manylinux2014 for compatibility with binaries distributed by upstream. Added support for multiple OCSPSingleResponse in a OCSPResponse. Restored support for signing certificates and other structures in X.509 with SHA3 hash algorithms. TripleDES is disabled in FIPS mode. Added support for serialization of PKCS#12 CA friendly names/aliases in serialize_key_and_certificates() Added support for 12-15 byte (96 to 120 bit) nonces to AESOCB3. This class previously supported only 12 byte (96 bit). Added support for AESSIV when using OpenSSL 3.0.0+. Added support for serializing PKCS7 structures from a list of certificates with serialize_certificates. Added support for parsing RFC 4514 strings with from_rfc4514_string(). Added AUTO to PSS. This can be used to verify a signature where the salt length is not already known. Added DIGEST_LENGTH to PSS. This constant will set the salt length to the same length as the PSS hash algorithm. Added support for loading RSA-PSS key types with load_pem_private_key() and load_der_private_key(). This functionality is limited to OpenSSL 1.1.1e+ and loads the key as a normal RSA private key, discarding the PSS constraint information. Tested-by: Adolf Belka Signed-off-by: Adolf Belka --- config/rootfiles/packages/python3-cryptography | 17 ++++++++--------- lfs/python3-cryptography | 6 +++--- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/config/rootfiles/packages/python3-cryptography b/config/rootfiles/packages/python3-cryptography index a9ee32faf..b665c0a03 100644 --- a/config/rootfiles/packages/python3-cryptography +++ b/config/rootfiles/packages/python3-cryptography @@ -1,11 +1,11 @@ usr/lib/python3.10/site-packages/cryptography -#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info -#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/PKG-INFO -#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/SOURCES.txt -#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/dependency_links.txt -#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/not-zip-safe -#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/requires.txt -#usr/lib/python3.10/site-packages/cryptography-36.0.2-py3.10.egg-info/top_level.txt +#usr/lib/python3.10/site-packages/cryptography-38.0.1-py3.10.egg-info +#usr/lib/python3.10/site-packages/cryptography-38.0.1-py3.10.egg-info/PKG-INFO +#usr/lib/python3.10/site-packages/cryptography-38.0.1-py3.10.egg-info/SOURCES.txt +#usr/lib/python3.10/site-packages/cryptography-38.0.1-py3.10.egg-info/dependency_links.txt +#usr/lib/python3.10/site-packages/cryptography-38.0.1-py3.10.egg-info/not-zip-safe +#usr/lib/python3.10/site-packages/cryptography-38.0.1-py3.10.egg-info/requires.txt +#usr/lib/python3.10/site-packages/cryptography-38.0.1-py3.10.egg-info/top_level.txt usr/lib/python3.10/site-packages/cryptography/__about__.py usr/lib/python3.10/site-packages/cryptography/__init__.py usr/lib/python3.10/site-packages/cryptography/exceptions.py @@ -15,7 +15,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/__init__.py usr/lib/python3.10/site-packages/cryptography/hazmat/_oid.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends usr/lib/python3.10/site-packages/cryptography/hazmat/backends/__init__.py -usr/lib/python3.10/site-packages/cryptography/hazmat/backends/interfaces.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/__init__.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/aead.py @@ -28,7 +27,6 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/dsa.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ec.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ed25519.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ed448.py -usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hashes.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/hmac.py usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/poly1305.py @@ -40,6 +38,7 @@ usr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/x509.py usr/lib/python3.10/site-packages/cryptography/hazmat/bindings usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/__init__.py usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so +usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_openssl.pyi usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust.abi3.so usr/lib/python3.10/site-packages/cryptography/hazmat/bindings/_rust/__init__.pyi diff --git a/lfs/python3-cryptography b/lfs/python3-cryptography index 77e5f06b0..f977ed14b 100644 --- a/lfs/python3-cryptography +++ b/lfs/python3-cryptography @@ -24,7 +24,7 @@ include Config -VER = 36.0.2 +VER = 38.0.1 THISAPP = cryptography-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = python3-cryptography -PAK_VER = 2 +PAK_VER = 3 DEPS = python3-cffi @@ -46,7 +46,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = b34b994e44b1ccd099a56fba4a167d563a29652f86ab0f0000ef78b4093a15cbfb82a9cebecdcaf6bca782a5fdd20f6c7d2206d68a219626a9fe8ae13e9aec5e +$(DL_FILE)_BLAKE2 = 40e17d43b72c35e77fab27efb66762e1d8002f9ba419220de68eb5ce957a31410cca821a40494e0963cc590a4e0c01c70e4076009022056a26d08d22ce859664 install : $(TARGET)