Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-cryptography for
openSUSE:Factory checked in at 2025-08-08 15:10:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-cryptography (Old)
and /work/SRC/openSUSE:Factory/.python-cryptography.new.1085 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-cryptography"
Fri Aug 8 15:10:10 2025 rev:102 rq:1292428 version:45.0.5
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-cryptography/python-cryptography.changes
2025-05-13 20:12:05.411509313 +0200
+++
/work/SRC/openSUSE:Factory/.python-cryptography.new.1085/python-cryptography.changes
2025-08-08 15:10:24.352477799 +0200
@@ -1,0 +2,120 @@
+Sat Jul 12 08:36:08 UTC 2025 - Dirk Müller <[email protected]>
+
+- update to 45.0.5:
+ * Updated Windows, macOS, and Linux wheels to be compiled with
+ OpenSSL 3.5.1.
+ * Fixed decrypting PKCS#8 files encrypted with SHA1-RC4. (This
+ is not considered secure, and is supported only for backwards
+ compatibility.)
+ * Fixed decrypting PKCS#8 files encrypted with long salts (this
+ impacts keys encrypted by Bouncy Castle).
+ * Fixed decrypting PKCS#8 files encrypted with DES-CBC-MD5.
+ While wildly insecure, this remains prevalent.
+ * Fixed using mypy with cryptography on older versions of
+ Python.
+ * Updated Windows, macOS, and Linux wheels to be compiled with
+ OpenSSL 3.5.0.
+ * Support for Python 3.7 is deprecated and will be removed in
+ the next cryptography release.
+ * Updated the minimum supported Rust version (MSRV) to 1.74.0,
+ from 1.65.0.
+ * Added support for serialization of PKCS#12 Java truststores
+ in :func:`~cryptography.hazmat.primitives.serialization.pkcs1
+ 2.serialize_java_truststore`
+ * Added :meth:`~cryptography.hazmat.primitives.kdf.argon2.Argon
+ 2id.derive_phc_encoded` and :meth:`~cryptography.hazmat.primi
+ tives.kdf.argon2.Argon2id.verify_phc_encoded` methods to
+ support password hashing in the PHC string format
+ * Added support for PKCS7 decryption and encryption using
+ AES-256 as the content algorithm, in addition to AES-128.
+ * BACKWARDS INCOMPATIBLE: Made SSH private key loading more
+ consistent with other private key loading: :func:`~cryptograp
+ hy.hazmat.primitives.serialization.load_ssh_private_key` now
+ raises a TypeError if the key is unencrypted but a password
+ is provided (previously no exception was raised), and raises
+ a TypeError if the key is encrypted but no password is
+ provided (previously a ValueError was raised).
+ * Added __copy__ to the :class:`~cryptography.hazmat.primitives
+ .asymmetric.ec.EllipticCurvePrivateKey`, :class:`~cryptograph
+ y.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`, :c
+ lass:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25
+ 519PublicKey`, :class:`~cryptography.hazmat.primitives.asymme
+ tric.ed25519.Ed25519PrivateKey`, :class:`~cryptography.hazmat
+ .primitives.asymmetric.ed448.Ed448PublicKey`, :class:`~crypto
+ graphy.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey`, :
+ class:`~cryptography.hazmat.primitives.asymmetric.x25519.X255
+ 19PublicKey`, :class:`~cryptography.hazmat.primitives.asymmet
+ ric.x25519.X25519PrivateKey`, :class:`~cryptography.hazmat.pr
+ imitives.asymmetric.x448.X448PublicKey`, :class:`~cryptograph
+ y.hazmat.primitives.asymmetric.x448.X448PrivateKey`, :class:`
+ ~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`
+ , :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAP
+ ublicKey`, :class:`~cryptography.hazmat.primitives.asymmetric
+ .dsa.DSAPrivateKey`, :class:`~cryptography.hazmat.primitives.
+ asymmetric.dsa.DSAPublicKey`, :class:`~cryptography.hazmat.pr
+ imitives.asymmetric.dh.DHPrivateKey`, and :class:`~cryptograp
+ hy.hazmat.primitives.asymmetric.dh.DHPublicKey` abstract base
+ classes.
+ * We significantly refactored how private key loading ( :func:`
+ ~cryptography.hazmat.primitives.serialization.load_pem_privat
+ e_key` and :func:`~cryptography.hazmat.primitives.serializati
+ on.load_der_private_key`) works. This is intended to be
+ backwards compatible for all well-formed keys, therefore if
+ you discover a key that now raises an exception, please file
+ a bug with instructions for reproducing.
+ * Added unsafe_skip_rsa_key_validation keyword-argument to :fun
+ c:`~cryptography.hazmat.primitives.serialization.load_ssh_pri
+ vate_key`.
+ * Added :class:`~cryptography.hazmat.primitives.hashes.XOFHash`
+ to support repeated :meth:`~cryptography.hazmat.primitives.ha
+ shes.XOFHash.squeeze` operations on extendable output
+ functions.
+ * Added :meth:`~cryptography.x509.ocsp.OCSPResponseBuilder.add_
+ response_by_hash` method to allow creating OCSP responses
+ using certificate hash values rather than full certificates.
+ * Extended the :mod:`X.509 path validation
+ <cryptography.x509.verification>` API to support user-
+ configured extension policies via the
+ :meth:`PolicyBuilder.extension_policies <cryptography.x509.ve
+ rification.PolicyBuilder.extension_policies>` method.
+ * Deprecated the subject, verification_time and max_chain_depth
+ properties on
+ :class:`~cryptography.x509.verification.ClientVerifier` and
+ :class:`~cryptography.x509.verification.ServerVerifier` in
+ favor of a new policy property. These properties will be
+ removed in the next release of cryptography.
+ * BACKWARDS INCOMPATIBLE: The :meth:`VerifiedClient.subject
+ <cryptography.x509.verification.VerifiedClient.subjects>`
+ property can now be None since a custom extension policy may
+ allow certificates without a Subject Alternative Name
+ extension.
+ * Changed the behavior when the OpenSSL 3 legacy provider fails
+ to load. Instead of raising an exception, a warning is now
+ emitted. The CRYPTOGRAPHY_OPENSSL_NO_LEGACY environment
+ variable can still be used to disable the legacy provider at
+ runtime.
+ * Added support for the CRYPTOGRAPHY_BUILD_OPENSSL_NO_LEGACY
+ environment variable during build time, which prevents the
+ library from ever attempting to load the legacy provider.
+ * Added support for the
+ :class:`~cryptography.x509.PrivateKeyUsagePeriod` X.509
+ extension. This extension defines the period during which the
+ private key corresponding to the certificate's public key may
+ be used.
+ * Added support for compiling against `aws-lc`_.
+ * Parsing X.509 structures now more strictly enforces that Name
+ structures do not have malformed ASN.1.
+ * We now publish py311 wheels that utilize the faster
+ pyo3::buffer::PyBuffer interface, resulting in significantly
+ improved performance for operations involving small buffers.
+ * Added :func:`~cryptography.hazmat.primitives.serialization.ss
+ h_key_fingerprint` for computing fingerprints of SSH public
+ keys.
+ * Added support for deterministic ECDSA signing via the new
+ keyword-only argument ecdsa_deterministic in
+ :meth:`~cryptography.x509.CertificateBuilder.sign`, :meth:`~c
+ ryptography.x509.CertificateRevocationListBuilder.sign` and :
+ meth:`~cryptography.x509.CertificateSigningRequestBuilder.sig
+ n`.
+
+-------------------------------------------------------------------
Old:
----
cryptography-44.0.3.tar.gz
New:
----
cryptography-45.0.5.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-cryptography.spec ++++++
--- /var/tmp/diff_new_pack.NplDy5/_old 2025-08-08 15:10:28.500651518 +0200
+++ /var/tmp/diff_new_pack.NplDy5/_new 2025-08-08 15:10:28.516652187 +0200
@@ -28,7 +28,7 @@
%{?sle15_python_module_pythons}
Name: python-cryptography%{psuffix}
# ALWAYS KEEP IN SYNC WITH python-cryptography-vectors!
-Version: 44.0.3
+Version: 45.0.5
Release: 0
Summary: Python library which exposes cryptographic recipes and
primitives
License: Apache-2.0 OR BSD-3-Clause
@@ -128,7 +128,6 @@
%license LICENSE LICENSE.APACHE LICENSE.BSD
%doc CONTRIBUTING.rst CHANGELOG.rst README.rst
%{python_sitearch}/cryptography
-%{python_sitearch}/rust
%{python_sitearch}/cryptography-%{version}.dist-info
%endif
++++++ cryptography-44.0.3.tar.gz -> cryptography-45.0.5.tar.gz ++++++
++++ 18497 lines of diff (skipped)
++++++ no-pytest_benchmark.patch ++++++
--- /var/tmp/diff_new_pack.NplDy5/_old 2025-08-08 15:10:30.192722379 +0200
+++ /var/tmp/diff_new_pack.NplDy5/_new 2025-08-08 15:10:30.236724221 +0200
@@ -1,17 +1,17 @@
-Index: cryptography-44.0.3/pyproject.toml
+Index: cryptography-45.0.5/pyproject.toml
===================================================================
---- cryptography-44.0.3.orig/pyproject.toml
-+++ cryptography-44.0.3/pyproject.toml
+--- cryptography-45.0.5.orig/pyproject.toml
++++ cryptography-45.0.5/pyproject.toml
@@ -67,8 +67,6 @@ nox = ["nox >=2024.04.15", "nox[uv] >=20
test = [
- "cryptography_vectors==44.0.3",
+ "cryptography_vectors==45.0.5",
"pytest >=7.4.0",
- "pytest-benchmark >=4.0",
- "pytest-cov >=2.10.1",
"pytest-xdist >=3.5.0",
"pretend >=0.7",
"certifi >=2024",
-@@ -118,7 +116,7 @@ exclude = [
+@@ -129,7 +127,7 @@ exclude = [
]
[tool.pytest.ini_options]
@@ -20,17 +20,14 @@
console_output_style = "progress-even-when-capture-no"
markers = [
"skip_fips: this test is not executed in FIPS mode",
-@@ -140,33 +138,6 @@ module = [
- ]
+@@ -150,30 +148,6 @@ strict_bytes = true
+ module = ["pretend"]
ignore_missing_imports = true
-[tool.coverage.run]
-branch = true
-relative_files = true
--source = [
-- "cryptography",
-- "tests/",
--]
+-source = ["cryptography", "tests/"]
-
-[tool.coverage.paths]
-source = [
@@ -39,10 +36,7 @@
- "*.nox\\*\\Lib\\site-packages\\cryptography",
- "*.nox/pypy/site-packages/cryptography",
-]
--tests = [
-- "tests/",
-- "*tests\\",
--]
+-tests = ["tests/", "*tests\\"]
-
-[tool.coverage.report]
-exclude_lines = [
@@ -51,13 +45,16 @@
- "if typing.TYPE_CHECKING",
-]
-
+-[tool.coverage.html]
+-show_contexts = true
+-
[tool.ruff]
line-length = 79
-Index: cryptography-44.0.3/tests/bench/test_aead.py
+Index: cryptography-45.0.5/tests/bench/test_aead.py
===================================================================
---- cryptography-44.0.3.orig/tests/bench/test_aead.py
-+++ cryptography-44.0.3/tests/bench/test_aead.py
+--- cryptography-45.0.5.orig/tests/bench/test_aead.py
++++ cryptography-45.0.5/tests/bench/test_aead.py
@@ -26,84 +26,84 @@ def _aead_supported(cls):
not _aead_supported(ChaCha20Poly1305),
reason="Requires OpenSSL with ChaCha20Poly1305 support",
@@ -163,10 +160,10 @@
ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
- benchmark(aes.decrypt, b"\x00" * 12, ct, None)
+ aes.decrypt(b"\x00" * 12, ct, None)
-Index: cryptography-44.0.3/tests/bench/test_ec_load.py
+Index: cryptography-45.0.5/tests/bench/test_ec_load.py
===================================================================
---- cryptography-44.0.3.orig/tests/bench/test_ec_load.py
-+++ cryptography-44.0.3/tests/bench/test_ec_load.py
+--- cryptography-45.0.5.orig/tests/bench/test_ec_load.py
++++ cryptography-45.0.5/tests/bench/test_ec_load.py
@@ -5,9 +5,9 @@
from ..hazmat.primitives.fixtures_ec import EC_KEY_SECP256R1
@@ -181,10 +178,10 @@
- benchmark(EC_KEY_SECP256R1.private_key)
+def test_load_ec_private_numbers():
+ EC_KEY_SECP256R1.private_key()
-Index: cryptography-44.0.3/tests/bench/test_hashes.py
+Index: cryptography-45.0.5/tests/bench/test_hashes.py
===================================================================
---- cryptography-44.0.3.orig/tests/bench/test_hashes.py
-+++ cryptography-44.0.3/tests/bench/test_hashes.py
+--- cryptography-45.0.5.orig/tests/bench/test_hashes.py
++++ cryptography-45.0.5/tests/bench/test_hashes.py
@@ -5,10 +5,10 @@
from cryptography.hazmat.primitives import hashes
@@ -198,10 +195,10 @@
- benchmark(bench)
+ bench()
-Index: cryptography-44.0.3/tests/bench/test_hmac.py
+Index: cryptography-45.0.5/tests/bench/test_hmac.py
===================================================================
---- cryptography-44.0.3.orig/tests/bench/test_hmac.py
-+++ cryptography-44.0.3/tests/bench/test_hmac.py
+--- cryptography-45.0.5.orig/tests/bench/test_hmac.py
++++ cryptography-45.0.5/tests/bench/test_hmac.py
@@ -5,10 +5,10 @@
from cryptography.hazmat.primitives import hashes, hmac
@@ -215,10 +212,10 @@
- benchmark(bench)
+ bench()
-Index: cryptography-44.0.3/tests/bench/test_x509.py
+Index: cryptography-45.0.5/tests/bench/test_x509.py
===================================================================
---- cryptography-44.0.3.orig/tests/bench/test_x509.py
-+++ cryptography-44.0.3/tests/bench/test_x509.py
+--- cryptography-45.0.5.orig/tests/bench/test_x509.py
++++ cryptography-45.0.5/tests/bench/test_x509.py
@@ -13,40 +13,40 @@ from cryptography import x509
from ..utils import load_vectors_from_file
++++++ vendor.tar.zst ++++++
++++ 837891 lines of diff (skipped)
