CVS commit: pkgsrc/security

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Tue, 24 Nov 2020 08:56:55 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Tue Nov 24 08:56:55 UTC 2020

Modified Files:
        pkgsrc/security/py-cryptography: Makefile PLIST distinfo
        pkgsrc/security/py-cryptography_vectors: Makefile PLIST distinfo

Log Message:
py-cryptography py-cryptography_vectors: updated to 3.2.1

3.2.1 - 2020-10-27

Disable blinding on RSA public keys to address an error with some versions of OpenSSL.

3.2 - 2020-10-25

SECURITY ISSUE: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate 
this vulnerability and a future release will contain a new API which is designed to be resilient to these for contexts where it is required. Credit to Hubert Kario for reporting the issue. 
CVE-2020-25659
Support for OpenSSL 1.0.2 has been removed. Users on older version of OpenSSL will need to upgrade.
Added basic support for PKCS7 signing (including SMIME) via :class:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7SignatureBuilder`.

3.1.1 - 2020-09-22

Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1h.

3.1 - 2020-08-26

BACKWARDS INCOMPATIBLE: Removed support for idna based :term:`U-label` parsing in various X.509 classes. This support was originally deprecated in version 2.1 and moved to an extra in 2.5.
Deprecated OpenSSL 1.0.2 support. OpenSSL 1.0.2 is no longer supported by the OpenSSL project. The next version of cryptography will drop support for it.
Deprecated support for Python 3.5. This version sees very little use and will be removed in the next release.
backend arguments to functions are no longer required and the default backend will automatically be selected if no backend is provided.
Added initial support for parsing certificates from PKCS7 files with :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates` and 
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates` .
Calling update or update_into on :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with data longer than 231 bytes no longer raises an OverflowError. This also resolves the same issue in 
:doc:`/fernet`.
3.0 - 2020-07-20

BACKWARDS INCOMPATIBLE: Removed support for passing an :class:`~cryptography.x509.Extension` instance to :meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier`, as per 
our deprecation policy.

BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.7.x, 2.8.x, and 2.9.0 has been removed (2.9.1+ is still supported).

BACKWARDS INCOMPATIBLE: Dropped support for macOS 10.9, macOS users must upgrade to 10.10 or newer.

BACKWARDS INCOMPATIBLE: RSA :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key` no longer accepts public_exponent values except 65537 and 3 (the latter for legacy purposes).

BACKWARDS INCOMPATIBLE: X.509 certificate parsing now enforces that the version field contains a valid value, rather than deferring this check until :attr:`~cryptography.x509.Certificate.version` is 
accessed.

Deprecated support for Python 2. At the time there is no time table for actually dropping support, however we strongly encourage all users to upgrade their Python, as Python 2 no longer receives 
support from the Python core team.

If you have trouble suppressing this warning in tests view the :ref:`FAQ entry addressing this issue <faq-howto-handle-deprecation-warning>`.

Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa private keys: :func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key` for loading and 
:attr:`~cryptography.hazmat.primitives.serialization.PrivateFormat.OpenSSH` for writing.

Added support for OpenSSH certificates to :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key`.

Added :meth:`~cryptography.fernet.Fernet.encrypt_at_time` and :meth:`~cryptography.fernet.Fernet.decrypt_at_time` to :class:`~cryptography.fernet.Fernet`.

Added support for the :class:`~cryptography.x509.SubjectInformationAccess` X.509 extension.

Added support for parsing :class:`~cryptography.x509.SignedCertificateTimestamps` in OCSP responses.

Added support for parsing attributes in certificate signing requests via :meth:`~cryptography.x509.CertificateSigningRequest.get_attribute_for_oid`.

Added support for encoding attributes in certificate signing requests via :meth:`~cryptography.x509.CertificateSigningRequestBuilder.add_attribute`.

On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL's built-in CSPRNG instead of its own OS random engine because these versions of OpenSSL properly reseed on fork.

Added initial support for creating PKCS12 files with :func:`~cryptography.hazmat.primitives.serialization.pkcs12.serialize_key_and_certificates`.


To generate a diff of this commit:
cvs rdiff -u -r1.80 -r1.81 pkgsrc/security/py-cryptography/Makefile
cvs rdiff -u -r1.25 -r1.26 pkgsrc/security/py-cryptography/PLIST
cvs rdiff -u -r1.63 -r1.64 pkgsrc/security/py-cryptography/distinfo
cvs rdiff -u -r1.25 -r1.26 pkgsrc/security/py-cryptography_vectors/Makefile \
    pkgsrc/security/py-cryptography_vectors/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/security/py-cryptography_vectors/PLIST

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/py-cryptography/Makefile
diff -u pkgsrc/security/py-cryptography/Makefile:1.80 pkgsrc/security/py-cryptography/Makefile:1.81
--- pkgsrc/security/py-cryptography/Makefile:1.80       Tue Oct  6 10:51:22 2020
+++ pkgsrc/security/py-cryptography/Makefile    Tue Nov 24 08:56:55 2020
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.80 2020/10/06 10:51:22 wiz Exp $
+# $NetBSD: Makefile,v 1.81 2020/11/24 08:56:55 adam Exp $
 
-DISTNAME=      cryptography-2.9.2
+DISTNAME=      cryptography-3.2.1
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=    security python
 MASTER_SITES=  ${MASTER_SITE_PYPI:=c/cryptography/}
@@ -10,10 +10,7 @@ HOMEPAGE=    https://github.com/pyca/crypto
 COMMENT=       Cryptographic recipes and primitives for Python
 LICENSE=       apache-2.0 OR modified-bsd
 
-DEPENDS+=      ${PYPKGPREFIX}-asn1crypto>=0.21.0:../../security/py-asn1crypto
 DEPENDS+=      ${PYPKGPREFIX}-cffi>=1.11.4:../../devel/py-cffi
-DEPENDS+=      ${PYPKGPREFIX}-cparser>=2.10:../../devel/py-cparser
-DEPENDS+=      ${PYPKGPREFIX}-idna>=2.1:../../www/py-idna
 DEPENDS+=      ${PYPKGPREFIX}-six>=1.4.1:../../lang/py-six
 TEST_DEPENDS+= ${PYPKGPREFIX}-cryptography_vectors-[0-9]*:../../security/py-cryptography_vectors
 TEST_DEPENDS+= ${PYPKGPREFIX}-iso8601-[0-9]*:../../time/py-iso8601

Index: pkgsrc/security/py-cryptography/PLIST
diff -u pkgsrc/security/py-cryptography/PLIST:1.25 pkgsrc/security/py-cryptography/PLIST:1.26
--- pkgsrc/security/py-cryptography/PLIST:1.25  Mon Oct 21 11:17:47 2019
+++ pkgsrc/security/py-cryptography/PLIST       Tue Nov 24 08:56:55 2020
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.25 2019/10/21 11:17:47 adam Exp $
+@comment $NetBSD: PLIST,v 1.26 2020/11/24 08:56:55 adam Exp $
 ${PYSITELIB}/${EGG_INFODIR}/PKG-INFO
 ${PYSITELIB}/${EGG_INFODIR}/SOURCES.txt
 ${PYSITELIB}/${EGG_INFODIR}/dependency_links.txt
@@ -98,8 +98,6 @@ ${PYSITELIB}/cryptography/hazmat/backend
 ${PYSITELIB}/cryptography/hazmat/bindings/__init__.py
 ${PYSITELIB}/cryptography/hazmat/bindings/__init__.pyc
 ${PYSITELIB}/cryptography/hazmat/bindings/__init__.pyo
-${PLIST.py3x}${PYSITELIB}/cryptography/hazmat/bindings/_constant_time.abi3.so
-${PLIST.py2x}${PYSITELIB}/cryptography/hazmat/bindings/_constant_time.so
 ${PLIST.py3x}${PYSITELIB}/cryptography/hazmat/bindings/_openssl.abi3.so
 ${PLIST.py2x}${PYSITELIB}/cryptography/hazmat/bindings/_openssl.so
 ${PLIST.py3x}${PYSITELIB}/cryptography/hazmat/bindings/_padding.abi3.so
@@ -215,6 +213,9 @@ ${PYSITELIB}/cryptography/hazmat/primiti
 ${PYSITELIB}/cryptography/hazmat/primitives/serialization/pkcs12.py
 ${PYSITELIB}/cryptography/hazmat/primitives/serialization/pkcs12.pyc
 ${PYSITELIB}/cryptography/hazmat/primitives/serialization/pkcs12.pyo
+${PYSITELIB}/cryptography/hazmat/primitives/serialization/pkcs7.py
+${PYSITELIB}/cryptography/hazmat/primitives/serialization/pkcs7.pyc
+${PYSITELIB}/cryptography/hazmat/primitives/serialization/pkcs7.pyo
 ${PYSITELIB}/cryptography/hazmat/primitives/serialization/ssh.py
 ${PYSITELIB}/cryptography/hazmat/primitives/serialization/ssh.pyc
 ${PYSITELIB}/cryptography/hazmat/primitives/serialization/ssh.pyo

Index: pkgsrc/security/py-cryptography/distinfo
diff -u pkgsrc/security/py-cryptography/distinfo:1.63 pkgsrc/security/py-cryptography/distinfo:1.64
--- pkgsrc/security/py-cryptography/distinfo:1.63       Thu Apr 23 05:49:00 2020
+++ pkgsrc/security/py-cryptography/distinfo    Tue Nov 24 08:56:55 2020
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.63 2020/04/23 05:49:00 adam Exp $
+$NetBSD: distinfo,v 1.64 2020/11/24 08:56:55 adam Exp $
 
-SHA1 (cryptography-2.9.2.tar.gz) = af16e069cad7d36442f8481542de51f87c3c7708
-RMD160 (cryptography-2.9.2.tar.gz) = 61fb86fd231710d5875428a3a1cefcd5c1d0c99e
-SHA512 (cryptography-2.9.2.tar.gz) = a8cb7ba229cddfa15bf4ed00d40e76e2ece57958203b9c50c3f782c7977e1c725fa147a1eebc31d50684a622d53e73f97864e1a935753472ea4b2d89eb6ffb6a
-Size (cryptography-2.9.2.tar.gz) = 517571 bytes
+SHA1 (cryptography-3.2.1.tar.gz) = 20708a4955dcf7e2bb53d05418273d2bc0f80ab4
+RMD160 (cryptography-3.2.1.tar.gz) = 8b1b4f3f45917f00035a4bc02a9ad0429a720a5f
+SHA512 (cryptography-3.2.1.tar.gz) = e3f1806693c24aadc3ef0df374ce1845760e87ad7c243226b75e80820b50bdc0760e4bb5f6ce26d62a6d23736b3109f72cd30b52ae2a36b26ec5656ec96c6175
+Size (cryptography-3.2.1.tar.gz) = 540994 bytes

Index: pkgsrc/security/py-cryptography_vectors/Makefile
diff -u pkgsrc/security/py-cryptography_vectors/Makefile:1.25 pkgsrc/security/py-cryptography_vectors/Makefile:1.26
--- pkgsrc/security/py-cryptography_vectors/Makefile:1.25       Thu Apr 23 05:49:00 2020
+++ pkgsrc/security/py-cryptography_vectors/Makefile    Tue Nov 24 08:56:55 2020
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.25 2020/04/23 05:49:00 adam Exp $
+# $NetBSD: Makefile,v 1.26 2020/11/24 08:56:55 adam Exp $
 
-DISTNAME=      cryptography_vectors-2.9.2
+DISTNAME=      cryptography_vectors-3.2.1
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=    security python
 MASTER_SITES=  ${MASTER_SITE_PYPI:=c/cryptography_vectors/}
Index: pkgsrc/security/py-cryptography_vectors/distinfo
diff -u pkgsrc/security/py-cryptography_vectors/distinfo:1.25 pkgsrc/security/py-cryptography_vectors/distinfo:1.26
--- pkgsrc/security/py-cryptography_vectors/distinfo:1.25       Thu Apr 23 05:49:00 2020
+++ pkgsrc/security/py-cryptography_vectors/distinfo    Tue Nov 24 08:56:55 2020
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.25 2020/04/23 05:49:00 adam Exp $
+$NetBSD: distinfo,v 1.26 2020/11/24 08:56:55 adam Exp $
 
-SHA1 (cryptography_vectors-2.9.2.tar.gz) = 1204ae830fa54d85544ccfc03c57c27c77491d53
-RMD160 (cryptography_vectors-2.9.2.tar.gz) = 24203ca32ab836943eda90523babf0a7def6b9b7
-SHA512 (cryptography_vectors-2.9.2.tar.gz) = 7d8d20f9a3edde8a19b96b5ac9f1d0622421980b0ca6996fb83a659970e964a41679d21d9e5d60d1c1db2c8b1296ce89185954e7e43e86c8bb65b68e805e28ca
-Size (cryptography_vectors-2.9.2.tar.gz) = 35141183 bytes
+SHA1 (cryptography_vectors-3.2.1.tar.gz) = 9af06241b094022e67fe94c4581d6fc17afdb7ab
+RMD160 (cryptography_vectors-3.2.1.tar.gz) = fbcc904b03018caa146c8654c887ef4102000446
+SHA512 (cryptography_vectors-3.2.1.tar.gz) = 44ff756a6ece9700f7657f8ba92417e95bf273cf500f1dab2141de5b2af6e61840d65c37b766abd752c76025ead1550bfc7b7340ce5774c75fd0bb8ac768cdd8
+Size (cryptography_vectors-3.2.1.tar.gz) = 35168164 bytes

Index: pkgsrc/security/py-cryptography_vectors/PLIST
diff -u pkgsrc/security/py-cryptography_vectors/PLIST:1.14 pkgsrc/security/py-cryptography_vectors/PLIST:1.15
--- pkgsrc/security/py-cryptography_vectors/PLIST:1.14  Fri Apr  3 06:25:50 2020
+++ pkgsrc/security/py-cryptography_vectors/PLIST       Tue Nov 24 08:56:55 2020
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.14 2020/04/03 06:25:50 adam Exp $
+@comment $NetBSD: PLIST,v 1.15 2020/11/24 08:56:55 adam Exp $
 ${PYSITELIB}/${EGG_INFODIR}/PKG-INFO
 ${PYSITELIB}/${EGG_INFODIR}/SOURCES.txt
 ${PYSITELIB}/${EGG_INFODIR}/dependency_links.txt
@@ -114,7 +114,29 @@ ${PYSITELIB}/cryptography_vectors/asymme
 ${PYSITELIB}/cryptography_vectors/asymmetric/Ed448/ed448-pub.der
 ${PYSITELIB}/cryptography_vectors/asymmetric/Ed448/ed448-pub.pem
 ${PYSITELIB}/cryptography_vectors/asymmetric/Ed448/rfc8032.txt
+${PYSITELIB}/cryptography_vectors/asymmetric/OpenSSH/dsa-nopsw.key
+${PYSITELIB}/cryptography_vectors/asymmetric/OpenSSH/dsa-nopsw.key-cert.pub
+${PYSITELIB}/cryptography_vectors/asymmetric/OpenSSH/dsa-nopsw.key.pub
+${PYSITELIB}/cryptography_vectors/asymmetric/OpenSSH/dsa-psw.key
+${PYSITELIB}/cryptography_vectors/asymmetric/OpenSSH/dsa-psw.key.pub
+${PYSITELIB}/cryptography_vectors/asymmetric/OpenSSH/ecdsa-nopsw.key
+${PYSITELIB}/cryptography_vectors/asymmetric/OpenSSH/ecdsa-nopsw.key-cert.pub
+${PYSITELIB}/cryptography_vectors/asymmetric/OpenSSH/ecdsa-nopsw.key.pub
+${PYSITELIB}/cryptography_vectors/asymmetric/OpenSSH/ecdsa-psw.key
+${PYSITELIB}/cryptography_vectors/asymmetric/OpenSSH/ecdsa-psw.key.pub
+${PYSITELIB}/cryptography_vectors/asymmetric/OpenSSH/ed25519-nopsw.key
+${PYSITELIB}/cryptography_vectors/asymmetric/OpenSSH/ed25519-nopsw.key-cert.pub
+${PYSITELIB}/cryptography_vectors/asymmetric/OpenSSH/ed25519-nopsw.key.pub
+${PYSITELIB}/cryptography_vectors/asymmetric/OpenSSH/ed25519-psw.key
+${PYSITELIB}/cryptography_vectors/asymmetric/OpenSSH/ed25519-psw.key.pub
+${PYSITELIB}/cryptography_vectors/asymmetric/OpenSSH/gen.sh
+${PYSITELIB}/cryptography_vectors/asymmetric/OpenSSH/rsa-nopsw.key
+${PYSITELIB}/cryptography_vectors/asymmetric/OpenSSH/rsa-nopsw.key-cert.pub
+${PYSITELIB}/cryptography_vectors/asymmetric/OpenSSH/rsa-nopsw.key.pub
+${PYSITELIB}/cryptography_vectors/asymmetric/OpenSSH/rsa-psw.key
+${PYSITELIB}/cryptography_vectors/asymmetric/OpenSSH/rsa-psw.key.pub
 ${PYSITELIB}/cryptography_vectors/asymmetric/PEM_Serialization/README.txt
+${PYSITELIB}/cryptography_vectors/asymmetric/PEM_Serialization/dsa_4096.pem
 ${PYSITELIB}/cryptography_vectors/asymmetric/PEM_Serialization/dsa_private_key.pem
 ${PYSITELIB}/cryptography_vectors/asymmetric/PEM_Serialization/dsa_public_key.pem
 ${PYSITELIB}/cryptography_vectors/asymmetric/PEM_Serialization/dsaparam.pem
@@ -556,6 +578,9 @@ ${PYSITELIB}/cryptography_vectors/pkcs12
 ${PYSITELIB}/cryptography_vectors/pkcs12/cert-rc2-key-3des.p12
 ${PYSITELIB}/cryptography_vectors/pkcs12/no-cert-key-aes256cbc.p12
 ${PYSITELIB}/cryptography_vectors/pkcs12/no-password.p12
+${PYSITELIB}/cryptography_vectors/pkcs7/amazon-roots.p7b
+${PYSITELIB}/cryptography_vectors/pkcs7/enveloped.pem
+${PYSITELIB}/cryptography_vectors/pkcs7/isrg.pem
 ${PYSITELIB}/cryptography_vectors/poly1305/rfc7539.txt
 ${PYSITELIB}/cryptography_vectors/twofactor/rfc-4226.txt
 ${PYSITELIB}/cryptography_vectors/twofactor/rfc-6238.txt
@@ -2135,6 +2160,8 @@ ${PYSITELIB}/cryptography_vectors/x509/c
 ${PYSITELIB}/cryptography_vectors/x509/custom/bc_path_length_zero.pem
 ${PYSITELIB}/cryptography_vectors/x509/custom/ca/ca.pem
 ${PYSITELIB}/cryptography_vectors/x509/custom/ca/ca_key.pem
+${PYSITELIB}/cryptography_vectors/x509/custom/ca/rsa_ca.pem
+${PYSITELIB}/cryptography_vectors/x509/custom/ca/rsa_key.pem
 ${PYSITELIB}/cryptography_vectors/x509/custom/cdp_all_reasons.pem
 ${PYSITELIB}/cryptography_vectors/x509/custom/cdp_crl_issuer.pem
 ${PYSITELIB}/cryptography_vectors/x509/custom/cdp_empty_hostname.pem
@@ -2197,6 +2224,7 @@ ${PYSITELIB}/cryptography_vectors/x509/c
 ${PYSITELIB}/cryptography_vectors/x509/custom/san_rfc822_names.pem
 ${PYSITELIB}/cryptography_vectors/x509/custom/san_uri_with_port.pem
 ${PYSITELIB}/cryptography_vectors/x509/custom/san_wildcard_idna.pem
+${PYSITELIB}/cryptography_vectors/x509/custom/sia.pem
 ${PYSITELIB}/cryptography_vectors/x509/custom/two_basic_constraints.pem
 ${PYSITELIB}/cryptography_vectors/x509/custom/unsupported_extension.pem
 ${PYSITELIB}/cryptography_vectors/x509/custom/unsupported_extension_2.pem
@@ -2214,6 +2242,7 @@ ${PYSITELIB}/cryptography_vectors/x509/e
 ${PYSITELIB}/cryptography_vectors/x509/ed448/root-ed448.pem
 ${PYSITELIB}/cryptography_vectors/x509/ed448/server-ed448-cert.pem
 ${PYSITELIB}/cryptography_vectors/x509/letsencryptx3.pem
+${PYSITELIB}/cryptography_vectors/x509/ocsp/ocsp-army.deps.mil-resp.der
 ${PYSITELIB}/cryptography_vectors/x509/ocsp/req-ext-nonce.der
 ${PYSITELIB}/cryptography_vectors/x509/ocsp/req-invalid-hash-alg.der
 ${PYSITELIB}/cryptography_vectors/x509/ocsp/req-multi-sha1.der
@@ -2230,6 +2259,8 @@ ${PYSITELIB}/cryptography_vectors/x509/o
 ${PYSITELIB}/cryptography_vectors/x509/ocsp/resp-unauthorized.der
 ${PYSITELIB}/cryptography_vectors/x509/rapidssl_sha256_ca_g3.pem
 ${PYSITELIB}/cryptography_vectors/x509/requests/basic_constraints.pem
+${PYSITELIB}/cryptography_vectors/x509/requests/challenge-invalid.der
+${PYSITELIB}/cryptography_vectors/x509/requests/challenge-unstructured.pem
 ${PYSITELIB}/cryptography_vectors/x509/requests/challenge.pem
 ${PYSITELIB}/cryptography_vectors/x509/requests/dsa_sha1.der
 ${PYSITELIB}/cryptography_vectors/x509/requests/dsa_sha1.pem

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/www/py-urllib3
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/www/py-urllib3
Indexes:

Home | Main Index | Thread Index | Old Index