Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update cryptography to 42.0.0 #428

Closed
wants to merge 2 commits into from

Conversation

pyup-bot
Copy link
Collaborator

This PR updates cryptography from 41.0.4 to 42.0.0.

Changelog

42.0.0

~~~~~~~~~~~~~~~~

.. note:: This version is not yet released and is under active development.

* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.7.
* Parsing SSH certificates no longer permits malformed critical options with
values, as documented in the 41.0.2 release notes.
* Updated the minimum supported Rust version (MSRV) to 1.63.0, from 1.56.0.
* Support :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` for
X.509 certificate signing requests with the keyword-only argument
``rsa_padding`` on
:meth:`~cryptography.x509.CertificateSigningRequestBuilder.sign`.
* Added support for obtaining X.509 certificate signing request signature
algorithm parameters (including PSS) via
:meth:`~cryptography.x509.CertificateSigningRequest.signature_algorithm_parameters`.
* Added `mgf` property to
:class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`.
* Added `algorithm` and `mgf` properties to
:class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP`.
* Added the following properties that return timezone-aware ``datetime`` objects:
:meth:`~cryptography.x509.Certificate.not_valid_before_utc`,
:meth:`~cryptography.x509.Certificate.not_valid_after_utc`,
:meth:`~cryptography.x509.RevokedCertificate.revocation_date_utc`,
:meth:`~cryptography.x509.CertificateRevocationList.next_update_utc`,
:meth:`~cryptography.x509.CertificateRevocationList.last_update_utc`.
These are timezone-aware variants of existing properties that return naïve
``datetime`` objects.
* Deprecated the following properties that return naïve ``datetime`` objects:
:meth:`~cryptography.x509.Certificate.not_valid_before`,
:meth:`~cryptography.x509.Certificate.not_valid_after`,
:meth:`~cryptography.x509.RevokedCertificate.revocation_date`,
:meth:`~cryptography.x509.CertificateRevocationList.next_update`,
:meth:`~cryptography.x509.CertificateRevocationList.last_update`
in favor of the new timezone-aware variants mentioned above.
* Added support for
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`
on LibreSSL.
* Added support for RSA PSS signatures in PKCS7 with
:meth:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7SignatureBuilder.add_signer`.
* In the next release (43.0.0) of cryptography, loading an X.509 certificate
with a negative serial number will raise an exception. This has been
deprecated since 36.0.0.

.. _v41-0-7:

41.0.7

~~~~~~~~~~~~~~~~~~~

* Fixed compilation when using LibreSSL 3.8.2.

.. _v41-0-6:

41.0.6

~~~~~~~~~~~~~~~~~~~

* Fixed a null-pointer-dereference and segfault that could occur when loading
certificates from a PKCS7 bundle.  Credit to **pkuzco** for reporting the
issue. **CVE-2023-49083**

.. _v41-0-5:

41.0.5

~~~~~~~~~~~~~~~~~~~

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.4.
* Added a function to support an upcoming ``pyOpenSSL`` release.

.. _v41-0-4:
Links

@pyup-bot
Copy link
Collaborator Author

Closing this in favor of #429

@pyup-bot pyup-bot closed this Jan 25, 2024
@akuzminsky akuzminsky deleted the pyup-update-cryptography-41.0.4-to-42.0.0 branch January 25, 2024 06:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant