search

hackcave / pynctual

Punctual Attendance system
MIT License
1 stars 11 forks source link

Update cryptography to 2.7 #199

Open pyup-bot opened 5 years ago

pyup-bot commented 5 years ago

This PR updates cryptography from 1.9 to 2.7.

Changelog ### 2.7 ``` ~~~~~~~~~~~~~~~~ * **BACKWARDS INCOMPATIBLE:** We no longer distribute 32-bit ``manylinux1`` wheels. Continuing to produce them was a maintenance burden. * **BACKWARDS INCOMPATIBLE:** Removed the ``cryptography.hazmat.primitives.mac.MACContext`` interface. The ``CMAC`` and ``HMAC`` APIs have not changed, but they are no longer registered as ``MACContext`` instances. * Removed support for running our tests with ``setup.py test``. Users interested in running our tests can continue to follow the directions in our :doc:`development documentation</development/getting-started>`. * Add support for :class:`~cryptography.hazmat.primitives.poly1305.Poly1305` when using OpenSSL 1.1.1 or newer. * Support serialization with ``Encoding.OpenSSH`` and ``PublicFormat.OpenSSH`` in :meth:`Ed25519PublicKey.public_bytes <cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey.public_bytes>` . * Correctly allow passing a ``SubjectKeyIdentifier`` to :meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier` and deprecate passing an ``Extension`` object. The documentation always required ``SubjectKeyIdentifier`` but the implementation previously required an ``Extension``. .. _v2-6-1: ``` ### 2.6.1 ``` ~~~~~~~~~~~~~~~~~~ * Resolved an error in our build infrastructure that broke our Python3 wheels for macOS and Linux. .. _v2-6: ``` ### 2.6 ``` ~~~~~~~~~~~~~~~~ * **BACKWARDS INCOMPATIBLE:** Removed ``cryptography.hazmat.primitives.asymmetric.utils.encode_rfc6979_signature`` and ``cryptography.hazmat.primitives.asymmetric.utils.decode_rfc6979_signature``, which had been deprecated for nearly 4 years. Use :func:`~cryptography.hazmat.primitives.asymmetric.utils.encode_dss_signature` and :func:`~cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature` instead. * **BACKWARDS INCOMPATIBLE**: Removed ``cryptography.x509.Certificate.serial``, which had been deprecated for nearly 3 years. Use :attr:`~cryptography.x509.Certificate.serial_number` instead. * Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with OpenSSL 1.1.1b. * Added support for :doc:`/hazmat/primitives/asymmetric/ed448` when using OpenSSL 1.1.1b or newer. * Added support for :doc:`/hazmat/primitives/asymmetric/ed25519` when using OpenSSL 1.1.1b or newer. * :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` can now load ``ed25519`` public keys. * Add support for easily mapping an object identifier to its elliptic curve class via :func:`~cryptography.hazmat.primitives.asymmetric.ec.get_curve_for_oid`. * Add support for OpenSSL when compiled with the ``no-engine`` (``OPENSSL_NO_ENGINE``) flag. .. _v2-5: ``` ### 2.5 ``` ~~~~~~~~~~~~~~~~ * **BACKWARDS INCOMPATIBLE:** :term:`U-label` strings were deprecated in version 2.1, but this version removes the default ``idna`` dependency as well. If you still need this deprecated path please install cryptography with the ``idna`` extra: ``pip install cryptography[idna]``. * **BACKWARDS INCOMPATIBLE:** The minimum supported PyPy version is now 5.4. * Numerous classes and functions have been updated to allow :term:`bytes-like` types for keying material and passwords, including symmetric algorithms, AEAD ciphers, KDFs, loading asymmetric keys, and one time password classes. * Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with OpenSSL 1.1.1a. * Added support for :class:`~cryptography.hazmat.primitives.hashes.SHA512_224` and :class:`~cryptography.hazmat.primitives.hashes.SHA512_256` when using OpenSSL 1.1.1. * Added support for :class:`~cryptography.hazmat.primitives.hashes.SHA3_224`, :class:`~cryptography.hazmat.primitives.hashes.SHA3_256`, :class:`~cryptography.hazmat.primitives.hashes.SHA3_384`, and :class:`~cryptography.hazmat.primitives.hashes.SHA3_512` when using OpenSSL 1.1.1. * Added support for :doc:`/hazmat/primitives/asymmetric/x448` when using OpenSSL 1.1.1. * Added support for :class:`~cryptography.hazmat.primitives.hashes.SHAKE128` and :class:`~cryptography.hazmat.primitives.hashes.SHAKE256` when using OpenSSL 1.1.1. * Added initial support for parsing PKCS12 files with :func:`~cryptography.hazmat.primitives.serialization.pkcs12.load_key_and_certificates`. * Added support for :class:`~cryptography.x509.IssuingDistributionPoint`. * Added ``rfc4514_string()`` method to :meth:`x509.Name <cryptography.x509.Name.rfc4514_string>`, :meth:`x509.RelativeDistinguishedName <cryptography.x509.RelativeDistinguishedName.rfc4514_string>`, and :meth:`x509.NameAttribute <cryptography.x509.NameAttribute.rfc4514_string>` to format the name or component an :rfc:`4514` Distinguished Name string. * Added :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from_encoded_point`, which immediately checks if the point is on the curve and supports compressed points. Deprecated the previous method :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.from_encoded_point`. * Added :attr:`~cryptography.x509.ocsp.OCSPResponse.signature_hash_algorithm` to ``OCSPResponse``. * Updated :doc:`/hazmat/primitives/asymmetric/x25519` support to allow additional serialization methods. Calling :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey.public_bytes` with no arguments has been deprecated. * Added support for encoding compressed and uncompressed points via :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.public_bytes`. Deprecated the previous method :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.encode_point`. .. _v2-4-2: ``` ### 2.4.2 ``` ~~~~~~~~~~~~~~~~~~ * Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with OpenSSL 1.1.0j. .. _v2-4-1: ``` ### 2.4.1 ``` ~~~~~~~~~~~~~~~~~~ * Fixed a build breakage in our ``manylinux1`` wheels. .. _v2-4: ``` ### 2.4 ``` ~~~~~~~~~~~~~~~~ * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL 2.4.x. * Deprecated OpenSSL 1.0.1 support. OpenSSL 1.0.1 is no longer supported by the OpenSSL project. At this time there is no time table for dropping support, however we strongly encourage all users to upgrade or install ``cryptography`` from a wheel. * Added initial :doc:`OCSP </x509/ocsp>` support. * Added support for :class:`~cryptography.x509.PrecertPoison`. .. _v2-3-1: ``` ### 2.3.1 ``` ~~~~~~~~~~~~~~~~~~ * Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with OpenSSL 1.1.0i. .. _v2-3: ``` ### 2.3 ``` ~~~~~~~~~~~~~~~~ * **SECURITY ISSUE:** :meth:`~cryptography.hazmat.primitives.ciphers.AEADDecryptionContext.finalize_with_tag` allowed tag truncation by default which can allow tag forgery in some cases. The method now enforces the ``min_tag_length`` provided to the :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` constructor. *CVE-2018-10903* * Added support for Python 3.7. * Added :meth:`~cryptography.fernet.Fernet.extract_timestamp` to get the authenticated timestamp of a :doc:`Fernet </fernet>` token. * Support for Python 2.7.x without ``hmac.compare_digest`` has been deprecated. We will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next ``cryptography`` release. * Fixed multiple issues preventing ``cryptography`` from compiling against LibreSSL 2.7.x. * Added :class:`~cryptography.x509.CertificateRevocationList.get_revoked_certificate_by_serial_number` for quick serial number searches in CRLs. * The :class:`~cryptography.x509.RelativeDistinguishedName` class now preserves the order of attributes. Duplicate attributes now raise an error instead of silently discarding duplicates. * :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap` and :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding` now raise :class:`~cryptography.hazmat.primitives.keywrap.InvalidUnwrap` if the wrapped key is an invalid length, instead of ``ValueError``. .. _v2-2-2: ``` ### 2.2.2 ``` ~~~~~~~~~~~~~~~~~~ * Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with OpenSSL 1.1.0h. .. _v2-2-1: ``` ### 2.2.1 ``` ~~~~~~~~~~~~~~~~~~ * Reverted a change to ``GeneralNames`` which prohibited having zero elements, due to breakages. * Fixed a bug in :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding` that caused it to raise ``InvalidUnwrap`` when key length modulo 8 was zero. .. _v2-2: ``` ### 2.2 ``` ~~~~~~~~~~~~~~~~ * **BACKWARDS INCOMPATIBLE:** Support for Python 2.6 has been dropped. * Resolved a bug in ``HKDF`` that incorrectly constrained output size. * Added :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP256R1`, :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP384R1`, and :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP512R1` to support inter-operating with systems like German smart meters. * Added token rotation support to :doc:`Fernet </fernet>` with :meth:`~cryptography.fernet.MultiFernet.rotate`. * Fixed a memory leak in :func:`~cryptography.hazmat.primitives.asymmetric.ec.derive_private_key`. * Added support for AES key wrapping with padding via :func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap_with_padding` and :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding` . * Allow loading DSA keys with 224 bit ``q``. .. _v2-1-4: ``` ### 2.1.4 ``` ~~~~~~~~~~~~~~~~~~ * Added ``X509_up_ref`` for an upcoming ``pyOpenSSL`` release. .. _v2-1-3: ``` ### 2.1.3 ``` ~~~~~~~~~~~~~~~~~~ * Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with OpenSSL 1.1.0g. .. _v2-1-2: ``` ### 2.1.2 ``` ~~~~~~~~~~~~~~~~~~ * Corrected a bug with the ``manylinux1`` wheels where OpenSSL's stack was marked executable. .. _v2-1-1: ``` ### 2.1.1 ``` ~~~~~~~~~~~~~~~~~~ * Fixed support for install with the system ``pip`` on Ubuntu 16.04. .. _v2-1: ``` ### 2.1 ``` ~~~~~~~~~~~~~~~~ * **FINAL DEPRECATION** Python 2.6 support is deprecated, and will be removed in the next release of ``cryptography``. * **BACKWARDS INCOMPATIBLE:** ``Whirlpool``, ``RIPEMD160``, and ``UnsupportedExtension`` have been removed in accordance with our :doc:`/api-stability` policy. * **BACKWARDS INCOMPATIBLE:** :attr:`DNSName.value <cryptography.x509.DNSName.value>`, :attr:`RFC822Name.value <cryptography.x509.RFC822Name.value>`, and :attr:`UniformResourceIdentifier.value <cryptography.x509.UniformResourceIdentifier.value>` will now return an :term:`A-label` string when parsing a certificate containing an internationalized domain name (IDN) or if the caller passed a :term:`U-label` to the constructor. See below for additional deprecations related to this change. * Installing ``cryptography`` now requires ``pip`` 6 or newer. * Deprecated passing :term:`U-label` strings to the :class:`~cryptography.x509.DNSName`, :class:`~cryptography.x509.UniformResourceIdentifier`, and :class:`~cryptography.x509.RFC822Name` constructors. Instead, users should pass values as :term:`A-label` strings with ``idna`` encoding if necessary. This change will not affect anyone who is not processing internationalized domains. * Added support for :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`. In most cases users should choose :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305` rather than using this unauthenticated form. * Added :meth:`~cryptography.x509.CertificateRevocationList.is_signature_valid` to :class:`~cryptography.x509.CertificateRevocationList`. * Support :class:`~cryptography.hazmat.primitives.hashes.BLAKE2b` and :class:`~cryptography.hazmat.primitives.hashes.BLAKE2s` with :class:`~cryptography.hazmat.primitives.hmac.HMAC`. * Added support for :class:`~cryptography.hazmat.primitives.ciphers.modes.XTS` mode for AES. * Added support for using labels with :class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP` when using OpenSSL 1.0.2 or greater. * Improved compatibility with NSS when issuing certificates from an issuer that has a subject with non-``UTF8String`` string types. * Add support for the :class:`~cryptography.x509.DeltaCRLIndicator` extension. * Add support for the :class:`~cryptography.x509.TLSFeature` extension. This is commonly used for enabling ``OCSP Must-Staple`` in certificates. * Add support for the :class:`~cryptography.x509.FreshestCRL` extension. .. _v2-0-3: ``` ### 2.0.3 ``` ~~~~~~~~~~~~~~~~~~ * Fixed an issue with weak linking symbols when compiling on macOS versions older than 10.12. .. _v2-0-2: ``` ### 2.0.2 ``` ~~~~~~~~~~~~~~~~~~ * Marked all symbols as hidden in the ``manylinux1`` wheel to avoid a bug with symbol resolution in certain scenarios. .. _v2-0-1: ``` ### 2.0.1 ``` ~~~~~~~~~~~~~~~~~~ * Fixed a compilation bug affecting OpenBSD. * Altered the ``manylinux1`` wheels to statically link OpenSSL instead of dynamically linking and bundling the shared object. This should resolve crashes seen when using ``uwsgi`` or other binaries that link against OpenSSL independently. * Fixed the stack level for the ``signer`` and ``verifier`` warnings. .. _v2-0: ``` ### 2.0 ``` ~~~~~~~~~~~~~~~~ * **BACKWARDS INCOMPATIBLE:** Support for Python 3.3 has been dropped. * We now ship ``manylinux1`` wheels linked against OpenSSL 1.1.0f. These wheels will be automatically used with most Linux distributions if you are running the latest pip. * Deprecated the use of ``signer`` on :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`, :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`, and :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey` in favor of ``sign``. * Deprecated the use of ``verifier`` on :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`, :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`, and :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey` in favor of ``verify``. * Added support for parsing :class:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp` objects from X.509 certificate extensions. * Added support for :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305`. * Added support for :class:`~cryptography.hazmat.primitives.ciphers.aead.AESCCM`. * Added :class:`~cryptography.hazmat.primitives.ciphers.aead.AESGCM`, a "one shot" API for AES GCM encryption. * Added support for :doc:`/hazmat/primitives/asymmetric/x25519`. * Added support for serializing and deserializing Diffie-Hellman parameters with :func:`~cryptography.hazmat.primitives.serialization.load_pem_parameters`, :func:`~cryptography.hazmat.primitives.serialization.load_der_parameters`, and :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameters.parameter_bytes` . * The ``extensions`` attribute on :class:`~cryptography.x509.Certificate`, :class:`~cryptography.x509.CertificateSigningRequest`, :class:`~cryptography.x509.CertificateRevocationList`, and :class:`~cryptography.x509.RevokedCertificate` now caches the computed ``Extensions`` object. There should be no performance change, just a performance improvement for programs accessing the ``extensions`` attribute multiple times. .. _v1-9: ```
Links - PyPI: https://pypi.org/project/cryptography - Changelog: https://pyup.io/changelogs/cryptography/ - Repo: https://github.com/pyca/cryptography