Changelog
*Sourced from [cryptography's changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst).*
> 2.3 - 2018-07-18
> ~~~~~~~~~~~~~~~~
>
> * **SECURITY ISSUE:**
> :meth:`~cryptography.hazmat.primitives.ciphers.AEADDecryptionContext.finalize_with_tag`
> allowed tag truncation by default which can allow tag forgery in some cases.
> The method now enforces the ``min_tag_length`` provided to the
> :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` constructor.
> *CVE-2018-10903*
> * Added support for Python 3.7.
> * Added :meth:`~cryptography.fernet.Fernet.extract_timestamp` to get the
> authenticated timestamp of a :doc:`Fernet ` token.
> * Support for Python 2.7.x without ``hmac.compare_digest`` has been deprecated.
> We will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next
> ``cryptography`` release.
> * Fixed multiple issues preventing ``cryptography`` from compiling against
> LibreSSL 2.7.x.
> * Added
> :class:`~cryptography.x509.CertificateRevocationList.get_revoked_certificate_by_serial_number`
> for quick serial number searches in CRLs.
> * The :class:`~cryptography.x509.RelativeDistinguishedName` class now
> preserves the order of attributes. Duplicate attributes now raise an error
> instead of silently discarding duplicates.
> * :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap` and
> :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding`
> now raise :class:`~cryptography.hazmat.primitives.keywrap.InvalidUnwrap` if
> the wrapped key is an invalid length, instead of ``ValueError``.
>
> .. _v2-2-2:
>
> 2.2.2 - 2018-03-27
> ~~~~~~~~~~~~~~~~~~
>
> * Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with
> OpenSSL 1.1.0h.
>
> .. _v2-2-1:
>
> 2.2.1 - 2018-03-20
> ~~~~~~~~~~~~~~~~~~
>
> * Reverted a change to ``GeneralNames`` which prohibited having zero elements,
> due to breakages.
> * Fixed a bug in
> :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding`
> that caused it to raise ``InvalidUnwrap`` when key length modulo 8 was
> zero.
>
>
> .. _v2-2:
> ... (truncated)
Commits
- [`0a846e2`](https://github.com/pyca/cryptography/commit/0a846e294806478770469219a26cd49dcb5502d7) bump version and changelog for 2.3 release ([#4356](https://github-redirect.dependabot.com/pyca/cryptography/issues/4356))
- [`feb1345`](https://github.com/pyca/cryptography/commit/feb134586ee6ca56e2c53b35d0ffbb79eb1b5dee) Refs [#3331](https://github-redirect.dependabot.com/pyca/cryptography/issues/3331) -- integrated wycheproof ECDH tests ([#4354](https://github-redirect.dependabot.com/pyca/cryptography/issues/4354))
- [`dfb332d`](https://github.com/pyca/cryptography/commit/dfb332da50ee9358ef9f46b2e8ffb28f1cfd8751) improve skip msg when skipping an ECDH test in test_ec ([#4355](https://github-redirect.dependabot.com/pyca/cryptography/issues/4355))
- [`4de0049`](https://github.com/pyca/cryptography/commit/4de004955b2d9d0d714fe29ae95b8eff7ee983a1) add wycheproof gcm tests ([#4349](https://github-redirect.dependabot.com/pyca/cryptography/issues/4349))
- [`c563b57`](https://github.com/pyca/cryptography/commit/c563b576b3bba4a93f8f47272759b29f182dea13) min_tag_length is an int ([#4351](https://github-redirect.dependabot.com/pyca/cryptography/issues/4351))
- [`db62ec9`](https://github.com/pyca/cryptography/commit/db62ec9967d95e666eb6898766944d9e50532b2d) also check iv length for GCM nonce in AEAD ([#4350](https://github-redirect.dependabot.com/pyca/cryptography/issues/4350))
- [`12a1cac`](https://github.com/pyca/cryptography/commit/12a1cacb6ae6de51a003dcc884e769854a1345a8) raise ValueError on zero length GCM IV ([#4348](https://github-redirect.dependabot.com/pyca/cryptography/issues/4348))
- [`7ca0e46`](https://github.com/pyca/cryptography/commit/7ca0e46d82606b8a12ff323181065a00885d39dc) add chacha20poly1305 wycheproof tests ([#4345](https://github-redirect.dependabot.com/pyca/cryptography/issues/4345))
- [`14faf3c`](https://github.com/pyca/cryptography/commit/14faf3ca00d39f12bc379518bed66f9169a891d9) add wycheproof tests for AES CMAC ([#4344](https://github-redirect.dependabot.com/pyca/cryptography/issues/4344))
- [`d4378e4`](https://github.com/pyca/cryptography/commit/d4378e42937b56f473ddade2667f919ce32208cb) disallow implicit tag truncation with finalize_with_tag ([#4342](https://github-redirect.dependabot.com/pyca/cryptography/issues/4342))
- Additional commits viewable in [compare view](https://github.com/pyca/cryptography/compare/2.1.4...2.3)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
Bumps cryptography from 2.1.4 to 2.3.
Changelog
*Sourced from [cryptography's changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst).* > 2.3 - 2018-07-18 > ~~~~~~~~~~~~~~~~ > > * **SECURITY ISSUE:** > :meth:`~cryptography.hazmat.primitives.ciphers.AEADDecryptionContext.finalize_with_tag` > allowed tag truncation by default which can allow tag forgery in some cases. > The method now enforces the ``min_tag_length`` provided to the > :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` constructor. > *CVE-2018-10903* > * Added support for Python 3.7. > * Added :meth:`~cryptography.fernet.Fernet.extract_timestamp` to get the > authenticated timestamp of a :doc:`Fernet ` token. > * Support for Python 2.7.x without ``hmac.compare_digest`` has been deprecated. > We will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next > ``cryptography`` release. > * Fixed multiple issues preventing ``cryptography`` from compiling against > LibreSSL 2.7.x. > * Added > :class:`~cryptography.x509.CertificateRevocationList.get_revoked_certificate_by_serial_number` > for quick serial number searches in CRLs. > * The :class:`~cryptography.x509.RelativeDistinguishedName` class now > preserves the order of attributes. Duplicate attributes now raise an error > instead of silently discarding duplicates. > * :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap` and > :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding` > now raise :class:`~cryptography.hazmat.primitives.keywrap.InvalidUnwrap` if > the wrapped key is an invalid length, instead of ``ValueError``. > > .. _v2-2-2: > > 2.2.2 - 2018-03-27 > ~~~~~~~~~~~~~~~~~~ > > * Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with > OpenSSL 1.1.0h. > > .. _v2-2-1: > > 2.2.1 - 2018-03-20 > ~~~~~~~~~~~~~~~~~~ > > * Reverted a change to ``GeneralNames`` which prohibited having zero elements, > due to breakages. > * Fixed a bug in > :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding` > that caused it to raise ``InvalidUnwrap`` when key length modulo 8 was > zero. > > > .. _v2-2: > ... (truncated)Commits
- [`0a846e2`](https://github.com/pyca/cryptography/commit/0a846e294806478770469219a26cd49dcb5502d7) bump version and changelog for 2.3 release ([#4356](https://github-redirect.dependabot.com/pyca/cryptography/issues/4356)) - [`feb1345`](https://github.com/pyca/cryptography/commit/feb134586ee6ca56e2c53b35d0ffbb79eb1b5dee) Refs [#3331](https://github-redirect.dependabot.com/pyca/cryptography/issues/3331) -- integrated wycheproof ECDH tests ([#4354](https://github-redirect.dependabot.com/pyca/cryptography/issues/4354)) - [`dfb332d`](https://github.com/pyca/cryptography/commit/dfb332da50ee9358ef9f46b2e8ffb28f1cfd8751) improve skip msg when skipping an ECDH test in test_ec ([#4355](https://github-redirect.dependabot.com/pyca/cryptography/issues/4355)) - [`4de0049`](https://github.com/pyca/cryptography/commit/4de004955b2d9d0d714fe29ae95b8eff7ee983a1) add wycheproof gcm tests ([#4349](https://github-redirect.dependabot.com/pyca/cryptography/issues/4349)) - [`c563b57`](https://github.com/pyca/cryptography/commit/c563b576b3bba4a93f8f47272759b29f182dea13) min_tag_length is an int ([#4351](https://github-redirect.dependabot.com/pyca/cryptography/issues/4351)) - [`db62ec9`](https://github.com/pyca/cryptography/commit/db62ec9967d95e666eb6898766944d9e50532b2d) also check iv length for GCM nonce in AEAD ([#4350](https://github-redirect.dependabot.com/pyca/cryptography/issues/4350)) - [`12a1cac`](https://github.com/pyca/cryptography/commit/12a1cacb6ae6de51a003dcc884e769854a1345a8) raise ValueError on zero length GCM IV ([#4348](https://github-redirect.dependabot.com/pyca/cryptography/issues/4348)) - [`7ca0e46`](https://github.com/pyca/cryptography/commit/7ca0e46d82606b8a12ff323181065a00885d39dc) add chacha20poly1305 wycheproof tests ([#4345](https://github-redirect.dependabot.com/pyca/cryptography/issues/4345)) - [`14faf3c`](https://github.com/pyca/cryptography/commit/14faf3ca00d39f12bc379518bed66f9169a891d9) add wycheproof tests for AES CMAC ([#4344](https://github-redirect.dependabot.com/pyca/cryptography/issues/4344)) - [`d4378e4`](https://github.com/pyca/cryptography/commit/d4378e42937b56f473ddade2667f919ce32208cb) disallow implicit tag truncation with finalize_with_tag ([#4342](https://github-redirect.dependabot.com/pyca/cryptography/issues/4342)) - Additional commits viewable in [compare view](https://github.com/pyca/cryptography/compare/2.1.4...2.3)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language