Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=kirkstone-next 2021-01-14T19:58:45+00:00 2021-01-14T19:58:45+00:00 Leon Anavi leon.anavi@konsulko.com 2021-01-13T14:26:23+00:00 urn:sha1:f6169b2b297a714b9e1b0e3fee85836ad0dc24c0 Upgrade to release 3.3.1: - Re-added a legacy symbol causing problems for older pyOpenSSL users. - BACKWARDS INCOMPATIBLE: Support for Python 3.5 has been removed due to low usage and maintenance burden. - BACKWARDS INCOMPATIBLE: The :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` and :class:`~cryptography.hazmat.primitives.ciphers.aead.AESGCM` now require 64-bit to 1024-bit (8 byte to 128 byte) initialization vectors. This change is to conform with an upcoming OpenSSL release that will no longer support sizes outside this window. - BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we now raise ValueError rather than UnsupportedAlgorithm when an unsupported cipher is used. This change is to conform with an upcoming OpenSSL release that will no longer distinguish between error types. - BACKWARDS INCOMPATIBLE: We no longer allow loading of finite field Diffie-Hellman parameters of less than 512 bits in length. This change is to conform with an upcoming OpenSSL release that no longer supports smaller sizes. These keys were already wildly insecure and should not have been used in any application outside of testing. - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1i. - Python 2 support is deprecated in cryptography. This is the last release that will support Python 2. License-Update: Update note about the code derived from CPython Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Acked-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2020-10-28T17:22:05+00:00 Leon Anavi leon.anavi@konsulko.com 2020-10-26T11:50:37+00:00 urn:sha1:a00b9d8eba6e9b0057a64f1d0334e9e287997845 Upgrade to release 3.2: - SECURITY ISSUE: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability and a future release will contain a new API which is designed to be resilient to these for contexts where it is required. Credit to Hubert Kario for reporting the issue. CVE-2020-25659 - Support for OpenSSL 1.0.2 has been removed. Users on older version of OpenSSL will need to upgrade. - Added basic support for PKCS7 signing (including SMIME) via :class:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7SignatureBuilder`. Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Acked-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>