<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-devtools/python/python3-cryptography_39.0.0.bb, branch halstead/hashclient</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=halstead%2Fhashclient</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=halstead%2Fhashclient'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2023-02-17T18:01:01+00:00</updated>
<entry>
<title>python3-cryptography{-vectors}: 39.0.0 -&gt; 39.0.1</title>
<updated>2023-02-17T18:01:01+00:00</updated>
<author>
<name>Tim Orling</name>
<email>ticotimo@gmail.com</email>
</author>
<published>2023-02-16T23:58:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=9f2def381105b7829a36d1f068d7bc4dec1aee01'/>
<id>urn:sha1:9f2def381105b7829a36d1f068d7bc4dec1aee01</id>
<content type='text'>
https://cryptography.io/en/latest/changelog/#v39-0-1

39.0.1 - 2023-02-07
* SECURITY ISSUE - Fixed a bug where Cipher.update_into accepted Python
  buffer protocol objects, but allowed immutable buffers. CVE-2023-23931

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.8.

CVE: CVE-2023-23931

(From OE-Core rev: b2883bb86d8d0f7929b3c7a40f603010fbe153a4)

Signed-off-by: Tim Orling &lt;tim.orling@konsulko.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>python3-cryptography{-vectors}: 38.0.4 -&gt; 39.0.0</title>
<updated>2023-01-24T22:06:51+00:00</updated>
<author>
<name>Tim Orling</name>
<email>ticotimo@gmail.com</email>
</author>
<published>2023-01-21T18:40:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=48f90f7ab29fb0b17864ed30c2b88e14820ccefb'/>
<id>urn:sha1:48f90f7ab29fb0b17864ed30c2b88e14820ccefb</id>
<content type='text'>
* python3-cryptography-crates.inc: update for 39.0.0
* python3-cryptography-vectors: upgrade 38.0.4 -&gt; 39.0.0

Highlights from Changelog:
https://cryptography.io/en/latest/changelog/#v39-0-0

39.0.0 - 2023-01-01

* BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.1.0 has been removed.
  Users on older version of OpenSSL will need to upgrade.

* BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL &lt; 3.5. The new
  minimum LibreSSL version is 3.5.0. Going forward our policy is to
  support versions of LibreSSL that are available in versions of OpenBSD
  that are still receiving security support.

* BACKWARDS INCOMPATIBLE: Removed the encode_point and from_encoded_point
  methods on EllipticCurvePublicNumbers, which had been deprecated for
  several years. public_bytes() and from_encoded_point() should be used
  instead.

* BACKWARDS INCOMPATIBLE: Support for using MD5 or SHA1 in
  CertificateBuilder, other X.509 builders, and PKCS7 has been removed.

* ANNOUNCEMENT: The next version of cryptography (40.0) will change the
  way we link OpenSSL. This will only impact users who build cryptography
  from source (i.e., not from a wheel), and specify their own version of
  OpenSSL. For those users, the CFLAGS, LDFLAGS, INCLUDE, LIB, and
  CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS environment variables will no longer
  be respected.

(From OE-Core rev: 904574c49c51f1862c6b888a3e5889bd972df42d)

Signed-off-by: Tim Orling &lt;tim.orling@konsulko.com&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
