• [Python-announce] PyCA cryptography 40.0.0 released

    From Paul Kehrer@paul.l.kehrer@gmail.com to comp.lang.python.announce on Fri Mar 24 12:41:27 2023
    From Newsgroup: comp.lang.python.announce

    PyCA cryptography 40.0.0 has been released to PyPI. cryptography
    includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric
    algorithms, message digests, X509, key derivation functions, and much
    more. We support Python 3.6+, and PyPy3 7.3.10+.
    Changelog (https://cryptography.io/en/latest/changelog/#v40-0-0):
    * BACKWARDS INCOMPATIBLE: As announced in the 39.0.0 changelog, the
    way cryptography links OpenSSL has changed. This only impacts users
    who build cryptography from source (i.e., not from a wheel), and
    specify their own version of OpenSSL. For those users, the CFLAGS,
    LDFLAGS, INCLUDE, LIB, and CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS
    environment variables are no longer valid. Instead, users need to
    configure their builds as documented here.
    * Support for Python 3.6 is deprecated and will be removed in the next release. * Deprecated the current minimum supported Rust version (MSRV) of
    1.48.0. In the next release we will raise MSRV to 1.56.0. Users with
    the latest pip will typically get a wheel and not need Rust installed,
    but check Installation for documentation on installing a newer rustc
    if required.
    * Deprecated support for OpenSSL less than 1.1.1d. The next release of cryptography will drop support for older versions.
    * Deprecated support for DSA keys in load_ssh_public_key() and load_ssh_private_key().
    * Deprecated support for OpenSSH serialization in DSAPublicKey and DSAPrivateKey.
    * The minimum supported version of PyPy3 is now 7.3.10.
    * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.0.
    * Added support for parsing SSH certificates in addition to public
    keys with load_ssh_public_identity(). load_ssh_public_key() continues
    to support only public keys.
    * Added support for generating SSH certificates with SSHCertificateBuilder.
    * Added verify_directly_issued_by() to Certificate.
    * Added a check to NameConstraints to ensure that DNSName constraints
    do not contain any * wildcards.
    * Removed many unused CFFI OpenSSL bindings. This will not impact you
    unless you are using cryptography to directly invoke OpenSSL’s C API.
    Note that these have never been considered a stable, supported, public
    API by cryptography, this note is included as a courtesy.
    * The X.509 builder classes now raise UnsupportedAlgorithm instead of ValueError if an unsupported hash algorithm is passed.
    * Added public union type aliases for type hinting:
    Asymmetric types: PublicKeyTypes, PrivateKeyTypes, CertificatePublicKeyTypes, CertificateIssuerPublicKeyTypes, CertificateIssuerPrivateKeyTypes
    SSH keys: SSHPublicKeyTypes, SSHPrivateKeyTypes,
    SSHCertPublicKeyTypes, SSHCertPrivateKeyTypes
    PKCS12: PKCS12PrivateKeyTypes
    PKCS7: PKCS7HashTypes, PKCS7PrivateKeyTypes
    Two-factor: HOTPHashTypes
    * Deprecated previously undocumented but not private type aliases in
    the cryptography.hazmat.primitives.asymmetric.types module in favor of
    new ones above.
    -Paul Kehrer (reaperhulk)
    --- Synchronet 3.20a-Linux NewsLink 1.114