./security/py-cryptography, Cryptographic recipes and primitives for Python

[ Image CVSweb ] [ Image Homepage ] [ Image RSS ] [ Image Required by ] [ Image Add to tracker ]

Branch: CURRENT, Version: 46.0.7, Package name: py313-cryptography-46.0.7, Maintainer: pkgsrc-users

cryptography is a package designed to expose cryptographic recipes
and primitives to Python developers. Our goal is for it to be your
"cryptographic standard library".

cryptography includes both high level recipes, and low level
interfaces to common cryptographic algorithms such as symmetric
ciphers, message digests and key derivation functions.


Required to run:
[security/openssl] [devel/py-setuptools] [devel/py-cffi] [devel/py-cparser] [lang/py-six] [www/py-idna] [security/py-asn1crypto] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 733.059 KB

Version history: (Expand)

CVS history: (Expand)


   2026-04-08 22:35:35 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
py-cryptography: update to 46.0.7.

46.0.7 - 2026-01-27
~~~~~~~~~~~~~~~~~~~

* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be
  passed to APIs that accept Python buffers, which could lead to buffer
  overflow. **CVE-2026-39892**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.
   2026-03-27 11:06:27 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
py-cryptography py-cryptography_vectors: updated to 46.0.6

46.0.6 - 2026-03-25

* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied
  to peer names during verification when the leaf certificate contains a
  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,
  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for
  reporting the issue. **CVE-2026-34073**
   2026-02-17 07:32:37 by Adam Ciarcinski | Files touched by this commit (3) 
Log message:
py-cryptography: proper fix for Maturin 1.12
   2026-02-16 22:47:54 by Thomas Klausner | Files touched by this commit (2) 
Log message:
py-cryptography: manually delete newly installed files

Bug report filed upstream.

Bump PKGREVISION.
   2026-02-16 20:08:07 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
py-cryptography: fix PLIST

setuptools? maturin? update?

Bump PKGREVISION.
   2026-02-10 23:45:06 by Thomas Klausner | Files touched by this commit (4) | Package updated
Log message:
py-cryptography*: update to 46.0.5

* An attacker could create a malicious public key that reveals portions of
your private key when using certain uncommon elliptic curves (binary
curves). This version now includes additional security checks to prevent
this attack. This issue only affects binary elliptic curves, which are
rarely used in real-world applications. Credit to **XlabAI Team of Tencent
Xuanwu Lab and Atuin Automated Vulnerability Discovery Engine** for
reporting the issue. **CVE-2026-26007**
* Support for SECT binary elliptic curves is deprecated and will be removed
in the next release.
   2026-01-28 09:39:32 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
py-cryptography py-cryptography_vectors: updated to 46.0.4

46.0.4 - 2026-01-27

Dropped support for win_arm64 wheels.
Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.
   2025-10-16 11:21:03 by Adam Ciarcinski | Files touched by this commit (5) | Package updated
Log message:
py-cryptography py-cryptography_vectors: updated to 46.0.3

46.0.3 - 2025-10-15

* Fixed compilation when using LibreSSL 4.2.0.