From bd2270fb05bafee4409fbb1caed34f3cf3da575c Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Mon, 22 Nov 2021 11:41:56 +0100 Subject: [PATCH] Release 2.0.1. --- CHANGELOG.rst | 21 +++++++++++++ changelogs/changelog.yaml | 31 +++++++++++++++++++ changelogs/fragments/2.0.1.yml | 1 - ...302-openssl_pkcs12-cryptography-36.0.0.yml | 2 -- .../324-acme_certificate-fullchain.yml | 2 -- changelogs/fragments/327-luks_device-wipe.yml | 2 -- .../fragments/331-cryptography-extensions.yml | 2 -- changelogs/fragments/fetch_url-devel.yml | 2 -- 8 files changed, 52 insertions(+), 11 deletions(-) delete mode 100644 changelogs/fragments/2.0.1.yml delete mode 100644 changelogs/fragments/302-openssl_pkcs12-cryptography-36.0.0.yml delete mode 100644 changelogs/fragments/324-acme_certificate-fullchain.yml delete mode 100644 changelogs/fragments/327-luks_device-wipe.yml delete mode 100644 changelogs/fragments/331-cryptography-extensions.yml delete mode 100644 changelogs/fragments/fetch_url-devel.yml diff --git a/CHANGELOG.rst b/CHANGELOG.rst index dee3666d..2cc443e6 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -5,6 +5,27 @@ Community Crypto Release Notes .. contents:: Topics +v2.0.1 +====== + +Release Summary +--------------- + +Bugfix release with extra forward compatibility for newer versions of cryptography. + +Minor Changes +------------- + +- acme_* modules - fix usage of ``fetch_url`` with changes in latest ansible-core ``devel`` branch (https://github.com/ansible-collections/community.crypto/pull/339). + +Bugfixes +-------- + +- acme_certificate - avoid passing multiple certificates to ``cryptography``'s X.509 certificate loader when ``fullchain_dest`` is used (https://github.com/ansible-collections/community.crypto/pull/324). +- get_certificate, openssl_csr_info, x509_certificate_info - add fallback code for extension parsing that works with cryptography 36.0.0 and newer. This code re-serializes de-serialized extensions and thus can return slightly different values if the extension in the original CSR resp. certificate was not canonicalized correctly. This code is currently used as a fallback if the existing code stops working, but we will switch it to be the main code in a future release (https://github.com/ansible-collections/community.crypto/pull/331). +- luks_device - now also runs a built-in LUKS signature cleaner on ``state=absent`` to make sure that also the secondary LUKS2 header is wiped when older versions of wipefs are used (https://github.com/ansible-collections/community.crypto/issues/326, https://github.com/ansible-collections/community.crypto/pull/327). +- openssl_pkcs12 - use new PKCS#12 deserialization infrastructure from cryptography 36.0.0 if available (https://github.com/ansible-collections/community.crypto/pull/302). + v2.0.0 ====== diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index 88d839d5..f4ea47b6 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -674,3 +674,34 @@ releases: - 317-ignore-timestamps.yml - 318-extension-value-note.yml release_date: '2021-11-01' + 2.0.1: + changes: + bugfixes: + - acme_certificate - avoid passing multiple certificates to ``cryptography``'s + X.509 certificate loader when ``fullchain_dest`` is used (https://github.com/ansible-collections/community.crypto/pull/324). + - get_certificate, openssl_csr_info, x509_certificate_info - add fallback code + for extension parsing that works with cryptography 36.0.0 and newer. This + code re-serializes de-serialized extensions and thus can return slightly different + values if the extension in the original CSR resp. certificate was not canonicalized + correctly. This code is currently used as a fallback if the existing code + stops working, but we will switch it to be the main code in a future release + (https://github.com/ansible-collections/community.crypto/pull/331). + - luks_device - now also runs a built-in LUKS signature cleaner on ``state=absent`` + to make sure that also the secondary LUKS2 header is wiped when older versions + of wipefs are used (https://github.com/ansible-collections/community.crypto/issues/326, + https://github.com/ansible-collections/community.crypto/pull/327). + - openssl_pkcs12 - use new PKCS#12 deserialization infrastructure from cryptography + 36.0.0 if available (https://github.com/ansible-collections/community.crypto/pull/302). + minor_changes: + - acme_* modules - fix usage of ``fetch_url`` with changes in latest ansible-core + ``devel`` branch (https://github.com/ansible-collections/community.crypto/pull/339). + release_summary: Bugfix release with extra forward compatibility for newer versions + of cryptography. + fragments: + - 2.0.1.yml + - 302-openssl_pkcs12-cryptography-36.0.0.yml + - 324-acme_certificate-fullchain.yml + - 327-luks_device-wipe.yml + - 331-cryptography-extensions.yml + - fetch_url-devel.yml + release_date: '2021-11-22' diff --git a/changelogs/fragments/2.0.1.yml b/changelogs/fragments/2.0.1.yml deleted file mode 100644 index 53925ba2..00000000 --- a/changelogs/fragments/2.0.1.yml +++ /dev/null @@ -1 +0,0 @@ -release_summary: Bugfix release with extra forward compatibility for newer versions of cryptography. diff --git a/changelogs/fragments/302-openssl_pkcs12-cryptography-36.0.0.yml b/changelogs/fragments/302-openssl_pkcs12-cryptography-36.0.0.yml deleted file mode 100644 index 87c25662..00000000 --- a/changelogs/fragments/302-openssl_pkcs12-cryptography-36.0.0.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - "openssl_pkcs12 - use new PKCS#12 deserialization infrastructure from cryptography 36.0.0 if available (https://github.com/ansible-collections/community.crypto/pull/302)." diff --git a/changelogs/fragments/324-acme_certificate-fullchain.yml b/changelogs/fragments/324-acme_certificate-fullchain.yml deleted file mode 100644 index 4f0d4af8..00000000 --- a/changelogs/fragments/324-acme_certificate-fullchain.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - "acme_certificate - avoid passing multiple certificates to ``cryptography``'s X.509 certificate loader when ``fullchain_dest`` is used (https://github.com/ansible-collections/community.crypto/pull/324)." diff --git a/changelogs/fragments/327-luks_device-wipe.yml b/changelogs/fragments/327-luks_device-wipe.yml deleted file mode 100644 index 5929e411..00000000 --- a/changelogs/fragments/327-luks_device-wipe.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - "luks_device - now also runs a built-in LUKS signature cleaner on ``state=absent`` to make sure that also the secondary LUKS2 header is wiped when older versions of wipefs are used (https://github.com/ansible-collections/community.crypto/issues/326, https://github.com/ansible-collections/community.crypto/pull/327)." diff --git a/changelogs/fragments/331-cryptography-extensions.yml b/changelogs/fragments/331-cryptography-extensions.yml deleted file mode 100644 index 0da3ef5f..00000000 --- a/changelogs/fragments/331-cryptography-extensions.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: -- "get_certificate, openssl_csr_info, x509_certificate_info - add fallback code for extension parsing that works with cryptography 36.0.0 and newer. This code re-serializes de-serialized extensions and thus can return slightly different values if the extension in the original CSR resp. certificate was not canonicalized correctly. This code is currently used as a fallback if the existing code stops working, but we will switch it to be the main code in a future release (https://github.com/ansible-collections/community.crypto/pull/331)." diff --git a/changelogs/fragments/fetch_url-devel.yml b/changelogs/fragments/fetch_url-devel.yml deleted file mode 100644 index 344859ba..00000000 --- a/changelogs/fragments/fetch_url-devel.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - "acme_* modules - fix usage of ``fetch_url`` with changes in latest ansible-core ``devel`` branch (https://github.com/ansible-collections/community.crypto/pull/339)."