Release 2.0.1.

CHANGELOG.rst

@@ -5,6 +5,27 @@ Community Crypto Release Notes
 .. contents:: Topics
 
 
+v2.0.1
+======
+
+Release Summary
+---------------
+
+Bugfix release with extra forward compatibility for newer versions of cryptography.
+
+Minor Changes
+-------------
+
+- acme_* modules - fix usage of ``fetch_url`` with changes in latest ansible-core ``devel`` branch (https://github.com/ansible-collections/community.crypto/pull/339).
+
+Bugfixes
+--------
+
+- acme_certificate - avoid passing multiple certificates to ``cryptography``'s X.509 certificate loader when ``fullchain_dest`` is used (https://github.com/ansible-collections/community.crypto/pull/324).
+- get_certificate, openssl_csr_info, x509_certificate_info - add fallback code for extension parsing that works with cryptography 36.0.0 and newer. This code re-serializes de-serialized extensions and thus can return slightly different values if the extension in the original CSR resp. certificate was not canonicalized correctly. This code is currently used as a fallback if the existing code stops working, but we will switch it to be the main code in a future release (https://github.com/ansible-collections/community.crypto/pull/331).
+- luks_device - now also runs a built-in LUKS signature cleaner on ``state=absent`` to make sure that also the secondary LUKS2 header is wiped when older versions of wipefs are used (https://github.com/ansible-collections/community.crypto/issues/326, https://github.com/ansible-collections/community.crypto/pull/327).
+- openssl_pkcs12 - use new PKCS#12 deserialization infrastructure from cryptography 36.0.0 if available (https://github.com/ansible-collections/community.crypto/pull/302).
+
 v2.0.0
 ======
 

changelogs/changelog.yaml

@@ -674,3 +674,34 @@ releases:
     - 317-ignore-timestamps.yml
     - 318-extension-value-note.yml
     release_date: '2021-11-01'
+  2.0.1:
+    changes:
+      bugfixes:
+      - acme_certificate - avoid passing multiple certificates to ``cryptography``'s
+        X.509 certificate loader when ``fullchain_dest`` is used (https://github.com/ansible-collections/community.crypto/pull/324).
+      - get_certificate, openssl_csr_info, x509_certificate_info - add fallback code
+        for extension parsing that works with cryptography 36.0.0 and newer. This
+        code re-serializes de-serialized extensions and thus can return slightly different
+        values if the extension in the original CSR resp. certificate was not canonicalized
+        correctly. This code is currently used as a fallback if the existing code
+        stops working, but we will switch it to be the main code in a future release
+        (https://github.com/ansible-collections/community.crypto/pull/331).
+      - luks_device - now also runs a built-in LUKS signature cleaner on ``state=absent``
+        to make sure that also the secondary LUKS2 header is wiped when older versions
+        of wipefs are used (https://github.com/ansible-collections/community.crypto/issues/326,
+        https://github.com/ansible-collections/community.crypto/pull/327).
+      - openssl_pkcs12 - use new PKCS#12 deserialization infrastructure from cryptography
+        36.0.0 if available (https://github.com/ansible-collections/community.crypto/pull/302).
+      minor_changes:
+      - acme_* modules - fix usage of ``fetch_url`` with changes in latest ansible-core
+        ``devel`` branch (https://github.com/ansible-collections/community.crypto/pull/339).
+      release_summary: Bugfix release with extra forward compatibility for newer versions
+        of cryptography.
+    fragments:
+    - 2.0.1.yml
+    - 302-openssl_pkcs12-cryptography-36.0.0.yml
+    - 324-acme_certificate-fullchain.yml
+    - 327-luks_device-wipe.yml
+    - 331-cryptography-extensions.yml
+    - fetch_url-devel.yml
+    release_date: '2021-11-22'

changelogs/fragments/2.0.1.yml

@@ -1 +0,0 @@
-release_summary: Bugfix release with extra forward compatibility for newer versions of cryptography.

changelogs/fragments/302-openssl_pkcs12-cryptography-36.0.0.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - "openssl_pkcs12 - use new PKCS#12 deserialization infrastructure from cryptography 36.0.0 if available (https://github.com/ansible-collections/community.crypto/pull/302)."

changelogs/fragments/324-acme_certificate-fullchain.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - "acme_certificate - avoid passing multiple certificates to ``cryptography``'s X.509 certificate loader when ``fullchain_dest`` is used (https://github.com/ansible-collections/community.crypto/pull/324)."

changelogs/fragments/327-luks_device-wipe.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - "luks_device - now also runs a built-in LUKS signature cleaner on ``state=absent`` to make sure that also the secondary LUKS2 header is wiped when older versions of wipefs are used (https://github.com/ansible-collections/community.crypto/issues/326, https://github.com/ansible-collections/community.crypto/pull/327)."

changelogs/fragments/331-cryptography-extensions.yml

@@ -1,2 +0,0 @@
-bugfixes:
-- "get_certificate, openssl_csr_info, x509_certificate_info - add fallback code for extension parsing that works with cryptography 36.0.0 and newer. This code re-serializes de-serialized extensions and thus can return slightly different values if the extension in the original CSR resp. certificate was not canonicalized correctly. This code is currently used as a fallback if the existing code stops working, but we will switch it to be the main code in a future release (https://github.com/ansible-collections/community.crypto/pull/331)."

changelogs/fragments/fetch_url-devel.yml

@@ -1,2 +0,0 @@
-minor_changes:
-  - "acme_* modules - fix usage of ``fetch_url`` with changes in latest ansible-core ``devel`` branch (https://github.com/ansible-collections/community.crypto/pull/339)."