File python-pyOpenSSL.changes of Package python-pyOpenSSL.36114

-------------------------------------------------------------------
Mon Oct 21 10:19:31 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>

- Fix for bsc#1231700:
  * 0001-Don-t-use-things-after-they-re-freed.duh-709.patch: Add
    missing patch that introduced X509._from_raw_x509_ptr needed by
    CVE-2018-1000807 fix.
  gh#pyca/pyopenssl@4aa52c33d3ee

-------------------------------------------------------------------
Fri May 10 08:13:43 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>

- Add CVE-2018-1000807-8_use_after_free_X509.patch to fix
  CVE-2018-1000807 (bsc#1111635) and CVE-2018-1000808 (bsc#1111634)

    fix a memory leak and a potential UAF and also #722 (#723)
    sanity check
    bump cryptography minimum version, add changelog
- Add skip_user_after_free_tests.patch to pass the test suite.
- bsc#1021578 add move_cryptography_backend_import.patch to avoid bad
  interaction with python-cryptography package.

-------------------------------------------------------------------
Thu Mar 12 10:56:23 UTC 2020 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>

- Update in SLE-12 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598)

-------------------------------------------------------------------
Thu Mar 12 09:50:20 UTC 2020 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>

- Update to version 17.1.0
  Backward-incompatible changes:
  * Removed the deprecated ``OpenSSL.rand.egd()`` function.
    Applications should prefer ``os.urandom()`` for random number generation.
    `#630 <https://github.com/pyca/pyopenssl/pull/630>`_
  * Removed the deprecated default ``digest`` argument to ``OpenSSL.crypto.CRL.export()``.
    Callers must now always pass an explicit ``digest``.
    `#652 <https://github.com/pyca/pyopenssl/pull/652>`_
  * Fixed a bug with ``ASN1_TIME`` casting in ``X509.set_notBefore()``,
    ``X509.set_notAfter()``, ``Revoked.set_rev_date()``, ``Revoked.set_nextUpdate()``,
    and ``Revoked.set_lastUpdate()``. You must now pass times in the form
    ``YYYYMMDDhhmmssZ``. ``YYYYMMDDhhmmss+hhmm`` and ``YYYYMMDDhhmmss-hhmm``
    will no longer work. `#612 <https://github.com/pyca/pyopenssl/pull/612>`_
   Deprecations:
   * Deprecated the legacy "Type" aliases: ``ContextType``, ``ConnectionType``,
     ``PKeyType``, ``X509NameType``, ``X509ExtensionType``, ``X509ReqType``,
     ``X509Type``, ``X509StoreType``, ``CRLType``, ``PKCS7Type``, ``PKCS12Type``,
     ``NetscapeSPKIType``.
     The names without the "Type"-suffix should be used instead.
   Changes:
   * Added ``OpenSSL.crypto.X509.from_cryptography()`` and ``OpenSSL.crypto.X509.to_cryptography()``
     for converting X.509 certificate to and from pyca/cryptography objects.
     `#640 <https://github.com/pyca/pyopenssl/pull/640>`_
   * Added ``OpenSSL.crypto.X509Req.from_cryptography()``, ``OpenSSL.crypto.X509Req.to_cryptography()``,
     ``OpenSSL.crypto.CRL.from_cryptography()``, and ``OpenSSL.crypto.CRL.to_cryptography()``
     for converting X.509 CSRs and CRLs to and from pyca/cryptography objects.
     `#645 <https://github.com/pyca/pyopenssl/pull/645>`_
   *  Added ``OpenSSL.debug`` that allows to get an overview of used library versions (including
      linked OpenSSL) and other useful runtime information using ``python -m OpenSSL.debug``.
      `#620 <https://github.com/pyca/pyopenssl/pull/620>`_
   * Added a fallback path to ``Context.set_default_verify_paths()`` to accommodate the upcoming
     release of ``cryptography`` ``manylinux1`` wheels.
     `#633 <https://github.com/pyca/pyopenssl/pull/633>`_
- Drop patch merged upstream
  + python-pyOpenSSL=replace-expired-cert.patch

-------------------------------------------------------------------
Thu Sep  5 12:25:18 UTC 2019 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>

- Include in SLE-12 (fate#324191, bsc#1065275)

-------------------------------------------------------------------
Thu Dec 21 14:41:06 UTC 2017 - mihai.dinca@suse.com

- build python3 subpackage (FATE#324435, bsc#1073879)

-------------------------------------------------------------------
Thu Aug 10 11:38:17 CEST 2017 - ro@suse.de

- add patch to always trigger overflow in the testsuite
  (gh#pyca/pyopenssl#657) b3460c6a9a45a016d1ab65c149c606fa3f07096d
 
  python-pyOpenSSL-always-overflow.patch 

-------------------------------------------------------------------
Tue Jun 13 07:05:41 UTC 2017 - dimstar@opensuse.org

- Add python-pyOpenSSL=replace-expired-cert.patch: the root cert
  expired, mking the test suite fail. Replace the certificate with
  a new one, valid for 20 years (gh#pyca/pyopenssl#637).

-------------------------------------------------------------------
Fri May  5 21:32:55 UTC 2017 - toddrme2178@gmail.com

- Fix Provides/Obsoletes.

-------------------------------------------------------------------
Wed Apr 26 14:20:27 UTC 2017 - toddrme2178@gmail.com

- Implement single-spec version
- Fix source URL
- Update to 17.0.0
  * Added ``OpenSSL.X509Store.set_time()`` to set a custom
    verification time when verifying certificate chains.
  * Added a collection of functions for working with OCSP stapling.
    None of these functions make it possible to validate OCSP
    assertions, only to staple them into the handshake and to
    retrieve the stapled assertion if provided.
    Users will need to write their own code to handle OCSP
    assertions.
    We specifically added: ``Context.set_ocsp_server_callback``,
    ``Context.set_ocsp_client_callback``, and
    ``Connection.request_ocsp``.
  * Changed the ``SSL`` module's memory allocation policy to
    avoid zeroing memory it allocates when unnecessary.
    This reduces CPU usage and memory allocation time by an amount
    proportional to the size of the allocation.
    For applications that process a lot of TLS data or that use
    very lage allocations this can provide considerable performance
    improvements.
  * Automatically set ``SSL_CTX_set_ecdh_auto()`` on
    ``OpenSSL.SSL.Context``.
  - Fix empty exceptions from ``OpenSSL.crypto.load_privatekey()``.
- Rebase bug-lp-1265482.diff
- Rebase rsa128-i586.patch
- Rebase skip-networked-test.patch

-------------------------------------------------------------------
Wed Nov 16 07:46:25 UTC 2016 - dmueller@suse.com

- fix source url

-------------------------------------------------------------------
Tue Nov 15 09:39:09 UTC 2016 - mlin@suse.com

- Change source url to pypi.io
  * version 16.2.0 source tarball failed to download from pypi.python.org

-------------------------------------------------------------------
Mon Nov 14 08:46:18 UTC 2016 - mlin@suse.com

- Update to 16.2.0
  * Deprecations
  ** Dropped support for OpenSSL 0.9.8.
  * Changes
  ** Fix memory leak in OpenSSL.crypto.dump_privatekey() with FILETYPE_TEXT. #496
  ** Enable use of CRL (and more) in verify context. #483
  ** OpenSSL.crypto.PKey can now be constructed from cryptography objects and also
     exported as such. #439
  ** Support newer versions of cryptography which use opaque structs for OpenSSL
     1.1.0 compatibility.
  ** Fixed compatibility errors with OpenSSL 1.1.0.
  ** Fixed an issue that caused failures with subinterpreters and embedded Pythons.
     #552

-------------------------------------------------------------------
Mon May 16 15:29:16 UTC 2016 - jmatejek@suse.com

- added %check section with testsuite
- skip-networked-test.patch - mark a test as networked so that we can
  specify non-network test run
- rsa128-i586.patch - sidestep a crasher bug on 32bit platforms
  by generating reasonably-sized RSA keys instead of small 128bit ones

-------------------------------------------------------------------
Mon May  9 09:54:12 UTC 2016 - hpj@urpla.net

- update to 16.0.0
  Backward-incompatible changes:
  * Python 3.2 support has been dropped. It never had significant real world
    usage and has been dropped by our main dependency cryptography. Affected
    users should upgrade to Python 3.3 or later.
  Deprecations:
  * The support for EGD has been removed. The only affected function
    OpenSSL.rand.egd() now uses os.urandom() to seed the internal PRNG instead.
    Please see pyca/cryptography#1636 for more background information on this
    decision. In accordance with our backward compatibility policy
    OpenSSL.rand.egd() will be removed no sooner than a year from the release of
    16.0.0.
  * Please note that you should use urandom for all your secure random number
    needs.
  * Python 2.6 support has been deprecated. Our main dependency cryptography
    deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually
    dropping it. pyOpenSSL will drop Python 2.6 support once cryptography does.
  Changes:
  * Fixed OpenSSL.SSL.Context.set_session_id, OpenSSL.SSL.Connection.renegotiate,
    OpenSSL.SSL.Connection.renegotiate_pending, and
    OpenSSL.SSL.Context.load_client_ca. They were lacking an implementation since
    0.14. #422
  * Fixed segmentation fault when using keys larger than 4096-bit to sign data.
    #428
  * Fixed AttributeError when OpenSSL.SSL.Connection.get_app_data() was called
    before setting any app data. #304
  * Added OpenSSL.crypto.dump_publickey() to dump OpenSSL.crypto.PKey objects
    that represent public keys, and OpenSSL.crypto.load_publickey() to load such
    objects from serialized representations. #382
  * Added OpenSSL.crypto.dump_crl() to dump a certificate revocation list out to
    a string buffer. #368
  * Added OpenSSL.SSL.Connection.get_state_string() using the OpenSSL binding
    state_string_long. #358
  * Added support for the socket.MSG_PEEK flag to OpenSSL.SSL.Connection.recv()
    and OpenSSL.SSL.Connection.recv_into(). #294
  * Added OpenSSL.SSL.Connection.get_protocol_version() and
    OpenSSL.SSL.Connection.get_protocol_version_name(). #244
  * Switched to utf8string mask by default. OpenSSL formerly defaulted to a
    T61String if there were UTF-8 characters present. This was changed to
    default to UTF8String in the config around 2005, but the actual code didn’t
    change it until late last year. This will default us to the setting that
    actually works. To revert this you can call
    OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default"). #234

- fixed paths in bug-lp-1265482.diff
- fixed doc generation 
- spec clean up

-------------------------------------------------------------------
Tue Jul 14 13:07:00 UTC 2015 - toddrme2178@gmail.com

- Fix building on SLES 11

-------------------------------------------------------------------
Wed Apr 22 09:50:09 UTC 2015 - mcihar@suse.cz

- Do not hardcode version in file list

-------------------------------------------------------------------
Wed Apr 22 09:42:53 UTC 2015 - mcihar@suse.cz

- udapte to 0.15.1
	* OpenSSL/SSL.py, OpenSSL/test/test_ssl.py: Fix a regression
	  present in 0.15, where when an error occurs and no errno() is set,
	  a KeyError is raised.  This happens, for example, if
	  Connection.shutdown() is called when the underlying transport has
	  gone away.
	* OpenSSL/rand.py, OpenSSL/SSL.py: APIs which previously accepted
	  filenames only as bytes now accept them as either bytes or
	  unicode (and respect sys.getfilesystemencoding()).
	* OpenSSL/SSL.py: Add Cory Benfield's next-protocol-negotiation
	  (NPN) bindings.
	* OpenSSL/SSL.py: Add ``Connection.recv_into``, mirroring the
	  builtin ``socket.recv_into``.  Based on work from Cory Benfield.
	* OpenSSL/test/test_ssl.py: Add tests for ``recv_into``.
	* OpenSSL/crypto.py: Expose ``X509StoreContext`` for verifying certificates.
	* OpenSSL/test/test_crypto.py: Add intermediate certificates for
	* OpenSSL/SSL.py: ``Connection.shutdown`` now propagates errors from the
	  underlying socket.
	* OpenSSL/SSL.py: Fixed a regression ``Context.check_privatekey``
	  causing it to always succeed - even if it should fail.
	* OpenSSL/crypto.py: Fixed a regression where calling ``load_pkcs7_data``
	  with ``FILETYPE_ASN1`` would fail with a ``NameError``.
	* OpenSSL/SSL.py: Fix a regression in which the first argument of

-------------------------------------------------------------------
Mon Feb 24 12:58:58 UTC 2014 - mvyskocil@suse.com

- update to 0.14
  * Support for TLSv1.1 and TLSv1.2
  * First-class support for PyPy
  * New flags, such as MODE_RELEASE_BUFFERS and OP_NO_COMPRESSION
  * Some APIs to access to the SSL session cache
  * A variety of bug fixes for error handling cases
  * Documentation has been converted from LaTeX
    + python-pyOpenSSL-doc is now build from single spec file
  * pyOpenSSL now depends on cryptography, so it became pure-python
    module
    + changed to noarch package, add proper dependencies
  * Development moved to github
    + changed Url tag respectivelly
- refreshed bug-lp-1265482.diff

-------------------------------------------------------------------
Thu Jan  2 11:17:23 UTC 2014 - dmueller@suse.com

-Add bug-lp-1265482.diff; fix testsuite for SLE11 (bnc#855666) 

-------------------------------------------------------------------
Fri Sep 13 14:02:43 UTC 2013 - jmatejek@suse.com

- update to 0.13.1
  * fixes NUL byte handling in subjectAltName (bnc#839107, CVE-2013-4314)

-------------------------------------------------------------------
Fri Apr  5 07:54:12 UTC 2013 - speilicke@suse.com

- Package LICENSE

-------------------------------------------------------------------
Mon Jul  9 18:34:08 PDT 2012 - msuman@opensuse.org

- Update to version 0.13
  * Add OPENSSL_VERSION_NUMBER, SSLeay_version and related
    constants for retrieving version information about the
    underlying OpenSSL library.
  * Support OpenSSL 1.0.0a and related changes.
  * Remove SSLv2 support if the underlying OpenSSL library does
    not provide it.
  * Add a new method to the X509 type, get_signature_algorithm.
  * Add a new method to the Connection type, get_peer_cert_chain.
  * Add the PKey.check method to verify the internal consistency
    of a PKey instance.
  * Bug fixes.

-------------------------------------------------------------------
Thu Sep  1 08:48:23 UTC 2011 - saschpe@suse.de

- Changed license to Apache-2.0, to fix bnc#715423

-------------------------------------------------------------------
Wed Aug 31 14:21:58 UTC 2011 - saschpe@suse.de

- Initial version, obsoletes 'python-openssl':
  * Builds properly on all SUSE version
  * Has real HTML documentation

openSUSE Build Service is sponsored by