Overview

File _patchinfo of Package patchinfo.26408

<patchinfo incident="26408">
  <issue tracker="bnc" id="1149792">openssl 1.1.1c causes build failures in other packages</issue>
  <issue tracker="bnc" id="1177083">python-aliyun-python-sdk-core package ships a vendored python-requests package</issue>
  <issue tracker="bnc" id="1176785">[Trackerbug] Update Azure CLI packages to latest version in SLE-15</issue>
  <issue tracker="bnc" id="1101820">VUL-0: CVE-2018-10903: python-cryptography: GCM tag forgery via truncated tag in finalize_with_tag API</issue>
  <issue tracker="jsc" id="PM-2352"/>
  <issue tracker="jsc" id="PM-2730"/>
  <issue tracker="jsc" id="ECO-3105"/>
  <issue tracker="jsc" id="SLE-18312"/>
  <issue tracker="cve" id="2018-10903"/>
  <packager>glaubitz</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for python-cryptography, python-cryptography-vectors</summary>
  <description>This update for python-cryptography, python-cryptography-vectors fixes the following issues:

- Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)
- Refresh patches for new version
- Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)
- update to 2.9.2
  * 2.9.2 - 2020-04-22
    - Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15.
  * 2.9.1 - 2020-04-21
    - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g.
  * 2.9 - 2020-04-02
    - BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to
      low usage and maintenance burden.
    - BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed.
      Users on older version of OpenSSL will need to upgrade.
    - BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.
    - Removed support for calling public_bytes() with no arguments, as per 
      our deprecation policy. You must now pass encoding and format.
    - BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string()
      returns the RDNs as required by RFC 4514.
    - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f.
    - Added support for parsing single_extensions in an OCSP response.
    - NameAttribute values can now be empty strings.

- Add openSSL_111d.patch to make this version of the package
  compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792.

- bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in
  finalize_with_tag API
- Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)
- Include in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)
- update to 2.9.2:
  * updated vectors for the cryptography 2.9.2 testing
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places