Overview

File _patchinfo of Package patchinfo.28337

<patchinfo incident="28337">
  <issue tracker="bnc" id="1198331">python-moto: failed on test_boto3_availability_zones test_create_notebook_instance_bad_volume_size</issue>
  <issue tracker="bnc" id="1199282">Update azure SDK and cli to support aarch64 image creation</issue>
  <issue tracker="bnc" id="1162343">Bump protobuf 3.9.1 to 3.9.2+ to build TensorFlow2</issue>
  <issue tracker="bnc" id="1144068">grpc: update to 1.22.0</issue>
  <issue tracker="bnc" id="1194530">VUL-0: CVE-2021-22569: protobuf: potential Denial of Service in protobuf-java in the parsing procedure for binary data</issue>
  <issue tracker="bnc" id="1184753">salt-minion conflicts with busybox-hostname</issue>
  <issue tracker="bnc" id="1204256">VUL-0: CVE-2022-3171: protobuf: parsing issue with binary data can lead to denial of service</issue>
  <issue tracker="bnc" id="1197726">FTBFS: grpc won't compile on SP4</issue>
  <issue tracker="bnc" id="1133277">LTO: protobuf build fails</issue>
  <issue tracker="bnc" id="1203681">VUL-0: CVE-2022-1941: protobuf: A potential Denial of Service issue in protobuf-cpp and protobuf-python</issue>
  <issue tracker="bnc" id="1177127">python3-protobuf missing dependency six</issue>
  <issue tracker="bnc" id="1182066">VUL-0: CVE-2020-36242: python-cryptography: calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow</issue>
  <issue tracker="bnc" id="1099269">VUL-0: CVE-2018-1000518: python-websockets: Improper Handling of Highly Compressed Data</issue>
  <issue tracker="bnc" id="1178168">VUL-0: CVE-2020-25659: python-cryptography: bleichenbacher timing oracle attack against RSA decryption</issue>
  <issue tracker="cve" id="2021-22570"/>
  <issue tracker="cve" id="2022-1941"/>
  <issue tracker="cve" id="2020-25659"/>
  <issue tracker="cve" id="2018-1000518"/>
  <issue tracker="cve" id="2022-3171"/>
  <issue tracker="cve" id="2021-22569"/>
  <issue tracker="cve" id="2020-36242"/>
  <issue tracker="jsc" id="SLE-24629"/>
  <issue tracker="jsc" id="PM-3243"/>
  <packager>glaubitz</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets</summary>
  <description>This update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets fixes the following issues:

grpc:
- Update in SLE-15 (bsc#1197726, bsc#1144068)
  
protobuf:
- Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941, bsc#1203681
- Fix a potential DoS issue when parsing with binary data in  protobuf-java, CVE-2022-3171, bsc#1204256
- Fix potential Denial of Service in protobuf-java in the parsing procedure for binary data, CVE-2021-22569, bsc#1194530
- Add missing dependency of python subpackages on python-six (bsc#1177127)
- Updated to version 3.9.2 (bsc#1162343)
  * Remove OSReadLittle* due to alignment requirements.
  * Don't use unions and instead use memcpy for the type swaps.
- Disable LTO (bsc#1133277)

python-aiocontextvars:  
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

python-avro:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

python-cryptography:  
- update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331)
  * SECURITY ISSUE: Fixed a bug where certain sequences of update()
    calls when symmetrically encrypting very large payloads (&gt;2GB) could
    result in an integer overflow, leading to buffer overflows.
  CVE-2020-36242

python-cryptography-vectors:
- update to 3.2 (bsc#1178168, CVE-2020-25659):
  * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time,
    to protect against Bleichenbacher vulnerabilities. Due to limitations imposed
    by our API, we cannot completely mitigate this vulnerability.
  * Support for OpenSSL 1.0.2 has been removed.
  * Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder.
- update to 3.3.2 (bsc#1198331)

python-Deprecated:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- update to 1.2.13:

python-google-api-core:
- Update to 1.14.2

python-googleapis-common-protos:
- Update to 1.6.0
  
python-grpcio-gcp:
- Initial spec for v0.2.2

python-humanfriendly:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update to 10.0

python-jsondiff:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update to version 1.3.0

python-knack:  
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update to version 0.9.0

python-opencensus:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Disable Python2 build
- Update to 0.8.0

python-opencensus-context:  
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

python-opencensus-ext-threading:  
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Initial build version 0.1.2

python-opentelemetry-api:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Version update to 1.5.0

python-psutil:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- update to 5.9.1
- remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS. (bsc#1184753)
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

python-PyGithub:
- Update to 1.43.5:

python-pytest-asyncio:  
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Initial release of python-pytest-asyncio 0.8.0 
  
python-requests:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
  
python-websocket-client:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update to version 1.3.2

python-websockets:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- update to 9.1:
 </description>
</patchinfo>
openSUSE Build Service is sponsored by
Places