File _patchinfo of Package patchinfo.13643

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.13643

<patchinfo incident="13643">
  <issue tracker="fate" id="326950"/>
  <issue tracker="bnc" id="1122668">[TRACKERBUG] FATE#326950 - Include cfn linter in the SLE 12 Public Cloud Module</issue>
  <issue tracker="bnc" id="1111622">VUL-0: CVE-2018-18074: python-requests: The Requests package sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect</issue>
  <issue tracker="cve" id="2018-18074"/>
  <issue tracker="jsc" id="PM-1447"/>
  <packager>glaubitz</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer</summary>
  <description>This update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer, python-jsonpatch, python-jsonpointer, python-scandir, python-PyYAML fixes the following issues:

python-cfn-lint was included as a new package in 0.21.4.

python-aws-sam-translator was updated to 1.11.0:

* Add ReservedConcurrentExecutions to globals
  * Fix ElasticsearchHttpPostPolicy resource reference
  * Support using AWS::Region in Ref and Sub
  * Documentation and examples updates
  * Add VersionDescription property to Serverless::Function
  * Update ServerlessRepoReadWriteAccessPolicy
  * Add additional template validation

Upgrade to 1.10.0:

* Add GSIs to DynamoDBReadPolicy and DynamoDBCrudPolicy
  * Add DynamoDBReconfigurePolicy
  * Add CostExplorerReadOnlyPolicy and OrganizationsListAccountsPolicy
  * Add EKSDescribePolicy
  * Add SESBulkTemplatedCrudPolicy
  * Add FilterLogEventsPolicy
  * Add SSMParameterReadPolicy
  * Add SESEmailTemplateCrudPolicy
  * Add s3:PutObjectAcl to S3CrudPolicy
  * Add allow_credentials CORS option
  * Add support for AccessLogSetting and CanarySetting Serverless::Api properties
  * Add support for X-Ray in Serverless::Api
  * Add support for MinimumCompressionSize in Serverless::Api
  * Add Auth to Serverless::Api globals
  * Remove trailing slashes from APIGW permissions
  * Add SNS FilterPolicy and an example application
  * Add Enabled property to Serverless::Function event sources
  * Add support for PermissionsBoundary in Serverless::Function
  * Fix boto3 client initialization
  * Add PublicAccessBlockConfiguration property to S3 bucket resource
  * Make PAY_PER_REQUEST default mode for Serverless::SimpleTable
  * Add limited support for resolving intrinsics in Serverless::LayerVersion
  * SAM now uses Flake8
  * Add example application for S3 Events written in Go
  * Updated several example applications

- Initial build
  + Version 1.9.0
- Add patch to drop compatible releases operator from setup.py,
  required for SLES12 as the setuptools version is too old
  + ast_drop-compatible-releases-operator.patch

python-jsonschema was updated to 2.6.0:

* Improved performance on CPython by adding caching around ref resolution

Update to version 2.5.0:

* Improved performance on CPython by adding caching around ref
  resolution (#203)

Update to version 2.4.0:

* Added a CLI (#134)
* Added absolute path and absolute schema path to errors (#120)
* Added ``relevance``
* Meta-schemas are now loaded via ``pkgutil``
* Added ``by_relevance`` and ``best_match`` (#91)
* Fixed ``format`` to allow adding formats for non-strings (#125)
* Fixed the ``uri`` format to reject URI references (#131)

- Install /usr/bin/jsonschema with update-alternatives support

python-nose2 was updated to 0.9.1:

* the prof plugin now uses cProfile instead of hotshot for profiling
* skipped tests now include the user's reason in junit XML's message field
* the prettyassert plugin mishandled multi-line function definitions
* Using a plugin's CLI flag when the plugin is already enabled via config
  no longer errors
* nose2.plugins.prettyassert, enabled with --pretty-assert
* Cleanup code for EOLed python versions
* Dropped support for distutils.
* Result reporter respects failure status set by other plugins
* JUnit XML plugin now includes the skip reason in its output

Upgrade to 0.8.0:

List of changes is too long to show here, see
https://github.com/nose-devs/nose2/blob/master/docs/changelog.rst
changes between 0.6.5 and 0.8.0

Update to 0.7.0:

* Added parameterized_class feature, for parameterizing entire test
  classes (many thanks to @TobyLL for their suggestions and help testing!)
* Fix DeprecationWarning on `inspect.getargs` (thanks @brettdh;
  https://github.com/wolever/parameterized/issues/67)
* Make sure that `setUp` and `tearDown` methods work correctly (#40)
* Raise a ValueError when input is empty (thanks @danielbradburn;
  https://github.com/wolever/parameterized/pull/48)
* Fix the order when number of cases exceeds 10 (thanks @ntflc;
  https://github.com/wolever/parameterized/pull/49)

python-scandir was included in version 2.3.2.

python-requests was updated to version 2.20.1 (bsc#1111622)

* Fixed bug with unintended Authorization header stripping for
  redirects using default ports (http/80, https/443).

* remove restriction for urllib3 &lt; 1.24

Update to version 2.20.0:

* Bugfixes
  + Content-Type header parsing is now case-insensitive
    (e.g. charset=utf8 v Charset=utf8).
  + Fixed exception leak where certain redirect urls would raise
    uncaught urllib3 exceptions.
  + Requests removes Authorization header from requests redirected
    from https to http on the same hostname. (CVE-2018-18074)
  + should_bypass_proxies now handles URIs without hostnames
    (e.g. files).
* Dependencies
  + Requests now supports urllib3 v1.24.
* Deprecations
  + Requests has officially stopped support for Python 2.6.

Update to version 2.19.1:

* Fixed issue where status_codes.py&#8217;s init function failed trying
  to append to a __doc__ value of None.

Update to version 2.19.0:

* Improvements
  + Warn about possible slowdown with cryptography version &lt; 1.3.4
  + Check host in proxy URL, before forwarding request to adapter.
  + Maintain fragments properly across redirects. (RFC7231 7.1.2)
  + Removed use of cgi module to expedite library load time.
  + Added support for SHA-256 and SHA-512 digest auth algorithms.
  + Minor performance improvement to Request.content.
  + Migrate to using collections.abc for 3.7 compatibility.
* Bugfixes
  + Parsing empty Link headers with parse_header_links() no longer
    return one bogus entry.
  + Fixed issue where loading the default certificate bundle from
    a zip archive would raise an IOError.
  + Fixed issue with unexpected ImportError on windows system
    which do not support winreg module.
  + DNS resolution in proxy bypass no longer includes the username
    and password in the request. This also fixes the issue of DNS
    queries failing on macOS.
  + Properly normalize adapter prefixes for url comparison.
  + Passing None as a file pointer to the files param no longer
    raises an exception.
  + Calling copy on a RequestsCookieJar will now preserve the
    cookie policy correctly.
* We now support idna v2.7 and urllib3 v1.23.

update to version 2.18.4:

* Improvements
  + Error messages for invalid headers now include the header name
    for easier debugging
* Dependencies
  + We now support idna v2.6.

update to version 2.18.3:

* Improvements
  + Running $ python -m requests.help now includes the installed
    version of idna.
* Bugfixes
  + Fixed issue where Requests would raise ConnectionError instead
    of SSLError when encountering SSL problems when using urllib3
    v1.22.
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.13643

Places