Overview

File _patchinfo of Package patchinfo.26140

<patchinfo incident="26140">
  <issue tracker="bnc" id="1181995"/>
  <issue tracker="bnc" id="1177083">python-aliyun-python-sdk-core package ships a vendored python-requests package</issue>
  <issue tracker="jsc" id="PM-2475"/>
  <issue tracker="jsc" id="ECO-3329"/>
  <issue tracker="jsc" id="SLE-18312"/>
  <issue tracker="jsc" id="PM-2730"/>
  <issue tracker="fate" id="316168"/>
  <packager>glaubitz</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for python-crcmod, python-cryptography, python-cryptography-vectors</summary>
  <description>This update for python-crcmod, python-cryptography, python-cryptography-vectors contains the following fixes:

Changes in python-crcmod:

- Include in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)
- Include in SLE-15 (bsc#1181995, jsc#ECO-3329, jsc#PM-2475)

- Cleanup spec file
- Use fdupes
- Do not bundle html doc

- singlespec auto-conversion

- Include in SLE 12 (FATE #316168)

- Initial release

Changes in python-cryptography:
- Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)

- Refresh patches for new version

* Using the Fernet class to symmetrically encrypt multi gigabyte values. (bsc#1182066, CVE-2020-36242)
    could result in an integer overflow and buffer overflow.

- update to 2.9.2
  * 2.9.2 - 2020-04-22
    - Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15.
  * 2.9.1 - 2020-04-21
    - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g.
  * 2.9 - 2020-04-02
    - BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to
      low usage and maintenance burden.
    - BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed.
      Users on older version of OpenSSL will need to upgrade.
    - BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.
    - Removed support for calling public_bytes() with no arguments, as per 
      our deprecation policy. You must now pass encoding and format.
    - BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string()
      returns the RDNs as required by RFC 4514.
    - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f.
    - Added support for parsing single_extensions in an OCSP response.
    - NameAttribute values can now be empty strings.

Changes in python-cryptography-vectors:
- Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)

- update to 2.9.2:
  * updated vectors for the cryptography 2.9.2 testing

  </description>
</patchinfo>
openSUSE Build Service is sponsored by
Places