Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-cryptography for openSUSE:Factory checked in at 2021-02-16 22:33:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-cryptography (Old) and /work/SRC/openSUSE:Factory/.python-cryptography.new.28504 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-cryptography" Tue Feb 16 22:33:48 2021 rev:54 rq:870297 version:3.3.2 Changes: -------- --- /work/SRC/openSUSE:Factory/python-cryptography/python-cryptography.changes 2020-12-23 14:19:44.765637357 +0100 +++ /work/SRC/openSUSE:Factory/.python-cryptography.new.28504/python-cryptography.changes 2021-02-16 22:33:49.865442918 +0100 @@ -1,0 +2,9 @@ +Sun Feb 7 20:11:11 UTC 2021 - Michael Str??der <mich...@stroeder.com> + +- update to 3.3.2: + * SECURITY ISSUE: Fixed a bug where certain sequences of update() + calls when symmetrically encrypting very large payloads (>2GB) could + result in an integer overflow, leading to buffer overflows. + CVE-2020-36242 + +------------------------------------------------------------------- Old: ---- cryptography-3.3.1.tar.gz cryptography-3.3.1.tar.gz.asc New: ---- cryptography-3.3.2.tar.gz cryptography-3.3.2.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-cryptography.spec ++++++ --- /var/tmp/diff_new_pack.GajwjN/_old 2021-02-16 22:33:50.457443730 +0100 +++ /var/tmp/diff_new_pack.GajwjN/_new 2021-02-16 22:33:50.461443736 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-cryptography # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} %bcond_without python2 Name: python-cryptography -Version: 3.3.1 +Version: 3.3.2 Release: 0 Summary: Python library which exposes cryptographic recipes and primitives License: Apache-2.0 OR BSD-3-Clause ++++++ cryptography-3.3.1.tar.gz -> cryptography-3.3.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cryptography-3.3.1/CHANGELOG.rst new/cryptography-3.3.2/CHANGELOG.rst --- old/cryptography-3.3.1/CHANGELOG.rst 2020-12-10 03:16:42.000000000 +0100 +++ new/cryptography-3.3.2/CHANGELOG.rst 2021-02-07 17:39:35.000000000 +0100 @@ -1,6 +1,15 @@ Changelog ========= +.. _v3-3-2: + +3.3.2 - 2021-02-07 +~~~~~~~~~~~~~~~~~~ + +* **SECURITY ISSUE:** Fixed a bug where certain sequences of ``update()`` calls + when symmetrically encrypting very large payloads (>2GB) could result in an + integer overflow, leading to buffer overflows. *CVE-2020-36242* + .. _v3-3-1: 3.3.1 - 2020-12-09 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cryptography-3.3.1/PKG-INFO new/cryptography-3.3.2/PKG-INFO --- old/cryptography-3.3.1/PKG-INFO 2020-12-10 03:17:25.912427000 +0100 +++ new/cryptography-3.3.2/PKG-INFO 2021-02-07 17:39:57.323258600 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: cryptography -Version: 3.3.1 +Version: 3.3.2 Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. Home-page: https://github.com/pyca/cryptography Author: The cryptography developers diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cryptography-3.3.1/docs/conf.py new/cryptography-3.3.2/docs/conf.py --- old/cryptography-3.3.1/docs/conf.py 2020-12-10 03:16:42.000000000 +0100 +++ new/cryptography-3.3.2/docs/conf.py 2021-02-07 17:39:35.000000000 +0100 @@ -71,7 +71,7 @@ # General information about the project. project = "Cryptography" -copyright = "2013-2020, Individual Contributors" +copyright = "2013-2021, Individual Contributors" # The version info for the project you're documenting, acts as replacement for # |version| and |release|, also used in various other places throughout the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cryptography-3.3.1/src/cryptography/__about__.py new/cryptography-3.3.2/src/cryptography/__about__.py --- old/cryptography-3.3.1/src/cryptography/__about__.py 2020-12-10 03:16:42.000000000 +0100 +++ new/cryptography-3.3.2/src/cryptography/__about__.py 2021-02-07 17:39:35.000000000 +0100 @@ -22,10 +22,10 @@ ) __uri__ = "https://github.com/pyca/cryptography" -__version__ = "3.3.1" +__version__ = "3.3.2" __author__ = "The cryptography developers" __email__ = "cryptography-...@python.org" __license__ = "BSD or Apache License, Version 2.0" -__copyright__ = "Copyright 2013-2020 {}".format(__author__) +__copyright__ = "Copyright 2013-2021 {}".format(__author__) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cryptography-3.3.1/src/cryptography/hazmat/backends/openssl/ciphers.py new/cryptography-3.3.2/src/cryptography/hazmat/backends/openssl/ciphers.py --- old/cryptography-3.3.1/src/cryptography/hazmat/backends/openssl/ciphers.py 2020-12-10 03:16:42.000000000 +0100 +++ new/cryptography-3.3.2/src/cryptography/hazmat/backends/openssl/ciphers.py 2021-02-07 17:39:35.000000000 +0100 @@ -17,7 +17,7 @@ class _CipherContext(object): _ENCRYPT = 1 _DECRYPT = 0 - _MAX_CHUNK_SIZE = 2 ** 31 - 1 + _MAX_CHUNK_SIZE = 2 ** 30 - 1 def __init__(self, backend, cipher, mode, operation): self._backend = backend diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cryptography-3.3.1/src/cryptography.egg-info/PKG-INFO new/cryptography-3.3.2/src/cryptography.egg-info/PKG-INFO --- old/cryptography-3.3.1/src/cryptography.egg-info/PKG-INFO 2020-12-10 03:17:25.000000000 +0100 +++ new/cryptography-3.3.2/src/cryptography.egg-info/PKG-INFO 2021-02-07 17:39:56.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: cryptography -Version: 3.3.1 +Version: 3.3.2 Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. Home-page: https://github.com/pyca/cryptography Author: The cryptography developers