Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-cryptography for
openSUSE:Factory checked in at 2021-02-16 22:33:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-cryptography (Old)
and /work/SRC/openSUSE:Factory/.python-cryptography.new.28504 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-cryptography"
Tue Feb 16 22:33:48 2021 rev:54 rq:870297 version:3.3.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-cryptography/python-cryptography.changes
2020-12-23 14:19:44.765637357 +0100
+++
/work/SRC/openSUSE:Factory/.python-cryptography.new.28504/python-cryptography.changes
2021-02-16 22:33:49.865442918 +0100
@@ -1,0 +2,9 @@
+Sun Feb 7 20:11:11 UTC 2021 - Michael Str??der <[email protected]>
+
+- update to 3.3.2:
+ * SECURITY ISSUE: Fixed a bug where certain sequences of update()
+ calls when symmetrically encrypting very large payloads (>2GB) could
+ result in an integer overflow, leading to buffer overflows.
+ CVE-2020-36242
+
+-------------------------------------------------------------------
Old:
----
cryptography-3.3.1.tar.gz
cryptography-3.3.1.tar.gz.asc
New:
----
cryptography-3.3.2.tar.gz
cryptography-3.3.2.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-cryptography.spec ++++++
--- /var/tmp/diff_new_pack.GajwjN/_old 2021-02-16 22:33:50.457443730 +0100
+++ /var/tmp/diff_new_pack.GajwjN/_new 2021-02-16 22:33:50.461443736 +0100
@@ -1,7 +1,7 @@
#
# spec file for package python-cryptography
#
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
%bcond_without python2
Name: python-cryptography
-Version: 3.3.1
+Version: 3.3.2
Release: 0
Summary: Python library which exposes cryptographic recipes and
primitives
License: Apache-2.0 OR BSD-3-Clause
++++++ cryptography-3.3.1.tar.gz -> cryptography-3.3.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-3.3.1/CHANGELOG.rst
new/cryptography-3.3.2/CHANGELOG.rst
--- old/cryptography-3.3.1/CHANGELOG.rst 2020-12-10 03:16:42.000000000
+0100
+++ new/cryptography-3.3.2/CHANGELOG.rst 2021-02-07 17:39:35.000000000
+0100
@@ -1,6 +1,15 @@
Changelog
=========
+.. _v3-3-2:
+
+3.3.2 - 2021-02-07
+~~~~~~~~~~~~~~~~~~
+
+* **SECURITY ISSUE:** Fixed a bug where certain sequences of ``update()`` calls
+ when symmetrically encrypting very large payloads (>2GB) could result in an
+ integer overflow, leading to buffer overflows. *CVE-2020-36242*
+
.. _v3-3-1:
3.3.1 - 2020-12-09
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-3.3.1/PKG-INFO
new/cryptography-3.3.2/PKG-INFO
--- old/cryptography-3.3.1/PKG-INFO 2020-12-10 03:17:25.912427000 +0100
+++ new/cryptography-3.3.2/PKG-INFO 2021-02-07 17:39:57.323258600 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: cryptography
-Version: 3.3.1
+Version: 3.3.2
Summary: cryptography is a package which provides cryptographic recipes and
primitives to Python developers.
Home-page: https://github.com/pyca/cryptography
Author: The cryptography developers
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-3.3.1/docs/conf.py
new/cryptography-3.3.2/docs/conf.py
--- old/cryptography-3.3.1/docs/conf.py 2020-12-10 03:16:42.000000000 +0100
+++ new/cryptography-3.3.2/docs/conf.py 2021-02-07 17:39:35.000000000 +0100
@@ -71,7 +71,7 @@
# General information about the project.
project = "Cryptography"
-copyright = "2013-2020, Individual Contributors"
+copyright = "2013-2021, Individual Contributors"
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-3.3.1/src/cryptography/__about__.py
new/cryptography-3.3.2/src/cryptography/__about__.py
--- old/cryptography-3.3.1/src/cryptography/__about__.py 2020-12-10
03:16:42.000000000 +0100
+++ new/cryptography-3.3.2/src/cryptography/__about__.py 2021-02-07
17:39:35.000000000 +0100
@@ -22,10 +22,10 @@
)
__uri__ = "https://github.com/pyca/cryptography";
-__version__ = "3.3.1"
+__version__ = "3.3.2"
__author__ = "The cryptography developers"
__email__ = "[email protected]"
__license__ = "BSD or Apache License, Version 2.0"
-__copyright__ = "Copyright 2013-2020 {}".format(__author__)
+__copyright__ = "Copyright 2013-2021 {}".format(__author__)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cryptography-3.3.1/src/cryptography/hazmat/backends/openssl/ciphers.py
new/cryptography-3.3.2/src/cryptography/hazmat/backends/openssl/ciphers.py
--- old/cryptography-3.3.1/src/cryptography/hazmat/backends/openssl/ciphers.py
2020-12-10 03:16:42.000000000 +0100
+++ new/cryptography-3.3.2/src/cryptography/hazmat/backends/openssl/ciphers.py
2021-02-07 17:39:35.000000000 +0100
@@ -17,7 +17,7 @@
class _CipherContext(object):
_ENCRYPT = 1
_DECRYPT = 0
- _MAX_CHUNK_SIZE = 2 ** 31 - 1
+ _MAX_CHUNK_SIZE = 2 ** 30 - 1
def __init__(self, backend, cipher, mode, operation):
self._backend = backend
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cryptography-3.3.1/src/cryptography.egg-info/PKG-INFO
new/cryptography-3.3.2/src/cryptography.egg-info/PKG-INFO
--- old/cryptography-3.3.1/src/cryptography.egg-info/PKG-INFO 2020-12-10
03:17:25.000000000 +0100
+++ new/cryptography-3.3.2/src/cryptography.egg-info/PKG-INFO 2021-02-07
17:39:56.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: cryptography
-Version: 3.3.1
+Version: 3.3.2
Summary: cryptography is a package which provides cryptographic recipes and
primitives to Python developers.
Home-page: https://github.com/pyca/cryptography
Author: The cryptography developers
