commit python-cryptography for openSUSE:Factory

Source-Sync Tue, 16 Feb 2021 13:34:14 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python-cryptography for 
openSUSE:Factory checked in at 2021-02-16 22:33:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-cryptography (Old)
 and      /work/SRC/openSUSE:Factory/.python-cryptography.new.28504 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "python-cryptography"

Tue Feb 16 22:33:48 2021 rev:54 rq:870297 version:3.3.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/python-cryptography/python-cryptography.changes  
2020-12-23 14:19:44.765637357 +0100
+++ 
/work/SRC/openSUSE:Factory/.python-cryptography.new.28504/python-cryptography.changes
       2021-02-16 22:33:49.865442918 +0100
@@ -1,0 +2,9 @@
+Sun Feb  7 20:11:11 UTC 2021 - Michael Str??der <mich...@stroeder.com>
+
+- update to 3.3.2:
+  * SECURITY ISSUE: Fixed a bug where certain sequences of update()
+    calls when symmetrically encrypting very large payloads (>2GB) could
+    result in an integer overflow, leading to buffer overflows.
+    CVE-2020-36242
+
+-------------------------------------------------------------------

Old:
----
  cryptography-3.3.1.tar.gz
  cryptography-3.3.1.tar.gz.asc

New:
----
  cryptography-3.3.2.tar.gz
  cryptography-3.3.2.tar.gz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-cryptography.spec ++++++
--- /var/tmp/diff_new_pack.GajwjN/_old  2021-02-16 22:33:50.457443730 +0100
+++ /var/tmp/diff_new_pack.GajwjN/_new  2021-02-16 22:33:50.461443736 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package python-cryptography
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 %bcond_without python2
 Name:           python-cryptography
-Version:        3.3.1
+Version:        3.3.2
 Release:        0
 Summary:        Python library which exposes cryptographic recipes and 
primitives
 License:        Apache-2.0 OR BSD-3-Clause

++++++ cryptography-3.3.1.tar.gz -> cryptography-3.3.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/cryptography-3.3.1/CHANGELOG.rst 
new/cryptography-3.3.2/CHANGELOG.rst
--- old/cryptography-3.3.1/CHANGELOG.rst        2020-12-10 03:16:42.000000000 
+0100
+++ new/cryptography-3.3.2/CHANGELOG.rst        2021-02-07 17:39:35.000000000 
+0100
@@ -1,6 +1,15 @@
 Changelog
 =========
 
+.. _v3-3-2:
+
+3.3.2 - 2021-02-07
+~~~~~~~~~~~~~~~~~~
+
+* **SECURITY ISSUE:** Fixed a bug where certain sequences of ``update()`` calls
+  when symmetrically encrypting very large payloads (>2GB) could result in an
+  integer overflow, leading to buffer overflows. *CVE-2020-36242*
+
 .. _v3-3-1:
 
 3.3.1 - 2020-12-09
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/cryptography-3.3.1/PKG-INFO 
new/cryptography-3.3.2/PKG-INFO
--- old/cryptography-3.3.1/PKG-INFO     2020-12-10 03:17:25.912427000 +0100
+++ new/cryptography-3.3.2/PKG-INFO     2021-02-07 17:39:57.323258600 +0100
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: cryptography
-Version: 3.3.1
+Version: 3.3.2
 Summary: cryptography is a package which provides cryptographic recipes and 
primitives to Python developers.
 Home-page: https://github.com/pyca/cryptography
 Author: The cryptography developers
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/cryptography-3.3.1/docs/conf.py 
new/cryptography-3.3.2/docs/conf.py
--- old/cryptography-3.3.1/docs/conf.py 2020-12-10 03:16:42.000000000 +0100
+++ new/cryptography-3.3.2/docs/conf.py 2021-02-07 17:39:35.000000000 +0100
@@ -71,7 +71,7 @@
 
 # General information about the project.
 project = "Cryptography"
-copyright = "2013-2020, Individual Contributors"
+copyright = "2013-2021, Individual Contributors"
 
 # The version info for the project you're documenting, acts as replacement for
 # |version| and |release|, also used in various other places throughout the
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/cryptography-3.3.1/src/cryptography/__about__.py 
new/cryptography-3.3.2/src/cryptography/__about__.py
--- old/cryptography-3.3.1/src/cryptography/__about__.py        2020-12-10 
03:16:42.000000000 +0100
+++ new/cryptography-3.3.2/src/cryptography/__about__.py        2021-02-07 
17:39:35.000000000 +0100
@@ -22,10 +22,10 @@
 )
 __uri__ = "https://github.com/pyca/cryptography";
 
-__version__ = "3.3.1"
+__version__ = "3.3.2"
 
 __author__ = "The cryptography developers"
 __email__ = "cryptography-...@python.org"
 
 __license__ = "BSD or Apache License, Version 2.0"
-__copyright__ = "Copyright 2013-2020 {}".format(__author__)
+__copyright__ = "Copyright 2013-2021 {}".format(__author__)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/cryptography-3.3.1/src/cryptography/hazmat/backends/openssl/ciphers.py 
new/cryptography-3.3.2/src/cryptography/hazmat/backends/openssl/ciphers.py
--- old/cryptography-3.3.1/src/cryptography/hazmat/backends/openssl/ciphers.py  
2020-12-10 03:16:42.000000000 +0100
+++ new/cryptography-3.3.2/src/cryptography/hazmat/backends/openssl/ciphers.py  
2021-02-07 17:39:35.000000000 +0100
@@ -17,7 +17,7 @@
 class _CipherContext(object):
     _ENCRYPT = 1
     _DECRYPT = 0
-    _MAX_CHUNK_SIZE = 2 ** 31 - 1
+    _MAX_CHUNK_SIZE = 2 ** 30 - 1
 
     def __init__(self, backend, cipher, mode, operation):
         self._backend = backend
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/cryptography-3.3.1/src/cryptography.egg-info/PKG-INFO 
new/cryptography-3.3.2/src/cryptography.egg-info/PKG-INFO
--- old/cryptography-3.3.1/src/cryptography.egg-info/PKG-INFO   2020-12-10 
03:17:25.000000000 +0100
+++ new/cryptography-3.3.2/src/cryptography.egg-info/PKG-INFO   2021-02-07 
17:39:56.000000000 +0100
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: cryptography
-Version: 3.3.1
+Version: 3.3.2
 Summary: cryptography is a package which provides cryptographic recipes and 
primitives to Python developers.
 Home-page: https://github.com/pyca/cryptography
 Author: The cryptography developers

commit python-cryptography for openSUSE:Factory

Reply via email to