Hello community, here is the log from the commit of package python-pycrypto for openSUSE:Factory checked in at 2013-04-24 16:00:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-pycrypto (Old) and /work/SRC/openSUSE:Factory/.python-pycrypto.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-pycrypto", Maintainer is "radma...@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/python-pycrypto/python-pycrypto.changes 2012-09-06 09:01:42.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.python-pycrypto.new/python-pycrypto.changes 2013-04-24 16:00:31.000000000 +0200 @@ -1,0 +2,55 @@ +Wed Apr 24 06:56:10 UTC 2013 - highwaystar...@gmail.com + +- update to 2.6 + * [CVE-2012-2417] Fix LP#985164: insecure ElGamal key generation. + (thanks: Legrandin) + + In the ElGamal schemes (for both encryption and signatures), g is + supposed to be the generator of the entire Z^*_p group. However, in + PyCrypto 2.5 and earlier, g is more simply the generator of a random + sub-group of Z^*_p. + + The result is that the signature space (when the key is used for + signing) or the public key space (when the key is used for encryption) + may be greatly reduced from its expected size of log(p) bits, possibly + down to 1 bit (the worst case if the order of g is 2). + + While it has not been confirmed, it has also been suggested that an + attacker might be able to use this fact to determine the private key. + + Anyone using ElGamal keys should generate new keys as soon as practical. + + Any additional information about this bug will be tracked at + https://bugs.launchpad.net/pycrypto/+bug/985164 + + * Huge documentation cleanup (thanks: Legrandin). + + * Added more tests, including test vectors from NIST 800-38A + (thanks: Legrandin) + + * Remove broken MODE_PGP, which never actually worked properly. + A new mode, MODE_OPENPGP, has been added for people wishing to write + OpenPGP implementations. Note that this does not implement the full + OpenPGP specification, only the "OpenPGP CFB mode" part of that + specification. + https://bugs.launchpad.net/pycrypto/+bug/996814 + + * Fix: getPrime with invalid input causes Python to abort with fatal error + https://bugs.launchpad.net/pycrypto/+bug/988431 + + * Fix: Segfaults within error-handling paths + (thanks: Paul Howarth & Dave Malcolm) + https://bugs.launchpad.net/pycrypto/+bug/934294 + + * Fix: Block ciphers allow empty string as IV + https://bugs.launchpad.net/pycrypto/+bug/997464 + + * Fix DevURandomRNG to work with Python3's new I/O stack. + (thanks: Sebastian Ramacher) + + * Remove automagic dependencies on libgmp and libmpir, let the caller + disable them using args. + + * Many other minor bug fixes and improvements (mostly thanks to Legrandin) + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/python-pycrypto/python3-pycrypto.changes 2012-11-28 14:34:02.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.python-pycrypto.new/python3-pycrypto.changes 2013-04-24 16:00:31.000000000 +0200 @@ -1,0 +2,55 @@ +Wed Apr 24 06:55:47 UTC 2013 - highwaystar...@gmail.com + +- update to 2.6 + * [CVE-2012-2417] Fix LP#985164: insecure ElGamal key generation. + (thanks: Legrandin) + + In the ElGamal schemes (for both encryption and signatures), g is + supposed to be the generator of the entire Z^*_p group. However, in + PyCrypto 2.5 and earlier, g is more simply the generator of a random + sub-group of Z^*_p. + + The result is that the signature space (when the key is used for + signing) or the public key space (when the key is used for encryption) + may be greatly reduced from its expected size of log(p) bits, possibly + down to 1 bit (the worst case if the order of g is 2). + + While it has not been confirmed, it has also been suggested that an + attacker might be able to use this fact to determine the private key. + + Anyone using ElGamal keys should generate new keys as soon as practical. + + Any additional information about this bug will be tracked at + https://bugs.launchpad.net/pycrypto/+bug/985164 + + * Huge documentation cleanup (thanks: Legrandin). + + * Added more tests, including test vectors from NIST 800-38A + (thanks: Legrandin) + + * Remove broken MODE_PGP, which never actually worked properly. + A new mode, MODE_OPENPGP, has been added for people wishing to write + OpenPGP implementations. Note that this does not implement the full + OpenPGP specification, only the "OpenPGP CFB mode" part of that + specification. + https://bugs.launchpad.net/pycrypto/+bug/996814 + + * Fix: getPrime with invalid input causes Python to abort with fatal error + https://bugs.launchpad.net/pycrypto/+bug/988431 + + * Fix: Segfaults within error-handling paths + (thanks: Paul Howarth & Dave Malcolm) + https://bugs.launchpad.net/pycrypto/+bug/934294 + + * Fix: Block ciphers allow empty string as IV + https://bugs.launchpad.net/pycrypto/+bug/997464 + + * Fix DevURandomRNG to work with Python3's new I/O stack. + (thanks: Sebastian Ramacher) + + * Remove automagic dependencies on libgmp and libmpir, let the caller + disable them using args. + + * Many other minor bug fixes and improvements (mostly thanks to Legrandin) + +------------------------------------------------------------------- Old: ---- pycrypto-2.5.tar.gz New: ---- pycrypto-2.6.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-pycrypto.spec ++++++ --- /var/tmp/diff_new_pack.mN9Czp/_old 2013-04-24 16:00:37.000000000 +0200 +++ /var/tmp/diff_new_pack.mN9Czp/_new 2013-04-24 16:00:37.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package python-pycrypto # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: python-pycrypto -Version: 2.5 +Version: 2.6 Release: 0 Url: http://www.pycrypto.org/ Summary: Cryptographic modules for Python python3-pycrypto.spec: same change ++++++ pycrypto-2.5.tar.gz -> pycrypto-2.6.tar.gz ++++++ ++++ 6678 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org