Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-cryptography for
openSUSE:Factory checked in at 2023-02-10 14:33:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-cryptography (Old)
and /work/SRC/openSUSE:Factory/.python-cryptography.new.1848 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-cryptography"
Fri Feb 10 14:33:43 2023 rev:72 rq:1063995 version:39.0.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-cryptography/python-cryptography.changes
2023-01-14 20:31:01.448967084 +0100
+++
/work/SRC/openSUSE:Factory/.python-cryptography.new.1848/python-cryptography.changes
2023-02-10 14:33:48.645379302 +0100
@@ -1,0 +2,10 @@
+Thu Feb 9 09:53:49 UTC 2023 - Matej Cepl <[email protected]>
+
+- Update to 39.0.1:
+ * SECURITY ISSUE - Fixed a bug where Cipher.update_into
+ accepted Python buffer protocol objects, but allowed
+ immutable buffers. CVE-2023-23931
+ * Updated Windows, macOS, and Linux wheels to be compiled with
+ OpenSSL 3.0.8.
+
+-------------------------------------------------------------------
Old:
----
cryptography-39.0.0.tar.gz
New:
----
cryptography-39.0.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-cryptography.spec ++++++
--- /var/tmp/diff_new_pack.3TnHBz/_old 2023-02-10 14:33:49.273383055 +0100
+++ /var/tmp/diff_new_pack.3TnHBz/_new 2023-02-10 14:33:49.285383126 +0100
@@ -28,7 +28,7 @@
%bcond_with test
%endif
Name: python-cryptography%{psuffix}
-Version: 39.0.0
+Version: 39.0.1
Release: 0
Summary: Python library which exposes cryptographic recipes and
primitives
License: Apache-2.0 OR BSD-3-Clause
++++++ cryptography-39.0.0.tar.gz -> cryptography-39.0.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-39.0.0/CHANGELOG.rst
new/cryptography-39.0.1/CHANGELOG.rst
--- old/cryptography-39.0.0/CHANGELOG.rst 2023-01-02 04:08:31.000000000
+0100
+++ new/cryptography-39.0.1/CHANGELOG.rst 2023-02-07 20:21:24.000000000
+0100
@@ -1,6 +1,15 @@
Changelog
=========
+.. _v39-0-1:
+
+39.0.1 - 2023-02-07
+~~~~~~~~~~~~~~~~~~~
+
+* **SECURITY ISSUE** - Fixed a bug where ``Cipher.update_into`` accepted Python
+ buffer protocol objects, but allowed immutable buffers. **CVE-2023-23931**
+* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.8.
+
.. _v39-0-0:
39.0.0 - 2023-01-01
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-39.0.0/MANIFEST.in
new/cryptography-39.0.1/MANIFEST.in
--- old/cryptography-39.0.0/MANIFEST.in 2023-01-02 04:08:31.000000000 +0100
+++ new/cryptography-39.0.1/MANIFEST.in 2023-02-07 20:21:24.000000000 +0100
@@ -19,6 +19,4 @@
recursive-exclude .github *
-exclude release.py .readthedocs.yml dev-requirements.txt tox.ini mypy.ini
-
-recursive-exclude .circleci *
+exclude release.py .readthedocs.yml ci-constraints-requirements.txt tox.ini
mypy.ini
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-39.0.0/PKG-INFO
new/cryptography-39.0.1/PKG-INFO
--- old/cryptography-39.0.0/PKG-INFO 2023-01-02 04:08:41.837802200 +0100
+++ new/cryptography-39.0.1/PKG-INFO 2023-02-07 20:21:36.377044000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: cryptography
-Version: 39.0.0
+Version: 39.0.1
Summary: cryptography is a package which provides cryptographic recipes and
primitives to Python developers.
Home-page: https://github.com/pyca/cryptography
Author: The Python Cryptographic Authority and individual contributors
@@ -34,7 +34,9 @@
Classifier: Topic :: Security :: Cryptography
Requires-Python: >=3.6
Description-Content-Type: text/x-rst
+Provides-Extra: tox
Provides-Extra: test
+Provides-Extra: test-randomorder
Provides-Extra: docs
Provides-Extra: docstest
Provides-Extra: sdist
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-39.0.0/setup.cfg
new/cryptography-39.0.1/setup.cfg
--- old/cryptography-39.0.0/setup.cfg 2023-01-02 04:08:41.837802200 +0100
+++ new/cryptography-39.0.1/setup.cfg 2023-02-07 20:21:36.377044000 +0100
@@ -54,8 +54,11 @@
_cffi_src.*
[options.extras_require]
+tox =
+ tox
test =
pytest>=6.2.0
+ pytest-shard>=0.1.2
pytest-benchmark
pytest-cov
pytest-subtests
@@ -64,9 +67,11 @@
iso8601
pytz
hypothesis>=1.11.4,!=3.79.2
+test-randomorder =
+ pytest-randomly
docs =
- sphinx >= 1.6.5,!=1.8.0,!=3.1.0,!=3.1.1,!=5.2.0,!=5.2.0.post0
- sphinx_rtd_theme
+ sphinx >= 5.3.0
+ sphinx-rtd-theme>=1.1.1
docstest =
pyenchant >= 1.6.11
twine >= 1.12.0
@@ -76,6 +81,10 @@
pep8test =
black
ruff
+ mypy
+ types-pytz
+ types-requests
+ check-manifest
ssh =
bcrypt >= 3.1.5
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-39.0.0/src/_cffi_src/openssl/x509v3.py
new/cryptography-39.0.1/src/_cffi_src/openssl/x509v3.py
--- old/cryptography-39.0.0/src/_cffi_src/openssl/x509v3.py 2023-01-02
04:08:31.000000000 +0100
+++ new/cryptography-39.0.1/src/_cffi_src/openssl/x509v3.py 2023-02-07
20:21:24.000000000 +0100
@@ -51,7 +51,7 @@
X509_EXTENSION *X509V3_EXT_nconf(CONF *, X509V3_CTX *, const char *,
const char *);
-void *X509V3_set_ctx_nodb(X509V3_CTX *);
+void X509V3_set_ctx_nodb(X509V3_CTX *);
int sk_GENERAL_NAME_num(struct stack_st_GENERAL_NAME *);
GENERAL_NAME *sk_GENERAL_NAME_value(struct stack_st_GENERAL_NAME *, int);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-39.0.0/src/cryptography/__about__.py
new/cryptography-39.0.1/src/cryptography/__about__.py
--- old/cryptography-39.0.0/src/cryptography/__about__.py 2023-01-02
04:08:31.000000000 +0100
+++ new/cryptography-39.0.1/src/cryptography/__about__.py 2023-02-07
20:21:24.000000000 +0100
@@ -9,7 +9,7 @@
"__copyright__",
]
-__version__ = "39.0.0"
+__version__ = "39.0.1"
__author__ = "The Python Cryptographic Authority and individual contributors"
__copyright__ = "Copyright 2013-2022 {}".format(__author__)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cryptography-39.0.0/src/cryptography/hazmat/backends/openssl/ciphers.py
new/cryptography-39.0.1/src/cryptography/hazmat/backends/openssl/ciphers.py
--- old/cryptography-39.0.0/src/cryptography/hazmat/backends/openssl/ciphers.py
2023-01-02 04:08:31.000000000 +0100
+++ new/cryptography-39.0.1/src/cryptography/hazmat/backends/openssl/ciphers.py
2023-02-07 20:21:24.000000000 +0100
@@ -156,7 +156,7 @@
data_processed = 0
total_out = 0
outlen = self._backend._ffi.new("int *")
- baseoutbuf = self._backend._ffi.from_buffer(buf)
+ baseoutbuf = self._backend._ffi.from_buffer(buf, require_writable=True)
baseinbuf = self._backend._ffi.from_buffer(data)
while data_processed != total_data_len:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cryptography-39.0.0/src/cryptography.egg-info/PKG-INFO
new/cryptography-39.0.1/src/cryptography.egg-info/PKG-INFO
--- old/cryptography-39.0.0/src/cryptography.egg-info/PKG-INFO 2023-01-02
04:08:41.000000000 +0100
+++ new/cryptography-39.0.1/src/cryptography.egg-info/PKG-INFO 2023-02-07
20:21:36.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: cryptography
-Version: 39.0.0
+Version: 39.0.1
Summary: cryptography is a package which provides cryptographic recipes and
primitives to Python developers.
Home-page: https://github.com/pyca/cryptography
Author: The Python Cryptographic Authority and individual contributors
@@ -34,7 +34,9 @@
Classifier: Topic :: Security :: Cryptography
Requires-Python: >=3.6
Description-Content-Type: text/x-rst
+Provides-Extra: tox
Provides-Extra: test
+Provides-Extra: test-randomorder
Provides-Extra: docs
Provides-Extra: docstest
Provides-Extra: sdist
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cryptography-39.0.0/src/cryptography.egg-info/requires.txt
new/cryptography-39.0.1/src/cryptography.egg-info/requires.txt
--- old/cryptography-39.0.0/src/cryptography.egg-info/requires.txt
2023-01-02 04:08:41.000000000 +0100
+++ new/cryptography-39.0.1/src/cryptography.egg-info/requires.txt
2023-02-07 20:21:36.000000000 +0100
@@ -1,8 +1,8 @@
cffi>=1.12
[docs]
-sphinx!=1.8.0,!=3.1.0,!=3.1.1,!=5.2.0,!=5.2.0.post0,>=1.6.5
-sphinx_rtd_theme
+sphinx>=5.3.0
+sphinx-rtd-theme>=1.1.1
[docstest]
pyenchant>=1.6.11
@@ -12,6 +12,10 @@
[pep8test]
black
ruff
+mypy
+types-pytz
+types-requests
+check-manifest
[sdist]
setuptools_rust>=0.11.4
@@ -21,6 +25,7 @@
[test]
pytest>=6.2.0
+pytest-shard>=0.1.2
pytest-benchmark
pytest-cov
pytest-subtests
@@ -29,3 +34,9 @@
iso8601
pytz
hypothesis!=3.79.2,>=1.11.4
+
+[test-randomorder]
+pytest-randomly
+
+[tox]
+tox
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cryptography-39.0.0/tests/hazmat/primitives/test_ciphers.py
new/cryptography-39.0.1/tests/hazmat/primitives/test_ciphers.py
--- old/cryptography-39.0.0/tests/hazmat/primitives/test_ciphers.py
2023-01-02 04:08:31.000000000 +0100
+++ new/cryptography-39.0.1/tests/hazmat/primitives/test_ciphers.py
2023-02-07 20:21:24.000000000 +0100
@@ -318,6 +318,14 @@
with pytest.raises(ValueError):
encryptor.update_into(b"testing", buf)
+ def test_update_into_immutable(self, backend):
+ key = b"\x00" * 16
+ c = ciphers.Cipher(AES(key), modes.ECB(), backend)
+ encryptor = c.encryptor()
+ buf = b"\x00" * 32
+ with pytest.raises((TypeError, BufferError)):
+ encryptor.update_into(b"testing", buf)
+
@pytest.mark.supported(
only_if=lambda backend: backend.cipher_supported(
AES(b"\x00" * 16), modes.GCM(b"\x00" * 12)
