commit python-cryptography for openSUSE:Factory

Source-Sync Sat, 05 Nov 2022 06:46:54 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python-cryptography for 
openSUSE:Factory checked in at 2022-11-05 14:46:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-cryptography (Old)
 and      /work/SRC/openSUSE:Factory/.python-cryptography.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "python-cryptography"

Sat Nov  5 14:46:35 2022 rev:68 rq:1033460 version:38.0.3

Changes:
--------
--- /work/SRC/openSUSE:Factory/python-cryptography/python-cryptography.changes  
2022-10-03 13:44:24.265302231 +0200
+++ 
/work/SRC/openSUSE:Factory/.python-cryptography.new.2275/python-cryptography.changes
        2022-11-05 14:46:38.490549196 +0100
@@ -1,0 +2,8 @@
+Thu Nov  3 19:17:35 UTC 2022 - Matej Cepl <[email protected]>
+
+- update to 38.0.3:
+  - Updated Windows, macOS, and Linux wheels to be compiled
+    with OpenSSL 3.0.7, which resolves CVE-2022-3602 and
+    CVE-2022-3786.
+
+-------------------------------------------------------------------

Old:
----
  cryptography-38.0.1.tar.gz

New:
----
  cryptography-38.0.3.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-cryptography.spec ++++++
--- /var/tmp/diff_new_pack.r43tLX/_old  2022-11-05 14:46:39.754556569 +0100
+++ /var/tmp/diff_new_pack.r43tLX/_new  2022-11-05 14:46:39.754556569 +0100
@@ -28,7 +28,7 @@
 %bcond_with test
 %endif
 Name:           python-cryptography%{psuffix}
-Version:        38.0.1
+Version:        38.0.3
 Release:        0
 Summary:        Python library which exposes cryptographic recipes and 
primitives
 License:        Apache-2.0 OR BSD-3-Clause

++++++ _service ++++++
--- /var/tmp/diff_new_pack.r43tLX/_old  2022-11-05 14:46:39.810556896 +0100
+++ /var/tmp/diff_new_pack.r43tLX/_new  2022-11-05 14:46:39.814556919 +0100
@@ -1,7 +1,7 @@
 <services>
   <service name="download_files" mode="disabled"/>
   <service name="cargo_vendor" mode="disabled">
-    <param name="srcdir">cryptography-38.0.1/src/rust</param>
+    <param name="srcdir">cryptography-38.0.3/src/rust</param>
     <param name="compression">zst</param>
   </service>
   <service name="cargo_audit" mode="disabled">

++++++ cryptography-38.0.1.tar.gz -> cryptography-38.0.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/cryptography-38.0.1/CHANGELOG.rst 
new/cryptography-38.0.3/CHANGELOG.rst
--- old/cryptography-38.0.1/CHANGELOG.rst       2022-09-07 14:21:04.000000000 
+0200
+++ new/cryptography-38.0.3/CHANGELOG.rst       2022-11-01 22:10:25.000000000 
+0100
@@ -1,9 +1,28 @@
 Changelog
 =========
 
+.. _v38-0-3:
+
+38.0.3 - 2022-11-01
+~~~~~~~~~~~~~~~~~~~
+
+* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.7,
+  which resolves *CVE-2022-3602* and *CVE-2022-3786*.
+
+.. _v38-0-2:
+
+38.0.2 - 2022-10-11
+~~~~~~~~~~~~~~~~~~~
+
+.. attention::
+
+    This release was subsequently yanked from PyPI due to a regression in 
OpenSSL.
+
+* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.6.
+
 .. _v38-0-1:
 
-38.0.0 - 2022-09-07
+38.0.1 - 2022-09-07
 ~~~~~~~~~~~~~~~~~~~
 
 * Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/cryptography-38.0.1/PKG-INFO 
new/cryptography-38.0.3/PKG-INFO
--- old/cryptography-38.0.1/PKG-INFO    2022-09-07 14:25:34.848675700 +0200
+++ new/cryptography-38.0.3/PKG-INFO    2022-11-01 22:23:58.197863800 +0100
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: cryptography
-Version: 38.0.1
+Version: 38.0.3
 Summary: cryptography is a package which provides cryptographic recipes and 
primitives to Python developers.
 Home-page: https://github.com/pyca/cryptography
 Author: The Python Cryptographic Authority and individual contributors
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/cryptography-38.0.1/src/cryptography/__about__.py 
new/cryptography-38.0.3/src/cryptography/__about__.py
--- old/cryptography-38.0.1/src/cryptography/__about__.py       2022-09-07 
14:21:04.000000000 +0200
+++ new/cryptography-38.0.3/src/cryptography/__about__.py       2022-11-01 
22:10:25.000000000 +0100
@@ -9,7 +9,7 @@
     "__copyright__",
 ]
 
-__version__ = "38.0.1"
+__version__ = "38.0.3"
 
 __author__ = "The Python Cryptographic Authority and individual contributors"
 __copyright__ = "Copyright 2013-2022 {}".format(__author__)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/cryptography-38.0.1/src/cryptography/hazmat/backends/openssl/backend.py 
new/cryptography-38.0.3/src/cryptography/hazmat/backends/openssl/backend.py
--- old/cryptography-38.0.1/src/cryptography/hazmat/backends/openssl/backend.py 
2022-09-07 14:21:04.000000000 +0200
+++ new/cryptography-38.0.3/src/cryptography/hazmat/backends/openssl/backend.py 
2022-11-01 22:10:25.000000000 +0100
@@ -2190,14 +2190,11 @@
             res = self._lib.PKCS12_parse(
                 p12, password_buf, evp_pkey_ptr, x509_ptr, sk_x509_ptr
             )
-
-        # Workaround for
-        # https://github.com/libressl-portable/portable/issues/659
-        if self._lib.CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340:
-            self._consume_errors()
-
+        # OpenSSL 3.0.6 leaves errors on the stack even in success, so
+        # we consume all errors unconditionally.
+        # https://github.com/openssl/openssl/issues/19389
+        self._consume_errors()
         if res == 0:
-            self._consume_errors()
             raise ValueError("Invalid password or PKCS12 data")
 
         cert = None
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/cryptography-38.0.1/src/cryptography.egg-info/PKG-INFO 
new/cryptography-38.0.3/src/cryptography.egg-info/PKG-INFO
--- old/cryptography-38.0.1/src/cryptography.egg-info/PKG-INFO  2022-09-07 
14:25:34.000000000 +0200
+++ new/cryptography-38.0.3/src/cryptography.egg-info/PKG-INFO  2022-11-01 
22:23:58.000000000 +0100
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: cryptography
-Version: 38.0.1
+Version: 38.0.3
 Summary: cryptography is a package which provides cryptographic recipes and 
primitives to Python developers.
 Home-page: https://github.com/pyca/cryptography
 Author: The Python Cryptographic Authority and individual contributors

++++++ skip_openssl_memleak_test.patch ++++++
--- /var/tmp/diff_new_pack.r43tLX/_old  2022-11-05 14:46:40.074558436 +0100
+++ /var/tmp/diff_new_pack.r43tLX/_new  2022-11-05 14:46:40.078558459 +0100
@@ -1,8 +1,10 @@
-Index: cryptography-3.0/tests/hazmat/backends/test_openssl_memleak.py
-===================================================================
---- cryptography-3.0.orig/tests/hazmat/backends/test_openssl_memleak.py
-+++ cryptography-3.0/tests/hazmat/backends/test_openssl_memleak.py
-@@ -153,10 +153,9 @@ def assert_no_memory_leaks(s, argv=[]):
+---
+ tests/hazmat/backends/test_openssl_memleak.py |    7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+--- a/tests/hazmat/backends/test_openssl_memleak.py
++++ b/tests/hazmat/backends/test_openssl_memleak.py
+@@ -174,10 +174,9 @@ def assert_no_memory_leaks(s, argv=[]):
  
  
  def skip_if_memtesting_not_supported():

++++++ vendor.tar.zst ++++++
Binary files /var/tmp/diff_new_pack.r43tLX/_old and 
/var/tmp/diff_new_pack.r43tLX/_new differ

commit python-cryptography for openSUSE:Factory

Reply via email to