Hello community, here is the log from the commit of package python-rsa for openSUSE:Factory checked in at 2020-07-05 01:10:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-rsa (Old) and /work/SRC/openSUSE:Factory/.python-rsa.new.3060 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-rsa" Sun Jul 5 01:10:37 2020 rev:17 rq:818331 version:4.6 Changes: -------- --- /work/SRC/openSUSE:Factory/python-rsa/python-rsa.changes 2019-03-29 20:37:29.686640986 +0100 +++ /work/SRC/openSUSE:Factory/.python-rsa.new.3060/python-rsa.changes 2020-07-05 01:10:54.755555203 +0200 @@ -1,0 +2,18 @@ +Tue Jun 23 15:36:45 UTC 2020 - Dirk Mueller <[email protected]> + +- update to v 4.6.0 (bsc#1172389) + * Choose blinding factor relatively prime to N. Thanks Christian Heimes for pointing this out. + * Reject cyphertexts (when decrypting) and signatures (when verifying) that have been modified by prepending zero bytes. This resolves CVE-2020-13757. Thanks Carnil for pointing this out. + * Rolled back the switch to Poetry, and reverted back to using Pipenv + setup.py for dependency management. There apparently is an issue no-binary installs of packages build with Poetry. This fixes #148 +Limited SHA3 support to those Python versions (3.6+) that support it natively. The third-party library that adds support for this to Python 3.5 is a binary package, and thus breaks the pure-Python nature of Python-RSA. This should fix #147. + * Added support for Python 3.8. + * Dropped support for Python 2 and 3.4. + * Added type annotations to the source code. This will make Python-RSA easier to use in your IDE, and allows better type checking. + * Added static type checking via MyPy. + * Fix #129 Installing from source gives UnicodeDecodeError. + * Switched to using Poetry for package management. + * Choose blinding factor relatively prime to N. Thanks Christian Heimes for pointing this out. + * Reject cyphertexts (when decrypting) and signatures (when verifying) that + * have been modified by prepending zero bytes. This resolves CVE-2020-13757. + +------------------------------------------------------------------- Old: ---- rsa-4.0.tar.gz New: ---- rsa-4.6.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-rsa.spec ++++++ --- /var/tmp/diff_new_pack.3IRhrz/_old 2020-07-05 01:10:57.331563994 +0200 +++ /var/tmp/diff_new_pack.3IRhrz/_new 2020-07-05 01:10:57.331563994 +0200 @@ -1,7 +1,7 @@ # # spec file for package python-rsa # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} %bcond_without tests Name: python-rsa -Version: 4.0 +Version: 4.6 Release: 0 Summary: Pure-Python RSA Implementation License: Apache-2.0 @@ -27,6 +27,7 @@ URL: http://stuvel.eu/rsa Source: https://files.pythonhosted.org/packages/source/r/rsa/rsa-%{version}.tar.gz BuildRequires: %{python_module mock} +BuildRequires: %{python_module mypy} BuildRequires: %{python_module pyasn1 >= 0.1.3} BuildRequires: %{python_module setuptools} BuildRequires: fdupes @@ -79,7 +80,7 @@ %files %{python_files} %license LICENSE -%doc CHANGELOG.txt README.md +%doc README.md %python_alternative %{_bindir}/pyrsa-decrypt %python_alternative %{_bindir}/pyrsa-encrypt %python_alternative %{_bindir}/pyrsa-keygen ++++++ rsa-4.0.tar.gz -> rsa-4.6.tar.gz ++++++ ++++ 3094 lines of diff (skipped)
