Accepting request 1116020 from devel:languages:python

- Use libalternatives instead of update-alternatives.
  * Fix threading issue introduced in 4.7
- update to 4.7 (CVE-2020-25658 bsc#1178676):
  * Declare & test support for Python 3.9
- update to 4.6.0 (CVE-2020-13757 bsc#1172389):

OBS-URL: https://build.opensuse.org/request/show/1116020
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-rsa?expand=0&rev=26
This commit is contained in:
Ana Guerrero 2023-10-06 19:12:12 +00:00 committed by Git OBS Bridge
commit 0be093996a

View File

@ -43,7 +43,7 @@ Tue Mar 2 00:30:30 UTC 2021 - Dirk Müller <dmueller@suse.com>
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jan 28 23:02:47 UTC 2021 - Dirk Müller <dmueller@suse.com> Thu Jan 28 23:02:47 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 4.7: - update to 4.7 (CVE-2020-25658 bsc#1178676):
* CVE-2020-25658 - Bleichenbacher-style timing oracle in PKCS#1 v1.5 decryption code * CVE-2020-25658 - Bleichenbacher-style timing oracle in PKCS#1 v1.5 decryption code
* Add padding length check as described by PKCS#1 v1.5 * Add padding length check as described by PKCS#1 v1.5
* Reuse of blinding factors to speed up blinding operations. * Reuse of blinding factors to speed up blinding operations.
@ -67,7 +67,7 @@ Sun Aug 16 21:04:02 UTC 2020 - John Vandenberg <jayvdb@gmail.com>
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jun 23 15:36:45 UTC 2020 - Dirk Mueller <dmueller@suse.com> Tue Jun 23 15:36:45 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- update to v 4.6.0 (bsc#1172389) - update to 4.6.0 (CVE-2020-13757 bsc#1172389):
* Choose blinding factor relatively prime to N. Thanks Christian Heimes for pointing this out. * Choose blinding factor relatively prime to N. Thanks Christian Heimes for pointing this out.
* Reject cyphertexts (when decrypting) and signatures (when verifying) that have been modified by prepending zero bytes. This resolves CVE-2020-13757. Thanks Carnil for pointing this out. * Reject cyphertexts (when decrypting) and signatures (when verifying) that have been modified by prepending zero bytes. This resolves CVE-2020-13757. Thanks Carnil for pointing this out.
* Rolled back the switch to Poetry, and reverted back to using Pipenv + setup.py for dependency management. There apparently is an issue no-binary installs of packages build with Poetry. This fixes #148 * Rolled back the switch to Poetry, and reverted back to using Pipenv + setup.py for dependency management. There apparently is an issue no-binary installs of packages build with Poetry. This fixes #148