SHA256
1
0
forked from pool/python-rsa

Accepting request 1116020 from devel:languages:python

- Use libalternatives instead of update-alternatives.
  * Fix threading issue introduced in 4.7
- update to 4.7 (CVE-2020-25658 bsc#1178676):
  * Declare & test support for Python 3.9
- update to 4.6.0 (CVE-2020-13757 bsc#1172389):

OBS-URL: https://build.opensuse.org/request/show/1116020
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-rsa?expand=0&rev=26
This commit is contained in:
Ana Guerrero 2023-10-06 19:12:12 +00:00 committed by Git OBS Bridge
commit 0be093996a

View File

@ -31,23 +31,23 @@ Sat Jun 25 20:49:54 UTC 2022 - Dirk Müller <dmueller@suse.com>
-------------------------------------------------------------------
Mon Aug 23 14:46:41 UTC 2021 - Stefan Schubert <schubi@suse.de>
- Use libalternatives instead of update-alternatives.
- Use libalternatives instead of update-alternatives.
-------------------------------------------------------------------
Tue Mar 2 00:30:30 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 4.7.2:
* Fix picking/unpickling issue introduced in 4.7
* Fix threading issue introduced in 4.7
* Fix threading issue introduced in 4.7
-------------------------------------------------------------------
Thu Jan 28 23:02:47 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 4.7:
- update to 4.7 (CVE-2020-25658 bsc#1178676):
* CVE-2020-25658 - Bleichenbacher-style timing oracle in PKCS#1 v1.5 decryption code
* Add padding length check as described by PKCS#1 v1.5
* Reuse of blinding factors to speed up blinding operations.
* Declare & test support for Python 3.9
* Declare & test support for Python 3.9
-------------------------------------------------------------------
Wed Dec 9 10:45:29 UTC 2020 - Benjamin Greiner <code@bnavigator.de>
@ -67,7 +67,7 @@ Sun Aug 16 21:04:02 UTC 2020 - John Vandenberg <jayvdb@gmail.com>
-------------------------------------------------------------------
Tue Jun 23 15:36:45 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- update to v 4.6.0 (bsc#1172389)
- update to 4.6.0 (CVE-2020-13757 bsc#1172389):
* Choose blinding factor relatively prime to N. Thanks Christian Heimes for pointing this out.
* Reject cyphertexts (when decrypting) and signatures (when verifying) that have been modified by prepending zero bytes. This resolves CVE-2020-13757. Thanks Carnil for pointing this out.
* Rolled back the switch to Poetry, and reverted back to using Pipenv + setup.py for dependency management. There apparently is an issue no-binary installs of packages build with Poetry. This fixes #148