Changelog for
python39-M2Crypto-0.40.0-security.158.1.x86_64.rpm :
* Wed Jan 24 2024 Daniel Garcia
- Disable broken tests with openssl 3.2, bsc#1217782
* Wed Jan 03 2024 Dirk Müller - require setuptools
* Tue Oct 24 2023 Matej Cepl - Update to 0.40.0: - OK, SO NOT THIS RELEASE, BUT IN THE NEXT RELEASE PYTHON2 WILL TRULY GO! - BREAKING CHANGES: - There are no SWIG generated files (src/SWIG/_m2crytpo_wrap.c) included anymore, so swig must be installed, no exceptions! Also, for compatibility with Python 3.12+, swig 4.0+ is required. - All support for asyncore has been removed, as it has been removed in Python 3.12 as well (which means also removal of contrib/dispatcher.py, M2Crypto/SSL/ssl_dispatcher.py, ZServerSSL). - All use of distutils (including the bundled ones in setuptools) has been removed, so `setup.py clean` is no more. - Excessively complicated and error-prone __init__py has been cleaned and `import M2Crypto` doesn’t include everything anymore. Imports should specified as for example with `from M2Crypto import foo`. - ASN1_Time handling has been mostly rewritten and it almost works even on Windows. - All tests in Gitlab CI (with exceptions of some skipped tests especially on Windows) are now green, tests of Python 2.7 on CentOS 7 have been included. - Introduce m2.err_clear_error() - Make X509_verify_cert() accessible as m2.x509_verify_cert- Add 32bit_ASN1_Time.patch to quench errors on 32bit archs.
* Mon Aug 07 2023 Matej Cepl - Make tests running again.
* Tue Jul 04 2023 Matej Cepl - Update to 0.39.0: - SUPPORT FOR PYTHON 2 HAS BEEN DEPRECATED AND IT WILL BE COMPLETELY REMOVED IN THE NEXT RELEASE. - Remove dependency on parameterized and use unittest.subTest instead. - Upgrade embedded six.py module to 1.16.0 (really tiny inconsequential changes). - Make tests working on MacOS again (test_bio_membuf: Use fork) - Use OpenSSL_version_num() instead of unrealiable parsing of .h file. - Mitigate the Bleichenbacher timing attacks in the RSA decryption API (CVE-2020-25657) - Add functionality to extract EC key from public key + Update tests - Worked around compatibility issues with OpenSSL 3.
* - Support for Twisted has been deprecated (they have their own SSL support anyway). - Generate TAP while testing. - Stop using GitHub for testing. - Accept a small deviation from time in the testsuite (for systems with non-standard HZ kernel parameter). - Use the default BIO.__del__ rather tha overriding in BIO.File (avoid a memleak). - Resolve \"X509_Name.as_der() method from X509.py -> class X509_Name caused segmentation fault\"- Remove upstreamed patches: - CVE-2020-25657-Bleichenbacher-attack.patch - m2crypto-0.38-ossl3-tests.patch - openssl-adapt-tests-for-3.1.0.patch - openssl-stop-parsing-header.patch - timeout_300hz.patch
* Tue Jun 27 2023 Dirk Müller - add timeout_300hz.patch to accept a small deviation from time in the testsuite (bsc#1212757)
* Thu Mar 16 2023 Otto Hollmann - Adapt tests for OpenSSL v3.1.0
* Add openssl-adapt-tests-for-3.1.0.patch
* Mon Nov 07 2022 Dirk Müller - add openssl-stop-parsing-header.patch (bsc#1205042)- add m2crypto-0.38-ossl3-tests.patch
* Wed Aug 03 2022 Dirk Müller - update CVE-2020-25657-Bleichenbacher-attack.patch to actually contain the fix rather than just being empty (CVE-2020-25657, bsc#1178829)
* Tue Jul 12 2022 Matej Cepl - Add CVE-2020-25657-Bleichenbacher-attack.patch (CVE-2020-25657, bsc#1178829), which mitigates the Bleichenbacher timing attacks in the RSA decryption API.- Add python-M2Crypto.keyring to verify GPG signature of tarball.
* Thu Apr 07 2022 Matej Cepl - Add missing bug references to this changelog.
* Mon Jun 14 2021 Matej Cepl - Update to 0.38.0: - Remove the last use of setup.py test idiom. - Use m2_PyObject_AsReadBuffer instead of PyObject_AsReadBuffer. - Add support for arm64 big endian - Make support of RSA_SSLV23_PADDING optional (it has been deprecated). - Move project to src/ layout - Allow verify_cb_
* to be called with ok=True - Be prepared if any of constants in x509_vfy.h is not available. - But we do support 3.8 - We DO NOT support Python 2.6.- All patches were upstreamed: - 293_sslv23_padding.patch - no-need-parameterized.patch - python-M2Crypto-Allow-on-UNABLE_TO_VERIFY_LEAF_SIGNATURE.patch
* Thu Apr 22 2021 Matej Cepl - Add no-need-parameterized.patch ... we don\'t need run-time requirement of parameterized package (bsc#1185150).
* Fri Feb 19 2021 Matej Cepl - Add 293_sslv23_padding.patch to avoid using RSA_SSLV23_PADDING (gl#m2crypto/m2crypto#293, gh#openssl/openssl#14216).
* Wed Feb 17 2021 Pedro Monreal - OpenSSL allows the verificaton to continue on UNABLE_TO_VERIFY_LEAF_SIGNATURE
* This unifies the behaviour of a single certificate with an unknown CA certificate with a self-signed certificate.- Add python-M2Crypto-Allow-on-UNABLE_TO_VERIFY_LEAF_SIGNATURE.patch (Thanks for Debian, https://salsa.debian.org/python-team/packages/m2crypto/-/commit/e0e9ad5cfff8)
* Wed Feb 17 2021 Pedro Monreal - Add source signature file
* Wed Jan 13 2021 Matej Cepl - Dr. Strangelove or: How I Learned to Stop Worrying and Love pytest