Recommended update for python-cryptography

SUSE Recommended Update: Recommended update for python-cryptography
Announcement ID: SUSE-RU-2017:0996-1
Rating: moderate
References: #1014478
Affected Products:
  • SUSE OpenStack Cloud 6
  • SUSE Linux Enterprise Server 12-SP1
  • SUSE Linux Enterprise Desktop 12-SP1

  • An update that has one recommended fix can now be installed.

    Description:


    This update provides python-cryptography 1.1.2, which brings many fixes
    and enhancements:

    - Fixed a runtime error 'undefined symbol EC_GFp_nistp224_method' that
    occurred with some OpenSSL installations.
    - Fixed several small bugs related to compiling the OpenSSL bindings with
    unusual OpenSSL configurations.
    - Added support for Elliptic Curve Diffie-Hellman.
    - Added support for parsing certificate revocation lists (CRLs).
    - Add support for AES key wrapping.
    - Add support for encoding and decoding elliptic curve points to a byte
    string form.
    - 'countryName' is now encoded as a 'PrintableString' when creating
    subject and issuer distinguished names with the Certificate and CSR
    builder classes.
    - The OpenSSL backend prior to 1.0.2 made extensive use of assertions to
    check response codes where our tests could not trigger a failure.
    However, when Python is run with '-O' these asserts are optimized away.
    If a user ran Python with this flag and got an invalid response code
    this could result in undefined behavior or worse. Accordingly, all
    response checks from the OpenSSL backend have been converted from
    'assert' to a true function call.
    - Set the default string mask to UTF-8 in the OpenSSL backend to resolve
    character encoding issues with older versions of OpenSSL.
    - Several new OpenSSL bindings have been added to support a future
    pyOpenSSL release.

    Patch Instructions:

    To install this SUSE Recommended Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE OpenStack Cloud 6:
      zypper in -t patch SUSE-OpenStack-Cloud-6-2017-579=1
    • SUSE Linux Enterprise Server 12-SP1:
      zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-579=1
    • SUSE Linux Enterprise Desktop 12-SP1:
      zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-579=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE OpenStack Cloud 6 (x86_64):
      • python-cryptography-1.1.2-3.5.1
      • python-cryptography-debuginfo-1.1.2-3.5.1
      • python-cryptography-debugsource-1.1.2-3.5.1
    • SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
      • python-cryptography-1.1.2-3.5.1
      • python-cryptography-debuginfo-1.1.2-3.5.1
      • python-cryptography-debugsource-1.1.2-3.5.1
    • SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
      • python-cryptography-1.1.2-3.5.1
      • python-cryptography-debuginfo-1.1.2-3.5.1
      • python-cryptography-debugsource-1.1.2-3.5.1

    References: