Recommended update for python-pyOpenSSL

Announcement ID: SUSE-RU-2020:1279-1
Rating: moderate
References:
Affected Products:
  • HPE Helion OpenStack 8
  • SUSE Enterprise Storage 5
  • SUSE Linux Enterprise High Performance Computing 12 SP2
  • SUSE Linux Enterprise High Performance Computing 12 SP3
  • SUSE Linux Enterprise High Performance Computing 12 SP4
  • SUSE Linux Enterprise High Performance Computing 12 SP5
  • SUSE Linux Enterprise Point of Service Image Server 12 12-SP2
  • SUSE Linux Enterprise Server 12 SP2
  • SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2
  • SUSE Linux Enterprise Server 12 SP2 ESPOS 12-SP2
  • SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2
  • SUSE Linux Enterprise Server 12 SP3
  • SUSE Linux Enterprise Server 12 SP3 BCL 12-SP3
  • SUSE Linux Enterprise Server 12 SP3 ESPOS 12-SP3
  • SUSE Linux Enterprise Server 12 SP3 LTSS 12-SP3
  • SUSE Linux Enterprise Server 12 SP4
  • SUSE Linux Enterprise Server 12 SP5
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3
  • SUSE Linux Enterprise Server for SAP Applications 12 SP4
  • SUSE Linux Enterprise Server for SAP Applications 12 SP5
  • SUSE OpenStack Cloud 7
  • SUSE OpenStack Cloud 8
  • SUSE OpenStack Cloud Crowbar 8

An update that contains two features and has one fix can now be installed.

Description:

This update for python-pyOpenSSL fixes the following issues:

python-pyOpenSSL was updated to version 17.1.0.

Backward-incompatible changes:

  • Removed the deprecated OpenSSL.rand.egd() function. Applications should prefer os.urandom() for random number generation. #630 <https://github.com/pyca/pyopenssl/pull/630>_
  • Removed the deprecated default digest argument to OpenSSL.crypto.CRL.export(). Callers must now always pass an explicit digest. #652 <https://github.com/pyca/pyopenssl/pull/652>_
  • Fixed a bug with ASN1_TIME casting in X509.set_notBefore(), X509.set_notAfter(), Revoked.set_rev_date(), Revoked.set_nextUpdate(), and Revoked.set_lastUpdate(). You must now pass times in the form YYYYMMDDhhmmssZ. YYYYMMDDhhmmss+hhmm and YYYYMMDDhhmmss-hhmm will no longer work. #612 <https://github.com/pyca/pyopenssl/pull/612>_

Deprecations:

  • Deprecated the legacy "Type" aliases: ContextType, ConnectionType, PKeyType, X509NameType, X509ExtensionType, X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, NetscapeSPKIType. The names without the "Type"-suffix should be used instead.

Changes:

  • Added OpenSSL.crypto.X509.from_cryptography() and OpenSSL.crypto.X509.to_cryptography() for converting X.509 certificate to and from pyca/cryptography objects. #640 <https://github.com/pyca/pyopenssl/pull/640>_
  • Added OpenSSL.crypto.X509Req.from_cryptography(), OpenSSL.crypto.X509Req.to_cryptography(), OpenSSL.crypto.CRL.from_cryptography(), and OpenSSL.crypto.CRL.to_cryptography() for converting X.509 CSRs and CRLs to and from pyca/cryptography objects. #645 <https://github.com/pyca/pyopenssl/pull/645>_
  • Added OpenSSL.debug that allows to get an overview of used library versions (including linked OpenSSL) and other useful runtime information using python -m OpenSSL.debug. #620 <https://github.com/pyca/pyopenssl/pull/620>_
  • Added a fallback path to Context.set_default_verify_paths() to accommodate the upcoming release of cryptography manylinux1 wheels. #633 <https://github.com/pyca/pyopenssl/pull/633>_

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • HPE Helion OpenStack 8
    zypper in -t patch HPE-Helion-OpenStack-8-2020-1279=1
  • SUSE OpenStack Cloud 7
    zypper in -t patch SUSE-OpenStack-Cloud-7-2020-1279=1
  • SUSE OpenStack Cloud 8
    zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1279=1
  • SUSE OpenStack Cloud Crowbar 8
    zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1279=1
  • SUSE Linux Enterprise Point of Service Image Server 12 12-SP2
    zypper in -t patch SUSE-SLE-POS-12-SP2-CLIENT-2020-1279=1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2
    zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1279=1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3
    zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1279=1
  • SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-1279=1
  • SUSE Linux Enterprise Server 12 SP2 ESPOS 12-SP2
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-ESPOS-2020-1279=1
  • SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1279=1
  • SUSE Linux Enterprise Server 12 SP3 BCL 12-SP3
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1279=1
  • SUSE Linux Enterprise Server 12 SP3 ESPOS 12-SP3
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-ESPOS-2020-1279=1
  • SUSE Linux Enterprise Server 12 SP3 LTSS 12-SP3
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1279=1
  • SUSE Linux Enterprise High Performance Computing 12 SP4
    zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1279=1
  • SUSE Linux Enterprise Server 12 SP4
    zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1279=1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP4
    zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1279=1
  • SUSE Linux Enterprise High Performance Computing 12 SP5
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1279=1
  • SUSE Linux Enterprise Server 12 SP5
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1279=1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP5
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1279=1
  • SUSE Enterprise Storage 5
    zypper in -t patch SUSE-Storage-5-2020-1279=1

Package List:

  • HPE Helion OpenStack 8 (noarch)
    • python-pyOpenSSL-17.1.0-4.23.1
    • python3-pyOpenSSL-17.1.0-4.23.1
  • SUSE OpenStack Cloud 7 (noarch)
    • python-pyOpenSSL-17.1.0-4.23.1
    • python3-pyOpenSSL-17.1.0-4.23.1
  • SUSE OpenStack Cloud 8 (noarch)
    • python-pyOpenSSL-17.1.0-4.23.1
    • python3-pyOpenSSL-17.1.0-4.23.1
  • SUSE OpenStack Cloud Crowbar 8 (noarch)
    • python-pyOpenSSL-17.1.0-4.23.1
    • python3-pyOpenSSL-17.1.0-4.23.1
  • SUSE Linux Enterprise Point of Service Image Server 12 12-SP2 (noarch)
    • python-pyOpenSSL-17.1.0-4.23.1
    • python3-pyOpenSSL-17.1.0-4.23.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2 (noarch)
    • python-pyOpenSSL-17.1.0-4.23.1
    • python3-pyOpenSSL-17.1.0-4.23.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3 (noarch)
    • python-pyOpenSSL-17.1.0-4.23.1
    • python3-pyOpenSSL-17.1.0-4.23.1
  • SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch)
    • python-pyOpenSSL-17.1.0-4.23.1
    • python3-pyOpenSSL-17.1.0-4.23.1
  • SUSE Linux Enterprise Server 12 SP2 ESPOS 12-SP2 (noarch)
    • python-pyOpenSSL-17.1.0-4.23.1
    • python3-pyOpenSSL-17.1.0-4.23.1
  • SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2 (noarch)
    • python-pyOpenSSL-17.1.0-4.23.1
    • python3-pyOpenSSL-17.1.0-4.23.1
  • SUSE Linux Enterprise Server 12 SP3 BCL 12-SP3 (noarch)
    • python-pyOpenSSL-17.1.0-4.23.1
    • python3-pyOpenSSL-17.1.0-4.23.1
  • SUSE Linux Enterprise Server 12 SP3 ESPOS 12-SP3 (noarch)
    • python-pyOpenSSL-17.1.0-4.23.1
    • python3-pyOpenSSL-17.1.0-4.23.1
  • SUSE Linux Enterprise Server 12 SP3 LTSS 12-SP3 (noarch)
    • python-pyOpenSSL-17.1.0-4.23.1
    • python3-pyOpenSSL-17.1.0-4.23.1
  • SUSE Linux Enterprise High Performance Computing 12 SP4 (noarch)
    • python-pyOpenSSL-17.1.0-4.23.1
    • python3-pyOpenSSL-17.1.0-4.23.1
  • SUSE Linux Enterprise Server 12 SP4 (noarch)
    • python-pyOpenSSL-17.1.0-4.23.1
    • python3-pyOpenSSL-17.1.0-4.23.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch)
    • python-pyOpenSSL-17.1.0-4.23.1
    • python3-pyOpenSSL-17.1.0-4.23.1
  • SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
    • python-pyOpenSSL-17.1.0-4.23.1
    • python3-pyOpenSSL-17.1.0-4.23.1
  • SUSE Linux Enterprise Server 12 SP5 (noarch)
    • python-pyOpenSSL-17.1.0-4.23.1
    • python3-pyOpenSSL-17.1.0-4.23.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
    • python-pyOpenSSL-17.1.0-4.23.1
    • python3-pyOpenSSL-17.1.0-4.23.1
  • SUSE Enterprise Storage 5 (noarch)
    • python-pyOpenSSL-17.1.0-4.23.1
    • python3-pyOpenSSL-17.1.0-4.23.1

References: