Security update for python-defusedxml, python-freezegun, python-pkgconfig, python-python3-saml, python-xmlsec
| Announcement ID: | SUSE-SU-2021:0048-1 |
|---|---|
| Rating: | moderate |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves one vulnerability and has two security fixes can now be installed.
Description:
This update for python-defusedxml, python-freezegun, python-pkgconfig, python-python3-saml, python-xmlsec fixes the following issues:
- Update to 0.6.0
- Increase test coverage.
- Add badges to README.
- Test on Python 3.7 stable and 3.8-dev
- Drop support for Python 3.4
- No longer pass html argument to XMLParse. It has been deprecated and ignored for a long time. The DefusedXMLParser still takes a html argument. A deprecation warning is issued when the argument is False and a TypeError when it's True.
- defusedxml now fails early when pyexpat stdlib module is not available or broken.
- defusedxml.ElementTree.all now lists ParseError as public attribute.
-
The defusedxml.ElementTree and defusedxml.cElementTree modules had a typo and used XMLParse instead of XMLParser as an alias for DefusedXMLParser. Both the old and fixed name are now available.
-
Remove superfluous devel dependency for noarch package
-
Update to 5.0
- Add compatibility with Python 3.6
- Drop support for Python 2.6, 3.1, 3.2, 3.3
- Fix lxml tests (XMLSyntaxError: Detected an entity reference loop)
-
Implement single-spec version.
-
Dummy changelog for bsc#1019074, FATE#322329
-
Add dependency on the full python (which is not pulled by setuptools anymore). Use %{pythons} macro now. (bsc#1177200)
-
Upgrade to 0.3.12:
- Refactor classes to functions
- Ignore Selenium
- Move to pytest
- Conditionally patch time.clock (removed in 3.8)
-
Patch time.time_ns added in Python 3.7
-
Do not require python2 module for building python3 module
-
Update to 0.3.11:
- Performance improvements
- Fix nesting time.time
- Add nanosecond property
-
Remove superfluous devel dependency for noarch package
-
Add remove_dependency_on_mock.patch which removes dependency on python-mock for Python 3, where it is not required.
-
update to 0.3.10
- Performance improvements
-
Coroutine support
-
update to version 0.3.9
- If no time to be frozen, use current time
- Fix uuid1 issues
- Add support for python 3.6
update to version 0.3.8 * Improved unpatching when importing modules after freeze_time start() * Add manual increment via tick method * Fix bug with time.localtime not being reset. Closes #112. * Fix test to work when current timezone is GMT-14 or GMT+14. * Fixed #162 - allow decorating old-style classes. * Add support to PyMySQL * Assume the default time to freeze is "now". * Register fake types in PyMySQL conversions * Ignore threading and Queue modules. Closes #129. * Lock down coverage version since new coverage doesnt support py3.2 * Fix or py3 astimezone and not passing tz. Closes #138. * Add note about deafult arguments. Closes #140. * Add license info. Closes #120.
- Update to 0.3.5
- No upstream changelog
-
Remove unneeded freeze_hideDeps.patch
-
Use download Url as source
-
Use tarball provided by pypi
-
update to 1.5.1
- Use poetry instead of setuptools directly
- Fix #42: raise exception if package is missing
- Fix version parsing for openssl-like version numbers, fixes #32
- Add boolean static keyword to output private libraries as well
-
Raise original OSError as well
-
Add missing test dependency pkgconfig
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Enterprise Storage 6
zypper in -t patch SUSE-Storage-6-2021-48=1
Package List:
-
SUSE Enterprise Storage 6 (noarch)
- python3-freezegun-0.3.12-1.5.1
- python3-defusedxml-0.6.0-1.5.1
- python3-isodate-0.6.0-1.3.2
- python3-pkgconfig-1.5.1-1.5.1
- python3-python3-saml-1.9.0-1.5.2
-
SUSE Enterprise Storage 6 (aarch64 x86_64)
- python3-xmlsec-debuginfo-1.3.6-1.5.1
- python3-xmlsec-1.3.6-1.5.1