SUSE-SU-2023:2783-1

This update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets fixes the following issues:

grpc:

• Update in SLE-15 (bsc#1197726, bsc#1144068)

protobuf:

• Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941, bsc#1203681
• Fix a potential DoS issue when parsing with binary data in protobuf-java, CVE-2022-3171, bsc#1204256
• Fix potential Denial of Service in protobuf-java in the parsing procedure for binary data, CVE-2021-22569, bsc#1194530
• Add missing dependency of python subpackages on python-six (bsc#1177127)
• Updated to version 3.9.2 (bsc#1162343)
  • Remove OSReadLittle* due to alignment requirements.
  • Don't use unions and instead use memcpy for the type swaps.
• Disable LTO (bsc#1133277)

python-aiocontextvars:

• Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

python-avro:

• Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
• Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

python-cryptography:

• update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331)
  • SECURITY ISSUE: Fixed a bug where certain sequences of update() calls when symmetrically encrypting very large payloads (>2GB) could result in an integer overflow, leading to buffer overflows. CVE-2020-36242

python-cryptography-vectors:

• update to 3.2 (bsc#1178168, CVE-2020-25659):
  • CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability.
  • Support for OpenSSL 1.0.2 has been removed.
  • Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder.
• update to 3.3.2 (bsc#1198331)

python-Deprecated:

• Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
• update to 1.2.13:

python-google-api-core:

• Update to 1.14.2

python-googleapis-common-protos:

• Update to 1.6.0

python-grpcio-gcp:

• Initial spec for v0.2.2

python-humanfriendly:

• Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
• Update to 10.0

python-jsondiff:

• Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
• Update to version 1.3.0

python-knack:

• Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
• Update to version 0.9.0

python-opencensus:

• Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
• Disable Python2 build
• Update to 0.8.0

python-opencensus-context:

• Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

python-opencensus-ext-threading:

• Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
• Initial build version 0.1.2

python-opentelemetry-api:

• Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
• Version update to 1.5.0

python-psutil:

• Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
• update to 5.9.1
• remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS. (bsc#1184753)
• Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

python-PyGithub:

• Update to 1.43.5:

python-pytest-asyncio:

• Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
• Initial release of python-pytest-asyncio 0.8.0

python-requests:

• Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

python-websocket-client:

• Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
• Update to version 1.3.2

python-websockets:

• Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
• update to 9.1: