{"update": {"autokarma": false, "autotime": false, "stable_karma": 3, "stable_days": 14, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "- Update to upstream version 42.0.5\n- Fixes CVE-2024-26130", "type": "security", "status": "unpushed", "request": null, "severity": "medium", "suggest": "unspecified", "locked": false, "pushed": false, "critpath": true, "critpath_groups": "critical-path-compose critical-path-server", "close_bugs": true, "date_submitted": "2024-03-21 10:49:10", "date_modified": null, "date_approved": null, "date_testing": "2024-03-22 02:07:34", "date_stable": null, "alias": "FEDORA-2024-534c900eff", "test_gating_status": "failed", "from_tag": null, "date_pushed": "2024-03-22 02:07:34", "meets_testing_requirements": false, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-534c900eff", "title": "python-cryptography-42.0.5-1.fc40", "version_hash": "a2d6b664e693ea528c2066fbbc0a43882087e240", "release": {"name": "F40", "long_name": "Fedora 40", "version": "40", "id_prefix": "FEDORA", "branch": "f40", "dist_tag": "f40", "stable_tag": "f40-updates", "testing_tag": "f40-updates-testing", "candidate_tag": "f40-updates-candidate", "pending_signing_tag": "f40-signing-pending", "pending_testing_tag": "f40-updates-testing-pending", "pending_stable_tag": "f40-updates-pending", "override_tag": "f40-override", "mail_template": "fedora_errata_template", "state": "current", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": "2025-05-13", "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "cheimes", "email": "cheimes@redhat.com", "id": 2622, "avatar": "https://seccdn.libravatar.org/avatar/fb01cd1580c9fa10cf453f7c77b9a5ac59f645883d7bf9f921743803e0379c8d?s=24&d=retro", "openid": "cheimes.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "python-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "gitfreeipa"}, {"name": "git389"}, {"name": "latchset"}, {"name": "gitpki"}, {"name": "python-packagers-sig"}, {"name": "podengo"}, {"name": "trust admins"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by cheimes. ", "timestamp": "2024-03-21 10:49:10", "update_id": 599037, "user_id": 91, "id": 3459796, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'waiting'.", "timestamp": "2024-03-21 10:49:11", "update_id": 599037, "user_id": 91, "id": 3459797, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'waiting'.", "timestamp": "2024-03-21 10:49:12", "update_id": 599037, "user_id": 91, "id": 3459798, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'failed'.", "timestamp": "2024-03-21 12:30:07", "update_id": 599037, "user_id": 91, "id": 3459843, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": -1, "karma_critpath": 0, "text": "See https://bodhi.fedoraproject.org/updates/FEDORA-2024-36918807ad#comment-3460553 .", "timestamp": "2024-03-22 01:45:05", "update_id": 599037, "user_id": 302, "id": 3460555, "bug_feedback": [{"karma": 0, "comment_id": 3460555, "bug_id": 2251816, "bug": {"bug_id": 2251816, "title": "python-cryptography-42.0.5 is available", "security": false, "parent": false}}, {"karma": 0, "comment_id": 3460555, "bug_id": 2269618, "bug": {"bug_id": 2269618, "title": "CVE-2024-26130 python-cryptography: NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "adamwill", "email": "awilliam@redhat.com", "id": 302, "avatar": "https://seccdn.libravatar.org/avatar/51720fbb2ec5dfd2bc005ac374a3bfd3190cb8f45f3bb8d6bdf35fb6a051d03b?s=24&d=retro", "openid": "adamwill.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "qa-tools-sig"}, {"name": "fedora-contributor"}, {"name": "news"}, {"name": "gittriage"}, {"name": "sysadmin"}, {"name": "gitspin-kickstarts"}, {"name": "signed_fpca"}, {"name": "gitgeneric-release"}, {"name": "yak_farmers"}, {"name": "triagers"}, {"name": "qa"}, {"name": "sysadmin-qa"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "gitmkinitrd"}, {"name": "qa-admin"}, {"name": "aws-qa"}, {"name": "change-wranglers"}, {"name": "fedora-ci-admins"}, {"name": "common-issues-triage"}, {"name": "sysadmin-main"}, {"name": "program-management"}, {"name": "gitfedora-project-schedule"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2024-03-22 02:09:33", "update_id": 599037, "user_id": 91, "id": 3460676, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.", "timestamp": "2024-03-22 02:09:39", "update_id": 599037, "user_id": 91, "id": 3460715, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": -1, "karma_critpath": 0, "text": " The following dnf problem with python3-cryptography-42.0.5-1.fc40 and python3-pyOpenSSL-23.2.0-3.fc40 prevented updating to python3-cryptography-42.0.5-1.fc40 due to a conflict with their version requirements.\n\n     Problem: package python3-pyOpenSSL-23.2.0-3.fc40.noarch from @System requires ((python3.12dist(cryptography) < 40 or python3.12dist(cryptography) > 40) with (python3.12dist(cryptography) < 40.0.1 or python3.12dist(cryptography) > 40.0.1) with python3.12dist(cryptography) < 42~~ with python3.12dist(cryptography) >= 38), but none of the providers can be installed\n       - cannot install both python3-cryptography-42.0.5-1.fc40.x86_64 from updates-testing and python3-cryptography-41.0.7-1.fc40.x86_64 from @System\n       - cannot install both python3-cryptography-42.0.5-1.fc40.x86_64 from updates-testing and python3-cryptography-41.0.7-1.fc40.x86_64 from fedora\n       - cannot install the best update candidate for package python3-pyOpenSSL-23.2.0-3.fc40.noarch\n       - cannot install the best update candidate for package python3-cryptography-41.0.7-1.fc40.x86_64\n\nI reported this at https://bugzilla.redhat.com/show_bug.cgi?id=2270896", "timestamp": "2024-03-22 02:42:19", "update_id": 599037, "user_id": 4471, "id": 3460801, "bug_feedback": [{"karma": 0, "comment_id": 3460801, "bug_id": 2251816, "bug": {"bug_id": 2251816, "title": "python-cryptography-42.0.5 is available", "security": false, "parent": false}}, {"karma": 0, "comment_id": 3460801, "bug_id": 2269618, "bug": {"bug_id": 2269618, "title": "CVE-2024-26130 python-cryptography: NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "mattf", "email": "matt.fagnani@bell.net", "id": 4471, "avatar": "https://seccdn.libravatar.org/avatar/dfd914605b2f5dafb41729697904a39aacfba787012bad999834e94535892c46?s=24&d=retro", "openid": "mattf.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "trust admins"}]}}, {"karma": 0, "karma_critpath": 0, "text": "Let's retract this update. We need to update PyOpenSSL and investigate + fix several other packages that may have a bad upper limit.", "timestamp": "2024-03-22 05:08:07", "update_id": 599037, "user_id": 2622, "id": 3460861, "bug_feedback": [{"karma": 0, "comment_id": 3460861, "bug_id": 2251816, "bug": {"bug_id": 2251816, "title": "python-cryptography-42.0.5 is available", "security": false, "parent": false}}, {"karma": 0, "comment_id": 3460861, "bug_id": 2269618, "bug": {"bug_id": 2269618, "title": "CVE-2024-26130 python-cryptography: NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "cheimes", "email": "cheimes@redhat.com", "id": 2622, "avatar": "https://seccdn.libravatar.org/avatar/fb01cd1580c9fa10cf453f7c77b9a5ac59f645883d7bf9f921743803e0379c8d?s=24&d=retro", "openid": "cheimes.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "python-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "gitfreeipa"}, {"name": "git389"}, {"name": "latchset"}, {"name": "gitpki"}, {"name": "python-packagers-sig"}, {"name": "podengo"}, {"name": "trust admins"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been unpushed.", "timestamp": "2024-03-22 05:08:56", "update_id": 599037, "user_id": 2622, "id": 3460862, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "cheimes", "email": "cheimes@redhat.com", "id": 2622, "avatar": "https://seccdn.libravatar.org/avatar/fb01cd1580c9fa10cf453f7c77b9a5ac59f645883d7bf9f921743803e0379c8d?s=24&d=retro", "openid": "cheimes.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "python-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "gitfreeipa"}, {"name": "git389"}, {"name": "latchset"}, {"name": "gitpki"}, {"name": "python-packagers-sig"}, {"name": "podengo"}, {"name": "trust admins"}]}}, {"karma": -1, "karma_critpath": 0, "text": "Yes, confirmed here too:\n``` \n  - cannot install both python3-cryptography-42.0.5-1.fc40.x86_64 from updates-testing and python3-cryptography-41.0.7-1.fc40.x86_64 from @System\n  - cannot install both python3-cryptography-42.0.5-1.fc40.x86_64 from updates-testing and python3-cryptography-41.0.7-1.fc40.x86_64 from fedora\n  - n\u00e3o \u00e9 poss\u00edvel instalar o melhor candidato \u00e0 atualiza\u00e7\u00e3o para o pacote python3-pyOpenSSL-23.2.0-3.fc40.noarch\n  - n\u00e3o \u00e9 poss\u00edvel instalar o melhor candidato \u00e0 atualiza\u00e7\u00e3o para o pacote python3-cryptography-41.0.7-1.fc40.x86_64\n``` ", "timestamp": "2024-03-22 13:52:53", "update_id": 599037, "user_id": 5881, "id": 3461219, "bug_feedback": [{"karma": 0, "comment_id": 3461219, "bug_id": 2251816, "bug": {"bug_id": 2251816, "title": "python-cryptography-42.0.5 is available", "security": false, "parent": false}}, {"karma": 0, "comment_id": 3461219, "bug_id": 2269618, "bug": {"bug_id": 2269618, "title": "CVE-2024-26130 python-cryptography: NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "geraldosimiao", "email": "geraldo.simiao.kutz@gmail.com", "id": 5881, "avatar": "https://seccdn.libravatar.org/avatar/03fa5b58e8ac78544bf41ad8ecf9ee1920f2ebedb86542c2f4cdf7ef15813168?s=24&d=retro", "openid": "geraldosimiao.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "advocates"}, {"name": "respins-sig"}, {"name": "trust admins"}]}}], "builds": [{"nvr": "python-cryptography-42.0.5-1.fc40", "signed": true, "release_id": 76, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 2251816, "title": "python-cryptography-42.0.5 is available", "security": false, "parent": false, "feedback": [{"karma": 0, "comment_id": 3459752, "bug_id": 2251816, "comment": {"karma": 0, "karma_critpath": 0, "text": "update.install_default_update_live test is failing. It complains that the installed version (41.0.7-1) is older than the updated version on the live system. I'm waiting for QA team to assess the situation.", "timestamp": "2024-03-21 10:11:38", "update_id": 599012, "user_id": 2622, "id": 3459752, "testcase_feedback": [], "user": {"name": "cheimes", "email": "cheimes@redhat.com", "id": 2622, "avatar": "https://seccdn.libravatar.org/avatar/fb01cd1580c9fa10cf453f7c77b9a5ac59f645883d7bf9f921743803e0379c8d?s=24&d=retro", "openid": "cheimes.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "python-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "gitfreeipa"}, {"name": "git389"}, {"name": "latchset"}, {"name": "gitpki"}, {"name": "python-packagers-sig"}, {"name": "podengo"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 3460553, "bug_id": 2251816, "comment": {"karma": -1, "karma_critpath": 0, "text": "This is because several things have upper-bounded deps that this update exceeds. This update should be bundled with rebuilds of all of these:\n\n    firmitas-0:0.1.2-5.fc40.noarch\n    (python3.12dist(cryptography) < 42~~ with python3.12dist(cryptography) >= 36)\n    oci-cli-0:3.37.10-1.fc40.noarch\n    (python3.12dist(cryptography) < 42~~ with python3.12dist(cryptography) >= 3.2.1)\n    pgadmin4-0:8.3-4.fc40.x86_64\n    (python3dist(cryptography) >= 41 with python3dist(cryptography) < 41.1)\n    python3-oci-0:2.122.0-1.fc40.noarch\n    (python3.12dist(cryptography) < 42~~ with python3.12dist(cryptography) >= 3.2.1)\n    python3-pyOpenSSL-0:23.2.0-3.fc40.noarch\n    ((python3.12dist(cryptography) < 40 or python3.12dist(cryptography) > 40) with (python3.12dist(cryptography) < 40.0.1 or python3.12dist(cryptography) > 40.0.1) with python3.12dist(cryptography) < 42~~ with python3.12dist(cryptography) >= 38)\n\nWow, that last one's weird. Anyway, that's the problem.", "timestamp": "2024-03-22 01:44:33", "update_id": 599012, "user_id": 302, "id": 3460553, "testcase_feedback": [], "user": {"name": "adamwill", "email": "awilliam@redhat.com", "id": 302, "avatar": "https://seccdn.libravatar.org/avatar/51720fbb2ec5dfd2bc005ac374a3bfd3190cb8f45f3bb8d6bdf35fb6a051d03b?s=24&d=retro", "openid": "adamwill.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "qa-tools-sig"}, {"name": "fedora-contributor"}, {"name": "news"}, {"name": "gittriage"}, {"name": "sysadmin"}, {"name": "gitspin-kickstarts"}, {"name": "signed_fpca"}, {"name": "gitgeneric-release"}, {"name": "yak_farmers"}, {"name": "triagers"}, {"name": "qa"}, {"name": "sysadmin-qa"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "gitmkinitrd"}, {"name": "qa-admin"}, {"name": "aws-qa"}, {"name": "change-wranglers"}, {"name": "fedora-ci-admins"}, {"name": "common-issues-triage"}, {"name": "sysadmin-main"}, {"name": "program-management"}, {"name": "gitfedora-project-schedule"}]}}}, {"karma": 0, "comment_id": 3460861, "bug_id": 2251816, "comment": {"karma": 0, "karma_critpath": 0, "text": "Let's retract this update. We need to update PyOpenSSL and investigate + fix several other packages that may have a bad upper limit.", "timestamp": "2024-03-22 05:08:07", "update_id": 599037, "user_id": 2622, "id": 3460861, "testcase_feedback": [], "user": {"name": "cheimes", "email": "cheimes@redhat.com", "id": 2622, "avatar": "https://seccdn.libravatar.org/avatar/fb01cd1580c9fa10cf453f7c77b9a5ac59f645883d7bf9f921743803e0379c8d?s=24&d=retro", "openid": "cheimes.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "python-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "gitfreeipa"}, {"name": "git389"}, {"name": "latchset"}, {"name": "gitpki"}, {"name": "python-packagers-sig"}, {"name": "podengo"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 3461219, "bug_id": 2251816, "comment": {"karma": -1, "karma_critpath": 0, "text": "Yes, confirmed here too:\n``` \n  - cannot install both python3-cryptography-42.0.5-1.fc40.x86_64 from updates-testing and python3-cryptography-41.0.7-1.fc40.x86_64 from @System\n  - cannot install both python3-cryptography-42.0.5-1.fc40.x86_64 from updates-testing and python3-cryptography-41.0.7-1.fc40.x86_64 from fedora\n  - n\u00e3o \u00e9 poss\u00edvel instalar o melhor candidato \u00e0 atualiza\u00e7\u00e3o para o pacote python3-pyOpenSSL-23.2.0-3.fc40.noarch\n  - n\u00e3o \u00e9 poss\u00edvel instalar o melhor candidato \u00e0 atualiza\u00e7\u00e3o para o pacote python3-cryptography-41.0.7-1.fc40.x86_64\n``` ", "timestamp": "2024-03-22 13:52:53", "update_id": 599037, "user_id": 5881, "id": 3461219, "testcase_feedback": [], "user": {"name": "geraldosimiao", "email": "geraldo.simiao.kutz@gmail.com", "id": 5881, "avatar": "https://seccdn.libravatar.org/avatar/03fa5b58e8ac78544bf41ad8ecf9ee1920f2ebedb86542c2f4cdf7ef15813168?s=24&d=retro", "openid": "geraldosimiao.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "advocates"}, {"name": "respins-sig"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 3460554, "bug_id": 2251816, "comment": {"karma": 0, "karma_critpath": 0, "text": "I did the querying on f40, but it's likely very similar in Rawhide.", "timestamp": "2024-03-22 01:44:46", "update_id": 599012, "user_id": 302, "id": 3460554, "testcase_feedback": [], "user": {"name": "adamwill", "email": "awilliam@redhat.com", "id": 302, "avatar": "https://seccdn.libravatar.org/avatar/51720fbb2ec5dfd2bc005ac374a3bfd3190cb8f45f3bb8d6bdf35fb6a051d03b?s=24&d=retro", "openid": "adamwill.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "qa-tools-sig"}, {"name": "fedora-contributor"}, {"name": "news"}, {"name": "gittriage"}, {"name": "sysadmin"}, {"name": "gitspin-kickstarts"}, {"name": "signed_fpca"}, {"name": "gitgeneric-release"}, {"name": "yak_farmers"}, {"name": "triagers"}, {"name": "qa"}, {"name": "sysadmin-qa"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "gitmkinitrd"}, {"name": "qa-admin"}, {"name": "aws-qa"}, {"name": "change-wranglers"}, {"name": "fedora-ci-admins"}, {"name": "common-issues-triage"}, {"name": "sysadmin-main"}, {"name": "program-management"}, {"name": "gitfedora-project-schedule"}]}}}, {"karma": 0, "comment_id": 3460555, "bug_id": 2251816, "comment": {"karma": -1, "karma_critpath": 0, "text": "See https://bodhi.fedoraproject.org/updates/FEDORA-2024-36918807ad#comment-3460553 .", "timestamp": "2024-03-22 01:45:05", "update_id": 599037, "user_id": 302, "id": 3460555, "testcase_feedback": [], "user": {"name": "adamwill", "email": "awilliam@redhat.com", "id": 302, "avatar": "https://seccdn.libravatar.org/avatar/51720fbb2ec5dfd2bc005ac374a3bfd3190cb8f45f3bb8d6bdf35fb6a051d03b?s=24&d=retro", "openid": "adamwill.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "qa-tools-sig"}, {"name": "fedora-contributor"}, {"name": "news"}, {"name": "gittriage"}, {"name": "sysadmin"}, {"name": "gitspin-kickstarts"}, {"name": "signed_fpca"}, {"name": "gitgeneric-release"}, {"name": "yak_farmers"}, {"name": "triagers"}, {"name": "qa"}, {"name": "sysadmin-qa"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "gitmkinitrd"}, {"name": "qa-admin"}, {"name": "aws-qa"}, {"name": "change-wranglers"}, {"name": "fedora-ci-admins"}, {"name": "common-issues-triage"}, {"name": "sysadmin-main"}, {"name": "program-management"}, {"name": "gitfedora-project-schedule"}]}}}, {"karma": 0, "comment_id": 3460801, "bug_id": 2251816, "comment": {"karma": -1, "karma_critpath": 0, "text": " The following dnf problem with python3-cryptography-42.0.5-1.fc40 and python3-pyOpenSSL-23.2.0-3.fc40 prevented updating to python3-cryptography-42.0.5-1.fc40 due to a conflict with their version requirements.\n\n     Problem: package python3-pyOpenSSL-23.2.0-3.fc40.noarch from @System requires ((python3.12dist(cryptography) < 40 or python3.12dist(cryptography) > 40) with (python3.12dist(cryptography) < 40.0.1 or python3.12dist(cryptography) > 40.0.1) with python3.12dist(cryptography) < 42~~ with python3.12dist(cryptography) >= 38), but none of the providers can be installed\n       - cannot install both python3-cryptography-42.0.5-1.fc40.x86_64 from updates-testing and python3-cryptography-41.0.7-1.fc40.x86_64 from @System\n       - cannot install both python3-cryptography-42.0.5-1.fc40.x86_64 from updates-testing and python3-cryptography-41.0.7-1.fc40.x86_64 from fedora\n       - cannot install the best update candidate for package python3-pyOpenSSL-23.2.0-3.fc40.noarch\n       - cannot install the best update candidate for package python3-cryptography-41.0.7-1.fc40.x86_64\n\nI reported this at https://bugzilla.redhat.com/show_bug.cgi?id=2270896", "timestamp": "2024-03-22 02:42:19", "update_id": 599037, "user_id": 4471, "id": 3460801, "testcase_feedback": [], "user": {"name": "mattf", "email": "matt.fagnani@bell.net", "id": 4471, "avatar": "https://seccdn.libravatar.org/avatar/dfd914605b2f5dafb41729697904a39aacfba787012bad999834e94535892c46?s=24&d=retro", "openid": "mattf.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "trust admins"}]}}}]}, {"bug_id": 2269618, "title": "CVE-2024-26130 python-cryptography: NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 3460861, "bug_id": 2269618, "comment": {"karma": 0, "karma_critpath": 0, "text": "Let's retract this update. We need to update PyOpenSSL and investigate + fix several other packages that may have a bad upper limit.", "timestamp": "2024-03-22 05:08:07", "update_id": 599037, "user_id": 2622, "id": 3460861, "testcase_feedback": [], "user": {"name": "cheimes", "email": "cheimes@redhat.com", "id": 2622, "avatar": "https://seccdn.libravatar.org/avatar/fb01cd1580c9fa10cf453f7c77b9a5ac59f645883d7bf9f921743803e0379c8d?s=24&d=retro", "openid": "cheimes.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "python-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "gitfreeipa"}, {"name": "git389"}, {"name": "latchset"}, {"name": "gitpki"}, {"name": "python-packagers-sig"}, {"name": "podengo"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 3461219, "bug_id": 2269618, "comment": {"karma": -1, "karma_critpath": 0, "text": "Yes, confirmed here too:\n``` \n  - cannot install both python3-cryptography-42.0.5-1.fc40.x86_64 from updates-testing and python3-cryptography-41.0.7-1.fc40.x86_64 from @System\n  - cannot install both python3-cryptography-42.0.5-1.fc40.x86_64 from updates-testing and python3-cryptography-41.0.7-1.fc40.x86_64 from fedora\n  - n\u00e3o \u00e9 poss\u00edvel instalar o melhor candidato \u00e0 atualiza\u00e7\u00e3o para o pacote python3-pyOpenSSL-23.2.0-3.fc40.noarch\n  - n\u00e3o \u00e9 poss\u00edvel instalar o melhor candidato \u00e0 atualiza\u00e7\u00e3o para o pacote python3-cryptography-41.0.7-1.fc40.x86_64\n``` ", "timestamp": "2024-03-22 13:52:53", "update_id": 599037, "user_id": 5881, "id": 3461219, "testcase_feedback": [], "user": {"name": "geraldosimiao", "email": "geraldo.simiao.kutz@gmail.com", "id": 5881, "avatar": "https://seccdn.libravatar.org/avatar/03fa5b58e8ac78544bf41ad8ecf9ee1920f2ebedb86542c2f4cdf7ef15813168?s=24&d=retro", "openid": "geraldosimiao.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "advocates"}, {"name": "respins-sig"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 3460555, "bug_id": 2269618, "comment": {"karma": -1, "karma_critpath": 0, "text": "See https://bodhi.fedoraproject.org/updates/FEDORA-2024-36918807ad#comment-3460553 .", "timestamp": "2024-03-22 01:45:05", "update_id": 599037, "user_id": 302, "id": 3460555, "testcase_feedback": [], "user": {"name": "adamwill", "email": "awilliam@redhat.com", "id": 302, "avatar": "https://seccdn.libravatar.org/avatar/51720fbb2ec5dfd2bc005ac374a3bfd3190cb8f45f3bb8d6bdf35fb6a051d03b?s=24&d=retro", "openid": "adamwill.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "qa-tools-sig"}, {"name": "fedora-contributor"}, {"name": "news"}, {"name": "gittriage"}, {"name": "sysadmin"}, {"name": "gitspin-kickstarts"}, {"name": "signed_fpca"}, {"name": "gitgeneric-release"}, {"name": "yak_farmers"}, {"name": "triagers"}, {"name": "qa"}, {"name": "sysadmin-qa"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "gitmkinitrd"}, {"name": "qa-admin"}, {"name": "aws-qa"}, {"name": "change-wranglers"}, {"name": "fedora-ci-admins"}, {"name": "common-issues-triage"}, {"name": "sysadmin-main"}, {"name": "program-management"}, {"name": "gitfedora-project-schedule"}]}}}, {"karma": 0, "comment_id": 3460801, "bug_id": 2269618, "comment": {"karma": -1, "karma_critpath": 0, "text": " The following dnf problem with python3-cryptography-42.0.5-1.fc40 and python3-pyOpenSSL-23.2.0-3.fc40 prevented updating to python3-cryptography-42.0.5-1.fc40 due to a conflict with their version requirements.\n\n     Problem: package python3-pyOpenSSL-23.2.0-3.fc40.noarch from @System requires ((python3.12dist(cryptography) < 40 or python3.12dist(cryptography) > 40) with (python3.12dist(cryptography) < 40.0.1 or python3.12dist(cryptography) > 40.0.1) with python3.12dist(cryptography) < 42~~ with python3.12dist(cryptography) >= 38), but none of the providers can be installed\n       - cannot install both python3-cryptography-42.0.5-1.fc40.x86_64 from updates-testing and python3-cryptography-41.0.7-1.fc40.x86_64 from @System\n       - cannot install both python3-cryptography-42.0.5-1.fc40.x86_64 from updates-testing and python3-cryptography-41.0.7-1.fc40.x86_64 from fedora\n       - cannot install the best update candidate for package python3-pyOpenSSL-23.2.0-3.fc40.noarch\n       - cannot install the best update candidate for package python3-cryptography-41.0.7-1.fc40.x86_64\n\nI reported this at https://bugzilla.redhat.com/show_bug.cgi?id=2270896", "timestamp": "2024-03-22 02:42:19", "update_id": 599037, "user_id": 4471, "id": 3460801, "testcase_feedback": [], "user": {"name": "mattf", "email": "matt.fagnani@bell.net", "id": 4471, "avatar": "https://seccdn.libravatar.org/avatar/dfd914605b2f5dafb41729697904a39aacfba787012bad999834e94535892c46?s=24&d=retro", "openid": "mattf.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "trust admins"}]}}}]}], "updateid": "FEDORA-2024-534c900eff", "karma": -3, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}