[Buildroot] [PATCH 1/1] package/python-m2crypto: bump to version 0.40.1
James Hilliard
james.hilliard1 at gmail.com
Wed Nov 8 23:11:53 UTC 2023
Drop patch and associated CVE ignore which is now upstream.
Signed-off-by: James Hilliard <james.hilliard1 at gmail.com>
---
...he-RSA-decryption-API-CVE-2020-25657.patch | 174 ------------------
package/python-m2crypto/python-m2crypto.hash | 4 +-
package/python-m2crypto/python-m2crypto.mk | 7 +-
3 files changed, 4 insertions(+), 181 deletions(-)
delete mode 100644 package/python-m2crypto/0001-Mitigate-the-Bleichenbacher-timing-attacks-in-the-RSA-decryption-API-CVE-2020-25657.patch
diff --git a/package/python-m2crypto/0001-Mitigate-the-Bleichenbacher-timing-attacks-in-the-RSA-decryption-API-CVE-2020-25657.patch b/package/python-m2crypto/0001-Mitigate-the-Bleichenbacher-timing-attacks-in-the-RSA-decryption-API-CVE-2020-25657.patch
deleted file mode 100644
index 68200b7d9b..0000000000
--- a/package/python-m2crypto/0001-Mitigate-the-Bleichenbacher-timing-attacks-in-the-RSA-decryption-API-CVE-2020-25657.patch
+++ /dev/null
@@ -1,174 +0,0 @@
-From 84c53958def0f510e92119fca14d74f94215827a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl at cepl.eu>
-Date: Tue, 28 Jun 2022 21:17:01 +0200
-Subject: [PATCH] Mitigate the Bleichenbacher timing attacks in the RSA
- decryption API (CVE-2020-25657)
-
-Fixes #282
-
-[Retrieved from:
-https://gitlab.com/m2crypto/m2crypto/-/commit/84c53958def0f510e92119fca14d74f94215827a]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
----
- src/SWIG/_m2crypto_wrap.c | 20 ++++++++++++--------
- src/SWIG/_rsa.i | 20 ++++++++++++--------
- tests/test_rsa.py | 15 +++++++--------
- 3 files changed, 31 insertions(+), 24 deletions(-)
-
-diff --git a/src/SWIG/_m2crypto_wrap.c b/src/SWIG/_m2crypto_wrap.c
-index aba9eb6d..a9f30da9 100644
---- a/src/SWIG/_m2crypto_wrap.c
-+++ b/src/SWIG/_m2crypto_wrap.c
-@@ -7040,9 +7040,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) {
- tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
- (unsigned char *)tbuf, rsa, padding);
- if (tlen == -1) {
-- m2_PyErr_Msg(_rsa_err);
-+ ERR_clear_error();
-+ PyErr_Clear();
- PyMem_Free(tbuf);
-- return NULL;
-+ Py_RETURN_NONE;
- }
-
- ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
-@@ -7070,9 +7071,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) {
- tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
- (unsigned char *)tbuf, rsa, padding);
- if (tlen == -1) {
-- m2_PyErr_Msg(_rsa_err);
-+ ERR_clear_error();
-+ PyErr_Clear();
- PyMem_Free(tbuf);
-- return NULL;
-+ Py_RETURN_NONE;
- }
-
- ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
-@@ -7097,9 +7099,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) {
- tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
- (unsigned char *)tbuf, rsa, padding);
- if (tlen == -1) {
-- m2_PyErr_Msg(_rsa_err);
-+ ERR_clear_error();
-+ PyErr_Clear();
- PyMem_Free(tbuf);
-- return NULL;
-+ Py_RETURN_NONE;
- }
-
- ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
-@@ -7124,9 +7127,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) {
- tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
- (unsigned char *)tbuf, rsa, padding);
- if (tlen == -1) {
-- m2_PyErr_Msg(_rsa_err);
-+ ERR_clear_error();
-+ PyErr_Clear();
- PyMem_Free(tbuf);
-- return NULL;
-+ Py_RETURN_NONE;
- }
- ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
-
-diff --git a/src/SWIG/_rsa.i b/src/SWIG/_rsa.i
-index bc714e01..1377b8be 100644
---- a/src/SWIG/_rsa.i
-+++ b/src/SWIG/_rsa.i
-@@ -239,9 +239,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) {
- tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
- (unsigned char *)tbuf, rsa, padding);
- if (tlen == -1) {
-- m2_PyErr_Msg(_rsa_err);
-+ ERR_clear_error();
-+ PyErr_Clear();
- PyMem_Free(tbuf);
-- return NULL;
-+ Py_RETURN_NONE;
- }
-
- ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
-@@ -269,9 +270,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) {
- tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
- (unsigned char *)tbuf, rsa, padding);
- if (tlen == -1) {
-- m2_PyErr_Msg(_rsa_err);
-+ ERR_clear_error();
-+ PyErr_Clear();
- PyMem_Free(tbuf);
-- return NULL;
-+ Py_RETURN_NONE;
- }
-
- ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
-@@ -296,9 +298,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) {
- tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
- (unsigned char *)tbuf, rsa, padding);
- if (tlen == -1) {
-- m2_PyErr_Msg(_rsa_err);
-+ ERR_clear_error();
-+ PyErr_Clear();
- PyMem_Free(tbuf);
-- return NULL;
-+ Py_RETURN_NONE;
- }
-
- ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
-@@ -323,9 +326,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) {
- tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
- (unsigned char *)tbuf, rsa, padding);
- if (tlen == -1) {
-- m2_PyErr_Msg(_rsa_err);
-+ ERR_clear_error();
-+ PyErr_Clear();
- PyMem_Free(tbuf);
-- return NULL;
-+ Py_RETURN_NONE;
- }
- ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
-
-diff --git a/tests/test_rsa.py b/tests/test_rsa.py
-index 7bb3af75..5e75d681 100644
---- a/tests/test_rsa.py
-+++ b/tests/test_rsa.py
-@@ -109,8 +109,9 @@ class RSATestCase(unittest.TestCase):
- # The other paddings.
- for padding in self.s_padding_nok:
- p = getattr(RSA, padding)
-- with self.assertRaises(RSA.RSAError):
-- priv.private_encrypt(self.data, p)
-+ # Exception disabled as a part of mitigation against CVE-2020-25657
-+ # with self.assertRaises(RSA.RSAError):
-+ priv.private_encrypt(self.data, p)
- # Type-check the data to be encrypted.
- with self.assertRaises(TypeError):
- priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding)
-@@ -127,10 +128,12 @@ class RSATestCase(unittest.TestCase):
- self.assertEqual(ptxt, self.data)
-
- # no_padding
-- with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
-- priv.public_encrypt(self.data, RSA.no_padding)
-+ # Exception disabled as a part of mitigation against CVE-2020-25657
-+ # with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
-+ priv.public_encrypt(self.data, RSA.no_padding)
-
- # Type-check the data to be encrypted.
-+ # Exception disabled as a part of mitigation against CVE-2020-25657
- with self.assertRaises(TypeError):
- priv.public_encrypt(self.gen_callback, RSA.pkcs1_padding)
-
-@@ -146,10 +149,6 @@ class RSATestCase(unittest.TestCase):
- b'\000\000\000\003\001\000\001') # aka 65537 aka 0xf4
- with self.assertRaises(RSA.RSAError):
- setattr(rsa, 'e', '\000\000\000\003\001\000\001')
-- with self.assertRaises(RSA.RSAError):
-- rsa.private_encrypt(1)
-- with self.assertRaises(RSA.RSAError):
-- rsa.private_decrypt(1)
- assert rsa.check_key()
-
- def test_loadpub_bad(self):
---
-GitLab
-
diff --git a/package/python-m2crypto/python-m2crypto.hash b/package/python-m2crypto/python-m2crypto.hash
index 879f232565..782837081e 100644
--- a/package/python-m2crypto/python-m2crypto.hash
+++ b/package/python-m2crypto/python-m2crypto.hash
@@ -1,5 +1,5 @@
# md5, sha256 from https://pypi.org/pypi/m2crypto/json
-md5 8f39bfac730b6567e0c2179d15318c60 M2Crypto-0.38.0.tar.gz
-sha256 99f2260a30901c949a8dc6d5f82cd5312ffb8abc92e76633baf231bbbcb2decb M2Crypto-0.38.0.tar.gz
+md5 280c20072afbe7010cf9e9620ea25c7b M2Crypto-0.40.1.tar.gz
+sha256 bbfd113ec55708c05816252a4f09e4237df4f3bbfc8171cbbc33057d257bbb30 M2Crypto-0.40.1.tar.gz
# Locally computed sha256 checksums
sha256 4eca478396f4b2b020729a111fce3f096456d74500bfd8f2b0388c3c69f997c0 LICENCE
diff --git a/package/python-m2crypto/python-m2crypto.mk b/package/python-m2crypto/python-m2crypto.mk
index 3c28fa3b0d..69a0c28df5 100644
--- a/package/python-m2crypto/python-m2crypto.mk
+++ b/package/python-m2crypto/python-m2crypto.mk
@@ -4,9 +4,9 @@
#
################################################################################
-PYTHON_M2CRYPTO_VERSION = 0.38.0
+PYTHON_M2CRYPTO_VERSION = 0.40.1
PYTHON_M2CRYPTO_SOURCE = M2Crypto-$(PYTHON_M2CRYPTO_VERSION).tar.gz
-PYTHON_M2CRYPTO_SITE = https://files.pythonhosted.org/packages/2c/52/c35ec79dd97a8ecf6b2bbd651df528abb47705def774a4a15b99977274e8
+PYTHON_M2CRYPTO_SITE = https://files.pythonhosted.org/packages/9e/a3/9433817493ea250db67a05de3361cb0a1d58531847d50406f2f28455e68c
PYTHON_M2CRYPTO_SETUP_TYPE = setuptools
PYTHON_M2CRYPTO_LICENSE = MIT
PYTHON_M2CRYPTO_LICENSE_FILES = LICENCE
@@ -15,7 +15,4 @@ PYTHON_M2CRYPTO_CPE_ID_PRODUCT = m2crypto
PYTHON_M2CRYPTO_DEPENDENCIES = openssl host-swig
PYTHON_M2CRYPTO_BUILD_OPTS = --openssl=$(STAGING_DIR)/usr
-# 0001-Mitigate-the-Bleichenbacher-timing-attacks-in-the-RSA-decryption-API-CVE-2020-25657.patch
-PYTHON_M2CRYPTO_IGNORE_CVES += CVE-2020-25657
-
$(eval $(python-package))
--
2.34.1
More information about the buildroot
mailing list