mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-04-20 11:38:34 +00:00
Code Issues Projects Releases Wiki Activity

python3-m2crypto: upgrade 0.38.0 -> 0.39.0

Browse Source 
Remove the CVE-2020-25657 patch, as it is fixed in 0.39.0:

[tgamblin@megalith m2crypto]$ git log --oneline --grep="CVE-2020-25657"
84c5395 Mitigate the Bleichenbacher timing attacks in the RSA decryption API (CVE-2020-25657)
[tgamblin@megalith m2crypto]$ git tag --contains 84c53958def0f510e92119fca14d74f94215827a
0.39.0

Changelog (https://gitlab.com/m2crypto/m2crypto/-/blob/master/CHANGES?ref_type=heads):

0.39.0 - 2023-01-31
-------------------

- SUPPORT FOR PYTHON 2 HAS BEEN DEPRECATED AND IT WILL BE
  COMPLETELY REMOVED IN THE NEXT RELEASE.
- Remove dependency on parameterized and use unittest.subTest
  instead.
- Upgrade embedded six.py module to 1.16.0 (really tiny
  inconsequential changes).
- Make tests working on MacOS again (test_bio_membuf: Use fork)
- Use OpenSSL_version_num() instead of unrealiable parsing of .h
  file.
- Mitigate the Bleichenbacher timing attacks in the RSA
  decryption API (CVE-2020-25657)
- Add functionality to extract EC key from public key + Update
  tests
- Worked around compatibility issues with OpenSSL 3.*
- Support for Twisted has been deprecated (they have their own
  SSL support anyway).
- Generate TAP while testing.
- Stop using GitHub for testing.
- Accept a small deviation from time in the testsuite (for
  systems with non-standard HZ kernel parameter).
- Use the default BIO.__del__ rather tha overriding in BIO.File
  (avoid a memleak).
- Resolve "X509_Name.as_der() method from X509.py -> class
  X509_Name caused segmentation fault"

Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Trevor Gamblin
2023-07-25 15:09:39 -04:00
committed by Khem Raj
parent 109055a814
commit fe48529f1c
2 changed files with 1 additions and 178 deletions
Download Patch File Download Diff File Expand all files Collapse all files

176
meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch
View File

@@ -1,176 +0,0 @@
Backport patch to fix CVE-2020-25657.
Upstream-Status: Backport [https://gitlab.com/m2crypto/m2crypto/-/commit/84c53958]
Signed-off-by: Kai Kang <kai.kang@windriver.com>
From 84c53958def0f510e92119fca14d74f94215827a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
Date: Tue, 28 Jun 2022 21:17:01 +0200
Subject: [PATCH] Mitigate the Bleichenbacher timing attacks in the RSA
decryption API (CVE-2020-25657)
Fixes #282
---
src/SWIG/_m2crypto_wrap.c | 20 ++++++++++++--------
src/SWIG/_rsa.i | 20 ++++++++++++--------
tests/test_rsa.py | 15 +++++++--------
3 files changed, 31 insertions(+), 24 deletions(-)
diff --git a/src/SWIG/_m2crypto_wrap.c b/src/SWIG/_m2crypto_wrap.c
index aba9eb6d..a9f30da9 100644
--- a/src/SWIG/_m2crypto_wrap.c
+++ b/src/SWIG/_m2crypto_wrap.c
@@ -7040,9 +7040,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -7070,9 +7071,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -7097,9 +7099,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -7124,9 +7127,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
diff --git a/src/SWIG/_rsa.i b/src/SWIG/_rsa.i
index bc714e01..1377b8be 100644
--- a/src/SWIG/_rsa.i
+++ b/src/SWIG/_rsa.i
@@ -239,9 +239,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -269,9 +270,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -296,9 +298,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -323,9 +326,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
diff --git a/tests/test_rsa.py b/tests/test_rsa.py
index 7bb3af75..5e75d681 100644
--- a/tests/test_rsa.py
+++ b/tests/test_rsa.py
@@ -109,8 +109,9 @@ class RSATestCase(unittest.TestCase):
# The other paddings.
for padding in self.s_padding_nok:
p = getattr(RSA, padding)
- with self.assertRaises(RSA.RSAError):
- priv.private_encrypt(self.data, p)
+ # Exception disabled as a part of mitigation against CVE-2020-25657
+ # with self.assertRaises(RSA.RSAError):
+ priv.private_encrypt(self.data, p)
# Type-check the data to be encrypted.
with self.assertRaises(TypeError):
priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding)
@@ -127,10 +128,12 @@ class RSATestCase(unittest.TestCase):
self.assertEqual(ptxt, self.data)
# no_padding
- with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
- priv.public_encrypt(self.data, RSA.no_padding)
+ # Exception disabled as a part of mitigation against CVE-2020-25657
+ # with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
+ priv.public_encrypt(self.data, RSA.no_padding)
# Type-check the data to be encrypted.
+ # Exception disabled as a part of mitigation against CVE-2020-25657
with self.assertRaises(TypeError):
priv.public_encrypt(self.gen_callback, RSA.pkcs1_padding)
@@ -146,10 +149,6 @@ class RSATestCase(unittest.TestCase):
b'\000\000\000\003\001\000\001') # aka 65537 aka 0xf4
with self.assertRaises(RSA.RSAError):
setattr(rsa, 'e', '\000\000\000\003\001\000\001')
- with self.assertRaises(RSA.RSAError):
- rsa.private_encrypt(1)
- with self.assertRaises(RSA.RSAError):
- rsa.private_decrypt(1)
assert rsa.check_key()
def test_loadpub_bad(self):
--
GitLab

3
meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb → meta-python/recipes-devtools/python/python3-m2crypto_0.39.0.bb
View File

@@ -10,9 +10,8 @@ SRC_URI += "file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \
file://cross-compile-platform.patch \
file://avoid-host-contamination.patch \
file://0001-setup.py-address-openssl-3.x-build-issue.patch \
file://CVE-2020-25657.patch \
"
SRC_URI[sha256sum] = "99f2260a30901c949a8dc6d5f82cd5312ffb8abc92e76633baf231bbbcb2decb"
SRC_URI[sha256sum] = "24c0f471358b8b19ad4c8aa9da12e868030b65c1fdb3279d006df60c9501338a"
PYPI_PACKAGE = "M2Crypto"
inherit pypi siteinfo setuptools3