NIST currently tracks CVEs under at least 2 different CPEs for this recipe,
but neither of them is python:m2crypto (the default CVE_PRODUCT).
See CVE db query:
sqlite> select * from products where PRODUCT like '%m2crypto%';
CVE-2009-0127|heikkitoivonen|m2crypto|-|||
CVE-2020-25657|m2crypto_project|m2crypto|-|||
CVE-2023-50781|m2crypto_project|m2crypto|-|||
Set the CVE_PRODUCT to match the relevant CPEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
python3-m2crypto/0001-setup.py-Make-the-cmd-available.patch
refreshed for 0.46.2
python3-m2crypto/0001-timeout.py-use-qq-format-when-time_t-is-64bit-on-32b.patch
removed, this patch doesn't work for 0.45.1 and 0.46.2.
Fix the following test hang:
test_IP_call (tests.test_ssl.HttpslibSSLSNIClientTestCase.test_IP_call)
...
Changelog:
===========
0.46.2 - 2025-10-02
-------------------
- fix[m2xmlrpclib]: make the module compatible with Python 3.6
0.46.1 - 2025-10-02
-------------------
- Correct license to BSD-2-Clause and update references
- Specify in setup.cfg that we require Python >= 3.6
0.46.0 - 2025-10-01
-------------------
(Tested on Pythons between 3.6 and 3.14.0~rc3)
- M2Crypto closes SSL connection on closing HTTPS Connection, and
some other related issues (#203, #278)
- Modernize C API by eliminating use of deprecated
PyBytes_AsStringAndSize and related functions with Python
Buffer Protocol (#375)
- Whole project is completely covered with type hints and is
checked by mypy (also while doing that, the whole project was
blackened) (#344)
- Add logging support to C extension code sending messages to the
Python logging
- Introducing first efforts to support Engine object (#229)
- Reworked and fixed M2Crypto.m2xmlrpclib module (#163)
- Reverted removal of demo/ subdirectory
- Improve SMIME documentation (#377)
- Some other minor bugs, improvements, and removal of dead code
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
