diff --git a/CVE-2020-25657-Bleichenbacher-attack.patch b/CVE-2020-25657-Bleichenbacher-attack.patch deleted file mode 100644 index 8e37e4d..0000000 --- a/CVE-2020-25657-Bleichenbacher-attack.patch +++ /dev/null @@ -1,170 +0,0 @@ -From 84c53958def0f510e92119fca14d74f94215827a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= -Date: Tue, 28 Jun 2022 21:17:01 +0200 -Subject: [PATCH] Mitigate the Bleichenbacher timing attacks in the RSA - decryption API (CVE-2020-25657) - -Fixes #282 ---- - src/SWIG/_m2crypto_wrap.c | 20 ++++++++++++-------- - src/SWIG/_rsa.i | 20 ++++++++++++-------- - tests/test_rsa.py | 15 +++++++-------- - 3 files changed, 31 insertions(+), 24 deletions(-) - -diff --git a/src/SWIG/_m2crypto_wrap.c b/src/SWIG/_m2crypto_wrap.c -index aba9eb6d..a9f30da9 100644 ---- a/src/SWIG/_m2crypto_wrap.c -+++ b/src/SWIG/_m2crypto_wrap.c -@@ -7040,9 +7040,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) { - tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf, - (unsigned char *)tbuf, rsa, padding); - if (tlen == -1) { -- m2_PyErr_Msg(_rsa_err); -+ ERR_clear_error(); -+ PyErr_Clear(); - PyMem_Free(tbuf); -- return NULL; -+ Py_RETURN_NONE; - } - - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); -@@ -7070,9 +7071,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) { - tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf, - (unsigned char *)tbuf, rsa, padding); - if (tlen == -1) { -- m2_PyErr_Msg(_rsa_err); -+ ERR_clear_error(); -+ PyErr_Clear(); - PyMem_Free(tbuf); -- return NULL; -+ Py_RETURN_NONE; - } - - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); -@@ -7097,9 +7099,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) { - tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf, - (unsigned char *)tbuf, rsa, padding); - if (tlen == -1) { -- m2_PyErr_Msg(_rsa_err); -+ ERR_clear_error(); -+ PyErr_Clear(); - PyMem_Free(tbuf); -- return NULL; -+ Py_RETURN_NONE; - } - - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); -@@ -7124,9 +7127,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) { - tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf, - (unsigned char *)tbuf, rsa, padding); - if (tlen == -1) { -- m2_PyErr_Msg(_rsa_err); -+ ERR_clear_error(); -+ PyErr_Clear(); - PyMem_Free(tbuf); -- return NULL; -+ Py_RETURN_NONE; - } - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); - -diff --git a/src/SWIG/_rsa.i b/src/SWIG/_rsa.i -index bc714e01..1377b8be 100644 ---- a/src/SWIG/_rsa.i -+++ b/src/SWIG/_rsa.i -@@ -239,9 +239,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) { - tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf, - (unsigned char *)tbuf, rsa, padding); - if (tlen == -1) { -- m2_PyErr_Msg(_rsa_err); -+ ERR_clear_error(); -+ PyErr_Clear(); - PyMem_Free(tbuf); -- return NULL; -+ Py_RETURN_NONE; - } - - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); -@@ -269,9 +270,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) { - tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf, - (unsigned char *)tbuf, rsa, padding); - if (tlen == -1) { -- m2_PyErr_Msg(_rsa_err); -+ ERR_clear_error(); -+ PyErr_Clear(); - PyMem_Free(tbuf); -- return NULL; -+ Py_RETURN_NONE; - } - - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); -@@ -296,9 +298,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) { - tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf, - (unsigned char *)tbuf, rsa, padding); - if (tlen == -1) { -- m2_PyErr_Msg(_rsa_err); -+ ERR_clear_error(); -+ PyErr_Clear(); - PyMem_Free(tbuf); -- return NULL; -+ Py_RETURN_NONE; - } - - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); -@@ -323,9 +326,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) { - tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf, - (unsigned char *)tbuf, rsa, padding); - if (tlen == -1) { -- m2_PyErr_Msg(_rsa_err); -+ ERR_clear_error(); -+ PyErr_Clear(); - PyMem_Free(tbuf); -- return NULL; -+ Py_RETURN_NONE; - } - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); - -diff --git a/tests/test_rsa.py b/tests/test_rsa.py -index 7bb3af75..5e75d681 100644 ---- a/tests/test_rsa.py -+++ b/tests/test_rsa.py -@@ -109,8 +109,9 @@ class RSATestCase(unittest.TestCase): - # The other paddings. - for padding in self.s_padding_nok: - p = getattr(RSA, padding) -- with self.assertRaises(RSA.RSAError): -- priv.private_encrypt(self.data, p) -+ # Exception disabled as a part of mitigation against CVE-2020-25657 -+ # with self.assertRaises(RSA.RSAError): -+ priv.private_encrypt(self.data, p) - # Type-check the data to be encrypted. - with self.assertRaises(TypeError): - priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding) -@@ -127,10 +128,12 @@ class RSATestCase(unittest.TestCase): - self.assertEqual(ptxt, self.data) - - # no_padding -- with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'): -- priv.public_encrypt(self.data, RSA.no_padding) -+ # Exception disabled as a part of mitigation against CVE-2020-25657 -+ # with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'): -+ priv.public_encrypt(self.data, RSA.no_padding) - - # Type-check the data to be encrypted. -+ # Exception disabled as a part of mitigation against CVE-2020-25657 - with self.assertRaises(TypeError): - priv.public_encrypt(self.gen_callback, RSA.pkcs1_padding) - -@@ -146,10 +149,6 @@ class RSATestCase(unittest.TestCase): - b'\000\000\000\003\001\000\001') # aka 65537 aka 0xf4 - with self.assertRaises(RSA.RSAError): - setattr(rsa, 'e', '\000\000\000\003\001\000\001') -- with self.assertRaises(RSA.RSAError): -- rsa.private_encrypt(1) -- with self.assertRaises(RSA.RSAError): -- rsa.private_decrypt(1) - assert rsa.check_key() - - def test_loadpub_bad(self): --- -GitLab - diff --git a/M2Crypto-0.38.0.tar.gz b/M2Crypto-0.38.0.tar.gz deleted file mode 100644 index 9720428..0000000 --- a/M2Crypto-0.38.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:99f2260a30901c949a8dc6d5f82cd5312ffb8abc92e76633baf231bbbcb2decb -size 1241269 diff --git a/M2Crypto-0.38.0.tar.gz.asc b/M2Crypto-0.38.0.tar.gz.asc deleted file mode 100644 index 9c1649e..0000000 --- a/M2Crypto-0.38.0.tar.gz.asc +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iF0EABECAB0WIQSJ70vGKIq/QxurJcPgn+8l2WSErAUCYMfDmAAKCRDgn+8l2WSE -rJjeAJ9020kzL4u/p/KNnH3ei4EKFeJJhQCfcHKVJ0exSXSIj8/xbAdSKRvl8uQ= -=Q+r2 ------END PGP SIGNATURE----- diff --git a/M2Crypto-0.39.0.tar.gz b/M2Crypto-0.39.0.tar.gz new file mode 100644 index 0000000..bc28737 --- /dev/null +++ b/M2Crypto-0.39.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:24c0f471358b8b19ad4c8aa9da12e868030b65c1fdb3279d006df60c9501338a +size 1248372 diff --git a/M2Crypto-0.39.0.tar.gz.asc b/M2Crypto-0.39.0.tar.gz.asc new file mode 100644 index 0000000..fcdfa3e --- /dev/null +++ b/M2Crypto-0.39.0.tar.gz.asc @@ -0,0 +1,6 @@ +-----BEGIN PGP SIGNATURE----- + +iF0EABECAB0WIQSJ70vGKIq/QxurJcPgn+8l2WSErAUCZKRcPQAKCRDgn+8l2WSE +rOdTAJ94HzHyNz9/cD+BQje4mM6EBhPkzwCcCaHGd/j7TbdV4Y0GvdbzvHgAbFY= +=nPc4 +-----END PGP SIGNATURE----- diff --git a/m2crypto-0.38-ossl3-tests.patch b/m2crypto-0.38-ossl3-tests.patch deleted file mode 100644 index 57ee7c4..0000000 --- a/m2crypto-0.38-ossl3-tests.patch +++ /dev/null @@ -1,212 +0,0 @@ -From 969beba690c31a91e4c8c2fea5dc1f992df21e09 Mon Sep 17 00:00:00 2001 -From: Petr Mensik -Date: Tue, 2 Aug 2022 22:04:38 +0200 -Subject: [PATCH] Changed required to pass tests on OpenSSL 3.0 - -Just changes to make the package pass tests. Some are just cosmetic -changes. Some would require proper investigation. ---- - tests/test_bio.py | 7 ++++--- - tests/test_evp.py | 12 ++++++------ - tests/test_obj.py | 1 + - tests/test_rsa.py | 11 +++++++++-- - tests/test_ssl.py | 1 + - tests/test_x509.py | 29 ++++++++++++++++++++++------- - 6 files changed, 43 insertions(+), 18 deletions(-) - -diff --git a/tests/test_bio.py b/tests/test_bio.py -index a70dd73..222c292 100644 ---- a/tests/test_bio.py -+++ b/tests/test_bio.py -@@ -12,9 +12,9 @@ import logging - - from parameterized import parameterized - --from M2Crypto import BIO, Rand -+from M2Crypto import BIO, Rand, m2 - from tests import unittest --from .fips import fips_mode -+from tests.fips import fips_mode - - log = logging.getLogger('test_bio') - -@@ -30,10 +30,11 @@ nonfips_ciphers = ['bf_ecb', 'bf_cbc', 'bf_cfb', 'bf_ofb', - # 'rc5_ecb', 'rc5_cbc', 'rc5_cfb', 'rc5_ofb', - 'des_ecb', 'des_cbc', 'des_cfb', 'des_ofb', - 'rc4', 'rc2_40_cbc'] --if not fips_mode: # Forbidden ciphers -+if not fips_mode and m2.OPENSSL_VERSION_NUMBER < 0x30000000: # Forbidden ciphers - ciphers += nonfips_ciphers - - -+ - class CipherStreamTestCase(unittest.TestCase): - def try_algo(self, algo): - data = b'123456789012345678901234' -diff --git a/tests/test_evp.py b/tests/test_evp.py -index d63b8b5..ceb0030 100644 ---- a/tests/test_evp.py -+++ b/tests/test_evp.py -@@ -35,7 +35,7 @@ nonfips_ciphers = ['bf_ecb', 'bf_cbc', 'bf_cfb', 'bf_ofb', - # 'rc5_ecb', 'rc5_cbc', 'rc5_cfb', 'rc5_ofb', - 'des_ecb', 'des_cbc', 'des_cfb', 'des_ofb', - 'rc4', 'rc2_40_cbc'] --if not fips_mode: # Disabled algorithms -+if not fips_mode and m2.OPENSSL_VERSION_NUMBER < 0x30000000: # Disabled algorithms - ciphers += nonfips_ciphers - - -@@ -137,11 +137,11 @@ class EVPTestCase(unittest.TestCase): - 209168838103121722341657216703105225176, - util.octx_to_num(EVP.hmac(b'key', b'data', - algo='md5'))) -- self.assertEqual(util.octx_to_num(EVP.hmac(b'key', b'data', -- algo='ripemd160')), -- 1176807136224664126629105846386432860355826868536, -- util.octx_to_num(EVP.hmac(b'key', b'data', -- algo='ripemd160'))) -+ #self.assertEqual(util.octx_to_num(EVP.hmac(b'key', b'data', -+ # algo='ripemd160')), -+ # 1176807136224664126629105846386432860355826868536, -+ # util.octx_to_num(EVP.hmac(b'key', b'data', -+ # algo='ripemd160'))) - - if m2.OPENSSL_VERSION_NUMBER >= 0x90800F: - self.assertEqual(util.octx_to_num(EVP.hmac(b'key', b'data', -diff --git a/tests/test_obj.py b/tests/test_obj.py -index 825c203..e2a9e3e 100644 ---- a/tests/test_obj.py -+++ b/tests/test_obj.py -@@ -106,6 +106,7 @@ class ObjectsTestCase(unittest.TestCase): - self.assertEqual(n.as_text(), n1.as_text(), n1.as_text()) - - # Detailed OpenSSL error message is visible in Python error message: -+ @unittest.skipIf(m2.OPENSSL_VERSION_NUMBER >= 0x30000000, "Failing on OpenSSL3") - def test_detailed_error_message(self): - from M2Crypto import SMIME, X509 - s = SMIME.SMIME() -diff --git a/tests/test_rsa.py b/tests/test_rsa.py -index 7bb3af7..8258c47 100644 ---- a/tests/test_rsa.py -+++ b/tests/test_rsa.py -@@ -115,7 +115,8 @@ class RSATestCase(unittest.TestCase): - with self.assertRaises(TypeError): - priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding) - -- @unittest.skipIf(m2.OPENSSL_VERSION_NUMBER < 0x1010103f, -+ @unittest.skipIf(m2.OPENSSL_VERSION_NUMBER < 0x1010103f or -+ m2.OPENSSL_VERSION_NUMBER >= 0x30000000, - 'Relies on fix which happened only in OpenSSL 1.1.1c') - def test_public_encrypt(self): - priv = RSA.load_key(self.privkey) -@@ -264,7 +265,11 @@ class RSATestCase(unittest.TestCase): - algos['sha512'] = 0 - - for algo, salt_max in algos.items(): -- h = hashlib.new(algo) -+ try: -+ h = hashlib.new(algo) -+ except ValueError: -+ algos[algo] = (None, None) -+ continue - h.update(message) - digest = h.digest() - algos[algo] = (salt_max, digest) -@@ -272,6 +277,8 @@ class RSATestCase(unittest.TestCase): - rsa = RSA.load_key(self.privkey) - rsa2 = RSA.load_pub_key(self.pubkey) - for algo, (salt_max, digest) in algos.items(): -+ if salt_max is None or digest is None: -+ continue - for salt_length in range(0, salt_max): - signature = rsa.sign_rsassa_pss(digest, algo, salt_length) - verify = rsa2.verify_rsassa_pss(digest, signature, -diff --git a/tests/test_ssl.py b/tests/test_ssl.py -index e18adf5..cb06efe 100644 ---- a/tests/test_ssl.py -+++ b/tests/test_ssl.py -@@ -417,6 +417,7 @@ class MiscSSLClientTestCase(BaseSSLClientTestCase): - finally: - self.stop_server(pid) - -+ @unittest.skipIf(m2.OPENSSL_VERSION_NUMBER >= 0x30000000, "No TLS1 is allowed") - def test_tls1_ok(self): - self.args.append('-tls1') - pid = self.start_server(self.args) -diff --git a/tests/test_x509.py b/tests/test_x509.py -index c36757e..c91e0ca 100644 ---- a/tests/test_x509.py -+++ b/tests/test_x509.py -@@ -219,14 +219,23 @@ class X509TestCase(unittest.TestCase): - req4 = X509.load_request('tests/tmp_request.der', - format=X509.FORMAT_DER) - os.remove('tests/tmp_request.der') -+ if m2.OPENSSL_VERSION_NUMBER >= 0x30000000: -+ req2t = req2.as_text().replace(' Public-Key: (1024 bit)', ' RSA Public-Key: (1024 bit)') -+ req3t = req3.as_text().replace(' Public-Key: (1024 bit)', ' RSA Public-Key: (1024 bit)') -+ req4t = req3.as_text().replace(' Public-Key: (1024 bit)', ' RSA Public-Key: (1024 bit)') -+ else: -+ req2t = req2.as_text() -+ req3t = req3.as_text() -+ req4t = req3.as_text() -+ - self.assertEqual(req.as_pem(), req2.as_pem()) -- self.assertEqual(req.as_text(), req2.as_text()) -+ self.assertEqual(req.as_text(), req2t) - self.assertEqual(req.as_der(), req2.as_der()) - self.assertEqual(req.as_pem(), req3.as_pem()) -- self.assertEqual(req.as_text(), req3.as_text()) -+ self.assertEqual(req.as_text(), req3t) - self.assertEqual(req.as_der(), req3.as_der()) - self.assertEqual(req.as_pem(), req4.as_pem()) -- self.assertEqual(req.as_text(), req4.as_text()) -+ self.assertEqual(req.as_text(), req4t) - self.assertEqual(req.as_der(), req4.as_der()) - self.assertEqual(req.get_version(), 0) - req.set_version(1) -@@ -370,9 +379,9 @@ class X509TestCase(unittest.TestCase): - self.assertTrue(proxycert.verify(pk2)) - self.assertEqual(proxycert.get_ext_at(0).get_name(), - 'proxyCertInfo') -- self.assertEqual(proxycert.get_ext_at(0).get_value(), -+ self.assertEqual(proxycert.get_ext_at(0).get_value().strip(), - 'Path Length Constraint: infinite\n' + -- 'Policy Language: Inherit all\n') -+ 'Policy Language: Inherit all') - self.assertEqual(proxycert.get_ext_count(), 1, - proxycert.get_ext_count()) - self.assertEqual(proxycert.get_subject().as_text(), -@@ -586,6 +595,12 @@ class X509TestCase(unittest.TestCase): - - - class X509StackTestCase(unittest.TestCase): -+ def setUp(self): -+ if m2.OPENSSL_VERSION_NUMBER >= 0x30000000: -+ self.expected_subject = '/DC=org/DC=doegrids/OU=Services/CN=host\\/bosshog.lbl.gov' -+ else: -+ self.expected_subject = '/DC=org/DC=doegrids/OU=Services/CN=host/bosshog.lbl.gov' -+ - def test_make_stack_from_der(self): - with open("tests/der_encoded_seq.b64", 'rb') as f: - b64 = f.read() -@@ -607,7 +622,7 @@ class X509StackTestCase(unittest.TestCase): - subject = cert.get_subject() - self.assertEqual( - str(subject), -- "/DC=org/DC=doegrids/OU=Services/CN=host/bosshog.lbl.gov") -+ self.expected_subject) - - def test_make_stack_check_num(self): - with open("tests/der_encoded_seq.b64", 'rb') as f: -@@ -629,7 +644,7 @@ class X509StackTestCase(unittest.TestCase): - subject = cert.get_subject() - self.assertEqual( - str(subject), -- "/DC=org/DC=doegrids/OU=Services/CN=host/bosshog.lbl.gov") -+ self.expected_subject) - - def test_make_stack(self): - stack = X509.X509_Stack() --- -2.35.3 - diff --git a/openssl-adapt-tests-for-3.1.0.patch b/openssl-adapt-tests-for-3.1.0.patch deleted file mode 100644 index f8e2bf5..0000000 --- a/openssl-adapt-tests-for-3.1.0.patch +++ /dev/null @@ -1,22 +0,0 @@ -From a72341e20fd781b59beb59a27b222d32d021076e Mon Sep 17 00:00:00 2001 -From: Otto Hollmann -Date: Thu, 16 Mar 2023 11:21:04 +0100 -Subject: [PATCH] Adapt tests for OpenSSL v3.1.0 - ---- - tests/test_ssl.py | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/tests/test_ssl.py b/tests/test_ssl.py -index 6b9e1216..029e11ab 100644 ---- a/tests/test_ssl.py -+++ b/tests/test_ssl.py -@@ -411,6 +411,7 @@ class MiscSSLClientTestCase(BaseSSLClientTestCase): - warnings.simplefilter('ignore', DeprecationWarning) - ctx = SSL.Context('tlsv1') - s = SSL.Connection(ctx) -+ s.set_cipher_list('DEFAULT:@SECLEVEL=0') - with six.assertRaisesRegex(self, SSL.SSLError, - r'version|unexpected eof'): - s.connect(self.srv_addr) --- diff --git a/openssl-stop-parsing-header.patch b/openssl-stop-parsing-header.patch deleted file mode 100644 index 07b9e9b..0000000 --- a/openssl-stop-parsing-header.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 1a746c6d01eff4863c116e279756a1035fd5feb0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= -Date: Mon, 22 Nov 2021 23:05:41 +0100 -Subject: [PATCH] Use OpenSSL_version_num() instead of unrealiable parsing of - .h file. - -Fixes #302 ---- - setup.py | 39 ++++++++++++++++++++++++--------------- - 1 file changed, 24 insertions(+), 15 deletions(-) - -diff --git a/setup.py b/setup.py -index a1d58f25..04ac8c77 100644 ---- a/setup.py -+++ b/setup.py -@@ -75,21 +75,30 @@ def openssl_version(ossldir, req_ver, required=False): - :return: Boolean indicating whether the satisfying version of - OpenSSL has been installed. - """ -- ver = None -- file = os.path.join(ossldir, 'include', 'openssl', 'opensslv.h') -- -- with open(file) as origin_file: -- for line in origin_file: -- m = re.match( -- r'^# *define *OPENSSL_VERSION_NUMBER *(0x[0-9a-fA-F]*)', -- line) -- if m: -- log.debug('found version number: %s\n', m.group(1)) -- ver = int(m.group(1), base=16) -- break -- -- if ver is None: -- raise OSError('Unknown format of file %s\n' % file) -+ try: -+ import ctypes -+ libssl = ctypes.cdll.LoadLibrary("libssl.so") -+ ver = libssl.OpenSSL_version_num() -+ log.debug("ctypes: ver = %s", hex(ver)) -+ # for OpenSSL < 1.1.0 -+ except AttributeError: -+ ver = None -+ file = os.path.join(ossldir, 'include', 'openssl', 'opensslv.h') -+ -+ with open(file) as origin_file: -+ for line in origin_file: -+ m = re.match( -+ r'^# *define *OPENSSL_VERSION_NUMBER *(0x[0-9a-fA-F]*)', -+ line) -+ if m: -+ log.debug('found version number: %s\n', m.group(1)) -+ ver = int(m.group(1), base=16) -+ break -+ -+ log.debug("parsing header file: ver = %s", hex(ver)) -+ -+ if ver is None: -+ raise OSError('Unknown format of file %s\n' % file) - - if required: - return ver >= req_ver --- -GitLab - diff --git a/python-M2Crypto.changes b/python-M2Crypto.changes index 19413b5..d84a358 100644 --- a/python-M2Crypto.changes +++ b/python-M2Crypto.changes @@ -1,3 +1,38 @@ +------------------------------------------------------------------- +Tue Jul 4 19:21:57 UTC 2023 - Matej Cepl + +- Update to 0.39.0: + - SUPPORT FOR PYTHON 2 HAS BEEN DEPRECATED AND IT WILL BE + COMPLETELY REMOVED IN THE NEXT RELEASE. + - Remove dependency on parameterized and use unittest.subTest + instead. + - Upgrade embedded six.py module to 1.16.0 (really tiny + inconsequential changes). + - Make tests working on MacOS again (test_bio_membuf: Use fork) + - Use OpenSSL_version_num() instead of unrealiable parsing of + .h file. + - Mitigate the Bleichenbacher timing attacks in the RSA + decryption API (CVE-2020-25657) + - Add functionality to extract EC key from public key + Update + tests + - Worked around compatibility issues with OpenSSL 3.* + - Support for Twisted has been deprecated (they have their own + SSL support anyway). + - Generate TAP while testing. + - Stop using GitHub for testing. + - Accept a small deviation from time in the testsuite (for + systems with non-standard HZ kernel parameter). + - Use the default BIO.__del__ rather tha overriding in BIO.File + (avoid a memleak). + - Resolve "X509_Name.as_der() method from X509.py -> class + X509_Name caused segmentation fault" +- Remove upstreamed patches: + - CVE-2020-25657-Bleichenbacher-attack.patch + - m2crypto-0.38-ossl3-tests.patch + - openssl-adapt-tests-for-3.1.0.patch + - openssl-stop-parsing-header.patch + - timeout_300hz.patch + ------------------------------------------------------------------- Tue Jun 27 10:51:14 UTC 2023 - Dirk Müller diff --git a/python-M2Crypto.spec b/python-M2Crypto.spec index 20f279f..d4cd689 100644 --- a/python-M2Crypto.spec +++ b/python-M2Crypto.spec @@ -17,33 +17,20 @@ %define oldpython python -%{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-M2Crypto -Version: 0.38.0 +Version: 0.39.0 Release: 0 Summary: Crypto and SSL toolkit for Python License: MIT Group: Development/Languages/Python URL: https://gitlab.com/m2crypto/m2crypto Source0: https://files.pythonhosted.org/packages/source/M/M2Crypto/M2Crypto-%{version}.tar.gz -Source1: https://files.pythonhosted.org/packages/source/M/M2Crypto/M2Crypto-%{version}.tar.gz.asc +Source1: M2Crypto-%{version}.tar.gz.asc Source99: python-M2Crypto.keyring -# PATCH-FIX-UPSTREAM CVE-2020-25657-Bleichenbacher-attack.patch bsc#1178829 mcepl@suse.com -# Mitigate the Bleichenbacher timing attacks in the RSA decryption API -Patch0: CVE-2020-25657-Bleichenbacher-attack.patch -# PATCH-FIX-UPSTREAM https://gitlab.com/m2crypto/m2crypto/-/merge_requests/271 -Patch1: openssl-stop-parsing-header.patch -# Patch-FIX-OPENSUSE add test skips for openssl 3.x -Patch2: https://src.fedoraproject.org/rpms/m2crypto/raw/d7be0dd83ee5a414544d99dcc62cde4ad5998f0c/f/m2crypto-0.38-ossl3-tests.patch -# PATCH-FIX-UPSTREAM https://gitlab.com/m2crypto/m2crypto/-/merge_requests/284 -Patch3: openssl-adapt-tests-for-3.1.0.patch -Patch4: timeout_300hz.patch BuildRequires: %{python_module devel} -BuildRequires: %{python_module parameterized} -BuildRequires: %{python_module pytest} -BuildRequires: %{python_module setuptools} +BuildRequires: %{python_module pip} BuildRequires: %{python_module typing} -BuildRequires: %{python_module xml} +BuildRequires: %{python_module wheel} BuildRequires: fdupes BuildRequires: openssl BuildRequires: openssl-devel @@ -94,20 +81,21 @@ Documentation for the Crypto and SSL toolkit for Python %build export CFLAGS="%{optflags}" -%python_build +%pyproject_wheel %install -%python_install +%pyproject_install %python_expand %fdupes %{buildroot}%{$python_sitearch} %check %python_expand ls -l %{buildroot}%{$python_sitearch}/M2Crypto/*.so* export PYTEST_ADDOPTS="--import-mode=append" -%pytest_arch tests +%pyunittest_arch tests %files %{python_files} %doc CHANGES LICENCE README.rst -%{python_sitearch}/* +%{python_sitearch}/M2Crypto +%{python_sitearch}/M2Crypto-%{version}*-info %files -n %{name}-doc %doc doc/*.rst diff --git a/timeout_300hz.patch b/timeout_300hz.patch deleted file mode 100644 index 40f2eec..0000000 --- a/timeout_300hz.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: M2Crypto-0.38.0/tests/test_ssl.py -=================================================================== ---- M2Crypto-0.38.0.orig/tests/test_ssl.py -+++ M2Crypto-0.38.0/tests/test_ssl.py -@@ -391,7 +391,7 @@ class MiscSSLClientTestCase(BaseSSLClien - self.assertEqual(r.sec, DEFAULT_TIMEOUT, r.sec) - self.assertEqual(r.microsec, 0, r.microsec) - self.assertEqual(w.sec, test_timeout_sec, w.sec) -- self.assertEqual(w.microsec, test_timeout_microsec, w.microsec) -+ self.assertTrue(abs(w.microsec - test_timeout_microsec) < 4000, w.microsec) - - s.connect(self.srv_addr) - data = self.http_get(s)