diff --git a/CVE-2020-25657.patch b/CVE-2020-25657.patch deleted file mode 100644 index 5084554..0000000 --- a/CVE-2020-25657.patch +++ /dev/null @@ -1,170 +0,0 @@ -From 84c53958def0f510e92119fca14d74f94215827a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= -Date: Tue, 28 Jun 2022 21:17:01 +0200 -Subject: [PATCH] Mitigate the Bleichenbacher timing attacks in the RSA - decryption API (CVE-2020-25657) - -Fixes #282 ---- - M2Crypto-0.38.0/src/SWIG/_m2crypto_wrap.c | 20 ++++++++++++-------- - M2Crypto-0.38.0/src/SWIG/_rsa.i | 20 ++++++++++++-------- - M2Crypto-0.38.0/tests/test_rsa.py | 15 +++++++-------- - 3 files changed, 31 insertions(+), 24 deletions(-) - -diff --git a/M2Crypto-0.38.0/src/SWIG/_m2crypto_wrap.c b/M2Crypto-0.38.0/src/SWIG/_m2crypto_wrap.c -index aba9eb6d..a9f30da9 100644 ---- a/M2Crypto-0.38.0/src/SWIG/_m2crypto_wrap.c -+++ b/M2Crypto-0.38.0/src/SWIG/_m2crypto_wrap.c -@@ -7040,9 +7040,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) { - tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf, - (unsigned char *)tbuf, rsa, padding); - if (tlen == -1) { -- m2_PyErr_Msg(_rsa_err); -+ ERR_clear_error(); -+ PyErr_Clear(); - PyMem_Free(tbuf); -- return NULL; -+ Py_RETURN_NONE; - } - - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); -@@ -7070,9 +7071,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) { - tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf, - (unsigned char *)tbuf, rsa, padding); - if (tlen == -1) { -- m2_PyErr_Msg(_rsa_err); -+ ERR_clear_error(); -+ PyErr_Clear(); - PyMem_Free(tbuf); -- return NULL; -+ Py_RETURN_NONE; - } - - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); -@@ -7097,9 +7099,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) { - tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf, - (unsigned char *)tbuf, rsa, padding); - if (tlen == -1) { -- m2_PyErr_Msg(_rsa_err); -+ ERR_clear_error(); -+ PyErr_Clear(); - PyMem_Free(tbuf); -- return NULL; -+ Py_RETURN_NONE; - } - - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); -@@ -7124,9 +7127,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) { - tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf, - (unsigned char *)tbuf, rsa, padding); - if (tlen == -1) { -- m2_PyErr_Msg(_rsa_err); -+ ERR_clear_error(); -+ PyErr_Clear(); - PyMem_Free(tbuf); -- return NULL; -+ Py_RETURN_NONE; - } - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); - -diff --git a/M2Crypto-0.38.0/src/SWIG/_rsa.i b/M2Crypto-0.38.0/src/SWIG/_rsa.i -index bc714e01..1377b8be 100644 ---- a/M2Crypto-0.38.0/src/SWIG/_rsa.i -+++ b/M2Crypto-0.38.0/src/SWIG/_rsa.i -@@ -239,9 +239,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) { - tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf, - (unsigned char *)tbuf, rsa, padding); - if (tlen == -1) { -- m2_PyErr_Msg(_rsa_err); -+ ERR_clear_error(); -+ PyErr_Clear(); - PyMem_Free(tbuf); -- return NULL; -+ Py_RETURN_NONE; - } - - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); -@@ -269,9 +270,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) { - tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf, - (unsigned char *)tbuf, rsa, padding); - if (tlen == -1) { -- m2_PyErr_Msg(_rsa_err); -+ ERR_clear_error(); -+ PyErr_Clear(); - PyMem_Free(tbuf); -- return NULL; -+ Py_RETURN_NONE; - } - - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); -@@ -296,9 +298,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) { - tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf, - (unsigned char *)tbuf, rsa, padding); - if (tlen == -1) { -- m2_PyErr_Msg(_rsa_err); -+ ERR_clear_error(); -+ PyErr_Clear(); - PyMem_Free(tbuf); -- return NULL; -+ Py_RETURN_NONE; - } - - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); -@@ -323,9 +326,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) { - tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf, - (unsigned char *)tbuf, rsa, padding); - if (tlen == -1) { -- m2_PyErr_Msg(_rsa_err); -+ ERR_clear_error(); -+ PyErr_Clear(); - PyMem_Free(tbuf); -- return NULL; -+ Py_RETURN_NONE; - } - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); - -diff --git a/M2Crypto-0.38.0/tests/test_rsa.py b/M2Crypto-0.38.0/tests/test_rsa.py -index 7bb3af75..5e75d681 100644 ---- a/M2Crypto-0.38.0/tests/test_rsa.py -+++ b/M2Crypto-0.38.0/tests/test_rsa.py -@@ -109,8 +109,9 @@ class RSATestCase(unittest.TestCase): - # The other paddings. - for padding in self.s_padding_nok: - p = getattr(RSA, padding) -- with self.assertRaises(RSA.RSAError): -- priv.private_encrypt(self.data, p) -+ # Exception disabled as a part of mitigation against CVE-2020-25657 -+ # with self.assertRaises(RSA.RSAError): -+ priv.private_encrypt(self.data, p) - # Type-check the data to be encrypted. - with self.assertRaises(TypeError): - priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding) -@@ -127,10 +128,12 @@ class RSATestCase(unittest.TestCase): - self.assertEqual(ptxt, self.data) - - # no_padding -- with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'): -- priv.public_encrypt(self.data, RSA.no_padding) -+ # Exception disabled as a part of mitigation against CVE-2020-25657 -+ # with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'): -+ priv.public_encrypt(self.data, RSA.no_padding) - - # Type-check the data to be encrypted. -+ # Exception disabled as a part of mitigation against CVE-2020-25657 - with self.assertRaises(TypeError): - priv.public_encrypt(self.gen_callback, RSA.pkcs1_padding) - -@@ -146,10 +149,6 @@ class RSATestCase(unittest.TestCase): - b'\000\000\000\003\001\000\001') # aka 65537 aka 0xf4 - with self.assertRaises(RSA.RSAError): - setattr(rsa, 'e', '\000\000\000\003\001\000\001') -- with self.assertRaises(RSA.RSAError): -- rsa.private_encrypt(1) -- with self.assertRaises(RSA.RSAError): -- rsa.private_decrypt(1) - assert rsa.check_key() - - def test_loadpub_bad(self): --- -GitLab - diff --git a/M2Crypto-0.38.0.tar.gz b/M2Crypto-0.38.0.tar.gz deleted file mode 100644 index 6a885ad..0000000 Binary files a/M2Crypto-0.38.0.tar.gz and /dev/null differ diff --git a/M2Crypto-0.38.0.tar.gz.asc b/M2Crypto-0.38.0.tar.gz.asc deleted file mode 100644 index b64c88e..0000000 --- a/M2Crypto-0.38.0.tar.gz.asc +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iF0EABECAB0WIQSJ70vGKIq/QxurJcPgn+8l2WSErAUCYMfDmAAKCRDgn+8l2WSE -rJjeAJ9020kzL4u/p/KNnH3ei4EKFeJJhQCfcHKVJ0exSXSIj8/xbAdSKRvl8uQ= -=Q+r2 ------END PGP SIGNATURE----- diff --git a/M2Crypto-0.39.0.tar.gz b/M2Crypto-0.39.0.tar.gz new file mode 100644 index 0000000..74c1321 Binary files /dev/null and b/M2Crypto-0.39.0.tar.gz differ diff --git a/m2crypto.spec b/m2crypto.spec index 751c651..475c1ed 100644 --- a/m2crypto.spec +++ b/m2crypto.spec @@ -1,13 +1,10 @@ Name: m2crypto Summary: A crypto and SSL toolkit for Python -Version: 0.38.0 -Release: 2 +Version: 0.39.0 +Release: 1 License: MIT URL: https://gitlab.com/m2crypto/m2crypto/ -Source0: https://files.pythonhosted.org/packages/2c/52/c35ec79dd97a8ecf6b2bbd651df528abb47705def774a4a15b99977274e8/M2Crypto-0.38.0.tar.gz -Source1: https://files.pythonhosted.org/packages/2c/52/c35ec79dd97a8ecf6b2bbd651df528abb47705def774a4a15b99977274e8/M2Crypto-0.38.0.tar.gz.asc -# https://gitlab.com/m2crypto/m2crypto/commit/84c53958def0f510e92119fca14d74f94215827a -Patch0: CVE-2020-25657.patch +Source0: %{pypi_source M2Crypto} BuildRequires: openssl openssl-devel perl-interpreter pkgconfig swig which BuildRequires: python3-devel python3-setuptools gcc @@ -54,6 +51,9 @@ cd M2Crypto-%{version} %{python3_sitearch}/M2Crypto-*.egg-info %changelog +* Sat Jul 22 2023 xu_ping <707078654@qq.com> - 0.39.0-1 +- Upgrade to 0.39.0 + * Wed Aug 17 2022 yaoxin - 0.38.0-2 - Fix CVE-2020-25657