fix CVE-2020-36242
This commit is contained in:
sxt1001
parent
42ac02ac22
commit
86b787f079
46
backport-CVE-2020-36242.patch
Normal file
46
backport-CVE-2020-36242.patch
Normal file
@ -0,0 +1,46 @@
|
||||
From 962eac3925c7184fb5dc174357823223beba0d85 Mon Sep 17 00:00:00 2001
|
||||
From: Paul Kehrer <paul.l.kehrer@gmail.com>
|
||||
Date: Sun, 7 Feb 2021 11:04:43 -0600
|
||||
Subject: [PATCH] port changelog and fix back to master for CVE-2020-36242
|
||||
|
||||
---
|
||||
CHANGELOG.rst | 9 +++++++++
|
||||
src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +-
|
||||
2 files changed, 10 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
|
||||
index 3cb53d0..4dd7146 100644
|
||||
--- a/CHANGELOG.rst
|
||||
+++ b/CHANGELOG.rst
|
||||
@@ -1,6 +1,15 @@
|
||||
Changelog
|
||||
=========
|
||||
|
||||
+.. _v3-3-2:
|
||||
+
|
||||
+3.3.2 - 2021-02-07
|
||||
+~~~~~~~~~~~~~~~~~~
|
||||
+
|
||||
+* **SECURITY ISSUE:** Fixed a bug where certain sequences of ``update()`` calls
|
||||
+ when symmetrically encrypting very large payloads (>2GB) could result in an
|
||||
+ integer overflow, leading to buffer overflows. *CVE-2020-36242*
|
||||
+
|
||||
.. _v3-3-1:
|
||||
|
||||
3.3.1 - 2020-12-09
|
||||
diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py
|
||||
index 1e805d2..ad5dad3 100644
|
||||
--- a/src/cryptography/hazmat/backends/openssl/ciphers.py
|
||||
+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
|
||||
@@ -17,7 +17,7 @@ from cryptography.hazmat.primitives.ciphers import modes
|
||||
class _CipherContext(object):
|
||||
_ENCRYPT = 1
|
||||
_DECRYPT = 0
|
||||
- _MAX_CHUNK_SIZE = 2 ** 31 - 1
|
||||
+ _MAX_CHUNK_SIZE = 2 ** 30 - 1
|
||||
|
||||
def __init__(self, backend, cipher, mode, operation):
|
||||
self._backend = backend
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@ -1,12 +1,13 @@
|
||||
%global srcname cryptography
|
||||
Name: python-%{srcname}
|
||||
Version: 3.3.1
|
||||
Release: 1
|
||||
Release: 2
|
||||
Summary: PyCA's cryptography library
|
||||
License: ASL 2.0 or BSD
|
||||
URL: https://cryptography.io/en/latest/
|
||||
Source0: %{pypi_source}
|
||||
|
||||
Patch6000: backport-CVE-2020-36242.patch
|
||||
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: gcc
|
||||
@ -70,6 +71,9 @@ PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest -k "not (test_
|
||||
%doc README.rst docs
|
||||
|
||||
%changelog
|
||||
* Tue Feb 23 2021 shixuantong <shixuantong@huawei.com> - 3.3.1-2
|
||||
- fix CVE-2020-36242
|
||||
|
||||
* Mon Feb 1 2021 liudabo <liudabo1@huawei.com> - 3.3.1-1
|
||||
- upgrade version to 3.3.1
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user