upgrade to version 40.0.2
This commit is contained in:
desert-sailor
parent
e9af0199eb
commit
c6056bd01c
@ -1,45 +0,0 @@
|
||||
From 9fbf84efc861668755ab645530ec7be9cf3c6696 Mon Sep 17 00:00:00 2001
|
||||
From: Alex Gaynor <alex.gaynor@gmail.com>
|
||||
Date: Tue, 7 Feb 2023 11:34:18 -0500
|
||||
Subject: [PATCH] Don't allow update_into to mutate immutable objects (#8230)
|
||||
|
||||
---
|
||||
src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +-
|
||||
tests/hazmat/primitives/test_ciphers.py | 8 ++++++++
|
||||
2 files changed, 9 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py
|
||||
index d5b6010..a5737dc 100644
|
||||
--- a/src/cryptography/hazmat/backends/openssl/ciphers.py
|
||||
+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
|
||||
@@ -155,7 +155,7 @@ class _CipherContext(object):
|
||||
data_processed = 0
|
||||
total_out = 0
|
||||
outlen = self._backend._ffi.new("int *")
|
||||
- baseoutbuf = self._backend._ffi.from_buffer(buf)
|
||||
+ baseoutbuf = self._backend._ffi.from_buffer(buf, require_writable=True)
|
||||
baseinbuf = self._backend._ffi.from_buffer(data)
|
||||
|
||||
while data_processed != total_data_len:
|
||||
diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py
|
||||
index ef57790..977f148 100644
|
||||
--- a/tests/hazmat/primitives/test_ciphers.py
|
||||
+++ b/tests/hazmat/primitives/test_ciphers.py
|
||||
@@ -306,6 +306,14 @@ class TestCipherUpdateInto(object):
|
||||
with pytest.raises(ValueError):
|
||||
encryptor.update_into(b"testing", buf)
|
||||
|
||||
+ def test_update_into_immutable(self, backend):
|
||||
+ key = b"\x00" * 16
|
||||
+ c = ciphers.Cipher(AES(key), modes.ECB(), backend)
|
||||
+ encryptor = c.encryptor()
|
||||
+ buf = b"\x00" * 32
|
||||
+ with pytest.raises((TypeError, BufferError)):
|
||||
+ encryptor.update_into(b"testing", buf)
|
||||
+
|
||||
@pytest.mark.supported(
|
||||
only_if=lambda backend: backend.cipher_supported(
|
||||
AES(b"\x00" * 16), modes.GCM(b"\x00" * 12)
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,16 +1,25 @@
|
||||
From 71b6df9392d424efcdc422b175e3737f33c36c6e Mon Sep 17 00:00:00 2001
|
||||
From: desert-sailor <dxwangk@isoftstone.com>
|
||||
Date: Mon, 22 May 2023 03:47:32 +0800
|
||||
Subject: [PATCH] provide openssl apis related to SM for python
|
||||
|
||||
---
|
||||
src/_cffi_src/openssl/evp.py | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/src/_cffi_src/openssl/evp.py b/src/_cffi_src/openssl/evp.py
|
||||
index ad7a0e7..13069dc 100644
|
||||
index b8a3899..0797d59 100644
|
||||
--- a/src/_cffi_src/openssl/evp.py
|
||||
+++ b/src/_cffi_src/openssl/evp.py
|
||||
@@ -36,6 +36,7 @@ static const int Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint;
|
||||
static const int Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY;
|
||||
@@ -35,6 +35,7 @@ static const int Cryptography_HAS_SCRYPT;
|
||||
static const int Cryptography_HAS_EVP_PKEY_DHX;
|
||||
static const long Cryptography_HAS_RAW_KEY;
|
||||
static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF;
|
||||
+static const int EVP_PKEY_SM2;
|
||||
static const long Cryptography_HAS_300_FIPS;
|
||||
static const long Cryptography_HAS_300_EVP_CIPHER;
|
||||
static const long Cryptography_HAS_EVP_PKEY_DH;
|
||||
"""
|
||||
@@ -89,6 +90,9 @@ int EVP_DigestSignFinal(EVP_MD_CTX *, unsigned char *, size_t *);
|
||||
@@ -93,6 +94,9 @@ int EVP_DigestSignFinal(EVP_MD_CTX *, unsigned char *, size_t *);
|
||||
int EVP_DigestVerifyInit(EVP_MD_CTX *, EVP_PKEY_CTX **, const EVP_MD *,
|
||||
ENGINE *, EVP_PKEY *);
|
||||
|
||||
@ -20,14 +29,16 @@ index ad7a0e7..13069dc 100644
|
||||
|
||||
|
||||
EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *, ENGINE *);
|
||||
@@ -165,6 +169,10 @@ EVP_PKEY *EVP_PKEY_new_raw_public_key(int, ENGINE *, const unsigned char *,
|
||||
@@ -158,6 +162,9 @@ EVP_PKEY *EVP_PKEY_new_raw_public_key(int, ENGINE *, const unsigned char *,
|
||||
int EVP_PKEY_get_raw_private_key(const EVP_PKEY *, unsigned char *, size_t *);
|
||||
int EVP_PKEY_get_raw_public_key(const EVP_PKEY *, unsigned char *, size_t *);
|
||||
|
||||
+int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type);
|
||||
+void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx);
|
||||
+const EVP_MD *EVP_sm3(void);
|
||||
+
|
||||
int EVP_default_properties_is_fips_enabled(OSSL_LIB_CTX *);
|
||||
int EVP_default_properties_enable_fips(OSSL_LIB_CTX *, int);
|
||||
"""
|
||||
--
|
||||
2.33.0
|
||||
|
||||
|
||||
BIN
cargo-vendor-cache.tar.gz
Normal file
BIN
cargo-vendor-cache.tar.gz
Normal file
Binary file not shown.
Binary file not shown.
BIN
cryptography-40.0.2.tar.gz
Normal file
BIN
cryptography-40.0.2.tar.gz
Normal file
Binary file not shown.
@ -1,16 +1,18 @@
|
||||
%global srcname cryptography
|
||||
Name: python-%{srcname}
|
||||
Version: 39.0.0
|
||||
Release: 2
|
||||
%global pypi_name cryptography
|
||||
Name: python-%{pypi_name}
|
||||
Version: 40.0.2
|
||||
Release: 1
|
||||
Summary: PyCA's cryptography library
|
||||
License: ASL 2.0 or BSD
|
||||
URL: https://cryptography.io/en/latest/
|
||||
Source0: %{srcname}-%{version}.tar.gz
|
||||
Source0: %{pypi_source %{pypi_name}}
|
||||
Source1: cargo-vendor-cache.tar.gz
|
||||
|
||||
Patch6001: backport-CVE-2023-23931.patch
|
||||
Patch6002: backport-provide-openssl-apis-related-to-SM-for-python.patch
|
||||
|
||||
BuildRequires: openssl-devel cargo
|
||||
BuildRequires: gcc
|
||||
BuildRequires: rust-packaging
|
||||
|
||||
BuildRequires: python%{python3_pkgversion}-devel
|
||||
BuildRequires: python%{python3_pkgversion}-pytest >= 3.2.1
|
||||
@ -32,7 +34,7 @@ cryptography is a package designed to expose cryptographic primitives and
|
||||
recipes to Python developers.
|
||||
|
||||
|
||||
%package -n python%{python3_pkgversion}-cryptography
|
||||
%package -n python%{python3_pkgversion}-%{pypi_name}
|
||||
Summary: PyCA's cryptography library
|
||||
|
||||
Requires: openssl-libs
|
||||
@ -41,16 +43,17 @@ Requires: python%{python3_pkgversion}-asn1crypto >= 0.21
|
||||
Requires: python%{python3_pkgversion}-six >= 1.4.1
|
||||
Requires: python%{python3_pkgversion}-cffi >= 1.7
|
||||
|
||||
%{?python_provide:%python_provide python%{python3_pkgversion}-cryptography}
|
||||
%{?python_provide:%python_provide python%{python3_pkgversion}-%{pypi_name}}
|
||||
|
||||
%description -n python%{python3_pkgversion}-cryptography
|
||||
%description -n python%{python3_pkgversion}-%{pypi_name}
|
||||
cryptography is a package designed to expose cryptographic primitives and
|
||||
recipes to Python developers.
|
||||
|
||||
%package_help
|
||||
|
||||
%prep
|
||||
%autosetup -n cryptography-%{version} -p1
|
||||
%autosetup -n %{pypi_name}-%{version} -p1
|
||||
tar xzvf %{SOURCE1} -C ./src/rust/
|
||||
mkdir .cargo
|
||||
cat >> .cargo/config.toml << EOF
|
||||
[source.crates-io]
|
||||
@ -68,20 +71,23 @@ EOF
|
||||
%py3_install
|
||||
|
||||
%check
|
||||
#PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest
|
||||
#PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest --ignore vendor
|
||||
|
||||
%files -n python%{python3_pkgversion}-cryptography
|
||||
%files -n python%{python3_pkgversion}-%{pypi_name}
|
||||
%defattr(-,root,root)
|
||||
#%doc AUTHORS.rst
|
||||
%license LICENSE LICENSE.APACHE LICENSE.BSD
|
||||
%{python3_sitearch}/*
|
||||
%{python3_sitearch}/cryptography-%{version}-py*.egg-info
|
||||
%{python3_sitearch}/%{pypi_name}
|
||||
%{python3_sitearch}/%{pypi_name}-%{version}-py*.egg-info
|
||||
|
||||
%files help
|
||||
%defattr(-,root,root)
|
||||
%doc README.rst docs
|
||||
|
||||
%changelog
|
||||
* Fri May 19 2023 Dongxing Wang <dxwangk@isoftstone.com> - 40.0.2-1
|
||||
- Upgrade package to 40.0.2
|
||||
|
||||
* Tue Feb 14 2023 zhuofeng<zhuofeng2@huawei.com> - 39.0.0-2
|
||||
- Type:CVE
|
||||
- CVE:CVE-2023-23931
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user