Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-M2Crypto for openSUSE:Factory
checked in at 2022-08-05 19:50:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-M2Crypto (Old)
and /work/SRC/openSUSE:Factory/.python-M2Crypto.new.1521 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-M2Crypto"
Fri Aug 5 19:50:08 2022 rev:44 rq:992616 version:0.38.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-M2Crypto/python-M2Crypto.changes
2022-07-14 16:33:18.600573744 +0200
+++
/work/SRC/openSUSE:Factory/.python-M2Crypto.new.1521/python-M2Crypto.changes
2022-08-05 19:50:31.377381590 +0200
@@ -1,0 +2,7 @@
+Wed Aug 3 16:48:00 UTC 2022 - Dirk M??ller <[email protected]>
+
+- update CVE-2020-25657-Bleichenbacher-attack.patch to actually
+ contain the fix rather than just being empty (CVE-2020-25657,
+ bsc#1178829)
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ CVE-2020-25657-Bleichenbacher-attack.patch ++++++
--- /var/tmp/diff_new_pack.yleCNj/_old 2022-08-05 19:50:31.813382716 +0200
+++ /var/tmp/diff_new_pack.yleCNj/_new 2022-08-05 19:50:31.817382727 +0200
@@ -1,3 +1,171 @@
+From 84c53958def0f510e92119fca14d74f94215827a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <[email protected]>
+Date: Tue, 28 Jun 2022 21:17:01 +0200
+Subject: [PATCH] Mitigate the Bleichenbacher timing attacks in the RSA
+ decryption API (CVE-2020-25657)
+
+Fixes #282
+---
+ src/SWIG/_m2crypto_wrap.c | 20 ++++++++++++--------
+ src/SWIG/_rsa.i | 20 ++++++++++++--------
+ tests/test_rsa.py | 15 +++++++--------
+ 3 files changed, 31 insertions(+), 24 deletions(-)
+
+diff --git a/src/SWIG/_m2crypto_wrap.c b/src/SWIG/_m2crypto_wrap.c
+index aba9eb6d..a9f30da9 100644
+--- a/src/SWIG/_m2crypto_wrap.c
++++ b/src/SWIG/_m2crypto_wrap.c
+@@ -7040,9 +7040,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from,
int padding) {
+ tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
+ (unsigned char *)tbuf, rsa, padding);
+ if (tlen == -1) {
+- m2_PyErr_Msg(_rsa_err);
++ ERR_clear_error();
++ PyErr_Clear();
+ PyMem_Free(tbuf);
+- return NULL;
++ Py_RETURN_NONE;
+ }
+
+ ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -7070,9 +7071,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from,
int padding) {
+ tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
+ (unsigned char *)tbuf, rsa, padding);
+ if (tlen == -1) {
+- m2_PyErr_Msg(_rsa_err);
++ ERR_clear_error();
++ PyErr_Clear();
+ PyMem_Free(tbuf);
+- return NULL;
++ Py_RETURN_NONE;
+ }
+
+ ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -7097,9 +7099,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from,
int padding) {
+ tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
+ (unsigned char *)tbuf, rsa, padding);
+ if (tlen == -1) {
+- m2_PyErr_Msg(_rsa_err);
++ ERR_clear_error();
++ PyErr_Clear();
+ PyMem_Free(tbuf);
+- return NULL;
++ Py_RETURN_NONE;
+ }
+
+ ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -7124,9 +7127,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from,
int padding) {
+ tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
+ (unsigned char *)tbuf, rsa, padding);
+ if (tlen == -1) {
+- m2_PyErr_Msg(_rsa_err);
++ ERR_clear_error();
++ PyErr_Clear();
+ PyMem_Free(tbuf);
+- return NULL;
++ Py_RETURN_NONE;
+ }
+ ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+
+diff --git a/src/SWIG/_rsa.i b/src/SWIG/_rsa.i
+index bc714e01..1377b8be 100644
+--- a/src/SWIG/_rsa.i
++++ b/src/SWIG/_rsa.i
+@@ -239,9 +239,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from,
int padding) {
+ tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
+ (unsigned char *)tbuf, rsa, padding);
+ if (tlen == -1) {
+- m2_PyErr_Msg(_rsa_err);
++ ERR_clear_error();
++ PyErr_Clear();
+ PyMem_Free(tbuf);
+- return NULL;
++ Py_RETURN_NONE;
+ }
+
+ ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -269,9 +270,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from,
int padding) {
+ tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
+ (unsigned char *)tbuf, rsa, padding);
+ if (tlen == -1) {
+- m2_PyErr_Msg(_rsa_err);
++ ERR_clear_error();
++ PyErr_Clear();
+ PyMem_Free(tbuf);
+- return NULL;
++ Py_RETURN_NONE;
+ }
+
+ ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -296,9 +298,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from,
int padding) {
+ tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
+ (unsigned char *)tbuf, rsa, padding);
+ if (tlen == -1) {
+- m2_PyErr_Msg(_rsa_err);
++ ERR_clear_error();
++ PyErr_Clear();
+ PyMem_Free(tbuf);
+- return NULL;
++ Py_RETURN_NONE;
+ }
+
+ ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+@@ -323,9 +326,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from,
int padding) {
+ tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
+ (unsigned char *)tbuf, rsa, padding);
+ if (tlen == -1) {
+- m2_PyErr_Msg(_rsa_err);
++ ERR_clear_error();
++ PyErr_Clear();
+ PyMem_Free(tbuf);
+- return NULL;
++ Py_RETURN_NONE;
+ }
+ ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
+
+diff --git a/tests/test_rsa.py b/tests/test_rsa.py
+index 7bb3af75..5e75d681 100644
+--- a/tests/test_rsa.py
++++ b/tests/test_rsa.py
+@@ -109,8 +109,9 @@ class RSATestCase(unittest.TestCase):
+ # The other paddings.
+ for padding in self.s_padding_nok:
+ p = getattr(RSA, padding)
+- with self.assertRaises(RSA.RSAError):
+- priv.private_encrypt(self.data, p)
++ # Exception disabled as a part of mitigation against
CVE-2020-25657
++ # with self.assertRaises(RSA.RSAError):
++ priv.private_encrypt(self.data, p)
+ # Type-check the data to be encrypted.
+ with self.assertRaises(TypeError):
+ priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding)
+@@ -127,10 +128,12 @@ class RSATestCase(unittest.TestCase):
+ self.assertEqual(ptxt, self.data)
+
+ # no_padding
+- with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
+- priv.public_encrypt(self.data, RSA.no_padding)
++ # Exception disabled as a part of mitigation against CVE-2020-25657
++ # with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
++ priv.public_encrypt(self.data, RSA.no_padding)
+
+ # Type-check the data to be encrypted.
++ # Exception disabled as a part of mitigation against CVE-2020-25657
+ with self.assertRaises(TypeError):
+ priv.public_encrypt(self.gen_callback, RSA.pkcs1_padding)
+
+@@ -146,10 +149,6 @@ class RSATestCase(unittest.TestCase):
+ b'\000\000\000\003\001\000\001') # aka 65537 aka
0xf4
+ with self.assertRaises(RSA.RSAError):
+ setattr(rsa, 'e', '\000\000\000\003\001\000\001')
+- with self.assertRaises(RSA.RSAError):
+- rsa.private_encrypt(1)
+- with self.assertRaises(RSA.RSAError):
+- rsa.private_decrypt(1)
+ assert rsa.check_key()
+
+ def test_loadpub_bad(self):
+--
+GitLab
-(No newline at EOF)
