Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package salt for openSUSE:Factory checked in at 2025-10-31 16:27:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/salt (Old) and /work/SRC/openSUSE:Factory/.salt.new.1980 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "salt" Fri Oct 31 16:27:51 2025 rev:185 rq:1314518 version:3006.0 Changes: -------- --- /work/SRC/openSUSE:Factory/salt/salt.changes 2025-10-11 22:48:45.637549687 +0200 +++ /work/SRC/openSUSE:Factory/.salt.new.1980/salt.changes 2025-10-31 16:28:14.454351074 +0100 @@ -1,0 +2,8 @@ +Wed Oct 29 10:35:12 UTC 2025 - Pablo Suárez Hernández <[email protected]> + +- Fix payload signature verification on Tumbleweed (bsc#1251776) + +- Added: + * do-not-break-signature-verification-on-latest-m2cryp.patch + +------------------------------------------------------------------- New: ---- do-not-break-signature-verification-on-latest-m2cryp.patch ----------(New B)---------- New:- Added: * do-not-break-signature-verification-on-latest-m2cryp.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ salt.spec ++++++ --- /var/tmp/diff_new_pack.8yobXv/_old 2025-10-31 16:28:17.862495880 +0100 +++ /var/tmp/diff_new_pack.8yobXv/_new 2025-10-31 16:28:17.866496050 +0100 @@ -585,6 +585,8 @@ Patch183: allow-libgit2-to-guess-sysdir-homedir-successfully-b.patch # PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/732 Patch184: use-versioned-python-interpreter-for-salt-ssh.patch +# PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/735 +Patch185: do-not-break-signature-verification-on-latest-m2cryp.patch ### IMPORTANT: The line below is used as a snippet marker. Do not touch it. ### SALT PATCHES LIST END ++++++ _lastrevision ++++++ --- /var/tmp/diff_new_pack.8yobXv/_old 2025-10-31 16:28:17.990501319 +0100 +++ /var/tmp/diff_new_pack.8yobXv/_new 2025-10-31 16:28:17.994501489 +0100 @@ -1,3 +1,3 @@ -21b1a8949804eb0c7b68bbdadb1a11cd3fe73894 +1fc2dab7f7a83e75c56d06f805cf5dcc25d165cc (No newline at EOF) ++++++ do-not-break-signature-verification-on-latest-m2cryp.patch ++++++ >From 002a58144563a15034f982b19ba851326535570a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20Su=C3=A1rez=20Hern=C3=A1ndez?= <[email protected]> Date: Wed, 29 Oct 2025 10:30:58 +0000 Subject: [PATCH] Do not break signature verification on latest M2Crypto versions (bsc#1251776) --- salt/crypt.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/crypt.py b/salt/crypt.py index 981f633d51f..29fd159b48c 100644 --- a/salt/crypt.py +++ b/salt/crypt.py @@ -243,7 +243,7 @@ def sign_message(privkey_path, message, passphrase=None): md = EVP.MessageDigest("sha1") md.update(salt.utils.stringutils.to_bytes(message)) digest = md.final() - return key.sign(digest) + return key.sign(digest, algo="sha1") else: signer = PKCS1_v1_5.new(key) return signer.sign(SHA.new(salt.utils.stringutils.to_bytes(message))) @@ -262,7 +262,7 @@ def verify_signature(pubkey_path, message, signature): md.update(salt.utils.stringutils.to_bytes(message)) digest = md.final() try: - return pubkey.verify(digest, signature) + return pubkey.verify(digest, signature, algo="sha1") except RSA.RSAError as exc: log.debug("Signature verification failed: %s", exc.args[0]) return False -- 2.51.1
