Remove the CVE-2020-25657 patch, as it is fixed in 0.39.0:
[tgamblin@megalith m2crypto]$ git log --oneline --grep="CVE-2020-25657"
84c5395 Mitigate the Bleichenbacher timing attacks in the RSA decryption API (CVE-2020-25657)
[tgamblin@megalith m2crypto]$ git tag --contains 84c53958def0f510e92119fca14d74f94215827a
0.39.0
Changelog (https://gitlab.com/m2crypto/m2crypto/-/blob/master/CHANGES?ref_type=heads):
0.39.0 - 2023-01-31
-------------------
- SUPPORT FOR PYTHON 2 HAS BEEN DEPRECATED AND IT WILL BE
COMPLETELY REMOVED IN THE NEXT RELEASE.
- Remove dependency on parameterized and use unittest.subTest
instead.
- Upgrade embedded six.py module to 1.16.0 (really tiny
inconsequential changes).
- Make tests working on MacOS again (test_bio_membuf: Use fork)
- Use OpenSSL_version_num() instead of unrealiable parsing of .h
file.
- Mitigate the Bleichenbacher timing attacks in the RSA
decryption API (CVE-2020-25657)
- Add functionality to extract EC key from public key + Update
tests
- Worked around compatibility issues with OpenSSL 3.*
- Support for Twisted has been deprecated (they have their own
SSL support anyway).
- Generate TAP while testing.
- Stop using GitHub for testing.
- Accept a small deviation from time in the testsuite (for
systems with non-standard HZ kernel parameter).
- Use the default BIO.__del__ rather tha overriding in BIO.File
(avoid a memleak).
- Resolve "X509_Name.as_der() method from X509.py -> class
X509_Name caused segmentation fault"
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0.38.0 - 2021-06-14
-------------------
- Remove the last use of setup.py test idiom.
- Use m2_PyObject_AsReadBuffer instead of PyObject_AsReadBuffer.
- Add support for arm64 big endian <Steev Klimaszewski>
- Make support of RSA_SSLV23_PADDING optional (it has been deprecated).
- Move project to src/ layout
- Allow verify_cb_* to be called with ok=True <Casey Deccio>
- Be prepared if any of constants in x509_vfy.h is not available.
- But we do support 3.8
- We DO NOT support Python 2.6.
Refresh the following patch:
cross-compile-platform.patch
0001-Allow-verify_cb_-to-be-called-with-ok-True.patch
0001-Use-of-RSA_SSLV23_PADDING-has-been-deprecated.patch
Removed since these are included in 0.38.0
Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
If the version of libssl-dev is not match the version of libssl on the
build machine, it fails to compile SWIG/_m2crypto_wrap.c which is
created by swig for python3-m2crypto-native:
| SWIG/_m2crypto_wrap.c:9757:19: error: dereferencing pointer to
incomplete type 'struct stack_st'
| if (arg1) (arg1)->num = arg2;
| ^~
But it works if no libssl-dev installed on the build machine.
Export STAGING_DIR to make existing patch
0001-setup.py-link-in-sysroot-not-in-host-directories.patch work. And
filter out '/usr/inlucde' from include pathes of swig.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
