MIRRORS/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-01-27 12:01:38 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
24,225 Commits 63 Branches 0 Tags 109 MiB
75a627cd00
Commit Graph

6 Commits

Author SHA1 Message Date
Gyorgy Sarvari
53abba638b python3-m2crypto: ignore CVE-2009-0127 
Details: https://nvd.nist.gov/vuln/detail/CVE-2009-0127

The vulnerability is disputed[1] by upstream:
"There is no vulnerability in M2Crypto. Nowhere in the functions
are the return values of OpenSSL functions interpreted incorrectly.
The functions provide an interface to their users that may be
considered confusing, but is not incorrect, nor it is a vulnerability."

[1]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0127

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2026-01-08 22:03:03 +01:00
Narpat Mali
f95484417e python3-m2crypto: fix for CVE-2020-25657 
A flaw was found in all released versions of m2crypto, where they are
vulnerable to Bleichenbacher timing attacks in the RSA decryption API
via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest
threat from this vulnerability is to confidentiality.

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-06-03 07:55:37 -04:00
Alexander Kanavin
d5b6841bf8 python3-m2crypto: address build failure with openssl 3.x 
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
 2021-10-14 07:15:36 -07:00
Kai Kang
5d6fc2c1a1 python3-m2crypto: fix for new overrides syntax 
Fix wrong replacement caused by script convert-overrides.py. And use new
overrides syntax for 'x32'.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
 2021-08-16 08:21:14 -07:00
Martin Jansa
c61dc077bb Convert to new override syntax 
This is the result of automated script (0.9.1) conversion:

oe-core/scripts/contrib/convert-overrides.py .

converting the metadata to use ":" as the override character instead of "_".

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
 2021-08-03 10:21:25 -07:00
zangrc
eb70309399 python3-m2crypto: upgrade 0.37.1 -> 0.38.0 
0.38.0 - 2021-06-14
-------------------

- Remove the last use of setup.py test idiom.
- Use m2_PyObject_AsReadBuffer instead of PyObject_AsReadBuffer.
- Add support for arm64 big endian <Steev Klimaszewski>
- Make support of RSA_SSLV23_PADDING optional (it has been deprecated).
- Move project to src/ layout
- Allow verify_cb_* to be called with ok=True  <Casey Deccio>
- Be prepared if any of constants in x509_vfy.h is not available.
- But we do support 3.8
- We DO NOT support Python 2.6.

Refresh the following patch:
cross-compile-platform.patch

0001-Allow-verify_cb_-to-be-called-with-ok-True.patch
0001-Use-of-RSA_SSLV23_PADDING-has-been-deprecated.patch
Removed since these are included in 0.38.0

Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
 2021-07-06 09:40:42 -07:00