Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-M2Crypto for openSUSE:Factory
checked in at 2021-02-23 20:20:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-M2Crypto (Old)
and /work/SRC/openSUSE:Factory/.python-M2Crypto.new.2378 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-M2Crypto"
Tue Feb 23 20:20:08 2021 rev:39 rq:873811 version:0.37.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-M2Crypto/python-M2Crypto.changes
2021-01-22 21:49:34.465615105 +0100
+++
/work/SRC/openSUSE:Factory/.python-M2Crypto.new.2378/python-M2Crypto.changes
2021-02-23 20:22:04.083743927 +0100
@@ -1,0 +2,22 @@
+Fri Feb 19 12:56:50 UTC 2021 - Matej Cepl <[email protected]>
+
+- Add 293_sslv23_padding.patch to avoid using RSA_SSLV23_PADDING
+ (gl#m2crypto/m2crypto#293, gh#openssl/openssl#14216).
+
+-------------------------------------------------------------------
+Wed Feb 17 11:18:07 UTC 2021 - Pedro Monreal <[email protected]>
+
+- OpenSSL allows the verificaton to continue on
+ UNABLE_TO_VERIFY_LEAF_SIGNATURE
+ * This unifies the behaviour of a single certificate with an
+ unknown CA certificate with a self-signed certificate.
+- Add python-M2Crypto-Allow-on-UNABLE_TO_VERIFY_LEAF_SIGNATURE.patch
+ (Thanks for Debian,
+ https://salsa.debian.org/python-team/packages/m2crypto/-/commit/e0e9ad5cfff8)
+
+-------------------------------------------------------------------
+Wed Feb 17 10:57:56 UTC 2021 - Pedro Monreal <[email protected]>
+
+- Add source signature file
+
+-------------------------------------------------------------------
New:
----
293_sslv23_padding.patch
M2Crypto-0.37.1.tar.gz.asc
python-M2Crypto-Allow-on-UNABLE_TO_VERIFY_LEAF_SIGNATURE.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-M2Crypto.spec ++++++
--- /var/tmp/diff_new_pack.pJIE03/_old 2021-02-23 20:22:05.471745155 +0100
+++ /var/tmp/diff_new_pack.pJIE03/_new 2021-02-23 20:22:05.475745158 +0100
@@ -25,7 +25,15 @@
License: MIT
Group: Development/Languages/Python
URL: https://gitlab.com/m2crypto/m2crypto
-Source:
https://files.pythonhosted.org/packages/source/M/M2Crypto/M2Crypto-%{version}.tar.gz
+Source0:
https://files.pythonhosted.org/packages/source/M/M2Crypto/M2Crypto-%{version}.tar.gz
+Source1:
https://files.pythonhosted.org/packages/source/M/M2Crypto/M2Crypto-%{version}.tar.gz.asc
+# PATCH-FIX-UPSTREAM
python-M2Crypto-Allow-on-UNABLE_TO_VERIFY_LEAF_SIGNATURE.patch [email protected]
+#
https://salsa.debian.org/python-team/packages/m2crypto/-/commit/e0e9ad5cfff86383dabbb92540c0a4892cb4c456
+# Fixes incompatibility with the modern crypto policies
+Patch0: python-M2Crypto-Allow-on-UNABLE_TO_VERIFY_LEAF_SIGNATURE.patch
+# PATCH-FIX-UPSTREAM 293_sslv23_padding.patch gl#m2crypto/m2crypto#293
[email protected]
+# RSA_SSLV23_PADDING is evil and should be avoided.
+Patch1: 293_sslv23_padding.patch
BuildRequires: %{python_module devel}
BuildRequires: %{python_module parameterized}
BuildRequires: %{python_module pytest}
@@ -78,7 +86,7 @@
Documentation for the Crypto and SSL toolkit for Python
%prep
-%setup -q -n M2Crypto-%{version}
+%autosetup -p1 -n M2Crypto-%{version}
%build
export CFLAGS="%{optflags}"
++++++ 293_sslv23_padding.patch ++++++
--- a/tests/test_rsa.py
+++ b/tests/test_rsa.py
@@ -124,11 +124,6 @@ class RSATestCase(unittest.TestCase):
ptxt = priv.private_decrypt(ctxt, p)
self.assertEqual(ptxt, self.data)
- # sslv23_padding
- ctxt = priv.public_encrypt(self.data, RSA.sslv23_padding)
- res = priv.private_decrypt(ctxt, RSA.sslv23_padding)
- self.assertEqual(res, self.data)
-
# no_padding
with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
priv.public_encrypt(self.data, RSA.no_padding)
++++++ python-M2Crypto-Allow-on-UNABLE_TO_VERIFY_LEAF_SIGNATURE.patch ++++++
>From 73fbd1e646f6bbf202d4418bae80eb9941fbf552 Mon Sep 17 00:00:00 2001
From: Casey Deccio <[email protected]>
Date: Fri, 8 Jan 2021 12:43:09 -0700
Subject: [PATCH] Allow verify_cb_* to be called with ok=True
With
https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58
OpenSSL allowed verificaton to continue on UNABLE_TO_VERIFY_LEAF_SIGNATURE
---
tests/test_ssl.py | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/tests/test_ssl.py b/tests/test_ssl.py
index 92b6942c..7a3271aa 100644
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@@ -59,8 +59,13 @@ def allocate_srv_port():
def verify_cb_new_function(ok, store):
- assert not ok
err = store.get_error()
+ # If err is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, then instead of
+ # aborting, this callback is called to retrieve additional error
+ # information. In this case, ok might not be False.
+ # See
https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58
+ if err != m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+ assert not ok
assert err in [m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
m2.X509_V_ERR_CERT_UNTRUSTED,
@@ -618,7 +623,12 @@ class MiscSSLClientTestCase(BaseSSLClientTestCase):
def verify_cb_old(self, ctx_ptr, x509_ptr, err, depth, ok):
try:
- self.assertFalse(ok)
+ # If err is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, then
instead of
+ # aborting, this callback is called to retrieve additional error
+ # information. In this case, ok might not be False.
+ # See
https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58
+ if err != m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+ self.assertFalse(ok)
self.assertIn(err,
[m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
--
GitLab
