On Wed, Aug 2, 2023 at 12:23 PM Trevor Gamblin <tgamb...@baylibre.com> wrote: > > > On 2023-07-30 21:03, Khem Raj wrote: > > Hi Trevor > > > > I am seeing a failure on qemux86 on ubuntu 22.04 host and its fairly > > regular. > > > > https://errors.yoctoproject.org/Errors/Details/729506/ > > > > it seems rpmdeps is crashing with signal 9. I wonder if its something > > to do with rpm changes we might have > > got in core but, I can confirm that it was not an issue two weeks ago. > > It worked ok on Jul 17th but broke on > > Jul 27th CI builds. > Missed this until now. I see it's been merged; is this still an issue?
yes it still is. > > > > On Tue, Jul 25, 2023 at 12:09 PM Trevor Gamblin <tgamb...@baylibre.com> > > wrote: > >> Remove the CVE-2020-25657 patch, as it is fixed in 0.39.0: > >> > >> [tgamblin@megalith m2crypto]$ git log --oneline --grep="CVE-2020-25657" > >> 84c5395 Mitigate the Bleichenbacher timing attacks in the RSA decryption > >> API (CVE-2020-25657) > >> [tgamblin@megalith m2crypto]$ git tag --contains > >> 84c53958def0f510e92119fca14d74f94215827a > >> 0.39.0 > >> > >> Changelog > >> (https://gitlab.com/m2crypto/m2crypto/-/blob/master/CHANGES?ref_type=heads): > >> > >> 0.39.0 - 2023-01-31 > >> ------------------- > >> > >> - SUPPORT FOR PYTHON 2 HAS BEEN DEPRECATED AND IT WILL BE > >> COMPLETELY REMOVED IN THE NEXT RELEASE. > >> - Remove dependency on parameterized and use unittest.subTest > >> instead. > >> - Upgrade embedded six.py module to 1.16.0 (really tiny > >> inconsequential changes). > >> - Make tests working on MacOS again (test_bio_membuf: Use fork) > >> - Use OpenSSL_version_num() instead of unrealiable parsing of .h > >> file. > >> - Mitigate the Bleichenbacher timing attacks in the RSA > >> decryption API (CVE-2020-25657) > >> - Add functionality to extract EC key from public key + Update > >> tests > >> - Worked around compatibility issues with OpenSSL 3.* > >> - Support for Twisted has been deprecated (they have their own > >> SSL support anyway). > >> - Generate TAP while testing. > >> - Stop using GitHub for testing. > >> - Accept a small deviation from time in the testsuite (for > >> systems with non-standard HZ kernel parameter). > >> - Use the default BIO.__del__ rather tha overriding in BIO.File > >> (avoid a memleak). > >> - Resolve "X509_Name.as_der() method from X509.py -> class > >> X509_Name caused segmentation fault" > >> > >> Signed-off-by: Trevor Gamblin <tgamb...@baylibre.com> > >> --- > >> .../python3-m2crypto/CVE-2020-25657.patch | 176 ------------------ > >> ...o_0.38.0.bb => python3-m2crypto_0.39.0.bb} | 3 +- > >> 2 files changed, 1 insertion(+), 178 deletions(-) > >> delete mode 100644 > >> meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch > >> rename meta-python/recipes-devtools/python/{python3-m2crypto_0.38.0.bb > >> => python3-m2crypto_0.39.0.bb} (92%) > >> > >> diff --git > >> a/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch > >> > >> b/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch > >> deleted file mode 100644 > >> index 38ecd7a276..0000000000 > >> --- > >> a/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch > >> +++ /dev/null > >> @@ -1,176 +0,0 @@ > >> -Backport patch to fix CVE-2020-25657. > >> - > >> -Upstream-Status: Backport > >> [https://gitlab.com/m2crypto/m2crypto/-/commit/84c53958] > >> - > >> -Signed-off-by: Kai Kang <kai.k...@windriver.com> > >> - > >> -From 84c53958def0f510e92119fca14d74f94215827a Mon Sep 17 00:00:00 2001 > >> -From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mc...@cepl.eu> > >> -Date: Tue, 28 Jun 2022 21:17:01 +0200 > >> -Subject: [PATCH] Mitigate the Bleichenbacher timing attacks in the RSA > >> - decryption API (CVE-2020-25657) > >> - > >> -Fixes #282 > >> ---- > >> - src/SWIG/_m2crypto_wrap.c | 20 ++++++++++++-------- > >> - src/SWIG/_rsa.i | 20 ++++++++++++-------- > >> - tests/test_rsa.py | 15 +++++++-------- > >> - 3 files changed, 31 insertions(+), 24 deletions(-) > >> - > >> -diff --git a/src/SWIG/_m2crypto_wrap.c b/src/SWIG/_m2crypto_wrap.c > >> -index aba9eb6d..a9f30da9 100644 > >> ---- a/src/SWIG/_m2crypto_wrap.c > >> -+++ b/src/SWIG/_m2crypto_wrap.c > >> -@@ -7040,9 +7040,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject > >> *from, int padding) { > >> - tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf, > >> - (unsigned char *)tbuf, rsa, padding); > >> - if (tlen == -1) { > >> -- m2_PyErr_Msg(_rsa_err); > >> -+ ERR_clear_error(); > >> -+ PyErr_Clear(); > >> - PyMem_Free(tbuf); > >> -- return NULL; > >> -+ Py_RETURN_NONE; > >> - } > >> - > >> - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); > >> -@@ -7070,9 +7071,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject > >> *from, int padding) { > >> - tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf, > >> - (unsigned char *)tbuf, rsa, padding); > >> - if (tlen == -1) { > >> -- m2_PyErr_Msg(_rsa_err); > >> -+ ERR_clear_error(); > >> -+ PyErr_Clear(); > >> - PyMem_Free(tbuf); > >> -- return NULL; > >> -+ Py_RETURN_NONE; > >> - } > >> - > >> - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); > >> -@@ -7097,9 +7099,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject > >> *from, int padding) { > >> - tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf, > >> - (unsigned char *)tbuf, rsa, padding); > >> - if (tlen == -1) { > >> -- m2_PyErr_Msg(_rsa_err); > >> -+ ERR_clear_error(); > >> -+ PyErr_Clear(); > >> - PyMem_Free(tbuf); > >> -- return NULL; > >> -+ Py_RETURN_NONE; > >> - } > >> - > >> - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); > >> -@@ -7124,9 +7127,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject > >> *from, int padding) { > >> - tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf, > >> - (unsigned char *)tbuf, rsa, padding); > >> - if (tlen == -1) { > >> -- m2_PyErr_Msg(_rsa_err); > >> -+ ERR_clear_error(); > >> -+ PyErr_Clear(); > >> - PyMem_Free(tbuf); > >> -- return NULL; > >> -+ Py_RETURN_NONE; > >> - } > >> - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); > >> - > >> -diff --git a/src/SWIG/_rsa.i b/src/SWIG/_rsa.i > >> -index bc714e01..1377b8be 100644 > >> ---- a/src/SWIG/_rsa.i > >> -+++ b/src/SWIG/_rsa.i > >> -@@ -239,9 +239,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject > >> *from, int padding) { > >> - tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf, > >> - (unsigned char *)tbuf, rsa, padding); > >> - if (tlen == -1) { > >> -- m2_PyErr_Msg(_rsa_err); > >> -+ ERR_clear_error(); > >> -+ PyErr_Clear(); > >> - PyMem_Free(tbuf); > >> -- return NULL; > >> -+ Py_RETURN_NONE; > >> - } > >> - > >> - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); > >> -@@ -269,9 +270,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject > >> *from, int padding) { > >> - tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf, > >> - (unsigned char *)tbuf, rsa, padding); > >> - if (tlen == -1) { > >> -- m2_PyErr_Msg(_rsa_err); > >> -+ ERR_clear_error(); > >> -+ PyErr_Clear(); > >> - PyMem_Free(tbuf); > >> -- return NULL; > >> -+ Py_RETURN_NONE; > >> - } > >> - > >> - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); > >> -@@ -296,9 +298,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject > >> *from, int padding) { > >> - tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf, > >> - (unsigned char *)tbuf, rsa, padding); > >> - if (tlen == -1) { > >> -- m2_PyErr_Msg(_rsa_err); > >> -+ ERR_clear_error(); > >> -+ PyErr_Clear(); > >> - PyMem_Free(tbuf); > >> -- return NULL; > >> -+ Py_RETURN_NONE; > >> - } > >> - > >> - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); > >> -@@ -323,9 +326,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject > >> *from, int padding) { > >> - tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf, > >> - (unsigned char *)tbuf, rsa, padding); > >> - if (tlen == -1) { > >> -- m2_PyErr_Msg(_rsa_err); > >> -+ ERR_clear_error(); > >> -+ PyErr_Clear(); > >> - PyMem_Free(tbuf); > >> -- return NULL; > >> -+ Py_RETURN_NONE; > >> - } > >> - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); > >> - > >> -diff --git a/tests/test_rsa.py b/tests/test_rsa.py > >> -index 7bb3af75..5e75d681 100644 > >> ---- a/tests/test_rsa.py > >> -+++ b/tests/test_rsa.py > >> -@@ -109,8 +109,9 @@ class RSATestCase(unittest.TestCase): > >> - # The other paddings. > >> - for padding in self.s_padding_nok: > >> - p = getattr(RSA, padding) > >> -- with self.assertRaises(RSA.RSAError): > >> -- priv.private_encrypt(self.data, p) > >> -+ # Exception disabled as a part of mitigation against > >> CVE-2020-25657 > >> -+ # with self.assertRaises(RSA.RSAError): > >> -+ priv.private_encrypt(self.data, p) > >> - # Type-check the data to be encrypted. > >> - with self.assertRaises(TypeError): > >> - priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding) > >> -@@ -127,10 +128,12 @@ class RSATestCase(unittest.TestCase): > >> - self.assertEqual(ptxt, self.data) > >> - > >> - # no_padding > >> -- with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'): > >> -- priv.public_encrypt(self.data, RSA.no_padding) > >> -+ # Exception disabled as a part of mitigation against > >> CVE-2020-25657 > >> -+ # with six.assertRaisesRegex(self, RSA.RSAError, 'data too > >> small'): > >> -+ priv.public_encrypt(self.data, RSA.no_padding) > >> - > >> - # Type-check the data to be encrypted. > >> -+ # Exception disabled as a part of mitigation against > >> CVE-2020-25657 > >> - with self.assertRaises(TypeError): > >> - priv.public_encrypt(self.gen_callback, RSA.pkcs1_padding) > >> - > >> -@@ -146,10 +149,6 @@ class RSATestCase(unittest.TestCase): > >> - b'\000\000\000\003\001\000\001') # aka 65537 > >> aka 0xf4 > >> - with self.assertRaises(RSA.RSAError): > >> - setattr(rsa, 'e', '\000\000\000\003\001\000\001') > >> -- with self.assertRaises(RSA.RSAError): > >> -- rsa.private_encrypt(1) > >> -- with self.assertRaises(RSA.RSAError): > >> -- rsa.private_decrypt(1) > >> - assert rsa.check_key() > >> - > >> - def test_loadpub_bad(self): > >> --- > >> -GitLab > >> - > >> diff --git > >> a/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb > >> b/meta-python/recipes-devtools/python/python3-m2crypto_0.39.0.bb > >> similarity index 92% > >> rename from meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb > >> rename to meta-python/recipes-devtools/python/python3-m2crypto_0.39.0.bb > >> index 40e3bfb316..3a4a700bf7 100644 > >> --- a/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb > >> +++ b/meta-python/recipes-devtools/python/python3-m2crypto_0.39.0.bb > >> @@ -10,9 +10,8 @@ SRC_URI += > >> "file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \ > >> file://cross-compile-platform.patch \ > >> file://avoid-host-contamination.patch \ > >> file://0001-setup.py-address-openssl-3.x-build-issue.patch \ > >> - file://CVE-2020-25657.patch \ > >> " > >> -SRC_URI[sha256sum] = > >> "99f2260a30901c949a8dc6d5f82cd5312ffb8abc92e76633baf231bbbcb2decb" > >> +SRC_URI[sha256sum] = > >> "24c0f471358b8b19ad4c8aa9da12e868030b65c1fdb3279d006df60c9501338a" > >> > >> PYPI_PACKAGE = "M2Crypto" > >> inherit pypi siteinfo setuptools3 > >> -- > >> 2.41.0 > >> > >> > >> > >>
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#104209): https://lists.openembedded.org/g/openembedded-devel/message/104209 Mute This Topic: https://lists.openembedded.org/mt/100356779/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-