rpms/python-cryptography
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix CVE-2023-23931 and FTBFS

Browse source 
Don't allow update_into to mutate immutable objects, resolves rhbz#2171820
Fix FTBFS due to failing test_load_invalid_ec_key_from_pem and test_decrypt_invalid_decrypt, resolves rhbz#2171661
This commit is contained in:
Christian Heimes 2023-02-22 09:57:34 +01:00
commit f611a9dbb6
2 changed files with 55 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

15
python-cryptography.spec
View file

@ -7,7 +7,7 @@
Name: python-%{srcname}
Version: 37.0.2
Release: 4%{?dist}
Release: 5%{?dist}
Summary: PyCA's cryptography library
License: ASL 2.0 or BSD
@ -17,6 +17,9 @@ Source0: https://github.com/pyca/cryptography/archive/%{version}/%{srcnam
Source1: cryptography-%{version}-vendor.tar.bz2
Source2: conftest-skipper.py
# https://github.com/pyca/cryptography/pull/8230
Patch1: CVE-2023-23931.patch
ExclusiveArch: %{rust_arches}
BuildRequires: openssl-devel
@ -108,9 +111,10 @@ cat < %{SOURCE2} >> tests/conftest.py
# see https://bugzilla.redhat.com/show_bug.cgi?id=1761194 for deselected tests
# see rhbz#2042413 for memleak. It's unstable under Python 3.11 and makes
# not much sense for downstream testing.
# see rhbz#2171661 for test_load_invalid_ec_key_from_pem: error:030000CD:digital envelope routines::keymgmt export failure
PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \
%{__python3} -m pytest \
-k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve or test_openssl_memleak)"
-k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve or test_decrypt_invalid_decrypt or test_openssl_memleak or test_load_invalid_ec_key_from_pem)"
%endif
%files -n python%{python3_pkgversion}-%{srcname}
@ -120,6 +124,13 @@ PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \
%{python3_sitearch}/%{srcname}-%{version}-py*.egg-info
%changelog
* Wed Feb 22 2023 Christian Heimes <cheimes@redhat.com> - 37.0.2-5
- Fix CVE-2023-23931: Don't allow update_into to mutate immutable objects, resolves rhbz#2171820
- Fix FTBFS due to failing test_load_invalid_ec_key_from_pem and test_decrypt_invalid_decrypt, resolves rhbz#2171661
* Wed Aug 17 2022 Miro Hrončok <mhroncok@redhat.com> - 37.0.2-5
- Drop unused requirement of python3-six
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 37.0.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild