| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-25657
The commit[1] that fixes the vulnerability has been part of the
package since version 0.39.0
[1]: https://git.sr.ht/~mcepl/m2crypto/commit/84c53958def0f510e92119fca14d74f94215827a
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2009-0127
The vulnerability is disputed[1] by upstream:
"There is no vulnerability in M2Crypto. Nowhere in the functions
are the return values of OpenSSL functions interpreted incorrectly.
The functions provide an interface to their users that may be
considered confusing, but is not incorrect, nor it is a vulnerability."
[1]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0127
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NIST currently tracks CVEs under at least 2 different CPEs for this recipe,
but neither of them is python:m2crypto (the default CVE_PRODUCT).
See CVE db query:
sqlite> select * from products where PRODUCT like '%m2crypto%';
CVE-2009-0127|heikkitoivonen|m2crypto|-|||
CVE-2020-25657|m2crypto_project|m2crypto|-|||
CVE-2023-50781|m2crypto_project|m2crypto|-|||
Set the CVE_PRODUCT to match the relevant CPEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
# python3 -munittest -v test_ssl.MiscSSLClientTestCase.test_server_simple_timeouts
test_server_simple_timeouts (test_ssl.MiscSSLClientTestCase.test_server_simple_timeouts) ... ERROR
======================================================================
ERROR: test_server_simple_timeouts (test_ssl.MiscSSLClientTestCase.test_server_simple_timeouts)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/opt/python3-m2crypto/tests/test_ssl.py", line 474, in test_server_simple_timeouts
s.set_socket_read_timeout(SSL.timeout())
~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^
File "/usr/lib/python3.13/site-packages/M2Crypto/SSL/Connection.py", line 680, in set_socket_read_timeout
self.socket.setsockopt(
~~~~~~~~~~~~~~~~~~~~~~^
socket.SOL_SOCKET, socket.SO_RCVTIMEO, timeo.pack()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
)
^
OSError: [Errno 22] Invalid argument
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
python3-m2crypto/0001-setup.py-Make-the-cmd-available.patch
refreshed for 0.46.2
python3-m2crypto/0001-timeout.py-use-qq-format-when-time_t-is-64bit-on-32b.patch
removed, this patch doesn't work for 0.45.1 and 0.46.2.
Fix the following test hang:
test_IP_call (tests.test_ssl.HttpslibSSLSNIClientTestCase.test_IP_call)
...
Changelog:
===========
0.46.2 - 2025-10-02
-------------------
- fix[m2xmlrpclib]: make the module compatible with Python 3.6
0.46.1 - 2025-10-02
-------------------
- Correct license to BSD-2-Clause and update references
- Specify in setup.cfg that we require Python >= 3.6
0.46.0 - 2025-10-01
-------------------
(Tested on Pythons between 3.6 and 3.14.0~rc3)
- M2Crypto closes SSL connection on closing HTTPS Connection, and
some other related issues (#203, #278)
- Modernize C API by eliminating use of deprecated
PyBytes_AsStringAndSize and related functions with Python
Buffer Protocol (#375)
- Whole project is completely covered with type hints and is
checked by mypy (also while doing that, the whole project was
blackened) (#344)
- Add logging support to C extension code sending messages to the
Python logging
- Introducing first efforts to support Engine object (#229)
- Reworked and fixed M2Crypto.m2xmlrpclib module (#163)
- Reverted removal of demo/ subdirectory
- Improve SMIME documentation (#377)
- Some other minor bugs, improvements, and removal of dead code
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
