markus.lehr/yoctor-layers
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added my Recipes

Browse Source
This commit is contained in:
Markus Lehr
2024-07-11 14:16:35 +02:00
parent 38bc4f53ac
commit 09b621d929
7118 changed files with 525762 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
meta-openembedded/meta-python/recipes-devtools/python/python3-m2crypto/0001-setup.py-address-openssl-3.x-build-issue.patch Normal file
View File

@@ -0,0 +1,28 @@
From 0d824e5c2ab13e761ffaeabdccf9513d5b8f280d Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex@linutronix.de>
Date: Fri, 8 Oct 2021 11:18:35 +0200
Subject: [PATCH] setup.py: address openssl 3.x build issue
swig throws:
| /home/alex/development/poky/build-metaoe/tmp/work/x86_64-linux/python3-m2crypto-native/0.38.0-r0/recipe-sysroot-native/usr/include/openssl/macros.h:155: Error: CPP #error ""OPENSSL_API_COMPAT expresses an impossible API compatibility level"". Use the -cpperraswarn option to continue swig processing.
I'm not sure why; upstream should take a look.
Upstream-Status: Inappropriate [workaround]
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
setup.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/setup.py b/setup.py
index 2c65404..74704bc 100644
--- a/setup.py
+++ b/setup.py
@@ -192,6 +192,7 @@ class _M2CryptoBuildExt(build_ext.build_ext):
self.swig_opts.append('-includeall')
self.swig_opts.append('-modern')
+ self.swig_opts.append('-cpperraswarn')
self.swig_opts.append('-builtin')
# These two lines are a workaround for

33
meta-openembedded/meta-python/recipes-devtools/python/python3-m2crypto/0001-setup.py-link-in-sysroot-not-in-host-directories.patch Normal file
View File

@@ -0,0 +1,33 @@
From dfb83a41aaeae326e9b6f02b233af375bc7b8815 Mon Sep 17 00:00:00 2001
From: Koen Kooi <koen@dominion.thruhere.net>
Date: Fri, 29 Mar 2013 15:17:17 +0100
Subject: [PATCH] setup.py: link in sysroot, not in host directories
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
Upstream-Status: Pending [Unknown]
---
setup.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/setup.py
+++ b/setup.py
@@ -135,6 +135,7 @@ class _M2CryptoBuildExt(build_ext.build_
self.set_undefined_options('build', ('bundledlls', 'bundledlls'))
self.libraries = ['ssl', 'crypto']
+ self.openssl = os.environ.get( "STAGING_DIR" )
if sys.platform == 'win32':
self.libraries = ['ssleay32', 'libeay32']
if self.openssl and openssl_version(self.openssl,
@@ -159,8 +160,8 @@ class _M2CryptoBuildExt(build_ext.build_
if self.openssl is not None:
log.debug('self.openssl = %s', self.openssl)
- openssl_library_dir = os.path.join(self.openssl, 'lib')
- openssl_include_dir = os.path.join(self.openssl, 'include')
+ openssl_library_dir = os.environ.get( "STAGING_LIBDIR" )
+ openssl_include_dir = os.environ.get( "STAGING_INCDIR" )
self.library_dirs.append(openssl_library_dir)
self.include_dirs.append(openssl_include_dir)

176
meta-openembedded/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch Normal file
View File

@@ -0,0 +1,176 @@
Backport patch to fix CVE-2020-25657.
Upstream-Status: Backport [https://gitlab.com/m2crypto/m2crypto/-/commit/84c53958]
Signed-off-by: Kai Kang <kai.kang@windriver.com>
From 84c53958def0f510e92119fca14d74f94215827a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
Date: Tue, 28 Jun 2022 21:17:01 +0200
Subject: [PATCH] Mitigate the Bleichenbacher timing attacks in the RSA
decryption API (CVE-2020-25657)
Fixes #282
---
src/SWIG/_m2crypto_wrap.c | 20 ++++++++++++--------
src/SWIG/_rsa.i | 20 ++++++++++++--------
tests/test_rsa.py | 15 +++++++--------
3 files changed, 31 insertions(+), 24 deletions(-)
diff --git a/src/SWIG/_m2crypto_wrap.c b/src/SWIG/_m2crypto_wrap.c
index aba9eb6d..a9f30da9 100644
--- a/src/SWIG/_m2crypto_wrap.c
+++ b/src/SWIG/_m2crypto_wrap.c
@@ -7040,9 +7040,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -7070,9 +7071,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -7097,9 +7099,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -7124,9 +7127,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
diff --git a/src/SWIG/_rsa.i b/src/SWIG/_rsa.i
index bc714e01..1377b8be 100644
--- a/src/SWIG/_rsa.i
+++ b/src/SWIG/_rsa.i
@@ -239,9 +239,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -269,9 +270,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -296,9 +298,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
@@ -323,9 +326,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) {
tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf,
(unsigned char *)tbuf, rsa, padding);
if (tlen == -1) {
- m2_PyErr_Msg(_rsa_err);
+ ERR_clear_error();
+ PyErr_Clear();
PyMem_Free(tbuf);
- return NULL;
+ Py_RETURN_NONE;
}
ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen);
diff --git a/tests/test_rsa.py b/tests/test_rsa.py
index 7bb3af75..5e75d681 100644
--- a/tests/test_rsa.py
+++ b/tests/test_rsa.py
@@ -109,8 +109,9 @@ class RSATestCase(unittest.TestCase):
# The other paddings.
for padding in self.s_padding_nok:
p = getattr(RSA, padding)
- with self.assertRaises(RSA.RSAError):
- priv.private_encrypt(self.data, p)
+ # Exception disabled as a part of mitigation against CVE-2020-25657
+ # with self.assertRaises(RSA.RSAError):
+ priv.private_encrypt(self.data, p)
# Type-check the data to be encrypted.
with self.assertRaises(TypeError):
priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding)
@@ -127,10 +128,12 @@ class RSATestCase(unittest.TestCase):
self.assertEqual(ptxt, self.data)
# no_padding
- with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
- priv.public_encrypt(self.data, RSA.no_padding)
+ # Exception disabled as a part of mitigation against CVE-2020-25657
+ # with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
+ priv.public_encrypt(self.data, RSA.no_padding)
# Type-check the data to be encrypted.
+ # Exception disabled as a part of mitigation against CVE-2020-25657
with self.assertRaises(TypeError):
priv.public_encrypt(self.gen_callback, RSA.pkcs1_padding)
@@ -146,10 +149,6 @@ class RSATestCase(unittest.TestCase):
b'\000\000\000\003\001\000\001') # aka 65537 aka 0xf4
with self.assertRaises(RSA.RSAError):
setattr(rsa, 'e', '\000\000\000\003\001\000\001')
- with self.assertRaises(RSA.RSAError):
- rsa.private_encrypt(1)
- with self.assertRaises(RSA.RSAError):
- rsa.private_decrypt(1)
assert rsa.check_key()
def test_loadpub_bad(self):
--
GitLab

23
meta-openembedded/meta-python/recipes-devtools/python/python3-m2crypto/avoid-host-contamination.patch Normal file
View File

@@ -0,0 +1,23 @@
Filter out '/usr/include' for swig to avoid host contamination issue.
Upstream-Status: Inappropriate [cross compile specific]
Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
setup.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/setup.py b/setup.py
index 5a12981..389d49f 100644
--- a/setup.py
+++ b/setup.py
@@ -153,7 +153,8 @@ class _M2CryptoBuildExt(build_ext.build_ext):
self.swig_opts.append('-py3')
# swig seems to need the default header file directories
- self.swig_opts.extend(['-I%s' % i for i in _get_additional_includes()])
+ self.swig_opts.extend(['-I%s' % i for i in _get_additional_includes()
+ if i != '/usr/include'])
log.debug('self.include_dirs = %s', self.include_dirs)
log.debug('self.library_dirs = %s', self.library_dirs)

33
meta-openembedded/meta-python/recipes-devtools/python/python3-m2crypto/cross-compile-platform.patch Normal file
View File

@@ -0,0 +1,33 @@
Do not compute platform, this does not work in cross compile environment
since it pokes at the system for getting architecture values
Upstream-Status: Inappropriate
Signed-off-by: Khem Raj <raj.khem@gmail.com>
--- a/setup.py
+++ b/setup.py
@@ -169,24 +169,6 @@ class _M2CryptoBuildExt(build_ext.build_
log.debug('self.include_dirs = %s', self.include_dirs)
log.debug('self.library_dirs = %s', self.library_dirs)
- if platform.system() == "Linux":
- # For RedHat-based distros, the '-D__{arch}__' option for
- # Swig needs to be normalized, particularly on i386.
- mach = platform.machine().lower()
- if mach in ('i386', 'i486', 'i586', 'i686'):
- arch = '__i386__'
- elif mach in ('ppc64', 'powerpc64', 'ppc64le', 'ppc64el'):
- arch = '__powerpc64__'
- elif mach in ('ppc', 'powerpc'):
- arch = '__powerpc__'
- else:
- arch = '__%s__' % mach
- self.swig_opts.append('-D%s' % arch)
- if mach in ('ppc64le', 'ppc64el'):
- self.swig_opts.append('-D_CALL_ELF=2')
- if mach in ('arm64_be'):
- self.swig_opts.append('-D__AARCH64EB__')
-
self.swig_opts.extend(['-I%s' % i for i in self.include_dirs])
# Some Linux distributor has added the following line in