diff --git a/SOURCES/0006-Specify-the-out-length-for-poly1305.patch b/SOURCES/0006-Specify-the-out-length-for-poly1305.patch new file mode 100644 index 0000000..1df278f --- /dev/null +++ b/SOURCES/0006-Specify-the-out-length-for-poly1305.patch @@ -0,0 +1,22 @@ +From 076560a9507bbe26180f499adf750bc3851b97e8 Mon Sep 17 00:00:00 2001 +From: Alex Gaynor +Date: Mon, 11 Oct 2021 09:43:28 -0400 +Subject: [PATCH] Specify the out length when obtaining the tag for poly1305 + +--- + src/cryptography/hazmat/backends/openssl/poly1305.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/cryptography/hazmat/backends/openssl/poly1305.py b/src/cryptography/hazmat/backends/openssl/poly1305.py +index 35f6819ce8..2ddae9847a 100644 +--- a/src/cryptography/hazmat/backends/openssl/poly1305.py ++++ b/src/cryptography/hazmat/backends/openssl/poly1305.py +@@ -51,7 +51,7 @@ def update(self, data): + + def finalize(self): + buf = self._backend._ffi.new("unsigned char[]", _POLY1305_TAG_SIZE) +- outlen = self._backend._ffi.new("size_t *") ++ outlen = self._backend._ffi.new("size_t *", _POLY1305_TAG_SIZE) + res = self._backend._lib.EVP_DigestSignFinal(self._ctx, buf, outlen) + self._backend.openssl_assert(res != 0) + self._backend.openssl_assert(outlen[0] == _POLY1305_TAG_SIZE) diff --git a/SPECS/python-cryptography.spec b/SPECS/python-cryptography.spec index 3c873d0..bfd079f 100644 --- a/SPECS/python-cryptography.spec +++ b/SPECS/python-cryptography.spec @@ -7,7 +7,7 @@ Name: python-%{srcname} Version: 3.4.7 -Release: 5%{?dist} +Release: 8%{?dist} Summary: PyCA's cryptography library License: ASL 2.0 or BSD @@ -23,6 +23,8 @@ Patch2: 0002-WIP-3.0.0-support-5250.patch Patch3: 0003-switch-to-using-EVP_PKEY_derive-instead-of-DH_comput.patch Patch4: 0004-3.0.0-deprecated-func-and-it-isn-t-useful-to-us-in-g.patch Patch5: 0005-remove-unneeded-binding-6150.patch +# OpenSSL 3.0.1 patches +Patch6: 0006-Specify-the-out-length-for-poly1305.patch ExclusiveArch: %{rust_arches} @@ -110,9 +112,11 @@ cat < %{SOURCE2} >> tests/conftest.py # see https://github.com/pyca/cryptography/issues/4885 and # see https://bugzilla.redhat.com/show_bug.cgi?id=1761194 for deselected tests +# see rhbz#2042413 for memleak. It's unstable with openssl 3.0.1 and makes +# not much sense for downstream testing. PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \ %{__python3} -m pytest \ - -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve)" + -k "not (test_buffer_protocol_alternate_modes or test_dh_parameters_supported or test_load_ecdsa_no_named_curve or test_openssl_memleak)" %endif %files -n python%{python3_pkgversion}-%{srcname} @@ -122,6 +126,19 @@ PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \ %{python3_sitearch}/%{srcname}-%{version}-py*.egg-info %changelog +* Tue Feb 08 2022 Tomas Orsava - 3.4.7-8 +- Skip unstable memleak tests, backported from Fedora (BZ#2042413) +- Related: rhbz#1990421 + +* Tue Feb 08 2022 Tomas Orsava - 3.4.7-7 +- Add automatically generated Obsoletes tag with the python39- prefix + for smoother upgrade from RHEL8 +- Related: rhbz#1990421 + +* Tue Jan 18 2022 Christian Heimes - 3.4.7-6 +- Fix gating issues, resolves: rhbz#2039768 +- Fix poly1305 test, resolves: rhbz#2043582 + * Tue Aug 10 2021 Mohan Boddu - 3.4.7-5 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688