| Message ID | 20250612042855.1377855-1-archana.polampalli@windriver.com |
|---|---|
| State | Rejected |
| Delegated to: | Steve Sakoman |
| Headers | show |
| Series | [kirkstone,1/1] python3-cryptography: fix IndentationError caused by CVE-2024-26130 fix | expand |
Thank you for your submission. Patchtest identified one or more issues with the patch. Please see the log below for more information: --- Testing patch /home/patchtest/share/mboxes/kirkstone-1-1-python3-cryptography-fix-IndentationError-caused-by-CVE-2024-26130-fix.patch FAIL: test CVE tag format: Missing or incorrectly formatted CVE tag in patch file. Correct or include the CVE tag in the patch with format: "CVE: CVE-YYYY-XXXX" (test_patch.TestPatch.test_cve_tag_format) FAIL: test commit message user tags: Mbox includes one or more GitHub-style username tags. Ensure that any "@" symbols are stripped out of usernames (test_mbox.TestMbox.test_commit_message_user_tags) PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence) PASS: test Signed-off-by presence (test_patch.TestPatch.test_signed_off_by_presence) PASS: test Upstream-Status presence (test_patch.TestPatch.test_upstream_status_presence_format) PASS: test author valid (test_mbox.TestMbox.test_author_valid) PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence) PASS: test max line length (test_metadata.TestMetadata.test_max_line_length) PASS: test mbox format (test_mbox.TestMbox.test_mbox_format) PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade) PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format) PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length) PASS: test target mailing list (test_mbox.TestMbox.test_target_mailing_list) SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint) SKIP: pretest src uri left files: No modified recipes, skipping pretest (test_metadata.TestMetadata.pretest_src_uri_left_files) SKIP: test CVE check ignore: No modified recipes or older target branch, skipping test (test_metadata.TestMetadata.test_cve_check_ignore) SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format) SKIP: test lic files chksum modified not mentioned: No modified recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned) SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence) SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence) SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint) SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head) SKIP: test src uri left files: No modified recipes, skipping pretest (test_metadata.TestMetadata.test_src_uri_left_files) SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence) --- Please address the issues identified and submit a new revision of the patch, or alternatively, reply to this email with an explanation of why the patch should be accepted. If you believe these results are due to an error in patchtest, please submit a bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category under 'Yocto Project Subprojects'). For more information on specific failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank you!
Le jeu. 12 juin 2025 à 06:29, Polampalli, Archana via lists.openembedded.org <archana.polampalli=windriver.com@lists.openembedded.org> a écrit : > From: Archana Polampalli <archana.polampalli@windriver.com> > > fixes: > > File > "/usr/lib/python3-cryptography/ptest/tests/hazmat/primitives/test_pkcs12.py", > line 28 > @pytest.mark.supported( > IndentationError: unexpected indent > > Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> > Hello, Shouldn't we fix CVE-2024-26130.patch instead of carrying this new patch? Thanks! > --- > ...st_pkcs12.py-correct-the-Indentation.patch | 60 +++++++++++++++++++ > .../python/python3-cryptography_36.0.2.bb | 1 + > 2 files changed, 61 insertions(+) > create mode 100644 > meta/recipes-devtools/python/python3-cryptography/0001-test_pkcs12.py-correct-the-Indentation.patch > > diff --git > a/meta/recipes-devtools/python/python3-cryptography/0001-test_pkcs12.py-correct-the-Indentation.patch > b/meta/recipes-devtools/python/python3-cryptography/0001-test_pkcs12.py-correct-the-Indentation.patch > new file mode 100644 > index 0000000000..09e540c887 > --- /dev/null > +++ > b/meta/recipes-devtools/python/python3-cryptography/0001-test_pkcs12.py-correct-the-Indentation.patch > @@ -0,0 +1,60 @@ > +From b737b6609cd6394c895258e0ae9b341650747918 Mon Sep 17 00:00:00 2001 > +From: Archana Polampalli <archana.polampalli@windriver.com> > +Date: Tue, 10 Jun 2025 11:52:53 +0530 > +Subject: [PATCH] test_pkcs12.py: correct the Indentation > + > +Upstream-Status: Pending > + > +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> > +--- > + tests/hazmat/primitives/test_pkcs12.py | 34 +++++++++++++------------- > + 1 file changed, 17 insertions(+), 17 deletions(-) > + > +diff --git a/tests/hazmat/primitives/test_pkcs12.py > b/tests/hazmat/primitives/test_pkcs12.py > +index 8af4c93..1084038 100644 > +--- a/tests/hazmat/primitives/test_pkcs12.py > ++++ b/tests/hazmat/primitives/test_pkcs12.py > +@@ -25,23 +25,23 @@ from ...doubles import DummyKeySerializationEncryption > + from ...utils import load_vectors_from_file > + > + > +- @pytest.mark.supported( > +- only_if=lambda backend: > backend._lib.Cryptography_HAS_PKCS12_SET_MAC, > +- skip_message="Requires OpenSSL with PKCS12_set_mac", > +- ) > +- def test_set_mac_key_certificate_mismatch(self, backend): > +- cacert, _ = _load_ca(backend) > +- key = ec.generate_private_key(ec.SECP256R1()) > +- encryption = ( > +- serialization.PrivateFormat.PKCS12.encryption_builder() > +- .hmac_hash(hashes.SHA256()) > +- .build(b"password") > +- ) > +- > +- with pytest.raises(ValueError): > +- serialize_key_and_certificates( > +- b"name", key, cacert, [], encryption > +- ) > ++ @pytest.mark.supported( > ++ only_if=lambda backend: > backend._lib.Cryptography_HAS_PKCS12_SET_MAC, > ++ skip_message="Requires OpenSSL with PKCS12_set_mac", > ++ ) > ++ def test_set_mac_key_certificate_mismatch(self, backend): > ++ cacert, _ = _load_ca(backend) > ++ key = ec.generate_private_key(ec.SECP256R1()) > ++ encryption = ( > ++ serialization.PrivateFormat.PKCS12.encryption_builder() > ++ .hmac_hash(hashes.SHA256()) > ++ .build(b"password") > ++ ) > ++ > ++ with pytest.raises(ValueError): > ++ serialize_key_and_certificates( > ++ b"name", key, cacert, [], encryption > ++ ) > + > + @pytest.mark.skip_fips( > + reason="PKCS12 unsupported in FIPS mode. So much bad crypto in it." > +-- > +2.40.0 > + > diff --git a/meta/recipes-devtools/python/python3-cryptography_36.0.2.bb > b/meta/recipes-devtools/python/python3-cryptography_36.0.2.bb > index 83381f225c..173e47b463 100644 > --- a/meta/recipes-devtools/python/python3-cryptography_36.0.2.bb > +++ b/meta/recipes-devtools/python/python3-cryptography_36.0.2.bb > @@ -20,6 +20,7 @@ SRC_URI += " \ > file://CVE-2023-23931.patch \ > file://CVE-2023-49083.patch \ > file://CVE-2024-26130.patch \ > + file://0001-test_pkcs12.py-correct-the-Indentation.patch \ > " > > inherit pypi python_setuptools3_rust > -- > 2.40.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#218475): > https://lists.openembedded.org/g/openembedded-core/message/218475 > Mute This Topic: https://lists.openembedded.org/mt/113601601/4316185 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > yoann.congal@smile.fr] > -=-=-=-=-=-=-=-=-=-=-=- > >
diff --git a/meta/recipes-devtools/python/python3-cryptography/0001-test_pkcs12.py-correct-the-Indentation.patch b/meta/recipes-devtools/python/python3-cryptography/0001-test_pkcs12.py-correct-the-Indentation.patch new file mode 100644 index 0000000000..09e540c887 --- /dev/null +++ b/meta/recipes-devtools/python/python3-cryptography/0001-test_pkcs12.py-correct-the-Indentation.patch @@ -0,0 +1,60 @@ +From b737b6609cd6394c895258e0ae9b341650747918 Mon Sep 17 00:00:00 2001 +From: Archana Polampalli <archana.polampalli@windriver.com> +Date: Tue, 10 Jun 2025 11:52:53 +0530 +Subject: [PATCH] test_pkcs12.py: correct the Indentation + +Upstream-Status: Pending + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + tests/hazmat/primitives/test_pkcs12.py | 34 +++++++++++++------------- + 1 file changed, 17 insertions(+), 17 deletions(-) + +diff --git a/tests/hazmat/primitives/test_pkcs12.py b/tests/hazmat/primitives/test_pkcs12.py +index 8af4c93..1084038 100644 +--- a/tests/hazmat/primitives/test_pkcs12.py ++++ b/tests/hazmat/primitives/test_pkcs12.py +@@ -25,23 +25,23 @@ from ...doubles import DummyKeySerializationEncryption + from ...utils import load_vectors_from_file + + +- @pytest.mark.supported( +- only_if=lambda backend: backend._lib.Cryptography_HAS_PKCS12_SET_MAC, +- skip_message="Requires OpenSSL with PKCS12_set_mac", +- ) +- def test_set_mac_key_certificate_mismatch(self, backend): +- cacert, _ = _load_ca(backend) +- key = ec.generate_private_key(ec.SECP256R1()) +- encryption = ( +- serialization.PrivateFormat.PKCS12.encryption_builder() +- .hmac_hash(hashes.SHA256()) +- .build(b"password") +- ) +- +- with pytest.raises(ValueError): +- serialize_key_and_certificates( +- b"name", key, cacert, [], encryption +- ) ++ @pytest.mark.supported( ++ only_if=lambda backend: backend._lib.Cryptography_HAS_PKCS12_SET_MAC, ++ skip_message="Requires OpenSSL with PKCS12_set_mac", ++ ) ++ def test_set_mac_key_certificate_mismatch(self, backend): ++ cacert, _ = _load_ca(backend) ++ key = ec.generate_private_key(ec.SECP256R1()) ++ encryption = ( ++ serialization.PrivateFormat.PKCS12.encryption_builder() ++ .hmac_hash(hashes.SHA256()) ++ .build(b"password") ++ ) ++ ++ with pytest.raises(ValueError): ++ serialize_key_and_certificates( ++ b"name", key, cacert, [], encryption ++ ) + + @pytest.mark.skip_fips( + reason="PKCS12 unsupported in FIPS mode. So much bad crypto in it." +-- +2.40.0 + diff --git a/meta/recipes-devtools/python/python3-cryptography_36.0.2.bb b/meta/recipes-devtools/python/python3-cryptography_36.0.2.bb index 83381f225c..173e47b463 100644 --- a/meta/recipes-devtools/python/python3-cryptography_36.0.2.bb +++ b/meta/recipes-devtools/python/python3-cryptography_36.0.2.bb @@ -20,6 +20,7 @@ SRC_URI += " \ file://CVE-2023-23931.patch \ file://CVE-2023-49083.patch \ file://CVE-2024-26130.patch \ + file://0001-test_pkcs12.py-correct-the-Indentation.patch \ " inherit pypi python_setuptools3_rust