diff mbox series

[kirkstone,V2,1/1] python3-cryptography: fix ptest failure caused by CVE-2024-26130 fix

Message ID 20250612044316.1385701-1-archana.polampalli@windriver.com
State Rejected
Delegated to: Steve Sakoman
Headers show
Series [kirkstone,V2,1/1] python3-cryptography: fix ptest failure caused by CVE-2024-26130 fix | expand

Commit Message

Polampalli, Archana June 12, 2025, 4:43 a.m. UTC 
From: Archana Polampalli <archana.polampalli@windriver.com>

fixes:

   File "/usr/lib/python3-cryptography/ptest/tests/hazmat/primitives/test_pkcs12.py", line 28
       pytest.mark.supported(
   IndentationError: unexpected indent

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
 ...st_pkcs12.py-correct-the-Indentation.patch | 62 +++++++++++++++++++
 .../python/python3-cryptography_36.0.2.bb     |  1 +
 2 files changed, 63 insertions(+)
 create mode 100644 meta/recipes-devtools/python/python3-cryptography/0001-test_pkcs12.py-correct-the-Indentation.patch

Comments

Gyorgy Sarvari June 12, 2025, 6:37 a.m. UTC | #1 
On 6/12/25 06:43, Polampalli, Archana via lists.openembedded.org wrote:
> ---
>  ...st_pkcs12.py-correct-the-Indentation.patch | 62 +++++++++++++++++++

Alternatively you could also just fix CVE-2024-26130.patch itself
instead of patching the patch.
Steve Sakoman June 12, 2025, 3:54 p.m. UTC | #2 
On Wed, Jun 11, 2025 at 11:37 PM Gyorgy Sarvari via
lists.openembedded.org <skandigraun=gmail.com@lists.openembedded.org>
wrote:
>
> On 6/12/25 06:43, Polampalli, Archana via lists.openembedded.org wrote:
> > ---
> >  ...st_pkcs12.py-correct-the-Indentation.patch | 62 +++++++++++++++++++
>
> Alternatively you could also just fix CVE-2024-26130.patch itself
> instead of patching the patch.

Yes, please send a V3 with this approach.

Thanks,

Steve
diff mbox series

Patch

diff --git a/meta/recipes-devtools/python/python3-cryptography/0001-test_pkcs12.py-correct-the-Indentation.patch b/meta/recipes-devtools/python/python3-cryptography/0001-test_pkcs12.py-correct-the-Indentation.patch
new file mode 100644
index 0000000000..f6813fcdc8
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-cryptography/0001-test_pkcs12.py-correct-the-Indentation.patch
@@ -0,0 +1,62 @@ 
+From b737b6609cd6394c895258e0ae9b341650747918 Mon Sep 17 00:00:00 2001
+From: Archana Polampalli <archana.polampalli@windriver.com>
+Date: Tue, 10 Jun 2025 11:52:53 +0530
+Subject: [PATCH] test_pkcs12.py: correct the Indentation
+
+CVE: CVE-2024-26130
+
+Upstream-Status: Pending
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ tests/hazmat/primitives/test_pkcs12.py | 34 +++++++++++++-------------
+ 1 file changed, 17 insertions(+), 17 deletions(-)
+
+diff --git a/tests/hazmat/primitives/test_pkcs12.py b/tests/hazmat/primitives/test_pkcs12.py
+index 8af4c93..1084038 100644
+--- a/tests/hazmat/primitives/test_pkcs12.py
++++ b/tests/hazmat/primitives/test_pkcs12.py
+@@ -25,23 +25,23 @@ from ...doubles import DummyKeySerializationEncryption
+ from ...utils import load_vectors_from_file
+ 
+ 
+-   @pytest.mark.supported(
+-       only_if=lambda backend: backend._lib.Cryptography_HAS_PKCS12_SET_MAC,
+-       skip_message="Requires OpenSSL with PKCS12_set_mac",
+-   )
+-   def test_set_mac_key_certificate_mismatch(self, backend):
+-       cacert, _ = _load_ca(backend)
+-       key = ec.generate_private_key(ec.SECP256R1())
+-       encryption = (
+-           serialization.PrivateFormat.PKCS12.encryption_builder()
+-           .hmac_hash(hashes.SHA256())
+-           .build(b"password")
+-       )
+-
+-       with pytest.raises(ValueError):
+-           serialize_key_and_certificates(
+-               b"name", key, cacert, [], encryption
+-           )
++    @pytest.mark.supported(
++        only_if=lambda backend: backend._lib.Cryptography_HAS_PKCS12_SET_MAC,
++        skip_message="Requires OpenSSL with PKCS12_set_mac",
++    )
++    def test_set_mac_key_certificate_mismatch(self, backend):
++        cacert, _ = _load_ca(backend)
++        key = ec.generate_private_key(ec.SECP256R1())
++        encryption = (
++            serialization.PrivateFormat.PKCS12.encryption_builder()
++            .hmac_hash(hashes.SHA256())
++            .build(b"password")
++        )
++
++        with pytest.raises(ValueError):
++            serialize_key_and_certificates(
++                b"name", key, cacert, [], encryption
++            )
+ 
+ @pytest.mark.skip_fips(
+     reason="PKCS12 unsupported in FIPS mode. So much bad crypto in it."
+-- 
+2.40.0
+
diff --git a/meta/recipes-devtools/python/python3-cryptography_36.0.2.bb b/meta/recipes-devtools/python/python3-cryptography_36.0.2.bb
index 83381f225c..173e47b463 100644
--- a/meta/recipes-devtools/python/python3-cryptography_36.0.2.bb
+++ b/meta/recipes-devtools/python/python3-cryptography_36.0.2.bb
@@ -20,6 +20,7 @@  SRC_URI += " \
     file://CVE-2023-23931.patch \
     file://CVE-2023-49083.patch \
     file://CVE-2024-26130.patch \
+    file://0001-test_pkcs12.py-correct-the-Indentation.patch \
 "
 
 inherit pypi python_setuptools3_rust