Details: https://nvd.nist.gov/vuln/detail/CVE-2020-25657
The commit[1] that fixes the vulnerability has been part of the
package since version 0.39.0
[1]: 84c53958de
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit ba6468f7a09bf8e268ea5ac7939925c362ead876)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2009-0127
The vulnerability is disputed[1] by upstream:
"There is no vulnerability in M2Crypto. Nowhere in the functions
are the return values of OpenSSL functions interpreted incorrectly.
The functions provide an interface to their users that may be
considered confusing, but is not incorrect, nor it is a vulnerability."
[1]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0127
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b46a5452a1c1a417f2971e494e151fa1f4022e36)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
python3-m2crypto/0001-setup.py-Make-the-cmd-available.patch
refreshed for 0.46.2
python3-m2crypto/0001-timeout.py-use-qq-format-when-time_t-is-64bit-on-32b.patch
removed, this patch doesn't work for 0.45.1 and 0.46.2.
Fix the following test hang:
test_IP_call (tests.test_ssl.HttpslibSSLSNIClientTestCase.test_IP_call)
...
Changelog:
===========
0.46.2 - 2025-10-02
-------------------
- fix[m2xmlrpclib]: make the module compatible with Python 3.6
0.46.1 - 2025-10-02
-------------------
- Correct license to BSD-2-Clause and update references
- Specify in setup.cfg that we require Python >= 3.6
0.46.0 - 2025-10-01
-------------------
(Tested on Pythons between 3.6 and 3.14.0~rc3)
- M2Crypto closes SSL connection on closing HTTPS Connection, and
some other related issues (#203, #278)
- Modernize C API by eliminating use of deprecated
PyBytes_AsStringAndSize and related functions with Python
Buffer Protocol (#375)
- Whole project is completely covered with type hints and is
checked by mypy (also while doing that, the whole project was
blackened) (#344)
- Add logging support to C extension code sending messages to the
Python logging
- Introducing first efforts to support Engine object (#229)
- Reworked and fixed M2Crypto.m2xmlrpclib module (#163)
- Reverted removal of demo/ subdirectory
- Improve SMIME documentation (#377)
- Some other minor bugs, improvements, and removal of dead code
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
