From: "Yoann Congal" <yoann.congal@smile.fr>
To: "Yoann Congal" <yoann.congal@smile.fr>,
<openembedded-core@lists.openembedded.org>
Cc: "Nguyen Dat Tho" <tho3.nguyen@lge.com>
Subject: Re: [OE-core][scarthgap 02/11] python3-cryptography: Fix CVE-2026-26007
Date: Mon, 30 Mar 2026 09:58:12 +0200 [thread overview]
Message-ID: <DHFYGZZDZ2YZ.2UZT8D03BWNPH@smile.fr> (raw)
In-Reply-To: <80637cd1b9e2045e9f19fb8337704007fef67e41.1774824253.git.yoann.congal@smile.fr>
On Mon Mar 30, 2026 at 12:46 AM CEST, Yoann Congal wrote:
> From: Nguyen Dat Tho <tho3.nguyen@lge.com>
>
> CVE-2026-26007 is fixed upstream in version 46.0.5.
> Our current version (42.0.5, scarthgap) is still reported as vulnerable
> by NVD.
> Backport the upstream fix to address this CVE.
>
> Upstream commit:
> https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c
>
> CVE report:
> https://nvd.nist.gov/vuln/detail/CVE-2026-26007
>
> Signed-off-by: Nguyen Dat Tho <tho3.nguyen@lge.com>
> Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
> ---
> .../python3-cryptography/CVE-2026-26007.patch | 149 ++++++++++++++++++
> .../python/python3-cryptography_42.0.5.bb | 1 +
> 2 files changed, 150 insertions(+)
> create mode 100644 meta/recipes-devtools/python/python3-cryptography/CVE-2026-26007.patch
>
> diff --git a/meta/recipes-devtools/python/python3-cryptography/CVE-2026-26007.patch b/meta/recipes-devtools/python/python3-cryptography/CVE-2026-26007.patch
> new file mode 100644
> index 00000000000..a78d287ccdd
> --- /dev/null
> +++ b/meta/recipes-devtools/python/python3-cryptography/CVE-2026-26007.patch
> @@ -0,0 +1,149 @@
> +From 42c914929b52eb16421a4ef1f7e09c8f9fdab7db Mon Sep 17 00:00:00 2001
> +From: Paul Kehrer <paul.l.kehrer@gmail.com>
> +Date: Wed, 18 Mar 2026 16:01:03 +0900
> +Subject: [PATCH] EC check key on cofactor > 1
> +
> +An attacker could create a malicious public key that reveals portions of
> +your private key when using certain uncommon elliptic curves (binary
> +curves). This version now includes additional security checks to
> +prevent this attack. This issue only affects binary elliptic curves,
> +which are rarely used in real-world applications. Credit to **XlabAI
> +Team of Tencent Xuanwu Lab and Atuin Automated Vulnerability Discovery
> +Engine** for reporting the issue. **CVE-2026-26007**
> +
> +This is a partial backport of upstream commit
> +0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c, to only include what's
> +relevant for CVE-2026-26007.
> +
> +CVE: CVE-2026-26007
> +
> +Origin: backport, https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c
> +Reference: https://salsa.debian.org/python-team/packages/python-cryptography/-/commit/464e7ca3b0b4493d5906d0c3685de71fda770c59
> +
> +Signed-off-by: Nguyen Dat Tho <tho3.nguyen@lge.com>
> +Signed-off-by: Paul Kehrer <paul.l.kehrer@gmail.com>
> +Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
> +---
> +Upstream-Status: Backport [Backport from https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c]
Tho, (I hope this is the proper way to address you, if not, sorry!)
This "Upstream-Status:" after the "---" triggers a patchtest failure:
FAIL: test Upstream-Status presence: Upstream-Status is present only
after the patch scissors. It must be placed in the patch header before
the scissors line.
(test_patch.TestPatch.test_upstream_status_presence_format)
This is very minor for stables where a patch rebase following an upgrade
is a very rare event.
But, that said, if you can send a v2 patch with the "Upstream-Status"
above the "---", I'll take it.
As a side note: this particular patchtest test is not in scarthgap
patchtech, I'll try to backport it.
Thanks!
> +
> + src/rust/src/backend/ec.rs | 39 ++++++++++++++++++++----------
> + tests/hazmat/primitives/test_ec.py | 37 ++++++++++++++++++++++++++++
> + 2 files changed, 63 insertions(+), 13 deletions(-)
> +
> +diff --git a/src/rust/src/backend/ec.rs b/src/rust/src/backend/ec.rs
> +index 6a224b49f..27fced086 100644
> +--- a/src/rust/src/backend/ec.rs
> ++++ b/src/rust/src/backend/ec.rs
> +@@ -155,12 +155,9 @@ pub(crate) fn public_key_from_pkey(
> + ) -> CryptographyResult<ECPublicKey> {
> + let ec = pkey.ec_key()?;
> + let curve = py_curve_from_curve(py, ec.group())?;
> +- check_key_infinity(&ec)?;
> +- Ok(ECPublicKey {
> +- pkey: pkey.to_owned(),
> +- curve: curve.into(),
> +- })
> ++ ECPublicKey::new(pkey.to_owned(), curve.into())
> + }
> ++
> + #[pyo3::prelude::pyfunction]
> + fn generate_private_key(
> + py: pyo3::Python<'_>,
> +@@ -215,10 +212,7 @@ fn from_public_bytes(
> + let ec = openssl::ec::EcKey::from_public_key(&curve, &point)?;
> + let pkey = openssl::pkey::PKey::from_ec_key(ec)?;
> +
> +- Ok(ECPublicKey {
> +- pkey,
> +- curve: py_curve.into(),
> +- })
> ++ ECPublicKey::new(pkey, py_curve.into())
> + }
> +
> + #[pyo3::prelude::pymethods]
> +@@ -357,6 +351,28 @@ impl ECPrivateKey {
> + }
> + }
> +
> ++impl ECPublicKey {
> ++ fn new(
> ++ pkey: openssl::pkey::PKey<openssl::pkey::Public>,
> ++ curve: pyo3::Py<pyo3::PyAny>,
> ++ ) -> CryptographyResult<ECPublicKey> {
> ++ let ec = pkey.ec_key()?;
> ++ check_key_infinity(&ec)?;
> ++ let mut bn_ctx = openssl::bn::BigNumContext::new()?;
> ++ let mut cofactor = openssl::bn::BigNum::new()?;
> ++ ec.group().cofactor(&mut cofactor, &mut bn_ctx)?;
> ++ let one = openssl::bn::BigNum::from_u32(1)?;
> ++ if cofactor != one {
> ++ ec.check_key().map_err(|_| {
> ++ pyo3::exceptions::PyValueError::new_err(
> ++ "Invalid EC key (key out of range, infinity, etc.)",
> ++ )
> ++ })?;
> ++ }
> ++
> ++ Ok(ECPublicKey { pkey, curve })
> ++ }
> ++}
> + #[pyo3::prelude::pymethods]
> + impl ECPublicKey {
> + #[getter]
> +@@ -591,10 +607,7 @@ impl EllipticCurvePublicNumbers {
> +
> + let pkey = openssl::pkey::PKey::from_ec_key(public_key)?;
> +
> +- Ok(ECPublicKey {
> +- pkey,
> +- curve: self.curve.clone_ref(py),
> +- })
> ++ ECPublicKey::new(pkey, self.curve.clone_ref(py))
> + }
> +
> + fn __eq__(
> +diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py
> +index 334e76dcc..f7f2242f6 100644
> +--- a/tests/hazmat/primitives/test_ec.py
> ++++ b/tests/hazmat/primitives/test_ec.py
> +@@ -1340,3 +1340,40 @@ class TestECDH:
> +
> + with pytest.raises(ValueError):
> + key.exchange(ec.ECDH(), public_key)
> ++
> ++
> ++def test_invalid_sect_public_keys(backend):
> ++ _skip_curve_unsupported(backend, ec.SECT571K1())
> ++ public_numbers = ec.EllipticCurvePublicNumbers(1, 1, ec.SECT571K1())
> ++ with pytest.raises(ValueError):
> ++ public_numbers.public_key()
> ++
> ++ point = binascii.unhexlify(
> ++ b"0400000000000000000000000000000000000000000000000000000000000000000"
> ++ b"0000000000000000000000000000000000000000000000000000000000000000000"
> ++ b"0000000000010000000000000000000000000000000000000000000000000000000"
> ++ b"0000000000000000000000000000000000000000000000000000000000000000000"
> ++ b"0000000000000000000001"
> ++ )
> ++ with pytest.raises(ValueError):
> ++ ec.EllipticCurvePublicKey.from_encoded_point(ec.SECT571K1(), point)
> ++
> ++ der = binascii.unhexlify(
> ++ b"3081a7301006072a8648ce3d020106052b810400260381920004000000000000000"
> ++ b"0000000000000000000000000000000000000000000000000000000000000000000"
> ++ b"0000000000000000000000000000000000000000000000000000000000000100000"
> ++ b"0000000000000000000000000000000000000000000000000000000000000000000"
> ++ b"0000000000000000000000000000000000000000000000000000000000000000000"
> ++ b"00001"
> ++ )
> ++ with pytest.raises(ValueError):
> ++ serialization.load_der_public_key(der)
> ++
> ++ pem = textwrap.dedent("""-----BEGIN PUBLIC KEY-----
> ++ MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> ++ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> ++ AAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> ++ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE=
> ++ -----END PUBLIC KEY-----""").encode()
> ++ with pytest.raises(ValueError):
> ++ serialization.load_pem_public_key(pem)
> diff --git a/meta/recipes-devtools/python/python3-cryptography_42.0.5.bb b/meta/recipes-devtools/python/python3-cryptography_42.0.5.bb
> index 732f925d926..c4573fa6891 100644
> --- a/meta/recipes-devtools/python/python3-cryptography_42.0.5.bb
> +++ b/meta/recipes-devtools/python/python3-cryptography_42.0.5.bb
> @@ -11,6 +11,7 @@ LDSHARED += "-pthread"
> SRC_URI[sha256sum] = "6fe07eec95dfd477eb9530aef5bead34fec819b3aaf6c5bd6d20565da607bfe1"
>
> SRC_URI += "file://0001-pyproject.toml-remove-benchmark-disable-option.patch \
> + file://CVE-2026-26007.patch \
> file://check-memfree.py \
> file://run-ptest \
> "
--
Yoann Congal
Smile ECS
next prev parent reply other threads:[~2026-03-30 7:58 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-29 22:46 [OE-core][scarthgap 00/11] Patch review Yoann Congal
2026-03-29 22:46 ` [OE-core][scarthgap 01/11] tzdata,tzcode-native: Upgrade 2025b -> 2025c Yoann Congal
2026-03-29 22:46 ` [OE-core][scarthgap 02/11] python3-cryptography: Fix CVE-2026-26007 Yoann Congal
2026-03-29 23:01 ` Patchtest results for " patchtest
2026-03-30 7:58 ` Yoann Congal [this message]
2026-03-30 8:19 ` [scarthgap " Nguyen Dat Tho
2026-03-30 8:33 ` [OE-core] " Yoann Congal
2026-03-29 22:46 ` [OE-core][scarthgap 03/11] spdx: add option to include only compiled sources Yoann Congal
2026-03-29 22:46 ` [OE-core][scarthgap 04/11] dtc: backport fix for build with glibc-2.43 Yoann Congal
2026-03-30 14:36 ` Yoann Congal
2026-03-30 14:43 ` Martin Jansa
2026-03-30 14:54 ` Yoann Congal
2026-04-20 8:29 ` Martin Jansa
2026-04-20 16:54 ` Yoann Congal
2026-03-29 22:46 ` [OE-core][scarthgap 05/11] pseudo: Add fix for glibc 2.43 Yoann Congal
2026-03-29 22:46 ` [OE-core][scarthgap 06/11] yocto-uninative: Update to 5.0 for needed patchelf updates Yoann Congal
2026-03-29 22:46 ` [OE-core][scarthgap 07/11] yocto-uninative: Update to 5.1 for glibc 2.43 Yoann Congal
2026-03-29 22:46 ` [OE-core][scarthgap 08/11] elfutils: don't add -Werror to avoid discarded-qualifiers Yoann Congal
2026-03-29 22:46 ` [OE-core][scarthgap 09/11] binutils: backport patch to fix build with glibc-2.43 on host Yoann Congal
2026-03-29 22:46 ` [OE-core][scarthgap 10/11] python3-pyopenssl: Fix CVE-2026-27448 Yoann Congal
2026-03-29 22:46 ` [OE-core][scarthgap 11/11] python3-pyopenssl: Fix CVE-2026-27459 Yoann Congal
2026-03-30 7:33 ` [OE-core][scarthgap 00/11] Patch review Yoann Congal
2026-04-20 8:44 ` Joao Marcos Costa
2026-04-20 9:21 ` Yoann Congal
2026-04-20 10:51 ` Joao Marcos Costa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DHFYGZZDZ2YZ.2UZT8D03BWNPH@smile.fr \
--to=yoann.congal@smile.fr \
--cc=openembedded-core@lists.openembedded.org \
--cc=tho3.nguyen@lge.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox