automatic import of python-Authlibopeneuler22.03_LTS_SP4

4 files changed, 129 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index e69de29..16cb357 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/Authlib-1.2.0.tar.gz
diff --git a/backport-fix-prevent-OctKey-to-import-ssh-rsa-pem-keys.patch b/backport-fix-prevent-OctKey-to-import-ssh-rsa-pem-keys.patch
new file mode 100644
index 0000000..f9d75d1
--- /dev/null
+++ b/backport-fix-prevent-OctKey-to-import-ssh-rsa-pem-keys.patch
@@ -0,0 +1,46 @@
+From 3bea812acefebc9ee108aa24557be3ba8971daf1 Mon Sep 17 00:00:00 2001
+From: Hsiaoming Yang <me@lepture.com>
+Date: Tue, 4 Jun 2024 11:34:43 +0900
+Subject: [PATCH] fix: prevent OctKey to import ssh/rsa/pem keys
+
+https://github.com/lepture/authlib/issues/654
+---
+ authlib/jose/rfc7518/oct_key.py | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/authlib/jose/rfc7518/oct_key.py b/authlib/jose/rfc7518/oct_key.py
+index 1db321a..44e1f72 100644
+--- a/authlib/jose/rfc7518/oct_key.py
++++ b/authlib/jose/rfc7518/oct_key.py
+@@ -6,6 +6,16 @@ from authlib.common.security import generate_token
+ from ..rfc7517 import Key
+ 
+ 
++POSSIBLE_UNSAFE_KEYS = (
++    b"-----BEGIN ",
++    b"---- BEGIN ",
++    b"ssh-rsa ",
++    b"ssh-dss ",
++    b"ssh-ed25519 ",
++    b"ecdsa-sha2-",
++)
++
++
+ class OctKey(Key):
+     """Key class of the ``oct`` key type."""
+ 
+@@ -65,6 +75,11 @@ class OctKey(Key):
+             key._dict_data = raw
+         else:
+             raw_key = to_bytes(raw)
++
++            # security check
++            if raw_key.startswith(POSSIBLE_UNSAFE_KEYS):
++                raise ValueError("This key may not be safe to import")
++
+             key = cls(raw_key=raw_key, options=options)
+         return key
+ 
+-- 
+2.33.0
+
diff --git a/python-Authlib.spec b/python-Authlib.spec
new file mode 100644
index 0000000..766729b
--- /dev/null
+++ b/python-Authlib.spec
@@ -0,0 +1,81 @@
+%global _empty_manifest_terminate_build 0
+Name:		python-Authlib
+Version:	1.2.0
+Release:	2
+Summary:	The ultimate Python library in building OAuth and OpenID Connect servers and clients.
+License:	BSD 3-Clause License
+URL:		https://authlib.org/
+Source0:	https://files.pythonhosted.org/packages/1e/84/3c82d181a04053fefa456dcb15edea93ffdb06071570b6cb05783f5e5fa5/Authlib-1.2.0.tar.gz
+BuildArch:	noarch
+
+Patch0001:	backport-fix-prevent-OctKey-to-import-ssh-rsa-pem-keys.patch
+
+Requires:	python3-cryptography
+
+%description
+The ultimate Python library in building OAuth and OpenID Connect servers.
+JWS, JWK, JWA, JWT are included.
+
+%package -n python3-Authlib
+Summary:	The ultimate Python library in building OAuth and OpenID Connect servers and clients.
+Provides:	python-Authlib
+BuildRequires:	python3-devel
+BuildRequires:	python3-setuptools
+BuildRequires:	python3-pip
+%description -n python3-Authlib
+The ultimate Python library in building OAuth and OpenID Connect servers.
+JWS, JWK, JWA, JWT are included.
+
+%package help
+Summary:	Development documents and examples for Authlib
+Provides:	python3-Authlib-doc
+%description help
+The ultimate Python library in building OAuth and OpenID Connect servers.
+JWS, JWK, JWA, JWT are included.
+
+%prep
+%autosetup -p1 -n Authlib-1.2.0
+
+%build
+%py3_build
+
+%install
+%py3_install
+install -d -m755 %{buildroot}/%{_pkgdocdir}
+if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
+if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
+if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
+if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
+pushd %{buildroot}
+if [ -d usr/lib ]; then
+	find usr/lib -type f -printf "\"/%h/%f\"\n" >> filelist.lst
+fi
+if [ -d usr/lib64 ]; then
+	find usr/lib64 -type f -printf "\"/%h/%f\"\n" >> filelist.lst
+fi
+if [ -d usr/bin ]; then
+	find usr/bin -type f -printf "\"/%h/%f\"\n" >> filelist.lst
+fi
+if [ -d usr/sbin ]; then
+	find usr/sbin -type f -printf "\"/%h/%f\"\n" >> filelist.lst
+fi
+touch doclist.lst
+if [ -d usr/share/man ]; then
+	find usr/share/man -type f -printf "\"/%h/%f.gz\"\n" >> doclist.lst
+fi
+popd
+mv %{buildroot}/filelist.lst .
+mv %{buildroot}/doclist.lst .
+
+%files -n python3-Authlib -f filelist.lst
+%dir %{python3_sitelib}/*
+
+%files help -f doclist.lst
+%{_docdir}/*
+
+%changelog
+* Wed Jun 26 2024 wangziliang <wangziliang@kylinos.cn> - 1.2.0-2
+- fix CVE-2024-37568
+
+* Wed Jun 07 2023 lichaoran <pkwarcraft@hotmail.com> - 1.2.0-1
+- Package Spec generated
diff --git a/sources b/sources
new file mode 100644
index 0000000..4bec03c
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+caa265a0b85568e2b9a704518416aedf  Authlib-1.2.0.tar.gz