pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2016Q4]: pkgsrc/security/py-crypto Pullup ticket #5223 - reque...
details: https://anonhg.NetBSD.org/pkgsrc/rev/00b9083db0bd
branches: pkgsrc-2016Q4
changeset: 408760:00b9083db0bd
user: spz <spz%pkgsrc.org@localhost>
date: Mon Mar 13 07:39:32 2017 +0000
description:
Pullup ticket #5223 - requested by sevan
security/py-crypto: security patch
Revisions pulled up:
- security/py-crypto/Makefile 1.40
- security/py-crypto/distinfo 1.13
- security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py 1.2
- security/py-crypto/patches/patch-src_block_template.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: sevan
Date: Tue Mar 7 23:17:51 UTC 2017
Modified Files:
pkgsrc/security/py-crypto: Makefile distinfo
Added Files:
pkgsrc/security/py-crypto/patches:
patch-lib_Crypto_SelfTest_Cipher_common.py
patch-src_block_template.c
Log Message:
Patch CVE-2013-7459, obtained from:
https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
Bump rev.
Reviewed by: wiz
To generate a diff of this commit:
cvs rdiff -u -r1.39 -r1.40 pkgsrc/security/py-crypto/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/security/py-crypto/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py \
pkgsrc/security/py-crypto/patches/patch-src_block_template.c
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: sevan
Date: Wed Mar 8 01:09:00 UTC 2017
Modified Files:
pkgsrc/security/py-crypto: distinfo
pkgsrc/security/py-crypto/patches:
patch-lib_Crypto_SelfTest_Cipher_common.py
Log Message:
Tabs vs spaces!
Unbreak with the Python 3 versions of the package.
Heads up by Daniel Jakots.
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/security/py-crypto/distinfo
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py
diffstat:
security/py-crypto/Makefile | 4 +-
security/py-crypto/distinfo | 4 +-
security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py | 49 ++++++++++
security/py-crypto/patches/patch-src_block_template.c | 25 +++++
4 files changed, 79 insertions(+), 3 deletions(-)
diffs (110 lines):
diff -r 89ec8d621f79 -r 00b9083db0bd security/py-crypto/Makefile
--- a/security/py-crypto/Makefile Fri Mar 03 15:29:36 2017 +0000
+++ b/security/py-crypto/Makefile Mon Mar 13 07:39:32 2017 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.36 2016/03/05 11:29:25 jperkin Exp $
+# $NetBSD: Makefile,v 1.36.8.1 2017/03/13 07:39:32 spz Exp $
DISTNAME= pycrypto-2.6.1
PKGNAME= ${DISTNAME:S/^py/${PYPKGPREFIX}-/}
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= security python
MASTER_SITES= http://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/
diff -r 89ec8d621f79 -r 00b9083db0bd security/py-crypto/distinfo
--- a/security/py-crypto/distinfo Fri Mar 03 15:29:36 2017 +0000
+++ b/security/py-crypto/distinfo Mon Mar 13 07:39:32 2017 +0000
@@ -1,7 +1,9 @@
-$NetBSD: distinfo,v 1.11 2015/11/04 01:18:03 agc Exp $
+$NetBSD: distinfo,v 1.11.10.1 2017/03/13 07:39:32 spz Exp $
SHA1 (pycrypto-2.6.1.tar.gz) = aeda3ed41caf1766409d4efc689b9ca30ad6aeb2
RMD160 (pycrypto-2.6.1.tar.gz) = ac0db079e5e4be9daf739e094c10e96291dbc009
SHA512 (pycrypto-2.6.1.tar.gz) = 20a4aed4dac4e9e61d773ebc1d48ea577e9870c33f396be53d075a9bf8487d93e75e200179882d81e452efd0f6751789bac434f6f431b3e7c1c8ef9dba392847
Size (pycrypto-2.6.1.tar.gz) = 446240 bytes
SHA1 (patch-ab) = 2c72b0e70fdebd2e62aff28284afd919e935de08
+SHA1 (patch-lib_Crypto_SelfTest_Cipher_common.py) = d505f84217614a5a0065addcebab46da15c204e7
+SHA1 (patch-src_block_template.c) = 646bb15e41290922c417a2104e401c82379e97dd
diff -r 89ec8d621f79 -r 00b9083db0bd security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py Mon Mar 13 07:39:32 2017 +0000
@@ -0,0 +1,49 @@
+$NetBSD: patch-lib_Crypto_SelfTest_Cipher_common.py,v 1.2.2.2 2017/03/13 07:39:32 spz Exp $
+
+CVE-2013-7459 backport
+https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
+
+--- lib/Crypto/SelfTest/Cipher/common.py.orig 2017-03-07 16:48:08.000000000 +0000
++++ lib/Crypto/SelfTest/Cipher/common.py
+@@ -239,19 +239,33 @@ class RoundtripTest(unittest.TestCase):
+ return """%s .decrypt() output of .encrypt() should not be garbled""" % (self.module_name,)
+
+ def runTest(self):
+- for mode in (self.module.MODE_ECB, self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB, self.module.MODE_OPENPGP):
++ ## ECB mode
++ mode = self.module.MODE_ECB
++ encryption_cipher = self.module.new(a2b_hex(self.key), mode)
++ ciphertext = encryption_cipher.encrypt(self.plaintext)
++ decryption_cipher = self.module.new(a2b_hex(self.key), mode)
++ decrypted_plaintext = decryption_cipher.decrypt(ciphertext)
++ self.assertEqual(self.plaintext, decrypted_plaintext)
++
++ ## OPENPGP mode
++ mode = self.module.MODE_OPENPGP
++ encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
++ eiv_ciphertext = encryption_cipher.encrypt(self.plaintext)
++ eiv = eiv_ciphertext[:self.module.block_size+2]
++ ciphertext = eiv_ciphertext[self.module.block_size+2:]
++ decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv)
++ decrypted_plaintext = decryption_cipher.decrypt(ciphertext)
++ self.assertEqual(self.plaintext, decrypted_plaintext)
++
++ ## All other non-AEAD modes (but CTR)
++ for mode in (self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB):
+ encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
+ ciphertext = encryption_cipher.encrypt(self.plaintext)
+-
+- if mode != self.module.MODE_OPENPGP:
+- decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
+- else:
+- eiv = ciphertext[:self.module.block_size+2]
+- ciphertext = ciphertext[self.module.block_size+2:]
+- decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv)
++ decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
+ decrypted_plaintext = decryption_cipher.decrypt(ciphertext)
+ self.assertEqual(self.plaintext, decrypted_plaintext)
+
++
+ class PGPTest(unittest.TestCase):
+ def __init__(self, module, params):
+ unittest.TestCase.__init__(self)
diff -r 89ec8d621f79 -r 00b9083db0bd security/py-crypto/patches/patch-src_block_template.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/py-crypto/patches/patch-src_block_template.c Mon Mar 13 07:39:32 2017 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-src_block_template.c,v 1.1.2.2 2017/03/13 07:39:32 spz Exp $
+
+CVE-2013-7459 backport
+https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
+
+--- src/block_template.c.orig 2017-03-07 16:58:09.000000000 +0000
++++ src/block_template.c
+@@ -170,6 +170,17 @@ ALGnew(PyObject *self, PyObject *args, P
+ "Key cannot be the null string");
+ return NULL;
+ }
++ if (IVlen != 0 && mode == MODE_ECB)
++ {
++ PyErr_Format(PyExc_ValueError, "ECB mode does not use IV");
++ return NULL;
++ }
++ if (IVlen != 0 && mode == MODE_CTR)
++ {
++ PyErr_Format(PyExc_ValueError,
++ "CTR mode needs counter parameter, not IV");
++ return NULL;
++ }
+ if (IVlen != BLOCK_SIZE && mode != MODE_ECB && mode != MODE_CTR)
+ {
+ PyErr_Format(PyExc_ValueError,
Home |
Main Index |
Thread Index |
Old Index