pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/py-crypto Patch CVE-2013-7459, obtained from:



details:   https://anonhg.NetBSD.org/pkgsrc/rev/63af93053bb5
branches:  trunk
changeset: 359357:63af93053bb5
user:      sevan <sevan%pkgsrc.org@localhost>
date:      Tue Mar 07 23:17:51 2017 +0000

description:
Patch CVE-2013-7459, obtained from:
https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
Bump rev.

Reviewed by: wiz

diffstat:

 security/py-crypto/Makefile                                           |   4 +-
 security/py-crypto/distinfo                                           |   4 +-
 security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py |  49 ++++++++++
 security/py-crypto/patches/patch-src_block_template.c                 |  25 +++++
 4 files changed, 79 insertions(+), 3 deletions(-)

diffs (110 lines):

diff -r 3aad03e9b97e -r 63af93053bb5 security/py-crypto/Makefile
--- a/security/py-crypto/Makefile       Tue Mar 07 22:47:52 2017 +0000
+++ b/security/py-crypto/Makefile       Tue Mar 07 23:17:51 2017 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.39 2017/01/12 16:36:35 rodent Exp $
+# $NetBSD: Makefile,v 1.40 2017/03/07 23:17:51 sevan Exp $
 
 DISTNAME=      pycrypto-2.6.1
 PKGNAME=       ${DISTNAME:S/^py/${PYPKGPREFIX}-/}
-PKGREVISION=   2
+PKGREVISION=   3
 CATEGORIES=    security python
 MASTER_SITES=  http://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/
 
diff -r 3aad03e9b97e -r 63af93053bb5 security/py-crypto/distinfo
--- a/security/py-crypto/distinfo       Tue Mar 07 22:47:52 2017 +0000
+++ b/security/py-crypto/distinfo       Tue Mar 07 23:17:51 2017 +0000
@@ -1,7 +1,9 @@
-$NetBSD: distinfo,v 1.11 2015/11/04 01:18:03 agc Exp $
+$NetBSD: distinfo,v 1.12 2017/03/07 23:17:51 sevan Exp $
 
 SHA1 (pycrypto-2.6.1.tar.gz) = aeda3ed41caf1766409d4efc689b9ca30ad6aeb2
 RMD160 (pycrypto-2.6.1.tar.gz) = ac0db079e5e4be9daf739e094c10e96291dbc009
 SHA512 (pycrypto-2.6.1.tar.gz) = 20a4aed4dac4e9e61d773ebc1d48ea577e9870c33f396be53d075a9bf8487d93e75e200179882d81e452efd0f6751789bac434f6f431b3e7c1c8ef9dba392847
 Size (pycrypto-2.6.1.tar.gz) = 446240 bytes
 SHA1 (patch-ab) = 2c72b0e70fdebd2e62aff28284afd919e935de08
+SHA1 (patch-lib_Crypto_SelfTest_Cipher_common.py) = 4e4f3c0a705ceb8fbc922c5d44bd33fce347ac83
+SHA1 (patch-src_block_template.c) = 646bb15e41290922c417a2104e401c82379e97dd
diff -r 3aad03e9b97e -r 63af93053bb5 security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py     Tue Mar 07 23:17:51 2017 +0000
@@ -0,0 +1,49 @@
+$NetBSD: patch-lib_Crypto_SelfTest_Cipher_common.py,v 1.1 2017/03/07 23:17:51 sevan Exp $
+
+CVE-2013-7459 backport
+https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
+
+--- lib/Crypto/SelfTest/Cipher/common.py.orig  2017-03-07 16:48:08.000000000 +0000
++++ lib/Crypto/SelfTest/Cipher/common.py
+@@ -239,19 +239,33 @@ class RoundtripTest(unittest.TestCase):
+         return """%s .decrypt() output of .encrypt() should not be garbled""" % (self.module_name,)
+ 
+     def runTest(self):
+-        for mode in (self.module.MODE_ECB, self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB, self.module.MODE_OPENPGP):
++        ## ECB mode
++      mode = self.module.MODE_ECB
++      encryption_cipher = self.module.new(a2b_hex(self.key), mode)
++      ciphertext = encryption_cipher.encrypt(self.plaintext)
++      decryption_cipher = self.module.new(a2b_hex(self.key), mode)
++      decrypted_plaintext = decryption_cipher.decrypt(ciphertext)
++      self.assertEqual(self.plaintext, decrypted_plaintext)
++
++      ## OPENPGP mode
++      mode = self.module.MODE_OPENPGP
++      encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
++      eiv_ciphertext = encryption_cipher.encrypt(self.plaintext)
++      eiv = eiv_ciphertext[:self.module.block_size+2]
++      ciphertext = eiv_ciphertext[self.module.block_size+2:]
++      decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv)
++      decrypted_plaintext = decryption_cipher.decrypt(ciphertext)
++      self.assertEqual(self.plaintext, decrypted_plaintext)
++
++      ## All other non-AEAD modes (but CTR)
++      for mode in (self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB):
+             encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
+             ciphertext = encryption_cipher.encrypt(self.plaintext)
+-            
+-            if mode != self.module.MODE_OPENPGP:
+-                decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
+-            else:
+-                eiv = ciphertext[:self.module.block_size+2]
+-                ciphertext = ciphertext[self.module.block_size+2:]
+-                decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv)
++          decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
+             decrypted_plaintext = decryption_cipher.decrypt(ciphertext)
+             self.assertEqual(self.plaintext, decrypted_plaintext)
+ 
++
+ class PGPTest(unittest.TestCase):
+     def __init__(self, module, params):
+         unittest.TestCase.__init__(self)
diff -r 3aad03e9b97e -r 63af93053bb5 security/py-crypto/patches/patch-src_block_template.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/py-crypto/patches/patch-src_block_template.c     Tue Mar 07 23:17:51 2017 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-src_block_template.c,v 1.1 2017/03/07 23:17:51 sevan Exp $
+
+CVE-2013-7459 backport
+https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
+
+--- src/block_template.c.orig  2017-03-07 16:58:09.000000000 +0000
++++ src/block_template.c
+@@ -170,6 +170,17 @@ ALGnew(PyObject *self, PyObject *args, P
+                               "Key cannot be the null string");
+               return NULL;
+       }
++      if (IVlen != 0 && mode == MODE_ECB)
++      {
++              PyErr_Format(PyExc_ValueError, "ECB mode does not use IV");
++              return NULL;
++      }
++      if (IVlen != 0 && mode == MODE_CTR)
++      {
++              PyErr_Format(PyExc_ValueError,
++                      "CTR mode needs counter parameter, not IV");
++              return NULL;
++      }
+       if (IVlen != BLOCK_SIZE && mode != MODE_ECB && mode != MODE_CTR)
+       {
+               PyErr_Format(PyExc_ValueError,



Home | Main Index | Thread Index | Old Index