pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/py-crypto Patch CVE-2013-7459, obtained from:
details: https://anonhg.NetBSD.org/pkgsrc/rev/63af93053bb5
branches: trunk
changeset: 359357:63af93053bb5
user: sevan <sevan%pkgsrc.org@localhost>
date: Tue Mar 07 23:17:51 2017 +0000
description:
Patch CVE-2013-7459, obtained from:
https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
Bump rev.
Reviewed by: wiz
diffstat:
security/py-crypto/Makefile | 4 +-
security/py-crypto/distinfo | 4 +-
security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py | 49 ++++++++++
security/py-crypto/patches/patch-src_block_template.c | 25 +++++
4 files changed, 79 insertions(+), 3 deletions(-)
diffs (110 lines):
diff -r 3aad03e9b97e -r 63af93053bb5 security/py-crypto/Makefile
--- a/security/py-crypto/Makefile Tue Mar 07 22:47:52 2017 +0000
+++ b/security/py-crypto/Makefile Tue Mar 07 23:17:51 2017 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.39 2017/01/12 16:36:35 rodent Exp $
+# $NetBSD: Makefile,v 1.40 2017/03/07 23:17:51 sevan Exp $
DISTNAME= pycrypto-2.6.1
PKGNAME= ${DISTNAME:S/^py/${PYPKGPREFIX}-/}
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= security python
MASTER_SITES= http://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/
diff -r 3aad03e9b97e -r 63af93053bb5 security/py-crypto/distinfo
--- a/security/py-crypto/distinfo Tue Mar 07 22:47:52 2017 +0000
+++ b/security/py-crypto/distinfo Tue Mar 07 23:17:51 2017 +0000
@@ -1,7 +1,9 @@
-$NetBSD: distinfo,v 1.11 2015/11/04 01:18:03 agc Exp $
+$NetBSD: distinfo,v 1.12 2017/03/07 23:17:51 sevan Exp $
SHA1 (pycrypto-2.6.1.tar.gz) = aeda3ed41caf1766409d4efc689b9ca30ad6aeb2
RMD160 (pycrypto-2.6.1.tar.gz) = ac0db079e5e4be9daf739e094c10e96291dbc009
SHA512 (pycrypto-2.6.1.tar.gz) = 20a4aed4dac4e9e61d773ebc1d48ea577e9870c33f396be53d075a9bf8487d93e75e200179882d81e452efd0f6751789bac434f6f431b3e7c1c8ef9dba392847
Size (pycrypto-2.6.1.tar.gz) = 446240 bytes
SHA1 (patch-ab) = 2c72b0e70fdebd2e62aff28284afd919e935de08
+SHA1 (patch-lib_Crypto_SelfTest_Cipher_common.py) = 4e4f3c0a705ceb8fbc922c5d44bd33fce347ac83
+SHA1 (patch-src_block_template.c) = 646bb15e41290922c417a2104e401c82379e97dd
diff -r 3aad03e9b97e -r 63af93053bb5 security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py Tue Mar 07 23:17:51 2017 +0000
@@ -0,0 +1,49 @@
+$NetBSD: patch-lib_Crypto_SelfTest_Cipher_common.py,v 1.1 2017/03/07 23:17:51 sevan Exp $
+
+CVE-2013-7459 backport
+https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
+
+--- lib/Crypto/SelfTest/Cipher/common.py.orig 2017-03-07 16:48:08.000000000 +0000
++++ lib/Crypto/SelfTest/Cipher/common.py
+@@ -239,19 +239,33 @@ class RoundtripTest(unittest.TestCase):
+ return """%s .decrypt() output of .encrypt() should not be garbled""" % (self.module_name,)
+
+ def runTest(self):
+- for mode in (self.module.MODE_ECB, self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB, self.module.MODE_OPENPGP):
++ ## ECB mode
++ mode = self.module.MODE_ECB
++ encryption_cipher = self.module.new(a2b_hex(self.key), mode)
++ ciphertext = encryption_cipher.encrypt(self.plaintext)
++ decryption_cipher = self.module.new(a2b_hex(self.key), mode)
++ decrypted_plaintext = decryption_cipher.decrypt(ciphertext)
++ self.assertEqual(self.plaintext, decrypted_plaintext)
++
++ ## OPENPGP mode
++ mode = self.module.MODE_OPENPGP
++ encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
++ eiv_ciphertext = encryption_cipher.encrypt(self.plaintext)
++ eiv = eiv_ciphertext[:self.module.block_size+2]
++ ciphertext = eiv_ciphertext[self.module.block_size+2:]
++ decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv)
++ decrypted_plaintext = decryption_cipher.decrypt(ciphertext)
++ self.assertEqual(self.plaintext, decrypted_plaintext)
++
++ ## All other non-AEAD modes (but CTR)
++ for mode in (self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB):
+ encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
+ ciphertext = encryption_cipher.encrypt(self.plaintext)
+-
+- if mode != self.module.MODE_OPENPGP:
+- decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
+- else:
+- eiv = ciphertext[:self.module.block_size+2]
+- ciphertext = ciphertext[self.module.block_size+2:]
+- decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv)
++ decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
+ decrypted_plaintext = decryption_cipher.decrypt(ciphertext)
+ self.assertEqual(self.plaintext, decrypted_plaintext)
+
++
+ class PGPTest(unittest.TestCase):
+ def __init__(self, module, params):
+ unittest.TestCase.__init__(self)
diff -r 3aad03e9b97e -r 63af93053bb5 security/py-crypto/patches/patch-src_block_template.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/py-crypto/patches/patch-src_block_template.c Tue Mar 07 23:17:51 2017 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-src_block_template.c,v 1.1 2017/03/07 23:17:51 sevan Exp $
+
+CVE-2013-7459 backport
+https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
+
+--- src/block_template.c.orig 2017-03-07 16:58:09.000000000 +0000
++++ src/block_template.c
+@@ -170,6 +170,17 @@ ALGnew(PyObject *self, PyObject *args, P
+ "Key cannot be the null string");
+ return NULL;
+ }
++ if (IVlen != 0 && mode == MODE_ECB)
++ {
++ PyErr_Format(PyExc_ValueError, "ECB mode does not use IV");
++ return NULL;
++ }
++ if (IVlen != 0 && mode == MODE_CTR)
++ {
++ PyErr_Format(PyExc_ValueError,
++ "CTR mode needs counter parameter, not IV");
++ return NULL;
++ }
+ if (IVlen != BLOCK_SIZE && mode != MODE_ECB && mode != MODE_CTR)
+ {
+ PyErr_Format(PyExc_ValueError,
Home |
Main Index |
Thread Index |
Old Index