diff options
author | spz <spz@pkgsrc.org> | 2017-03-13 07:39:32 +0000 |
---|---|---|
committer | spz <spz@pkgsrc.org> | 2017-03-13 07:39:32 +0000 |
commit | 729e4b52860442ee41413a3ec07e540e5e73551c (patch) | |
tree | 75a10657a17f1c0029f66ca5f17d3bc1dd50f4ec | |
parent | 269cfceeec9fa8e4bddad162b9a5a1d4d05f7ac9 (diff) | |
download | pkgsrc-729e4b52860442ee41413a3ec07e540e5e73551c.tar.gz |
Pullup ticket #5223 - requested by sevan
security/py-crypto: security patch
Revisions pulled up:
- security/py-crypto/Makefile 1.40
- security/py-crypto/distinfo 1.13
- security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py 1.2
- security/py-crypto/patches/patch-src_block_template.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: sevan
Date: Tue Mar 7 23:17:51 UTC 2017
Modified Files:
pkgsrc/security/py-crypto: Makefile distinfo
Added Files:
pkgsrc/security/py-crypto/patches:
patch-lib_Crypto_SelfTest_Cipher_common.py
patch-src_block_template.c
Log Message:
Patch CVE-2013-7459, obtained from:
https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
Bump rev.
Reviewed by: wiz
To generate a diff of this commit:
cvs rdiff -u -r1.39 -r1.40 pkgsrc/security/py-crypto/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/security/py-crypto/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py \
pkgsrc/security/py-crypto/patches/patch-src_block_template.c
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: sevan
Date: Wed Mar 8 01:09:00 UTC 2017
Modified Files:
pkgsrc/security/py-crypto: distinfo
pkgsrc/security/py-crypto/patches:
patch-lib_Crypto_SelfTest_Cipher_common.py
Log Message:
Tabs vs spaces!
Unbreak with the Python 3 versions of the package.
Heads up by Daniel Jakots.
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/security/py-crypto/distinfo
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py
-rw-r--r-- | security/py-crypto/Makefile | 4 | ||||
-rw-r--r-- | security/py-crypto/distinfo | 4 | ||||
-rw-r--r-- | security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py | 49 | ||||
-rw-r--r-- | security/py-crypto/patches/patch-src_block_template.c | 25 |
4 files changed, 79 insertions, 3 deletions
diff --git a/security/py-crypto/Makefile b/security/py-crypto/Makefile index e6a61d39d2b..b605b31955a 100644 --- a/security/py-crypto/Makefile +++ b/security/py-crypto/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.36 2016/03/05 11:29:25 jperkin Exp $ +# $NetBSD: Makefile,v 1.36.8.1 2017/03/13 07:39:32 spz Exp $ DISTNAME= pycrypto-2.6.1 PKGNAME= ${DISTNAME:S/^py/${PYPKGPREFIX}-/} -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= security python MASTER_SITES= http://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/ diff --git a/security/py-crypto/distinfo b/security/py-crypto/distinfo index 23a8bca0ea7..0c8ba346240 100644 --- a/security/py-crypto/distinfo +++ b/security/py-crypto/distinfo @@ -1,7 +1,9 @@ -$NetBSD: distinfo,v 1.11 2015/11/04 01:18:03 agc Exp $ +$NetBSD: distinfo,v 1.11.10.1 2017/03/13 07:39:32 spz Exp $ SHA1 (pycrypto-2.6.1.tar.gz) = aeda3ed41caf1766409d4efc689b9ca30ad6aeb2 RMD160 (pycrypto-2.6.1.tar.gz) = ac0db079e5e4be9daf739e094c10e96291dbc009 SHA512 (pycrypto-2.6.1.tar.gz) = 20a4aed4dac4e9e61d773ebc1d48ea577e9870c33f396be53d075a9bf8487d93e75e200179882d81e452efd0f6751789bac434f6f431b3e7c1c8ef9dba392847 Size (pycrypto-2.6.1.tar.gz) = 446240 bytes SHA1 (patch-ab) = 2c72b0e70fdebd2e62aff28284afd919e935de08 +SHA1 (patch-lib_Crypto_SelfTest_Cipher_common.py) = d505f84217614a5a0065addcebab46da15c204e7 +SHA1 (patch-src_block_template.c) = 646bb15e41290922c417a2104e401c82379e97dd diff --git a/security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py b/security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py new file mode 100644 index 00000000000..3661b6b3d84 --- /dev/null +++ b/security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py @@ -0,0 +1,49 @@ +$NetBSD: patch-lib_Crypto_SelfTest_Cipher_common.py,v 1.2.2.2 2017/03/13 07:39:32 spz Exp $ + +CVE-2013-7459 backport +https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 + +--- lib/Crypto/SelfTest/Cipher/common.py.orig 2017-03-07 16:48:08.000000000 +0000 ++++ lib/Crypto/SelfTest/Cipher/common.py +@@ -239,19 +239,33 @@ class RoundtripTest(unittest.TestCase): + return """%s .decrypt() output of .encrypt() should not be garbled""" % (self.module_name,) + + def runTest(self): +- for mode in (self.module.MODE_ECB, self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB, self.module.MODE_OPENPGP): ++ ## ECB mode ++ mode = self.module.MODE_ECB ++ encryption_cipher = self.module.new(a2b_hex(self.key), mode) ++ ciphertext = encryption_cipher.encrypt(self.plaintext) ++ decryption_cipher = self.module.new(a2b_hex(self.key), mode) ++ decrypted_plaintext = decryption_cipher.decrypt(ciphertext) ++ self.assertEqual(self.plaintext, decrypted_plaintext) ++ ++ ## OPENPGP mode ++ mode = self.module.MODE_OPENPGP ++ encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) ++ eiv_ciphertext = encryption_cipher.encrypt(self.plaintext) ++ eiv = eiv_ciphertext[:self.module.block_size+2] ++ ciphertext = eiv_ciphertext[self.module.block_size+2:] ++ decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv) ++ decrypted_plaintext = decryption_cipher.decrypt(ciphertext) ++ self.assertEqual(self.plaintext, decrypted_plaintext) ++ ++ ## All other non-AEAD modes (but CTR) ++ for mode in (self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB): + encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) + ciphertext = encryption_cipher.encrypt(self.plaintext) +- +- if mode != self.module.MODE_OPENPGP: +- decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) +- else: +- eiv = ciphertext[:self.module.block_size+2] +- ciphertext = ciphertext[self.module.block_size+2:] +- decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv) ++ decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) + decrypted_plaintext = decryption_cipher.decrypt(ciphertext) + self.assertEqual(self.plaintext, decrypted_plaintext) + ++ + class PGPTest(unittest.TestCase): + def __init__(self, module, params): + unittest.TestCase.__init__(self) diff --git a/security/py-crypto/patches/patch-src_block_template.c b/security/py-crypto/patches/patch-src_block_template.c new file mode 100644 index 00000000000..b33290629d9 --- /dev/null +++ b/security/py-crypto/patches/patch-src_block_template.c @@ -0,0 +1,25 @@ +$NetBSD: patch-src_block_template.c,v 1.1.2.2 2017/03/13 07:39:32 spz Exp $ + +CVE-2013-7459 backport +https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 + +--- src/block_template.c.orig 2017-03-07 16:58:09.000000000 +0000 ++++ src/block_template.c +@@ -170,6 +170,17 @@ ALGnew(PyObject *self, PyObject *args, P + "Key cannot be the null string"); + return NULL; + } ++ if (IVlen != 0 && mode == MODE_ECB) ++ { ++ PyErr_Format(PyExc_ValueError, "ECB mode does not use IV"); ++ return NULL; ++ } ++ if (IVlen != 0 && mode == MODE_CTR) ++ { ++ PyErr_Format(PyExc_ValueError, ++ "CTR mode needs counter parameter, not IV"); ++ return NULL; ++ } + if (IVlen != BLOCK_SIZE && mode != MODE_ECB && mode != MODE_CTR) + { + PyErr_Format(PyExc_ValueError, |