From 8d11ae70b7ca3dea705d19e6573460ea004bbd43 Mon Sep 17 00:00:00 2001 From: spz Date: Mon, 13 Mar 2017 07:39:32 +0000 Subject: Pullup ticket #5223 - requested by sevan security/py-crypto: security patch Revisions pulled up: - security/py-crypto/Makefile 1.40 - security/py-crypto/distinfo 1.13 - security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py 1.2 - security/py-crypto/patches/patch-src_block_template.c 1.1 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: sevan Date: Tue Mar 7 23:17:51 UTC 2017 Modified Files: pkgsrc/security/py-crypto: Makefile distinfo Added Files: pkgsrc/security/py-crypto/patches: patch-lib_Crypto_SelfTest_Cipher_common.py patch-src_block_template.c Log Message: Patch CVE-2013-7459, obtained from: https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 Bump rev. Reviewed by: wiz To generate a diff of this commit: cvs rdiff -u -r1.39 -r1.40 pkgsrc/security/py-crypto/Makefile cvs rdiff -u -r1.11 -r1.12 pkgsrc/security/py-crypto/distinfo cvs rdiff -u -r0 -r1.1 \ pkgsrc/security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py \ pkgsrc/security/py-crypto/patches/patch-src_block_template.c ------------------------------------------------------------------- Module Name: pkgsrc Committed By: sevan Date: Wed Mar 8 01:09:00 UTC 2017 Modified Files: pkgsrc/security/py-crypto: distinfo pkgsrc/security/py-crypto/patches: patch-lib_Crypto_SelfTest_Cipher_common.py Log Message: Tabs vs spaces! Unbreak with the Python 3 versions of the package. Heads up by Daniel Jakots. To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 pkgsrc/security/py-crypto/distinfo cvs rdiff -u -r1.1 -r1.2 \ pkgsrc/security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py --- security/py-crypto/Makefile | 4 +- security/py-crypto/distinfo | 4 +- .../patch-lib_Crypto_SelfTest_Cipher_common.py | 49 ++++++++++++++++++++++ .../py-crypto/patches/patch-src_block_template.c | 25 +++++++++++ 4 files changed, 79 insertions(+), 3 deletions(-) create mode 100644 security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py create mode 100644 security/py-crypto/patches/patch-src_block_template.c diff --git a/security/py-crypto/Makefile b/security/py-crypto/Makefile index e6a61d39d2b..b605b31955a 100644 --- a/security/py-crypto/Makefile +++ b/security/py-crypto/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.36 2016/03/05 11:29:25 jperkin Exp $ +# $NetBSD: Makefile,v 1.36.8.1 2017/03/13 07:39:32 spz Exp $ DISTNAME= pycrypto-2.6.1 PKGNAME= ${DISTNAME:S/^py/${PYPKGPREFIX}-/} -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= security python MASTER_SITES= http://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/ diff --git a/security/py-crypto/distinfo b/security/py-crypto/distinfo index 23a8bca0ea7..0c8ba346240 100644 --- a/security/py-crypto/distinfo +++ b/security/py-crypto/distinfo @@ -1,7 +1,9 @@ -$NetBSD: distinfo,v 1.11 2015/11/04 01:18:03 agc Exp $ +$NetBSD: distinfo,v 1.11.10.1 2017/03/13 07:39:32 spz Exp $ SHA1 (pycrypto-2.6.1.tar.gz) = aeda3ed41caf1766409d4efc689b9ca30ad6aeb2 RMD160 (pycrypto-2.6.1.tar.gz) = ac0db079e5e4be9daf739e094c10e96291dbc009 SHA512 (pycrypto-2.6.1.tar.gz) = 20a4aed4dac4e9e61d773ebc1d48ea577e9870c33f396be53d075a9bf8487d93e75e200179882d81e452efd0f6751789bac434f6f431b3e7c1c8ef9dba392847 Size (pycrypto-2.6.1.tar.gz) = 446240 bytes SHA1 (patch-ab) = 2c72b0e70fdebd2e62aff28284afd919e935de08 +SHA1 (patch-lib_Crypto_SelfTest_Cipher_common.py) = d505f84217614a5a0065addcebab46da15c204e7 +SHA1 (patch-src_block_template.c) = 646bb15e41290922c417a2104e401c82379e97dd diff --git a/security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py b/security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py new file mode 100644 index 00000000000..3661b6b3d84 --- /dev/null +++ b/security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py @@ -0,0 +1,49 @@ +$NetBSD: patch-lib_Crypto_SelfTest_Cipher_common.py,v 1.2.2.2 2017/03/13 07:39:32 spz Exp $ + +CVE-2013-7459 backport +https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 + +--- lib/Crypto/SelfTest/Cipher/common.py.orig 2017-03-07 16:48:08.000000000 +0000 ++++ lib/Crypto/SelfTest/Cipher/common.py +@@ -239,19 +239,33 @@ class RoundtripTest(unittest.TestCase): + return """%s .decrypt() output of .encrypt() should not be garbled""" % (self.module_name,) + + def runTest(self): +- for mode in (self.module.MODE_ECB, self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB, self.module.MODE_OPENPGP): ++ ## ECB mode ++ mode = self.module.MODE_ECB ++ encryption_cipher = self.module.new(a2b_hex(self.key), mode) ++ ciphertext = encryption_cipher.encrypt(self.plaintext) ++ decryption_cipher = self.module.new(a2b_hex(self.key), mode) ++ decrypted_plaintext = decryption_cipher.decrypt(ciphertext) ++ self.assertEqual(self.plaintext, decrypted_plaintext) ++ ++ ## OPENPGP mode ++ mode = self.module.MODE_OPENPGP ++ encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) ++ eiv_ciphertext = encryption_cipher.encrypt(self.plaintext) ++ eiv = eiv_ciphertext[:self.module.block_size+2] ++ ciphertext = eiv_ciphertext[self.module.block_size+2:] ++ decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv) ++ decrypted_plaintext = decryption_cipher.decrypt(ciphertext) ++ self.assertEqual(self.plaintext, decrypted_plaintext) ++ ++ ## All other non-AEAD modes (but CTR) ++ for mode in (self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB): + encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) + ciphertext = encryption_cipher.encrypt(self.plaintext) +- +- if mode != self.module.MODE_OPENPGP: +- decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) +- else: +- eiv = ciphertext[:self.module.block_size+2] +- ciphertext = ciphertext[self.module.block_size+2:] +- decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv) ++ decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) + decrypted_plaintext = decryption_cipher.decrypt(ciphertext) + self.assertEqual(self.plaintext, decrypted_plaintext) + ++ + class PGPTest(unittest.TestCase): + def __init__(self, module, params): + unittest.TestCase.__init__(self) diff --git a/security/py-crypto/patches/patch-src_block_template.c b/security/py-crypto/patches/patch-src_block_template.c new file mode 100644 index 00000000000..b33290629d9 --- /dev/null +++ b/security/py-crypto/patches/patch-src_block_template.c @@ -0,0 +1,25 @@ +$NetBSD: patch-src_block_template.c,v 1.1.2.2 2017/03/13 07:39:32 spz Exp $ + +CVE-2013-7459 backport +https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 + +--- src/block_template.c.orig 2017-03-07 16:58:09.000000000 +0000 ++++ src/block_template.c +@@ -170,6 +170,17 @@ ALGnew(PyObject *self, PyObject *args, P + "Key cannot be the null string"); + return NULL; + } ++ if (IVlen != 0 && mode == MODE_ECB) ++ { ++ PyErr_Format(PyExc_ValueError, "ECB mode does not use IV"); ++ return NULL; ++ } ++ if (IVlen != 0 && mode == MODE_CTR) ++ { ++ PyErr_Format(PyExc_ValueError, ++ "CTR mode needs counter parameter, not IV"); ++ return NULL; ++ } + if (IVlen != BLOCK_SIZE && mode != MODE_ECB && mode != MODE_CTR) + { + PyErr_Format(PyExc_ValueError, -- cgit v1.2.3