pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/py-crypto
Module Name: pkgsrc
Committed By: sevan
Date: Tue Mar 7 23:17:51 UTC 2017
Modified Files:
pkgsrc/security/py-crypto: Makefile distinfo
Added Files:
pkgsrc/security/py-crypto/patches:
patch-lib_Crypto_SelfTest_Cipher_common.py
patch-src_block_template.c
Log Message:
Patch CVE-2013-7459, obtained from:
https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
Bump rev.
Reviewed by: wiz
To generate a diff of this commit:
cvs rdiff -u -r1.39 -r1.40 pkgsrc/security/py-crypto/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/security/py-crypto/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py \
pkgsrc/security/py-crypto/patches/patch-src_block_template.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/py-crypto/Makefile
diff -u pkgsrc/security/py-crypto/Makefile:1.39 pkgsrc/security/py-crypto/Makefile:1.40
--- pkgsrc/security/py-crypto/Makefile:1.39 Thu Jan 12 16:36:35 2017
+++ pkgsrc/security/py-crypto/Makefile Tue Mar 7 23:17:51 2017
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.39 2017/01/12 16:36:35 rodent Exp $
+# $NetBSD: Makefile,v 1.40 2017/03/07 23:17:51 sevan Exp $
DISTNAME= pycrypto-2.6.1
PKGNAME= ${DISTNAME:S/^py/${PYPKGPREFIX}-/}
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= security python
MASTER_SITES= http://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/
Index: pkgsrc/security/py-crypto/distinfo
diff -u pkgsrc/security/py-crypto/distinfo:1.11 pkgsrc/security/py-crypto/distinfo:1.12
--- pkgsrc/security/py-crypto/distinfo:1.11 Wed Nov 4 01:18:03 2015
+++ pkgsrc/security/py-crypto/distinfo Tue Mar 7 23:17:51 2017
@@ -1,7 +1,9 @@
-$NetBSD: distinfo,v 1.11 2015/11/04 01:18:03 agc Exp $
+$NetBSD: distinfo,v 1.12 2017/03/07 23:17:51 sevan Exp $
SHA1 (pycrypto-2.6.1.tar.gz) = aeda3ed41caf1766409d4efc689b9ca30ad6aeb2
RMD160 (pycrypto-2.6.1.tar.gz) = ac0db079e5e4be9daf739e094c10e96291dbc009
SHA512 (pycrypto-2.6.1.tar.gz) = 20a4aed4dac4e9e61d773ebc1d48ea577e9870c33f396be53d075a9bf8487d93e75e200179882d81e452efd0f6751789bac434f6f431b3e7c1c8ef9dba392847
Size (pycrypto-2.6.1.tar.gz) = 446240 bytes
SHA1 (patch-ab) = 2c72b0e70fdebd2e62aff28284afd919e935de08
+SHA1 (patch-lib_Crypto_SelfTest_Cipher_common.py) = 4e4f3c0a705ceb8fbc922c5d44bd33fce347ac83
+SHA1 (patch-src_block_template.c) = 646bb15e41290922c417a2104e401c82379e97dd
Added files:
Index: pkgsrc/security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py
diff -u /dev/null pkgsrc/security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py:1.1
--- /dev/null Tue Mar 7 23:17:51 2017
+++ pkgsrc/security/py-crypto/patches/patch-lib_Crypto_SelfTest_Cipher_common.py Tue Mar 7 23:17:51 2017
@@ -0,0 +1,49 @@
+$NetBSD: patch-lib_Crypto_SelfTest_Cipher_common.py,v 1.1 2017/03/07 23:17:51 sevan Exp $
+
+CVE-2013-7459 backport
+https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
+
+--- lib/Crypto/SelfTest/Cipher/common.py.orig 2017-03-07 16:48:08.000000000 +0000
++++ lib/Crypto/SelfTest/Cipher/common.py
+@@ -239,19 +239,33 @@ class RoundtripTest(unittest.TestCase):
+ return """%s .decrypt() output of .encrypt() should not be garbled""" % (self.module_name,)
+
+ def runTest(self):
+- for mode in (self.module.MODE_ECB, self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB, self.module.MODE_OPENPGP):
++ ## ECB mode
++ mode = self.module.MODE_ECB
++ encryption_cipher = self.module.new(a2b_hex(self.key), mode)
++ ciphertext = encryption_cipher.encrypt(self.plaintext)
++ decryption_cipher = self.module.new(a2b_hex(self.key), mode)
++ decrypted_plaintext = decryption_cipher.decrypt(ciphertext)
++ self.assertEqual(self.plaintext, decrypted_plaintext)
++
++ ## OPENPGP mode
++ mode = self.module.MODE_OPENPGP
++ encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
++ eiv_ciphertext = encryption_cipher.encrypt(self.plaintext)
++ eiv = eiv_ciphertext[:self.module.block_size+2]
++ ciphertext = eiv_ciphertext[self.module.block_size+2:]
++ decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv)
++ decrypted_plaintext = decryption_cipher.decrypt(ciphertext)
++ self.assertEqual(self.plaintext, decrypted_plaintext)
++
++ ## All other non-AEAD modes (but CTR)
++ for mode in (self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB):
+ encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
+ ciphertext = encryption_cipher.encrypt(self.plaintext)
+-
+- if mode != self.module.MODE_OPENPGP:
+- decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
+- else:
+- eiv = ciphertext[:self.module.block_size+2]
+- ciphertext = ciphertext[self.module.block_size+2:]
+- decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv)
++ decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
+ decrypted_plaintext = decryption_cipher.decrypt(ciphertext)
+ self.assertEqual(self.plaintext, decrypted_plaintext)
+
++
+ class PGPTest(unittest.TestCase):
+ def __init__(self, module, params):
+ unittest.TestCase.__init__(self)
Index: pkgsrc/security/py-crypto/patches/patch-src_block_template.c
diff -u /dev/null pkgsrc/security/py-crypto/patches/patch-src_block_template.c:1.1
--- /dev/null Tue Mar 7 23:17:51 2017
+++ pkgsrc/security/py-crypto/patches/patch-src_block_template.c Tue Mar 7 23:17:51 2017
@@ -0,0 +1,25 @@
+$NetBSD: patch-src_block_template.c,v 1.1 2017/03/07 23:17:51 sevan Exp $
+
+CVE-2013-7459 backport
+https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
+
+--- src/block_template.c.orig 2017-03-07 16:58:09.000000000 +0000
++++ src/block_template.c
+@@ -170,6 +170,17 @@ ALGnew(PyObject *self, PyObject *args, P
+ "Key cannot be the null string");
+ return NULL;
+ }
++ if (IVlen != 0 && mode == MODE_ECB)
++ {
++ PyErr_Format(PyExc_ValueError, "ECB mode does not use IV");
++ return NULL;
++ }
++ if (IVlen != 0 && mode == MODE_CTR)
++ {
++ PyErr_Format(PyExc_ValueError,
++ "CTR mode needs counter parameter, not IV");
++ return NULL;
++ }
+ if (IVlen != BLOCK_SIZE && mode != MODE_ECB && mode != MODE_CTR)
+ {
+ PyErr_Format(PyExc_ValueError,
Home |
Main Index |
Thread Index |
Old Index