[gentoo-commits] repo/gentoo:master commit in: dev-python/pysaml2/, dev-python/pysaml2/files/

[Matt Thode]

commit:     9aa9a0f4330a09c7fba77e116058d5488f083de8
Author:     Matthew Thode <prometheanfire <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 12 00:06:23 2018 +0000
Commit:     Matt Thode <prometheanfire <AT> gentoo <DOT> org>
CommitDate: Fri Jan 12 00:07:06 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9aa9a0f4

dev-python/pysaml2: really fix bug 644016

Package-Manager: Portage-2.3.14, Repoman-2.3.6

 .../files/pysaml-4.0.2_CVE-2017-1000433.patch      | 29 ++++++++++++++++++----
 ...ml2-4.0.2-r2.ebuild => pysaml2-4.0.2-r3.ebuild} |  0
 2 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch 
b/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch
index e745263d236..7abc765c298 100644
--- a/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch
+++ b/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch
@@ -1,7 +1,18 @@
-diff -Naur pysaml2/src/saml2/authn.py pysaml2.new/src/saml2/authn.py
---- 1/src/saml2/authn.py 2018-01-11 17:23:27.198775074 -0600
-+++ 2/src/saml2/authn.py 2018-01-11 17:22:57.909567278 -0600
-@@ -147,7 +147,8 @@
+From 6312a41e037954850867f29d329e5007df1424a5 Mon Sep 17 00:00:00 2001
+From: Ioannis Kakavas <ikaka...@noc.grnet.gr>
+Date: Tue, 12 Sep 2017 12:22:47 +0300
+Subject: [PATCH] Quick fix for the authentication bypass due to optimizations
+ #451
+
+---
+ src/saml2/authn.py | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/saml2/authn.py b/src/saml2/authn.py
+index 1f2d02cf..1e1a220b 100644
+--- a/src/saml2/authn.py
++++ b/src/saml2/authn.py
+@@ -146,7 +146,8 @@ def __call__(self, cookie=None, policy_url=None, 
logo_url=None,
          return resp
  
      def _verify(self, pwd, user):
@@ -11,4 +22,12 @@ diff -Naur pysaml2/src/saml2/authn.py 
pysaml2.new/src/saml2/authn.py
  
      def verify(self, request, **kwargs):
          """
-
+@@ -176,7 +177,7 @@ def verify(self, request, **kwargs):
+             return_to = create_return_url(self.return_to, _dict["query"][0],
+                                           **{self.query_param: "true"})
+             resp = Redirect(return_to, headers=[cookie])
+-        except (AssertionError, KeyError):
++        except (ValueError, KeyError):
+             resp = Unauthorized("Unknown user or wrong password")
+ 
+         return resp

diff --git a/dev-python/pysaml2/pysaml2-4.0.2-r2.ebuild 
b/dev-python/pysaml2/pysaml2-4.0.2-r3.ebuild
similarity index 100%
rename from dev-python/pysaml2/pysaml2-4.0.2-r2.ebuild
rename to dev-python/pysaml2/pysaml2-4.0.2-r3.ebuild