Hi, Best news about it is that it gets rid of devel/py-unittest2.
I did make test on {amd64,i386} with {python2.7,python3.4}: all's good. Cheers, Daniel Index: Makefile =================================================================== RCS file: /cvs/ports/security/py-rsa/Makefile,v retrieving revision 1.3 diff -u -p -r1.3 Makefile --- Makefile 8 Jan 2016 09:23:00 -0000 1.3 +++ Makefile 27 Mar 2016 18:35:22 -0000 @@ -2,10 +2,9 @@ COMMENT= Python RSA implementation -MODPY_EGG_VERSION= 3.2.3 +MODPY_EGG_VERSION= 3.4.1 DISTNAME= rsa-${MODPY_EGG_VERSION} PKGNAME= py-${DISTNAME} -REVISION= 0 CATEGORIES= security @@ -23,13 +22,7 @@ RUN_DEPENDS= devel/py-asn1${MODPY_FLAVO FLAVORS= python3 FLAVOR ?= -.if ${FLAVOR:Mpython3} -# needs devel/py-unittest2,python3 -#NO_TEST= Yes -.else -TEST_DEPENDS= ${RUN_DEPENDS} \ - devel/py-unittest2 -.endif +TEST_DEPENDS= ${RUN_DEPENDS} .if ${FLAVOR:Mpython3} post-install: @@ -39,6 +32,6 @@ post-install: .endif do-test: - cd ${WRKSRC} && ${MODPY_BIN} ./run_tests.py + cd ${WRKSRC} && ${MODPY_BIN} -m pytest .include <bsd.port.mk> Index: distinfo =================================================================== RCS file: /cvs/ports/security/py-rsa/distinfo,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 distinfo --- distinfo 6 Jan 2016 15:45:14 -0000 1.1.1.1 +++ distinfo 27 Mar 2016 18:35:22 -0000 @@ -1,2 +1,2 @@ -SHA256 (rsa-3.2.3.tar.gz) = FNsojMQNYzne32DXpHBTqwBLSol2pcWUAqIR2Pxb8h8= -SIZE (rsa-3.2.3.tar.gz) = 35628 +SHA256 (rsa-3.4.1.tar.gz) = b7dNfX1uy63TfbrTKbMdhI+6X+i0CtbRLPfi5aoV5GQ= +SIZE (rsa-3.4.1.tar.gz) = 40938 Index: patches/patch-rsa_pkcs1_py =================================================================== RCS file: patches/patch-rsa_pkcs1_py diff -N patches/patch-rsa_pkcs1_py --- patches/patch-rsa_pkcs1_py 8 Jan 2016 09:23:00 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,100 +0,0 @@ -$OpenBSD: patch-rsa_pkcs1_py,v 1.1 2016/01/08 09:23:00 ajacoutot Exp $ - -https://bitbucket.org/sybren/python-rsa/commits/0cbcc529926afd61c6df4f50cfc29971beafd2c2/raw/ - ---- rsa/pkcs1.py.orig Thu Nov 5 21:23:16 2015 -+++ rsa/pkcs1.py Fri Jan 8 10:20:09 2016 -@@ -22,10 +22,10 @@ very clear example, read http://www.di-mgt.com.au/rsa_ - At least 8 bytes of random padding is used when encrypting a message. This makes - these methods much more secure than the ones in the ``rsa`` module. - --WARNING: this module leaks information when decryption or verification fails. --The exceptions that are raised contain the Python traceback information, which --can be used to deduce where in the process the failure occurred. DO NOT PASS --SUCH INFORMATION to your users. -+WARNING: this module leaks information when decryption fails. The exceptions -+that are raised contain the Python traceback information, which can be used to -+deduce where in the process the failure occurred. DO NOT PASS SUCH INFORMATION -+to your users. - ''' - - import hashlib -@@ -288,37 +288,23 @@ def verify(message, signature, pub_key): - :param pub_key: the :py:class:`rsa.PublicKey` of the person signing the message. - :raise VerificationError: when the signature doesn't match the message. - -- .. warning:: -- -- Never display the stack trace of a -- :py:class:`rsa.pkcs1.VerificationError` exception. It shows where in -- the code the exception occurred, and thus leaks information about the -- key. It's only a tiny bit of information, but every bit makes cracking -- the keys easier. -- - ''' - -- blocksize = common.byte_size(pub_key.n) -+ keylength = common.byte_size(pub_key.n) - encrypted = transform.bytes2int(signature) - decrypted = core.decrypt_int(encrypted, pub_key.e, pub_key.n) -- clearsig = transform.int2bytes(decrypted, blocksize) -- -- # If we can't find the signature marker, verification failed. -- if clearsig[0:2] != b('\x00\x01'): -- raise VerificationError('Verification failed') -+ clearsig = transform.int2bytes(decrypted, keylength) - -- # Find the 00 separator between the padding and the payload -- try: -- sep_idx = clearsig.index(b('\x00'), 2) -- except ValueError: -- raise VerificationError('Verification failed') -- -- # Get the hash and the hash method -- (method_name, signature_hash) = _find_method_hash(clearsig[sep_idx+1:]) -+ # Get the hash method -+ method_name = _find_method_hash(clearsig) - message_hash = _hash(message, method_name) - -- # Compare the real hash to the hash in the signature -- if message_hash != signature_hash: -+ # Reconstruct the expected padded hash -+ cleartext = HASH_ASN1[method_name] + message_hash -+ expected = _pad_for_signing(cleartext, keylength) -+ -+ # Compare with the signed one -+ if expected != clearsig: - raise VerificationError('Verification failed') - - return True -@@ -351,24 +337,20 @@ def _hash(message, method_name): - return hasher.digest() - - --def _find_method_hash(method_hash): -- '''Finds the hash method and the hash itself. -+def _find_method_hash(clearsig): -+ '''Finds the hash method. - -- :param method_hash: ASN1 code for the hash method concatenated with the -- hash itself. -+ :param clearsig: full padded ASN1 and hash. - -- :return: tuple (method, hash) where ``method`` is the used hash method, and -- ``hash`` is the hash itself. -+ :return: the used hash method. - - :raise VerificationFailed: when the hash method cannot be found - - ''' - - for (hashname, asn1code) in HASH_ASN1.items(): -- if not method_hash.startswith(asn1code): -- continue -- -- return (hashname, method_hash[len(asn1code):]) -+ if asn1code in clearsig: -+ return hashname - - raise VerificationError('Verification failed') -