Hi,
Best news about it is that it gets rid of devel/py-unittest2.
I did make test on {amd64,i386} with {python2.7,python3.4}: all's good.
Cheers,
Daniel
Index: Makefile
===================================================================
RCS file: /cvs/ports/security/py-rsa/Makefile,v
retrieving revision 1.3
diff -u -p -r1.3 Makefile
--- Makefile 8 Jan 2016 09:23:00 -0000 1.3
+++ Makefile 27 Mar 2016 18:35:22 -0000
@@ -2,10 +2,9 @@
COMMENT= Python RSA implementation
-MODPY_EGG_VERSION= 3.2.3
+MODPY_EGG_VERSION= 3.4.1
DISTNAME= rsa-${MODPY_EGG_VERSION}
PKGNAME= py-${DISTNAME}
-REVISION= 0
CATEGORIES= security
@@ -23,13 +22,7 @@ RUN_DEPENDS= devel/py-asn1${MODPY_FLAVO
FLAVORS= python3
FLAVOR ?=
-.if ${FLAVOR:Mpython3}
-# needs devel/py-unittest2,python3
-#NO_TEST= Yes
-.else
-TEST_DEPENDS= ${RUN_DEPENDS} \
- devel/py-unittest2
-.endif
+TEST_DEPENDS= ${RUN_DEPENDS}
.if ${FLAVOR:Mpython3}
post-install:
@@ -39,6 +32,6 @@ post-install:
.endif
do-test:
- cd ${WRKSRC} && ${MODPY_BIN} ./run_tests.py
+ cd ${WRKSRC} && ${MODPY_BIN} -m pytest
.include <bsd.port.mk>
Index: distinfo
===================================================================
RCS file: /cvs/ports/security/py-rsa/distinfo,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 distinfo
--- distinfo 6 Jan 2016 15:45:14 -0000 1.1.1.1
+++ distinfo 27 Mar 2016 18:35:22 -0000
@@ -1,2 +1,2 @@
-SHA256 (rsa-3.2.3.tar.gz) = FNsojMQNYzne32DXpHBTqwBLSol2pcWUAqIR2Pxb8h8=
-SIZE (rsa-3.2.3.tar.gz) = 35628
+SHA256 (rsa-3.4.1.tar.gz) = b7dNfX1uy63TfbrTKbMdhI+6X+i0CtbRLPfi5aoV5GQ=
+SIZE (rsa-3.4.1.tar.gz) = 40938
Index: patches/patch-rsa_pkcs1_py
===================================================================
RCS file: patches/patch-rsa_pkcs1_py
diff -N patches/patch-rsa_pkcs1_py
--- patches/patch-rsa_pkcs1_py 8 Jan 2016 09:23:00 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,100 +0,0 @@
-$OpenBSD: patch-rsa_pkcs1_py,v 1.1 2016/01/08 09:23:00 ajacoutot Exp $
-
-https://bitbucket.org/sybren/python-rsa/commits/0cbcc529926afd61c6df4f50cfc29971beafd2c2/raw/
-
---- rsa/pkcs1.py.orig Thu Nov 5 21:23:16 2015
-+++ rsa/pkcs1.py Fri Jan 8 10:20:09 2016
-@@ -22,10 +22,10 @@ very clear example, read http://www.di-mgt.com.au/rsa_
- At least 8 bytes of random padding is used when encrypting a message. This
makes
- these methods much more secure than the ones in the ``rsa`` module.
-
--WARNING: this module leaks information when decryption or verification fails.
--The exceptions that are raised contain the Python traceback information, which
--can be used to deduce where in the process the failure occurred. DO NOT PASS
--SUCH INFORMATION to your users.
-+WARNING: this module leaks information when decryption fails. The exceptions
-+that are raised contain the Python traceback information, which can be used to
-+deduce where in the process the failure occurred. DO NOT PASS SUCH INFORMATION
-+to your users.
- '''
-
- import hashlib
-@@ -288,37 +288,23 @@ def verify(message, signature, pub_key):
- :param pub_key: the :py:class:`rsa.PublicKey` of the person signing the
message.
- :raise VerificationError: when the signature doesn't match the message.
-
-- .. warning::
--
-- Never display the stack trace of a
-- :py:class:`rsa.pkcs1.VerificationError` exception. It shows where in
-- the code the exception occurred, and thus leaks information about the
-- key. It's only a tiny bit of information, but every bit makes cracking
-- the keys easier.
--
- '''
-
-- blocksize = common.byte_size(pub_key.n)
-+ keylength = common.byte_size(pub_key.n)
- encrypted = transform.bytes2int(signature)
- decrypted = core.decrypt_int(encrypted, pub_key.e, pub_key.n)
-- clearsig = transform.int2bytes(decrypted, blocksize)
--
-- # If we can't find the signature marker, verification failed.
-- if clearsig[0:2] != b('\x00\x01'):
-- raise VerificationError('Verification failed')
-+ clearsig = transform.int2bytes(decrypted, keylength)
-
-- # Find the 00 separator between the padding and the payload
-- try:
-- sep_idx = clearsig.index(b('\x00'), 2)
-- except ValueError:
-- raise VerificationError('Verification failed')
--
-- # Get the hash and the hash method
-- (method_name, signature_hash) = _find_method_hash(clearsig[sep_idx+1:])
-+ # Get the hash method
-+ method_name = _find_method_hash(clearsig)
- message_hash = _hash(message, method_name)
-
-- # Compare the real hash to the hash in the signature
-- if message_hash != signature_hash:
-+ # Reconstruct the expected padded hash
-+ cleartext = HASH_ASN1[method_name] + message_hash
-+ expected = _pad_for_signing(cleartext, keylength)
-+
-+ # Compare with the signed one
-+ if expected != clearsig:
- raise VerificationError('Verification failed')
-
- return True
-@@ -351,24 +337,20 @@ def _hash(message, method_name):
- return hasher.digest()
-
-
--def _find_method_hash(method_hash):
-- '''Finds the hash method and the hash itself.
-+def _find_method_hash(clearsig):
-+ '''Finds the hash method.
-
-- :param method_hash: ASN1 code for the hash method concatenated with the
-- hash itself.
-+ :param clearsig: full padded ASN1 and hash.
-
-- :return: tuple (method, hash) where ``method`` is the used hash method,
and
-- ``hash`` is the hash itself.
-+ :return: the used hash method.
-
- :raise VerificationFailed: when the hash method cannot be found
-
- '''
-
- for (hashname, asn1code) in HASH_ASN1.items():
-- if not method_hash.startswith(asn1code):
-- continue
--
-- return (hashname, method_hash[len(asn1code):])
-+ if asn1code in clearsig:
-+ return hashname
-
- raise VerificationError('Verification failed')
-
