subject:"update security\/py\-rsa to 3.4.1"

Re: update security/py-rsa to 3.4.1

2016-03-28 Thread Antoine Jacoutot

On Sun, Mar 27, 2016 at 08:48:25PM +0200, Daniel Jakots wrote:
> Hi,
> 
> Best news about it is that it gets rid of devel/py-unittest2.
> 
> I did make test on {amd64,i386} with {python2.7,python3.4}: all's good.

Did you try building sysutils/awscli with it?
I doubt it does.


> Index: Makefile
> ===
> RCS file: /cvs/ports/security/py-rsa/Makefile,v
> retrieving revision 1.3
> diff -u -p -r1.3 Makefile
> --- Makefile  8 Jan 2016 09:23:00 -   1.3
> +++ Makefile  27 Mar 2016 18:35:22 -
> @@ -2,10 +2,9 @@
>  
>  COMMENT= Python RSA implementation
>  
> -MODPY_EGG_VERSION=   3.2.3
> +MODPY_EGG_VERSION=   3.4.1
>  DISTNAME=rsa-${MODPY_EGG_VERSION}
>  PKGNAME= py-${DISTNAME}
> -REVISION=0
>  
>  CATEGORIES=  security
>  
> @@ -23,13 +22,7 @@ RUN_DEPENDS=   devel/py-asn1${MODPY_FLAVO
>  FLAVORS= python3
>  FLAVOR ?=
>  
> -.if ${FLAVOR:Mpython3}
> -# needs devel/py-unittest2,python3
> -#NO_TEST=Yes
> -.else
> -TEST_DEPENDS=${RUN_DEPENDS} \
> - devel/py-unittest2
> -.endif
> +TEST_DEPENDS=${RUN_DEPENDS}
>  
>  .if ${FLAVOR:Mpython3}
>  post-install:
> @@ -39,6 +32,6 @@ post-install:
>  .endif
>  
>  do-test:
> - cd ${WRKSRC} && ${MODPY_BIN} ./run_tests.py
> + cd ${WRKSRC} && ${MODPY_BIN} -m pytest
>  
>  .include 
> Index: distinfo
> ===
> RCS file: /cvs/ports/security/py-rsa/distinfo,v
> retrieving revision 1.1.1.1
> diff -u -p -r1.1.1.1 distinfo
> --- distinfo  6 Jan 2016 15:45:14 -   1.1.1.1
> +++ distinfo  27 Mar 2016 18:35:22 -
> @@ -1,2 +1,2 @@
> -SHA256 (rsa-3.2.3.tar.gz) = FNsojMQNYzne32DXpHBTqwBLSol2pcWUAqIR2Pxb8h8=
> -SIZE (rsa-3.2.3.tar.gz) = 35628
> +SHA256 (rsa-3.4.1.tar.gz) = b7dNfX1uy63TfbrTKbMdhI+6X+i0CtbRLPfi5aoV5GQ=
> +SIZE (rsa-3.4.1.tar.gz) = 40938
> Index: patches/patch-rsa_pkcs1_py
> ===
> RCS file: patches/patch-rsa_pkcs1_py
> diff -N patches/patch-rsa_pkcs1_py
> --- patches/patch-rsa_pkcs1_py8 Jan 2016 09:23:00 -   1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -
> @@ -1,100 +0,0 @@
> -$OpenBSD: patch-rsa_pkcs1_py,v 1.1 2016/01/08 09:23:00 ajacoutot Exp $
> -
> -https://bitbucket.org/sybren/python-rsa/commits/0cbcc529926afd61c6df4f50cfc29971beafd2c2/raw/
> -
>  rsa/pkcs1.py.origThu Nov  5 21:23:16 2015
> -+++ rsa/pkcs1.py Fri Jan  8 10:20:09 2016
> -@@ -22,10 +22,10 @@ very clear example, read http://www.di-mgt.com.au/rsa_
> - At least 8 bytes of random padding is used when encrypting a message. This 
> makes
> - these methods much more secure than the ones in the ``rsa`` module.
> - 
> --WARNING: this module leaks information when decryption or verification 
> fails.
> --The exceptions that are raised contain the Python traceback information, 
> which
> --can be used to deduce where in the process the failure occurred. DO NOT PASS
> --SUCH INFORMATION to your users.
> -+WARNING: this module leaks information when decryption fails. The exceptions
> -+that are raised contain the Python traceback information, which can be used 
> to
> -+deduce where in the process the failure occurred. DO NOT PASS SUCH 
> INFORMATION
> -+to your users.
> - '''
> - 
> - import hashlib
> -@@ -288,37 +288,23 @@ def verify(message, signature, pub_key):
> - :param pub_key: the :py:class:`rsa.PublicKey` of the person signing the 
> message.
> - :raise VerificationError: when the signature doesn't match the message.
> - 
> --.. warning::
> --
> --Never display the stack trace of a
> --:py:class:`rsa.pkcs1.VerificationError` exception. It shows where in
> --the code the exception occurred, and thus leaks information about 
> the
> --key. It's only a tiny bit of information, but every bit makes 
> cracking
> --the keys easier.
> --
> - '''
> - 
> --blocksize = common.byte_size(pub_key.n)
> -+keylength = common.byte_size(pub_key.n)
> - encrypted = transform.bytes2int(signature)
> - decrypted = core.decrypt_int(encrypted, pub_key.e, pub_key.n)
> --clearsig = transform.int2bytes(decrypted, blocksize)
> --
> --# If we can't find the signature  marker, verification failed.
> --if clearsig[0:2] != b('\x00\x01'):
> --raise VerificationError('Verification failed')
> -+clearsig = transform.int2bytes(decrypted, keylength)
> - 
> --# Find the 00 separator between the padding and the payload
> --try:
> --sep_idx = clearsig.index(b('\x00'), 2)
> --except ValueError:
> --raise VerificationError('Verification failed')
> --
> --# Get the hash and the hash method
> --(method_name, signature_hash) = _find_method_hash(clearsig[sep_idx+1:])
> -+# Get the hash method
> -+method_name =

Re: update security/py-rsa to 3.4.1

2016-03-28 Thread Jeremie Courreges-Anglas

Daniel Jakots  writes:

> Hi,
>
> Best news about it is that it gets rid of devel/py-unittest2.
>
> I did make test on {amd64,i386} with {python2.7,python3.4}: all's good.

As discussed, better get tests for sysutils/awscli.  Note that you're
missing a test-dep on devel/py-test${MODPY_FLAVOR}.  TEST_DEPENDS can be
moved up, below RUN_DEPENDS.

With those items addressed, ok jca@

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

update security/py-rsa to 3.4.1

2016-03-27 Thread Daniel Jakots

Hi,

Best news about it is that it gets rid of devel/py-unittest2.

I did make test on {amd64,i386} with {python2.7,python3.4}: all's good.

Cheers,
Daniel

Index: Makefile
===
RCS file: /cvs/ports/security/py-rsa/Makefile,v
retrieving revision 1.3
diff -u -p -r1.3 Makefile
--- Makefile8 Jan 2016 09:23:00 -   1.3
+++ Makefile27 Mar 2016 18:35:22 -
@@ -2,10 +2,9 @@
 
 COMMENT=   Python RSA implementation
 
-MODPY_EGG_VERSION= 3.2.3
+MODPY_EGG_VERSION= 3.4.1
 DISTNAME=  rsa-${MODPY_EGG_VERSION}
 PKGNAME=   py-${DISTNAME}
-REVISION=  0
 
 CATEGORIES=security
 
@@ -23,13 +22,7 @@ RUN_DEPENDS= devel/py-asn1${MODPY_FLAVO
 FLAVORS=   python3
 FLAVOR ?=
 
-.if ${FLAVOR:Mpython3}
-# needs devel/py-unittest2,python3
-#NO_TEST=  Yes
-.else
-TEST_DEPENDS=  ${RUN_DEPENDS} \
-   devel/py-unittest2
-.endif
+TEST_DEPENDS=  ${RUN_DEPENDS}
 
 .if ${FLAVOR:Mpython3}
 post-install:
@@ -39,6 +32,6 @@ post-install:
 .endif
 
 do-test:
-   cd ${WRKSRC} && ${MODPY_BIN} ./run_tests.py
+   cd ${WRKSRC} && ${MODPY_BIN} -m pytest
 
 .include 
Index: distinfo
===
RCS file: /cvs/ports/security/py-rsa/distinfo,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 distinfo
--- distinfo6 Jan 2016 15:45:14 -   1.1.1.1
+++ distinfo27 Mar 2016 18:35:22 -
@@ -1,2 +1,2 @@
-SHA256 (rsa-3.2.3.tar.gz) = FNsojMQNYzne32DXpHBTqwBLSol2pcWUAqIR2Pxb8h8=
-SIZE (rsa-3.2.3.tar.gz) = 35628
+SHA256 (rsa-3.4.1.tar.gz) = b7dNfX1uy63TfbrTKbMdhI+6X+i0CtbRLPfi5aoV5GQ=
+SIZE (rsa-3.4.1.tar.gz) = 40938
Index: patches/patch-rsa_pkcs1_py
===
RCS file: patches/patch-rsa_pkcs1_py
diff -N patches/patch-rsa_pkcs1_py
--- patches/patch-rsa_pkcs1_py  8 Jan 2016 09:23:00 -   1.1
+++ /dev/null   1 Jan 1970 00:00:00 -
@@ -1,100 +0,0 @@
-$OpenBSD: patch-rsa_pkcs1_py,v 1.1 2016/01/08 09:23:00 ajacoutot Exp $
-
-https://bitbucket.org/sybren/python-rsa/commits/0cbcc529926afd61c6df4f50cfc29971beafd2c2/raw/
-
 rsa/pkcs1.py.orig  Thu Nov  5 21:23:16 2015
-+++ rsa/pkcs1.py   Fri Jan  8 10:20:09 2016
-@@ -22,10 +22,10 @@ very clear example, read http://www.di-mgt.com.au/rsa_
- At least 8 bytes of random padding is used when encrypting a message. This 
makes
- these methods much more secure than the ones in the ``rsa`` module.
- 
--WARNING: this module leaks information when decryption or verification fails.
--The exceptions that are raised contain the Python traceback information, which
--can be used to deduce where in the process the failure occurred. DO NOT PASS
--SUCH INFORMATION to your users.
-+WARNING: this module leaks information when decryption fails. The exceptions
-+that are raised contain the Python traceback information, which can be used to
-+deduce where in the process the failure occurred. DO NOT PASS SUCH INFORMATION
-+to your users.
- '''
- 
- import hashlib
-@@ -288,37 +288,23 @@ def verify(message, signature, pub_key):
- :param pub_key: the :py:class:`rsa.PublicKey` of the person signing the 
message.
- :raise VerificationError: when the signature doesn't match the message.
- 
--.. warning::
--
--Never display the stack trace of a
--:py:class:`rsa.pkcs1.VerificationError` exception. It shows where in
--the code the exception occurred, and thus leaks information about the
--key. It's only a tiny bit of information, but every bit makes cracking
--the keys easier.
--
- '''
- 
--blocksize = common.byte_size(pub_key.n)
-+keylength = common.byte_size(pub_key.n)
- encrypted = transform.bytes2int(signature)
- decrypted = core.decrypt_int(encrypted, pub_key.e, pub_key.n)
--clearsig = transform.int2bytes(decrypted, blocksize)
--
--# If we can't find the signature  marker, verification failed.
--if clearsig[0:2] != b('\x00\x01'):
--raise VerificationError('Verification failed')
-+clearsig = transform.int2bytes(decrypted, keylength)
- 
--# Find the 00 separator between the padding and the payload
--try:
--sep_idx = clearsig.index(b('\x00'), 2)
--except ValueError:
--raise VerificationError('Verification failed')
--
--# Get the hash and the hash method
--(method_name, signature_hash) = _find_method_hash(clearsig[sep_idx+1:])
-+# Get the hash method
-+method_name = _find_method_hash(clearsig)
- message_hash = _hash(message, method_name)
- 
--# Compare the real hash to the hash in the signature
--if message_hash != signature_hash:
-+# Reconstruct the expected padded hash
-+cleartext = HASH_ASN1[method_name] + message_hash
-+expected = _pad_for_signing(cleartext, keylength)
-+
-+# Compare with the signed one
-+if

Re: update security/py-rsa to 3.4.1

Re: update security/py-rsa to 3.4.1

update security/py-rsa to 3.4.1

3 matches

Site Navigation

Mail list logo

Footer information