gentoo resync : 25.08.2020

author: V3n3RiX <venerix@redcorelinux.org> 2020-08-25 10:45:55 +0100
committer: V3n3RiX <venerix@redcorelinux.org> 2020-08-25 10:45:55 +0100
commit: 3cf7c3ef441822c889356fd1812ebf2944a59851 (patch)
tree: c513fe68548b40365c1c2ebfe35c58ad431cdd77 /dev-python/rsa
parent: 05b8b0e0af1d72e51a3ee61522941bf7605cd01c (diff)
6 files changed, 98 insertions, 103 deletions
diff --git a/dev-python/rsa/Manifest b/dev-python/rsa/Manifest
index f35bffe46d21..4eca5b70a9b9 100644
--- a/dev-python/rsa/Manifest
+++ b/dev-python/rsa/Manifest
@@ -1,9 +1,4 @@
-DIST python-rsa-version-4.1.gh.tar.gz 68748 BLAKE2B f7f80fab701e52db0949dae709a8ac01db773ecf721427536a4cc5a7dedae6285eab12b3377daa15e0ecf23682ba800fc8601149a98277331b1cc19573a94596 SHA512 93d80050d7c249285e8e05e2d9d84940b15f08380c3108da3463c1625fde18884189757e480ff62cc2b65d1521c57f8aee15aec501f3f1b9961ce053b304c25c
+AUX rsa-3.4.2-cve-2020-13757.patch 5806 BLAKE2B 45f87653e3c0cbe29054d0a2d4e4838dcd1e91aeb921b3abc540d1f9dec157a75559ffdd933ef406f053343721b0963e3e647ee1e71cccf28946b2a1a4a0f97d SHA512 075ce7a8c6a4eb3716e51c9fc1ca446f5a922d701158dab5beb745887083c04b9e434f2cd4c8468fb71c814a51e5b7d96161d44dddafc539fcb5dfec4bf2602b
 DIST python-rsa-version-4.2.gh.tar.gz 63280 BLAKE2B 1260fe2a0f34c16b3cd2e18bc642da2e9c6caad851920a4c010aaad31959d0baab397356cd2437eb4a9091b3f524760f45b8d46ff9a207be009b2613615681c1 SHA512 a4df2de41d252a42627e96298b044a50953c429b5062f02cc7b64a7e17f75b09bb8b0f9b371353e639d1daec7775c20f20348f45baf00f591514c54e1315f044
-DIST rsa-3.4.2.tar.gz 40956 BLAKE2B 9a6353c84329303c655e7a25fcfa2ca42ea846c913fac0c26fee4a27bb85f9380de876b2ec07ae2212eb37efe5d2e401b2672f187f74bbeee1e9ef1099629e36 SHA512 62b0ff31fb3b9c18ae65bd102329e69726b853560576b1b66b9b89b26d3ff79154239af7e7a581b6a27c7017cc013f738762cd9662777ef594cc11c5b1f8e267
-DIST rsa-4.0.tar.gz 37385 BLAKE2B 2621ee732f15ea12283b723efb5e88847d3e030e8115bb4a3e986099fc94adc3409202d54b4350b0888deefd8dc801d8d3e57fef9e85f386ead53e4412da6d05 SHA512 e11106741cc4275246c986d39b3f028b5a4df6fbffdd08a78072ac3d3a9a7ade7a39789c504a2705f54d858a9bdbf03981251f32f9c45baba71e4a986e14b24e
-EBUILD rsa-3.4.2-r1.ebuild 726 BLAKE2B 1148a8eac8fff822edad880881c00287cb6b524f8de887803c2dd9e74170474d84c26294115d2ae5eb59ba6ba1c4a78eef00ed320ab4a0afe102344f1db1eeab SHA512 1cdb51bc1b094f54e9af7a2e598ac7d2a2865fd81352d6b614aa1a7864eafd52a2e7b5bdb747d6bb4d6d6e67ac27097eb61548563583db1e6eb6c7b1ac432fae
-EBUILD rsa-4.0.ebuild 572 BLAKE2B ec1267e4c5a6eb7afc9a43c6ebf15c0e48a5ded77a5a72c17255fc307c8e5f06e33c3f3ec215c7b21e5af2bebe3f451f6adc69a3a3dd4973da37873b2de412bc SHA512 04c0dc8141c7c73c59cb3aff94a6a7f64ed536c3aa07a8f25b14469586cc6727204344a296776a43bb8a315382bb3972aad0b1cd3caad6543ec93f5cc3f80fe5
-EBUILD rsa-4.1.ebuild 796 BLAKE2B ad8c9f68f5d44f5b212629b582a8f601268aba602af848e8ce5bff52f44c9bb1a7916843f9c4cec654e18eb343b27f405069c058b46d064449b129c784819357 SHA512 2c926e6b8d5e1d0ba325217d18bb86d8d8f2878750935e7aec3a4e74e6a3bf8f7a3108b0486e54710ceaff2e610e601ad9a1f5b70bde79c3762398fc241d9138
-EBUILD rsa-4.2.ebuild 753 BLAKE2B 7f5ab2828d5af07a4bc278639a1dad1d45ffa5b8cc024285b1450a83c2a31c524e0e2f1700a5d82cd6e038989dd16b414db80cc8c145b42260da09ba5e363d9a SHA512 b79955f7dfb28e429153259cce481defd5e3e2e68b64733a45d99f40adaabd27469b20a94e63f822d372b430d0db8793a987706201725e89d44d27ab12a297f0
+EBUILD rsa-4.2.ebuild 772 BLAKE2B f4f0579fc70d638c8bc5f67ae953cd0d41aef5093e40b52b2785fc027ffca52b07ae99a376fcee4d7f937d2407ffbf872cb1dcfe0a8740987d2311f7c0194c19 SHA512 3f655483b66b8820f86f3dc8e748b38e99c27357e25d3cfbbc241f7d8aeb5c792eb56162e6c3197fe51fedb61afa05429abd5df0fd7963362758eab3ce05ab60
 MISC metadata.xml 316 BLAKE2B fd1e4f7bdee45f5ab99e67cc3918634b9ac5ecfad75167aad5f2ee33cea308f99d8d03aab5b5e0c01e8c1bf41ca8a45f67146c5126f84af4b6d914f58af0ea38 SHA512 4d8c48ae8e4360727f5c4b83e426f42a597a175dfa2a965c9f966e5824a83291c78d3e8e636d21b4f28d73f7e912abc7db1b09078baaa0e3a1b25713abd3d0a1
diff --git a/dev-python/rsa/files/rsa-3.4.2-cve-2020-13757.patch b/dev-python/rsa/files/rsa-3.4.2-cve-2020-13757.patch
new file mode 100644
index 000000000000..ccee6c0281bb
--- /dev/null
+++ b/dev-python/rsa/files/rsa-3.4.2-cve-2020-13757.patch
@@ -0,0 +1,95 @@
+diff -Nur rsa-3.4.2.orig/rsa/pkcs1.py rsa-3.4.2/rsa/pkcs1.py
+--- rsa-3.4.2.orig/rsa/pkcs1.py	2020-07-05 10:28:57.622204136 +0200
++++ rsa-3.4.2/rsa/pkcs1.py	2020-07-05 10:30:28.103672033 +0200
+@@ -232,6 +232,12 @@
+     decrypted = priv_key.blinded_decrypt(encrypted)
+     cleartext = transform.int2bytes(decrypted, blocksize)
+ 
++    # Detect leading zeroes in the crypto. These are not reflected in the
++    # encrypted value (as leading zeroes do not influence the value of an
++    # integer). This fixes CVE-2020-13757.
++    if len(crypto) > blocksize:
++        raise DecryptionError('Decryption failed')
++
+     # If we can't find the cleartext marker, decryption failed.
+     if cleartext[0:2] != b('\x00\x02'):
+         raise DecryptionError('Decryption failed')
+@@ -310,6 +316,9 @@
+     cleartext = HASH_ASN1[method_name] + message_hash
+     expected = _pad_for_signing(cleartext, keylength)
+ 
++    if len(signature) != keylength:
++        raise VerificationError('Verification failed')
++
+     # Compare with the signed one
+     if expected != clearsig:
+         raise VerificationError('Verification failed')
+diff -Nur rsa-3.4.2.orig/tests/test_pkcs1.py rsa-3.4.2/tests/test_pkcs1.py
+--- rsa-3.4.2.orig/tests/test_pkcs1.py	2020-07-05 10:28:57.621204131 +0200
++++ rsa-3.4.2/tests/test_pkcs1.py	2020-07-05 10:32:26.858286153 +0200
+@@ -17,6 +17,7 @@
+ """Tests string operations."""
+ 
+ import struct
++import sys
+ import unittest
+ 
+ import rsa
+@@ -64,6 +65,35 @@
+ 
+         self.assertNotEqual(encrypted1, encrypted2)
+ 
++class ExtraZeroesTest(unittest.TestCase):
++    def setUp(self):
++        # Key, cyphertext, and plaintext taken from https://github.com/sybrenstuvel/python-rsa/issues/146
++        self.private_key = rsa.PrivateKey.load_pkcs1(
++            "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAs1EKK81M5kTFtZSuUFnhKy8FS2WNXaWVmi/fGHG4CLw98+Yo\n0nkuUarVwSS0O9pFPcpc3kvPKOe9Tv+6DLS3Qru21aATy2PRqjqJ4CYn71OYtSwM\n/ZfSCKvrjXybzgu+sBmobdtYm+sppbdL+GEHXGd8gdQw8DDCZSR6+dPJFAzLZTCd\nB+Ctwe/RXPF+ewVdfaOGjkZIzDoYDw7n+OHnsYCYozkbTOcWHpjVevipR+IBpGPi\n1rvKgFnlcG6d/tj0hWRl/6cS7RqhjoiNEtxqoJzpXs/Kg8xbCxXbCchkf11STA8u\ndiCjQWuWI8rcDwl69XMmHJjIQAqhKvOOQ8rYTQIDAQABAoIBABpQLQ7qbHtp4h1Y\nORAfcFRW7Q74UvtH/iEHH1TF8zyM6wZsYtcn4y0mxYE3Mp+J0xlTJbeVJkwZXYVH\nL3UH29CWHSlR+TWiazTwrCTRVJDhEoqbcTiRW8fb+o/jljVxMcVDrpyYUHNo2c6w\njBxhmKPtp66hhaDpds1Cwi0A8APZ8Z2W6kya/L/hRBzMgCz7Bon1nYBMak5PQEwV\nF0dF7Wy4vIjvCzO6DSqA415DvJDzUAUucgFudbANNXo4HJwNRnBpymYIh8mHdmNJ\n/MQ0YLSqUWvOB57dh7oWQwe3UsJ37ZUorTugvxh3NJ7Tt5ZqbCQBEECb9ND63gxo\n/a3YR/0CgYEA7BJc834xCi/0YmO5suBinWOQAF7IiRPU+3G9TdhWEkSYquupg9e6\nK9lC5k0iP+t6I69NYF7+6mvXDTmv6Z01o6oV50oXaHeAk74O3UqNCbLe9tybZ/+F\ndkYlwuGSNttMQBzjCiVy0+y0+Wm3rRnFIsAtd0RlZ24aN3bFTWJINIsCgYEAwnQq\nvNmJe9SwtnH5c/yCqPhKv1cF/4jdQZSGI6/p3KYNxlQzkHZ/6uvrU5V27ov6YbX8\nvKlKfO91oJFQxUD6lpTdgAStI3GMiJBJIZNpyZ9EWNSvwUj28H34cySpbZz3s4Xd\nhiJBShgy+fKURvBQwtWmQHZJ3EGrcOI7PcwiyYcCgYEAlql5jSUCY0ALtidzQogW\nJ+B87N+RGHsBuJ/0cxQYinwg+ySAAVbSyF1WZujfbO/5+YBN362A/1dn3lbswCnH\nK/bHF9+fZNqvwprPnceQj5oK1n4g6JSZNsy6GNAhosT+uwQ0misgR8SQE4W25dDG\nkdEYsz+BgCsyrCcu8J5C+tUCgYAFVPQbC4f2ikVyKzvgz0qx4WUDTBqRACq48p6e\n+eLatv7nskVbr7QgN+nS9+Uz80ihR0Ev1yCAvnwmM/XYAskcOea87OPmdeWZlQM8\nVXNwINrZ6LMNBLgorfuTBK1UoRo1pPUHCYdqxbEYI2unak18mikd2WB7Fp3h0YI4\nVpGZnwKBgBxkAYnZv+jGI4MyEKdsQgxvROXXYOJZkWzsKuKxVkVpYP2V4nR2YMOJ\nViJQ8FUEnPq35cMDlUk4SnoqrrHIJNOvcJSCqM+bWHAioAsfByLbUPM8sm3CDdIk\nXVJl32HuKYPJOMIWfc7hIfxLRHnCN+coz2M6tgqMDs0E/OfjuqVZ\n-----END RSA PRIVATE KEY-----",
++            format='PEM')
++        cyphertext = "4501b4d669e01b9ef2dc800aa1b06d49196f5a09fe8fbcd037323c60eaf027bfb98432be4e4a26c567ffec718bcbea977dd26812fa071c33808b4d5ebb742d9879806094b6fbeea63d25ea3141733b60e31c6912106e1b758a7fe0014f075193faa8b4622bfd5d3013f0a32190a95de61a3604711bc62945f95a6522bd4dfed0a994ef185b28c281f7b5e4c8ed41176d12d9fc1b837e6a0111d0132d08a6d6f0580de0c9eed8ed105531799482d1e466c68c23b0c222af7fc12ac279bc4ff57e7b4586d209371b38c4c1035edd418dc5f960441cb21ea2bedbfea86de0d7861e81021b650a1de51002c315f1e7c12debe4dcebf790caaa54a2f26b149cf9e77d"
++        plaintext = "54657374"
++
++        if sys.version_info < (3, 0):
++            self.cyphertext = cyphertext.decode("hex")
++            self.plaintext = plaintext.decode('hex')
++        else:
++            self.cyphertext = bytes.fromhex(cyphertext)
++            self.plaintext = bytes.fromhex(plaintext)
++
++    def test_unmodified(self):
++        message = rsa.decrypt(self.cyphertext, self.private_key)
++        self.assertEqual(message, self.plaintext)
++
++    def test_prepend_zeroes(self):
++        cyphertext = b'\00\00' + self.cyphertext
++        with self.assertRaises(rsa.DecryptionError):
++            rsa.decrypt(cyphertext, self.private_key)
++
++    def test_append_zeroes(self):
++        cyphertext = self.cyphertext + b'\00\00'
++        with self.assertRaises(rsa.DecryptionError):
++            rsa.decrypt(cyphertext, self.private_key)
+ 
+ class SignatureTest(unittest.TestCase):
+     def setUp(self):
+@@ -105,3 +135,21 @@
+         signature2 = pkcs1.sign(message, self.priv, 'SHA-1')
+ 
+         self.assertEqual(signature1, signature2)
++
++    def test_prepend_zeroes(self):
++        """Prepending the signature with zeroes should be detected."""
++
++        message = b'je moeder'
++        signature = pkcs1.sign(message, self.priv, 'SHA-256')
++        signature = b'\00\00' + signature
++        with self.assertRaises(rsa.VerificationError):
++            pkcs1.verify(message, signature, self.pub)
++
++    def test_apppend_zeroes(self):
++        """Apppending the signature with zeroes should be detected."""
++
++        message = b'je moeder'
++        signature = pkcs1.sign(message, self.priv, 'SHA-256')
++        signature = signature + b'\00\00'
++        with self.assertRaises(rsa.VerificationError):
++            pkcs1.verify(message, signature, self.pub)
diff --git a/dev-python/rsa/rsa-3.4.2-r1.ebuild b/dev-python/rsa/rsa-3.4.2-r1.ebuild
deleted file mode 100644
index bc2b7755ef5e..000000000000
--- a/dev-python/rsa/rsa-3.4.2-r1.ebuild
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{6,7,8} )
-DISTUTILS_USE_SETUPTOOLS=rdepend
-
-inherit distutils-r1
-
-DESCRIPTION="Pure-Python RSA implementation"
-HOMEPAGE="https://stuvel.eu/rsa https://pypi.org/project/rsa/"
-SRC_URI="mirror://pypi/${P:0:1}/${PN}/${P}.tar.gz"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~x86"
-IUSE="test"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
-	>=dev-python/pyasn1-0.1.3[${PYTHON_USEDEP}]
-	dev-python/traceback2[${PYTHON_USEDEP}]
-	"
-DEPEND="${RDEPEND}
-	test? (
-		dev-python/nose[${PYTHON_USEDEP}]
-		dev-python/unittest2[${PYTHON_USEDEP}]
-		)
-	"
-
-python_test() {
-	nosetests --verbose || die
-}
diff --git a/dev-python/rsa/rsa-4.0.ebuild b/dev-python/rsa/rsa-4.0.ebuild
deleted file mode 100644
index 10c836a9a58d..000000000000
--- a/dev-python/rsa/rsa-4.0.ebuild
+++ /dev/null
@@ -1,25 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{6..9} )
-DISTUTILS_USE_SETUPTOOLS=rdepend
-
-inherit distutils-r1
-
-DESCRIPTION="Pure-Python RSA implementation"
-HOMEPAGE="https://stuvel.eu/rsa https://pypi.org/project/rsa/"
-SRC_URI="mirror://pypi/${P:0:1}/${PN}/${P}.tar.gz"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="amd64 arm ~arm64 x86"
-
-RDEPEND="
-	>=dev-python/pyasn1-0.1.3[${PYTHON_USEDEP}]
-	"
-BDEPEND="
-	test? ( dev-python/mock[${PYTHON_USEDEP}] )"
-
-distutils_enable_tests unittest
diff --git a/dev-python/rsa/rsa-4.1.ebuild b/dev-python/rsa/rsa-4.1.ebuild
deleted file mode 100644
index 0008a7fe97f4..000000000000
--- a/dev-python/rsa/rsa-4.1.ebuild
+++ /dev/null
@@ -1,36 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{6..9} )
-# TODO: +rdepend, when supported
-DISTUTILS_USE_SETUPTOOLS=pyproject.toml
-
-inherit distutils-r1
-
-MY_P=python-rsa-version-${PV}
-DESCRIPTION="Pure-Python RSA implementation"
-HOMEPAGE="https://stuvel.eu/rsa https://pypi.org/project/rsa/"
-SRC_URI="
-	https://github.com/sybrenstuvel/python-rsa/archive/version-${PV}.tar.gz
-		-> ${MY_P}.gh.tar.gz"
-S=${WORKDIR}/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="~amd64 ~arm arm64 ~x86"
-
-RDEPEND="
-	>=dev-python/pyasn1-0.1.3[${PYTHON_USEDEP}]
-"
-BDEPEND="
-	test? ( dev-python/mock[${PYTHON_USEDEP}] )
-"
-
-distutils_enable_tests unittest
-
-src_prepare() {
-	rm tests/test_mypy.py || die
-	distutils-r1_src_prepare
-}
diff --git a/dev-python/rsa/rsa-4.2.ebuild b/dev-python/rsa/rsa-4.2.ebuild
index cbdb124567de..f5a735633254 100644
--- a/dev-python/rsa/rsa-4.2.ebuild
+++ b/dev-python/rsa/rsa-4.2.ebuild
@@ -18,7 +18,7 @@ S=${WORKDIR}/${MY_P}
 
 LICENSE="Apache-2.0"
 SLOT="0"
-KEYWORDS="amd64 arm arm64 x86"
+KEYWORDS="amd64 arm arm64 ~ppc ~ppc64 ~sparc x86"
 
 RDEPEND="
 	>=dev-python/pyasn1-0.1.3[${PYTHON_USEDEP}]
author	V3n3RiX <venerix@redcorelinux.org>	2020-08-25 10:45:55 +0100
committer	V3n3RiX <venerix@redcorelinux.org>	2020-08-25 10:45:55 +0100
commit	3cf7c3ef441822c889356fd1812ebf2944a59851 (patch)
tree	c513fe68548b40365c1c2ebfe35c58ad431cdd77 /dev-python/rsa
parent	05b8b0e0af1d72e51a3ee61522941bf7605cd01c (diff)