diff options
| author |   Matthew Thode <prometheanfire@gentoo.org> | 2018-01-11 17:29:34 -0600 |
|---|---|---|
| committer | Matthew Thode <prometheanfire@gentoo.org> | 2018-01-11 17:29:50 -0600 |
| commit | 8c31196d00e344da82cf4facf4f6f5d2826c692a (patch) | |
| tree | f4d3ede980a08e51116a3741dd268bbb2c66212c /dev-python/pysaml2 | |
| parent | app-admin/metalog: mark 3-r2 arm64/m68k/s390/sh stable (diff) | |
| download | gentoo-8c31196d00e344da82cf4facf4f6f5d2826c692a.tar.gz gentoo-8c31196d00e344da82cf4facf4f6f5d2826c692a.tar.bz2 gentoo-8c31196d00e344da82cf4facf4f6f5d2826c692a.zip | |
dev-python/pysaml2: fix bug 644016 CVE-2017-1000433
Package-Manager: Portage-2.3.14, Repoman-2.3.6
Diffstat (limited to 'dev-python/pysaml2')
| -rw-r--r-- | dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch | 14 | ||||
| -rw-r--r-- | dev-python/pysaml2/pysaml2-4.0.2-r2.ebuild | 39 |
2 files changed, 53 insertions, 0 deletions
diff --git a/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch b/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch new file mode 100644 index 000000000000..e745263d236d --- /dev/null +++ b/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch @@ -0,0 +1,14 @@ +diff -Naur pysaml2/src/saml2/authn.py pysaml2.new/src/saml2/authn.py +--- 1/src/saml2/authn.py 2018-01-11 17:23:27.198775074 -0600 ++++ 2/src/saml2/authn.py 2018-01-11 17:22:57.909567278 -0600 +@@ -147,7 +147,8 @@ + return resp + + def _verify(self, pwd, user): +- assert is_equal(pwd, self.passwd[user]) ++ if not is_equal(pwd, self.passwd[user]): ++ raise ValueError("Wrong password") + + def verify(self, request, **kwargs): + """ + diff --git a/dev-python/pysaml2/pysaml2-4.0.2-r2.ebuild b/dev-python/pysaml2/pysaml2-4.0.2-r2.ebuild new file mode 100644 index 000000000000..34cc46c5c0d8 --- /dev/null +++ b/dev-python/pysaml2/pysaml2-4.0.2-r2.ebuild @@ -0,0 +1,39 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +PYTHON_COMPAT=( python2_7 python3_4 python3_5 ) + +inherit distutils-r1 + +DESCRIPTION="Python implementation of SAML Version 2 to be used in a WSGI environment" +HOMEPAGE="https://github.com/rohe/pysaml2" +SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~arm64 ~x86" +IUSE="" + +PATCHES=( + "${FILESDIR}/xxe-4.0.2.patch" + "${FILESDIR}/pysaml-4.0.2_CVE-2017-1000433.patch" +) + +DEPEND=" + dev-python/setuptools[${PYTHON_USEDEP}] +" +RDEPEND=" + dev-python/decorator[${PYTHON_USEDEP}] + >=dev-python/requests-1.0.0[${PYTHON_USEDEP}] + dev-python/future[${PYTHON_USEDEP}] + dev-python/paste[${PYTHON_USEDEP}] + dev-python/zope-interface[${PYTHON_USEDEP}] + dev-python/repoze-who[${PYTHON_USEDEP}] + >=dev-python/pycrypto-2.5[${PYTHON_USEDEP}] + dev-python/pytz[${PYTHON_USEDEP}] + dev-python/pyopenssl[${PYTHON_USEDEP}] + dev-python/python-dateutil[${PYTHON_USEDEP}] + dev-python/six[${PYTHON_USEDEP}] + dev-python/defusedxml[${PYTHON_USEDEP}] +" |