diff options
Diffstat (limited to 'dev-python/pysaml2')
-rw-r--r-- | dev-python/pysaml2/Manifest | 2 | ||||
-rw-r--r-- | dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch | 33 | ||||
-rw-r--r-- | dev-python/pysaml2/pysaml2-4.0.2-r3.ebuild | 39 |
3 files changed, 74 insertions, 0 deletions
diff --git a/dev-python/pysaml2/Manifest b/dev-python/pysaml2/Manifest index a507a0ba1c05..7390c218f109 100644 --- a/dev-python/pysaml2/Manifest +++ b/dev-python/pysaml2/Manifest @@ -1,6 +1,8 @@ +AUX pysaml-4.0.2_CVE-2017-1000433.patch 1245 BLAKE2B ef0d8c68cadb6c53810e9b3d083a9de895fe70762a4dfe88140558d3b03848615319a08e777f488ce81f227994b7621039e0354967461fd403880e44eda19264 SHA512 be699d09afefeb9034c46a5d8cb0a86ef2d7bb5ae0dfbe708b6746a43236eaa21903fe6e6590247722f8fb68632f850d018143f19a4b8b5b67609219f37e4249 AUX xxe-4.0.2.patch 10657 BLAKE2B 6ecb7b265c55ee9cffda2a9acc0358dc092eec1d8040415665d22104bc8ca1d54473c471c542ae74cda68fe1a62ec3d1ecab0c29f4a017e24d895da1f66bbb4c SHA512 5c18a3c850526e6fd0410d0526bbf385d3383978b944de80da781301114f6a9081d2a3c662f45990fbd7ed88f971382b1ce30d974e4e76e19c11d6aa74d010d1 DIST pysaml2-4.0.2.tar.gz 13657558 BLAKE2B 35cb9dff897caf9f7fc39a70466dabce88098b6bbe0337a2ae47c733e4fd5de3bd80ddf73f27b6ff67e6f571b1f647d9856bbed58c8b19fe6547a35254dc2019 SHA512 debe23c2b193ca9f937bdb4fc9e8f308fa012c18e50e40183f7e531434af52b6e4d36608be3e9b0321190930cdfd9eb24555ed1805083e32db8de0f57e5afb14 DIST pysaml2-4.5.0.tar.gz 20030696 BLAKE2B 547465c2c4191a26de6bf1bab55bd9c36ed7e477c620a4155b7a463c98dbf314a8067d45263055a05ec8ed696177fcbd1443dd856113871f2941b572b9df0628 SHA512 163dfc2acfa0f242bc97d3ec334aec98e993ef9265b2240223205e496f86df5518ca613620b371eabcca0c4070a0bf7bb72a2216f517e19e3b2ff0f20e30a0c7 EBUILD pysaml2-4.0.2-r1.ebuild 1030 BLAKE2B 520548c8898e7c508ece1ae7c343b80eeabee5d2713fc5fbd367fa8fcfaa929463ccc9930e75c6375c86e92042a141b17f8c99866249341e0ef14fc9785889fd SHA512 7f0405c7dcad153ad041e1ced22c8d490e566fd090fd6baf61e9de3977de6d2d90c7b3e34899ce072b4bc0be58055e656546f62eef6ed57561a6ad85b2be3a4a +EBUILD pysaml2-4.0.2-r3.ebuild 1083 BLAKE2B 4722c18270f2139a4238d3dd1d4430ecf9ced1edfaec70ab08c203520c4b3e0b3941fc8c531759a7708207aaa41d52226a264fe6e5c75a28d411121b648bf6b4 SHA512 132a6dfe3f0c81d6881277fc02c17fe284fb169baeb8cc461555c04da5574f8d282a01e7e4e337602770983eeaf2634c8f4ccbd4b8d3b9d5de4ba4885f49eb4a EBUILD pysaml2-4.5.0.ebuild 837 BLAKE2B ef546e17850b3d3088cda21c3cc31a18c7d80267ef51f89c091823c2e7b3ce5d64448a89d1f1b9bbb77780552b82058794d0b992ed3d0117522dd5ee924480b5 SHA512 6b313ff7137cb3b99ffa49148a2a76e10b5d1f4fe9256ac567e12b5be3698b8e95f0a7ab1d92b9b2c1136c3a0b512714730b6923468af5aeec3cfb469f813d76 MISC metadata.xml 606 BLAKE2B 5262e7d7a6f2ff32547ab8570f3aace4dfc3af9d667fdaac6ba2eba77ffd562524a136154eb7b96d4f1f7dfb316b72ee7a0311efa46153afff150c3956151b32 SHA512 7b4facbe3e25898488fffb7b39f9ff7eedd12492f668fa294952711efb3ca9549f2653ab6bc2a948286deff5f45116b0b8bd9a5fc796e99413acc9334eade348 diff --git a/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch b/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch new file mode 100644 index 000000000000..7abc765c2984 --- /dev/null +++ b/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch @@ -0,0 +1,33 @@ +From 6312a41e037954850867f29d329e5007df1424a5 Mon Sep 17 00:00:00 2001 +From: Ioannis Kakavas <ikakavas@noc.grnet.gr> +Date: Tue, 12 Sep 2017 12:22:47 +0300 +Subject: [PATCH] Quick fix for the authentication bypass due to optimizations + #451 + +--- + src/saml2/authn.py | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/saml2/authn.py b/src/saml2/authn.py +index 1f2d02cf..1e1a220b 100644 +--- a/src/saml2/authn.py ++++ b/src/saml2/authn.py +@@ -146,7 +146,8 @@ def __call__(self, cookie=None, policy_url=None, logo_url=None, + return resp + + def _verify(self, pwd, user): +- assert is_equal(pwd, self.passwd[user]) ++ if not is_equal(pwd, self.passwd[user]): ++ raise ValueError("Wrong password") + + def verify(self, request, **kwargs): + """ +@@ -176,7 +177,7 @@ def verify(self, request, **kwargs): + return_to = create_return_url(self.return_to, _dict["query"][0], + **{self.query_param: "true"}) + resp = Redirect(return_to, headers=[cookie]) +- except (AssertionError, KeyError): ++ except (ValueError, KeyError): + resp = Unauthorized("Unknown user or wrong password") + + return resp diff --git a/dev-python/pysaml2/pysaml2-4.0.2-r3.ebuild b/dev-python/pysaml2/pysaml2-4.0.2-r3.ebuild new file mode 100644 index 000000000000..8b3dded83c0c --- /dev/null +++ b/dev-python/pysaml2/pysaml2-4.0.2-r3.ebuild @@ -0,0 +1,39 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +PYTHON_COMPAT=( python2_7 python3_4 python3_5 ) + +inherit distutils-r1 + +DESCRIPTION="Python implementation of SAML Version 2 to be used in a WSGI environment" +HOMEPAGE="https://github.com/rohe/pysaml2" +SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~arm64 x86" +IUSE="" + +PATCHES=( + "${FILESDIR}/xxe-4.0.2.patch" + "${FILESDIR}/pysaml-4.0.2_CVE-2017-1000433.patch" +) + +DEPEND=" + dev-python/setuptools[${PYTHON_USEDEP}] +" +RDEPEND=" + dev-python/decorator[${PYTHON_USEDEP}] + >=dev-python/requests-1.0.0[${PYTHON_USEDEP}] + dev-python/future[${PYTHON_USEDEP}] + dev-python/paste[${PYTHON_USEDEP}] + dev-python/zope-interface[${PYTHON_USEDEP}] + dev-python/repoze-who[${PYTHON_USEDEP}] + >=dev-python/pycrypto-2.5[${PYTHON_USEDEP}] + dev-python/pytz[${PYTHON_USEDEP}] + dev-python/pyopenssl[${PYTHON_USEDEP}] + dev-python/python-dateutil[${PYTHON_USEDEP}] + dev-python/six[${PYTHON_USEDEP}] + dev-python/defusedxml[${PYTHON_USEDEP}] +" |