From 8376ef56580626e9c0f796d5b85b53a0a1c7d5f5 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Sat, 14 Jul 2018 21:03:06 +0100
Subject: gentoo resync : 14.07.2018

---
 dev-python/pysaml2/Manifest                        |   7 +
 .../files/pysaml-4.0.2_CVE-2017-1000433.patch      |  33 +++
 dev-python/pysaml2/files/xxe-4.0.2.patch           | 305 +++++++++++++++++++++
 dev-python/pysaml2/metadata.xml                    |  19 ++
 dev-python/pysaml2/pysaml2-4.0.2-r3.ebuild         |  39 +++
 dev-python/pysaml2/pysaml2-4.5.0.ebuild            |  34 +++
 6 files changed, 437 insertions(+)
 create mode 100644 dev-python/pysaml2/Manifest
 create mode 100644 dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch
 create mode 100644 dev-python/pysaml2/files/xxe-4.0.2.patch
 create mode 100644 dev-python/pysaml2/metadata.xml
 create mode 100644 dev-python/pysaml2/pysaml2-4.0.2-r3.ebuild
 create mode 100644 dev-python/pysaml2/pysaml2-4.5.0.ebuild

(limited to 'dev-python/pysaml2')

diff --git a/dev-python/pysaml2/Manifest b/dev-python/pysaml2/Manifest
new file mode 100644
index 000000000000..e3a668e58c5d
--- /dev/null
+++ b/dev-python/pysaml2/Manifest
@@ -0,0 +1,7 @@
+AUX pysaml-4.0.2_CVE-2017-1000433.patch 1245 BLAKE2B ef0d8c68cadb6c53810e9b3d083a9de895fe70762a4dfe88140558d3b03848615319a08e777f488ce81f227994b7621039e0354967461fd403880e44eda19264 SHA512 be699d09afefeb9034c46a5d8cb0a86ef2d7bb5ae0dfbe708b6746a43236eaa21903fe6e6590247722f8fb68632f850d018143f19a4b8b5b67609219f37e4249
+AUX xxe-4.0.2.patch 10657 BLAKE2B 6ecb7b265c55ee9cffda2a9acc0358dc092eec1d8040415665d22104bc8ca1d54473c471c542ae74cda68fe1a62ec3d1ecab0c29f4a017e24d895da1f66bbb4c SHA512 5c18a3c850526e6fd0410d0526bbf385d3383978b944de80da781301114f6a9081d2a3c662f45990fbd7ed88f971382b1ce30d974e4e76e19c11d6aa74d010d1
+DIST pysaml2-4.0.2.tar.gz 13657558 BLAKE2B 35cb9dff897caf9f7fc39a70466dabce88098b6bbe0337a2ae47c733e4fd5de3bd80ddf73f27b6ff67e6f571b1f647d9856bbed58c8b19fe6547a35254dc2019 SHA512 debe23c2b193ca9f937bdb4fc9e8f308fa012c18e50e40183f7e531434af52b6e4d36608be3e9b0321190930cdfd9eb24555ed1805083e32db8de0f57e5afb14
+DIST pysaml2-4.5.0.tar.gz 20030696 BLAKE2B 547465c2c4191a26de6bf1bab55bd9c36ed7e477c620a4155b7a463c98dbf314a8067d45263055a05ec8ed696177fcbd1443dd856113871f2941b572b9df0628 SHA512 163dfc2acfa0f242bc97d3ec334aec98e993ef9265b2240223205e496f86df5518ca613620b371eabcca0c4070a0bf7bb72a2216f517e19e3b2ff0f20e30a0c7
+EBUILD pysaml2-4.0.2-r3.ebuild 1078 BLAKE2B d3d045eff390a651e64c6354601ab63d566c0344ab07c7b014e04244f4029891455a721baaddd67b1eb9b5cd7c6fba6f2529e7e85a5ef8c94745aed33ed5a7cf SHA512 61e90dbbcc1cc55a32f285257a776504f1125d0b1b6ff5dc78ffefbbb68eab9e29c8485dd4a0da26df19a79ada63dde78f35250f7126db6a2eb2d3c2df0026d5
+EBUILD pysaml2-4.5.0.ebuild 833 BLAKE2B abab89c3f6d390488b1f63c53a59713cad3e6fdf93d8879767584c89690f25644260634e3c28de495f7ad1cc92341e1ba0a171627c73be9c926cc2f2eda14ade SHA512 c80b60d24d487de2bfd2b65843a497e05a025fb5ed924883482280caf7d7585cb862839008e2cff8853992f211bba2f99bb133f9c79a77f0442d47faae5789f0
+MISC metadata.xml 606 BLAKE2B 5262e7d7a6f2ff32547ab8570f3aace4dfc3af9d667fdaac6ba2eba77ffd562524a136154eb7b96d4f1f7dfb316b72ee7a0311efa46153afff150c3956151b32 SHA512 7b4facbe3e25898488fffb7b39f9ff7eedd12492f668fa294952711efb3ca9549f2653ab6bc2a948286deff5f45116b0b8bd9a5fc796e99413acc9334eade348
diff --git a/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch b/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch
new file mode 100644
index 000000000000..7abc765c2984
--- /dev/null
+++ b/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch
@@ -0,0 +1,33 @@
+From 6312a41e037954850867f29d329e5007df1424a5 Mon Sep 17 00:00:00 2001
+From: Ioannis Kakavas <ikakavas@noc.grnet.gr>
+Date: Tue, 12 Sep 2017 12:22:47 +0300
+Subject: [PATCH] Quick fix for the authentication bypass due to optimizations
+ #451
+
+---
+ src/saml2/authn.py | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/saml2/authn.py b/src/saml2/authn.py
+index 1f2d02cf..1e1a220b 100644
+--- a/src/saml2/authn.py
++++ b/src/saml2/authn.py
+@@ -146,7 +146,8 @@ def __call__(self, cookie=None, policy_url=None, logo_url=None,
+         return resp
+ 
+     def _verify(self, pwd, user):
+-        assert is_equal(pwd, self.passwd[user])
++        if not is_equal(pwd, self.passwd[user]):
++            raise ValueError("Wrong password")
+ 
+     def verify(self, request, **kwargs):
+         """
+@@ -176,7 +177,7 @@ def verify(self, request, **kwargs):
+             return_to = create_return_url(self.return_to, _dict["query"][0],
+                                           **{self.query_param: "true"})
+             resp = Redirect(return_to, headers=[cookie])
+-        except (AssertionError, KeyError):
++        except (ValueError, KeyError):
+             resp = Unauthorized("Unknown user or wrong password")
+ 
+         return resp
diff --git a/dev-python/pysaml2/files/xxe-4.0.2.patch b/dev-python/pysaml2/files/xxe-4.0.2.patch
new file mode 100644
index 000000000000..8e1a2ef53cc0
--- /dev/null
+++ b/dev-python/pysaml2/files/xxe-4.0.2.patch
@@ -0,0 +1,305 @@
+diff -Naur pysaml2/setup.py pysaml2.new/setup.py
+--- pysaml2/setup.py	2015-12-06 00:46:33.000000000 -0600
++++ pysaml2.new/setup.py	2017-01-10 20:31:43.387413477 -0600
+@@ -17,6 +17,7 @@
+     'pytz',
+     'pyOpenSSL',
+     'python-dateutil',
++    'defusedxml',
+     'six'
+ ]
+ 
+diff -Naur pysaml2/src/saml2/__init__.py pysaml2.new/src/saml2/__init__.py
+--- pysaml2/src/saml2/__init__.py	2016-01-07 05:53:57.000000000 -0600
++++ pysaml2.new/src/saml2/__init__.py	2017-01-10 20:34:04.171641116 -0600
+@@ -35,6 +35,7 @@
+         import cElementTree as ElementTree
+     except ImportError:
+         from elementtree import ElementTree
++import defusedxml.ElementTree
+ 
+ root_logger = logging.getLogger(__name__)
+ root_logger.level = logging.NOTSET
+@@ -86,7 +87,7 @@
+     """
+     if not isinstance(xml_string, six.binary_type):
+         xml_string = xml_string.encode('utf-8')
+-    tree = ElementTree.fromstring(xml_string)
++    tree = defusedxml.ElementTree.fromstring(xml_string)
+     return create_class_from_element_tree(target_class, tree)
+ 
+ 
+@@ -268,7 +269,7 @@
+ 
+ 
+ def extension_element_from_string(xml_string):
+-    element_tree = ElementTree.fromstring(xml_string)
++    element_tree = defusedxml.ElementTree.fromstring(xml_string)
+     return _extension_element_from_element_tree(element_tree)
+ 
+ 
+diff -Naur pysaml2/src/saml2/pack.py pysaml2.new/src/saml2/pack.py
+--- pysaml2/src/saml2/pack.py	2015-12-11 07:31:39.000000000 -0600
++++ pysaml2.new/src/saml2/pack.py	2017-01-10 20:35:35.382435020 -0600
+@@ -37,6 +37,7 @@
+         import cElementTree as ElementTree
+     except ImportError:
+         from elementtree import ElementTree
++import defusedxml.ElementTree
+ 
+ NAMESPACE = "http://schemas.xmlsoap.org/soap/envelope/"
+ FORM_SPEC = """<form method="post" action="%s">
+@@ -235,7 +236,7 @@
+     :param text: The SOAP object as XML
+     :return: header parts and body as saml.samlbase instances
+     """
+-    envelope = ElementTree.fromstring(text)
++    envelope = defusedxml.ElementTree.fromstring(text)
+     assert envelope.tag == '{%s}Envelope' % NAMESPACE
+ 
+     # print(len(envelope))
+diff -Naur pysaml2/src/saml2/soap.py pysaml2.new/src/saml2/soap.py
+--- pysaml2/src/saml2/soap.py	2015-05-18 02:54:05.000000000 -0500
++++ pysaml2.new/src/saml2/soap.py	2017-01-10 20:36:16.163808770 -0600
+@@ -19,6 +19,7 @@
+     except ImportError:
+         #noinspection PyUnresolvedReferences
+         from elementtree import ElementTree
++import defusedxml.ElementTree
+ 
+ 
+ logger = logging.getLogger(__name__)
+@@ -133,7 +134,7 @@
+     :param expected_tags: What the tag of the SAML thingy is expected to be.
+     :return: SAML thingy as a string
+     """
+-    envelope = ElementTree.fromstring(text)
++    envelope = defusedxml.ElementTree.fromstring(text)
+ 
+     # Make sure it's a SOAP message
+     assert envelope.tag == '{%s}Envelope' % soapenv.NAMESPACE
+@@ -183,7 +184,7 @@
+     :return: The body and headers as class instances
+     """
+     try:
+-        envelope = ElementTree.fromstring(text)
++        envelope = defusedxml.ElementTree.fromstring(text)
+     except Exception as exc:
+         raise XmlParseError("%s" % exc)
+ 
+@@ -209,7 +210,7 @@
+     :return: dictionary with two keys "body"/"header"
+     """
+     try:
+-        envelope = ElementTree.fromstring(text)
++        envelope = defusedxml.ElementTree.fromstring(text)
+     except Exception as exc:
+         raise XmlParseError("%s" % exc)
+ 
+diff -Naur pysaml2/tests/test_03_saml2.py pysaml2.new/tests/test_03_saml2.py
+--- pysaml2/tests/test_03_saml2.py	2015-06-06 02:15:20.000000000 -0500
++++ pysaml2.new/tests/test_03_saml2.py	2017-01-10 20:38:32.541728380 -0600
+@@ -17,6 +17,7 @@
+         import cElementTree as ElementTree
+     except ImportError:
+         from elementtree import ElementTree
++from defusedxml.common import EntitiesForbidden
+ 
+ ITEMS = {
+     NameID: ["""<?xml version="1.0" encoding="utf-8"?>
+@@ -27,7 +28,7 @@
+ </NameID>
+ """, """<?xml version="1.0" encoding="utf-8"?>
+ <NameID xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
+-  SPNameQualifier="https://foo.example.com/sp" 
++  SPNameQualifier="https://foo.example.com/sp"
+   Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_1632879f09d08ea5ede2dc667cbed7e429ebc4335c</NameID>
+ """, """<?xml version="1.0" encoding="utf-8"?>
+ <NameID xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
+@@ -47,9 +48,9 @@
+     SubjectConfirmationData:
+         """<?xml version="1.0" encoding="utf-8"?>
+ <SubjectConfirmationData xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
+-InResponseTo="_1683146e27983964fbe7bf8f08961108d166a652e5" 
+-NotOnOrAfter="2010-02-18T13:52:13.959Z" 
+-NotBefore="2010-01-16T12:00:00Z" 
++InResponseTo="_1683146e27983964fbe7bf8f08961108d166a652e5"
++NotOnOrAfter="2010-02-18T13:52:13.959Z"
++NotBefore="2010-01-16T12:00:00Z"
+ Recipient="http://192.168.0.10/saml/sp" />""",
+     SubjectConfirmation:
+         """<?xml version="1.0" encoding="utf-8"?>
+@@ -166,6 +167,19 @@
+     assert kl == None
+ 
+ 
++def test_create_class_from_xml_string_xxe():
++    xml = """<?xml version="1.0"?>
++    <!DOCTYPE lolz [
++    <!ENTITY lol "lol">
++    <!ELEMENT lolz (#PCDATA)>
++    <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
++    ]>
++    <lolz>&lol1;</lolz>
++    """
++    with raises(EntitiesForbidden) as err:
++        create_class_from_xml_string(NameID, xml)
++
++
+ def test_ee_1():
+     ee = saml2.extension_element_from_string(
+         """<?xml version='1.0' encoding='UTF-8'?><foo>bar</foo>""")
+@@ -193,7 +207,7 @@
+ def test_ee_3():
+     ee = saml2.extension_element_from_string(
+         """<?xml version='1.0' encoding='UTF-8'?>
+-        <foo xmlns="urn:mace:example.com:saml:ns" 
++        <foo xmlns="urn:mace:example.com:saml:ns"
+         id="xyz">bar</foo>""")
+     assert ee != None
+     print(ee.__dict__)
+@@ -454,6 +468,19 @@
+     assert nid.text.strip() == "http://federationX.org"
+ 
+ 
++def test_ee_xxe():
++    xml = """<?xml version="1.0"?>
++    <!DOCTYPE lolz [
++    <!ENTITY lol "lol">
++    <!ELEMENT lolz (#PCDATA)>
++    <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
++    ]>
++    <lolz>&lol1;</lolz>
++    """
++    with raises(EntitiesForbidden):
++        saml2.extension_element_from_string(xml)
++
++
+ def test_extension_element_loadd():
+     ava = {'attributes': {},
+            'tag': 'ExternalEntityAttributeAuthority',
+diff -Naur pysaml2/tests/test_43_soap.py pysaml2.new/tests/test_43_soap.py
+--- pysaml2/tests/test_43_soap.py	2013-04-28 09:38:07.000000000 -0500
++++ pysaml2.new/tests/test_43_soap.py	2017-01-10 20:39:53.730364008 -0600
+@@ -12,16 +12,20 @@
+         import cElementTree as ElementTree
+     except ImportError:
+         from elementtree import ElementTree
++from defusedxml.common import EntitiesForbidden
++
++from pytest import raises
+ 
+ import saml2.samlp as samlp
+ from saml2.samlp import NAMESPACE as SAMLP_NAMESPACE
++from saml2 import soap
+ 
+ NAMESPACE = "http://schemas.xmlsoap.org/soap/envelope/"
+ 
+ example = """<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/">
+     <Body>
+-        <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
+-            xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
++        <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
++            xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+             ID="_6c3a4f8b9c2d" Version="2.0" IssueInstant="2004-03-27T08:42:00Z">
+         <saml:Issuer>https://www.example.com/SAML</saml:Issuer>
+         <Status>
+@@ -55,7 +59,7 @@
+     envelope.tag = '{%s}Envelope' % NAMESPACE
+     body = ElementTree.Element('')
+     body.tag = '{%s}Body' % NAMESPACE
+-    envelope.append(body)    
++    envelope.append(body)
+     request = samlp.AuthnRequest()
+     request.become_child_element_of(body)
+ 
+@@ -66,3 +70,42 @@
+     assert len(body) == 1
+     saml_part = body[0]
+     assert saml_part.tag == '{%s}AuthnRequest' % SAMLP_NAMESPACE
++
++
++def test_parse_soap_enveloped_saml_thingy_xxe():
++    xml = """<?xml version="1.0"?>
++    <!DOCTYPE lolz [
++    <!ENTITY lol "lol">
++    <!ELEMENT lolz (#PCDATA)>
++    <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
++    ]>
++    <lolz>&lol1;</lolz>
++    """
++    with raises(EntitiesForbidden):
++        soap.parse_soap_enveloped_saml_thingy(xml, None)
++
++
++def test_class_instances_from_soap_enveloped_saml_thingies_xxe():
++    xml = """<?xml version="1.0"?>
++    <!DOCTYPE lolz [
++    <!ENTITY lol "lol">
++    <!ELEMENT lolz (#PCDATA)>
++    <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
++    ]>
++    <lolz>&lol1;</lolz>
++    """
++    with raises(soap.XmlParseError):
++        soap.class_instances_from_soap_enveloped_saml_thingies(xml, None)
++
++
++def test_open_soap_envelope_xxe():
++    xml = """<?xml version="1.0"?>
++    <!DOCTYPE lolz [
++    <!ENTITY lol "lol">
++    <!ELEMENT lolz (#PCDATA)>
++    <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
++    ]>
++    <lolz>&lol1;</lolz>
++    """
++    with raises(soap.XmlParseError):
++        soap.open_soap_envelope(xml)
+diff -Naur pysaml2/tests/test_51_client.py pysaml2.new/tests/test_51_client.py
+--- pysaml2/tests/test_51_client.py	2015-12-11 05:10:01.000000000 -0600
++++ pysaml2.new/tests/test_51_client.py	2017-01-10 20:42:12.819280442 -0600
+@@ -5,6 +5,7 @@
+ import uuid
+ import six
+ from six.moves.urllib.parse import parse_qs, urlencode, urlparse
++from pytest import raises
+ from saml2.cert import OpenSSLWrapper
+ from saml2.xmldsig import SIG_RSA_SHA256
+ from saml2 import BINDING_HTTP_POST
+@@ -21,6 +22,7 @@
+ from saml2.authn_context import INTERNETPROTOCOLPASSWORD
+ from saml2.client import Saml2Client
+ from saml2.config import SPConfig
++from saml2.pack import parse_soap_enveloped_saml
+ from saml2.response import LogoutResponse
+ from saml2.saml import NAMEID_FORMAT_PERSISTENT, EncryptedAssertion, Advice
+ from saml2.saml import NAMEID_FORMAT_TRANSIENT
+@@ -34,6 +36,8 @@
+ from saml2.s_utils import factory
+ from saml2.time_util import in_a_while, a_while_ago
+ 
++from defusedxml.common import EntitiesForbidden
++
+ from fakeIDP import FakeIDP
+ from fakeIDP import unpack_form
+ from pathutils import full_path
+@@ -1445,6 +1449,18 @@
+             'http://www.example.com/login'
+         assert ac.authn_context_class_ref.text == INTERNETPROTOCOLPASSWORD
+ 
++def test_parse_soap_enveloped_saml_xxe():
++    xml = """<?xml version="1.0"?>
++    <!DOCTYPE lolz [
++    <!ENTITY lol "lol">
++    <!ELEMENT lolz (#PCDATA)>
++    <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
++    ]>
++    <lolz>&lol1;</lolz>
++    """
++    with raises(EntitiesForbidden):
++        parse_soap_enveloped_saml(xml, None)
++
+ 
+ # if __name__ == "__main__":
+ #     tc = TestClient()
diff --git a/dev-python/pysaml2/metadata.xml b/dev-python/pysaml2/metadata.xml
new file mode 100644
index 000000000000..e06acc272e6a
--- /dev/null
+++ b/dev-python/pysaml2/metadata.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>prometheanfire@gentoo.org</email>
+		<name>Matthew Thode</name>
+	</maintainer>
+	<maintainer type="project">
+		<email>openstack@gentoo.org</email>
+		<name>Openstack</name>
+	</maintainer>
+	<longdescription lang="en">
+	Python implementation of SAML Version 2 to be used in a WSGI environment
+	</longdescription>
+	<upstream>
+		<remote-id type="pypi">pysaml2</remote-id>
+		<remote-id type="github">rohe/pysaml2</remote-id>
+	</upstream>
+</pkgmetadata>
diff --git a/dev-python/pysaml2/pysaml2-4.0.2-r3.ebuild b/dev-python/pysaml2/pysaml2-4.0.2-r3.ebuild
new file mode 100644
index 000000000000..5c16ff2cf00d
--- /dev/null
+++ b/dev-python/pysaml2/pysaml2-4.0.2-r3.ebuild
@@ -0,0 +1,39 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+PYTHON_COMPAT=( python2_7 python3_{4,5,6} )
+
+inherit distutils-r1
+
+DESCRIPTION="Python implementation of SAML Version 2 to be used in a WSGI environment"
+HOMEPAGE="https://github.com/rohe/pysaml2"
+SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="amd64 ~arm64 x86"
+IUSE=""
+
+PATCHES=(
+	"${FILESDIR}/xxe-4.0.2.patch"
+	"${FILESDIR}/pysaml-4.0.2_CVE-2017-1000433.patch"
+)
+
+DEPEND="
+	dev-python/setuptools[${PYTHON_USEDEP}]
+"
+RDEPEND="
+	dev-python/decorator[${PYTHON_USEDEP}]
+	>=dev-python/requests-1.0.0[${PYTHON_USEDEP}]
+	dev-python/future[${PYTHON_USEDEP}]
+	dev-python/paste[${PYTHON_USEDEP}]
+	dev-python/zope-interface[${PYTHON_USEDEP}]
+	dev-python/repoze-who[${PYTHON_USEDEP}]
+	>=dev-python/pycrypto-2.5[${PYTHON_USEDEP}]
+	dev-python/pytz[${PYTHON_USEDEP}]
+	dev-python/pyopenssl[${PYTHON_USEDEP}]
+	dev-python/python-dateutil[${PYTHON_USEDEP}]
+	dev-python/six[${PYTHON_USEDEP}]
+	dev-python/defusedxml[${PYTHON_USEDEP}]
+"
diff --git a/dev-python/pysaml2/pysaml2-4.5.0.ebuild b/dev-python/pysaml2/pysaml2-4.5.0.ebuild
new file mode 100644
index 000000000000..1f49c06382aa
--- /dev/null
+++ b/dev-python/pysaml2/pysaml2-4.5.0.ebuild
@@ -0,0 +1,34 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+PYTHON_COMPAT=( python2_7 python3_{4,5,6} )
+
+inherit distutils-r1
+
+DESCRIPTION="Python implementation of SAML Version 2 to be used in a WSGI environment"
+HOMEPAGE="https://github.com/rohe/pysaml2"
+SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="amd64 ~arm64 x86"
+IUSE=""
+
+PATCHES=(
+
+)
+
+DEPEND="
+	dev-python/setuptools[${PYTHON_USEDEP}]
+"
+RDEPEND="
+	>=dev-python/requests-1.0.0[${PYTHON_USEDEP}]
+	dev-python/future[${PYTHON_USEDEP}]
+	dev-python/cryptography[${PYTHON_USEDEP}]
+	dev-python/pytz[${PYTHON_USEDEP}]
+	dev-python/pyopenssl[${PYTHON_USEDEP}]
+	dev-python/python-dateutil[${PYTHON_USEDEP}]
+	dev-python/six[${PYTHON_USEDEP}]
+	dev-python/defusedxml[${PYTHON_USEDEP}]
+"
-- 
cgit v1.2.3