From b7ebc951da8800f711142f69d9d958bde67a112d Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sun, 28 Apr 2019 09:54:45 +0100 Subject: gentoo resync : 28.04.2019 --- dev-python/pysaml2/Manifest | 10 +- .../files/pysaml-4.0.2_CVE-2017-1000433.patch | 33 --- dev-python/pysaml2/files/xxe-4.0.2.patch | 305 --------------------- dev-python/pysaml2/pysaml2-4.0.2-r3.ebuild | 39 --- dev-python/pysaml2/pysaml2-4.6.3-r1.ebuild | 2 +- dev-python/pysaml2/pysaml2-4.6.3.ebuild | 4 +- dev-python/pysaml2/pysaml2-4.6.5.ebuild | 40 +++ 7 files changed, 47 insertions(+), 386 deletions(-) delete mode 100644 dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch delete mode 100644 dev-python/pysaml2/files/xxe-4.0.2.patch delete mode 100644 dev-python/pysaml2/pysaml2-4.0.2-r3.ebuild create mode 100644 dev-python/pysaml2/pysaml2-4.6.5.ebuild (limited to 'dev-python/pysaml2') diff --git a/dev-python/pysaml2/Manifest b/dev-python/pysaml2/Manifest index e8b6b91b8041..302c089d7f30 100644 --- a/dev-python/pysaml2/Manifest +++ b/dev-python/pysaml2/Manifest @@ -1,8 +1,6 @@ -AUX pysaml-4.0.2_CVE-2017-1000433.patch 1245 BLAKE2B ef0d8c68cadb6c53810e9b3d083a9de895fe70762a4dfe88140558d3b03848615319a08e777f488ce81f227994b7621039e0354967461fd403880e44eda19264 SHA512 be699d09afefeb9034c46a5d8cb0a86ef2d7bb5ae0dfbe708b6746a43236eaa21903fe6e6590247722f8fb68632f850d018143f19a4b8b5b67609219f37e4249 -AUX xxe-4.0.2.patch 10657 BLAKE2B 6ecb7b265c55ee9cffda2a9acc0358dc092eec1d8040415665d22104bc8ca1d54473c471c542ae74cda68fe1a62ec3d1ecab0c29f4a017e24d895da1f66bbb4c SHA512 5c18a3c850526e6fd0410d0526bbf385d3383978b944de80da781301114f6a9081d2a3c662f45990fbd7ed88f971382b1ce30d974e4e76e19c11d6aa74d010d1 -DIST pysaml2-4.0.2.tar.gz 13657558 BLAKE2B 35cb9dff897caf9f7fc39a70466dabce88098b6bbe0337a2ae47c733e4fd5de3bd80ddf73f27b6ff67e6f571b1f647d9856bbed58c8b19fe6547a35254dc2019 SHA512 debe23c2b193ca9f937bdb4fc9e8f308fa012c18e50e40183f7e531434af52b6e4d36608be3e9b0321190930cdfd9eb24555ed1805083e32db8de0f57e5afb14 DIST pysaml2-4.6.3.tar.gz 316979 BLAKE2B cf393075903269ce93dd219bd23479949ce8e39383d8150f8ee30185733569fe79c7421b87b3439b95e707f17d5f513abfa2610be76441b8f18d8f75a5a9fdd3 SHA512 259f7395afad44caac32453a03bbdaf8c464adeeb856b78786b665281dbe75b37e8054efaf945a7d10333c0b09d9f516d606e95b157aed34c1cd0821b7255b9d -EBUILD pysaml2-4.0.2-r3.ebuild 1078 BLAKE2B d3d045eff390a651e64c6354601ab63d566c0344ab07c7b014e04244f4029891455a721baaddd67b1eb9b5cd7c6fba6f2529e7e85a5ef8c94745aed33ed5a7cf SHA512 61e90dbbcc1cc55a32f285257a776504f1125d0b1b6ff5dc78ffefbbb68eab9e29c8485dd4a0da26df19a79ada63dde78f35250f7126db6a2eb2d3c2df0026d5 -EBUILD pysaml2-4.6.3-r1.ebuild 1235 BLAKE2B 29112ec3187762594465d650279e0d9adb43514f2a55fa1815612c5558638b95c95f9208b93882814ff0538441438482aee594fb1e9dd56bf04d45453c8e19d0 SHA512 3b3af9e11e151511a0c38f770b7838dfedcfa83f4c4789443674d7c5d023317f41b5c52788430f908bfc52872b13ed32e842900619e259c572bf0533e4039bb8 -EBUILD pysaml2-4.6.3.ebuild 829 BLAKE2B c3cc03f6d7fdbd0631d6d6b1742158227554d500c0eb4efd734c742dc8aae6e3665cdb71d9358fb7a55a56eeae0a88d437dbdd2ddbf4032dd55828dd17da75bc SHA512 d35b54e1d560ee54cc6ec97ee3c3823a7499d318b9e27b4177901440750e147dc0a00e8088104b7d57d5e5e2775968ea5866efc24d112629a694dfafebcd3cd0 +DIST pysaml2-4.6.5.tar.gz 319131 BLAKE2B d2b78d00cc5e65717bae267fbe88c781d4583996025eb4a9602030215f842a29b625ba41905e867d887e4564bbacdb1251170af46e5f00cc0f9d202c7741418d SHA512 da9cd23f9bef37da1079bba539f91df6a79190fcf8ab20b4c025fd8eae9b147799623dcc1376acfb6ff06c8566a58d478f8da7765195fe058d54007a2ebe79bb +EBUILD pysaml2-4.6.3-r1.ebuild 1233 BLAKE2B 235bd4ae23a6460c9285b73d0ae154a584a5e84742dd868d7cd40938010c7cacd21493177ffb2448bc0ceb2e5e8f1e2e0ae8389f8f8ce86955cb178123797543 SHA512 e6e5148a5b73a7d62433c4cf1a36aa87bb55300283c62893650858198749693b6e8a39e020d2f2bea5e91825c38e77e5b3e8c89e09b1076e766c9c4846f8f93f +EBUILD pysaml2-4.6.3.ebuild 827 BLAKE2B 1db32be475a21ba00773fe7a4af8dd551717a126cae519dd04f246520b8720aa94915e3479f4e95770d03e388e9bb3b8aaf9502988cb3f2f27017326e7f94c52 SHA512 f6cdc1d2dc178c9719f07ee04700eb2fb8ac8a3bdd38e512e4e5df389e6ec357ce30eb30d52def456344d67df69921c96b1df9fc7bc16c02ea7aaf081e559607 +EBUILD pysaml2-4.6.5.ebuild 1235 BLAKE2B 73d7d4799f0667f5b4e782d9c21b78c43f6ea14e86e12de01bb4efda087122d1901c3795613ffc972e9cd781f0be46655adbb6c6cfd035388d33742ea3160746 SHA512 f8053b63a66153b0e0f6794d9f38c64d1421a704e1076fbcbc70117f7602d517a1e735671875dcaccdcf814e2e7f300b4294ac1338b87e24f172942d43507797 MISC metadata.xml 606 BLAKE2B 5262e7d7a6f2ff32547ab8570f3aace4dfc3af9d667fdaac6ba2eba77ffd562524a136154eb7b96d4f1f7dfb316b72ee7a0311efa46153afff150c3956151b32 SHA512 7b4facbe3e25898488fffb7b39f9ff7eedd12492f668fa294952711efb3ca9549f2653ab6bc2a948286deff5f45116b0b8bd9a5fc796e99413acc9334eade348 diff --git a/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch b/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch deleted file mode 100644 index 7abc765c2984..000000000000 --- a/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 6312a41e037954850867f29d329e5007df1424a5 Mon Sep 17 00:00:00 2001 -From: Ioannis Kakavas -Date: Tue, 12 Sep 2017 12:22:47 +0300 -Subject: [PATCH] Quick fix for the authentication bypass due to optimizations - #451 - ---- - src/saml2/authn.py | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/src/saml2/authn.py b/src/saml2/authn.py -index 1f2d02cf..1e1a220b 100644 ---- a/src/saml2/authn.py -+++ b/src/saml2/authn.py -@@ -146,7 +146,8 @@ def __call__(self, cookie=None, policy_url=None, logo_url=None, - return resp - - def _verify(self, pwd, user): -- assert is_equal(pwd, self.passwd[user]) -+ if not is_equal(pwd, self.passwd[user]): -+ raise ValueError("Wrong password") - - def verify(self, request, **kwargs): - """ -@@ -176,7 +177,7 @@ def verify(self, request, **kwargs): - return_to = create_return_url(self.return_to, _dict["query"][0], - **{self.query_param: "true"}) - resp = Redirect(return_to, headers=[cookie]) -- except (AssertionError, KeyError): -+ except (ValueError, KeyError): - resp = Unauthorized("Unknown user or wrong password") - - return resp diff --git a/dev-python/pysaml2/files/xxe-4.0.2.patch b/dev-python/pysaml2/files/xxe-4.0.2.patch deleted file mode 100644 index 8e1a2ef53cc0..000000000000 --- a/dev-python/pysaml2/files/xxe-4.0.2.patch +++ /dev/null @@ -1,305 +0,0 @@ -diff -Naur pysaml2/setup.py pysaml2.new/setup.py ---- pysaml2/setup.py 2015-12-06 00:46:33.000000000 -0600 -+++ pysaml2.new/setup.py 2017-01-10 20:31:43.387413477 -0600 -@@ -17,6 +17,7 @@ - 'pytz', - 'pyOpenSSL', - 'python-dateutil', -+ 'defusedxml', - 'six' - ] - -diff -Naur pysaml2/src/saml2/__init__.py pysaml2.new/src/saml2/__init__.py ---- pysaml2/src/saml2/__init__.py 2016-01-07 05:53:57.000000000 -0600 -+++ pysaml2.new/src/saml2/__init__.py 2017-01-10 20:34:04.171641116 -0600 -@@ -35,6 +35,7 @@ - import cElementTree as ElementTree - except ImportError: - from elementtree import ElementTree -+import defusedxml.ElementTree - - root_logger = logging.getLogger(__name__) - root_logger.level = logging.NOTSET -@@ -86,7 +87,7 @@ - """ - if not isinstance(xml_string, six.binary_type): - xml_string = xml_string.encode('utf-8') -- tree = ElementTree.fromstring(xml_string) -+ tree = defusedxml.ElementTree.fromstring(xml_string) - return create_class_from_element_tree(target_class, tree) - - -@@ -268,7 +269,7 @@ - - - def extension_element_from_string(xml_string): -- element_tree = ElementTree.fromstring(xml_string) -+ element_tree = defusedxml.ElementTree.fromstring(xml_string) - return _extension_element_from_element_tree(element_tree) - - -diff -Naur pysaml2/src/saml2/pack.py pysaml2.new/src/saml2/pack.py ---- pysaml2/src/saml2/pack.py 2015-12-11 07:31:39.000000000 -0600 -+++ pysaml2.new/src/saml2/pack.py 2017-01-10 20:35:35.382435020 -0600 -@@ -37,6 +37,7 @@ - import cElementTree as ElementTree - except ImportError: - from elementtree import ElementTree -+import defusedxml.ElementTree - - NAMESPACE = "http://schemas.xmlsoap.org/soap/envelope/" - FORM_SPEC = """
-@@ -235,7 +236,7 @@ - :param text: The SOAP object as XML - :return: header parts and body as saml.samlbase instances - """ -- envelope = ElementTree.fromstring(text) -+ envelope = defusedxml.ElementTree.fromstring(text) - assert envelope.tag == '{%s}Envelope' % NAMESPACE - - # print(len(envelope)) -diff -Naur pysaml2/src/saml2/soap.py pysaml2.new/src/saml2/soap.py ---- pysaml2/src/saml2/soap.py 2015-05-18 02:54:05.000000000 -0500 -+++ pysaml2.new/src/saml2/soap.py 2017-01-10 20:36:16.163808770 -0600 -@@ -19,6 +19,7 @@ - except ImportError: - #noinspection PyUnresolvedReferences - from elementtree import ElementTree -+import defusedxml.ElementTree - - - logger = logging.getLogger(__name__) -@@ -133,7 +134,7 @@ - :param expected_tags: What the tag of the SAML thingy is expected to be. - :return: SAML thingy as a string - """ -- envelope = ElementTree.fromstring(text) -+ envelope = defusedxml.ElementTree.fromstring(text) - - # Make sure it's a SOAP message - assert envelope.tag == '{%s}Envelope' % soapenv.NAMESPACE -@@ -183,7 +184,7 @@ - :return: The body and headers as class instances - """ - try: -- envelope = ElementTree.fromstring(text) -+ envelope = defusedxml.ElementTree.fromstring(text) - except Exception as exc: - raise XmlParseError("%s" % exc) - -@@ -209,7 +210,7 @@ - :return: dictionary with two keys "body"/"header" - """ - try: -- envelope = ElementTree.fromstring(text) -+ envelope = defusedxml.ElementTree.fromstring(text) - except Exception as exc: - raise XmlParseError("%s" % exc) - -diff -Naur pysaml2/tests/test_03_saml2.py pysaml2.new/tests/test_03_saml2.py ---- pysaml2/tests/test_03_saml2.py 2015-06-06 02:15:20.000000000 -0500 -+++ pysaml2.new/tests/test_03_saml2.py 2017-01-10 20:38:32.541728380 -0600 -@@ -17,6 +17,7 @@ - import cElementTree as ElementTree - except ImportError: - from elementtree import ElementTree -+from defusedxml.common import EntitiesForbidden - - ITEMS = { - NameID: [""" -@@ -27,7 +28,7 @@ - - """, """ - _1632879f09d08ea5ede2dc667cbed7e429ebc4335c - """, """ - - """, - SubjectConfirmation: - """ -@@ -166,6 +167,19 @@ - assert kl == None - - -+def test_create_class_from_xml_string_xxe(): -+ xml = """ -+ -+ -+ -+ ]> -+ &lol1; -+ """ -+ with raises(EntitiesForbidden) as err: -+ create_class_from_xml_string(NameID, xml) -+ -+ - def test_ee_1(): - ee = saml2.extension_element_from_string( - """bar""") -@@ -193,7 +207,7 @@ - def test_ee_3(): - ee = saml2.extension_element_from_string( - """ -- bar""") - assert ee != None - print(ee.__dict__) -@@ -454,6 +468,19 @@ - assert nid.text.strip() == "http://federationX.org" - - -+def test_ee_xxe(): -+ xml = """ -+ -+ -+ -+ ]> -+ &lol1; -+ """ -+ with raises(EntitiesForbidden): -+ saml2.extension_element_from_string(xml) -+ -+ - def test_extension_element_loadd(): - ava = {'attributes': {}, - 'tag': 'ExternalEntityAttributeAuthority', -diff -Naur pysaml2/tests/test_43_soap.py pysaml2.new/tests/test_43_soap.py ---- pysaml2/tests/test_43_soap.py 2013-04-28 09:38:07.000000000 -0500 -+++ pysaml2.new/tests/test_43_soap.py 2017-01-10 20:39:53.730364008 -0600 -@@ -12,16 +12,20 @@ - import cElementTree as ElementTree - except ImportError: - from elementtree import ElementTree -+from defusedxml.common import EntitiesForbidden -+ -+from pytest import raises - - import saml2.samlp as samlp - from saml2.samlp import NAMESPACE as SAMLP_NAMESPACE -+from saml2 import soap - - NAMESPACE = "http://schemas.xmlsoap.org/soap/envelope/" - - example = """ - -- - https://www.example.com/SAML - -@@ -55,7 +59,7 @@ - envelope.tag = '{%s}Envelope' % NAMESPACE - body = ElementTree.Element('') - body.tag = '{%s}Body' % NAMESPACE -- envelope.append(body) -+ envelope.append(body) - request = samlp.AuthnRequest() - request.become_child_element_of(body) - -@@ -66,3 +70,42 @@ - assert len(body) == 1 - saml_part = body[0] - assert saml_part.tag == '{%s}AuthnRequest' % SAMLP_NAMESPACE -+ -+ -+def test_parse_soap_enveloped_saml_thingy_xxe(): -+ xml = """ -+ -+ -+ -+ ]> -+ &lol1; -+ """ -+ with raises(EntitiesForbidden): -+ soap.parse_soap_enveloped_saml_thingy(xml, None) -+ -+ -+def test_class_instances_from_soap_enveloped_saml_thingies_xxe(): -+ xml = """ -+ -+ -+ -+ ]> -+ &lol1; -+ """ -+ with raises(soap.XmlParseError): -+ soap.class_instances_from_soap_enveloped_saml_thingies(xml, None) -+ -+ -+def test_open_soap_envelope_xxe(): -+ xml = """ -+ -+ -+ -+ ]> -+ &lol1; -+ """ -+ with raises(soap.XmlParseError): -+ soap.open_soap_envelope(xml) -diff -Naur pysaml2/tests/test_51_client.py pysaml2.new/tests/test_51_client.py ---- pysaml2/tests/test_51_client.py 2015-12-11 05:10:01.000000000 -0600 -+++ pysaml2.new/tests/test_51_client.py 2017-01-10 20:42:12.819280442 -0600 -@@ -5,6 +5,7 @@ - import uuid - import six - from six.moves.urllib.parse import parse_qs, urlencode, urlparse -+from pytest import raises - from saml2.cert import OpenSSLWrapper - from saml2.xmldsig import SIG_RSA_SHA256 - from saml2 import BINDING_HTTP_POST -@@ -21,6 +22,7 @@ - from saml2.authn_context import INTERNETPROTOCOLPASSWORD - from saml2.client import Saml2Client - from saml2.config import SPConfig -+from saml2.pack import parse_soap_enveloped_saml - from saml2.response import LogoutResponse - from saml2.saml import NAMEID_FORMAT_PERSISTENT, EncryptedAssertion, Advice - from saml2.saml import NAMEID_FORMAT_TRANSIENT -@@ -34,6 +36,8 @@ - from saml2.s_utils import factory - from saml2.time_util import in_a_while, a_while_ago - -+from defusedxml.common import EntitiesForbidden -+ - from fakeIDP import FakeIDP - from fakeIDP import unpack_form - from pathutils import full_path -@@ -1445,6 +1449,18 @@ - 'http://www.example.com/login' - assert ac.authn_context_class_ref.text == INTERNETPROTOCOLPASSWORD - -+def test_parse_soap_enveloped_saml_xxe(): -+ xml = """ -+ -+ -+ -+ ]> -+ &lol1; -+ """ -+ with raises(EntitiesForbidden): -+ parse_soap_enveloped_saml(xml, None) -+ - - # if __name__ == "__main__": - # tc = TestClient() diff --git a/dev-python/pysaml2/pysaml2-4.0.2-r3.ebuild b/dev-python/pysaml2/pysaml2-4.0.2-r3.ebuild deleted file mode 100644 index 5c16ff2cf00d..000000000000 --- a/dev-python/pysaml2/pysaml2-4.0.2-r3.ebuild +++ /dev/null @@ -1,39 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 -PYTHON_COMPAT=( python2_7 python3_{4,5,6} ) - -inherit distutils-r1 - -DESCRIPTION="Python implementation of SAML Version 2 to be used in a WSGI environment" -HOMEPAGE="https://github.com/rohe/pysaml2" -SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" - -LICENSE="Apache-2.0" -SLOT="0" -KEYWORDS="amd64 ~arm64 x86" -IUSE="" - -PATCHES=( - "${FILESDIR}/xxe-4.0.2.patch" - "${FILESDIR}/pysaml-4.0.2_CVE-2017-1000433.patch" -) - -DEPEND=" - dev-python/setuptools[${PYTHON_USEDEP}] -" -RDEPEND=" - dev-python/decorator[${PYTHON_USEDEP}] - >=dev-python/requests-1.0.0[${PYTHON_USEDEP}] - dev-python/future[${PYTHON_USEDEP}] - dev-python/paste[${PYTHON_USEDEP}] - dev-python/zope-interface[${PYTHON_USEDEP}] - dev-python/repoze-who[${PYTHON_USEDEP}] - >=dev-python/pycrypto-2.5[${PYTHON_USEDEP}] - dev-python/pytz[${PYTHON_USEDEP}] - dev-python/pyopenssl[${PYTHON_USEDEP}] - dev-python/python-dateutil[${PYTHON_USEDEP}] - dev-python/six[${PYTHON_USEDEP}] - dev-python/defusedxml[${PYTHON_USEDEP}] -" diff --git a/dev-python/pysaml2/pysaml2-4.6.3-r1.ebuild b/dev-python/pysaml2/pysaml2-4.6.3-r1.ebuild index 141820786e1c..2b95f2657abd 100644 --- a/dev-python/pysaml2/pysaml2-4.6.3-r1.ebuild +++ b/dev-python/pysaml2/pysaml2-4.6.3-r1.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI=6 -PYTHON_COMPAT=( python2_7 python3_{4,5,6} ) +PYTHON_COMPAT=( python2_7 python3_{5,6} ) inherit distutils-r1 diff --git a/dev-python/pysaml2/pysaml2-4.6.3.ebuild b/dev-python/pysaml2/pysaml2-4.6.3.ebuild index c4b4968ff421..bc6958e23a38 100644 --- a/dev-python/pysaml2/pysaml2-4.6.3.ebuild +++ b/dev-python/pysaml2/pysaml2-4.6.3.ebuild @@ -1,8 +1,8 @@ -# Copyright 1999-2018 Gentoo Authors +# Copyright 1999-2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=6 -PYTHON_COMPAT=( python2_7 python3_{4,5,6} ) +PYTHON_COMPAT=( python2_7 python3_{5,6} ) inherit distutils-r1 diff --git a/dev-python/pysaml2/pysaml2-4.6.5.ebuild b/dev-python/pysaml2/pysaml2-4.6.5.ebuild new file mode 100644 index 000000000000..e76f1ad55e02 --- /dev/null +++ b/dev-python/pysaml2/pysaml2-4.6.5.ebuild @@ -0,0 +1,40 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +PYTHON_COMPAT=( python2_7 python3_{5,6,7} ) + +inherit distutils-r1 + +DESCRIPTION="Python implementation of SAML Version 2 to be used in a WSGI environment" +HOMEPAGE="https://github.com/rohe/pysaml2" +SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~arm64 ~x86" +IUSE="" + +PATCHES=( +) + +DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]" +RDEPEND=">=dev-python/cryptography-1.4[${PYTHON_USEDEP}] + dev-python/defusedxml[${PYTHON_USEDEP}] + dev-python/future[${PYTHON_USEDEP}] + dev-python/pyopenssl[${PYTHON_USEDEP}] + dev-python/python-dateutil[${PYTHON_USEDEP}] + dev-python/pytz[${PYTHON_USEDEP}] + >=dev-python/requests-1.0.0[${PYTHON_USEDEP}] + dev-python/six[${PYTHON_USEDEP}]" + +python_prepare_all() { + # Work-around for bug 675824 + # With older setuptools, version = file:... is not supported, see Note 1 in: + # https://setuptools.readthedocs.io/en/latest/setuptools.html#metadata + # In such cases, hardcode the version + has_version ">=dev-python/setuptools-39.2.0" || \ + sed --in-place "s/^version = file:.*\$/version = ${PV}/" setup.cfg + ## + distutils-r1_python_prepare_all +} -- cgit v1.2.3