From patchwork Mon Jan 24 16:16:38 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Adolf Belka <adolf.belka@ipfire.org>
X-Patchwork-Id: 4997
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4JjFjt4FcZz3wcx
	for <patchwork@web04.haj.ipfire.org>; Mon, 24 Jan 2022 16:26:42 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4JjFjt094Wz4Jt;
	Mon, 24 Jan 2022 16:26:42 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4JjFjs6kmRz2yx2;
	Mon, 24 Jan 2022 16:26:41 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384))
 (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4JjFjs2P0Xz2xdR
 for <development@lists.ipfire.org>; Mon, 24 Jan 2022 16:26:41 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4JjFjr5s0NzdP;
 Mon, 24 Jan 2022 16:26:40 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1643041600;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=xzNb1xbpE8hicm4pOhKXvbisoP5TFIgfUgz3b/ygOG8=;
 b=SwvN/IP/QhQL7JZCayfXHPGHKW/G2V+j63SlSNB1IfSYTxJHFWnLtCDr2QpwnMKNsntAZS
 +T0Y1jiRZDRw7qAw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1643041600;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=xzNb1xbpE8hicm4pOhKXvbisoP5TFIgfUgz3b/ygOG8=;
 b=tCmRRAWXJ/7Iqoj6mlkCthA8kcuYxaJMEkzZ1/kuGm0wzG3MGAUf/o0yg+teDzNoW37hYt
 X5k9/YJ5gmK71Hqmjp4c8W/laW4V+febdujVY5sBM09ljmw75eCX+MOWC2cbHakZa4B69y
 nnsN5PWI8NXzyhTBu7UWvAUM4Y2xmpSu2b3dZB6BUwk5uDBOmvgdajPey4jhngfKzx/9+R
 8tPLhpq6soI4CyDC4mpCg6KaLkhjYX0qGAyHnB/eGfZCKjEfN+QycOKJR94QLaS5iOtHxp
 waOm8+EZlnU1NvvEhApvz0QJ1rAUUpOqlZNqdfYNWw+g2ySHAOIuyW96P14MlQ==
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 18/35] python3-rsa: Update to version 4.8 and python-3.10
Date: Mon, 24 Jan 2022 17:16:38 +0100
Message-Id: <20220124161656.71960-18-adolf.belka@ipfire.org>
In-Reply-To: <20220124161656.71960-1-adolf.belka@ipfire.org>
References: <20220124161656.71960-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

- Update from 4.0 to 4.8
- Update of rootfile
- Changelog
- Switch to [Poetry](https://python-poetry.org/) for dependency and release management.
- Compatibility with Python 3.10.
- Chain exceptions using `raise new_exception from old_exception`
  ([#157](https://github.com/sybrenstuvel/python-rsa/pull/157))
- Added marker file for PEP 561. This will allow type checking tools in dependent projects
  to use type annotations from Python-RSA
  ([#136](https://github.com/sybrenstuvel/python-rsa/pull/136)).
- Use the Chinese Remainder Theorem when decrypting with a private key. This
  makes decryption 2-4x faster
  ([#163](https://github.com/sybrenstuvel/python-rsa/pull/163)).
- Fix picking/unpickling issue introduced in 4.7
  ([#173](https://github.com/sybrenstuvel/python-rsa/issues/173))
- Fix threading issue introduced in 4.7
  ([#173](https://github.com/sybrenstuvel/python-rsa/issues/173))
- Fix [#165](https://github.com/sybrenstuvel/python-rsa/issues/165):
  CVE-2020-25658 - Bleichenbacher-style timing oracle in PKCS#1 v1.5 decryption
  code
- Add padding length check as described by PKCS#1 v1.5 (Fixes
  [#164](https://github.com/sybrenstuvel/python-rsa/issues/164))
- Reuse of blinding factors to speed up blinding operations.
  Fixes [#162](https://github.com/sybrenstuvel/python-rsa/issues/162).
- Declare & test support for Python 3.9
Version 4.4 and 4.6 are almost a re-tagged release of version 4.2. It requires
Python 3.5+. To avoid older Python installations from trying to upgrade to RSA
4.4, this is now made explicit in the `python_requires` argument in `setup.py`.
There was a mistake releasing 4.4 as "3.5+ only", which made it necessary to
retag 4.4 as 4.6 as well.
No functional changes compared to version 4.2.
Version 4.3 and 4.5 are almost a re-tagged release of version 4.0. It is the
last to support Python 2.7. This is now made explicit in the `python_requires`
argument in `setup.py`. Python 3.4 is not supported by this release. There was a
mistake releasing 4.4 as "3.5+ only", which made it necessary to retag 4.3 as
4.5 as well.
Two security fixes have also been backported, so 4.3 = 4.0 + these two fixes.
- Choose blinding factor relatively prime to N. Thanks Christian Heimes for pointing this out.
- Reject cyphertexts (when decrypting) and signatures (when verifying) that have
  been modified by prepending zero bytes. This resolves CVE-2020-13757. Thanks
  Carnil for pointing this out.
- Rolled back the switch to Poetry, and reverted back to using Pipenv + setup.py
  for dependency management. There apparently is an issue no-binary installs of
  packages build with Poetry. This fixes
  [#148](https://github.com/sybrenstuvel/python-rsa/issues/148)
- Limited SHA3 support to those Python versions (3.6+) that support it natively.
  The third-party library that adds support for this to Python 3.5 is a binary
  package, and thus breaks the pure-Python nature of Python-RSA.
  This should fix [#147](https://github.com/sybrenstuvel/python-rsa/issues/147).
- Added support for Python 3.8.
- Dropped support for Python 2 and 3.4.
- Added type annotations to the source code. This will make Python-RSA easier to use in
  your IDE, and allows better type checking.
- Added static type checking via [MyPy](http://mypy-lang.org/).
- Fix [#129](https://github.com/sybrenstuvel/python-rsa/issues/129) Installing from source
  gives UnicodeDecodeError.
- Switched to using [Poetry](https://poetry.eustace.io/) for package
  management.
- Added support for SHA3 hashing: SHA3-256, SHA3-384, SHA3-512. This
  is natively supported by Python 3.6+ and supported via a third-party
  library on Python 3.5.
- Choose blinding factor relatively prime to N. Thanks Christian Heimes for pointing this out.
- Reject cyphertexts (when decrypting) and signatures (when verifying) that have
  been modified by prepending zero bytes. This resolves CVE-2020-13757. Thanks
  Adelapie for pointing this out.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
---
 config/rootfiles/packages/python3-rsa | 48 +++++++++++++--------------
 lfs/python3-rsa                       |  8 ++---
 2 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/config/rootfiles/packages/python3-rsa b/config/rootfiles/packages/python3-rsa
index ae16a6649..73ac732ad 100644
--- a/config/rootfiles/packages/python3-rsa
+++ b/config/rootfiles/packages/python3-rsa
@@ -4,27 +4,27 @@ usr/bin/pyrsa-keygen
 usr/bin/pyrsa-priv2pub
 usr/bin/pyrsa-sign
 usr/bin/pyrsa-verify
-#usr/lib/python3.8/site-packages/rsa
-#usr/lib/python3.8/site-packages/rsa-4.0-py3.8.egg-info
-#usr/lib/python3.8/site-packages/rsa-4.0-py3.8.egg-info/PKG-INFO
-#usr/lib/python3.8/site-packages/rsa-4.0-py3.8.egg-info/SOURCES.txt
-#usr/lib/python3.8/site-packages/rsa-4.0-py3.8.egg-info/dependency_links.txt
-#usr/lib/python3.8/site-packages/rsa-4.0-py3.8.egg-info/entry_points.txt
-#usr/lib/python3.8/site-packages/rsa-4.0-py3.8.egg-info/requires.txt
-#usr/lib/python3.8/site-packages/rsa-4.0-py3.8.egg-info/top_level.txt
-usr/lib/python3.8/site-packages/rsa/__init__.py
-usr/lib/python3.8/site-packages/rsa/_compat.py
-usr/lib/python3.8/site-packages/rsa/asn1.py
-usr/lib/python3.8/site-packages/rsa/cli.py
-usr/lib/python3.8/site-packages/rsa/common.py
-usr/lib/python3.8/site-packages/rsa/core.py
-usr/lib/python3.8/site-packages/rsa/key.py
-usr/lib/python3.8/site-packages/rsa/machine_size.py
-usr/lib/python3.8/site-packages/rsa/parallel.py
-usr/lib/python3.8/site-packages/rsa/pem.py
-usr/lib/python3.8/site-packages/rsa/pkcs1.py
-usr/lib/python3.8/site-packages/rsa/pkcs1_v2.py
-usr/lib/python3.8/site-packages/rsa/prime.py
-usr/lib/python3.8/site-packages/rsa/randnum.py
-usr/lib/python3.8/site-packages/rsa/transform.py
-usr/lib/python3.8/site-packages/rsa/util.py
+#usr/lib/python3.10/site-packages/rsa
+#usr/lib/python3.10/site-packages/rsa-4.8-py3.10.egg-info
+#usr/lib/python3.10/site-packages/rsa-4.8-py3.10.egg-info/PKG-INFO
+#usr/lib/python3.10/site-packages/rsa-4.8-py3.10.egg-info/SOURCES.txt
+#usr/lib/python3.10/site-packages/rsa-4.8-py3.10.egg-info/dependency_links.txt
+#usr/lib/python3.10/site-packages/rsa-4.8-py3.10.egg-info/entry_points.txt
+#usr/lib/python3.10/site-packages/rsa-4.8-py3.10.egg-info/requires.txt
+#usr/lib/python3.10/site-packages/rsa-4.8-py3.10.egg-info/top_level.txt
+usr/lib/python3.10/site-packages/rsa/__init__.py
+usr/lib/python3.10/site-packages/rsa/_compat.py
+usr/lib/python3.10/site-packages/rsa/asn1.py
+usr/lib/python3.10/site-packages/rsa/cli.py
+usr/lib/python3.10/site-packages/rsa/common.py
+usr/lib/python3.10/site-packages/rsa/core.py
+usr/lib/python3.10/site-packages/rsa/key.py
+usr/lib/python3.10/site-packages/rsa/parallel.py
+usr/lib/python3.10/site-packages/rsa/pem.py
+usr/lib/python3.10/site-packages/rsa/pkcs1.py
+usr/lib/python3.10/site-packages/rsa/pkcs1_v2.py
+usr/lib/python3.10/site-packages/rsa/prime.py
+usr/lib/python3.10/site-packages/rsa/py.typed
+usr/lib/python3.10/site-packages/rsa/randnum.py
+usr/lib/python3.10/site-packages/rsa/transform.py
+usr/lib/python3.10/site-packages/rsa/util.py
diff --git a/lfs/python3-rsa b/lfs/python3-rsa
index 79a835220..7e575c3c7 100644
--- a/lfs/python3-rsa
+++ b/lfs/python3-rsa
@@ -24,15 +24,15 @@
 
 include Config
 
-VER        = 4.0
+VER        = 4.8
 
 THISAPP    = rsa-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
 DL_FROM    = $(URL_IPFIRE)
-DIR_APP    = $(DIR_SRC)/python-rsa-version-$(VER)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = python3-rsa
-PAK_VER    = 3
+PAK_VER    = 4
 
 DEPS       =
 
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 13a71a55588c97de45fb9887cae6da90
+$(DL_FILE)_MD5 = edb224f927cf8f53ff530ab04d092c69
 
 install : $(TARGET)