Date: Wed, 29 May 2019 14:45:23 +0000 (UTC) From: Mahdi Mokhtari <mmokhi@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r502964 - in head/security/py-paramiko: . files Message-ID: <201905291445.x4TEjN6i045081@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mmokhi Date: Wed May 29 14:45:23 2019 New Revision: 502964 URL: https://svnweb.freebsd.org/changeset/ports/502964 Log: security/py-paramiko: Backport upstream fix on CryptographyDeprecationWarnings Following cryptography 2.5 release the py-paramiko generates the deprecation warnings that breaks user-cases relying on its output. The issue has been tracked and fixed upstream, this patch backports on our tree, until upstream's next release. Reported by: filis Reviewed by: sbz (maintainer) Approved by: sbz (maintainer) Sponsored by: Platform.sh Differential Revision: https://reviews.freebsd.org/D20384 Added: head/security/py-paramiko/files/ head/security/py-paramiko/files/patch-PR1369.diff (contents, props changed) Modified: head/security/py-paramiko/Makefile Modified: head/security/py-paramiko/Makefile ============================================================================== --- head/security/py-paramiko/Makefile Wed May 29 14:44:45 2019 (r502963) +++ head/security/py-paramiko/Makefile Wed May 29 14:45:23 2019 (r502964) @@ -3,6 +3,7 @@ PORTNAME= paramiko PORTVERSION= 2.4.2 +PORTREVISION= 1 CATEGORIES= security python MASTER_SITES= CHEESESHOP PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} Added: head/security/py-paramiko/files/patch-PR1369.diff ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/py-paramiko/files/patch-PR1369.diff Wed May 29 14:45:23 2019 (r502964) @@ -0,0 +1,115 @@ +Index: paramiko/ecdsakey.py +=================================================================== +--- paramiko/ecdsakey.py ++++ paramiko/ecdsakey.py +@@ -160,12 +160,12 @@ class ECDSAKey(PKey): + + pointinfo = msg.get_binary() + try: +- numbers = ec.EllipticCurvePublicNumbers.from_encoded_point( ++ key = ec.EllipticCurvePublicKey.from_encoded_point( + self.ecdsa_curve.curve_class(), pointinfo + ) ++ self.verifying_key = key + except ValueError: + raise SSHException("Invalid public key") +- self.verifying_key = numbers.public_key(backend=default_backend()) + + @classmethod + def supported_key_format_identifiers(cls): +Index: paramiko/kex_ecdh_nist.py +=================================================================== +--- paramiko/kex_ecdh_nist.py ++++ paramiko/kex_ecdh_nist.py +@@ -9,6 +9,7 @@ from paramiko.py3compat import byte_chr, long + from paramiko.ssh_exception import SSHException + from cryptography.hazmat.backends import default_backend + from cryptography.hazmat.primitives.asymmetric import ec ++from cryptography.hazmat.primitives import serialization + from binascii import hexlify + + _MSG_KEXECDH_INIT, _MSG_KEXECDH_REPLY = range(30, 32) +@@ -36,7 +37,12 @@ class KexNistp256: + m = Message() + m.add_byte(c_MSG_KEXECDH_INIT) + # SEC1: V2.0 2.3.3 Elliptic-Curve-Point-to-Octet-String Conversion +- m.add_string(self.Q_C.public_numbers().encode_point()) ++ m.add_string( ++ self.Q_C.public_bytes( ++ serialization.Encoding.X962, ++ serialization.PublicFormat.UncompressedPoint, ++ ) ++ ) + self.transport._send_message(m) + self.transport._expect_packet(_MSG_KEXECDH_REPLY) + +@@ -58,11 +64,11 @@ class KexNistp256: + + def _parse_kexecdh_init(self, m): + Q_C_bytes = m.get_string() +- self.Q_C = ec.EllipticCurvePublicNumbers.from_encoded_point( ++ self.Q_C = ec.EllipticCurvePublicKey.from_encoded_point( + self.curve, Q_C_bytes + ) + K_S = self.transport.get_server_key().asbytes() +- K = self.P.exchange(ec.ECDH(), self.Q_C.public_key(default_backend())) ++ K = self.P.exchange(ec.ECDH(), self.Q_C) + K = long(hexlify(K), 16) + # compute exchange hash + hm = Message() +@@ -75,7 +81,12 @@ class KexNistp256: + hm.add_string(K_S) + hm.add_string(Q_C_bytes) + # SEC1: V2.0 2.3.3 Elliptic-Curve-Point-to-Octet-String Conversion +- hm.add_string(self.Q_S.public_numbers().encode_point()) ++ hm.add_string( ++ self.Q_S.public_bytes( ++ serialization.Encoding.X962, ++ serialization.PublicFormat.UncompressedPoint, ++ ) ++ ) + hm.add_mpint(long(K)) + H = self.hash_algo(hm.asbytes()).digest() + self.transport._set_K_H(K, H) +@@ -84,7 +95,12 @@ class KexNistp256: + m = Message() + m.add_byte(c_MSG_KEXECDH_REPLY) + m.add_string(K_S) +- m.add_string(self.Q_S.public_numbers().encode_point()) ++ m.add_string( ++ self.Q_S.public_bytes( ++ serialization.Encoding.X962, ++ serialization.PublicFormat.UncompressedPoint, ++ ) ++ ) + m.add_string(sig) + self.transport._send_message(m) + self.transport._activate_outbound() +@@ -92,11 +108,11 @@ class KexNistp256: + def _parse_kexecdh_reply(self, m): + K_S = m.get_string() + Q_S_bytes = m.get_string() +- self.Q_S = ec.EllipticCurvePublicNumbers.from_encoded_point( ++ self.Q_S = ec.EllipticCurvePublicKey.from_encoded_point( + self.curve, Q_S_bytes + ) + sig = m.get_binary() +- K = self.P.exchange(ec.ECDH(), self.Q_S.public_key(default_backend())) ++ K = self.P.exchange(ec.ECDH(), self.Q_S) + K = long(hexlify(K), 16) + # compute exchange hash and verify signature + hm = Message() +@@ -108,7 +124,12 @@ class KexNistp256: + ) + hm.add_string(K_S) + # SEC1: V2.0 2.3.3 Elliptic-Curve-Point-to-Octet-String Conversion +- hm.add_string(self.Q_C.public_numbers().encode_point()) ++ hm.add_string( ++ self.Q_C.public_bytes( ++ serialization.Encoding.X962, ++ serialization.PublicFormat.UncompressedPoint, ++ ) ++ ) + hm.add_string(Q_S_bytes) + hm.add_mpint(K) + self.transport._set_K_H(K, self.hash_algo(hm.asbytes()).digest())
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201905291445.x4TEjN6i045081>