OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-dnspython?expand=0&rev=41

2018-05-09 13:48:08 +00:00 · 2018-05-09 13:48:08 +00:00 · 4a234f3edc
commit 4a234f3edc
parent ad27d482f0
1 changed files with 52 additions and 65 deletions
--- a/pycryptodome.patch
+++ b/pycryptodome.patch
@ -17,11 +17,11 @@ Subject: [PATCH] Update DNSSEC code to use pycryptodome instead of pycrypto.
 8 files changed, 105 insertions(+), 126 deletions(-)
 delete mode 100644 dns/hash.py
-diff --git a/dns/__init__.py b/dns/__init__.py
+Index: dnspython-1.15.0/dns/__init__.py
-index c848e48..3852729 100644
+===================================================================
--- a/dns/__init__.py
+--- dnspython-1.15.0.orig/dns/__init__.py
-+++ b/dns/__init__.py
+++ dnspython-1.15.0/dns/__init__.py
-@@ -22,7 +22,6 @@
+@@ -22,7 +22,6 @@ __all__ = [
     'entropy',
     'exception',
     'flags',
@ -29,11 +29,11 @@ index c848e48..3852729 100644
     'inet',
     'ipv4',
     'ipv6',
-diff --git a/dns/dnssec.py b/dns/dnssec.py
+Index: dnspython-1.15.0/dns/dnssec.py
-index b91a64f..2b5d5b2 100644
+===================================================================
--- a/dns/dnssec.py
+--- dnspython-1.15.0.orig/dns/dnssec.py
-+++ b/dns/dnssec.py
+++ dnspython-1.15.0/dns/dnssec.py
-@@ -20,7 +20,6 @@
+@@ -20,7 +20,6 @@ import struct
 import time
 import dns.exception
@ -41,7 +41,7 @@ index b91a64f..2b5d5b2 100644
 import dns.name
 import dns.node
 import dns.rdataset
-@@ -28,7 +27,8 @@
+@@ -28,7 +27,8 @@ import dns.rdata
 import dns.rdatatype
 import dns.rdataclass
 from ._compat import string_types
@ -50,47 +50,35 @@ index b91a64f..2b5d5b2 100644
 +from Crypto.Signature import pkcs1_15, DSS
 class UnsupportedAlgorithm(dns.exception.DNSException):
     """The DNSSEC algorithm is not supported."""
@@ -39,27 +39,27 @@ class ValidationFailure(dns.exception.DNSException):
@@ -39,34 +39,34 @@ class ValidationFailure(dns.exception.DN
     """The DNSSEC signature is invalid."""
 #: RSAMD5
 -RSAMD5 = 1
 +ALGO_RSAMD5 = 1
 #: DH
 -DH = 2
 +ALGO_DH = 2
 #: DSA
 -DSA = 3
 +ALGO_DSA = 3
 #: ECC
 -ECC = 4
 +ALGO_ECC = 4
 #: RSASHA1
 -RSASHA1 = 5
 +ALGO_RSASHA1 = 5
 #: DSANSEC3SHA1
 -DSANSEC3SHA1 = 6
 +ALGO_DSANSEC3SHA1 = 6
 #: RSASHA1NSEC3SHA1
 -RSASHA1NSEC3SHA1 = 7
 +ALGO_RSASHA1NSEC3SHA1 = 7
 #: RSASHA256
 -RSASHA256 = 8
 +ALGO_RSASHA256 = 8
 #: RSASHA512
 -RSASHA512 = 10
 +ALGO_RSASHA512 = 10
 #: ECDSAP256SHA256
 -ECDSAP256SHA256 = 13
 +ALGO_ECDSAP256SHA256 = 13
 #: ECDSAP384SHA384
 -ECDSAP384SHA384 = 14
 +ALGO_RSAMD5 = 1
 +ALGO_DH = 2
 +ALGO_DSA = 3
 +ALGO_ECC = 4
 +ALGO_RSASHA1 = 5
 +ALGO_DSANSEC3SHA1 = 6
 +ALGO_RSASHA1NSEC3SHA1 = 7
 +ALGO_RSASHA256 = 8
 +ALGO_RSASHA512 = 10
 +ALGO_ECDSAP256SHA256 = 13
 +ALGO_ECDSAP384SHA384 = 14
 #: INDIRECT
 INDIRECT = 252
- #: PRIVATEDNS
+ PRIVATEDNS = 253
@@ -68,18 +68,18 @@ class ValidationFailure(dns.exception.DNSException):
 PRIVATEOID = 254
 _algorithm_by_text = {
@ -120,8 +108,8 @@ index b91a64f..2b5d5b2 100644
     'PRIVATEDNS': PRIVATEDNS,
     'PRIVATEOID': PRIVATEOID,
 }
-@@ -132,7 +132,7 @@ def key_id(key, origin=None):
+@@ -107,7 +107,7 @@ def _to_rdata(record, origin):
- 
+ def key_id(key, origin=None):
     rdata = _to_rdata(key, origin)
     rdata = bytearray(rdata)
 -    if key.algorithm == RSAMD5:
@ -129,8 +117,8 @@ index b91a64f..2b5d5b2 100644
         return (rdata[-3] << 8) + rdata[-2]
     else:
         total = 0
-@@ -164,10 +164,10 @@ def make_ds(name, key, algorithm, origin=None):
+@@ -123,10 +123,10 @@ def key_id(key, origin=None):
- 
+ def make_ds(name, key, algorithm, origin=None):
     if algorithm.upper() == 'SHA1':
         dsalg = 1
 -        hash = dns.hash.hashes['SHA1']()
@ -142,7 +130,7 @@ index b91a64f..2b5d5b2 100644
     else:
         raise UnsupportedAlgorithm('unsupported algorithm "%s"' % algorithm)
-@@ -203,51 +203,51 @@ def _find_candidate_keys(keys, rrsig):
+@@ -162,51 +162,51 @@ def _find_candidate_keys(keys, rrsig):
 def _is_rsa(algorithm):
@ -210,7 +198,7 @@ index b91a64f..2b5d5b2 100644
     raise ValidationFailure('unknown hash for algorithm %u' % algorithm)
-@@ -326,11 +326,13 @@ def _validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
+@@ -284,11 +284,13 @@ def _validate_rrsig(rrset, rrsig, keys,
                 keyptr = keyptr[2:]
             rsa_e = keyptr[0:bytes_]
             rsa_n = keyptr[bytes_:]
@ -229,7 +217,7 @@ index b91a64f..2b5d5b2 100644
         elif _is_dsa(rrsig.algorithm):
             keyptr = candidate_key.key
             (t,) = struct.unpack('!B', keyptr[0:1])
-@@ -348,20 +350,19 @@ def _validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
+@@ -306,20 +308,19 @@ def _validate_rrsig(rrset, rrsig, keys,
                  Crypto.Util.number.bytes_to_long(dsa_g),
                  Crypto.Util.number.bytes_to_long(dsa_p),
                  Crypto.Util.number.bytes_to_long(dsa_q)))
@ -257,8 +245,8 @@ index b91a64f..2b5d5b2 100644
 +
             x = Crypto.Util.number.bytes_to_long(keyptr[0:key_len])
             y = Crypto.Util.number.bytes_to_long(keyptr[key_len:key_len * 2])
-             if not ecdsa.ecdsa.point_is_valid(curve.generator, x, y):
+             assert ecdsa.ecdsa.point_is_valid(curve.generator, x, y)
-@@ -374,6 +375,7 @@ def _validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
+@@ -331,6 +332,7 @@ def _validate_rrsig(rrset, rrsig, keys,
             s = rrsig.signature[key_len:]
             sig = ecdsa.ecdsa.Signature(Crypto.Util.number.bytes_to_long(r),
                                         Crypto.Util.number.bytes_to_long(s))
@ -266,7 +254,7 @@ index b91a64f..2b5d5b2 100644
         else:
             raise ValidationFailure('unknown algorithm %u' % rrsig.algorithm)
-@@ -395,24 +397,31 @@ def _validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
+@@ -352,24 +354,31 @@ def _validate_rrsig(rrset, rrsig, keys,
             hash.update(rrlen)
             hash.update(rrdata)
@ -315,7 +303,7 @@ index b91a64f..2b5d5b2 100644
     raise ValidationFailure('verify failure')
-@@ -444,10 +453,8 @@ def _validate(rrset, rrsigset, keys, origin=None, now=None):
+@@ -401,10 +410,8 @@ def _validate(rrset, rrsigset, keys, ori
         rrname = rrset.name
     if isinstance(rrsigset, tuple):
@ -326,7 +314,7 @@ index b91a64f..2b5d5b2 100644
         rrsigrdataset = rrsigset
     rrname = rrname.choose_relativity(origin)
-@@ -465,7 +472,7 @@ def _validate(rrset, rrsigset, keys, origin=None, now=None):
+@@ -422,7 +429,7 @@ def _validate(rrset, rrsigset, keys, ori
 def _need_pycrypto(*args, **kwargs):
@ -335,10 +323,9 @@ index b91a64f..2b5d5b2 100644
 try:
     import Crypto.PublicKey.RSA
-diff --git a/dns/hash.py b/dns/hash.py
+Index: dnspython-1.15.0/dns/hash.py
-deleted file mode 100644
+===================================================================
-index 966838a..0000000
+--- dnspython-1.15.0.orig/dns/hash.py
 --- a/dns/hash.py
 +++ /dev/null
@@ -1,31 +0,0 @@
 -# Copyright (C) 2011 Nominum, Inc.
@ -372,11 +359,11 @@ index 966838a..0000000
 -
 -def get(algorithm):
 -    return hashes[algorithm.upper()]
-diff --git a/dns/tsig.py b/dns/tsig.py
+Index: dnspython-1.15.0/dns/tsig.py
-index c57d879..fd9d56a 100644
+===================================================================
--- a/dns/tsig.py
+--- dnspython-1.15.0.orig/dns/tsig.py
-+++ b/dns/tsig.py
+++ dnspython-1.15.0/dns/tsig.py
-@@ -19,9 +19,9 @@
+@@ -19,9 +19,9 @@ import hmac
 import struct
 import dns.exception
@ -396,11 +383,11 @@ index c57d879..fd9d56a 100644
     except KeyError:
         raise NotImplementedError("TSIG algorithm " + str(algorithm) +
                                   " is not supported")
-diff --git a/tests/test_dnssec.py b/tests/test_dnssec.py
+Index: dnspython-1.15.0/tests/test_dnssec.py
-index 80bd626..9fb037e 100644
+===================================================================
--- a/tests/test_dnssec.py
+--- dnspython-1.15.0.orig/tests/test_dnssec.py
-+++ b/tests/test_dnssec.py
+++ dnspython-1.15.0/tests/test_dnssec.py
-@@ -156,22 +156,22 @@
+@@ -156,22 +156,22 @@ abs_other_ecdsa384_soa = dns.rrset.from_
 abs_ecdsa384_soa_rrsig = dns.rrset.from_text('example.', 86400, 'IN', 'RRSIG',
                                              "SOA 14 1 86400 20130929021229 20130921230729 63571 example. CrnCu34EeeRz0fEhL9PLlwjpBKGYW8QjBjFQTwd+ViVLRAS8tNkcDwQE NhSV89NEjj7ze1a/JcCfcJ+/mZgnvH4NHLNg3Tf6KuLZsgs2I4kKQXEk 37oIHravPEOlGYNI")
@ -427,7 +414,7 @@ index 80bd626..9fb037e 100644
     def testAbsoluteRSABad(self):
         def bad():
             dns.dnssec.validate(abs_other_soa, abs_soa_rrsig, abs_keys, None,
-@@ -179,13 +179,13 @@ def bad():
+@@ -179,13 +179,13 @@ class DNSSECValidatorTestCase(unittest.T
         self.failUnlessRaises(dns.dnssec.ValidationFailure, bad)
     @unittest.skipUnless(dns.dnssec._have_pycrypto,
@ -443,7 +430,7 @@ index 80bd626..9fb037e 100644
     def testRelativeRSABad(self):
         def bad():
             dns.dnssec.validate(rel_other_soa, rel_soa_rrsig, rel_keys,
-@@ -197,13 +197,13 @@ def testMakeSHA256DS(self):
+@@ -197,13 +197,13 @@ class DNSSECValidatorTestCase(unittest.T
         self.failUnless(ds == good_ds)
     @unittest.skipUnless(dns.dnssec._have_pycrypto,