dev-python/pysaml2: fix bug 644016 CVE-2017-1000433

Package-Manager: Portage-2.3.14, Repoman-2.3.6
author: Matthew Thode <prometheanfire@gentoo.org> 2018-01-11 17:29:34 -0600
committer: Matthew Thode <prometheanfire@gentoo.org> 2018-01-11 17:29:50 -0600
commit: 8c31196d00e344da82cf4facf4f6f5d2826c692a (patch)
tree: f4d3ede980a08e51116a3741dd268bbb2c66212c /dev-python/pysaml2/files
parent: app-admin/metalog: mark 3-r2 arm64/m68k/s390/sh stable (diff)
download: gentoo-8c31196d00e344da82cf4facf4f6f5d2826c692a.tar.gz
gentoo-8c31196d00e344da82cf4facf4f6f5d2826c692a.tar.bz2
gentoo-8c31196d00e344da82cf4facf4f6f5d2826c692a.zip
1 files changed, 14 insertions, 0 deletions
diff --git a/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch b/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch
new file mode 100644
index 000000000000..e745263d236d
--- /dev/null
+++ b/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch
@@ -0,0 +1,14 @@
+diff -Naur pysaml2/src/saml2/authn.py pysaml2.new/src/saml2/authn.py
+--- 1/src/saml2/authn.py 2018-01-11 17:23:27.198775074 -0600
++++ 2/src/saml2/authn.py 2018-01-11 17:22:57.909567278 -0600
+@@ -147,7 +147,8 @@
+         return resp
+ 
+     def _verify(self, pwd, user):
+-        assert is_equal(pwd, self.passwd[user])
++        if not is_equal(pwd, self.passwd[user]):
++            raise ValueError("Wrong password")
+ 
+     def verify(self, request, **kwargs):
+         """
+
author	Matthew Thode <prometheanfire@gentoo.org>	2018-01-11 17:29:34 -0600
committer	Matthew Thode <prometheanfire@gentoo.org>	2018-01-11 17:29:50 -0600
commit	8c31196d00e344da82cf4facf4f6f5d2826c692a (patch)
tree	f4d3ede980a08e51116a3741dd268bbb2c66212c /dev-python/pysaml2/files
parent	app-admin/metalog: mark 3-r2 arm64/m68k/s390/sh stable (diff)
download	gentoo-8c31196d00e344da82cf4facf4f6f5d2826c692a.tar.gz gentoo-8c31196d00e344da82cf4facf4f6f5d2826c692a.tar.bz2 gentoo-8c31196d00e344da82cf4facf4f6f5d2826c692a.zip