* [bug#29415] [PATCH] gnu: python-axolotl: Update to 0.1.39 and fix build.
@ 2017-11-23 20:04 Adam Van Ymeren
2017-11-25 0:09 ` Leo Famulari
0 siblings, 1 reply; 8+ messages in thread
From: Adam Van Ymeren @ 2017-11-23 20:04 UTC (permalink / raw)
To: 29415
Patch taken from the debian package for python-axolotl-0.1.39.
python-axolotl has been failing since March,
https://hydra.gnu.org/job/gnu/master/python-axolotl-0.1.35.x86_64-linux
This also fixes the OMEMO and OTR plugins for Gajim work.
---
...olotl-removes-IV-parameter-at-AES-creation.patch | 21 +++++++++++++++++++++
gnu/packages/python-crypto.scm | 6 ++++--
2 files changed, 25 insertions(+), 2 deletions(-)
create mode 100644 gnu/packages/patches/python-axolotl-removes-IV-parameter-at-AES-creation.patch
diff --git a/gnu/packages/patches/python-axolotl-removes-IV-parameter-at-AES-creation.patch b/gnu/packages/patches/python-axolotl-removes-IV-parameter-at-AES-creation.patch
new file mode 100644
index 000000000..b25806ca2
--- /dev/null
+++ b/gnu/packages/patches/python-axolotl-removes-IV-parameter-at-AES-creation.patch
@@ -0,0 +1,21 @@
+Description: Removes IV paramenter from AES constructor, since it is not necessary for ctr mode.
+Author: Josue Ortega <josue@debian.org>
+Last-Update: 2017-04-13
+
+--- a/axolotl/sessioncipher.py
++++ b/axolotl/sessioncipher.py
+@@ -228,13 +228,7 @@
+ # counterint = struct.unpack(">L", counterbytes)[0]
+ # counterint = int.from_bytes(counterbytes, byteorder='big')
+ ctr = Counter.new(128, initial_value=counter)
+-
+- # cipher = AES.new(key, AES.MODE_CTR, counter=ctr)
+- ivBytes = bytearray(16)
+- ByteUtil.intToByteArray(ivBytes, 0, counter)
+-
+- cipher = AES.new(key, AES.MODE_CTR, IV=bytes(ivBytes), counter=ctr)
+-
++ cipher = AES.new(key, AES.MODE_CTR, counter=ctr)
+ return cipher
+
+
diff --git a/gnu/packages/python-crypto.scm b/gnu/packages/python-crypto.scm
index 77409d86d..3ffa477fe 100644
--- a/gnu/packages/python-crypto.scm
+++ b/gnu/packages/python-crypto.scm
@@ -430,7 +430,7 @@ python-axolotl.")
(define-public python-axolotl
(package
(name "python-axolotl")
- (version "0.1.35")
+ (version "0.1.39")
(source
(origin
(method url-fetch)
@@ -438,8 +438,10 @@ python-axolotl.")
"https://github.com/tgalal/python-axolotl/archive/"
version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
+ (patches (search-patches
+ "python-axolotl-removes-IV-parameter-at-AES-creation.patch"))
(sha256
- (base32 "1z8d89p7v40p4bwywjm9h4z28fdvra79ddw06azlkrfjbl7dxmz8"))))
+ (base32 "0badsgkgz0ir3hqynxzsfjgacppi874syvvmgccc6j164053x6zm"))))
(build-system python-build-system)
(arguments
`(#:phases
--
2.15.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [bug#29415] [PATCH] gnu: python-axolotl: Update to 0.1.39 and fix build.
2017-11-23 20:04 [bug#29415] [PATCH] gnu: python-axolotl: Update to 0.1.39 and fix build Adam Van Ymeren
@ 2017-11-25 0:09 ` Leo Famulari
2017-11-27 15:00 ` Adam Van Ymeren
0 siblings, 1 reply; 8+ messages in thread
From: Leo Famulari @ 2017-11-25 0:09 UTC (permalink / raw)
To: Adam Van Ymeren; +Cc: 29415
[-- Attachment #1: Type: text/plain, Size: 1823 bytes --]
On Thu, Nov 23, 2017 at 03:04:46PM -0500, Adam Van Ymeren wrote:
Hi,
> Patch taken from the debian package for python-axolotl-0.1.39.
>
> python-axolotl has been failing since March,
> https://hydra.gnu.org/job/gnu/master/python-axolotl-0.1.35.x86_64-linux
>
> This also fixes the OMEMO and OTR plugins for Gajim work.
Thanks for looking into this and sending the patch.
> diff --git a/gnu/packages/patches/python-axolotl-removes-IV-parameter-at-AES-creation.patch b/gnu/packages/patches/python-axolotl-removes-IV-parameter-at-AES-creation.patch
> new file mode 100644
> index 000000000..b25806ca2
> --- /dev/null
> +++ b/gnu/packages/patches/python-axolotl-removes-IV-parameter-at-AES-creation.patch
> @@ -0,0 +1,21 @@
> +Description: Removes IV paramenter from AES constructor, since it is not necessary for ctr mode.
> +Author: Josue Ortega <josue@debian.org>
> +Last-Update: 2017-04-13
> +
> +--- a/axolotl/sessioncipher.py
> ++++ b/axolotl/sessioncipher.py
> +@@ -228,13 +228,7 @@
> + # counterint = struct.unpack(">L", counterbytes)[0]
> + # counterint = int.from_bytes(counterbytes, byteorder='big')
> + ctr = Counter.new(128, initial_value=counter)
> +-
> +- # cipher = AES.new(key, AES.MODE_CTR, counter=ctr)
> +- ivBytes = bytearray(16)
> +- ByteUtil.intToByteArray(ivBytes, 0, counter)
> +-
> +- cipher = AES.new(key, AES.MODE_CTR, IV=bytes(ivBytes), counter=ctr)
> +-
> ++ cipher = AES.new(key, AES.MODE_CTR, counter=ctr)
> + return cipher
I think this change should be submitted upstream, which is here:
https://github.com/tgalal/python-axolotl
Can you do that? We wouldn't have to wait for a new release of
python-axolotl, but we should wait to hear what the upstream maintainer
thinks.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* [bug#29415] [PATCH] gnu: python-axolotl: Update to 0.1.39 and fix build.
2017-11-25 0:09 ` Leo Famulari
@ 2017-11-27 15:00 ` Adam Van Ymeren
2017-11-27 18:09 ` Leo Famulari
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Adam Van Ymeren @ 2017-11-27 15:00 UTC (permalink / raw)
To: Leo Famulari; +Cc: 29415
Leo Famulari <leo@famulari.name> writes:
> I think this change should be submitted upstream, which is here:
>
> https://github.com/tgalal/python-axolotl
>
> Can you do that? We wouldn't have to wait for a new release of
> python-axolotl, but we should wait to hear what the upstream maintainer
> thinks.
Pull request sent.
There is also a pull request pending from someone else that updates
pyton-axolotl to use a newer python cryptography library rather than the
deprecated python-pycrypto library. That would also fix this issue and
is a much better long term fix but also a more intrusive change.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [bug#29415] [PATCH] gnu: python-axolotl: Update to 0.1.39 and fix build.
2017-11-27 15:00 ` Adam Van Ymeren
@ 2017-11-27 18:09 ` Leo Famulari
2017-11-27 18:10 ` Leo Famulari
2018-01-30 21:16 ` Ludovic Courtès
2 siblings, 0 replies; 8+ messages in thread
From: Leo Famulari @ 2017-11-27 18:09 UTC (permalink / raw)
To: Adam Van Ymeren; +Cc: 29415
[-- Attachment #1: Type: text/plain, Size: 983 bytes --]
On Mon, Nov 27, 2017 at 10:00:01AM -0500, Adam Van Ymeren wrote:
> Leo Famulari <leo@famulari.name> writes:
> There is also a pull request pending from someone else that updates
> pyton-axolotl to use a newer python cryptography library rather than the
> deprecated python-pycrypto library. That would also fix this issue and
> is a much better long term fix but also a more intrusive change.
I noticed that as well. Pycrypto is no longer maintained and has an
extremely serious bug that was never fixed in a released version:
https://github.com/dlitz/pycrypto/issues/176
And the author seems to implicitly agree that people should stop using
it:
https://github.com/dlitz/pycrypto/issues/173
So I added a TODO comment to the package, saying that we should remove
it:
https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/python-crypto.scm?id=12a130b0118c3f56e6337e011dc4a89f2671359a#n186
So, I recommend being careful how you use any package that depends on
pycrypto.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* [bug#29415] [PATCH] gnu: python-axolotl: Update to 0.1.39 and fix build.
2017-11-27 15:00 ` Adam Van Ymeren
2017-11-27 18:09 ` Leo Famulari
@ 2017-11-27 18:10 ` Leo Famulari
2018-01-30 21:16 ` Ludovic Courtès
2 siblings, 0 replies; 8+ messages in thread
From: Leo Famulari @ 2017-11-27 18:10 UTC (permalink / raw)
To: Adam Van Ymeren; +Cc: 29415
[-- Attachment #1: Type: text/plain, Size: 486 bytes --]
On Mon, Nov 27, 2017 at 10:00:01AM -0500, Adam Van Ymeren wrote:
> Leo Famulari <leo@famulari.name> writes:
> > I think this change should be submitted upstream, which is here:
> >
> > https://github.com/tgalal/python-axolotl
> >
> > Can you do that? We wouldn't have to wait for a new release of
> > python-axolotl, but we should wait to hear what the upstream maintainer
> > thinks.
>
> Pull request sent.
Great, please ping us when they respond or if they never do :)
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* [bug#29415] [PATCH] gnu: python-axolotl: Update to 0.1.39 and fix build.
2017-11-27 15:00 ` Adam Van Ymeren
2017-11-27 18:09 ` Leo Famulari
2017-11-27 18:10 ` Leo Famulari
@ 2018-01-30 21:16 ` Ludovic Courtès
2018-01-31 14:38 ` Adam Van Ymeren
2 siblings, 1 reply; 8+ messages in thread
From: Ludovic Courtès @ 2018-01-30 21:16 UTC (permalink / raw)
To: Adam Van Ymeren; +Cc: 29415
Hi Adam,
Adam Van Ymeren <adam@vany.ca> skribis:
> Leo Famulari <leo@famulari.name> writes:
>> I think this change should be submitted upstream, which is here:
>>
>> https://github.com/tgalal/python-axolotl
>>
>> Can you do that? We wouldn't have to wait for a new release of
>> python-axolotl, but we should wait to hear what the upstream maintainer
>> thinks.
>
> Pull request sent.
>
> There is also a pull request pending from someone else that updates
> pyton-axolotl to use a newer python cryptography library rather than the
> deprecated python-pycrypto library. That would also fix this issue and
> is a much better long term fix but also a more intrusive change.
Any update on this? :-)
Thanks in advance,
Ludo’.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [bug#29415] [PATCH] gnu: python-axolotl: Update to 0.1.39 and fix build.
2018-01-30 21:16 ` Ludovic Courtès
@ 2018-01-31 14:38 ` Adam Van Ymeren
2018-01-31 16:37 ` bug#29415: " Ludovic Courtès
0 siblings, 1 reply; 8+ messages in thread
From: Adam Van Ymeren @ 2018-01-31 14:38 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: 29415
Ludovic Courtès <ludo@gnu.org> writes:
> Hi Adam,
>
> Adam Van Ymeren <adam@vany.ca> skribis:
>
>> Leo Famulari <leo@famulari.name> writes:
>>> I think this change should be submitted upstream, which is here:
>>>
>>> https://github.com/tgalal/python-axolotl
>>>
>>> Can you do that? We wouldn't have to wait for a new release of
>>> python-axolotl, but we should wait to hear what the upstream maintainer
>>> thinks.
>>
>> Pull request sent.
>>
>> There is also a pull request pending from someone else that updates
>> pyton-axolotl to use a newer python cryptography library rather than the
>> deprecated python-pycrypto library. That would also fix this issue and
>> is a much better long term fix but also a more intrusive change.
>
> Any update on this? :-)
Haven't heard anything from the maintainer :/.
We could just go ahead and apply my patch anways :). Or remove the
package from guix entirely. As it stands the package has been broken
for over a year in guix.
https://hydra.gnu.org/job/gnu/master/python-axolotl-0.1.35.x86_64-linux
>
> Thanks in advance,
> Ludo’.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2018-01-31 16:38 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-11-23 20:04 [bug#29415] [PATCH] gnu: python-axolotl: Update to 0.1.39 and fix build Adam Van Ymeren
2017-11-25 0:09 ` Leo Famulari
2017-11-27 15:00 ` Adam Van Ymeren
2017-11-27 18:09 ` Leo Famulari
2017-11-27 18:10 ` Leo Famulari
2018-01-30 21:16 ` Ludovic Courtès
2018-01-31 14:38 ` Adam Van Ymeren
2018-01-31 16:37 ` bug#29415: " Ludovic Courtès
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).