revbumped with security patch CVE-2012-2146 added to files wrt Bug #434576

(Portage version: 2.1.11.30/cvs/Linux x86_64, unsigned Manifest commit)

3 files changed, 149 insertions, 3 deletions

diff --git a/dev-python/elixir/ChangeLog b/dev-python/elixir/ChangeLog
index a6ee2f895814..3f4d3865de68 100644
--- a/dev-python/elixir/ChangeLog
+++ b/dev-python/elixir/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for dev-python/elixir
-# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-python/elixir/ChangeLog,v 1.6 2009/12/21 06:37:53 arfrever Exp $
+# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/dev-python/elixir/ChangeLog,v 1.7 2012/11/10 13:09:28 idella4 Exp $
+
+*elixir-0.7.1-r1 (11 Nov 2012)
+
+  11 Nov 2012; Ian Delaney <idella4@gentoo.org> +elixir-0.7.1-r1.ebuild,
+  +files/elixir-0.7.1-CVE-2012-2146-aes.patch:
+  revbumped with security patch CVE-2012-2146 added to files wrt Bug #434576
 
 *elixir-0.7.1 (21 Dec 2009)
 
@@ -30,4 +36,3 @@
   31 Jul 2007; Tiziano Müller <dev-zero@gentoo.org> +metadata.xml,
   +elixir-0.3.0.ebuild:
   Initial ebuild
-
diff --git a/dev-python/elixir/elixir-0.7.1-r1.ebuild b/dev-python/elixir/elixir-0.7.1-r1.ebuild
new file mode 100644
index 000000000000..6e18ec9d706d
--- /dev/null
+++ b/dev-python/elixir/elixir-0.7.1-r1.ebuild
@@ -0,0 +1,56 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-python/elixir/elixir-0.7.1-r1.ebuild,v 1.1 2012/11/10 13:09:28 idella4 Exp $
+
+EAPI="2"
+PYTHON_DEPEND="2"
+SUPPORT_PYTHON_ABIS="1"
+
+inherit distutils eutils
+
+MY_PN="Elixir"
+MY_P="${MY_PN}-${PV}"
+
+DESCRIPTION="Declarative Mapper for SQLAlchemy"
+HOMEPAGE="http://elixir.ematia.de/trac/wiki http://pypi.python.org/pypi/Elixir"
+SRC_URI="mirror://pypi/${MY_PN:0:1}/${MY_PN}/${MY_P}.tar.gz"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="doc"
+
+RDEPEND=">=dev-python/sqlalchemy-0.4.0"
+DEPEND="${RDEPEND}
+	dev-python/setuptools
+	doc? ( >=dev-python/docutils-0.4-r3
+		>=dev-python/elementtree-1.2.6
+		>=dev-python/kid-0.9
+		>=dev-python/pygments-0.8.1
+		>=dev-python/pudge-0.1.3
+		>=dev-python/buildutils-0.3 )"
+RESTRICT_PYTHON_ABIS="3.*"
+
+S="${WORKDIR}/${MY_P}"
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-CVE-2012-2146-aes.patch
+}
+
+src_compile() {
+	distutils_src_compile
+
+	if use doc; then
+		einfo "Generation of documentation"
+		"$(PYTHON -f)" setup.py addcommand -p buildutils.pudge_command
+		PYTHONPATH=. "$(PYTHON -f)" setup.py pudge || die "Generation of documentation failed"
+	fi
+}
+
+src_install() {
+	distutils_src_install
+
+	if use doc; then
+		dohtml -r build/doc/*
+	fi
+}
diff --git a/dev-python/elixir/files/elixir-0.7.1-CVE-2012-2146-aes.patch b/dev-python/elixir/files/elixir-0.7.1-CVE-2012-2146-aes.patch
new file mode 100644
index 000000000000..f69df35458f6
--- /dev/null
+++ b/dev-python/elixir/files/elixir-0.7.1-CVE-2012-2146-aes.patch
@@ -0,0 +1,85 @@
+Upstream patch acquired from
+http://sochotni.fedorapeople.org/python-elixir-aes-encryption-addition.patch
+Index: elixir/ext/encrypted.py
+===================================================================
+--- elixir/ext/encrypted.py	(revision 534)
++++ elixir/ext/encrypted.py	(working copy)
+@@ -32,7 +32,9 @@
+ database row.
+ '''
+ 
+-from Crypto.Cipher import Blowfish
++import sys
++import os
++from Crypto.Cipher import Blowfish, AES
+ from elixir.statements import Statement
+ from sqlalchemy.orm import MapperExtension, EXT_CONTINUE, EXT_STOP
+ 
+@@ -49,7 +51,9 @@
+ #
+ # encryption and decryption functions
+ #
+-
++# WARNING!!! Blowfish encryption method is vulnerable to attacks
++# because it doesn't properly use random seed. It is provided just for
++# backward compatibility needed to migrate data. Use AES instead!
+ def encrypt_value(value, secret):
+     return Blowfish.new(secret, Blowfish.MODE_CFB) \
+                    .encrypt(value).encode('string_escape')
+@@ -58,14 +62,36 @@
+     return Blowfish.new(secret, Blowfish.MODE_CFB) \
+                    .decrypt(value.decode('string_escape'))
+ 
++# Crypto.Cipher.AES is AES128
++def encrypt_value_aes(value, secret):
++    iv = os.urandom(AES.block_size)
+ 
++    pad_len = AES.block_size - len(value) % AES.block_size
++    padded_value = value + pad_len * chr(pad_len)
++    res = iv + AES.new(secret, AES.MODE_CBC, iv).encrypt(padded_value)
++    return res.encode('string_escape')
++
++def decrypt_value_aes(value, secret):
++    value = value.decode('string_escape')
++    iv = value[:AES.block_size]
++    encrypted = value[AES.block_size:]
++
++    padded_value = AES.new(secret, AES.MODE_CBC, iv).decrypt(encrypted)
++    pad_len = ord(padded_value[-1])
++    assert pad_len >= 1 and pad_len <= AES.block_size
++    return padded_value[:-pad_len]
++
+ #
+ # acts_as_encrypted statement
+ #
+ 
+ class ActsAsEncrypted(object):
+ 
+-    def __init__(self, entity, for_fields=[], with_secret='abcdef'):
++    def __init__(self, entity, for_fields=[], with_secret='abcdef', with_aes=False):
++        if not with_aes:
++            sys.stderr.write("""******* WARNING!!! ********
++Blowfish encryption method is vulnerable to attacks.
++Migrate your data and use with_aes=True\n""")
+ 
+         def perform_encryption(instance, encrypt=True):
+             encrypted = getattr(instance, '_elixir_encrypted', None)
+@@ -77,9 +103,15 @@
+                 instance._elixir_encrypted = encrypt
+ 
+             if encrypt:
+-                func = encrypt_value
++                if with_aes:
++                    func = encrypt_value_aes
++                else:
++                    func = encrypt_value
+             else:
+-                func = decrypt_value
++                if with_aes:
++                    func = decrypt_value_aes
++                else:
++                    func = decrypt_value
+ 
+             for column_name in for_fields:
+                 current_value = getattr(instance, column_name)
+