GNU bug report logs -
#29415
[PATCH] gnu: python-axolotl: Update to 0.1.39 and fix build.
Previous Next
Reported by: Adam Van Ymeren <adam <at> vany.ca>
Date: Thu, 23 Nov 2017 20:06:02 UTC
Severity: normal
Tags: patch
Done: ludo <at> gnu.org (Ludovic Courtès)
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 29415 in the body.
You can then email your comments to 29415 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org
:
bug#29415
; Package
guix-patches
.
(Thu, 23 Nov 2017 20:06:03 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Adam Van Ymeren <adam <at> vany.ca>
:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org
.
(Thu, 23 Nov 2017 20:06:03 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Patch taken from the debian package for python-axolotl-0.1.39.
python-axolotl has been failing since March,
https://hydra.gnu.org/job/gnu/master/python-axolotl-0.1.35.x86_64-linux
This also fixes the OMEMO and OTR plugins for Gajim work.
---
...olotl-removes-IV-parameter-at-AES-creation.patch | 21 +++++++++++++++++++++
gnu/packages/python-crypto.scm | 6 ++++--
2 files changed, 25 insertions(+), 2 deletions(-)
create mode 100644 gnu/packages/patches/python-axolotl-removes-IV-parameter-at-AES-creation.patch
diff --git a/gnu/packages/patches/python-axolotl-removes-IV-parameter-at-AES-creation.patch b/gnu/packages/patches/python-axolotl-removes-IV-parameter-at-AES-creation.patch
new file mode 100644
index 000000000..b25806ca2
--- /dev/null
+++ b/gnu/packages/patches/python-axolotl-removes-IV-parameter-at-AES-creation.patch
@@ -0,0 +1,21 @@
+Description: Removes IV paramenter from AES constructor, since it is not necessary for ctr mode.
+Author: Josue Ortega <josue <at> debian.org>
+Last-Update: 2017-04-13
+
+--- a/axolotl/sessioncipher.py
++++ b/axolotl/sessioncipher.py
+@@ -228,13 +228,7 @@
+ # counterint = struct.unpack(">L", counterbytes)[0]
+ # counterint = int.from_bytes(counterbytes, byteorder='big')
+ ctr = Counter.new(128, initial_value=counter)
+-
+- # cipher = AES.new(key, AES.MODE_CTR, counter=ctr)
+- ivBytes = bytearray(16)
+- ByteUtil.intToByteArray(ivBytes, 0, counter)
+-
+- cipher = AES.new(key, AES.MODE_CTR, IV=bytes(ivBytes), counter=ctr)
+-
++ cipher = AES.new(key, AES.MODE_CTR, counter=ctr)
+ return cipher
+
+
diff --git a/gnu/packages/python-crypto.scm b/gnu/packages/python-crypto.scm
index 77409d86d..3ffa477fe 100644
--- a/gnu/packages/python-crypto.scm
+++ b/gnu/packages/python-crypto.scm
@@ -430,7 +430,7 @@ python-axolotl.")
(define-public python-axolotl
(package
(name "python-axolotl")
- (version "0.1.35")
+ (version "0.1.39")
(source
(origin
(method url-fetch)
@@ -438,8 +438,10 @@ python-axolotl.")
"https://github.com/tgalal/python-axolotl/archive/"
version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
+ (patches (search-patches
+ "python-axolotl-removes-IV-parameter-at-AES-creation.patch"))
(sha256
- (base32 "1z8d89p7v40p4bwywjm9h4z28fdvra79ddw06azlkrfjbl7dxmz8"))))
+ (base32 "0badsgkgz0ir3hqynxzsfjgacppi874syvvmgccc6j164053x6zm"))))
(build-system python-build-system)
(arguments
`(#:phases
--
2.15.0
Information forwarded
to
guix-patches <at> gnu.org
:
bug#29415
; Package
guix-patches
.
(Sat, 25 Nov 2017 00:10:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 29415 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Thu, Nov 23, 2017 at 03:04:46PM -0500, Adam Van Ymeren wrote:
Hi,
> Patch taken from the debian package for python-axolotl-0.1.39.
>
> python-axolotl has been failing since March,
> https://hydra.gnu.org/job/gnu/master/python-axolotl-0.1.35.x86_64-linux
>
> This also fixes the OMEMO and OTR plugins for Gajim work.
Thanks for looking into this and sending the patch.
> diff --git a/gnu/packages/patches/python-axolotl-removes-IV-parameter-at-AES-creation.patch b/gnu/packages/patches/python-axolotl-removes-IV-parameter-at-AES-creation.patch
> new file mode 100644
> index 000000000..b25806ca2
> --- /dev/null
> +++ b/gnu/packages/patches/python-axolotl-removes-IV-parameter-at-AES-creation.patch
> @@ -0,0 +1,21 @@
> +Description: Removes IV paramenter from AES constructor, since it is not necessary for ctr mode.
> +Author: Josue Ortega <josue <at> debian.org>
> +Last-Update: 2017-04-13
> +
> +--- a/axolotl/sessioncipher.py
> ++++ b/axolotl/sessioncipher.py
> +@@ -228,13 +228,7 @@
> + # counterint = struct.unpack(">L", counterbytes)[0]
> + # counterint = int.from_bytes(counterbytes, byteorder='big')
> + ctr = Counter.new(128, initial_value=counter)
> +-
> +- # cipher = AES.new(key, AES.MODE_CTR, counter=ctr)
> +- ivBytes = bytearray(16)
> +- ByteUtil.intToByteArray(ivBytes, 0, counter)
> +-
> +- cipher = AES.new(key, AES.MODE_CTR, IV=bytes(ivBytes), counter=ctr)
> +-
> ++ cipher = AES.new(key, AES.MODE_CTR, counter=ctr)
> + return cipher
I think this change should be submitted upstream, which is here:
https://github.com/tgalal/python-axolotl
Can you do that? We wouldn't have to wait for a new release of
python-axolotl, but we should wait to hear what the upstream maintainer
thinks.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org
:
bug#29415
; Package
guix-patches
.
(Mon, 27 Nov 2017 15:01:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 29415 <at> debbugs.gnu.org (full text, mbox):
Leo Famulari <leo <at> famulari.name> writes:
> I think this change should be submitted upstream, which is here:
>
> https://github.com/tgalal/python-axolotl
>
> Can you do that? We wouldn't have to wait for a new release of
> python-axolotl, but we should wait to hear what the upstream maintainer
> thinks.
Pull request sent.
There is also a pull request pending from someone else that updates
pyton-axolotl to use a newer python cryptography library rather than the
deprecated python-pycrypto library. That would also fix this issue and
is a much better long term fix but also a more intrusive change.
Information forwarded
to
guix-patches <at> gnu.org
:
bug#29415
; Package
guix-patches
.
(Mon, 27 Nov 2017 18:11:01 GMT)
Full text and
rfc822 format available.
Message #14 received at 29415 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Mon, Nov 27, 2017 at 10:00:01AM -0500, Adam Van Ymeren wrote:
> Leo Famulari <leo <at> famulari.name> writes:
> There is also a pull request pending from someone else that updates
> pyton-axolotl to use a newer python cryptography library rather than the
> deprecated python-pycrypto library. That would also fix this issue and
> is a much better long term fix but also a more intrusive change.
I noticed that as well. Pycrypto is no longer maintained and has an
extremely serious bug that was never fixed in a released version:
https://github.com/dlitz/pycrypto/issues/176
And the author seems to implicitly agree that people should stop using
it:
https://github.com/dlitz/pycrypto/issues/173
So I added a TODO comment to the package, saying that we should remove
it:
https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/python-crypto.scm?id=12a130b0118c3f56e6337e011dc4a89f2671359a#n186
So, I recommend being careful how you use any package that depends on
pycrypto.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org
:
bug#29415
; Package
guix-patches
.
(Mon, 27 Nov 2017 18:11:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 29415 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Mon, Nov 27, 2017 at 10:00:01AM -0500, Adam Van Ymeren wrote:
> Leo Famulari <leo <at> famulari.name> writes:
> > I think this change should be submitted upstream, which is here:
> >
> > https://github.com/tgalal/python-axolotl
> >
> > Can you do that? We wouldn't have to wait for a new release of
> > python-axolotl, but we should wait to hear what the upstream maintainer
> > thinks.
>
> Pull request sent.
Great, please ping us when they respond or if they never do :)
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org
:
bug#29415
; Package
guix-patches
.
(Tue, 30 Jan 2018 21:17:02 GMT)
Full text and
rfc822 format available.
Message #20 received at 29415 <at> debbugs.gnu.org (full text, mbox):
Hi Adam,
Adam Van Ymeren <adam <at> vany.ca> skribis:
> Leo Famulari <leo <at> famulari.name> writes:
>> I think this change should be submitted upstream, which is here:
>>
>> https://github.com/tgalal/python-axolotl
>>
>> Can you do that? We wouldn't have to wait for a new release of
>> python-axolotl, but we should wait to hear what the upstream maintainer
>> thinks.
>
> Pull request sent.
>
> There is also a pull request pending from someone else that updates
> pyton-axolotl to use a newer python cryptography library rather than the
> deprecated python-pycrypto library. That would also fix this issue and
> is a much better long term fix but also a more intrusive change.
Any update on this? :-)
Thanks in advance,
Ludo’.
Information forwarded
to
guix-patches <at> gnu.org
:
bug#29415
; Package
guix-patches
.
(Wed, 31 Jan 2018 14:39:01 GMT)
Full text and
rfc822 format available.
Message #23 received at 29415 <at> debbugs.gnu.org (full text, mbox):
Ludovic Courtès <ludo <at> gnu.org> writes:
> Hi Adam,
>
> Adam Van Ymeren <adam <at> vany.ca> skribis:
>
>> Leo Famulari <leo <at> famulari.name> writes:
>>> I think this change should be submitted upstream, which is here:
>>>
>>> https://github.com/tgalal/python-axolotl
>>>
>>> Can you do that? We wouldn't have to wait for a new release of
>>> python-axolotl, but we should wait to hear what the upstream maintainer
>>> thinks.
>>
>> Pull request sent.
>>
>> There is also a pull request pending from someone else that updates
>> pyton-axolotl to use a newer python cryptography library rather than the
>> deprecated python-pycrypto library. That would also fix this issue and
>> is a much better long term fix but also a more intrusive change.
>
> Any update on this? :-)
Haven't heard anything from the maintainer :/.
We could just go ahead and apply my patch anways :). Or remove the
package from guix entirely. As it stands the package has been broken
for over a year in guix.
https://hydra.gnu.org/job/gnu/master/python-axolotl-0.1.35.x86_64-linux
>
> Thanks in advance,
> Ludo’.
Reply sent
to
ludo <at> gnu.org (Ludovic Courtès)
:
You have taken responsibility.
(Wed, 31 Jan 2018 16:38:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Adam Van Ymeren <adam <at> vany.ca>
:
bug acknowledged by developer.
(Wed, 31 Jan 2018 16:38:02 GMT)
Full text and
rfc822 format available.
Message #28 received at 29415-done <at> debbugs.gnu.org (full text, mbox):
Hi Adam,
Adam Van Ymeren <adam <at> vany.ca> skribis:
> Ludovic Courtès <ludo <at> gnu.org> writes:
[...]
>> Any update on this? :-)
>
> Haven't heard anything from the maintainer :/.
>
> We could just go ahead and apply my patch anways :). Or remove the
> package from guix entirely. As it stands the package has been broken
> for over a year in guix.
>
> https://hydra.gnu.org/job/gnu/master/python-axolotl-0.1.35.x86_64-linux
Indeed. I adjusted the patch and commit log and pushed it as commit
51f887f33d08a805fa62c726c81904ce54a540ac.
Sorry for taking so long!
Thank you,
Ludo’.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Thu, 01 Mar 2018 12:24:06 GMT)
Full text and
rfc822 format available.
This bug report was last modified 6 years and 65 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.