Ubuntu
python-scrypt package

Merge ~chris.macnaughton/ubuntu/+source/python-scrypt:bug/1695899 into ~ubuntu-server-dev/ubuntu/+source/python-scrypt:master

Git
lp:~chris.macnaughton/ubuntu/+source/python-scrypt
bug/1695899
Merge into master

Proposed by Chris MacNaughton on 2020-09-08

Status:

Merged

Merge reported by:

Corey Bryant

Merged at revision:

b97e6fadabcec2314d8f9a06ef94cfcf5623d1a3

Proposed branch:

~chris.macnaughton/ubuntu/+source/python-scrypt:bug/1695899

Merge into:

~ubuntu-server-dev/ubuntu/+source/python-scrypt:master

Diff against target:

59 lines (+24/-1)

4 files modified

debian/changelog (+7/-1)
debian/patches/add-missing-rfc-test-vector.patch (+14/-0)
debian/patches/series (+1/-0)
debian/rules (+2/-0)

Critical

Fix Released

Link a bug report

Reviewer	Review Type	Date Requested	Status
Corey Bryant		2020-09-08	Needs Fixing on 2020-09-18
Review via email: mp+390400@code.launchpad.net

Revision history for this message

Corey Bryant (corey.bryant) wrote on 2020-09-18:

It looks like DEB_BUILD_HARDENING needs hardening-wrapper as a BD, but that package doesn't exist anymore. Can you ask the security team what the best practice is these days?

review: Needs Fixing

~chris.macnaughton/ubuntu/+source/python-scrypt:bug/1695899 updated on 2020-09-23

b97e6fa... by Chris MacNaughton on 2020-09-23: Use modern version to enable BINDNOW

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Chris MacNaughton

Ubuntu Server Developers

 diff --git a/debian/changelog b/debian/changelog
 index 5d365de..f21c717 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,9 +1,15 @@
  python-scrypt (0.8.0-0.3ubuntu2) UNRELEASED; urgency=medium
++  [ Corey Bryant ]
    * d/gbp.conf: Update gbp configuration file.
    * d/control: Update Vcs-* links and maintainers.
-- -- Corey Bryant <corey.bryant@canonical.com>  Tue, 08 Sep 2020 09:02:21 -0400
++  [ Chris MacNaughton ]
++  * d/p/add-missing-rfc-test-vector.patch: Apply patch to enable additional
++    test vectors from the scrypt RFC (LP: #1695899).
++  * d/rules: Enable BINDNOW hardening at build time (LP: #1695899).
++
++ -- Chris MacNaughton <chris.macnaughton@canonical.com>  Tue, 08 Sep 2020 13:06:52 +0000
  python-scrypt (0.8.0-0.3ubuntu1) focal; urgency=low
 diff --git a/debian/patches/add-missing-rfc-test-vector.patch b/debian/patches/add-missing-rfc-test-vector.patch
 new file mode 100644
 index 0000000..3d84533
 --- /dev/null
 +++ b/debian/patches/add-missing-rfc-test-vector.patch
@@ -0,0 +1,14 @@
++Description: Add missing test vector from RFC
++Author: Chris MacNaughton <chris.macnaughton@canonical.com>
++Forwarded: https://github.com/holgern/py-scrypt/pull/3
++
++--- a/tests/hashvectors.csv
+++++ b/tests/hashvectors.csv
++@@ -2,4 +2,5 @@ password,salt,n,r,p,hexhash
++ ,,16,1,1,77d6576238657b203b19ca42c18a0497f16b4844e3074ae8dfdffa3fede21442fcd0069ded0948f8326a753a0fc81f17e8d3e0fb2e0d3628cf35e20c38d18906
++ password,NaCl,1024,8,16,fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640
++ pleaseletmein,SodiumChloride,16384,8,1,7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887
++-pleaseletmein,SodiumChloride,32768,16,4,cbc397a9b5f5a53048c5b9f039ee1246d9532c8089fb346a4ab47cd0701febf18652b1ee042e070d1b6c631c43fd05ececd5b165ee1c2ffc1a2e98406fc2cd52
++\ No newline at end of file
+++pleaseletmein,SodiumChloride,32768,16,4,cbc397a9b5f5a53048c5b9f039ee1246d9532c8089fb346a4ab47cd0701febf18652b1ee042e070d1b6c631c43fd05ececd5b165ee1c2ffc1a2e98406fc2cd52
+++pleaseletmein,SodiumChloride,1048576,8,1,2101cb9b6a511aaeaddbbe09cf70f881ec568d574a2ffd4dabe5ee9820adaa478e56fd8f4ba5d09ffa1c6d927c40f4c337304049e8a952fbcbf45c6fa77a41a4
 diff --git a/debian/patches/series b/debian/patches/series
 index a96a6c0..11f308d 100644
 --- a/debian/patches/series
 +++ b/debian/patches/series
@@ -1 +1,2 @@
  add-missing-test-module.patch
++add-missing-rfc-test-vector.patch
 diff --git a/debian/rules b/debian/rules
 index 3f8d21b..5b11e2b 100755
 --- a/debian/rules
 +++ b/debian/rules
@@ -1,5 +1,7 @@
  #!/usr/bin/make -f
++export DEB_BUILD_MAINT_OPTIONS=hardening=+pie,+bindnow
++
  %:
  	dh $@ --with python3 --buildsystem=pybuild

Ubuntu
python-scrypt package

Merge ~chris.macnaughton/ubuntu/+source/python-scrypt:bug/1695899 into ~ubuntu-server-dev/ubuntu/+source/python-scrypt:master

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntupython-scrypt package

Merge ~chris.macnaughton/ubuntu/+source/python-scrypt:bug/1695899 into ~ubuntu-server-dev/ubuntu/+source/python-scrypt:master

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntu
python-scrypt package