Security fix for CVE-2012-3458, py-beaker weak use of crypto can

leak information to remote attackers.

www/py-beaker/Makefile

@@ -1,10 +1,11 @@
-# $OpenBSD: Makefile,v 1.8 2011/12/31 15:10:35 fgsch Exp $
+# $OpenBSD: Makefile,v 1.9 2012/08/20 14:38:10 jasper Exp $
 
 COMMENT =	session and caching library with wsgi middleware
 
 MODPY_EGG_VERSION = 1.6.2
 DISTNAME =	Beaker-${MODPY_EGG_VERSION}
 PKGNAME =	py-${DISTNAME:L}
+REVISION =	0
 
 CATEGORIES =	www devel
 

www/py-beaker/distinfo

@@ -1,5 +1,2 @@
-MD5 (Beaker-1.6.2.tar.gz) = RVomTLSBqwdEbwIMAB3NxQ==
-RMD160 (Beaker-1.6.2.tar.gz) = iE5RUp2qkoG+YQieD8Xzhao4Sc0=
-SHA1 (Beaker-1.6.2.tar.gz) = 0yVrmfV66Z4ELJOFBooKUV0OvWQ=
 SHA256 (Beaker-1.6.2.tar.gz) = I+QjUHg9xkV/W3cbGV8OR76GBamnV4bLNeDsuMHUMOo=
 SIZE (Beaker-1.6.2.tar.gz) = 52442

www/py-beaker/patches/patch-beaker_crypto_pycrypto_py

@@ -0,0 +1,33 @@
+$OpenBSD: patch-beaker_crypto_pycrypto_py,v 1.1 2012/08/20 14:38:10 jasper Exp $
+
+Security fix for CVE-2012-3458, py-beaker weak use of crypto can
+leak information to remote attackers.
+
+Patch from: https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5
+
+--- beaker/crypto/pycrypto.py.orig	Mon Aug 20 16:30:05 2012
++++ beaker/crypto/pycrypto.py	Mon Aug 20 16:31:37 2012
+@@ -15,17 +15,19 @@ try:
+ 
+ except ImportError:
+     from Crypto.Cipher import AES
++    from Crypto.Util import Counter
+ 
+     def aesEncrypt(data, key):
+-        cipher = AES.new(key)
++        cipher = AES.new(key, AES.MODE_CTR,
++                         counter=Counter.new(128, initial_value=0))
+ 
+-        data = data + (" " * (16 - (len(data) % 16)))
+         return cipher.encrypt(data)
+ 
+     def aesDecrypt(data, key):
+-        cipher = AES.new(key)
++        cipher = AES.new(key, AES.MODE_CTR,
++	                 counter=Counter.new(128, initial_value=0))
+ 
+-        return cipher.decrypt(data).rstrip()
++        return cipher.decrypt(data)
+ 
+ def getKeyLength():
+     return 32