From f48ecec85f0b3f2d753383c92970668c129c959f Mon Sep 17 00:00:00 2001
From: jasper <jasper@openbsd.org>
Date: Mon, 20 Aug 2012 14:38:10 +0000
Subject: [PATCH] Security fix for CVE-2012-3458, py-beaker weak use of crypto
 can leak information to remote attackers.

---
 www/py-beaker/Makefile                        |  3 +-
 www/py-beaker/distinfo                        |  3 --
 .../patches/patch-beaker_crypto_pycrypto_py   | 33 +++++++++++++++++++
 3 files changed, 35 insertions(+), 4 deletions(-)
 create mode 100644 www/py-beaker/patches/patch-beaker_crypto_pycrypto_py

diff --git a/www/py-beaker/Makefile b/www/py-beaker/Makefile
index 7ddc8723595..0934c517873 100644
--- a/www/py-beaker/Makefile
+++ b/www/py-beaker/Makefile
@@ -1,10 +1,11 @@
-# $OpenBSD: Makefile,v 1.8 2011/12/31 15:10:35 fgsch Exp $
+# $OpenBSD: Makefile,v 1.9 2012/08/20 14:38:10 jasper Exp $
 
 COMMENT =	session and caching library with wsgi middleware
 
 MODPY_EGG_VERSION = 1.6.2
 DISTNAME =	Beaker-${MODPY_EGG_VERSION}
 PKGNAME =	py-${DISTNAME:L}
+REVISION =	0
 
 CATEGORIES =	www devel
 
diff --git a/www/py-beaker/distinfo b/www/py-beaker/distinfo
index f88b99288a1..a5836248620 100644
--- a/www/py-beaker/distinfo
+++ b/www/py-beaker/distinfo
@@ -1,5 +1,2 @@
-MD5 (Beaker-1.6.2.tar.gz) = RVomTLSBqwdEbwIMAB3NxQ==
-RMD160 (Beaker-1.6.2.tar.gz) = iE5RUp2qkoG+YQieD8Xzhao4Sc0=
-SHA1 (Beaker-1.6.2.tar.gz) = 0yVrmfV66Z4ELJOFBooKUV0OvWQ=
 SHA256 (Beaker-1.6.2.tar.gz) = I+QjUHg9xkV/W3cbGV8OR76GBamnV4bLNeDsuMHUMOo=
 SIZE (Beaker-1.6.2.tar.gz) = 52442
diff --git a/www/py-beaker/patches/patch-beaker_crypto_pycrypto_py b/www/py-beaker/patches/patch-beaker_crypto_pycrypto_py
new file mode 100644
index 00000000000..3d543237cd2
--- /dev/null
+++ b/www/py-beaker/patches/patch-beaker_crypto_pycrypto_py
@@ -0,0 +1,33 @@
+$OpenBSD: patch-beaker_crypto_pycrypto_py,v 1.1 2012/08/20 14:38:10 jasper Exp $
+
+Security fix for CVE-2012-3458, py-beaker weak use of crypto can
+leak information to remote attackers.
+
+Patch from: https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5
+
+--- beaker/crypto/pycrypto.py.orig	Mon Aug 20 16:30:05 2012
++++ beaker/crypto/pycrypto.py	Mon Aug 20 16:31:37 2012
+@@ -15,17 +15,19 @@ try:
+ 
+ except ImportError:
+     from Crypto.Cipher import AES
++    from Crypto.Util import Counter
+ 
+     def aesEncrypt(data, key):
+-        cipher = AES.new(key)
++        cipher = AES.new(key, AES.MODE_CTR,
++                         counter=Counter.new(128, initial_value=0))
+ 
+-        data = data + (" " * (16 - (len(data) % 16)))
+         return cipher.encrypt(data)
+ 
+     def aesDecrypt(data, key):
+-        cipher = AES.new(key)
++        cipher = AES.new(key, AES.MODE_CTR,
++	                 counter=Counter.new(128, initial_value=0))
+ 
+-        return cipher.decrypt(data).rstrip()
++        return cipher.decrypt(data)
+ 
+ def getKeyLength():
+     return 32