[python-pyrad] Better random number generator
Peter Lemenkov
peter at fedoraproject.org
Thu Sep 5 11:48:38 UTC 2013
commit 1696c7fd4f49ed1be3785ead0312d34ee7296c51
Author: Peter Lemenkov <lemenkov at gmail.com>
Date: Thu Sep 5 15:48:24 2013 +0400
Better random number generator
Signed-off-by: Peter Lemenkov <lemenkov at gmail.com>
...-pyrad-0001-Use-a-better-random-generator.patch | 66 ++++++++++++++++++++
python-pyrad.spec | 8 ++-
sources | 1 -
3 files changed, 73 insertions(+), 2 deletions(-)
---
diff --git a/python-pyrad-0001-Use-a-better-random-generator.patch b/python-pyrad-0001-Use-a-better-random-generator.patch
new file mode 100644
index 0000000..9f60a2b
--- /dev/null
+++ b/python-pyrad-0001-Use-a-better-random-generator.patch
@@ -0,0 +1,66 @@
+From 4d0ce547e319eac03bbeb6bde6503e182b61ca3c Mon Sep 17 00:00:00 2001
+From: Wichert Akkerman <wichert at wiggy.net>
+Date: Tue, 15 Jan 2013 16:55:54 +0100
+Subject: [PATCH 1/1] Use a better random generator.
+
+---
+ CHANGES.txt | 7 +++++++
+ pyrad/packet.py | 9 ++++++---
+ 2 files changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/CHANGES.txt b/CHANGES.txt
+index 17aaffe..6dd92ef 100644
+--- a/CHANGES.txt
++++ b/CHANGES.txt
+@@ -1,6 +1,13 @@
+ Changelog
+ =========
+
++2.1 - Unreleased
++------------------
++
++* Use a different random generator to improve the security of generated
++ packet ids and authenticators.
++
++
+ 2.0 - May 15, 2011
+ ------------------
+
+diff --git a/pyrad/packet.py b/pyrad/packet.py
+index e3682b2..2366140 100644
+--- a/pyrad/packet.py
++++ b/pyrad/packet.py
+@@ -33,8 +33,11 @@ CoARequest = 43
+ CoAACK = 44
+ CoANAK = 45
+
++# Use cryptographic-safe random generator as provided by the OS.
++random_generator = random.SystemRandom()
++
+ # Current ID
+-CurrentID = random.randrange(1, 255)
++CurrentID = random_generator.randrange(1, 255)
+
+
+ class PacketError(Exception):
+@@ -208,7 +211,7 @@ class Packet(dict):
+
+ data = []
+ for i in range(16):
+- data.append(random.randrange(0, 256))
++ data.append(random_generator.randrange(0, 256))
+ if six.PY3:
+ return bytes(data)
+ else:
+@@ -223,7 +226,7 @@ class Packet(dict):
+ :rtype: integer
+
+ """
+- return random.randrange(0, 256)
++ return random_generator.randrange(0, 256)
+
+ def ReplyPacket(self):
+ """Create a ready-to-transmit authentication reply packet.
+--
+1.8.3.1
+
diff --git a/python-pyrad.spec b/python-pyrad.spec
index 7514db8..41649a4 100644
--- a/python-pyrad.spec
+++ b/python-pyrad.spec
@@ -2,11 +2,13 @@
Name: python-pyrad
Version: 2.0
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: Python RADIUS client
License: BSD
URL: https://github.com/wichert/pyrad
Source0: http://pypi.python.org/packages/source/p/%{pkgname}/%{pkgname}-%{version}.tar.gz
+# Cherry-picked from upstream
+Patch1: python-pyrad-0001-Use-a-better-random-generator.patch
BuildRequires: python2-devel
BuildRequires: python-nose
BuildRequires: python-setuptools
@@ -23,6 +25,7 @@ them and decoding responses.
%prep
%setup -qn %{pkgname}-%{version}
chmod 644 example/acct.py example/auth.py example/server.py
+%patch1 -p1 -b .better_rng
%build
%{__python} setup.py build
@@ -41,6 +44,9 @@ make html %{?_smp_mflags}
%{python_sitelib}/%{pkgname}-%{version}-*.egg-info/
%changelog
+* Thu Sep 05 2013 Peter Lemenkov <lemenkov at gmail.com> - 2.0-3
+- Better random number generator
+
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
diff --git a/sources b/sources
index f2ff8ac..096a4e1 100644
--- a/sources
+++ b/sources
@@ -1,2 +1 @@
-ab1502f8ccd7409ced757d78b0dee7df pyrad-1.1.tar.gz
e95f2cef1a191c1c891779dff8fb0255 pyrad-2.0.tar.gz
More information about the scm-commits
mailing list