Run of fresh-releases for python-srp

Try this locally (using silver-platter):

debian-svp new-upstream python-srp 

Merge these changes:

git pull https://janitor.debian.net/git/python-srp fresh-releases/main
git pull https://janitor.debian.net/git/python-srp fresh-releases/pristine-tar
git pull https://janitor.debian.net/git/python-srp fresh-releases/upstream

Summary

Merged new upstream version: 1.0.17 (was: 1.0.15).

Diff

Branch: main

diff --git a/PKG-INFO b/PKG-INFO
index 59a819a..38d6cdd 100644
--- a/PKG-INFO
+++ b/PKG-INFO
@@ -1,6 +1,6 @@
 Metadata-Version: 1.1
 Name: srp
-Version: 1.0.15
+Version: 1.0.17
 Summary: Secure Remote Password
 Home-page: https://github.com/cocagne/pysrp
 Author: Tom Cocagne
diff --git a/debian/changelog b/debian/changelog
index 690050d..dd6a4c4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-python-srp (1.0.15-2) UNRELEASED; urgency=medium
+python-srp (1.0.17-1) UNRELEASED; urgency=medium
 
   [ Ondřej Nový ]
   * d/control: Update Maintainer field with new Debian Python Team
@@ -10,7 +10,7 @@ python-srp (1.0.15-2) UNRELEASED; urgency=medium
   * Set upstream metadata fields: Bug-Database, Bug-Submit.
   * Update standards version to 4.5.0, no changes needed.
 
- -- Ondřej Nový <onovy@debian.org>  Thu, 24 Sep 2020 08:43:11 +0200
+ -- Ondřej Nový <onovy@debian.org>  Tue, 06 Apr 2021 14:47:56 -0000
 
 python-srp (1.0.15-1) unstable; urgency=medium
 
diff --git a/setup.py b/setup.py
index 9e316bd..fc4f9b0 100755
--- a/setup.py
+++ b/setup.py
@@ -36,7 +36,7 @@ please refer to the `srp module documentation`_.
 '''
 
 setup(name             = 'srp',
-      version          = '1.0.15',
+      version          = '1.0.17',
       description      = 'Secure Remote Password',
       author           = 'Tom Cocagne',
       author_email     = 'tom.cocagne@gmail.com',
diff --git a/srp/_ctsrp.py b/srp/_ctsrp.py
index b467066..f56a28f 100644
--- a/srp/_ctsrp.py
+++ b/srp/_ctsrp.py
@@ -196,13 +196,14 @@ def load_func( name, args, returns = ctypes.c_int):
 
 load_func( 'BN_new',   [],         BIGNUM )
 load_func( 'BN_free',  [ BIGNUM ], None )
-load_func( 'BN_init',  [ BIGNUM ], None )
 load_func( 'BN_clear', [ BIGNUM ], None )
 
 load_func( 'BN_CTX_new',  []        , BN_CTX )
-load_func( 'BN_CTX_init', [ BN_CTX ], None   )
 load_func( 'BN_CTX_free', [ BN_CTX ], None   )
 
+load_func( 'BN_set_flags', [ BIGNUM, ctypes.c_int ], None )
+BN_FLG_CONSTTIME = 0x04
+
 load_func( 'BN_cmp',      [ BIGNUM, BIGNUM ], ctypes.c_int )
 
 load_func( 'BN_num_bits', [ BIGNUM ], ctypes.c_int )
@@ -294,6 +295,7 @@ def calculate_x( hash_class, dest, salt, username, password ):
         username = six.b('')
     up = hash_class(username + six.b(':') + password).digest()
     H_bn_str( hash_class, dest, salt, up )
+    BN_set_flags(dest, BN_FLG_CONSTTIME)
 
 
 def update_hash( ctx, n ):
@@ -432,6 +434,7 @@ class Verifier (object):
                 bytes_to_bn( self.b, bytes_b )
             else:
                 BN_rand(self.b, 256, 0, 0)
+            BN_set_flags(self.b, BN_FLG_CONSTTIME)
 
             # B = kv + g^b
             BN_mul(self.tmp1, k, self.v, self.ctx)
@@ -543,6 +546,7 @@ class User (object):
         if bytes_A:
             bytes_to_bn( self.A, bytes_A )
         else:
+            BN_set_flags(self.a, BN_FLG_CONSTTIME)
             BN_mod_exp(self.A, g, self.a, N, self.ctx)
 
 

Branch: pristine-tar

diff --git a/python-srp_1.0.17.orig.tar.gz.delta b/python-srp_1.0.17.orig.tar.gz.delta
new file mode 100644
index 0000000..cb475f5
Binary files /dev/null and b/python-srp_1.0.17.orig.tar.gz.delta differ
diff --git a/python-srp_1.0.17.orig.tar.gz.id b/python-srp_1.0.17.orig.tar.gz.id
new file mode 100644
index 0000000..138bf8b
--- /dev/null
+++ b/python-srp_1.0.17.orig.tar.gz.id
@@ -0,0 +1 @@
+a675c3f6aca46df61386b0f2610254dcf623c309

Branch: upstream

Tag: upstream/1.0.17

Diff is too long (more than 200 lines). Download the raw diff.

Debdiff

[The following lists of changes regard files as different if they have different names, permissions or owners.]

Files in second set of .debs but not in first

-rw-r--r--  root/root   /usr/lib/python3/dist-packages/srp-1.0.17.egg-info

Files in first set of .debs but not in second

-rw-r--r--  root/root   /usr/lib/python3/dist-packages/srp-1.0.15.egg-info

No differences were encountered in the control files

Resulting package

The resulting binary packages can be installed (if you have the apt repository enabled) by running one of:

apt install -t fresh-releases python3-srp

Lintian Result

Full worker log Full build log