From 2fd4c9dcd2f329f676a0621fe164d56de31ea1c8 Mon Sep 17 00:00:00 2001
From: Michael Mair-Keimberger <m.mairkeimberger@gmail.com>
Date: Mon, 22 Apr 2019 09:44:00 +0200
Subject: [PATCH] dev-python/pysaml2: remove unused patch(es)

Closes: https://github.com/gentoo/gentoo/pull/11774
Signed-off-by: Michael Mair-Keimberger <m.mairkeimberger@gmail.com>
Signed-off-by: David Seifert <soap@gentoo.org>
---
 .../files/pysaml-4.0.2_CVE-2017-1000433.patch |  33 --
 dev-python/pysaml2/files/xxe-4.0.2.patch      | 305 ------------------
 2 files changed, 338 deletions(-)
 delete mode 100644 dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch
 delete mode 100644 dev-python/pysaml2/files/xxe-4.0.2.patch

diff --git a/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch b/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch
deleted file mode 100644
index 7abc765c2984..000000000000
--- a/dev-python/pysaml2/files/pysaml-4.0.2_CVE-2017-1000433.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 6312a41e037954850867f29d329e5007df1424a5 Mon Sep 17 00:00:00 2001
-From: Ioannis Kakavas <ikakavas@noc.grnet.gr>
-Date: Tue, 12 Sep 2017 12:22:47 +0300
-Subject: [PATCH] Quick fix for the authentication bypass due to optimizations
- #451
-
----
- src/saml2/authn.py | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/src/saml2/authn.py b/src/saml2/authn.py
-index 1f2d02cf..1e1a220b 100644
---- a/src/saml2/authn.py
-+++ b/src/saml2/authn.py
-@@ -146,7 +146,8 @@ def __call__(self, cookie=None, policy_url=None, logo_url=None,
-         return resp
- 
-     def _verify(self, pwd, user):
--        assert is_equal(pwd, self.passwd[user])
-+        if not is_equal(pwd, self.passwd[user]):
-+            raise ValueError("Wrong password")
- 
-     def verify(self, request, **kwargs):
-         """
-@@ -176,7 +177,7 @@ def verify(self, request, **kwargs):
-             return_to = create_return_url(self.return_to, _dict["query"][0],
-                                           **{self.query_param: "true"})
-             resp = Redirect(return_to, headers=[cookie])
--        except (AssertionError, KeyError):
-+        except (ValueError, KeyError):
-             resp = Unauthorized("Unknown user or wrong password")
- 
-         return resp
diff --git a/dev-python/pysaml2/files/xxe-4.0.2.patch b/dev-python/pysaml2/files/xxe-4.0.2.patch
deleted file mode 100644
index 8e1a2ef53cc0..000000000000
--- a/dev-python/pysaml2/files/xxe-4.0.2.patch
+++ /dev/null
@@ -1,305 +0,0 @@
-diff -Naur pysaml2/setup.py pysaml2.new/setup.py
---- pysaml2/setup.py	2015-12-06 00:46:33.000000000 -0600
-+++ pysaml2.new/setup.py	2017-01-10 20:31:43.387413477 -0600
-@@ -17,6 +17,7 @@
-     'pytz',
-     'pyOpenSSL',
-     'python-dateutil',
-+    'defusedxml',
-     'six'
- ]
- 
-diff -Naur pysaml2/src/saml2/__init__.py pysaml2.new/src/saml2/__init__.py
---- pysaml2/src/saml2/__init__.py	2016-01-07 05:53:57.000000000 -0600
-+++ pysaml2.new/src/saml2/__init__.py	2017-01-10 20:34:04.171641116 -0600
-@@ -35,6 +35,7 @@
-         import cElementTree as ElementTree
-     except ImportError:
-         from elementtree import ElementTree
-+import defusedxml.ElementTree
- 
- root_logger = logging.getLogger(__name__)
- root_logger.level = logging.NOTSET
-@@ -86,7 +87,7 @@
-     """
-     if not isinstance(xml_string, six.binary_type):
-         xml_string = xml_string.encode('utf-8')
--    tree = ElementTree.fromstring(xml_string)
-+    tree = defusedxml.ElementTree.fromstring(xml_string)
-     return create_class_from_element_tree(target_class, tree)
- 
- 
-@@ -268,7 +269,7 @@
- 
- 
- def extension_element_from_string(xml_string):
--    element_tree = ElementTree.fromstring(xml_string)
-+    element_tree = defusedxml.ElementTree.fromstring(xml_string)
-     return _extension_element_from_element_tree(element_tree)
- 
- 
-diff -Naur pysaml2/src/saml2/pack.py pysaml2.new/src/saml2/pack.py
---- pysaml2/src/saml2/pack.py	2015-12-11 07:31:39.000000000 -0600
-+++ pysaml2.new/src/saml2/pack.py	2017-01-10 20:35:35.382435020 -0600
-@@ -37,6 +37,7 @@
-         import cElementTree as ElementTree
-     except ImportError:
-         from elementtree import ElementTree
-+import defusedxml.ElementTree
- 
- NAMESPACE = "http://schemas.xmlsoap.org/soap/envelope/"
- FORM_SPEC = """<form method="post" action="%s">
-@@ -235,7 +236,7 @@
-     :param text: The SOAP object as XML
-     :return: header parts and body as saml.samlbase instances
-     """
--    envelope = ElementTree.fromstring(text)
-+    envelope = defusedxml.ElementTree.fromstring(text)
-     assert envelope.tag == '{%s}Envelope' % NAMESPACE
- 
-     # print(len(envelope))
-diff -Naur pysaml2/src/saml2/soap.py pysaml2.new/src/saml2/soap.py
---- pysaml2/src/saml2/soap.py	2015-05-18 02:54:05.000000000 -0500
-+++ pysaml2.new/src/saml2/soap.py	2017-01-10 20:36:16.163808770 -0600
-@@ -19,6 +19,7 @@
-     except ImportError:
-         #noinspection PyUnresolvedReferences
-         from elementtree import ElementTree
-+import defusedxml.ElementTree
- 
- 
- logger = logging.getLogger(__name__)
-@@ -133,7 +134,7 @@
-     :param expected_tags: What the tag of the SAML thingy is expected to be.
-     :return: SAML thingy as a string
-     """
--    envelope = ElementTree.fromstring(text)
-+    envelope = defusedxml.ElementTree.fromstring(text)
- 
-     # Make sure it's a SOAP message
-     assert envelope.tag == '{%s}Envelope' % soapenv.NAMESPACE
-@@ -183,7 +184,7 @@
-     :return: The body and headers as class instances
-     """
-     try:
--        envelope = ElementTree.fromstring(text)
-+        envelope = defusedxml.ElementTree.fromstring(text)
-     except Exception as exc:
-         raise XmlParseError("%s" % exc)
- 
-@@ -209,7 +210,7 @@
-     :return: dictionary with two keys "body"/"header"
-     """
-     try:
--        envelope = ElementTree.fromstring(text)
-+        envelope = defusedxml.ElementTree.fromstring(text)
-     except Exception as exc:
-         raise XmlParseError("%s" % exc)
- 
-diff -Naur pysaml2/tests/test_03_saml2.py pysaml2.new/tests/test_03_saml2.py
---- pysaml2/tests/test_03_saml2.py	2015-06-06 02:15:20.000000000 -0500
-+++ pysaml2.new/tests/test_03_saml2.py	2017-01-10 20:38:32.541728380 -0600
-@@ -17,6 +17,7 @@
-         import cElementTree as ElementTree
-     except ImportError:
-         from elementtree import ElementTree
-+from defusedxml.common import EntitiesForbidden
- 
- ITEMS = {
-     NameID: ["""<?xml version="1.0" encoding="utf-8"?>
-@@ -27,7 +28,7 @@
- </NameID>
- """, """<?xml version="1.0" encoding="utf-8"?>
- <NameID xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
--  SPNameQualifier="https://foo.example.com/sp" 
-+  SPNameQualifier="https://foo.example.com/sp"
-   Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_1632879f09d08ea5ede2dc667cbed7e429ebc4335c</NameID>
- """, """<?xml version="1.0" encoding="utf-8"?>
- <NameID xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
-@@ -47,9 +48,9 @@
-     SubjectConfirmationData:
-         """<?xml version="1.0" encoding="utf-8"?>
- <SubjectConfirmationData xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
--InResponseTo="_1683146e27983964fbe7bf8f08961108d166a652e5" 
--NotOnOrAfter="2010-02-18T13:52:13.959Z" 
--NotBefore="2010-01-16T12:00:00Z" 
-+InResponseTo="_1683146e27983964fbe7bf8f08961108d166a652e5"
-+NotOnOrAfter="2010-02-18T13:52:13.959Z"
-+NotBefore="2010-01-16T12:00:00Z"
- Recipient="http://192.168.0.10/saml/sp" />""",
-     SubjectConfirmation:
-         """<?xml version="1.0" encoding="utf-8"?>
-@@ -166,6 +167,19 @@
-     assert kl == None
- 
- 
-+def test_create_class_from_xml_string_xxe():
-+    xml = """<?xml version="1.0"?>
-+    <!DOCTYPE lolz [
-+    <!ENTITY lol "lol">
-+    <!ELEMENT lolz (#PCDATA)>
-+    <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
-+    ]>
-+    <lolz>&lol1;</lolz>
-+    """
-+    with raises(EntitiesForbidden) as err:
-+        create_class_from_xml_string(NameID, xml)
-+
-+
- def test_ee_1():
-     ee = saml2.extension_element_from_string(
-         """<?xml version='1.0' encoding='UTF-8'?><foo>bar</foo>""")
-@@ -193,7 +207,7 @@
- def test_ee_3():
-     ee = saml2.extension_element_from_string(
-         """<?xml version='1.0' encoding='UTF-8'?>
--        <foo xmlns="urn:mace:example.com:saml:ns" 
-+        <foo xmlns="urn:mace:example.com:saml:ns"
-         id="xyz">bar</foo>""")
-     assert ee != None
-     print(ee.__dict__)
-@@ -454,6 +468,19 @@
-     assert nid.text.strip() == "http://federationX.org"
- 
- 
-+def test_ee_xxe():
-+    xml = """<?xml version="1.0"?>
-+    <!DOCTYPE lolz [
-+    <!ENTITY lol "lol">
-+    <!ELEMENT lolz (#PCDATA)>
-+    <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
-+    ]>
-+    <lolz>&lol1;</lolz>
-+    """
-+    with raises(EntitiesForbidden):
-+        saml2.extension_element_from_string(xml)
-+
-+
- def test_extension_element_loadd():
-     ava = {'attributes': {},
-            'tag': 'ExternalEntityAttributeAuthority',
-diff -Naur pysaml2/tests/test_43_soap.py pysaml2.new/tests/test_43_soap.py
---- pysaml2/tests/test_43_soap.py	2013-04-28 09:38:07.000000000 -0500
-+++ pysaml2.new/tests/test_43_soap.py	2017-01-10 20:39:53.730364008 -0600
-@@ -12,16 +12,20 @@
-         import cElementTree as ElementTree
-     except ImportError:
-         from elementtree import ElementTree
-+from defusedxml.common import EntitiesForbidden
-+
-+from pytest import raises
- 
- import saml2.samlp as samlp
- from saml2.samlp import NAMESPACE as SAMLP_NAMESPACE
-+from saml2 import soap
- 
- NAMESPACE = "http://schemas.xmlsoap.org/soap/envelope/"
- 
- example = """<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/">
-     <Body>
--        <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
--            xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
-+        <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
-+            xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
-             ID="_6c3a4f8b9c2d" Version="2.0" IssueInstant="2004-03-27T08:42:00Z">
-         <saml:Issuer>https://www.example.com/SAML</saml:Issuer>
-         <Status>
-@@ -55,7 +59,7 @@
-     envelope.tag = '{%s}Envelope' % NAMESPACE
-     body = ElementTree.Element('')
-     body.tag = '{%s}Body' % NAMESPACE
--    envelope.append(body)    
-+    envelope.append(body)
-     request = samlp.AuthnRequest()
-     request.become_child_element_of(body)
- 
-@@ -66,3 +70,42 @@
-     assert len(body) == 1
-     saml_part = body[0]
-     assert saml_part.tag == '{%s}AuthnRequest' % SAMLP_NAMESPACE
-+
-+
-+def test_parse_soap_enveloped_saml_thingy_xxe():
-+    xml = """<?xml version="1.0"?>
-+    <!DOCTYPE lolz [
-+    <!ENTITY lol "lol">
-+    <!ELEMENT lolz (#PCDATA)>
-+    <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
-+    ]>
-+    <lolz>&lol1;</lolz>
-+    """
-+    with raises(EntitiesForbidden):
-+        soap.parse_soap_enveloped_saml_thingy(xml, None)
-+
-+
-+def test_class_instances_from_soap_enveloped_saml_thingies_xxe():
-+    xml = """<?xml version="1.0"?>
-+    <!DOCTYPE lolz [
-+    <!ENTITY lol "lol">
-+    <!ELEMENT lolz (#PCDATA)>
-+    <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
-+    ]>
-+    <lolz>&lol1;</lolz>
-+    """
-+    with raises(soap.XmlParseError):
-+        soap.class_instances_from_soap_enveloped_saml_thingies(xml, None)
-+
-+
-+def test_open_soap_envelope_xxe():
-+    xml = """<?xml version="1.0"?>
-+    <!DOCTYPE lolz [
-+    <!ENTITY lol "lol">
-+    <!ELEMENT lolz (#PCDATA)>
-+    <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
-+    ]>
-+    <lolz>&lol1;</lolz>
-+    """
-+    with raises(soap.XmlParseError):
-+        soap.open_soap_envelope(xml)
-diff -Naur pysaml2/tests/test_51_client.py pysaml2.new/tests/test_51_client.py
---- pysaml2/tests/test_51_client.py	2015-12-11 05:10:01.000000000 -0600
-+++ pysaml2.new/tests/test_51_client.py	2017-01-10 20:42:12.819280442 -0600
-@@ -5,6 +5,7 @@
- import uuid
- import six
- from six.moves.urllib.parse import parse_qs, urlencode, urlparse
-+from pytest import raises
- from saml2.cert import OpenSSLWrapper
- from saml2.xmldsig import SIG_RSA_SHA256
- from saml2 import BINDING_HTTP_POST
-@@ -21,6 +22,7 @@
- from saml2.authn_context import INTERNETPROTOCOLPASSWORD
- from saml2.client import Saml2Client
- from saml2.config import SPConfig
-+from saml2.pack import parse_soap_enveloped_saml
- from saml2.response import LogoutResponse
- from saml2.saml import NAMEID_FORMAT_PERSISTENT, EncryptedAssertion, Advice
- from saml2.saml import NAMEID_FORMAT_TRANSIENT
-@@ -34,6 +36,8 @@
- from saml2.s_utils import factory
- from saml2.time_util import in_a_while, a_while_ago
- 
-+from defusedxml.common import EntitiesForbidden
-+
- from fakeIDP import FakeIDP
- from fakeIDP import unpack_form
- from pathutils import full_path
-@@ -1445,6 +1449,18 @@
-             'http://www.example.com/login'
-         assert ac.authn_context_class_ref.text == INTERNETPROTOCOLPASSWORD
- 
-+def test_parse_soap_enveloped_saml_xxe():
-+    xml = """<?xml version="1.0"?>
-+    <!DOCTYPE lolz [
-+    <!ENTITY lol "lol">
-+    <!ELEMENT lolz (#PCDATA)>
-+    <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
-+    ]>
-+    <lolz>&lol1;</lolz>
-+    """
-+    with raises(EntitiesForbidden):
-+        parse_soap_enveloped_saml(xml, None)
-+
- 
- # if __name__ == "__main__":
- #     tc = TestClient()
-- 
2.26.2