Stop creating issues - this project is dead! #173
Comments
|
PyCryptodome is an interesting fork, and worked out of box on OS X 10.10.5. The only two things it is missing (IMHO) are:
Would love to see those added. |
|
Is there any reason to believe that the original comment is valid? |
|
"Valid" in what sense? There hasn't been a new release of PyCrypto for several years. 2.7 has been in alpha state for approximately that long. So while I cannot tell whether the original project is dead, it clearly isn't actively maintained. |
|
Took me a while to figure this out -- maybe the README should be updated to clearly state this at the top? |
|
Yes, that would be good. For one thing, that would alert other projects that depend on pycrypto (like pysnmp) that they need to switch, or at the very least that they need to be able to use pycryptome as an alternative dependency. |
|
Holy fucking shit, it even has an exploitable buffer overflow (although no idea how to do it remotely) #176 |
39 tasks
6 tasks
mbakke
pushed a commit
to mbakke/guix
that referenced
this issue
Dec 27, 2016
Python-pycrypto is an optional dependency of python-stem. Python-pycrypto is unmaintained [0] and contains an exploitable buffer overflow bug [1]. [0] pycrypto/pycrypto#173 [1] pycrypto/pycrypto#176 * gnu/packages/python.scm (python-stem, python2-stem)[propagated-inputs]: Remove python-pycrypto.
ghost
mentioned this issue
conradlink
added a commit
to conradlink/awesome-python
that referenced
this issue
Jan 27, 2017
It appears pycrypto is no longer maintained and has known vulnerabilities, see: pycrypto/pycrypto#176 pycrypto/pycrypto#173 Appears that larger projects (paramiko, ansible, twisted) have moved over to PyCA's cryptography, which is already on the list.
ghost
mentioned this issue
raymontag
added a commit
to raymontag/keepassc
that referenced
this issue
May 16, 2018
This commit removes the usage of PyCrypto and add support for PyCryptodome. This is necessary as PyCrypto is not maintained anymore and seems to have serious issues. PyCryptodome is an active fork of PyCrypto This is referenced in pycrypto/pycrypto#173 and pycrypto/pycrypto#176. This is an answer to the suggestion from raymontag/keepass#72
sgiy
referenced
this issue
in sgiy/crypto-trader
Feb 4, 2019
arterrey
pushed a commit
to adamandpaul/aplinux.distribution
that referenced
this issue
Aug 7, 2019
I could not find any direct imports in aplinux.distribution or our code base, using PyCharm's full solution search (though plenty of self-referential imports and an 'adapted from Crypto.Util.number' comment in paramiko.util.inflate_long). It was last updated in 2013, and has been generally superseded in the community by cryptography (or to a lesser extent PyCryptodome). https://pypi.org/project/pycrypto/ https://pypi.org/project/cryptography/ https://pypi.org/project/pycryptodome/ Also has an exploitable buffer overflow and likely multiple CVEs: pycrypto/pycrypto#173 (comment) pycrypto/pycrypto#285
|
bump |
nim65s
added a commit
to nim65s/robotpkg
that referenced
this issue
Jan 13, 2020
pycrypto is no longer maintain: pycrypto/pycrypto#173 Then arch decided to replace it with pycryptodome: https://lists.archlinux.org/pipermail/arch-dev-public/2018-August/029352.html This is even the default for ros_comm upstream now: https://github.com/ros/ros_comm/pull/1609/files
nim65s
added a commit
to nim65s/robotpkg
that referenced
this issue
Jan 13, 2020
pycrypto is no longer maintain: pycrypto/pycrypto#173 Then arch decided to replace it with pycryptodome: https://lists.archlinux.org/pipermail/arch-dev-public/2018-August/029352.html This is even the default for ros_comm upstream now: https://github.com/ros/ros_comm/pull/1609/files
nim65s
added a commit
to nim65s/robotpkg
that referenced
this issue
Jan 15, 2020
pycrypto is no longer maintain: pycrypto/pycrypto#173 Then arch decided to replace it with pycryptodome: https://lists.archlinux.org/pipermail/arch-dev-public/2018-August/029352.html This is even the default for ros_comm upstream now: https://github.com/ros/ros_comm/pull/1609/files
Srudush
added a commit
to Srudush/dim
that referenced
this issue
Feb 24, 2021
According to pycrypto/pycrypto#173, pycrypto is not maintained since 2015. So replace it with the fork to stop a couple error messages that popped up during tests.
miesi
pushed a commit
to 1and1/dim
that referenced
this issue
Apr 13, 2021
Group of changes to make DIM work with python 3. The whole system will probably be numbered DIM 4.0 * ndcli - remove comment import for zones ndcli is able to import comments in zone files, which look like this: foo A 127.0.0.1 ; a comment With dnspython 2.1 an internal API changed and now the patch to dnspython via ndcli doesn't work anymore. This means, that comment import from bind files for each record does not work anymore, but fixing that problem would take much more time to figure out correctly. And if we do not figure out how to work around the issue, it will throw us back with compatibility even more. * move tests into correct directory These are needed by the runtest.py script as it contains a couple helpers. * dim-testsuite - add Makefile to prepare environment * dim-testsuite - get testsuite running There were a lot of errors because of various forms of str and byte incompatibilties. I wasn't able to track them all down, but now it is working and it will need a lot of work in the future. At the same time the ndcli call was using the library, which was replaced with subprocess calls, because I wasn't able to get proper results from the library calls. * dim - replace pycrypto According to pycrypto/pycrypto#173, pycrypto is not maintained since 2015. So replace it with the fork to stop a couple error messages that popped up during tests. * dim-testsuite - start the webserver when running the tests This makes starting the daemon beforehand unnecessary and makes testing a tad bit faster. * dim-testsuite - add README and Makefile This should help to get the tests up and running. * dim-testsuite - fix stdin errors When the _ndcli method was reimplemented stdin was forgotten to be added. Now that it is back in, we can get results from the zone import scripts. * dim - add missing order_by clause The order by is important to keep the order of the zone list results ordered by name. * dim - mark crypto string as bytes array * dim - replace missing keydata field The keydata field went missing when upgrading the pycrypto dependency to pycryptodome. This was the original content. * dim - python2 to 3 conversion changes These are all conversion changes made by the 2to3 tool. In rpc.py#1462 is also a small change in the sqlalchemy syntax, because as it was, that query did not work. The profile attribute in the filter_by clause was tried against the name string. Converting that to a filter clause made the query work. * dim, ndcli - fix argument garbage This didn't work since forever. The parameter list didn't require the most important arguments, which caused the first named argument to be a dict instead of the expected type. With this change, we require the parameter to exist at least and then also add it to ndcli. * dim - enforce argument type The argument for islice was ecpected to be an integer but entered as an integer. This caused then errors further down the line. * dim - avoid floats When creating the range array, the range was split. This computation resulted in a float, which then caused errors further down the line, when an IP should have been generated. To avoid that problem, use floor to make sure we always get an integer out of the computation. * dim - fix python3 type handling In python3 a list of characters is a list of integers. In python2 it was a list of strings. So we don't need the ord call anymore. * dim - fix string and byte incompatibility In python3 it isn't possible anymore to concat a string to bytes. So make everything into bytes and make it work that way. * dim-testsuite - make README nicer * dim-testsuite - make clear how to run the server runtest.py can start the server itself, but will not try killing what already exists. * dim-testsuite - fix byte/str problems There were a lot of problems when comparing the result with the expected result, because bytes and str types were all over the place. Sometimes even int was involved. This tries to fix most of the places, but I am sure, this is still not the last place. Wouldn't it be nice if a compiler could tell me at once what is wrong instead of me figuring out every line by myself? * dim-testsuite: resolve match error When a parenthesis was present in a string, that was used in a regex, it was causing errors when using the regex. With the escape in place, this causes less problems. Also fix some more string/byte errors. * dim-testsuite - fix order of output The order of the output was wrong, which caused the tests to not succeed. * dim-testsuite - make more places binary There were still some places that were strings, instead of binary, which caused the regex library to crash. * dim-testsuite - simplify comparison of lines The result was matched over and over with what was expected. Instead of wasting time with loops, the output should be constant to what is expected. So in this commit the lopps were simplified, which also reduces the runtime of the testsuite a bit. * dim - add order by options Until now, the order of returned rows was sometimes random, which confused the tests. WIth this, the order is predefined and should be much more stable. * ndcli - fix order of returned rows Somehow, the order of returned users is sometimes random, even though it should be sorted in the middleware. So instead enforce the order in the client to make the checks go green. * dim-testsuite - fix the last string/byte problems This should be now the last couple issues fixed. * dim-testsuite - remove trailing whitespace * dim-testsuite - fix test ttl vs serial The ttl is always set before the serial, so the history must always be this way. * dim - fix history for subnets added to pools Somehow in all the SQLAlchemy changes the event system changed in a way, that adding a subnet to a pool didn't trigger the history entry anymore. With these commits the history entry is created as before. If there is a better way, then please fix it. I couldn't find a better way. * dim-testsuite - print what is wrong Sometimes, there are such small issues wrong, that it is hard to find them just from the diff. So instead print the data structures from python too, so that they can be compared directly. * dim-testsuite - reorder test output The testoutput changed for some parts, so reorder them to make them correct. Also add a missing line in the output.
tty-kwn
added a commit
to tty-kwn/worklog
that referenced
this issue
Jul 6, 2021
superdev7
pushed a commit
to superdev7/python-awesome
that referenced
this issue
Aug 10, 2021
It appears pycrypto is no longer maintained and has known vulnerabilities, see: pycrypto/pycrypto#176 pycrypto/pycrypto#173 Appears that larger projects (paramiko, ansible, twisted) have moved over to PyCA's cryptography, which is already on the list.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Move to a fork like
pycryptodomeThe text was updated successfully, but these errors were encountered: