Python-Crypto

pycrypto-2.0.1 uses md5 & sha1 modules which will be deprecated in 2.6/3.0

Bug #269429 reported by Mike Auty on 2008-09-12

This bug affects 5 people

	Status	Importance	Assigned to	Milestone
Bazaar	Fix Released	Undecided	Bob Tanner	Bazaar 1.14rc1
Python-Crypto	Fix Released	Undecided	Darsey Litzenberger
python-crypto (Fedora)	Fix Released	Low	redhat-bugs #484473
python-crypto (Ubuntu)	Fix Released	Medium	James Westby	Ubuntu ubuntu-9.04-beta

Bug Description

This is only a very minor bug (and 2.6 hasn't even been released yet), but since the deprecations show up for every package that uses them, it was quite noticeable when testing out the new versions in preparation.

Unfortunately the hashlib module isn't PEP 247 compliant, so there will be a bit work to maintain the current interface. It might be worth filing a bug at python.org suggesting that deprecating module compliant to a PEP for one that isn't should be fixed (preferably by providing a compliant interface).

Revision history for this message

Darsey Litzenberger (dlitz) wrote on 2008-09-14:

Fixed in commit-id d2311689910240e425741a546576129f4c9735e2 in the git repository.

http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=d2311689910240e425741a546576129f4c9735e2

Darsey Litzenberger (dlitz) on 2008-09-14

Changed in pycrypto:
assignee:	nobody → dlitz
status:	New → Fix Committed

Revision history for this message

Mike Auty (mike-auty) wrote on 2008-09-14:

Wow, thanks for the incredibly quick fix!

I was just wondering about the Hmac module, since that seems to import the md5 module, but it's not clear if it imports the python one, or the Crypto.Hash.md5 module? Are module imports relative or absolute? If they're relative, then do please ignore me...

Revision history for this message

Darsey Litzenberger (dlitz) wrote on 2008-09-14:

Imports are relative in Python 2, but also case-sensitive. Here's the next fix:

http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=84b793416b52311643bfd456a4544444afbfb5da

Let me know if that works (I haven't tested on Win32 yet).

Revision history for this message

Mike Auty (mike-auty) wrote on 2008-09-17:

Sorry for the long delay, all seems to work fine on my linux box (don't have a win32 box to test on I'm afraid). Again, thanks for the fix! 5:)

Revision history for this message

In Red Hat Bugzilla #484473, Henrik (henrik-redhat-bugs) wrote on 2009-02-07:

#11

Description of problem:

Applications using python-crypto may get the following warning:

/usr/lib64/python2.6/site-packages/Crypto/Hash/SHA.py:6: DeprecationWarning: the sha module is deprecated; use the hashlib module instead
from sha import *
/usr/lib64/python2.6/site-packages/Crypto/Hash/MD5.py:6: DeprecationWarning: the md5 module is deprecated; use hashlib instead
from md5 import *

Version-Release number of selected component (if applicable):

python-crypto-2.0.1-14.1.x86_64
python-2.6-4.fc11.x86_64

How reproducible:

Always

Steps to Reproduce:
1.
2.
3.

Actual results:

Expected results:

No warnings about deprecated functions.

Additional info:

From a quick grep it also applies to Crypto/Hash/HMAC.py

It seems the fix is simply changing as follows

From:
from md5 import *
import mf5
To:
from hashlib import md5

and similar for SHA.

Revision history for this message

In Red Hat Bugzilla #484473, Stewart (stewart-redhat-bugs) wrote on 2009-02-07:

#12

Can you confirm this is fixed in 2.0.1-15? I haven't setup my rawhide VM to test yet...

http://koji.fedoraproject.org/koji/taskinfo?taskID=1111208

Revision history for this message

In Red Hat Bugzilla #484473, Henrik (henrik-redhat-bugs) wrote on 2009-02-07:

#13

Same problem in 2.0.1-15.

Revision history for this message

In Red Hat Bugzilla #484473, Henrik (henrik-redhat-bugs) wrote on 2009-02-07:

#14

The patch in CVS looks about right, but is not added to the spec file so not part of the build..

Needs to be both a Patch0: source line, and a %patch0 statement in %prep

Revision history for this message

In Red Hat Bugzilla #484473, Stewart (stewart-redhat-bugs) wrote on 2009-02-07:

#15

Sorry about that, fixed now. Rebuilding now: http://koji.fedoraproject.org/koji/taskinfo?taskID=1111411

I've also changed the patch a bit, as to remain compatible with PEP 247 we can't simply replace the md5/sha modules with their hashlib equivalents - hashlib provides a function and not a module with the digest_size and blocksize properties. The SHA and MD5 functions will now contain the correct values for digest_size and blocksize (the same values as the objects from hashlib have) as before there were hardcoded from the Python sha and md5 modules.

Bug Watch Updater (bug-watch-updater) on 2009-02-11

Changed in python-crypto:
status:	Unknown → Confirmed

Revision history for this message

In Red Hat Bugzilla #484473, Thorsten (thorsten-redhat-bugs) wrote on 2009-02-12:

#16

Stewart, upstream has a report reg. this as well:

https://bugs.launchpad.net/pycrypto/+bug/269429

There are also fixes in git:

http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d2311689910240e425741a546576129f4c9735e2
http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=84b793416b52311643bfd456a4544444afbfb5da

Should we use those just to be on the safe side?

BTW: Steward, would you be interested to take over python-crypto? I don#t need it anymore

Revision history for this message

In Red Hat Bugzilla #484473, Stewart (stewart-redhat-bugs) wrote on 2009-02-18:

#17

Fixed in 2.0.1-17: http://koji.fedoraproject.org/koji/buildinfo?buildID=82882

Bug Watch Updater (bug-watch-updater) on 2009-02-18

Changed in python-crypto:
status:	Confirmed → Fix Released

Revision history for this message

Bob Tanner (tanner) wrote on 2009-03-10:

Think you could push a 2.0.2 release?

With just the above patches if a full build/release is too much work?

I will volunteer to push a release if you give me your blessing :-)

Bob Tanner (tanner) on 2009-03-16

Changed in bzr:
assignee:	nobody → tanner
milestone:	none → 1.14rc1
status:	New → Fix Committed

Revision history for this message

Bob Tanner (tanner) wrote on 2009-03-16:

Please see https://bugs.launchpad.net/bzr/+bug/342170 there's a bzr branch with the above upstream patches applied that should work for Ubuntu people. Please let me know what else I can do to help.

Bob Tanner (tanner) on 2009-03-16

Changed in python-crypto:
assignee:	nobody → ubuntu-core-dev

Revision history for this message

Scott Kitterman (kitterman) wrote on 2009-03-16:

Please don't assign ubuntu-core-dev to bugs. That causes everyone to get mailed and is not the appropriate process.

Changed in python-crypto:
assignee:	ubuntu-core-dev → nobody

Colin Watson (cjwatson) on 2009-03-16

Changed in python-crypto (Ubuntu):
assignee:	nobody → doko

Revision history for this message

Kees Cook (kees) wrote on 2009-03-16:

This bug was fixed in the package python-crypto - 2.0.1+dfsg1-2.3ubuntu4

---------------
python-crypto (2.0.1+dfsg1-2.3ubuntu4) jaunty; urgency=low

  [ Martin Pool ]
  * Take patch from upstream to avoid deprecation warnings under python 2.6.
    (LP: #337073)

-- James Westby <email address hidden> Tue, 10 Mar 2009 16:12:48 +1000

Changed in python-crypto (Ubuntu):
assignee:	doko → james-w
importance:	Undecided → Medium
milestone:	none → ubuntu-9.04-beta
status:	New → Fix Released

Vincent Ladeuil (vila) on 2009-04-29

Changed in bzr:
status:	Fix Committed → Fix Released

Revision history for this message

ssteinerX (ssteinerx) wrote on 2009-06-11:

I apologize in advance, I'm just a user of this project. I'm getting the deprecation warnings on 2.0.1, under 2.6.2 about the md5 module and, by policy, have to use a release version at work. Can a 2.0.2 be pushed out to resolve this? Thanks, S.

Revision history for this message

Darsey Litzenberger (dlitz) wrote on 2009-12-13:

#10

We believe this bug has been fixed in PyCrypto v2.1.0, which can be obtained from http://www.pycrypto.org/

Changed in pycrypto:
status:	Fix Committed → Fix Released

Darsey Litzenberger (dlitz) on 2009-12-13

Changed in pycrypto:
milestone:	none → 2.1.0

Bug Watch Updater (bug-watch-updater) on 2017-10-27

Changed in python-crypto (Fedora):
importance:	Unknown → Low

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

redhat-bugs #484473
[CLOSED RAWHIDE] Edit

Bug watches keep track of this bug in other bug trackers.