Home | Devuan | Git | Forum | Packages | Popcon
Donate now!
Download

Devuan bug report logs - #716
hash built-in function in python3 is salted

version graph

Package: greylistd; Maintainer for greylistd is (unknown); Source for greylistd is src:greylistd.

Reported by: "Fernando M. Maresca (Monitoring Station S.A.)" <fmaresca@monssa.com.ar>

Date: Wed, 5 Oct 2022 12:54:01 UTC

Severity: grave

Tags: debian

Found in version 0.8.8.7

Forwarded to https://bugs.debian.org/1021356

Full log

🔗 View this message in rfc822 format

X-Loop: owner@bugs.devuan.org
Subject: bug#716: hash built-in function in python3 is salted
Reply-To: "Fernando M. Maresca (Monitoring Station S.A.)" <fmaresca@monssa.com.ar>, 716@bugs.devuan.org
Resent-From: "Fernando M. Maresca (Monitoring Station S.A.)" <fmaresca@monssa.com.ar>
Resent-To: devuan-bugs@lists.dyne.org
Resent-CC: devuan-dev@lists.dyne.org
X-Loop: owner@bugs.devuan.org
Resent-Date: Wed, 05 Oct 2022 12:54:01 +0000
Resent-Message-ID: <handler.716.B.166497436722973@bugs.devuan.org>
Resent-Sender: owner@bugs.devuan.org
X-Devuan-PR-Message: report 716
X-Devuan-PR-Package: greylistd
X-Devuan-PR-Keywords: 
Received: via spool by submit@bugs.devuan.org id=B.166497436722973
          (code B); Wed, 05 Oct 2022 12:54:01 +0000
Received: (at submit) by bugs.devuan.org; 5 Oct 2022 12:52:47 +0000
Delivered-To: devuanbugs@dyne.org
Received: from mail.dyne.org [141.95.83.167]
	by doc.devuan.org with IMAP (fetchmail-6.4.16)
	for <debbugs@localhost> (single-drop); Wed, 05 Oct 2022 12:52:47 +0000 (UTC)
Received: from mail.monssa.com.ar (mail.monssa.com.ar [190.3.107.187])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.dyne.org (Postfix) with ESMTPS id A0330661994
	for <submit@bugs.devuan.org>; Wed,  5 Oct 2022 14:51:20 +0200 (CEST)
Received: from aleph.devel.monssa.com.ar ([10.20.30.21]:43742)
	by mail.monssa.com.ar with esmtpsa  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <fmaresca@monssa.com.ar>)
	id 1og3rk-0005W2-I4; Wed, 05 Oct 2022 09:51:12 -0300
Received: from fmaresca by aleph.devel.monssa.com.ar with local (Exim 4.92)
	(envelope-from <fmaresca@monssa.com.ar>)
	id 1og3rk-0006jZ-Ez; Wed, 05 Oct 2022 09:51:12 -0300
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: "Fernando M. Maresca (Monitoring Station S.A.)" <fmaresca@monssa.com.ar>
To: Devuan Bug Tracking System <submit@bugs.devuan.org>
Message-ID: <166497427241.10164.17845131670545146281.reportbug@aleph.devel.monssa.com.ar>
Date: Wed, 05 Oct 2022 09:51:12 -0300
X-Spam-Score: -1.0
X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED,
	SPF_HELO_PASS,SPF_PASS,URIBL_BLOCKED autolearn=disabled version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail.dyne.org

Package: greylistd
Version: 0.8.8.7
Severity: grave



The hash() function used to hash triplets in python3 has a different
behaviour that the python2 version. 

py3 hash() is salted, so the hash it produces for the same input text differs between runs.

That produces two problems in greylistd:
- multiple entries added to the lists 
- checks produces different keys

To reproduce:
- start greylistd

- greylist clear
- greylist list --white (verify is empty)
- greylist add --white a.com
- greylist list --white (verify a.com is in wl)
- greylist check a.com (should be white)

- restart greylistd
- greylist list --white (verify a.com is in wl)
- greylist check a.com (returns grey, should be white)

Thank you.



-- System Information:
Distributor ID:	Devuan
Description:	Devuan GNU/Linux 3 (beowulf)
Release:	3
Codename:	beowulf
Architecture: x86_64

Kernel: Linux 5.10.0-0.bpo.7-amd64 (SMP w/12 CPU cores)
Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8), LANGUAGE=es_AR:es (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages greylistd depends on:
ii  adduser                3.118
ii  debconf [debconf-2.0]  1.5.71+deb10u1
ii  python                 2.7.16-1

Versions of packages greylistd recommends:
ii  exim4  4.92-8+deb10u6

greylistd suggests no packages.

-- debconf-show failed

Send a report that this bug log contains spam.

Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.

Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified: Sun May 5 11:58:15 2024;