Python Cryptography Toolkit

pycrypto-2.0.1 uses md5 & sha1 modules which will be deprecated in 2.6/3.0

Reported by Mike Auty on 2008-09-12
30
This bug affects 5 people
Affects Status Importance Assigned to Milestone
Bazaar
Undecided
Bob Tanner
Python-Crypto
Undecided
Dwayne Litzenberger
python-crypto (Fedora)
Fix Released
Unknown
python-crypto (Ubuntu)
Medium
James Westby

Bug Description

This is only a very minor bug (and 2.6 hasn't even been released yet), but since the deprecations show up for every package that uses them, it was quite noticeable when testing out the new versions in preparation.

Unfortunately the hashlib module isn't PEP 247 compliant, so there will be a bit work to maintain the current interface. It might be worth filing a bug at python.org suggesting that deprecating module compliant to a PEP for one that isn't should be fixed (preferably by providing a compliant interface).

Dwayne Litzenberger (dlitz) wrote :

Fixed in commit-id d2311689910240e425741a546576129f4c9735e2 in the git repository.

http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=d2311689910240e425741a546576129f4c9735e2

Changed in pycrypto:
assignee: nobody → dlitz
status: New → Fix Committed
Mike Auty (mike-auty) wrote :

Wow, thanks for the incredibly quick fix!

I was just wondering about the Hmac module, since that seems to import the md5 module, but it's not clear if it imports the python one, or the Crypto.Hash.md5 module? Are module imports relative or absolute? If they're relative, then do please ignore me...

Dwayne Litzenberger (dlitz) wrote :

Imports are relative in Python 2, but also case-sensitive. Here's the next fix:

http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=84b793416b52311643bfd456a4544444afbfb5da

Let me know if that works (I haven't tested on Win32 yet).

Mike Auty (mike-auty) wrote :

Sorry for the long delay, all seems to work fine on my linux box (don't have a win32 box to test on I'm afraid). Again, thanks for the fix! 5:)

Changed in python-crypto:
status: Unknown → Confirmed
Changed in python-crypto:
status: Confirmed → Fix Released
Bob Tanner (tanner) wrote :

Think you could push a 2.0.2 release?

With just the above patches if a full build/release is too much work?

I will volunteer to push a release if you give me your blessing :-)

Bob Tanner (tanner) on 2009-03-16
Changed in bzr:
assignee: nobody → tanner
milestone: none → 1.14rc1
status: New → Fix Committed
Bob Tanner (tanner) wrote :

Please see https://bugs.launchpad.net/bzr/+bug/342170 there's a bzr branch with the above upstream patches applied that should work for Ubuntu people. Please let me know what else I can do to help.

Bob Tanner (tanner) on 2009-03-16
Changed in python-crypto:
assignee: nobody → ubuntu-core-dev
Scott Kitterman (kitterman) wrote :

Please don't assign ubuntu-core-dev to bugs. That causes everyone to get mailed and is not the appropriate process.

Changed in python-crypto:
assignee: ubuntu-core-dev → nobody
Colin Watson (cjwatson) on 2009-03-16
Changed in python-crypto (Ubuntu):
assignee: nobody → doko
Kees Cook (kees) wrote :

This bug was fixed in the package python-crypto - 2.0.1+dfsg1-2.3ubuntu4

---------------
python-crypto (2.0.1+dfsg1-2.3ubuntu4) jaunty; urgency=low

  [ Martin Pool ]
  * Take patch from upstream to avoid deprecation warnings under python 2.6.
    (LP: #337073)

 -- James Westby <email address hidden> Tue, 10 Mar 2009 16:12:48 +1000

Changed in python-crypto (Ubuntu):
assignee: doko → james-w
importance: Undecided → Medium
milestone: none → ubuntu-9.04-beta
status: New → Fix Released
Vincent Ladeuil (vila) on 2009-04-29
Changed in bzr:
status: Fix Committed → Fix Released
ssteinerX (ssteinerx) wrote :

I apologize in advance, I'm just a user of this project. I'm getting the deprecation warnings on 2.0.1, under 2.6.2 about the md5 module and, by policy, have to use a release version at work. Can a 2.0.2 be pushed out to resolve this? Thanks, S.

Dwayne Litzenberger (dlitz) wrote :

We believe this bug has been fixed in PyCrypto v2.1.0, which can be obtained from http://www.pycrypto.org/

Changed in pycrypto:
status: Fix Committed → Fix Released
Changed in pycrypto:
milestone: none → 2.1.0
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.