The libtom* family need regular updates and historically have led to vulnerabilities in their bundlers. RedHat had a bug on unbundling for pycrypto: https://bugzilla.redhat.com/show_bug.cgi?id=1087557. Fedora have a patch: https://src.fedoraproject.org/rpms/python-pycryptodomex/blob/master/f/python-pycryptodomex-3.7.3-use_external_libtomcrypt.patch
I suppose this also implies packaging libtomcrypt. I wonder if we really do need DES support in pycryptodome.
(In reply to Michał Górny from comment #1) > I suppose this also implies packaging libtomcrypt. I wonder if we really do > need DES support in pycryptodome. Got it now ;)
Not going to be this easy: error: Cannot load native module 'Crypto.Cipher._raw_des3': Trying '_raw_des3.pypy37-pp73-x86_64-linux-gnu.so': Cannot load library /tmp/portage/de v-python/pycryptodome-3.9.9-r1/work/pycryptodome-3.9.9-pypy3/lib/Crypto/Util/../Cipher/_raw_des3.pypy37-pp73-x86_64-linux-gnu.so: /usr/lib64/libtom crypt.so.1: undefined symbol: mp_rand. Additionally, ctypes.util.find_library() did not manage to locate a library called '/tmp/portage/dev-python /pycryptodome-3.9.9-r1/work/pycryptodome-3.9.9-pypy3/lib/Crypto/Util/../Cipher/_raw_des3.pypy37-pp73-x86_64-linux-gnu.so' I think libtomcrypt is broken somehow but I'm not sure how. Adding -lgmp is not sufficient to fix this.
Actually, my bad. Fixed linking in libtomcrypt wrong.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ba6d20d101e079eb1e997fcfb830b40b111b7217 commit ba6d20d101e079eb1e997fcfb830b40b111b7217 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2020-12-22 09:52:43 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2020-12-22 10:10:10 +0000 dev-python/pycryptodome: Unbundle libtomcrypt Closes: https://bugs.gentoo.org/732662 Signed-off-by: Michał Górny <mgorny@gentoo.org> .../pycryptodome-3.9.9-system-libtomcrypt.patch | 43 +++++++++++++++++ .../pycryptodome/pycryptodome-3.9.9-r1.ebuild | 54 ++++++++++++++++++++++ 2 files changed, 97 insertions(+)