[master][PATCH] 5/5] python3: Security fix CVE-2016-5636

Openembedded Core Discussions
 help / color / mirror / Atom feed

From: Armin Kuster <akuster808@gmail.com>
To: openembedded-core@lists.openembedded.org, akuster808@gmail.com
Cc: Armin Kuster <akuster@mvista.com>
Subject: [master][PATCH] 5/5] python3: Security fix CVE-2016-5636
Date: Sat, 16 Jul 2016 16:04:15 -0700	[thread overview]
Message-ID: <1468710255-5030-5-git-send-email-akuster808@gmail.com> (raw)
In-Reply-To: <1468710255-5030-1-git-send-email-akuster808@gmail.com>

From: Armin Kuster <akuster@mvista.com>

Affects python3 < 3.5.1
Base Score (4.4) Medium

Signed-off-by: Armin Kuster <akuster@mvista.com>
---
 .../python/python3/CVE-2016-5636.patch             | 44 ++++++++++++++++++++++
 meta/recipes-devtools/python/python3_3.5.1.bb      |  1 +
 2 files changed, 45 insertions(+)
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2016-5636.patch

diff --git a/meta/recipes-devtools/python/python3/CVE-2016-5636.patch b/meta/recipes-devtools/python/python3/CVE-2016-5636.patch
new file mode 100644
index 0000000..0d494d2
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2016-5636.patch
@@ -0,0 +1,44 @@
+
+# HG changeset patch
+# User Benjamin Peterson <benjamin@python.org>
+# Date 1453357506 28800
+# Node ID 10dad6da1b28ea4af78ad9529e469fdbf4ebbc8f
+# Parent  a3ac2cd93db9d5336dfd7b5b27efde2c568d8794# Parent  01ddd608b85c85952537d95a43bbabf4fb655057
+merge 3.4 (#26171)
+
+Upstream-Status: Backport
+CVE: CVE-2016-5636
+
+https://hg.python.org/cpython/raw-rev/10dad6da1b28
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: Python-3.5.1/Misc/NEWS
+===================================================================
+--- Python-3.5.1.orig/Misc/NEWS
++++ Python-3.5.1/Misc/NEWS
+@@ -91,6 +91,9 @@ Core and Builtins
+   Python.h header to fix a compilation error with OpenMP. PyThreadState_GET()
+   becomes an alias to PyThreadState_Get() to avoid ABI incompatibilies.
+ 
++- Issue #26171: Fix possible integer overflow and heap corruption in
++  zipimporter.get_data().
++
+ Library
+ -------
+ 
+Index: Python-3.5.1/Modules/zipimport.c
+===================================================================
+--- Python-3.5.1.orig/Modules/zipimport.c
++++ Python-3.5.1/Modules/zipimport.c
+@@ -1112,6 +1112,11 @@ get_data(PyObject *archive, PyObject *to
+     }
+     file_offset += l;           /* Start of file data */
+ 
++    if (data_size > LONG_MAX - 1) {
++        fclose(fp);
++        PyErr_NoMemory();
++        return NULL;
++    }
+     bytes_size = compress == 0 ? data_size : data_size + 1;
+     if (bytes_size == 0)
+         bytes_size++;
diff --git a/meta/recipes-devtools/python/python3_3.5.1.bb b/meta/recipes-devtools/python/python3_3.5.1.bb
index 0d667d2..bf29d12 100644
--- a/meta/recipes-devtools/python/python3_3.5.1.bb
+++ b/meta/recipes-devtools/python/python3_3.5.1.bb
@@ -37,6 +37,7 @@ SRC_URI += "\
             file://setup.py-find-libraries-in-staging-dirs.patch \
             file://use_packed_importlib.patch \
             file://configure.ac-fix-LIBPL.patch \
+            file://CVE-2016-5636.patch \
            "
 SRC_URI[md5sum] = "e9ea6f2623fffcdd871b7b19113fde80"
 SRC_URI[sha256sum] = "c6d57c0c366d9060ab6c0cdf889ebf3d92711d466cc0119c441dbf2746f725c9"
-- 
2.3.5

     prev parent reply	other threads:[~2016-07-16 23:04 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-07-16 23:04 [master][PATCH] 1/5] openssl: Security fix CVE-2016-2177 Armin Kuster
2016-07-16 23:04 ` [master][PATCH] 2/5] openssl: Security fix CVE-2016-2178 Armin Kuster
2016-07-16 23:04 ` [master][PATCH] 3/5] bzip2: Security fix CVE-2016-3189 Armin Kuster
2016-08-08 12:41   ` Alexander Kanavin
2016-07-16 23:04 ` [master][PATCH] 4/5] python2: Security fix CVE-2016-5636 Armin Kuster
2016-07-16 23:04 ` Armin Kuster [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:0d494d2 dfblob:0d667d2 dfblob:bf29d12 )
 OR (
bs:"[master][PATCH] 5/5] python3: Security fix CVE-2016-5636" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1468710255-5030-5-git-send-email-akuster808@gmail.com \
    --to=akuster808@gmail.com \
    --cc=akuster@mvista.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox