* [PATCH 1/1] Python: Fix for CVE-2012-2135
[not found] <3450>
@ 2012-11-30 4:30 ` yanjun.zhu
2012-11-30 8:05 ` Saul Wold
2012-12-06 13:01 ` Burton, Ross
2012-11-30 10:47 ` yanjun.zhu
` (4 subsequent siblings)
5 siblings, 2 replies; 12+ messages in thread
From: yanjun.zhu @ 2012-11-30 4:30 UTC (permalink / raw)
To: openembedded-core
From: "yanjun.zhu" <yanjun.zhu@windriver.com>
Reference:http://http://bugs.python.org/issue14579
The utf-16 decoder in Python 3.1 through 3.3 does not update the
aligned_end variable after calling the unicode_decode_call_errorhandler
function, which allows remote attackers to obtain sensitive information
(process memory) or cause a denial of service (memory corruption and crash)
via unspecified vectors.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
---
.../python/python/python-2.7.2-CVE-2012-2135.patch | 22 ++++++++++++++++++++++
meta/recipes-devtools/python/python_2.7.2.bb | 1 +
2 files changed, 23 insertions(+)
create mode 100644 meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch
diff --git a/meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch b/meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch
new file mode 100644
index 0000000..bb9719e
--- /dev/null
+++ b/meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch
@@ -0,0 +1,22 @@
+Reference:http://http://bugs.python.org/issue14579
+
+The utf-16 decoder in Python 3.1 through 3.3 does not update the
+aligned_end variable after calling the unicode_decode_call_errorhandler
+function, which allows remote attackers to obtain sensitive information
+(process memory) or cause a denial of service (memory corruption and crash)
+via unspecified vectors.
+
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
+Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
+diff -urpN a/Objects/unicodeobject.c b/Objects/unicodeobject.c
+--- a/Objects/unicodeobject.c 2012-11-12 16:25:33.000000000 +0800
++++ b/Objects/unicodeobject.c 2012-11-12 16:26:22.000000000 +0800
+@@ -2568,7 +2568,7 @@ PyUnicode_DecodeUTF16Stateful(const char
+ }
+
+ /* UTF-16 code pair: */
+- if (q >= e) {
++ if (e - q < 2) {
+ errmsg = "unexpected end of data";
+ startinpos = (((const char *)q)-2)-starts;
+ endinpos = ((const char *)e)-starts;
diff --git a/meta/recipes-devtools/python/python_2.7.2.bb b/meta/recipes-devtools/python/python_2.7.2.bb
index 2adb4e4..9dabfb7 100644
--- a/meta/recipes-devtools/python/python_2.7.2.bb
+++ b/meta/recipes-devtools/python/python_2.7.2.bb
@@ -24,6 +24,7 @@ SRC_URI += "\
file://setuptweaks.patch \
file://check-if-target-is-64b-not-host.patch \
file://search_db_h_in_inc_dirs_and_avoid_warning.patch \
+ file://python-2.7.2-CVE-2012-2135.patch \
"
S = "${WORKDIR}/Python-${PV}"
--
1.7.11
^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH 1/1] Python: Fix for CVE-2012-2135
2012-11-30 4:30 ` [PATCH 1/1] Python: Fix for CVE-2012-2135 yanjun.zhu
@ 2012-11-30 8:05 ` Saul Wold
2012-12-06 13:01 ` Burton, Ross
1 sibling, 0 replies; 12+ messages in thread
From: Saul Wold @ 2012-11-30 8:05 UTC (permalink / raw)
To: yanjun.zhu; +Cc: openembedded-core
On 11/29/2012 08:30 PM, yanjun.zhu wrote:
> From: "yanjun.zhu" <yanjun.zhu@windriver.com>
>
> Reference:http://http://bugs.python.org/issue14579
>
> The utf-16 decoder in Python 3.1 through 3.3 does not update the
> aligned_end variable after calling the unicode_decode_call_errorhandler
> function, which allows remote attackers to obtain sensitive information
> (process memory) or cause a denial of service (memory corruption and crash)
> via unspecified vectors.
>
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
> Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
> ---
> .../python/python/python-2.7.2-CVE-2012-2135.patch | 22 ++++++++++++++++++++++
> meta/recipes-devtools/python/python_2.7.2.bb | 1 +
> 2 files changed, 23 insertions(+)
> create mode 100644 meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch
>
> diff --git a/meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch b/meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch
> new file mode 100644
> index 0000000..bb9719e
> --- /dev/null
> +++ b/meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch
> @@ -0,0 +1,22 @@
> +Reference:http://http://bugs.python.org/issue14579
> +
> +The utf-16 decoder in Python 3.1 through 3.3 does not update the
> +aligned_end variable after calling the unicode_decode_call_errorhandler
> +function, which allows remote attackers to obtain sensitive information
> +(process memory) or cause a denial of service (memory corruption and crash)
> +via unspecified vectors.
> +
> +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
Need Upstream-Status: Like all the other CVE patches you have
submitted, please fix this. I appreciate the work you are doing, but
please include Upstream-Status, are these backport, or pending?
Sau!
> +Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
> +diff -urpN a/Objects/unicodeobject.c b/Objects/unicodeobject.c
> +--- a/Objects/unicodeobject.c 2012-11-12 16:25:33.000000000 +0800
> ++++ b/Objects/unicodeobject.c 2012-11-12 16:26:22.000000000 +0800
> +@@ -2568,7 +2568,7 @@ PyUnicode_DecodeUTF16Stateful(const char
> + }
> +
> + /* UTF-16 code pair: */
> +- if (q >= e) {
> ++ if (e - q < 2) {
> + errmsg = "unexpected end of data";
> + startinpos = (((const char *)q)-2)-starts;
> + endinpos = ((const char *)e)-starts;
> diff --git a/meta/recipes-devtools/python/python_2.7.2.bb b/meta/recipes-devtools/python/python_2.7.2.bb
> index 2adb4e4..9dabfb7 100644
> --- a/meta/recipes-devtools/python/python_2.7.2.bb
> +++ b/meta/recipes-devtools/python/python_2.7.2.bb
> @@ -24,6 +24,7 @@ SRC_URI += "\
> file://setuptweaks.patch \
> file://check-if-target-is-64b-not-host.patch \
> file://search_db_h_in_inc_dirs_and_avoid_warning.patch \
> + file://python-2.7.2-CVE-2012-2135.patch \
> "
>
> S = "${WORKDIR}/Python-${PV}"
>
^ permalink raw reply [flat|nested] 12+ messages in thread
* [PATCH 1/1] Python: Fix for CVE-2012-2135
[not found] <3450>
2012-11-30 4:30 ` [PATCH 1/1] Python: Fix for CVE-2012-2135 yanjun.zhu
@ 2012-11-30 10:47 ` yanjun.zhu
2012-11-30 11:02 ` yanjun.zhu
` (3 subsequent siblings)
5 siblings, 0 replies; 12+ messages in thread
From: yanjun.zhu @ 2012-11-30 10:47 UTC (permalink / raw)
To: openembedded-core
From: "yanjun.zhu" <yanjun.zhu@windriver.com>
Reference:http://bugs.python.org/issue14579
The utf-16 decoder in Python 3.1 through 3.3 does not update the
aligned_end variable after calling the unicode_decode_call_errorhandler
function, which allows remote attackers to obtain sensitive information
(process memory) or cause a denial of service (memory corruption and crash)
via unspecified vectors.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
[YOCTO #3450]
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
---
.../python/python/python-2.7.2-CVE-2012-2135.patch | 25 ++++++++++++++++++++++
meta/recipes-devtools/python/python_2.7.2.bb | 1 +
2 files changed, 26 insertions(+)
create mode 100644 meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch
diff --git a/meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch b/meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch
new file mode 100644
index 0000000..e317ebe
--- /dev/null
+++ b/meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch
@@ -0,0 +1,25 @@
+Reference:http://bugs.python.org/issue14579
+
+This is backport from http://bugs.python.org/file25367/
+utf16_error_handling-2.7.patch
+
+The utf-16 decoder in Python 3.1 through 3.3 does not update the
+aligned_end variable after calling the unicode_decode_call_errorhandler
+function, which allows remote attackers to obtain sensitive information
+(process memory) or cause a denial of service (memory corruption and crash)
+via unspecified vectors.
+
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
+Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
+diff -urpN a/Objects/unicodeobject.c b/Objects/unicodeobject.c
+--- a/Objects/unicodeobject.c 2012-11-12 16:25:33.000000000 +0800
++++ b/Objects/unicodeobject.c 2012-11-12 16:26:22.000000000 +0800
+@@ -2568,7 +2568,7 @@ PyUnicode_DecodeUTF16Stateful(const char
+ }
+
+ /* UTF-16 code pair: */
+- if (q >= e) {
++ if (e - q < 2) {
+ errmsg = "unexpected end of data";
+ startinpos = (((const char *)q)-2)-starts;
+ endinpos = ((const char *)e)-starts;
diff --git a/meta/recipes-devtools/python/python_2.7.2.bb b/meta/recipes-devtools/python/python_2.7.2.bb
index 2adb4e4..9dabfb7 100644
--- a/meta/recipes-devtools/python/python_2.7.2.bb
+++ b/meta/recipes-devtools/python/python_2.7.2.bb
@@ -24,6 +24,7 @@ SRC_URI += "\
file://setuptweaks.patch \
file://check-if-target-is-64b-not-host.patch \
file://search_db_h_in_inc_dirs_and_avoid_warning.patch \
+ file://python-2.7.2-CVE-2012-2135.patch \
"
S = "${WORKDIR}/Python-${PV}"
--
1.7.11
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH 1/1] Python: Fix for CVE-2012-2135
[not found] <3450>
2012-11-30 4:30 ` [PATCH 1/1] Python: Fix for CVE-2012-2135 yanjun.zhu
2012-11-30 10:47 ` yanjun.zhu
@ 2012-11-30 11:02 ` yanjun.zhu
2012-11-30 11:23 ` yanjun.zhu
` (2 subsequent siblings)
5 siblings, 0 replies; 12+ messages in thread
From: yanjun.zhu @ 2012-11-30 11:02 UTC (permalink / raw)
To: openembedded-core
From: "yanjun.zhu" <yanjun.zhu@windriver.com>
Reference:http://http://bugs.python.org/issue14579
The utf-16 decoder in Python 3.1 through 3.3 does not update the
aligned_end variable after calling the unicode_decode_call_errorhandler
function, which allows remote attackers to obtain sensitive information
(process memory) or cause a denial of service (memory corruption and crash)
via unspecified vectors.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
[YOCTO #3450]
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
---
.../python/python/python-2.7.2-CVE-2012-2135.patch | 24 ++++++++++++++++++++++
meta/recipes-devtools/python/python_2.7.2.bb | 1 +
2 files changed, 25 insertions(+)
create mode 100644 meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch
diff --git a/meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch b/meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch
new file mode 100644
index 0000000..ad118b0
--- /dev/null
+++ b/meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch
@@ -0,0 +1,24 @@
+Upstream-Status: Backport
+
+Reference:http://bugs.python.org/issue14579
+
+The utf-16 decoder in Python 3.1 through 3.3 does not update the
+aligned_end variable after calling the unicode_decode_call_errorhandler
+function, which allows remote attackers to obtain sensitive information
+(process memory) or cause a denial of service (memory corruption and crash)
+via unspecified vectors.
+
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
+Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
+diff -urpN a/Objects/unicodeobject.c b/Objects/unicodeobject.c
+--- a/Objects/unicodeobject.c 2012-11-12 16:25:33.000000000 +0800
++++ b/Objects/unicodeobject.c 2012-11-12 16:26:22.000000000 +0800
+@@ -2568,7 +2568,7 @@ PyUnicode_DecodeUTF16Stateful(const char
+ }
+
+ /* UTF-16 code pair: */
+- if (q >= e) {
++ if (e - q < 2) {
+ errmsg = "unexpected end of data";
+ startinpos = (((const char *)q)-2)-starts;
+ endinpos = ((const char *)e)-starts;
diff --git a/meta/recipes-devtools/python/python_2.7.2.bb b/meta/recipes-devtools/python/python_2.7.2.bb
index 2adb4e4..9dabfb7 100644
--- a/meta/recipes-devtools/python/python_2.7.2.bb
+++ b/meta/recipes-devtools/python/python_2.7.2.bb
@@ -24,6 +24,7 @@ SRC_URI += "\
file://setuptweaks.patch \
file://check-if-target-is-64b-not-host.patch \
file://search_db_h_in_inc_dirs_and_avoid_warning.patch \
+ file://python-2.7.2-CVE-2012-2135.patch \
"
S = "${WORKDIR}/Python-${PV}"
--
1.7.11
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH 1/1] Python: Fix for CVE-2012-2135
[not found] <3450>
` (2 preceding siblings ...)
2012-11-30 11:02 ` yanjun.zhu
@ 2012-11-30 11:23 ` yanjun.zhu
2012-11-30 11:29 ` yanjun.zhu
2013-03-04 4:35 ` [PATCH 1/1] Python: Fix for CVE-2012-2135 yanjun.zhu
5 siblings, 0 replies; 12+ messages in thread
From: yanjun.zhu @ 2012-11-30 11:23 UTC (permalink / raw)
To: openembedded-core
From: "yanjun.zhu" <yanjun.zhu@windriver.com>
Reference:http://http://bugs.python.org/issue14579
The utf-16 decoder in Python 3.1 through 3.3 does not update the
aligned_end variable after calling the unicode_decode_call_errorhandler
function, which allows remote attackers to obtain sensitive information
(process memory) or cause a denial of service (memory corruption and crash)
via unspecified vectors.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
[YOCTO #3450]
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
---
.../python/python/python-2.7.2-CVE-2012-2135.patch | 24 ++++++++++++++++++++++
meta/recipes-devtools/python/python_2.7.2.bb | 1 +
2 files changed, 25 insertions(+)
create mode 100644 meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch
diff --git a/meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch b/meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch
new file mode 100644
index 0000000..ad118b0
--- /dev/null
+++ b/meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch
@@ -0,0 +1,24 @@
+Upstream-Status: Backport
+
+Reference:http://bugs.python.org/issue14579
+
+The utf-16 decoder in Python 3.1 through 3.3 does not update the
+aligned_end variable after calling the unicode_decode_call_errorhandler
+function, which allows remote attackers to obtain sensitive information
+(process memory) or cause a denial of service (memory corruption and crash)
+via unspecified vectors.
+
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
+Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
+diff -urpN a/Objects/unicodeobject.c b/Objects/unicodeobject.c
+--- a/Objects/unicodeobject.c 2012-11-12 16:25:33.000000000 +0800
++++ b/Objects/unicodeobject.c 2012-11-12 16:26:22.000000000 +0800
+@@ -2568,7 +2568,7 @@ PyUnicode_DecodeUTF16Stateful(const char
+ }
+
+ /* UTF-16 code pair: */
+- if (q >= e) {
++ if (e - q < 2) {
+ errmsg = "unexpected end of data";
+ startinpos = (((const char *)q)-2)-starts;
+ endinpos = ((const char *)e)-starts;
diff --git a/meta/recipes-devtools/python/python_2.7.2.bb b/meta/recipes-devtools/python/python_2.7.2.bb
index 2adb4e4..9dabfb7 100644
--- a/meta/recipes-devtools/python/python_2.7.2.bb
+++ b/meta/recipes-devtools/python/python_2.7.2.bb
@@ -24,6 +24,7 @@ SRC_URI += "\
file://setuptweaks.patch \
file://check-if-target-is-64b-not-host.patch \
file://search_db_h_in_inc_dirs_and_avoid_warning.patch \
+ file://python-2.7.2-CVE-2012-2135.patch \
"
S = "${WORKDIR}/Python-${PV}"
--
1.7.11
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH 1/1] Python: Fix for CVE-2012-2135
[not found] <3450>
` (3 preceding siblings ...)
2012-11-30 11:23 ` yanjun.zhu
@ 2012-11-30 11:29 ` yanjun.zhu
2012-11-30 18:54 ` [PATCH 1/1] Python: Fix for CVE-2012-2135 (for denzil) Saul Wold
2013-03-04 4:35 ` [PATCH 1/1] Python: Fix for CVE-2012-2135 yanjun.zhu
5 siblings, 1 reply; 12+ messages in thread
From: yanjun.zhu @ 2012-11-30 11:29 UTC (permalink / raw)
To: openembedded-core
From: "yanjun.zhu" <yanjun.zhu@windriver.com>
Reference:http://bugs.python.org/issue14579
The utf-16 decoder in Python 3.1 through 3.3 does not update the
aligned_end variable after calling the unicode_decode_call_errorhandler
function, which allows remote attackers to obtain sensitive information
(process memory) or cause a denial of service (memory corruption and crash)
via unspecified vectors.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
[YOCTO #3450]
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
---
.../python/python/python-2.7.2-CVE-2012-2135.patch | 24 ++++++++++++++++++++++
meta/recipes-devtools/python/python_2.7.2.bb | 1 +
2 files changed, 25 insertions(+)
create mode 100644 meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch
diff --git a/meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch b/meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch
new file mode 100644
index 0000000..ad118b0
--- /dev/null
+++ b/meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch
@@ -0,0 +1,24 @@
+Upstream-Status: Backport
+
+Reference:http://bugs.python.org/issue14579
+
+The utf-16 decoder in Python 3.1 through 3.3 does not update the
+aligned_end variable after calling the unicode_decode_call_errorhandler
+function, which allows remote attackers to obtain sensitive information
+(process memory) or cause a denial of service (memory corruption and crash)
+via unspecified vectors.
+
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
+Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
+diff -urpN a/Objects/unicodeobject.c b/Objects/unicodeobject.c
+--- a/Objects/unicodeobject.c 2012-11-12 16:25:33.000000000 +0800
++++ b/Objects/unicodeobject.c 2012-11-12 16:26:22.000000000 +0800
+@@ -2568,7 +2568,7 @@ PyUnicode_DecodeUTF16Stateful(const char
+ }
+
+ /* UTF-16 code pair: */
+- if (q >= e) {
++ if (e - q < 2) {
+ errmsg = "unexpected end of data";
+ startinpos = (((const char *)q)-2)-starts;
+ endinpos = ((const char *)e)-starts;
diff --git a/meta/recipes-devtools/python/python_2.7.2.bb b/meta/recipes-devtools/python/python_2.7.2.bb
index 2adb4e4..9dabfb7 100644
--- a/meta/recipes-devtools/python/python_2.7.2.bb
+++ b/meta/recipes-devtools/python/python_2.7.2.bb
@@ -24,6 +24,7 @@ SRC_URI += "\
file://setuptweaks.patch \
file://check-if-target-is-64b-not-host.patch \
file://search_db_h_in_inc_dirs_and_avoid_warning.patch \
+ file://python-2.7.2-CVE-2012-2135.patch \
"
S = "${WORKDIR}/Python-${PV}"
--
1.7.11
^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH 1/1] Python: Fix for CVE-2012-2135 (for denzil)
2012-11-30 11:29 ` yanjun.zhu
@ 2012-11-30 18:54 ` Saul Wold
2012-11-30 23:21 ` Scott Garman
0 siblings, 1 reply; 12+ messages in thread
From: Saul Wold @ 2012-11-30 18:54 UTC (permalink / raw)
To: yanjun.zhu; +Cc: openembedded-core
On 11/30/2012 03:29 AM, yanjun.zhu wrote:
> From: "yanjun.zhu" <yanjun.zhu@windriver.com>
>
> Reference:http://bugs.python.org/issue14579
>
> The utf-16 decoder in Python 3.1 through 3.3 does not update the
> aligned_end variable after calling the unicode_decode_call_errorhandler
> function, which allows remote attackers to obtain sensitive information
> (process memory) or cause a denial of service (memory corruption and crash)
> via unspecified vectors.
>
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
>
> [YOCTO #3450]
>
Is this for Denzil or is there a 2.7.3 patch for this CVE? Both Danny
(1.3) and master are using Python 2.7.3, which does not seem to have
this CVE fixed yet.
Please rebase this for master.
Sau!
> Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
> ---
> .../python/python/python-2.7.2-CVE-2012-2135.patch | 24 ++++++++++++++++++++++
> meta/recipes-devtools/python/python_2.7.2.bb | 1 +
> 2 files changed, 25 insertions(+)
> create mode 100644 meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch
>
> diff --git a/meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch b/meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch
> new file mode 100644
> index 0000000..ad118b0
> --- /dev/null
> +++ b/meta/recipes-devtools/python/python/python-2.7.2-CVE-2012-2135.patch
> @@ -0,0 +1,24 @@
> +Upstream-Status: Backport
> +
> +Reference:http://bugs.python.org/issue14579
> +
> +The utf-16 decoder in Python 3.1 through 3.3 does not update the
> +aligned_end variable after calling the unicode_decode_call_errorhandler
> +function, which allows remote attackers to obtain sensitive information
> +(process memory) or cause a denial of service (memory corruption and crash)
> +via unspecified vectors.
> +
> +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
> +Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
> +diff -urpN a/Objects/unicodeobject.c b/Objects/unicodeobject.c
> +--- a/Objects/unicodeobject.c 2012-11-12 16:25:33.000000000 +0800
> ++++ b/Objects/unicodeobject.c 2012-11-12 16:26:22.000000000 +0800
> +@@ -2568,7 +2568,7 @@ PyUnicode_DecodeUTF16Stateful(const char
> + }
> +
> + /* UTF-16 code pair: */
> +- if (q >= e) {
> ++ if (e - q < 2) {
> + errmsg = "unexpected end of data";
> + startinpos = (((const char *)q)-2)-starts;
> + endinpos = ((const char *)e)-starts;
> diff --git a/meta/recipes-devtools/python/python_2.7.2.bb b/meta/recipes-devtools/python/python_2.7.2.bb
> index 2adb4e4..9dabfb7 100644
> --- a/meta/recipes-devtools/python/python_2.7.2.bb
> +++ b/meta/recipes-devtools/python/python_2.7.2.bb
> @@ -24,6 +24,7 @@ SRC_URI += "\
> file://setuptweaks.patch \
> file://check-if-target-is-64b-not-host.patch \
> file://search_db_h_in_inc_dirs_and_avoid_warning.patch \
> + file://python-2.7.2-CVE-2012-2135.patch \
> "
>
> S = "${WORKDIR}/Python-${PV}"
>
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 1/1] Python: Fix for CVE-2012-2135 (for denzil)
2012-11-30 18:54 ` [PATCH 1/1] Python: Fix for CVE-2012-2135 (for denzil) Saul Wold
@ 2012-11-30 23:21 ` Scott Garman
0 siblings, 0 replies; 12+ messages in thread
From: Scott Garman @ 2012-11-30 23:21 UTC (permalink / raw)
To: openembedded-core
On 11/30/2012 10:54 AM, Saul Wold wrote:
> On 11/30/2012 03:29 AM, yanjun.zhu wrote:
>> From: "yanjun.zhu" <yanjun.zhu@windriver.com>
>>
>> Reference:http://bugs.python.org/issue14579
>>
>> The utf-16 decoder in Python 3.1 through 3.3 does not update the
>> aligned_end variable after calling the unicode_decode_call_errorhandler
>> function, which allows remote attackers to obtain sensitive information
>> (process memory) or cause a denial of service (memory corruption and
>> crash)
>> via unspecified vectors.
>>
>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
>>
>> [YOCTO #3450]
>>
> Is this for Denzil or is there a 2.7.3 patch for this CVE? Both Danny
> (1.3) and master are using Python 2.7.3, which does not seem to have
> this CVE fixed yet.
The CVE link above states that the vulnerability exists only in python
v3.1 - 3.3. That would suggest it would not apply to denzil at all.
I'm thrilled to see more security fixes rolling in, but I'm not sure
what's going on if they do not apply to the versions of upstream
software we're shipping.
Scott
--
Scott Garman
Embedded Linux Engineer - Yocto Project
Intel Open Source Technology Center
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 1/1] Python: Fix for CVE-2012-2135
2012-11-30 4:30 ` [PATCH 1/1] Python: Fix for CVE-2012-2135 yanjun.zhu
2012-11-30 8:05 ` Saul Wold
@ 2012-12-06 13:01 ` Burton, Ross
2012-12-07 1:45 ` yzhu1
1 sibling, 1 reply; 12+ messages in thread
From: Burton, Ross @ 2012-12-06 13:01 UTC (permalink / raw)
To: yanjun.zhu; +Cc: openembedded-core
On 30 November 2012 04:30, yanjun.zhu <yanjun.zhu@windriver.com> wrote:
> The utf-16 decoder in Python 3.1 through 3.3 does not update the
> aligned_end variable after calling the unicode_decode_call_errorhandler
> function, which allows remote attackers to obtain sensitive information
> (process memory) or cause a denial of service (memory corruption and crash)
> via unspecified vectors.
The source for the vulnurability says Python 3.1 to 3.3, but you're
patching 2.7. Is the source not considering the Python 2 releases, or
is 2.7 safe from the exploit?
Ross
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 1/1] Python: Fix for CVE-2012-2135
2012-12-06 13:01 ` Burton, Ross
@ 2012-12-07 1:45 ` yzhu1
0 siblings, 0 replies; 12+ messages in thread
From: yzhu1 @ 2012-12-07 1:45 UTC (permalink / raw)
To: Burton, Ross; +Cc: openembedded-core
On 12/06/2012 09:01 PM, Burton, Ross wrote:
> On 30 November 2012 04:30, yanjun.zhu <yanjun.zhu@windriver.com> wrote:
>> The utf-16 decoder in Python 3.1 through 3.3 does not update the
>> aligned_end variable after calling the unicode_decode_call_errorhandler
>> function, which allows remote attackers to obtain sensitive information
>> (process memory) or cause a denial of service (memory corruption and crash)
>> via unspecified vectors.
> The source for the vulnurability says Python 3.1 to 3.3, but you're
> patching 2.7. Is the source not considering the Python 2 releases, or
> is 2.7 safe from the exploit?
>
> Ross
I exploit it in Python 2.7. This CVE will affect Python2.7.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [PATCH 1/1] Python: Fix for CVE-2012-2135
[not found] <3450>
` (4 preceding siblings ...)
2012-11-30 11:29 ` yanjun.zhu
@ 2013-03-04 4:35 ` yanjun.zhu
2013-03-04 10:46 ` Burton, Ross
5 siblings, 1 reply; 12+ messages in thread
From: yanjun.zhu @ 2013-03-04 4:35 UTC (permalink / raw)
To: openembedded-core
From: "yanjun.zhu" <yanjun.zhu@windriver.com>
Reference:http://bugs.python.org/issue14579
The utf-16 decoder in Python 3.1 through 3.3 does not update the
aligned_end variable after calling the unicode_decode_call_errorhandler
function, which allows remote attackers to obtain sensitive information
(process memory) or cause a denial of service (memory corruption and crash)
via unspecified vectors.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
[YOCTO #3450]
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
---
.../python/python/python-2.7.3-CVE-2012-2135.patch | 73 ++++++++++++++++++++++
meta/recipes-devtools/python/python_2.7.3.bb | 3 +-
2 files changed, 75 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-devtools/python/python/python-2.7.3-CVE-2012-2135.patch
diff --git a/meta/recipes-devtools/python/python/python-2.7.3-CVE-2012-2135.patch b/meta/recipes-devtools/python/python/python-2.7.3-CVE-2012-2135.patch
new file mode 100644
index 0000000..3afdbc0
--- /dev/null
+++ b/meta/recipes-devtools/python/python/python-2.7.3-CVE-2012-2135.patch
@@ -0,0 +1,73 @@
+Upstream-Status: Backport
+
+Reference:http://bugs.python.org/issue14579
+
+The utf-16 decoder in Python 3.1 through 3.3 does not update the
+aligned_end variable after calling the unicode_decode_call_errorhandler
+function, which allows remote attackers to obtain sensitive information
+(process memory) or cause a denial of service (memory corruption and crash)
+via unspecified vectors.
+
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
+
+diff -urpN a/Lib/test/test_codecs.py b/Lib/test/test_codecs.py
+--- a/Lib/test/test_codecs.py
++++ b/Lib/test/test_codecs.py
+@@ -495,8 +495,21 @@ class UTF16LETest(ReadTest):
+ )
+
+ def test_errors(self):
+- self.assertRaises(UnicodeDecodeError, codecs.utf_16_le_decode, "\xff", "strict", True)
+-
++ tests = [
++ (b'\xff', u'\ufffd'),
++ (b'A\x00Z', u'A\ufffd'),
++ (b'A\x00B\x00C\x00D\x00Z', u'ABCD\ufffd'),
++ (b'\x00\xd8', u'\ufffd'),
++ (b'\x00\xd8A', u'\ufffd'),
++ (b'\x00\xd8A\x00', u'\ufffdA'),
++ (b'\x00\xdcA\x00', u'\ufffdA'),
++ ]
++ for raw, expected in tests:
++ print('*****', raw, expected)
++ self.assertRaises(UnicodeDecodeError, codecs.utf_16_le_decode,
++ raw, 'strict', True)
++ self.assertEqual(raw.decode('utf-16le', 'replace'), expected)
++
+ class UTF16BETest(ReadTest):
+ encoding = "utf-16-be"
+
+@@ -516,7 +529,20 @@ class UTF16BETest(ReadTest):
+ )
+
+ def test_errors(self):
+- self.assertRaises(UnicodeDecodeError, codecs.utf_16_be_decode, "\xff", "strict", True)
++ tests = [
++ (b'\xff', u'\ufffd'),
++ (b'\x00A\xff', u'A\ufffd'),
++ (b'\x00A\x00B\x00C\x00DZ', u'ABCD\ufffd'),
++ (b'\xd8\x00', u'\ufffd'),
++ (b'\xd8\x00\xdc', u'\ufffd'),
++ (b'\xd8\x00\x00A', u'\ufffdA'),
++ (b'\xdc\x00\x00A', u'\ufffdA'),
++ ]
++ for raw, expected in tests:
++ print('*****', raw, expected)
++ self.assertRaises(UnicodeDecodeError, codecs.utf_16_be_decode,
++ raw, 'strict', True)
++ self.assertEqual(raw.decode('utf-16be', 'replace'), expected)
+
+ class UTF8Test(ReadTest):
+ encoding = "utf-8"
+diff -urpN a/Objects/unicodeobject.c b/Objects/unicodeobject.c
+--- a/Objects/unicodeobject.c 2013-03-04 11:34:34.000000000 +0800
++++ b/Objects/unicodeobject.c 2013-03-04 11:36:01.000000000 +0800
+@@ -2564,7 +2564,7 @@ PyUnicode_DecodeUTF16Stateful(const char
+ }
+
+ /* UTF-16 code pair: */
+- if (q >= e) {
++ if (e - q < 2) {
+ errmsg = "unexpected end of data";
+ startinpos = (((const char *)q)-2)-starts;
+ endinpos = ((const char *)e)-starts;
diff --git a/meta/recipes-devtools/python/python_2.7.3.bb b/meta/recipes-devtools/python/python_2.7.3.bb
index f0d5c90..c181933 100644
--- a/meta/recipes-devtools/python/python_2.7.3.bb
+++ b/meta/recipes-devtools/python/python_2.7.3.bb
@@ -1,6 +1,6 @@
require python.inc
DEPENDS = "python-native bzip2 db gdbm openssl readline sqlite3 zlib"
-PR = "${INC_PR}.2"
+PR = "${INC_PR}.3"
DISTRO_SRC_URI ?= "file://sitecustomize.py"
DISTRO_SRC_URI_linuxstdbase = ""
@@ -28,6 +28,7 @@ SRC_URI += "\
file://python-2.7.3-berkeley-db-5.3.patch \
file://python-2.7.3-remove-bsdb-rpath.patch \
file://builddir.patch \
+ file://python-2.7.3-CVE-2012-2135.patch \
"
S = "${WORKDIR}/Python-${PV}"
--
1.7.11
^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH 1/1] Python: Fix for CVE-2012-2135
2013-03-04 4:35 ` [PATCH 1/1] Python: Fix for CVE-2012-2135 yanjun.zhu
@ 2013-03-04 10:46 ` Burton, Ross
0 siblings, 0 replies; 12+ messages in thread
From: Burton, Ross @ 2013-03-04 10:46 UTC (permalink / raw)
To: yanjun.zhu; +Cc: openembedded-core
On 4 March 2013 04:35, yanjun.zhu <yanjun.zhu@windriver.com> wrote:
> From: "yanjun.zhu" <yanjun.zhu@windriver.com>
>
> Reference:http://bugs.python.org/issue14579
>
> The utf-16 decoder in Python 3.1 through 3.3 does not update the
> aligned_end variable after calling the unicode_decode_call_errorhandler
> function, which allows remote attackers to obtain sensitive information
> (process memory) or cause a denial of service (memory corruption and crash)
> via unspecified vectors.
You really should reword this commit message so that it doesn't appear
to be inappropriate - this bug does apply to 2.7 but it's not a
security issue.
Ross
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2013-03-04 11:03 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <3450>
2012-11-30 4:30 ` [PATCH 1/1] Python: Fix for CVE-2012-2135 yanjun.zhu
2012-11-30 8:05 ` Saul Wold
2012-12-06 13:01 ` Burton, Ross
2012-12-07 1:45 ` yzhu1
2012-11-30 10:47 ` yanjun.zhu
2012-11-30 11:02 ` yanjun.zhu
2012-11-30 11:23 ` yanjun.zhu
2012-11-30 11:29 ` yanjun.zhu
2012-11-30 18:54 ` [PATCH 1/1] Python: Fix for CVE-2012-2135 (for denzil) Saul Wold
2012-11-30 23:21 ` Scott Garman
2013-03-04 4:35 ` [PATCH 1/1] Python: Fix for CVE-2012-2135 yanjun.zhu
2013-03-04 10:46 ` Burton, Ross
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox